def setUp(self):
super(AppArmorRoleTest, self).setUp()
self.role = AppArmorRole(prov=None, context={'cleanup': []})
class AppArmorRoleTest(ProvyTestCase):
def setUp(self):
super(AppArmorRoleTest, self).setUp()
self.role = AppArmorRole(prov=None, context={'cleanup': []})
@istest
def installs_necessary_packages_to_provision(self):
with self.using_stub(AptitudeRole) as aptitude, self.execute_mock():
self.role.provision()
aptitude.ensure_package_installed.assert_any_call(
'apparmor-profiles')
aptitude.ensure_package_installed.assert_any_call('apparmor-utils')
@istest
def disables_executables(self):
with self.execute_mock() as execute:
self.role.disable('/some/bin1', '/some/bin2')
execute.assert_called_with('aa-disable /some/bin1 /some/bin2',
stdout=False,
sudo=True)
@istest
def puts_executables_to_complain_mode(self):
with self.execute_mock() as execute:
self.role.complain('/some/bin1', '/some/bin2')
execute.assert_called_with('aa-complain /some/bin1 /some/bin2',
stdout=False,
sudo=True)
@istest
def puts_executables_to_enforce_mode(self):
with self.execute_mock() as execute:
self.role.enforce('/some/bin1', '/some/bin2')
execute.assert_called_with('aa-enforce /some/bin1 /some/bin2',
stdout=False,
sudo=True)
@istest
def puts_executables_to_audit_mode(self):
with self.execute_mock() as execute:
self.role.audit('/some/bin1', '/some/bin2')
execute.assert_called_with('aa-audit /some/bin1 /some/bin2',
stdout=False,
sudo=True)
@istest
def creates_a_profile_for_an_executable(self):
with self.execute_mock() as execute:
self.role.create('/some/bin')
execute.assert_called_with('aa-easyprof /some/bin',
stdout=False,
sudo=True)
@istest
def creates_a_profile_with_another_template(self):
with self.execute_mock() as execute:
self.role.create('/some/bin', template='another-template')
execute.assert_called_with(
'aa-easyprof -t another-template /some/bin',
stdout=False,
sudo=True)
@istest
def creates_a_profile_with_policy_groups(self):
with self.execute_mock() as execute:
self.role.create('/some/bin',
policy_groups=['networking', 'user-application'])
execute.assert_called_with(
'aa-easyprof -p networking,user-application /some/bin',
stdout=False,
sudo=True)
@istest
def creates_a_profile_with_abstractions(self):
with self.execute_mock() as execute:
self.role.create('/some/bin',
abstractions=['python', 'apache2-common'])
execute.assert_called_with(
'aa-easyprof -a python,apache2-common /some/bin',
stdout=False,
sudo=True)
@istest
def creates_a_profile_with_read_permissions(self):
with self.execute_mock() as execute:
self.role.create('/some/bin',
read=['/var/log/somebin.log', '/srv/somebin/'])
execute.assert_called_with(
'aa-easyprof -r /var/log/somebin.log -r /srv/somebin/ /some/bin',
stdout=False,
sudo=True)
@istest
def creates_a_profile_with_read_and_write_permissions(self):
with self.execute_mock() as execute:
self.role.create(
'/some/bin',
read_and_write=['/var/log/somebin.log', '/srv/somebin/'])
execute.assert_called_with(
'aa-easyprof -w /var/log/somebin.log -w /srv/somebin/ /some/bin',
stdout=False,
sudo=True)
def setUp(self):
self.role = AppArmorRole(prov=None, context={'cleanup': []})
class AppArmorRoleTest(ProvyTestCase):
def setUp(self):
self.role = AppArmorRole(prov=None, context={'cleanup': []})
@istest
def installs_necessary_packages_to_provision(self):
with self.using_stub(AptitudeRole) as aptitude, self.execute_mock():
self.role.provision()
aptitude.ensure_package_installed.assert_any_call('apparmor-profiles')
aptitude.ensure_package_installed.assert_any_call('apparmor-utils')
@istest
def disables_executables(self):
with self.execute_mock() as execute:
self.role.disable('/some/bin1', '/some/bin2')
execute.assert_called_with('aa-disable /some/bin1 /some/bin2', stdout=False, sudo=True)
@istest
def puts_executables_to_complain_mode(self):
with self.execute_mock() as execute:
self.role.complain('/some/bin1', '/some/bin2')
execute.assert_called_with('aa-complain /some/bin1 /some/bin2', stdout=False, sudo=True)
@istest
def puts_executables_to_enforce_mode(self):
with self.execute_mock() as execute:
self.role.enforce('/some/bin1', '/some/bin2')
execute.assert_called_with('aa-enforce /some/bin1 /some/bin2', stdout=False, sudo=True)
@istest
def puts_executables_to_audit_mode(self):
with self.execute_mock() as execute:
self.role.audit('/some/bin1', '/some/bin2')
execute.assert_called_with('aa-audit /some/bin1 /some/bin2', stdout=False, sudo=True)
@istest
def creates_a_profile_for_an_executable(self):
with self.execute_mock() as execute:
self.role.create('/some/bin')
execute.assert_called_with('aa-easyprof /some/bin', stdout=False, sudo=True)
@istest
def creates_a_profile_with_another_template(self):
with self.execute_mock() as execute:
self.role.create('/some/bin', template='another-template')
execute.assert_called_with('aa-easyprof -t another-template /some/bin', stdout=False, sudo=True)
@istest
def creates_a_profile_with_policy_groups(self):
with self.execute_mock() as execute:
self.role.create('/some/bin', policy_groups=['networking', 'user-application'])
execute.assert_called_with('aa-easyprof -p networking,user-application /some/bin', stdout=False, sudo=True)
@istest
def creates_a_profile_with_abstractions(self):
with self.execute_mock() as execute:
self.role.create('/some/bin', abstractions=['python', 'apache2-common'])
execute.assert_called_with('aa-easyprof -a python,apache2-common /some/bin', stdout=False, sudo=True)
@istest
def creates_a_profile_with_read_permissions(self):
with self.execute_mock() as execute:
self.role.create('/some/bin', read=['/var/log/somebin.log', '/srv/somebin/'])
execute.assert_called_with('aa-easyprof -r /var/log/somebin.log -r /srv/somebin/ /some/bin', stdout=False, sudo=True)
@istest
def creates_a_profile_with_read_and_write_permissions(self):
with self.execute_mock() as execute:
self.role.create('/some/bin', read_and_write=['/var/log/somebin.log', '/srv/somebin/'])
execute.assert_called_with('aa-easyprof -w /var/log/somebin.log -w /srv/somebin/ /some/bin', stdout=False, sudo=True)
def setUp(self):
super(AppArmorRoleTest, self).setUp()
self.role = AppArmorRole(prov=None, context={"cleanup": []})
class AppArmorRoleTest(ProvyTestCase):
def setUp(self):
super(AppArmorRoleTest, self).setUp()
self.role = AppArmorRole(prov=None, context={"cleanup": []})
@istest
def installs_necessary_packages_to_provision(self):
with self.using_stub(AptitudeRole) as aptitude, self.execute_mock():
self.role.provision()
aptitude.ensure_package_installed.assert_any_call("apparmor-profiles")
aptitude.ensure_package_installed.assert_any_call("apparmor-utils")
@istest
def disables_executables(self):
with self.execute_mock() as execute:
self.role.disable("/some/bin1", "/some/bin2")
execute.assert_called_with("aa-disable /some/bin1 /some/bin2", stdout=False, sudo=True)
@istest
def puts_executables_to_complain_mode(self):
with self.execute_mock() as execute:
self.role.complain("/some/bin1", "/some/bin2")
execute.assert_called_with("aa-complain /some/bin1 /some/bin2", stdout=False, sudo=True)
@istest
def puts_executables_to_enforce_mode(self):
with self.execute_mock() as execute:
self.role.enforce("/some/bin1", "/some/bin2")
execute.assert_called_with("aa-enforce /some/bin1 /some/bin2", stdout=False, sudo=True)
@istest
def puts_executables_to_audit_mode(self):
with self.execute_mock() as execute:
self.role.audit("/some/bin1", "/some/bin2")
execute.assert_called_with("aa-audit /some/bin1 /some/bin2", stdout=False, sudo=True)
@istest
def creates_a_profile_for_an_executable(self):
with self.execute_mock() as execute:
self.role.create("/some/bin")
execute.assert_called_with("aa-easyprof /some/bin", stdout=False, sudo=True)
@istest
def creates_a_profile_with_another_template(self):
with self.execute_mock() as execute:
self.role.create("/some/bin", template="another-template")
execute.assert_called_with("aa-easyprof -t another-template /some/bin", stdout=False, sudo=True)
@istest
def creates_a_profile_with_policy_groups(self):
with self.execute_mock() as execute:
self.role.create("/some/bin", policy_groups=["networking", "user-application"])
execute.assert_called_with("aa-easyprof -p networking,user-application /some/bin", stdout=False, sudo=True)
@istest
def creates_a_profile_with_abstractions(self):
with self.execute_mock() as execute:
self.role.create("/some/bin", abstractions=["python", "apache2-common"])
execute.assert_called_with("aa-easyprof -a python,apache2-common /some/bin", stdout=False, sudo=True)
@istest
def creates_a_profile_with_read_permissions(self):
with self.execute_mock() as execute:
self.role.create("/some/bin", read=["/var/log/somebin.log", "/srv/somebin/"])
execute.assert_called_with(
"aa-easyprof -r /var/log/somebin.log -r /srv/somebin/ /some/bin", stdout=False, sudo=True
)
@istest
def creates_a_profile_with_read_and_write_permissions(self):
with self.execute_mock() as execute:
self.role.create("/some/bin", read_and_write=["/var/log/somebin.log", "/srv/somebin/"])
execute.assert_called_with(
"aa-easyprof -w /var/log/somebin.log -w /srv/somebin/ /some/bin", stdout=False, sudo=True
)
