def test_remove_user_not_exists(self):
rah = RemoteAccessHandler()
rah.os_util = MockOSUtil()
user = "******"
error = "Failed to delete user {0}\n" \
"Inner error: test exception, user does not exist to delete".format(user)
self.assertRaisesRegex(RemoteAccessError, error, rah.remove_user, user)
def test_add_user_already_existing(self, _):
rah = RemoteAccessHandler(Mock())
rah.os_util = MockOSUtil()
tstpassword = "******"
tstuser = "******"
expiration_date = datetime.utcnow() + timedelta(days=1)
pwd = tstpassword
rah.add_user(tstuser, pwd, expiration_date)
users = get_user_dictionary(rah.os_util.get_users())
self.assertTrue(tstuser in users,
"{0} missing from users".format(tstuser))
self.assertEqual(1, len(users.keys()))
actual_user = users[tstuser]
self.assertEqual(actual_user[7],
(expiration_date +
timedelta(days=1)).strftime("%Y-%m-%d"))
# add the new duplicate user, ensure it's not created and does not overwrite the existing user.
# this does not test the user add function as that's mocked, it tests processing skips the remaining
# calls after the initial failure
new_user_expiration = datetime.utcnow() + timedelta(days=5)
self.assertRaises(RemoteAccessError, rah.add_user, tstuser, pwd,
new_user_expiration)
# refresh users
users = get_user_dictionary(rah.os_util.get_users())
self.assertTrue(
tstuser in users,
"{0} missing from users after dup user attempted".format(tstuser))
self.assertEqual(1, len(users.keys()))
actual_user = users[tstuser]
self.assertEqual(actual_user[7],
(expiration_date +
timedelta(days=1)).strftime("%Y-%m-%d"))
def test_remove_user_not_exists(self):
rah = RemoteAccessHandler(Mock())
rah.os_util = MockOSUtil()
user = "******"
error = "Failed to delete user {0}\n" \
"Inner error: test exception, user does not exist to delete".format(user)
self.assertRaisesRegex(RemoteAccessError, error, rah.remove_user, user)
def test_remote_access_handler_should_retrieve_users_when_it_is_invoked_the_first_time(self):
mock_os_util = MagicMock()
with patch("azurelinuxagent.ga.remoteaccess.get_osutil", return_value=mock_os_util):
with mock_wire_protocol(DATA_FILE) as mock_protocol:
rah = RemoteAccessHandler(mock_protocol)
rah.run()
self.assertTrue(len(mock_os_util.get_users.call_args_list) == 1, "The first invocation of remote access should have retrieved the current users")
def test_remote_access_handler_should_retrieve_users_when_goal_state_contains_jit_users(self):
mock_os_util = MagicMock()
with patch("azurelinuxagent.ga.remoteaccess.get_osutil", return_value=mock_os_util):
with mock_wire_protocol(DATA_FILE_REMOTE_ACCESS) as mock_protocol:
rah = RemoteAccessHandler(mock_protocol)
rah.run()
self.assertTrue(len(mock_os_util.get_users.call_args_list) > 0, "A goal state with jit users did not retrieve the current users")
def test_handle_remote_access_validate_jit_user_invalid(self):
rah = RemoteAccessHandler()
test_users = ["John Doe", None, "", " "]
failed_results = ""
for user in test_users:
if rah.validate_jit_user(user):
failed_results += "incorrectly identified '{0} as a JIT_Account'. ".format(user)
if len(failed_results) > 0:
self.fail(failed_results)
def test_handle_remote_access_validate_jit_user_invalid(self):
rah = RemoteAccessHandler(Mock())
test_users = ["John Doe", None, "", " "]
failed_results = ""
for user in test_users:
if rah._is_jit_user(user): # pylint: disable=protected-access
failed_results += "incorrectly identified '{0} as a JIT_Account'. ".format(user)
if len(failed_results) > 0: # pylint: disable=len-as-condition
self.fail(failed_results)
def test_handle_remote_access_no_users(self):
with patch("azurelinuxagent.ga.remoteaccess.get_osutil", return_value=MockOSUtil()):
rah = RemoteAccessHandler(Mock())
data_str = load_data('wire/remote_access_no_accounts.xml')
remote_access = RemoteAccess(data_str)
rah._remote_access = remote_access # pylint: disable=protected-access
rah._handle_remote_access() # pylint: disable=protected-access
users = get_user_dictionary(rah._os_util.get_users()) # pylint: disable=protected-access
self.assertEqual(0, len(users.keys()))
def test_handle_remote_access_no_users(self):
rah = RemoteAccessHandler()
rah.os_util = MockOSUtil()
data_str = load_data('wire/remote_access_no_accounts.xml')
remote_access = RemoteAccess(data_str)
rah.remote_access = remote_access
rah.handle_remote_access()
users = get_user_dictionary(rah.os_util.get_users())
self.assertEqual(0, len(users.keys()))
def test_handle_remote_access_validate_jit_user_invalid(self):
rah = RemoteAccessHandler()
test_users = ["John Doe", None, "", " "]
failed_results = ""
for user in test_users:
if rah.validate_jit_user(user):
failed_results += "incorrectly identified '{0} as a JIT_Account'. ".format(user)
if len(failed_results) > 0:
self.fail(failed_results)
def test_handle_failed_create_with_bad_data(self):
mock_os_util = MockOSUtil()
testusr = "******"
mock_os_util.all_users[testusr] = (testusr, None, None, None, None, None, None, None)
rah = RemoteAccessHandler()
rah.os_util = mock_os_util
self.assertRaises(RemoteAccessError, rah.handle_failed_create, "")
users = get_user_dictionary(rah.os_util.get_users())
self.assertEqual(1, len(users.keys()))
self.assertTrue(testusr in users, "Expected user {0} missing".format(testusr))
def test_handle_failed_create_with_bad_data(self):
mock_os_util = MockOSUtil()
testusr = "******"
mock_os_util.all_users[testusr] = (testusr, None, None, None, None, None, None, None)
rah = RemoteAccessHandler()
rah.os_util = mock_os_util
self.assertRaises(RemoteAccessError, rah.handle_failed_create, "")
users = get_user_dictionary(rah.os_util.get_users())
self.assertEqual(1, len(users.keys()))
self.assertTrue(testusr in users, "Expected user {0} missing".format(testusr))
def test_remote_access_handler_run_error(self, _1, _2):
rah = RemoteAccessHandler()
rah.os_util = MockOSUtil()
rah.run()
print(TestRemoteAccessHandler.eventing_data)
check_message = "foobar!"
self.assertTrue(check_message in TestRemoteAccessHandler.eventing_data[4],
"expected message {0} not found in {1}"
.format(check_message, TestRemoteAccessHandler.eventing_data[4]))
self.assertEqual(False, TestRemoteAccessHandler.eventing_data[2], "is_success is true")
def test_remote_access_handler_run_error(self, _1, _2):
rah = RemoteAccessHandler()
rah.os_util = MockOSUtil()
rah.run()
print(TestRemoteAccessHandler.eventing_data)
check_message = "foobar!"
self.assertTrue(check_message in TestRemoteAccessHandler.eventing_data[4],
"expected message {0} not found in {1}"
.format(check_message, TestRemoteAccessHandler.eventing_data[4]))
self.assertEqual(False, TestRemoteAccessHandler.eventing_data[2], "is_success is true")
def test_do_not_add_expired_user(self):
with patch("azurelinuxagent.ga.remoteaccess.get_osutil", return_value=MockOSUtil()):
rah = RemoteAccessHandler(Mock())
data_str = load_data('wire/remote_access_single_account.xml')
remote_access = RemoteAccess(data_str)
expiration = (datetime.utcnow() - timedelta(days=2)).strftime("%a, %d %b %Y %H:%M:%S ") + "UTC"
remote_access.user_list.users[0].expiration = expiration
rah._remote_access = remote_access # pylint: disable=protected-access
rah._handle_remote_access() # pylint: disable=protected-access
users = get_user_dictionary(rah._os_util.get_users()) # pylint: disable=protected-access
self.assertFalse("testAccount" in users)
def test_do_not_add_expired_user(self):
rah = RemoteAccessHandler()
rah.os_util = MockOSUtil()
data_str = load_data('wire/remote_access_single_account.xml')
remote_access = RemoteAccess(data_str)
expiration = (datetime.utcnow() - timedelta(days=2)).strftime("%a, %d %b %Y %H:%M:%S ") + "UTC"
remote_access.user_list.users[0].expiration = expiration
rah.remote_access = remote_access
rah.handle_remote_access()
users = get_user_dictionary(rah.os_util.get_users())
self.assertFalse("testAccount" in users)
def test_add_user_bad_creation_data(self, _1, _2, _3):
rah = RemoteAccessHandler()
rah.os_util = MockOSUtil()
tstpassword = "******"
tstuser = ""
expiration = datetime.utcnow() + timedelta(days=1)
pwd = tstpassword
error = "Error adding user {0}. test exception for bad username".format(tstuser)
self.assertRaisesRegex(RemoteAccessError, error, rah.add_user, tstuser, pwd, expiration)
self.assertEqual(0, len(rah.os_util.get_users()))
self.assertEqual(0, len(error_messages))
self.assertEqual(0, len(info_messages))
def test_add_user_bad_creation_data(self, _1, _2, _3):
rah = RemoteAccessHandler()
rah.os_util = MockOSUtil()
tstpassword = "******"
tstuser = ""
expiration = datetime.utcnow() + timedelta(days=1)
pwd = tstpassword
error = "Error adding user {0}. test exception for bad username".format(tstuser)
self.assertRaisesRegex(RemoteAccessError, error, rah.add_user, tstuser, pwd, expiration)
self.assertEqual(0, len(rah.os_util.get_users()))
self.assertEqual(0, len(error_messages))
self.assertEqual(0, len(info_messages))
def test_add_user_bad_password_data(self, _1, _2, _3):
rah = RemoteAccessHandler()
rah.os_util = MockOSUtil()
tstpassword = ""
tstuser = "******"
expiration = datetime.utcnow() + timedelta(days=1)
pwd = tstpassword
error = "Error adding user {0} cleanup successful\nInner error: test exception for bad password".format(tstuser)
self.assertRaisesRegex(RemoteAccessError, error, rah.add_user, tstuser, pwd, expiration)
self.assertEqual(0, len(rah.os_util.get_users()))
self.assertEqual(0, len(error_messages))
self.assertEqual(1, len(info_messages))
self.assertEqual("User deleted {0}".format(tstuser), info_messages[0])
def test_remote_access_handler_run_error(self, _):
with patch("azurelinuxagent.ga.remoteaccess.get_osutil", return_value=MockOSUtil()):
mock_protocol = WireProtocol("foo.bar")
mock_protocol.get_incarnation = MagicMock(side_effect=Exception("foobar!"))
rah = RemoteAccessHandler(mock_protocol)
rah.run()
print(TestRemoteAccessHandler.eventing_data)
check_message = "foobar!"
self.assertTrue(check_message in TestRemoteAccessHandler.eventing_data[4],
"expected message {0} not found in {1}"
.format(check_message, TestRemoteAccessHandler.eventing_data[4]))
self.assertEqual(False, TestRemoteAccessHandler.eventing_data[2], "is_success is true")
def test_add_user_bad_password_data(self, _1, _2, _3):
rah = RemoteAccessHandler()
rah.os_util = MockOSUtil()
tstpassword = ""
tstuser = "******"
expiration = datetime.utcnow() + timedelta(days=1)
pwd = tstpassword
error = "Error adding user {0} cleanup successful\nInner error: test exception for bad password".format(tstuser)
self.assertRaisesRegex(RemoteAccessError, error, rah.add_user, tstuser, pwd, expiration)
self.assertEqual(0, len(rah.os_util.get_users()))
self.assertEqual(0, len(error_messages))
self.assertEqual(1, len(info_messages))
self.assertEqual("User deleted {0}".format(tstuser), info_messages[0])
def test_handle_remote_access_deleted_user_readded(self, _):
rah = RemoteAccessHandler(Mock())
rah.os_util = MockOSUtil()
data_str = load_data('wire/remote_access_single_account.xml')
remote_access = RemoteAccess(data_str)
tstuser = remote_access.user_list.users[0].name
expiration_date = datetime.utcnow() + timedelta(days=1)
expiration = expiration_date.strftime("%a, %d %b %Y %H:%M:%S ") + "UTC"
remote_access.user_list.users[0].expiration = expiration
rah.remote_access = remote_access
rah.handle_remote_access()
users = get_user_dictionary(rah.os_util.get_users())
self.assertTrue(tstuser in users,
"{0} missing from users".format(tstuser))
os_util = rah.os_util
os_util.__class__ = MockOSUtil
os_util.all_users.clear()
# refresh users
users = get_user_dictionary(rah.os_util.get_users())
self.assertTrue(tstuser not in users)
rah.handle_remote_access()
# refresh users
users = get_user_dictionary(rah.os_util.get_users())
self.assertTrue(tstuser in users,
"{0} missing from users".format(tstuser))
def test_add_user_bad_password_data(self, _1, _2, _3):
rah = RemoteAccessHandler()
rah.os_util = MockOSUtil()
tstpassword = ""
tstuser = "******"
expiration_date = datetime.utcnow() + timedelta(days=1)
pwd = tstpassword
rah.add_user(tstuser, pwd, expiration_date)
self.assertEqual(0, len(rah.os_util.get_users()))
self.assertEqual(1, len(error_messages))
self.assertEqual(1, len(info_messages))
error = "Error creating user {0}. test exception for bad password".format(tstuser)
self.assertEqual(error, error_messages[0])
self.assertEqual("User deleted {0}".format(tstuser), info_messages[0])
def test_add_user(self, *_):
with patch("azurelinuxagent.ga.remoteaccess.get_osutil", return_value=MockOSUtil()):
rah = RemoteAccessHandler(Mock())
tstpassword = "******"
tstuser = "******"
expiration_date = datetime.utcnow() + timedelta(days=1)
pwd = tstpassword
rah._add_user(tstuser, pwd, expiration_date) # pylint: disable=protected-access
users = get_user_dictionary(rah._os_util.get_users()) # pylint: disable=protected-access
self.assertTrue(tstuser in users, "{0} missing from users".format(tstuser))
actual_user = users[tstuser]
expected_expiration = (expiration_date + timedelta(days=1)).strftime("%Y-%m-%d")
self.assertEqual(actual_user[7], expected_expiration)
self.assertEqual(actual_user[4], "JIT_Account")
def test_handle_remote_access_remove_and_add(self, _):
rah = RemoteAccessHandler(Mock())
rah.os_util = MockOSUtil()
data_str = load_data('wire/remote_access_10_accounts.xml')
remote_access = RemoteAccess(data_str)
count = 0
for user in remote_access.user_list.users:
count += 1
user.name = "tstuser{0}".format(count)
expiration_date = datetime.utcnow() + timedelta(days=count)
user.expiration = expiration_date.strftime(
"%a, %d %b %Y %H:%M:%S ") + "UTC"
rah.remote_access = remote_access
rah.handle_remote_access()
users = rah.os_util.get_users()
self.assertEqual(10, len(users))
# now remove the user from RemoteAccess
new_user = "******"
deleted_user = rah.remote_access.user_list.users[3]
rah.remote_access.user_list.users[3].name = new_user
rah.handle_remote_access()
users = rah.os_util.get_users()
self.assertTrue(deleted_user not in users,
"{0} still in users".format(deleted_user))
self.assertTrue(new_user in [u[0] for u in users],
"user {0} not in users".format(new_user))
self.assertEqual(10, len(users))
def test_handle_remote_access_ten_users(self, _):
rah = RemoteAccessHandler()
rah.os_util = MockOSUtil()
data_str = load_data('wire/remote_access_10_accounts.xml')
remote_access = RemoteAccess(data_str)
count = 0
for user in remote_access.user_list.users:
count += 1
user.name = "tstuser{0}".format(count)
expiration_date = datetime.utcnow() + timedelta(days=count)
user.expiration = expiration_date.strftime("%a, %d %b %Y %H:%M:%S ") + "UTC"
rah.remote_access = remote_access
rah.handle_remote_access()
users = get_user_dictionary(rah.os_util.get_users())
self.assertEqual(10, len(users.keys()))
def test_delete_user_does_not_exist(self, _1, _2):
mock_os_util = MockOSUtil()
testusr = "******"
mock_os_util.all_users[testusr] = (testusr, None, None, None, None, None, None, None)
rah = RemoteAccessHandler()
rah.os_util = mock_os_util
testuser = "******"
error = "Failed to clean up after account creation for {0}.\n" \
"Inner error: test exception, user does not exist to delete".format(testuser)
self.assertRaisesRegex(RemoteAccessError, error, rah.handle_failed_create, testuser)
users = get_user_dictionary(rah.os_util.get_users())
self.assertEqual(1, len(users.keys()))
self.assertTrue(testusr in users, "Expected user {0} missing".format(testusr))
self.assertEqual(0, len(error_messages))
self.assertEqual(0, len(info_messages))
def test_error_add_user(self, _1, _2):
rah = RemoteAccessHandler()
rah.os_util = MockOSUtil()
tstuser = "******"
expiration = datetime.utcnow() + timedelta(days=1)
pwd = "bad password"
error = "Error adding user foobar cleanup successful\n" \
"Inner error: \[CryptError\] Error decoding secret\n" \
"Inner error: Incorrect padding".format(tstuser)
self.assertRaisesRegex(RemoteAccessError, error, rah.add_user, tstuser, pwd, expiration)
users = get_user_dictionary(rah.os_util.get_users())
self.assertEqual(0, len(users))
self.assertEqual(0, len(error_messages))
self.assertEqual(1, len(info_messages))
self.assertEqual("User deleted {0}".format(tstuser), info_messages[0])
def test_delete_user_does_not_exist(self, _1, _2):
mock_os_util = MockOSUtil()
testusr = "******"
mock_os_util.all_users[testusr] = (testusr, None, None, None, None, None, None, None)
rah = RemoteAccessHandler()
rah.os_util = mock_os_util
testuser = "******"
error = "Failed to clean up after account creation for {0}.\n" \
"Inner error: test exception, user does not exist to delete".format(testuser)
self.assertRaisesRegex(RemoteAccessError, error, rah.handle_failed_create, testuser)
users = get_user_dictionary(rah.os_util.get_users())
self.assertEqual(1, len(users.keys()))
self.assertTrue(testusr in users, "Expected user {0} missing".format(testusr))
self.assertEqual(0, len(error_messages))
self.assertEqual(0, len(info_messages))
def test_error_add_user(self, _1, _2):
rah = RemoteAccessHandler()
rah.os_util = MockOSUtil()
tstuser = "******"
expiration = datetime.utcnow() + timedelta(days=1)
pwd = "bad password"
error = "Error adding user foobar cleanup successful\n" \
"Inner error: \[CryptError\] Error decoding secret\n" \
"Inner error: Incorrect padding".format(tstuser)
self.assertRaisesRegex(RemoteAccessError, error, rah.add_user, tstuser, pwd, expiration)
users = get_user_dictionary(rah.os_util.get_users())
self.assertEqual(0, len(users))
self.assertEqual(0, len(error_messages))
self.assertEqual(1, len(info_messages))
self.assertEqual("User deleted {0}".format(tstuser), info_messages[0])
def test_handle_remote_access_ten_users(self, _):
with patch("azurelinuxagent.ga.remoteaccess.get_osutil", return_value=MockOSUtil()):
rah = RemoteAccessHandler(Mock())
data_str = load_data('wire/remote_access_10_accounts.xml')
remote_access = RemoteAccess(data_str)
count = 0
for user in remote_access.user_list.users:
count += 1
user.name = "tstuser{0}".format(count)
expiration_date = datetime.utcnow() + timedelta(days=count)
user.expiration = expiration_date.strftime("%a, %d %b %Y %H:%M:%S ") + "UTC"
rah._remote_access = remote_access # pylint: disable=protected-access
rah._handle_remote_access() # pylint: disable=protected-access
users = get_user_dictionary(rah._os_util.get_users()) # pylint: disable=protected-access
self.assertEqual(10, len(users.keys()))
def test_add_user_bad_password_data(self, _1, _2, _3):
rah = RemoteAccessHandler()
rah.os_util = MockOSUtil()
tstpassword = ""
tstuser = "******"
expiration_date = datetime.utcnow() + timedelta(days=1)
pwd = tstpassword
rah.add_user(tstuser, pwd, expiration_date)
self.assertEqual(0, len(rah.os_util.get_users()))
self.assertEqual(1, len(error_messages))
self.assertEqual(1, len(info_messages))
error = "Error creating user {0}. test exception for bad password".format(
tstuser)
self.assertEqual(error, error_messages[0])
self.assertEqual("User deleted {0}".format(tstuser), info_messages[0])
def test_remove_user_not_exists(self):
with patch("azurelinuxagent.ga.remoteaccess.get_osutil",
return_value=MockOSUtil()):
rah = RemoteAccessHandler(Mock())
user = "******"
error = "test exception, user does not exist to delete"
self.assertRaisesRegex(Exception, error, rah._remove_user, user)
def test_remote_access_handler_run_error(self, _):
mock_protocol = WireProtocol("foo.bar")
mock_protocol.get_incarnation = MagicMock(
side_effect=RemoteAccessError("foobar!"))
rah = RemoteAccessHandler(mock_protocol)
rah.os_util = MockOSUtil()
rah.run()
print(TestRemoteAccessHandler.eventing_data)
check_message = "foobar!"
self.assertTrue(
check_message in TestRemoteAccessHandler.eventing_data[4],
"expected message {0} not found in {1}".format(
check_message, TestRemoteAccessHandler.eventing_data[4]))
self.assertEqual(False, TestRemoteAccessHandler.eventing_data[2],
"is_success is true")
def test_handle_new_user(self, _):
rah = RemoteAccessHandler()
rah.os_util = MockOSUtil()
data_str = load_data('wire/remote_access_single_account.xml')
remote_access = RemoteAccess(data_str)
tstuser = remote_access.user_list.users[0].name
expiration_date = datetime.utcnow() + timedelta(days=1)
expiration = expiration_date.strftime("%a, %d %b %Y %H:%M:%S ") + "UTC"
remote_access.user_list.users[0].expiration = expiration
rah.remote_access = remote_access
rah.handle_remote_access()
users = get_user_dictionary(rah.os_util.get_users())
self.assertTrue(tstuser in users, "{0} missing from users".format(tstuser))
actual_user = users[tstuser]
expected_expiration = (expiration_date + timedelta(days=1)).strftime("%Y-%m-%d")
self.assertEqual(actual_user[7], expected_expiration)
self.assertEqual(actual_user[4], "JIT_Account")
def test_handle_new_user(self, _):
with patch("azurelinuxagent.ga.remoteaccess.get_osutil", return_value=MockOSUtil()):
rah = RemoteAccessHandler(Mock())
data_str = load_data('wire/remote_access_single_account.xml')
remote_access = RemoteAccess(data_str)
tstuser = remote_access.user_list.users[0].name
expiration_date = datetime.utcnow() + timedelta(days=1)
expiration = expiration_date.strftime("%a, %d %b %Y %H:%M:%S ") + "UTC"
remote_access.user_list.users[0].expiration = expiration
rah._remote_access = remote_access # pylint: disable=protected-access
rah._handle_remote_access() # pylint: disable=protected-access
users = get_user_dictionary(rah._os_util.get_users()) # pylint: disable=protected-access
self.assertTrue(tstuser in users, "{0} missing from users".format(tstuser))
actual_user = users[tstuser]
expected_expiration = (expiration_date + timedelta(days=1)).strftime("%Y-%m-%d")
self.assertEqual(actual_user[7], expected_expiration)
self.assertEqual(actual_user[4], "JIT_Account")
def test_handle_remote_access_multiple_users_one_removed(self, _):
with patch("azurelinuxagent.ga.remoteaccess.get_osutil",
return_value=MockOSUtil()):
rah = RemoteAccessHandler(Mock())
data_str = load_data('wire/remote_access_10_accounts.xml')
remote_access = RemoteAccess(data_str)
count = 0
for user in remote_access.user_list.users:
count += 1
user.name = "tstuser{0}".format(count)
expiration_date = datetime.utcnow() + timedelta(days=count)
user.expiration = expiration_date.strftime(
"%a, %d %b %Y %H:%M:%S ") + "UTC"
rah._remote_access = remote_access
rah._handle_remote_access()
users = rah._os_util.get_users()
self.assertEqual(10, len(users))
# now remove the user from RemoteAccess
deleted_user = rah._remote_access.user_list.users[3]
del rah._remote_access.user_list.users[3]
rah._handle_remote_access()
users = rah._os_util.get_users()
self.assertTrue(deleted_user not in users,
"{0} still in users".format(deleted_user))
self.assertEqual(9, len(users))
def test_add_user(self, _1, _2, _3):
rah = RemoteAccessHandler()
rah.os_util = MockOSUtil()
tstpassword = "******"
tstuser = "******"
expiration_date = datetime.utcnow() + timedelta(days=1)
pwd = tstpassword
rah.add_user(tstuser, pwd, expiration_date)
users = get_user_dictionary(rah.os_util.get_users())
self.assertTrue(tstuser in users, "{0} missing from users".format(tstuser))
actual_user = users[tstuser]
expected_expiration = (expiration_date + timedelta(days=1)).strftime("%Y-%m-%d")
self.assertEqual(actual_user[7], expected_expiration)
self.assertEqual(actual_user[4], "JIT_Account")
self.assertEqual(0, len(error_messages))
self.assertEqual(1, len(info_messages))
self.assertEqual(info_messages[0], "User '{0}' added successfully with expiration in {1}"
.format(tstuser, expected_expiration))
def test_delete_user_does_not_exist(self, _1, _2):
mock_os_util = MockOSUtil()
testusr = "******"
mock_os_util.all_users[testusr] = (testusr, None, None, None, None, None, None, None)
rah = RemoteAccessHandler()
rah.os_util = mock_os_util
testuser = "******"
test_message = "test message"
rah.handle_failed_create(testuser, test_message)
users = get_user_dictionary(rah.os_util.get_users())
self.assertEqual(1, len(users.keys()))
self.assertTrue(testusr in users, "Expected user {0} missing".format(testusr))
self.assertEqual(2, len(error_messages))
self.assertEqual(0, len(info_messages))
self.assertEqual("Error creating user {0}. {1}".format(testuser, test_message), error_messages[0])
msg = "Failed to clean up after account creation for {0}. test exception, user does not exist to delete"\
.format(testuser)
self.assertEqual(msg, error_messages[1])
def test_add_user(self, _1, _2, _3):
rah = RemoteAccessHandler()
rah.os_util = MockOSUtil()
tstpassword = "******"
tstuser = "******"
expiration_date = datetime.utcnow() + timedelta(days=1)
pwd = tstpassword
rah.add_user(tstuser, pwd, expiration_date)
users = get_user_dictionary(rah.os_util.get_users())
self.assertTrue(tstuser in users, "{0} missing from users".format(tstuser))
actual_user = users[tstuser]
expected_expiration = (expiration_date + timedelta(days=1)).strftime("%Y-%m-%d")
self.assertEqual(actual_user[7], expected_expiration)
self.assertEqual(actual_user[4], "JIT_Account")
self.assertEqual(0, len(error_messages))
self.assertEqual(1, len(info_messages))
self.assertEqual(info_messages[0], "User '{0}' added successfully with expiration in {1}"
.format(tstuser, expected_expiration))
def test_handle_remote_access_multiple_users(self, _):
rah = RemoteAccessHandler()
rah.os_util = MockOSUtil()
data_str = load_data('wire/remote_access_two_accounts.xml')
remote_access = RemoteAccess(data_str)
testusers = []
count = 0
while count < 2:
user = remote_access.user_list.users[count].name
expiration_date = datetime.utcnow() + timedelta(days=count + 1)
expiration = expiration_date.strftime("%a, %d %b %Y %H:%M:%S ") + "UTC"
remote_access.user_list.users[count].expiration = expiration
testusers.append(user)
count += 1
rah.remote_access = remote_access
rah.handle_remote_access()
users = get_user_dictionary(rah.os_util.get_users())
self.assertTrue(testusers[0] in users, "{0} missing from users".format(testusers[0]))
self.assertTrue(testusers[1] in users, "{0} missing from users".format(testusers[1]))
def test_handle_remote_access_multiple_users(self, _):
with patch("azurelinuxagent.ga.remoteaccess.get_osutil", return_value=MockOSUtil()):
rah = RemoteAccessHandler(Mock())
data_str = load_data('wire/remote_access_two_accounts.xml')
remote_access = RemoteAccess(data_str)
testusers = []
count = 0
while count < 2:
user = remote_access.user_list.users[count].name
expiration_date = datetime.utcnow() + timedelta(days=count + 1)
expiration = expiration_date.strftime("%a, %d %b %Y %H:%M:%S ") + "UTC"
remote_access.user_list.users[count].expiration = expiration
testusers.append(user)
count += 1
rah._remote_access = remote_access # pylint: disable=protected-access
rah._handle_remote_access() # pylint: disable=protected-access
users = get_user_dictionary(rah._os_util.get_users()) # pylint: disable=protected-access
self.assertTrue(testusers[0] in users, "{0} missing from users".format(testusers[0]))
self.assertTrue(testusers[1] in users, "{0} missing from users".format(testusers[1]))
def test_error_add_user(self):
with patch("azurelinuxagent.ga.remoteaccess.get_osutil", return_value=MockOSUtil()):
rah = RemoteAccessHandler(Mock())
tstuser = "******"
expiration = datetime.utcnow() + timedelta(days=1)
pwd = "bad password"
error = r"\[CryptError\] Error decoding secret\nInner error: Incorrect padding"
self.assertRaisesRegex(Exception, error, rah._add_user, tstuser, pwd, expiration) # pylint: disable=protected-access
users = get_user_dictionary(rah._os_util.get_users()) # pylint: disable=protected-access
self.assertEqual(0, len(users))
def test_add_user_bad_password_data(self, *_):
with patch("azurelinuxagent.ga.remoteaccess.get_osutil", return_value=MockOSUtil()):
rah = RemoteAccessHandler(Mock())
tstpassword = ""
tstuser = "******"
expiration = datetime.utcnow() + timedelta(days=1)
pwd = tstpassword
error = "test exception for bad password"
self.assertRaisesRegex(Exception, error, rah._add_user, tstuser, pwd, expiration) # pylint: disable=protected-access
self.assertEqual(0, len(rah._os_util.get_users())) # pylint: disable=protected-access
def test_add_user_bad_creation_data(self, *_):
with patch("azurelinuxagent.ga.remoteaccess.get_osutil",
return_value=MockOSUtil()):
rah = RemoteAccessHandler(Mock())
tstpassword = "******"
tstuser = ""
expiration = datetime.utcnow() + timedelta(days=1)
pwd = tstpassword
error = "test exception for bad username"
self.assertRaisesRegex(Exception, error, rah._add_user, tstuser,
pwd, expiration)
self.assertEqual(0, len(rah._os_util.get_users()))
def test_delete_user_does_not_exist(self, _1, _2):
mock_os_util = MockOSUtil()
testusr = "******"
mock_os_util.all_users[testusr] = (testusr, None, None, None, None,
None, None, None)
rah = RemoteAccessHandler()
rah.os_util = mock_os_util
testuser = "******"
test_message = "test message"
rah.handle_failed_create(testuser, test_message)
users = get_user_dictionary(rah.os_util.get_users())
self.assertEqual(1, len(users.keys()))
self.assertTrue(testusr in users,
"Expected user {0} missing".format(testusr))
self.assertEqual(2, len(error_messages))
self.assertEqual(0, len(info_messages))
self.assertEqual(
"Error creating user {0}. {1}".format(testuser, test_message),
error_messages[0])
msg = "Failed to clean up after account creation for {0}. test exception, user does not exist to delete"\
.format(testuser)
self.assertEqual(msg, error_messages[1])
def test_add_user_already_existing(self, _):
rah = RemoteAccessHandler()
rah.os_util = MockOSUtil()
tstpassword = "******"
tstuser = "******"
expiration_date = datetime.utcnow() + timedelta(days=1)
pwd = tstpassword
rah.add_user(tstuser, pwd, expiration_date)
users = get_user_dictionary(rah.os_util.get_users())
self.assertTrue(tstuser in users, "{0} missing from users".format(tstuser))
self.assertEqual(1, len(users.keys()))
actual_user = users[tstuser]
self.assertEqual(actual_user[7], (expiration_date + timedelta(days=1)).strftime("%Y-%m-%d"))
# add the new duplicate user, ensure it's not created and does not overwrite the existing user.
# this does not test the user add function as that's mocked, it tests processing skips the remaining
# calls after the initial failure
new_user_expiration = datetime.utcnow() + timedelta(days=5)
self.assertRaises(RemoteAccessError, rah.add_user, tstuser, pwd, new_user_expiration)
# refresh users
users = get_user_dictionary(rah.os_util.get_users())
self.assertTrue(tstuser in users, "{0} missing from users after dup user attempted".format(tstuser))
self.assertEqual(1, len(users.keys()))
actual_user = users[tstuser]
self.assertEqual(actual_user[7], (expiration_date + timedelta(days=1)).strftime("%Y-%m-%d"))
def test_remote_access_handler_run_bad_data(self, _1, _2, _3, _4, _5):
rah = RemoteAccessHandler()
rah.os_util = MockOSUtil()
tstpassword = "******"
tstuser = "******"
expiration_date = datetime.utcnow() + timedelta(days=1)
pwd = tstpassword
rah.add_user(tstuser, pwd, expiration_date)
users = get_user_dictionary(rah.os_util.get_users())
self.assertTrue(tstuser in users, "{0} missing from users".format(tstuser))
rah.run()
self.assertTrue(tstuser in users, "{0} missing from users".format(tstuser))
def test_handle_remote_access_multiple_users_error_with_null_remote_access(self, _):
rah = RemoteAccessHandler()
rah.os_util = MockOSUtil()
data_str = load_data('wire/remote_access_10_accounts.xml')
remote_access = RemoteAccess(data_str)
count = 0
for user in remote_access.user_list.users:
count += 1
user.name = "tstuser{0}".format(count)
expiration_date = datetime.utcnow() + timedelta(days=count)
user.expiration = expiration_date.strftime("%a, %d %b %Y %H:%M:%S ") + "UTC"
rah.remote_access = remote_access
rah.handle_remote_access()
users = rah.os_util.get_users()
self.assertEqual(10, len(users))
# now remove the user from RemoteAccess
rah.remote_access = None
rah.handle_remote_access()
users = rah.os_util.get_users()
self.assertEqual(0, len(users))
def test_handle_remote_access_deleted_user_readded(self, _):
rah = RemoteAccessHandler()
rah.os_util = MockOSUtil()
data_str = load_data('wire/remote_access_single_account.xml')
remote_access = RemoteAccess(data_str)
tstuser = remote_access.user_list.users[0].name
expiration_date = datetime.utcnow() + timedelta(days=1)
expiration = expiration_date.strftime("%a, %d %b %Y %H:%M:%S ") + "UTC"
remote_access.user_list.users[0].expiration = expiration
rah.remote_access = remote_access
rah.handle_remote_access()
users = get_user_dictionary(rah.os_util.get_users())
self.assertTrue(tstuser in users, "{0} missing from users".format(tstuser))
os_util = rah.os_util
os_util.__class__ = MockOSUtil
os_util.all_users.clear()
# refresh users
users = get_user_dictionary(rah.os_util.get_users())
self.assertTrue(tstuser not in users)
rah.handle_remote_access()
# refresh users
users = get_user_dictionary(rah.os_util.get_users())
self.assertTrue(tstuser in users, "{0} missing from users".format(tstuser))
def test_delete_user(self, _1, _2, _3):
rah = RemoteAccessHandler()
rah.os_util = MockOSUtil()
tstpassword = "******"
tstuser = "******"
expiration_date = datetime.utcnow() + timedelta(days=1)
expected_expiration = (expiration_date + timedelta(days=1)).strftime("%Y-%m-%d")
pwd = tstpassword
rah.add_user(tstuser, pwd, expiration_date)
users = get_user_dictionary(rah.os_util.get_users())
self.assertTrue(tstuser in users, "{0} missing from users".format(tstuser))
rah.delete_user(tstuser)
# refresh users
users = get_user_dictionary(rah.os_util.get_users())
self.assertFalse(tstuser in users)
self.assertEqual(0, len(error_messages))
self.assertEqual(2, len(info_messages))
self.assertEqual("User '{0}' added successfully with expiration in {1}".format(tstuser, expected_expiration),
info_messages[0])
self.assertEqual("User deleted {0}".format(tstuser), info_messages[1])
def test_handle_remote_access_remove_and_add(self, _):
rah = RemoteAccessHandler()
rah.os_util = MockOSUtil()
data_str = load_data('wire/remote_access_10_accounts.xml')
remote_access = RemoteAccess(data_str)
count = 0
for user in remote_access.user_list.users:
count += 1
user.name = "tstuser{0}".format(count)
expiration_date = datetime.utcnow() + timedelta(days=count)
user.expiration = expiration_date.strftime("%a, %d %b %Y %H:%M:%S ") + "UTC"
rah.remote_access = remote_access
rah.handle_remote_access()
users = rah.os_util.get_users()
self.assertEqual(10, len(users))
# now remove the user from RemoteAccess
new_user = "******"
deleted_user = rah.remote_access.user_list.users[3]
rah.remote_access.user_list.users[3].name = new_user
rah.handle_remote_access()
users = rah.os_util.get_users()
self.assertTrue(deleted_user not in users, "{0} still in users".format(deleted_user))
self.assertTrue(new_user in [u[0] for u in users], "user {0} not in users".format(new_user))
self.assertEqual(10, len(users))
def test_handle_remote_access_validate_jit_user_valid(self):
rah = RemoteAccessHandler()
comment = "JIT_Account"
result = rah.validate_jit_user(comment)
self.assertTrue(result, "Did not identify '{0}' as a JIT_Account".format(comment))
def test_remove_user_error(self):
rah = RemoteAccessHandler()
rah.os_util = MockOSUtil()
error = "Failed to delete user {0}\nInner error: test exception, bad data".format("")
self.assertRaisesRegex(RemoteAccessError, error, rah.remove_user, "")
