def testGetMap(self): """that GetMap is calling the right GetFooMap routines.""" self.mox.StubOutWithMock(nss, 'GetPasswdMap') nss.GetPasswdMap().AndReturn('TEST_PASSWORD') self.mox.StubOutWithMock(nss, 'GetGroupMap') nss.GetGroupMap().AndReturn('TEST_GROUP') self.mox.StubOutWithMock(nss, 'GetShadowMap') nss.GetShadowMap().AndReturn('TEST_SHADOW') self.mox.ReplayAll() self.assertEquals('TEST_PASSWORD', nss.GetMap(config.MAP_PASSWORD)) self.assertEquals('TEST_GROUP', nss.GetMap(config.MAP_GROUP)) self.assertEquals('TEST_SHADOW', nss.GetMap(config.MAP_SHADOW))
def testVerifyMapsException(self): cache_mock = self.mox.CreateMock(caches.Cache) cache_mock.GetMap().AndRaise(error.CacheNotFound) self.mox.StubOutWithMock(cache_factory, 'Create') cache_factory.Create(self.conf.options[config.MAP_PASSWORD].cache, config.MAP_PASSWORD).AndReturn(cache_mock) self.conf.maps = [config.MAP_PASSWORD] self.mox.StubOutWithMock(nss, 'GetMap') nss.GetMap(config.MAP_PASSWORD).AndReturn(self.small_map) self.mox.ReplayAll() c = command.Verify() self.assertEquals(1, c.VerifyMaps(self.conf))
def testVerifyMapsSucceedsOnGoodMaps(self): cache_mock = self.mox.CreateMock(caches.Cache) cache_mock.GetMap().AndReturn(self.small_map) self.mox.StubOutWithMock(cache_factory, 'Create') cache_factory.Create(self.conf.options[config.MAP_PASSWORD].cache, config.MAP_PASSWORD).AndReturn(cache_mock) self.conf.maps = [config.MAP_PASSWORD] self.mox.StubOutWithMock(nss, 'GetMap') nss.GetMap(config.MAP_PASSWORD).AndReturn(self.big_map) self.mox.ReplayAll() c = command.Verify() self.assertEqual(0, c.VerifyMaps(self.conf))
def VerifyMaps(self, conf): """Compare each configured map against data retrieved from NSS. For each configured map, build a Map object from NSS and compare it against a Map object retrieved directly from the cache. We expect the cache Map to be a subset of the nss Map due to possible inclusion of other NSS map types (e.g. files, nis, ldap, etc). This could be done via series of get*nam calls, however at this time it appears to be more efficient to grab them in bulk and use the Map.__contains__() membership test. Args: conf: nss_cache.config.Config object Returns: count of failures when verifying """ retval = 0 for map_name in conf.maps: self.log.info('Verifying map: %s.', map_name) # The netgroup map does not have an enumerator, # to test this we'd have to loop over the loaded cache map # and verify each entry is retrievable via getent directly. # TODO(blaed): apply fix from comment to allow for netgroup checking if map_name == config.MAP_NETGROUP: self.log.info(('The netgroup map does not support enumeration, ' 'skipping.')) continue # Automount maps do not support getent, we'll have to come up with # a good way to verify these. if map_name == config.MAP_AUTOMOUNT: self.log.info(('The automount map does not support enumeration, ' 'skipping.')) continue try: nss_map = nss.GetMap(map_name) except error.UnsupportedMap: self.log.warning('Verification of %s map is unsupported!', map_name) continue self.log.debug('built NSS map of %d entries', len(nss_map)) cache_options = conf.options[map_name].cache cache = cache_factory.Create(cache_options, map_name) try: cache_map = cache.GetMap() except error.CacheNotFound: self.log.error('Cache missing!') retval +=1 continue self.log.debug('built cache map of %d entries', len(cache_map)) # cache_map is a subset of nss_map due to possible other maps, # e.g. files, nis, ldap, etc. missing_entries = 0 for map_entry in cache_map: if map_entry not in nss_map: self.log.info('The following entry is present in the cache ' 'but not availible via NSS! %s', map_entry.name) self.log.debug('missing entry data: %s', map_entry) missing_entries += 1 if missing_entries > 0: self.log.warning('Missing %d entries in %s map', missing_entries, map_name) retval +=1 return retval