def test_realm_data_propagation(self, publisher):
"""Test that realm data changes propagate to realm join task."""
# We connect to the realm_changed signal and update the realm data holder
# in the realm join task when the signal is triggered.
realm1 = RealmData()
realm1.name = "domain.example.com"
realm1.discover_options = ["--client-software=sssd"]
realm1.discovered = False
self.security_interface.SetRealm(RealmData.to_structure(realm1))
realm_join_task_path = self.security_interface.JoinRealmWithTask()
# realm join - after task creation
obj = check_task_creation(realm_join_task_path, publisher,
RealmJoinTask)
assert obj.implementation._realm_data.discovered is False
assert obj.implementation._realm_data.name == "domain.example.com"
assert obj.implementation._realm_data.join_options == []
# change realm data and check the changes propagate to the realm join task
realm2 = RealmData()
realm2.name = "domain.example.com"
realm2.discover_options = ["--client-software=sssd"]
realm2.join_options = ["--one-time-password=password"]
realm2.discovered = True
self.security_interface.SetRealm(RealmData.to_structure(realm2))
# realm join - after realm data update
assert obj.implementation._realm_data.discovered is True
assert obj.implementation._realm_data.name == "domain.example.com"
assert obj.implementation._realm_data.join_options == [
"--one-time-password=password"
]
def test_realmd_requirements(self):
"""Test that package requirements in realm data propagate correctly."""
realm = RealmData()
realm.name = "domain.example.com"
realm.discover_options = ["--client-software=sssd"]
realm.join_options = ["--one-time-password=password"]
realm.discovered = True
realm.required_packages = ["realmd", "foo", "bar"]
self.security_interface.SetRealm(RealmData.to_structure(realm))
# check that the teamd package is requested
assert self.security_interface.CollectRequirements() == [{
"type":
get_variant(Str, "package"),
"name":
get_variant(Str, "realmd"),
"reason":
get_variant(Str, "Needed to join a realm.")
}, {
"type":
get_variant(Str, "package"),
"name":
get_variant(Str, "foo"),
"reason":
get_variant(Str, "Needed to join a realm.")
}, {
"type":
get_variant(Str, "package"),
"name":
get_variant(Str, "bar"),
"reason":
get_variant(Str, "Needed to join a realm.")
}]
def test_install_with_tasks_configured(self, publisher):
"""Test install tasks - module in configured state."""
realm = RealmData()
realm.name = "domain.example.com"
realm.discover_options = ["--client-software=sssd"]
realm.join_options = ["--one-time-password=password"]
realm.discovered = True
authselect = ['select', 'sssd']
fingerprint = True
self.security_interface.SetRealm(RealmData.to_structure(realm))
self.security_interface.SetSELinux(SELINUX_PERMISSIVE)
self.security_interface.SetAuthselect(authselect)
self.security_interface.SetFingerprintAuthEnabled(fingerprint)
task_classes = [
ConfigureSELinuxTask,
ConfigureFingerprintAuthTask,
ConfigureAuthselectTask,
]
task_paths = self.security_interface.InstallWithTasks()
task_objs = check_task_creation_list(task_paths, publisher,
task_classes)
# ConfigureSELinuxTask
obj = task_objs[0]
assert obj.implementation._selinux_mode == SELinuxMode.PERMISSIVE
# ConfigureFingerprintAuthTask
obj = task_objs[1]
assert obj.implementation._fingerprint_auth_enabled == fingerprint
# ConfigureAuthselectTask
obj = task_objs[2]
assert obj.implementation._authselect_options == authselect
def install_with_tasks_configured_test(self, publisher):
"""Test install tasks - module in configured state."""
realm = RealmData()
realm.name = "domain.example.com"
realm.discover_options = ["--client-software=sssd"]
realm.join_options = ["--one-time-password=password"]
realm.discovered = True
self.security_interface.SetRealm(RealmData.to_structure(realm))
self.security_interface.SetSELinux(SELINUX_PERMISSIVE)
tasks = self.security_interface.InstallWithTasks()
selinux_task_path = tasks[0]
publisher.assert_called()
# SELinux configuration
object_path = publisher.call_args_list[0][0][0]
obj = publisher.call_args_list[0][0][1]
self.assertEqual(selinux_task_path, object_path)
self.assertIsInstance(obj, TaskInterface)
self.assertIsInstance(obj.implementation, ConfigureSELinuxTask)
self.assertEqual(obj.implementation._selinux_mode,
SELinuxMode.PERMISSIVE)
def test_realm_join_configured(self, publisher):
"""Test module in configured state with realm join task."""
realm = RealmData()
realm.name = "domain.example.com"
realm.discover_options = ["--client-software=sssd"]
realm.join_options = ["--one-time-password=password"]
realm.discovered = True
self.security_interface.SetRealm(RealmData.to_structure(realm))
realm_join_task_path = self.security_interface.JoinRealmWithTask()
obj = check_task_creation(realm_join_task_path, publisher, RealmJoinTask)
assert obj.implementation._realm_data.discovered is True
assert obj.implementation._realm_data.name == "domain.example.com"
assert obj.implementation._realm_data.join_options == ["--one-time-password=password"]
def test_realm_join_not_discovered(self, execWithRedirect):
"""Test the realm join install task - no realm discovered."""
with tempfile.TemporaryDirectory() as sysroot:
os.makedirs(os.path.join(sysroot, "usr/bin"))
os.mknod(os.path.join(sysroot, "usr/bin/realm"))
assert os.path.exists(os.path.join(sysroot, "usr/bin/realm"))
realm_data = RealmData()
realm_data.name = "foo-realm"
realm_data.join_options = ["--bar", "baz"]
realm_data.discovered = False
task = RealmJoinTask(sysroot=sysroot, realm_data=realm_data)
task.run()
# check if the realm command invocation looks right
execWithRedirect.assert_not_called()
def test_realm_join(self, execWithRedirect):
"""Test the realm join install task."""
with tempfile.TemporaryDirectory() as sysroot:
os.makedirs(os.path.join(sysroot, "usr/bin"))
os.mknod(os.path.join(sysroot, "usr/bin/realm"))
assert os.path.exists(os.path.join(sysroot, "usr/bin/realm"))
realm_data = RealmData()
realm_data.name = "foo-realm"
realm_data.join_options = ["--bar", "baz"]
realm_data.discovered = True
task = RealmJoinTask(sysroot=sysroot, realm_data=realm_data)
task.run()
# check if the realm command invocation looks right
execWithRedirect.assert_called_once_with('realm',
['join', '--install', sysroot, '--verbose',
'--no-password', '--bar', 'baz'])
def realm_join_one_time_password_test(self, execWithRedirect):
"""Test the realm join install task - one time password."""
with tempfile.TemporaryDirectory() as sysroot:
os.makedirs(os.path.join(sysroot, "usr/bin"))
os.mknod(os.path.join(sysroot, "usr/bin/realm"))
self.assertTrue(os.path.exists(os.path.join(sysroot, "usr/bin/realm")))
realm_data = RealmData()
realm_data.name = "foo-realm"
realm_data.join_options=["--one-time-password", "abcdefgh"]
realm_data.discovered = True
task = RealmJoinTask(sysroot=sysroot, realm_data=realm_data)
task.run()
# check if the realm command invocation looks right
execWithRedirect.assert_called_once_with('realm',
['join', '--install', sysroot, '--verbose',
'--one-time-password', 'abcdefgh'])
