def test_remove_user_not_exists(self): rah = RemoteAccessHandler() rah.os_util = MockOSUtil() user = "******" error = "Failed to delete user {0}\n" \ "Inner error: test exception, user does not exist to delete".format(user) self.assertRaisesRegex(RemoteAccessError, error, rah.remove_user, user)
def test_add_user_already_existing(self, _): rah = RemoteAccessHandler(Mock()) rah.os_util = MockOSUtil() tstpassword = "******" tstuser = "******" expiration_date = datetime.utcnow() + timedelta(days=1) pwd = tstpassword rah.add_user(tstuser, pwd, expiration_date) users = get_user_dictionary(rah.os_util.get_users()) self.assertTrue(tstuser in users, "{0} missing from users".format(tstuser)) self.assertEqual(1, len(users.keys())) actual_user = users[tstuser] self.assertEqual(actual_user[7], (expiration_date + timedelta(days=1)).strftime("%Y-%m-%d")) # add the new duplicate user, ensure it's not created and does not overwrite the existing user. # this does not test the user add function as that's mocked, it tests processing skips the remaining # calls after the initial failure new_user_expiration = datetime.utcnow() + timedelta(days=5) self.assertRaises(RemoteAccessError, rah.add_user, tstuser, pwd, new_user_expiration) # refresh users users = get_user_dictionary(rah.os_util.get_users()) self.assertTrue( tstuser in users, "{0} missing from users after dup user attempted".format(tstuser)) self.assertEqual(1, len(users.keys())) actual_user = users[tstuser] self.assertEqual(actual_user[7], (expiration_date + timedelta(days=1)).strftime("%Y-%m-%d"))
def test_remove_user_not_exists(self): rah = RemoteAccessHandler(Mock()) rah.os_util = MockOSUtil() user = "******" error = "Failed to delete user {0}\n" \ "Inner error: test exception, user does not exist to delete".format(user) self.assertRaisesRegex(RemoteAccessError, error, rah.remove_user, user)
def test_remote_access_handler_should_retrieve_users_when_it_is_invoked_the_first_time(self): mock_os_util = MagicMock() with patch("azurelinuxagent.ga.remoteaccess.get_osutil", return_value=mock_os_util): with mock_wire_protocol(DATA_FILE) as mock_protocol: rah = RemoteAccessHandler(mock_protocol) rah.run() self.assertTrue(len(mock_os_util.get_users.call_args_list) == 1, "The first invocation of remote access should have retrieved the current users")
def test_remote_access_handler_should_retrieve_users_when_goal_state_contains_jit_users(self): mock_os_util = MagicMock() with patch("azurelinuxagent.ga.remoteaccess.get_osutil", return_value=mock_os_util): with mock_wire_protocol(DATA_FILE_REMOTE_ACCESS) as mock_protocol: rah = RemoteAccessHandler(mock_protocol) rah.run() self.assertTrue(len(mock_os_util.get_users.call_args_list) > 0, "A goal state with jit users did not retrieve the current users")
def test_handle_remote_access_validate_jit_user_invalid(self): rah = RemoteAccessHandler() test_users = ["John Doe", None, "", " "] failed_results = "" for user in test_users: if rah.validate_jit_user(user): failed_results += "incorrectly identified '{0} as a JIT_Account'. ".format(user) if len(failed_results) > 0: self.fail(failed_results)
def test_handle_remote_access_validate_jit_user_invalid(self): rah = RemoteAccessHandler(Mock()) test_users = ["John Doe", None, "", " "] failed_results = "" for user in test_users: if rah._is_jit_user(user): # pylint: disable=protected-access failed_results += "incorrectly identified '{0} as a JIT_Account'. ".format(user) if len(failed_results) > 0: # pylint: disable=len-as-condition self.fail(failed_results)
def test_handle_remote_access_no_users(self): with patch("azurelinuxagent.ga.remoteaccess.get_osutil", return_value=MockOSUtil()): rah = RemoteAccessHandler(Mock()) data_str = load_data('wire/remote_access_no_accounts.xml') remote_access = RemoteAccess(data_str) rah._remote_access = remote_access # pylint: disable=protected-access rah._handle_remote_access() # pylint: disable=protected-access users = get_user_dictionary(rah._os_util.get_users()) # pylint: disable=protected-access self.assertEqual(0, len(users.keys()))
def test_handle_remote_access_no_users(self): rah = RemoteAccessHandler() rah.os_util = MockOSUtil() data_str = load_data('wire/remote_access_no_accounts.xml') remote_access = RemoteAccess(data_str) rah.remote_access = remote_access rah.handle_remote_access() users = get_user_dictionary(rah.os_util.get_users()) self.assertEqual(0, len(users.keys()))
def test_handle_failed_create_with_bad_data(self): mock_os_util = MockOSUtil() testusr = "******" mock_os_util.all_users[testusr] = (testusr, None, None, None, None, None, None, None) rah = RemoteAccessHandler() rah.os_util = mock_os_util self.assertRaises(RemoteAccessError, rah.handle_failed_create, "") users = get_user_dictionary(rah.os_util.get_users()) self.assertEqual(1, len(users.keys())) self.assertTrue(testusr in users, "Expected user {0} missing".format(testusr))
def test_remote_access_handler_run_error(self, _1, _2): rah = RemoteAccessHandler() rah.os_util = MockOSUtil() rah.run() print(TestRemoteAccessHandler.eventing_data) check_message = "foobar!" self.assertTrue(check_message in TestRemoteAccessHandler.eventing_data[4], "expected message {0} not found in {1}" .format(check_message, TestRemoteAccessHandler.eventing_data[4])) self.assertEqual(False, TestRemoteAccessHandler.eventing_data[2], "is_success is true")
def test_do_not_add_expired_user(self): with patch("azurelinuxagent.ga.remoteaccess.get_osutil", return_value=MockOSUtil()): rah = RemoteAccessHandler(Mock()) data_str = load_data('wire/remote_access_single_account.xml') remote_access = RemoteAccess(data_str) expiration = (datetime.utcnow() - timedelta(days=2)).strftime("%a, %d %b %Y %H:%M:%S ") + "UTC" remote_access.user_list.users[0].expiration = expiration rah._remote_access = remote_access # pylint: disable=protected-access rah._handle_remote_access() # pylint: disable=protected-access users = get_user_dictionary(rah._os_util.get_users()) # pylint: disable=protected-access self.assertFalse("testAccount" in users)
def test_do_not_add_expired_user(self): rah = RemoteAccessHandler() rah.os_util = MockOSUtil() data_str = load_data('wire/remote_access_single_account.xml') remote_access = RemoteAccess(data_str) expiration = (datetime.utcnow() - timedelta(days=2)).strftime("%a, %d %b %Y %H:%M:%S ") + "UTC" remote_access.user_list.users[0].expiration = expiration rah.remote_access = remote_access rah.handle_remote_access() users = get_user_dictionary(rah.os_util.get_users()) self.assertFalse("testAccount" in users)
def test_add_user_bad_creation_data(self, _1, _2, _3): rah = RemoteAccessHandler() rah.os_util = MockOSUtil() tstpassword = "******" tstuser = "" expiration = datetime.utcnow() + timedelta(days=1) pwd = tstpassword error = "Error adding user {0}. test exception for bad username".format(tstuser) self.assertRaisesRegex(RemoteAccessError, error, rah.add_user, tstuser, pwd, expiration) self.assertEqual(0, len(rah.os_util.get_users())) self.assertEqual(0, len(error_messages)) self.assertEqual(0, len(info_messages))
def test_add_user_bad_password_data(self, _1, _2, _3): rah = RemoteAccessHandler() rah.os_util = MockOSUtil() tstpassword = "" tstuser = "******" expiration = datetime.utcnow() + timedelta(days=1) pwd = tstpassword error = "Error adding user {0} cleanup successful\nInner error: test exception for bad password".format(tstuser) self.assertRaisesRegex(RemoteAccessError, error, rah.add_user, tstuser, pwd, expiration) self.assertEqual(0, len(rah.os_util.get_users())) self.assertEqual(0, len(error_messages)) self.assertEqual(1, len(info_messages)) self.assertEqual("User deleted {0}".format(tstuser), info_messages[0])
def test_remote_access_handler_run_error(self, _): with patch("azurelinuxagent.ga.remoteaccess.get_osutil", return_value=MockOSUtil()): mock_protocol = WireProtocol("foo.bar") mock_protocol.get_incarnation = MagicMock(side_effect=Exception("foobar!")) rah = RemoteAccessHandler(mock_protocol) rah.run() print(TestRemoteAccessHandler.eventing_data) check_message = "foobar!" self.assertTrue(check_message in TestRemoteAccessHandler.eventing_data[4], "expected message {0} not found in {1}" .format(check_message, TestRemoteAccessHandler.eventing_data[4])) self.assertEqual(False, TestRemoteAccessHandler.eventing_data[2], "is_success is true")
def test_handle_remote_access_deleted_user_readded(self, _): rah = RemoteAccessHandler(Mock()) rah.os_util = MockOSUtil() data_str = load_data('wire/remote_access_single_account.xml') remote_access = RemoteAccess(data_str) tstuser = remote_access.user_list.users[0].name expiration_date = datetime.utcnow() + timedelta(days=1) expiration = expiration_date.strftime("%a, %d %b %Y %H:%M:%S ") + "UTC" remote_access.user_list.users[0].expiration = expiration rah.remote_access = remote_access rah.handle_remote_access() users = get_user_dictionary(rah.os_util.get_users()) self.assertTrue(tstuser in users, "{0} missing from users".format(tstuser)) os_util = rah.os_util os_util.__class__ = MockOSUtil os_util.all_users.clear() # refresh users users = get_user_dictionary(rah.os_util.get_users()) self.assertTrue(tstuser not in users) rah.handle_remote_access() # refresh users users = get_user_dictionary(rah.os_util.get_users()) self.assertTrue(tstuser in users, "{0} missing from users".format(tstuser))
def test_add_user_bad_password_data(self, _1, _2, _3): rah = RemoteAccessHandler() rah.os_util = MockOSUtil() tstpassword = "" tstuser = "******" expiration_date = datetime.utcnow() + timedelta(days=1) pwd = tstpassword rah.add_user(tstuser, pwd, expiration_date) self.assertEqual(0, len(rah.os_util.get_users())) self.assertEqual(1, len(error_messages)) self.assertEqual(1, len(info_messages)) error = "Error creating user {0}. test exception for bad password".format(tstuser) self.assertEqual(error, error_messages[0]) self.assertEqual("User deleted {0}".format(tstuser), info_messages[0])
def test_add_user(self, *_): with patch("azurelinuxagent.ga.remoteaccess.get_osutil", return_value=MockOSUtil()): rah = RemoteAccessHandler(Mock()) tstpassword = "******" tstuser = "******" expiration_date = datetime.utcnow() + timedelta(days=1) pwd = tstpassword rah._add_user(tstuser, pwd, expiration_date) # pylint: disable=protected-access users = get_user_dictionary(rah._os_util.get_users()) # pylint: disable=protected-access self.assertTrue(tstuser in users, "{0} missing from users".format(tstuser)) actual_user = users[tstuser] expected_expiration = (expiration_date + timedelta(days=1)).strftime("%Y-%m-%d") self.assertEqual(actual_user[7], expected_expiration) self.assertEqual(actual_user[4], "JIT_Account")
def test_handle_remote_access_remove_and_add(self, _): rah = RemoteAccessHandler(Mock()) rah.os_util = MockOSUtil() data_str = load_data('wire/remote_access_10_accounts.xml') remote_access = RemoteAccess(data_str) count = 0 for user in remote_access.user_list.users: count += 1 user.name = "tstuser{0}".format(count) expiration_date = datetime.utcnow() + timedelta(days=count) user.expiration = expiration_date.strftime( "%a, %d %b %Y %H:%M:%S ") + "UTC" rah.remote_access = remote_access rah.handle_remote_access() users = rah.os_util.get_users() self.assertEqual(10, len(users)) # now remove the user from RemoteAccess new_user = "******" deleted_user = rah.remote_access.user_list.users[3] rah.remote_access.user_list.users[3].name = new_user rah.handle_remote_access() users = rah.os_util.get_users() self.assertTrue(deleted_user not in users, "{0} still in users".format(deleted_user)) self.assertTrue(new_user in [u[0] for u in users], "user {0} not in users".format(new_user)) self.assertEqual(10, len(users))
def test_handle_remote_access_ten_users(self, _): rah = RemoteAccessHandler() rah.os_util = MockOSUtil() data_str = load_data('wire/remote_access_10_accounts.xml') remote_access = RemoteAccess(data_str) count = 0 for user in remote_access.user_list.users: count += 1 user.name = "tstuser{0}".format(count) expiration_date = datetime.utcnow() + timedelta(days=count) user.expiration = expiration_date.strftime("%a, %d %b %Y %H:%M:%S ") + "UTC" rah.remote_access = remote_access rah.handle_remote_access() users = get_user_dictionary(rah.os_util.get_users()) self.assertEqual(10, len(users.keys()))
def test_delete_user_does_not_exist(self, _1, _2): mock_os_util = MockOSUtil() testusr = "******" mock_os_util.all_users[testusr] = (testusr, None, None, None, None, None, None, None) rah = RemoteAccessHandler() rah.os_util = mock_os_util testuser = "******" error = "Failed to clean up after account creation for {0}.\n" \ "Inner error: test exception, user does not exist to delete".format(testuser) self.assertRaisesRegex(RemoteAccessError, error, rah.handle_failed_create, testuser) users = get_user_dictionary(rah.os_util.get_users()) self.assertEqual(1, len(users.keys())) self.assertTrue(testusr in users, "Expected user {0} missing".format(testusr)) self.assertEqual(0, len(error_messages)) self.assertEqual(0, len(info_messages))
def test_error_add_user(self, _1, _2): rah = RemoteAccessHandler() rah.os_util = MockOSUtil() tstuser = "******" expiration = datetime.utcnow() + timedelta(days=1) pwd = "bad password" error = "Error adding user foobar cleanup successful\n" \ "Inner error: \[CryptError\] Error decoding secret\n" \ "Inner error: Incorrect padding".format(tstuser) self.assertRaisesRegex(RemoteAccessError, error, rah.add_user, tstuser, pwd, expiration) users = get_user_dictionary(rah.os_util.get_users()) self.assertEqual(0, len(users)) self.assertEqual(0, len(error_messages)) self.assertEqual(1, len(info_messages)) self.assertEqual("User deleted {0}".format(tstuser), info_messages[0])
def test_handle_remote_access_ten_users(self, _): with patch("azurelinuxagent.ga.remoteaccess.get_osutil", return_value=MockOSUtil()): rah = RemoteAccessHandler(Mock()) data_str = load_data('wire/remote_access_10_accounts.xml') remote_access = RemoteAccess(data_str) count = 0 for user in remote_access.user_list.users: count += 1 user.name = "tstuser{0}".format(count) expiration_date = datetime.utcnow() + timedelta(days=count) user.expiration = expiration_date.strftime("%a, %d %b %Y %H:%M:%S ") + "UTC" rah._remote_access = remote_access # pylint: disable=protected-access rah._handle_remote_access() # pylint: disable=protected-access users = get_user_dictionary(rah._os_util.get_users()) # pylint: disable=protected-access self.assertEqual(10, len(users.keys()))
def test_add_user_bad_password_data(self, _1, _2, _3): rah = RemoteAccessHandler() rah.os_util = MockOSUtil() tstpassword = "" tstuser = "******" expiration_date = datetime.utcnow() + timedelta(days=1) pwd = tstpassword rah.add_user(tstuser, pwd, expiration_date) self.assertEqual(0, len(rah.os_util.get_users())) self.assertEqual(1, len(error_messages)) self.assertEqual(1, len(info_messages)) error = "Error creating user {0}. test exception for bad password".format( tstuser) self.assertEqual(error, error_messages[0]) self.assertEqual("User deleted {0}".format(tstuser), info_messages[0])
def test_remove_user_not_exists(self): with patch("azurelinuxagent.ga.remoteaccess.get_osutil", return_value=MockOSUtil()): rah = RemoteAccessHandler(Mock()) user = "******" error = "test exception, user does not exist to delete" self.assertRaisesRegex(Exception, error, rah._remove_user, user)
def test_remote_access_handler_run_error(self, _): mock_protocol = WireProtocol("foo.bar") mock_protocol.get_incarnation = MagicMock( side_effect=RemoteAccessError("foobar!")) rah = RemoteAccessHandler(mock_protocol) rah.os_util = MockOSUtil() rah.run() print(TestRemoteAccessHandler.eventing_data) check_message = "foobar!" self.assertTrue( check_message in TestRemoteAccessHandler.eventing_data[4], "expected message {0} not found in {1}".format( check_message, TestRemoteAccessHandler.eventing_data[4])) self.assertEqual(False, TestRemoteAccessHandler.eventing_data[2], "is_success is true")
def test_handle_new_user(self, _): rah = RemoteAccessHandler() rah.os_util = MockOSUtil() data_str = load_data('wire/remote_access_single_account.xml') remote_access = RemoteAccess(data_str) tstuser = remote_access.user_list.users[0].name expiration_date = datetime.utcnow() + timedelta(days=1) expiration = expiration_date.strftime("%a, %d %b %Y %H:%M:%S ") + "UTC" remote_access.user_list.users[0].expiration = expiration rah.remote_access = remote_access rah.handle_remote_access() users = get_user_dictionary(rah.os_util.get_users()) self.assertTrue(tstuser in users, "{0} missing from users".format(tstuser)) actual_user = users[tstuser] expected_expiration = (expiration_date + timedelta(days=1)).strftime("%Y-%m-%d") self.assertEqual(actual_user[7], expected_expiration) self.assertEqual(actual_user[4], "JIT_Account")
def test_handle_new_user(self, _): with patch("azurelinuxagent.ga.remoteaccess.get_osutil", return_value=MockOSUtil()): rah = RemoteAccessHandler(Mock()) data_str = load_data('wire/remote_access_single_account.xml') remote_access = RemoteAccess(data_str) tstuser = remote_access.user_list.users[0].name expiration_date = datetime.utcnow() + timedelta(days=1) expiration = expiration_date.strftime("%a, %d %b %Y %H:%M:%S ") + "UTC" remote_access.user_list.users[0].expiration = expiration rah._remote_access = remote_access # pylint: disable=protected-access rah._handle_remote_access() # pylint: disable=protected-access users = get_user_dictionary(rah._os_util.get_users()) # pylint: disable=protected-access self.assertTrue(tstuser in users, "{0} missing from users".format(tstuser)) actual_user = users[tstuser] expected_expiration = (expiration_date + timedelta(days=1)).strftime("%Y-%m-%d") self.assertEqual(actual_user[7], expected_expiration) self.assertEqual(actual_user[4], "JIT_Account")
def test_handle_remote_access_multiple_users_one_removed(self, _): with patch("azurelinuxagent.ga.remoteaccess.get_osutil", return_value=MockOSUtil()): rah = RemoteAccessHandler(Mock()) data_str = load_data('wire/remote_access_10_accounts.xml') remote_access = RemoteAccess(data_str) count = 0 for user in remote_access.user_list.users: count += 1 user.name = "tstuser{0}".format(count) expiration_date = datetime.utcnow() + timedelta(days=count) user.expiration = expiration_date.strftime( "%a, %d %b %Y %H:%M:%S ") + "UTC" rah._remote_access = remote_access rah._handle_remote_access() users = rah._os_util.get_users() self.assertEqual(10, len(users)) # now remove the user from RemoteAccess deleted_user = rah._remote_access.user_list.users[3] del rah._remote_access.user_list.users[3] rah._handle_remote_access() users = rah._os_util.get_users() self.assertTrue(deleted_user not in users, "{0} still in users".format(deleted_user)) self.assertEqual(9, len(users))
def test_add_user(self, _1, _2, _3): rah = RemoteAccessHandler() rah.os_util = MockOSUtil() tstpassword = "******" tstuser = "******" expiration_date = datetime.utcnow() + timedelta(days=1) pwd = tstpassword rah.add_user(tstuser, pwd, expiration_date) users = get_user_dictionary(rah.os_util.get_users()) self.assertTrue(tstuser in users, "{0} missing from users".format(tstuser)) actual_user = users[tstuser] expected_expiration = (expiration_date + timedelta(days=1)).strftime("%Y-%m-%d") self.assertEqual(actual_user[7], expected_expiration) self.assertEqual(actual_user[4], "JIT_Account") self.assertEqual(0, len(error_messages)) self.assertEqual(1, len(info_messages)) self.assertEqual(info_messages[0], "User '{0}' added successfully with expiration in {1}" .format(tstuser, expected_expiration))
def test_delete_user_does_not_exist(self, _1, _2): mock_os_util = MockOSUtil() testusr = "******" mock_os_util.all_users[testusr] = (testusr, None, None, None, None, None, None, None) rah = RemoteAccessHandler() rah.os_util = mock_os_util testuser = "******" test_message = "test message" rah.handle_failed_create(testuser, test_message) users = get_user_dictionary(rah.os_util.get_users()) self.assertEqual(1, len(users.keys())) self.assertTrue(testusr in users, "Expected user {0} missing".format(testusr)) self.assertEqual(2, len(error_messages)) self.assertEqual(0, len(info_messages)) self.assertEqual("Error creating user {0}. {1}".format(testuser, test_message), error_messages[0]) msg = "Failed to clean up after account creation for {0}. test exception, user does not exist to delete"\ .format(testuser) self.assertEqual(msg, error_messages[1])
def test_handle_remote_access_multiple_users(self, _): rah = RemoteAccessHandler() rah.os_util = MockOSUtil() data_str = load_data('wire/remote_access_two_accounts.xml') remote_access = RemoteAccess(data_str) testusers = [] count = 0 while count < 2: user = remote_access.user_list.users[count].name expiration_date = datetime.utcnow() + timedelta(days=count + 1) expiration = expiration_date.strftime("%a, %d %b %Y %H:%M:%S ") + "UTC" remote_access.user_list.users[count].expiration = expiration testusers.append(user) count += 1 rah.remote_access = remote_access rah.handle_remote_access() users = get_user_dictionary(rah.os_util.get_users()) self.assertTrue(testusers[0] in users, "{0} missing from users".format(testusers[0])) self.assertTrue(testusers[1] in users, "{0} missing from users".format(testusers[1]))
def test_handle_remote_access_multiple_users(self, _): with patch("azurelinuxagent.ga.remoteaccess.get_osutil", return_value=MockOSUtil()): rah = RemoteAccessHandler(Mock()) data_str = load_data('wire/remote_access_two_accounts.xml') remote_access = RemoteAccess(data_str) testusers = [] count = 0 while count < 2: user = remote_access.user_list.users[count].name expiration_date = datetime.utcnow() + timedelta(days=count + 1) expiration = expiration_date.strftime("%a, %d %b %Y %H:%M:%S ") + "UTC" remote_access.user_list.users[count].expiration = expiration testusers.append(user) count += 1 rah._remote_access = remote_access # pylint: disable=protected-access rah._handle_remote_access() # pylint: disable=protected-access users = get_user_dictionary(rah._os_util.get_users()) # pylint: disable=protected-access self.assertTrue(testusers[0] in users, "{0} missing from users".format(testusers[0])) self.assertTrue(testusers[1] in users, "{0} missing from users".format(testusers[1]))
def test_error_add_user(self): with patch("azurelinuxagent.ga.remoteaccess.get_osutil", return_value=MockOSUtil()): rah = RemoteAccessHandler(Mock()) tstuser = "******" expiration = datetime.utcnow() + timedelta(days=1) pwd = "bad password" error = r"\[CryptError\] Error decoding secret\nInner error: Incorrect padding" self.assertRaisesRegex(Exception, error, rah._add_user, tstuser, pwd, expiration) # pylint: disable=protected-access users = get_user_dictionary(rah._os_util.get_users()) # pylint: disable=protected-access self.assertEqual(0, len(users))
def test_add_user_bad_password_data(self, *_): with patch("azurelinuxagent.ga.remoteaccess.get_osutil", return_value=MockOSUtil()): rah = RemoteAccessHandler(Mock()) tstpassword = "" tstuser = "******" expiration = datetime.utcnow() + timedelta(days=1) pwd = tstpassword error = "test exception for bad password" self.assertRaisesRegex(Exception, error, rah._add_user, tstuser, pwd, expiration) # pylint: disable=protected-access self.assertEqual(0, len(rah._os_util.get_users())) # pylint: disable=protected-access
def test_add_user_bad_creation_data(self, *_): with patch("azurelinuxagent.ga.remoteaccess.get_osutil", return_value=MockOSUtil()): rah = RemoteAccessHandler(Mock()) tstpassword = "******" tstuser = "" expiration = datetime.utcnow() + timedelta(days=1) pwd = tstpassword error = "test exception for bad username" self.assertRaisesRegex(Exception, error, rah._add_user, tstuser, pwd, expiration) self.assertEqual(0, len(rah._os_util.get_users()))
def test_delete_user_does_not_exist(self, _1, _2): mock_os_util = MockOSUtil() testusr = "******" mock_os_util.all_users[testusr] = (testusr, None, None, None, None, None, None, None) rah = RemoteAccessHandler() rah.os_util = mock_os_util testuser = "******" test_message = "test message" rah.handle_failed_create(testuser, test_message) users = get_user_dictionary(rah.os_util.get_users()) self.assertEqual(1, len(users.keys())) self.assertTrue(testusr in users, "Expected user {0} missing".format(testusr)) self.assertEqual(2, len(error_messages)) self.assertEqual(0, len(info_messages)) self.assertEqual( "Error creating user {0}. {1}".format(testuser, test_message), error_messages[0]) msg = "Failed to clean up after account creation for {0}. test exception, user does not exist to delete"\ .format(testuser) self.assertEqual(msg, error_messages[1])
def test_add_user_already_existing(self, _): rah = RemoteAccessHandler() rah.os_util = MockOSUtil() tstpassword = "******" tstuser = "******" expiration_date = datetime.utcnow() + timedelta(days=1) pwd = tstpassword rah.add_user(tstuser, pwd, expiration_date) users = get_user_dictionary(rah.os_util.get_users()) self.assertTrue(tstuser in users, "{0} missing from users".format(tstuser)) self.assertEqual(1, len(users.keys())) actual_user = users[tstuser] self.assertEqual(actual_user[7], (expiration_date + timedelta(days=1)).strftime("%Y-%m-%d")) # add the new duplicate user, ensure it's not created and does not overwrite the existing user. # this does not test the user add function as that's mocked, it tests processing skips the remaining # calls after the initial failure new_user_expiration = datetime.utcnow() + timedelta(days=5) self.assertRaises(RemoteAccessError, rah.add_user, tstuser, pwd, new_user_expiration) # refresh users users = get_user_dictionary(rah.os_util.get_users()) self.assertTrue(tstuser in users, "{0} missing from users after dup user attempted".format(tstuser)) self.assertEqual(1, len(users.keys())) actual_user = users[tstuser] self.assertEqual(actual_user[7], (expiration_date + timedelta(days=1)).strftime("%Y-%m-%d"))
def test_remote_access_handler_run_bad_data(self, _1, _2, _3, _4, _5): rah = RemoteAccessHandler() rah.os_util = MockOSUtil() tstpassword = "******" tstuser = "******" expiration_date = datetime.utcnow() + timedelta(days=1) pwd = tstpassword rah.add_user(tstuser, pwd, expiration_date) users = get_user_dictionary(rah.os_util.get_users()) self.assertTrue(tstuser in users, "{0} missing from users".format(tstuser)) rah.run() self.assertTrue(tstuser in users, "{0} missing from users".format(tstuser))
def test_handle_remote_access_multiple_users_error_with_null_remote_access(self, _): rah = RemoteAccessHandler() rah.os_util = MockOSUtil() data_str = load_data('wire/remote_access_10_accounts.xml') remote_access = RemoteAccess(data_str) count = 0 for user in remote_access.user_list.users: count += 1 user.name = "tstuser{0}".format(count) expiration_date = datetime.utcnow() + timedelta(days=count) user.expiration = expiration_date.strftime("%a, %d %b %Y %H:%M:%S ") + "UTC" rah.remote_access = remote_access rah.handle_remote_access() users = rah.os_util.get_users() self.assertEqual(10, len(users)) # now remove the user from RemoteAccess rah.remote_access = None rah.handle_remote_access() users = rah.os_util.get_users() self.assertEqual(0, len(users))
def test_handle_remote_access_deleted_user_readded(self, _): rah = RemoteAccessHandler() rah.os_util = MockOSUtil() data_str = load_data('wire/remote_access_single_account.xml') remote_access = RemoteAccess(data_str) tstuser = remote_access.user_list.users[0].name expiration_date = datetime.utcnow() + timedelta(days=1) expiration = expiration_date.strftime("%a, %d %b %Y %H:%M:%S ") + "UTC" remote_access.user_list.users[0].expiration = expiration rah.remote_access = remote_access rah.handle_remote_access() users = get_user_dictionary(rah.os_util.get_users()) self.assertTrue(tstuser in users, "{0} missing from users".format(tstuser)) os_util = rah.os_util os_util.__class__ = MockOSUtil os_util.all_users.clear() # refresh users users = get_user_dictionary(rah.os_util.get_users()) self.assertTrue(tstuser not in users) rah.handle_remote_access() # refresh users users = get_user_dictionary(rah.os_util.get_users()) self.assertTrue(tstuser in users, "{0} missing from users".format(tstuser))
def test_delete_user(self, _1, _2, _3): rah = RemoteAccessHandler() rah.os_util = MockOSUtil() tstpassword = "******" tstuser = "******" expiration_date = datetime.utcnow() + timedelta(days=1) expected_expiration = (expiration_date + timedelta(days=1)).strftime("%Y-%m-%d") pwd = tstpassword rah.add_user(tstuser, pwd, expiration_date) users = get_user_dictionary(rah.os_util.get_users()) self.assertTrue(tstuser in users, "{0} missing from users".format(tstuser)) rah.delete_user(tstuser) # refresh users users = get_user_dictionary(rah.os_util.get_users()) self.assertFalse(tstuser in users) self.assertEqual(0, len(error_messages)) self.assertEqual(2, len(info_messages)) self.assertEqual("User '{0}' added successfully with expiration in {1}".format(tstuser, expected_expiration), info_messages[0]) self.assertEqual("User deleted {0}".format(tstuser), info_messages[1])
def test_handle_remote_access_remove_and_add(self, _): rah = RemoteAccessHandler() rah.os_util = MockOSUtil() data_str = load_data('wire/remote_access_10_accounts.xml') remote_access = RemoteAccess(data_str) count = 0 for user in remote_access.user_list.users: count += 1 user.name = "tstuser{0}".format(count) expiration_date = datetime.utcnow() + timedelta(days=count) user.expiration = expiration_date.strftime("%a, %d %b %Y %H:%M:%S ") + "UTC" rah.remote_access = remote_access rah.handle_remote_access() users = rah.os_util.get_users() self.assertEqual(10, len(users)) # now remove the user from RemoteAccess new_user = "******" deleted_user = rah.remote_access.user_list.users[3] rah.remote_access.user_list.users[3].name = new_user rah.handle_remote_access() users = rah.os_util.get_users() self.assertTrue(deleted_user not in users, "{0} still in users".format(deleted_user)) self.assertTrue(new_user in [u[0] for u in users], "user {0} not in users".format(new_user)) self.assertEqual(10, len(users))
def test_handle_remote_access_validate_jit_user_valid(self): rah = RemoteAccessHandler() comment = "JIT_Account" result = rah.validate_jit_user(comment) self.assertTrue(result, "Did not identify '{0}' as a JIT_Account".format(comment))
def test_remove_user_error(self): rah = RemoteAccessHandler() rah.os_util = MockOSUtil() error = "Failed to delete user {0}\nInner error: test exception, bad data".format("") self.assertRaisesRegex(RemoteAccessError, error, rah.remove_user, "")