def testGetMap(self):
"""that GetMap is calling the right GetFooMap routines."""
self.mox.StubOutWithMock(nss, 'GetPasswdMap')
nss.GetPasswdMap().AndReturn('TEST_PASSWORD')
self.mox.StubOutWithMock(nss, 'GetGroupMap')
nss.GetGroupMap().AndReturn('TEST_GROUP')
self.mox.StubOutWithMock(nss, 'GetShadowMap')
nss.GetShadowMap().AndReturn('TEST_SHADOW')
self.mox.ReplayAll()
self.assertEquals('TEST_PASSWORD', nss.GetMap(config.MAP_PASSWORD))
self.assertEquals('TEST_GROUP', nss.GetMap(config.MAP_GROUP))
self.assertEquals('TEST_SHADOW', nss.GetMap(config.MAP_SHADOW))
def testVerifyMapsException(self):
cache_mock = self.mox.CreateMock(caches.Cache)
cache_mock.GetMap().AndRaise(error.CacheNotFound)
self.mox.StubOutWithMock(cache_factory, 'Create')
cache_factory.Create(self.conf.options[config.MAP_PASSWORD].cache,
config.MAP_PASSWORD).AndReturn(cache_mock)
self.conf.maps = [config.MAP_PASSWORD]
self.mox.StubOutWithMock(nss, 'GetMap')
nss.GetMap(config.MAP_PASSWORD).AndReturn(self.small_map)
self.mox.ReplayAll()
c = command.Verify()
self.assertEquals(1, c.VerifyMaps(self.conf))
def testVerifyMapsSucceedsOnGoodMaps(self):
cache_mock = self.mox.CreateMock(caches.Cache)
cache_mock.GetMap().AndReturn(self.small_map)
self.mox.StubOutWithMock(cache_factory, 'Create')
cache_factory.Create(self.conf.options[config.MAP_PASSWORD].cache,
config.MAP_PASSWORD).AndReturn(cache_mock)
self.conf.maps = [config.MAP_PASSWORD]
self.mox.StubOutWithMock(nss, 'GetMap')
nss.GetMap(config.MAP_PASSWORD).AndReturn(self.big_map)
self.mox.ReplayAll()
c = command.Verify()
self.assertEqual(0, c.VerifyMaps(self.conf))
def VerifyMaps(self, conf):
"""Compare each configured map against data retrieved from NSS.
For each configured map, build a Map object from NSS and compare
it against a Map object retrieved directly from the cache. We
expect the cache Map to be a subset of the nss Map due to possible
inclusion of other NSS map types (e.g. files, nis, ldap, etc).
This could be done via series of get*nam calls, however at this
time it appears to be more efficient to grab them in bulk and use
the Map.__contains__() membership test.
Args:
conf: nss_cache.config.Config object
Returns:
count of failures when verifying
"""
retval = 0
for map_name in conf.maps:
self.log.info('Verifying map: %s.', map_name)
# The netgroup map does not have an enumerator,
# to test this we'd have to loop over the loaded cache map
# and verify each entry is retrievable via getent directly.
# TODO(blaed): apply fix from comment to allow for netgroup checking
if map_name == config.MAP_NETGROUP:
self.log.info(('The netgroup map does not support enumeration, '
'skipping.'))
continue
# Automount maps do not support getent, we'll have to come up with
# a good way to verify these.
if map_name == config.MAP_AUTOMOUNT:
self.log.info(('The automount map does not support enumeration, '
'skipping.'))
continue
try:
nss_map = nss.GetMap(map_name)
except error.UnsupportedMap:
self.log.warning('Verification of %s map is unsupported!', map_name)
continue
self.log.debug('built NSS map of %d entries', len(nss_map))
cache_options = conf.options[map_name].cache
cache = cache_factory.Create(cache_options, map_name)
try:
cache_map = cache.GetMap()
except error.CacheNotFound:
self.log.error('Cache missing!')
retval +=1
continue
self.log.debug('built cache map of %d entries', len(cache_map))
# cache_map is a subset of nss_map due to possible other maps,
# e.g. files, nis, ldap, etc.
missing_entries = 0
for map_entry in cache_map:
if map_entry not in nss_map:
self.log.info('The following entry is present in the cache '
'but not availible via NSS! %s', map_entry.name)
self.log.debug('missing entry data: %s', map_entry)
missing_entries += 1
if missing_entries > 0:
self.log.warning('Missing %d entries in %s map',
missing_entries, map_name)
retval +=1
return retval
