def test_realm_data_propagation(self, publisher): """Test that realm data changes propagate to realm join task.""" # We connect to the realm_changed signal and update the realm data holder # in the realm join task when the signal is triggered. realm1 = RealmData() realm1.name = "domain.example.com" realm1.discover_options = ["--client-software=sssd"] realm1.discovered = False self.security_interface.SetRealm(RealmData.to_structure(realm1)) realm_join_task_path = self.security_interface.JoinRealmWithTask() # realm join - after task creation obj = check_task_creation(realm_join_task_path, publisher, RealmJoinTask) assert obj.implementation._realm_data.discovered is False assert obj.implementation._realm_data.name == "domain.example.com" assert obj.implementation._realm_data.join_options == [] # change realm data and check the changes propagate to the realm join task realm2 = RealmData() realm2.name = "domain.example.com" realm2.discover_options = ["--client-software=sssd"] realm2.join_options = ["--one-time-password=password"] realm2.discovered = True self.security_interface.SetRealm(RealmData.to_structure(realm2)) # realm join - after realm data update assert obj.implementation._realm_data.discovered is True assert obj.implementation._realm_data.name == "domain.example.com" assert obj.implementation._realm_data.join_options == [ "--one-time-password=password" ]
def realm_discover_failure_with_exception_test(self, execWithCapture): """Test the realm discover setup task - discovery failed with exception.""" execWithCapture.return_value = "" execWithCapture.side_effect = OSError() with tempfile.TemporaryDirectory() as sysroot: os.makedirs(os.path.join(sysroot, "usr/bin")) os.mknod(os.path.join(sysroot, "usr/bin/realm")) self.assertTrue(os.path.exists(os.path.join(sysroot, "usr/bin/realm"))) realm_data = RealmData() realm_data.name = "foo-domain" realm_data.discover_options = ["--bar", "baz"] task = RealmDiscoverTask(sysroot=sysroot, realm_data=realm_data) new_realm_data = task.run() # check if the realm command invocation looks right execWithCapture.assert_called_once_with('realm', ['discover', '--verbose', '--bar', 'baz', 'foo-domain'], filter_stderr=True) # check if the results returned by the task look correct self.assertFalse(new_realm_data.discovered) # if realm discover invocation fails hard, we don't add realmd as a required package self.assertListEqual(new_realm_data.required_packages, [])
def realm_discover_success_no_extra_packages_with_garbage_task_test(self, execWithCapture): """Test the realm discover setup task - success, no extra packages, garbage in output.""" execWithCapture.return_value = """foo-domain-discovered stuff, stuff stuff dsdsd dadasd """ with tempfile.TemporaryDirectory() as sysroot: os.makedirs(os.path.join(sysroot, "usr/bin")) os.mknod(os.path.join(sysroot, "usr/bin/realm")) self.assertTrue(os.path.exists(os.path.join(sysroot, "usr/bin/realm"))) realm_data = RealmData() realm_data.name = "foo-domain" realm_data.discover_options = ["--bar", "baz"] task = RealmDiscoverTask(sysroot=sysroot, realm_data=realm_data) new_realm_data = task.run() # check if the realm command invocation looks right execWithCapture.assert_called_once_with('realm', ['discover', '--verbose', '--bar', 'baz', 'foo-domain'], filter_stderr=True) # check if the results returned by the task look correct self.assertTrue(new_realm_data.discovered) self.assertListEqual(new_realm_data.required_packages, ["realmd"])
def test_realm_discover_failure(self, execWithCapture): """Test the realm discover setup task - discovery failed.""" execWithCapture.return_value = "" with tempfile.TemporaryDirectory() as sysroot: os.makedirs(os.path.join(sysroot, "usr/bin")) os.mknod(os.path.join(sysroot, "usr/bin/realm")) assert os.path.exists(os.path.join(sysroot, "usr/bin/realm")) realm_data = RealmData() realm_data.name = "foo-domain" realm_data.discover_options = ["--bar", "baz"] task = RealmDiscoverTask(sysroot=sysroot, realm_data=realm_data) new_realm_data = task.run() # check if the realm command invocation looks right execWithCapture.assert_called_once_with( 'realm', ['discover', '--verbose', '--bar', 'baz', 'foo-domain'], filter_stderr=True) # check if the results returned by the task look correct assert not new_realm_data.discovered # if realm discover invocation fails to discover a realm, we still add realmd as a required package assert new_realm_data.required_packages == ["realmd"]
def test_realm_discover_success_with_garbage_task(self, execWithCapture): """Test the realm discover setup task - success with garbage in output.""" execWithCapture.return_value = """foo-domain-discovered stuff-foo required-package:package-foo required-package:package-bar required-package:package-baz required-package: unrelatedstuff""" with tempfile.TemporaryDirectory() as sysroot: os.makedirs(os.path.join(sysroot, "usr/bin")) os.mknod(os.path.join(sysroot, "usr/bin/realm")) assert os.path.exists(os.path.join(sysroot, "usr/bin/realm")) realm_data = RealmData() realm_data.name = "foo-domain" realm_data.discover_options = ["--bar", "baz"] task = RealmDiscoverTask(sysroot=sysroot, realm_data=realm_data) new_realm_data = task.run() # check if the realm command invocation looks right execWithCapture.assert_called_once_with( 'realm', ['discover', '--verbose', '--bar', 'baz', 'foo-domain'], filter_stderr=True) # check if the results returned by the task look correct assert new_realm_data.discovered assert new_realm_data.required_packages == [ "realmd", "package-foo", "package-bar", "package-baz" ]
def test_realmd_requirements(self): """Test that package requirements in realm data propagate correctly.""" realm = RealmData() realm.name = "domain.example.com" realm.discover_options = ["--client-software=sssd"] realm.join_options = ["--one-time-password=password"] realm.discovered = True realm.required_packages = ["realmd", "foo", "bar"] self.security_interface.SetRealm(RealmData.to_structure(realm)) # check that the teamd package is requested assert self.security_interface.CollectRequirements() == [{ "type": get_variant(Str, "package"), "name": get_variant(Str, "realmd"), "reason": get_variant(Str, "Needed to join a realm.") }, { "type": get_variant(Str, "package"), "name": get_variant(Str, "foo"), "reason": get_variant(Str, "Needed to join a realm.") }, { "type": get_variant(Str, "package"), "name": get_variant(Str, "bar"), "reason": get_variant(Str, "Needed to join a realm.") }]
def test_install_with_tasks_configured(self, publisher): """Test install tasks - module in configured state.""" realm = RealmData() realm.name = "domain.example.com" realm.discover_options = ["--client-software=sssd"] realm.join_options = ["--one-time-password=password"] realm.discovered = True authselect = ['select', 'sssd'] fingerprint = True self.security_interface.SetRealm(RealmData.to_structure(realm)) self.security_interface.SetSELinux(SELINUX_PERMISSIVE) self.security_interface.SetAuthselect(authselect) self.security_interface.SetFingerprintAuthEnabled(fingerprint) task_classes = [ ConfigureSELinuxTask, ConfigureFingerprintAuthTask, ConfigureAuthselectTask, ] task_paths = self.security_interface.InstallWithTasks() task_objs = check_task_creation_list(task_paths, publisher, task_classes) # ConfigureSELinuxTask obj = task_objs[0] assert obj.implementation._selinux_mode == SELinuxMode.PERMISSIVE # ConfigureFingerprintAuthTask obj = task_objs[1] assert obj.implementation._fingerprint_auth_enabled == fingerprint # ConfigureAuthselectTask obj = task_objs[2] assert obj.implementation._authselect_options == authselect
def install_with_tasks_configured_test(self, publisher): """Test install tasks - module in configured state.""" realm = RealmData() realm.name = "domain.example.com" realm.discover_options = ["--client-software=sssd"] realm.join_options = ["--one-time-password=password"] realm.discovered = True self.security_interface.SetRealm(RealmData.to_structure(realm)) self.security_interface.SetSELinux(SELINUX_PERMISSIVE) tasks = self.security_interface.InstallWithTasks() selinux_task_path = tasks[0] publisher.assert_called() # SELinux configuration object_path = publisher.call_args_list[0][0][0] obj = publisher.call_args_list[0][0][1] self.assertEqual(selinux_task_path, object_path) self.assertIsInstance(obj, TaskInterface) self.assertIsInstance(obj.implementation, ConfigureSELinuxTask) self.assertEqual(obj.implementation._selinux_mode, SELinuxMode.PERMISSIVE)
def test_realm_discover_configured(self, publisher): """Test module in configured state with realm discover task.""" realm = RealmData() realm.name = "domain.example.com" realm.discover_options = ["--client-software=sssd"] self.security_interface.SetRealm(RealmData.to_structure(realm)) realm_discover_task_path = self.security_interface.DiscoverRealmWithTask() obj = check_task_creation(realm_discover_task_path, publisher, RealmDiscoverTask) assert obj.implementation._realm_data.name == "domain.example.com" assert obj.implementation._realm_data.discover_options == ["--client-software=sssd"]
def test_realm_join_configured(self, publisher): """Test module in configured state with realm join task.""" realm = RealmData() realm.name = "domain.example.com" realm.discover_options = ["--client-software=sssd"] realm.join_options = ["--one-time-password=password"] realm.discovered = True self.security_interface.SetRealm(RealmData.to_structure(realm)) realm_join_task_path = self.security_interface.JoinRealmWithTask() obj = check_task_creation(realm_join_task_path, publisher, RealmJoinTask) assert obj.implementation._realm_data.discovered is True assert obj.implementation._realm_data.name == "domain.example.com" assert obj.implementation._realm_data.join_options == ["--one-time-password=password"]
def process_kickstart(self, data): """Process the kickstart data.""" if data.selinux.selinux is not None: self.set_selinux(SELinuxMode(data.selinux.selinux)) if data.authselect.authselect: self.set_authselect(shlex.split(data.authselect.authselect)) if data.realm.join_realm: realm = RealmData() realm.name = data.realm.join_realm realm.discover_options = data.realm.discover_options realm.join_options = data.realm.join_args self.set_realm(realm)
def test_realm_discover_no_realm_name(self, execWithCapture): """Test the realm discover setup task - no realm name.""" with tempfile.TemporaryDirectory() as sysroot: os.makedirs(os.path.join(sysroot, "usr/bin")) os.mknod(os.path.join(sysroot, "usr/bin/realm")) assert os.path.exists(os.path.join(sysroot, "usr/bin/realm")) realm_data = RealmData() realm_data.name = "" realm_data.discover_options = [] task = RealmDiscoverTask(sysroot=sysroot, realm_data=realm_data) new_realm_data = task.run() # check if the realm command invocation looks right execWithCapture.assert_not_called() # no realm name so it can not be discovered assert not new_realm_data.discovered # if realm can't be discovered, we can't join it so no extra packages are needed assert new_realm_data.required_packages == []