def test_realm_data_propagation(self, publisher):
"""Test that realm data changes propagate to realm join task."""
# We connect to the realm_changed signal and update the realm data holder
# in the realm join task when the signal is triggered.
realm1 = RealmData()
realm1.name = "domain.example.com"
realm1.discover_options = ["--client-software=sssd"]
realm1.discovered = False
self.security_interface.SetRealm(RealmData.to_structure(realm1))
realm_join_task_path = self.security_interface.JoinRealmWithTask()
# realm join - after task creation
obj = check_task_creation(realm_join_task_path, publisher,
RealmJoinTask)
assert obj.implementation._realm_data.discovered is False
assert obj.implementation._realm_data.name == "domain.example.com"
assert obj.implementation._realm_data.join_options == []
# change realm data and check the changes propagate to the realm join task
realm2 = RealmData()
realm2.name = "domain.example.com"
realm2.discover_options = ["--client-software=sssd"]
realm2.join_options = ["--one-time-password=password"]
realm2.discovered = True
self.security_interface.SetRealm(RealmData.to_structure(realm2))
# realm join - after realm data update
assert obj.implementation._realm_data.discovered is True
assert obj.implementation._realm_data.name == "domain.example.com"
assert obj.implementation._realm_data.join_options == [
"--one-time-password=password"
]
def realm_discover_failure_with_exception_test(self, execWithCapture):
"""Test the realm discover setup task - discovery failed with exception."""
execWithCapture.return_value = ""
execWithCapture.side_effect = OSError()
with tempfile.TemporaryDirectory() as sysroot:
os.makedirs(os.path.join(sysroot, "usr/bin"))
os.mknod(os.path.join(sysroot, "usr/bin/realm"))
self.assertTrue(os.path.exists(os.path.join(sysroot, "usr/bin/realm")))
realm_data = RealmData()
realm_data.name = "foo-domain"
realm_data.discover_options = ["--bar", "baz"]
task = RealmDiscoverTask(sysroot=sysroot, realm_data=realm_data)
new_realm_data = task.run()
# check if the realm command invocation looks right
execWithCapture.assert_called_once_with('realm',
['discover', '--verbose', '--bar', 'baz', 'foo-domain'],
filter_stderr=True)
# check if the results returned by the task look correct
self.assertFalse(new_realm_data.discovered)
# if realm discover invocation fails hard, we don't add realmd as a required package
self.assertListEqual(new_realm_data.required_packages, [])
def realm_discover_success_no_extra_packages_with_garbage_task_test(self, execWithCapture):
"""Test the realm discover setup task - success, no extra packages, garbage in output."""
execWithCapture.return_value = """foo-domain-discovered
stuff, stuff
stuff
dsdsd dadasd
"""
with tempfile.TemporaryDirectory() as sysroot:
os.makedirs(os.path.join(sysroot, "usr/bin"))
os.mknod(os.path.join(sysroot, "usr/bin/realm"))
self.assertTrue(os.path.exists(os.path.join(sysroot, "usr/bin/realm")))
realm_data = RealmData()
realm_data.name = "foo-domain"
realm_data.discover_options = ["--bar", "baz"]
task = RealmDiscoverTask(sysroot=sysroot, realm_data=realm_data)
new_realm_data = task.run()
# check if the realm command invocation looks right
execWithCapture.assert_called_once_with('realm',
['discover', '--verbose', '--bar', 'baz', 'foo-domain'],
filter_stderr=True)
# check if the results returned by the task look correct
self.assertTrue(new_realm_data.discovered)
self.assertListEqual(new_realm_data.required_packages, ["realmd"])
def test_realm_discover_failure(self, execWithCapture):
"""Test the realm discover setup task - discovery failed."""
execWithCapture.return_value = ""
with tempfile.TemporaryDirectory() as sysroot:
os.makedirs(os.path.join(sysroot, "usr/bin"))
os.mknod(os.path.join(sysroot, "usr/bin/realm"))
assert os.path.exists(os.path.join(sysroot, "usr/bin/realm"))
realm_data = RealmData()
realm_data.name = "foo-domain"
realm_data.discover_options = ["--bar", "baz"]
task = RealmDiscoverTask(sysroot=sysroot, realm_data=realm_data)
new_realm_data = task.run()
# check if the realm command invocation looks right
execWithCapture.assert_called_once_with(
'realm',
['discover', '--verbose', '--bar', 'baz', 'foo-domain'],
filter_stderr=True)
# check if the results returned by the task look correct
assert not new_realm_data.discovered
# if realm discover invocation fails to discover a realm, we still add realmd as a required package
assert new_realm_data.required_packages == ["realmd"]
def test_realm_discover_success_with_garbage_task(self, execWithCapture):
"""Test the realm discover setup task - success with garbage in output."""
execWithCapture.return_value = """foo-domain-discovered
stuff-foo
required-package:package-foo
required-package:package-bar
required-package:package-baz
required-package:
unrelatedstuff"""
with tempfile.TemporaryDirectory() as sysroot:
os.makedirs(os.path.join(sysroot, "usr/bin"))
os.mknod(os.path.join(sysroot, "usr/bin/realm"))
assert os.path.exists(os.path.join(sysroot, "usr/bin/realm"))
realm_data = RealmData()
realm_data.name = "foo-domain"
realm_data.discover_options = ["--bar", "baz"]
task = RealmDiscoverTask(sysroot=sysroot, realm_data=realm_data)
new_realm_data = task.run()
# check if the realm command invocation looks right
execWithCapture.assert_called_once_with(
'realm',
['discover', '--verbose', '--bar', 'baz', 'foo-domain'],
filter_stderr=True)
# check if the results returned by the task look correct
assert new_realm_data.discovered
assert new_realm_data.required_packages == [
"realmd", "package-foo", "package-bar", "package-baz"
]
def test_realmd_requirements(self):
"""Test that package requirements in realm data propagate correctly."""
realm = RealmData()
realm.name = "domain.example.com"
realm.discover_options = ["--client-software=sssd"]
realm.join_options = ["--one-time-password=password"]
realm.discovered = True
realm.required_packages = ["realmd", "foo", "bar"]
self.security_interface.SetRealm(RealmData.to_structure(realm))
# check that the teamd package is requested
assert self.security_interface.CollectRequirements() == [{
"type":
get_variant(Str, "package"),
"name":
get_variant(Str, "realmd"),
"reason":
get_variant(Str, "Needed to join a realm.")
}, {
"type":
get_variant(Str, "package"),
"name":
get_variant(Str, "foo"),
"reason":
get_variant(Str, "Needed to join a realm.")
}, {
"type":
get_variant(Str, "package"),
"name":
get_variant(Str, "bar"),
"reason":
get_variant(Str, "Needed to join a realm.")
}]
def test_install_with_tasks_configured(self, publisher):
"""Test install tasks - module in configured state."""
realm = RealmData()
realm.name = "domain.example.com"
realm.discover_options = ["--client-software=sssd"]
realm.join_options = ["--one-time-password=password"]
realm.discovered = True
authselect = ['select', 'sssd']
fingerprint = True
self.security_interface.SetRealm(RealmData.to_structure(realm))
self.security_interface.SetSELinux(SELINUX_PERMISSIVE)
self.security_interface.SetAuthselect(authselect)
self.security_interface.SetFingerprintAuthEnabled(fingerprint)
task_classes = [
ConfigureSELinuxTask,
ConfigureFingerprintAuthTask,
ConfigureAuthselectTask,
]
task_paths = self.security_interface.InstallWithTasks()
task_objs = check_task_creation_list(task_paths, publisher,
task_classes)
# ConfigureSELinuxTask
obj = task_objs[0]
assert obj.implementation._selinux_mode == SELinuxMode.PERMISSIVE
# ConfigureFingerprintAuthTask
obj = task_objs[1]
assert obj.implementation._fingerprint_auth_enabled == fingerprint
# ConfigureAuthselectTask
obj = task_objs[2]
assert obj.implementation._authselect_options == authselect
def install_with_tasks_configured_test(self, publisher):
"""Test install tasks - module in configured state."""
realm = RealmData()
realm.name = "domain.example.com"
realm.discover_options = ["--client-software=sssd"]
realm.join_options = ["--one-time-password=password"]
realm.discovered = True
self.security_interface.SetRealm(RealmData.to_structure(realm))
self.security_interface.SetSELinux(SELINUX_PERMISSIVE)
tasks = self.security_interface.InstallWithTasks()
selinux_task_path = tasks[0]
publisher.assert_called()
# SELinux configuration
object_path = publisher.call_args_list[0][0][0]
obj = publisher.call_args_list[0][0][1]
self.assertEqual(selinux_task_path, object_path)
self.assertIsInstance(obj, TaskInterface)
self.assertIsInstance(obj.implementation, ConfigureSELinuxTask)
self.assertEqual(obj.implementation._selinux_mode,
SELinuxMode.PERMISSIVE)
def test_realm_discover_configured(self, publisher):
"""Test module in configured state with realm discover task."""
realm = RealmData()
realm.name = "domain.example.com"
realm.discover_options = ["--client-software=sssd"]
self.security_interface.SetRealm(RealmData.to_structure(realm))
realm_discover_task_path = self.security_interface.DiscoverRealmWithTask()
obj = check_task_creation(realm_discover_task_path, publisher, RealmDiscoverTask)
assert obj.implementation._realm_data.name == "domain.example.com"
assert obj.implementation._realm_data.discover_options == ["--client-software=sssd"]
def test_realm_join_configured(self, publisher):
"""Test module in configured state with realm join task."""
realm = RealmData()
realm.name = "domain.example.com"
realm.discover_options = ["--client-software=sssd"]
realm.join_options = ["--one-time-password=password"]
realm.discovered = True
self.security_interface.SetRealm(RealmData.to_structure(realm))
realm_join_task_path = self.security_interface.JoinRealmWithTask()
obj = check_task_creation(realm_join_task_path, publisher, RealmJoinTask)
assert obj.implementation._realm_data.discovered is True
assert obj.implementation._realm_data.name == "domain.example.com"
assert obj.implementation._realm_data.join_options == ["--one-time-password=password"]
def process_kickstart(self, data):
"""Process the kickstart data."""
if data.selinux.selinux is not None:
self.set_selinux(SELinuxMode(data.selinux.selinux))
if data.authselect.authselect:
self.set_authselect(shlex.split(data.authselect.authselect))
if data.realm.join_realm:
realm = RealmData()
realm.name = data.realm.join_realm
realm.discover_options = data.realm.discover_options
realm.join_options = data.realm.join_args
self.set_realm(realm)
def test_realm_discover_no_realm_name(self, execWithCapture):
"""Test the realm discover setup task - no realm name."""
with tempfile.TemporaryDirectory() as sysroot:
os.makedirs(os.path.join(sysroot, "usr/bin"))
os.mknod(os.path.join(sysroot, "usr/bin/realm"))
assert os.path.exists(os.path.join(sysroot, "usr/bin/realm"))
realm_data = RealmData()
realm_data.name = ""
realm_data.discover_options = []
task = RealmDiscoverTask(sysroot=sysroot, realm_data=realm_data)
new_realm_data = task.run()
# check if the realm command invocation looks right
execWithCapture.assert_not_called()
# no realm name so it can not be discovered
assert not new_realm_data.discovered
# if realm can't be discovered, we can't join it so no extra packages are needed
assert new_realm_data.required_packages == []
