-
Notifications
You must be signed in to change notification settings - Fork 205
/
test_sudoers.py
73 lines (64 loc) · 2.76 KB
/
test_sudoers.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
import pytest
import doctest
from insights.parsers.sudoers import EtcSudoers
from insights.combiners.sudoers import Sudoers
from insights.combiners import sudoers
from insights.tests import context_wrap
SUDOERS = """
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d
""".strip()
SUDOERS_NO_INCLUDE = """
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
##includedir /etc/sudoers.d
""".strip()
SUDOERS_FM = """
foreman-proxy ALL = (root) NOPASSWD : /opt/puppetlabs/bin/puppet cert *
Defaults:foreman-proxy !requiretty
""".strip()
SUDOERS_WH = """
%wheel ALL=(ALL) ABC
Defaults:wheel !requiretty
""".strip()
SUDOERS_PATH1 = "/etc/sudoers"
SUDOERS_PATH2 = "/etc/sudoers.d/forman-proxy"
SUDOERS_PATH3 = "/etc/sudoers.d/test"
def test_sudoers():
sudo1 = EtcSudoers(context_wrap(SUDOERS, path=SUDOERS_PATH1))
sudo2 = EtcSudoers(context_wrap(SUDOERS_FM, path=SUDOERS_PATH2))
sudo3 = EtcSudoers(context_wrap(SUDOERS_WH, path=SUDOERS_PATH3))
sudo = Sudoers([sudo1, sudo2, sudo3])
assert len(sudo.lines) == 6
assert sudo.last("#includedir") == '#includedir /etc/sudoers.d'
assert len(sudo.get(['wheel', 'includedir'])) == 0
assert len(sudo.get(['wheel', 'includedir'], check=any)) == 4
assert sudo.last(['Defaults', 'includedir'], check=all) is None
assert len(sudo.get(['foreman-proxy', 'NOPASSWD'], check=all)) == 1
assert len(sudo.get(['foreman-proxy', 'NOPASSWD'], check=any)) == 2
wheel = sudo.get(['wheel', 'ALL=(ALL)'])
assert len(wheel) == 2
assert wheel[1] == '%wheel ALL=(ALL) ABC'
assert sudo.last("Defaults") == 'Defaults:wheel !requiretty'
assert sudo.data['/etc/sudoers'] == ['%wheel ALL=(ALL) ALL', '#includedir /etc/sudoers.d']
assert sudo.data['/etc/sudoers.d/test'] == ['%wheel ALL=(ALL) ABC', 'Defaults:wheel !requiretty']
with pytest.raises(TypeError):
sudo.get({})
def test_sudoers_no_includedir():
sudo1 = EtcSudoers(context_wrap(SUDOERS_NO_INCLUDE, path=SUDOERS_PATH1))
sudo2 = EtcSudoers(context_wrap(SUDOERS_FM, path=SUDOERS_PATH2))
sudo3 = EtcSudoers(context_wrap(SUDOERS_WH, path=SUDOERS_PATH3))
sudo = Sudoers([sudo1, sudo2, sudo3])
assert sudo.data['/etc/sudoers'] == ['%wheel ALL=(ALL) ALL']
assert len(sudo.lines) == 1
def test_doc_examples():
sudo1 = EtcSudoers(context_wrap(SUDOERS, path=SUDOERS_PATH1))
sudo2 = EtcSudoers(context_wrap(SUDOERS_FM, path=SUDOERS_PATH2))
env = {
'sudo': Sudoers([sudo1, sudo2])
}
failed, total = doctest.testmod(sudoers, globs=env)
assert failed == 0