provide ability to ignore changes to home dir and ssh keys. add tests.

jonhadfield · Jan 13, 2017 · 5151c47 · 5151c47
1 parent 2fb02b4
commit 5151c47
Show file tree

Hide file tree

Showing 2 changed files with 81 additions and 4 deletions.
diff --git a/lib/creds/plan.py b/lib/creds/plan.py
@@ -21,7 +21,7 @@ def create_plan(existing_users=None, proposed_users=None, purge_undefined=None,
         protected_users (list): List of users' names that should not be evaluated as part of the plan creation process
         allow_non_unique_id (bool): Allow more than one user to have the same uid
         manage_home (bool): Create/remove users' home directories
-        manage_keys (bool): Add/update/remove users' keys
+        manage_keys (bool): Add/update/remove users' keys (manage_home must also be true)
 
     returns:
        list: Differences between discovered and proposed users with a
@@ -83,7 +83,7 @@ def execute_plan(plan=None):
         elif action == 'add':
             command = generate_add_user_command(proposed_user=task.get('proposed_user'), manage_home=task['manage_home'])
             command_output = execute_command(command)
-            if task['proposed_user'].public_keys and task['manage_keys']:
+            if task['proposed_user'].public_keys and task['manage_home'] and task['manage_keys']:
                 write_authorized_keys(task['proposed_user'])
             if task['proposed_user'].sudoers_entry:
                 write_sudoers_entry(username=task['proposed_user'].name,
@@ -97,15 +97,15 @@ def execute_plan(plan=None):
                 if '_action' in k:
                     action_count += 1
             command_output = None
-            if task['manage_keys'] and action_count == 1 and 'public_keys_action' in result:
+            if task['manage_home'] and task['manage_keys'] and action_count == 1 and 'public_keys_action' in result:
                 write_authorized_keys(task['proposed_user'])
             elif action_count == 1 and 'sudoers_entry_action' in result:
                 write_sudoers_entry(username=task['proposed_user'].name,
                                     sudoers_entry=task['user_comparison']['result']['replacement_sudoers_entry'])
             else:
                 command = generate_modify_user_command(task=task)
                 command_output = execute_command(command)
-                if task['manage_keys'] and result.get('public_keys_action'):
+                if task['manage_home'] and task['manage_keys'] and result.get('public_keys_action'):
                     write_authorized_keys(task['proposed_user'])
                 if result.get('sudoers_entry_action'):
                     write_sudoers_entry(username=task['proposed_user'].name,

diff --git a/tests/test_plan.py b/tests/test_plan.py
@@ -3,6 +3,7 @@
 from __future__ import (absolute_import, unicode_literals)
 
 import getpass
+import os
 import shlex
 
 from creds.constants import (LINUX_CMD_USERADD, LINUX_CMD_USERDEL,
@@ -26,6 +27,82 @@
 CURRENT_USER = getpass.getuser()
 
 
+def test_execute_plan_to_delete_user_ignoring_home():
+    """ Delete a user and ensure their home dir is untouched """
+
+    delete_test_user_and_group()
+    pre_users = Users.from_passwd()
+    create_test_user()
+    plan = create_plan(existing_users=Users.from_passwd(), proposed_users=pre_users, purge_undefined=True,
+                       manage_home=False,
+                       protected_users=['travis', 'couchdb', 'ubuntu', 'nginx', 'hadfielj', 'vagrant', CURRENT_USER])
+    execute_plan(plan=plan)
+    updated_users = Users.from_passwd()
+    print(updated_users)
+    updated_user = updated_users.describe_users(users_filter=dict(name='testuserx1234'))
+    assert len(updated_user) == 0
+    assert os.path.exists('/home/testuserx1234')
+    delete_test_user_and_group()
+
+
+def test_execute_plan_to_create_user_ignoring_home():
+    """ Create a new user without creating home directory """
+
+    delete_test_user_and_group()
+    raw_public_key_2 = PUBLIC_KEYS[1].get('raw')
+    public_key_2 = PublicKey(raw=raw_public_key_2)
+    current_users = Users.from_passwd()
+    provided_users = Users()
+    provided_users.append(
+        User(name='testuserx1234', uid=59998, gid=1, gecos='test user gecos update',
+             shell='/bin/false', public_keys=[public_key_2], sudoers_entry='ALL=(ALL:ALL) ALL'))
+    plan = create_plan(existing_users=current_users, proposed_users=provided_users, manage_home=False,
+                       protected_users=['travis', 'couchdb', 'ubuntu', 'nginx', 'hadfielj', 'vagrant', CURRENT_USER])
+    assert plan[0]['proposed_user'].gecos == '\"test user gecos update\"'
+    execute_plan(plan=plan)
+    updated_users = Users.from_passwd()
+    updated_user = updated_users.describe_users(users_filter=dict(name='testuserx1234'))
+    assert len(updated_user) == 1
+    assert updated_user[0].name == 'testuserx1234'
+    assert updated_user[0].uid == 59998
+    assert updated_user[0].gid == 1
+    assert updated_user[0].gecos == '\"test user gecos update\"'
+    assert updated_user[0].shell == '/bin/false'
+    assert not updated_user[0].public_keys
+    assert updated_user[0].sudoers_entry == 'ALL=(ALL:ALL) ALL'
+    assert not os.path.exists('/home/testuserx1234')
+    delete_test_user_and_group()
+
+
+def test_execute_plan_to_update_existing_user_ignoring_keys():
+    """ Create a new user without touching keys """
+
+    delete_test_user_and_group()
+    create_test_user()
+    raw_public_key_2 = PUBLIC_KEYS[1].get('raw')
+    public_key_2 = PublicKey(raw=raw_public_key_2)
+    current_users = Users.from_passwd()
+    provided_users = Users()
+    provided_users.append(
+        User(name='testuserx1234', uid=59998, gid=1, gecos='test user gecos update',
+             shell='/bin/false', public_keys=[public_key_2], sudoers_entry='ALL=(ALL:ALL) ALL'))
+    plan = create_plan(existing_users=current_users, proposed_users=provided_users, manage_keys=False,
+                       protected_users=['travis', 'couchdb', 'ubuntu', 'nginx', 'hadfielj', 'vagrant', CURRENT_USER])
+    assert plan[0]['proposed_user'].gecos == '\"test user gecos update\"'
+    execute_plan(plan=plan)
+    updated_users = Users.from_passwd()
+    updated_user = updated_users.describe_users(users_filter=dict(name='testuserx1234'))
+    assert len(updated_user) == 1
+    assert updated_user[0].name == 'testuserx1234'
+    assert updated_user[0].uid == 59998
+    assert updated_user[0].gid == 1
+    assert updated_user[0].gecos == '\"test user gecos update\"'
+    assert updated_user[0].shell == '/bin/false'
+    assert not updated_user[0].public_keys
+    assert updated_user[0].sudoers_entry == 'ALL=(ALL:ALL) ALL'
+    delete_test_user_and_group()
+
+
 def test_execute_plan_to_update_existing_user():
     """ Create a new user and then attempt to create another user with existing id """