From 5151c4767ab7229806d8167711075a234a1ed929 Mon Sep 17 00:00:00 2001 From: Jon Hadfield Date: Fri, 13 Jan 2017 16:24:43 +0000 Subject: [PATCH] provide ability to ignore changes to home dir and ssh keys. add tests. --- lib/creds/plan.py | 8 ++--- tests/test_plan.py | 77 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 81 insertions(+), 4 deletions(-) diff --git a/lib/creds/plan.py b/lib/creds/plan.py index 8bac3b2..78a78b9 100644 --- a/lib/creds/plan.py +++ b/lib/creds/plan.py @@ -21,7 +21,7 @@ def create_plan(existing_users=None, proposed_users=None, purge_undefined=None, protected_users (list): List of users' names that should not be evaluated as part of the plan creation process allow_non_unique_id (bool): Allow more than one user to have the same uid manage_home (bool): Create/remove users' home directories - manage_keys (bool): Add/update/remove users' keys + manage_keys (bool): Add/update/remove users' keys (manage_home must also be true) returns: list: Differences between discovered and proposed users with a @@ -83,7 +83,7 @@ def execute_plan(plan=None): elif action == 'add': command = generate_add_user_command(proposed_user=task.get('proposed_user'), manage_home=task['manage_home']) command_output = execute_command(command) - if task['proposed_user'].public_keys and task['manage_keys']: + if task['proposed_user'].public_keys and task['manage_home'] and task['manage_keys']: write_authorized_keys(task['proposed_user']) if task['proposed_user'].sudoers_entry: write_sudoers_entry(username=task['proposed_user'].name, @@ -97,7 +97,7 @@ def execute_plan(plan=None): if '_action' in k: action_count += 1 command_output = None - if task['manage_keys'] and action_count == 1 and 'public_keys_action' in result: + if task['manage_home'] and task['manage_keys'] and action_count == 1 and 'public_keys_action' in result: write_authorized_keys(task['proposed_user']) elif action_count == 1 and 'sudoers_entry_action' in result: write_sudoers_entry(username=task['proposed_user'].name, @@ -105,7 +105,7 @@ def execute_plan(plan=None): else: command = generate_modify_user_command(task=task) command_output = execute_command(command) - if task['manage_keys'] and result.get('public_keys_action'): + if task['manage_home'] and task['manage_keys'] and result.get('public_keys_action'): write_authorized_keys(task['proposed_user']) if result.get('sudoers_entry_action'): write_sudoers_entry(username=task['proposed_user'].name, diff --git a/tests/test_plan.py b/tests/test_plan.py index 8135065..840f566 100644 --- a/tests/test_plan.py +++ b/tests/test_plan.py @@ -3,6 +3,7 @@ from __future__ import (absolute_import, unicode_literals) import getpass +import os import shlex from creds.constants import (LINUX_CMD_USERADD, LINUX_CMD_USERDEL, @@ -26,6 +27,82 @@ CURRENT_USER = getpass.getuser() +def test_execute_plan_to_delete_user_ignoring_home(): + """ Delete a user and ensure their home dir is untouched """ + + delete_test_user_and_group() + pre_users = Users.from_passwd() + create_test_user() + plan = create_plan(existing_users=Users.from_passwd(), proposed_users=pre_users, purge_undefined=True, + manage_home=False, + protected_users=['travis', 'couchdb', 'ubuntu', 'nginx', 'hadfielj', 'vagrant', CURRENT_USER]) + execute_plan(plan=plan) + updated_users = Users.from_passwd() + print(updated_users) + updated_user = updated_users.describe_users(users_filter=dict(name='testuserx1234')) + assert len(updated_user) == 0 + assert os.path.exists('/home/testuserx1234') + delete_test_user_and_group() + + +def test_execute_plan_to_create_user_ignoring_home(): + """ Create a new user without creating home directory """ + + delete_test_user_and_group() + raw_public_key_2 = PUBLIC_KEYS[1].get('raw') + public_key_2 = PublicKey(raw=raw_public_key_2) + current_users = Users.from_passwd() + provided_users = Users() + provided_users.append( + User(name='testuserx1234', uid=59998, gid=1, gecos='test user gecos update', + shell='/bin/false', public_keys=[public_key_2], sudoers_entry='ALL=(ALL:ALL) ALL')) + plan = create_plan(existing_users=current_users, proposed_users=provided_users, manage_home=False, + protected_users=['travis', 'couchdb', 'ubuntu', 'nginx', 'hadfielj', 'vagrant', CURRENT_USER]) + assert plan[0]['proposed_user'].gecos == '\"test user gecos update\"' + execute_plan(plan=plan) + updated_users = Users.from_passwd() + updated_user = updated_users.describe_users(users_filter=dict(name='testuserx1234')) + assert len(updated_user) == 1 + assert updated_user[0].name == 'testuserx1234' + assert updated_user[0].uid == 59998 + assert updated_user[0].gid == 1 + assert updated_user[0].gecos == '\"test user gecos update\"' + assert updated_user[0].shell == '/bin/false' + assert not updated_user[0].public_keys + assert updated_user[0].sudoers_entry == 'ALL=(ALL:ALL) ALL' + assert not os.path.exists('/home/testuserx1234') + delete_test_user_and_group() + + +def test_execute_plan_to_update_existing_user_ignoring_keys(): + """ Create a new user without touching keys """ + + delete_test_user_and_group() + create_test_user() + raw_public_key_2 = PUBLIC_KEYS[1].get('raw') + public_key_2 = PublicKey(raw=raw_public_key_2) + current_users = Users.from_passwd() + provided_users = Users() + provided_users.append( + User(name='testuserx1234', uid=59998, gid=1, gecos='test user gecos update', + shell='/bin/false', public_keys=[public_key_2], sudoers_entry='ALL=(ALL:ALL) ALL')) + plan = create_plan(existing_users=current_users, proposed_users=provided_users, manage_keys=False, + protected_users=['travis', 'couchdb', 'ubuntu', 'nginx', 'hadfielj', 'vagrant', CURRENT_USER]) + assert plan[0]['proposed_user'].gecos == '\"test user gecos update\"' + execute_plan(plan=plan) + updated_users = Users.from_passwd() + updated_user = updated_users.describe_users(users_filter=dict(name='testuserx1234')) + assert len(updated_user) == 1 + assert updated_user[0].name == 'testuserx1234' + assert updated_user[0].uid == 59998 + assert updated_user[0].gid == 1 + assert updated_user[0].gecos == '\"test user gecos update\"' + assert updated_user[0].shell == '/bin/false' + assert not updated_user[0].public_keys + assert updated_user[0].sudoers_entry == 'ALL=(ALL:ALL) ALL' + delete_test_user_and_group() + + def test_execute_plan_to_update_existing_user(): """ Create a new user and then attempt to create another user with existing id """