1
0

test_auth.py 3.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138
  1. # -*- coding: utf-8 -*-
  2. """
  3. tests.integration.shell.auth
  4. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  5. """
  6. from __future__ import absolute_import, print_function, unicode_literals
  7. import logging
  8. # Import 3rd-party libs
  9. import pytest
  10. # Import Salt libs
  11. import salt.utils.platform
  12. log = logging.getLogger(__name__)
  13. USERA = "saltdev-auth"
  14. USERA_PWD = "saltdev"
  15. HASHED_USERA_PWD = "$6$SALTsalt$ZZFD90fKFWq8AGmmX0L3uBtS9fXL62SrTk5zcnQ6EkD6zoiM3kB88G1Zvs0xm/gZ7WXJRs5nsTBybUvGSqZkT."
  16. @pytest.fixture(scope="module")
  17. def saltdev_account(sminion):
  18. try:
  19. assert sminion.functions.user.add(USERA, createhome=False)
  20. assert sminion.functions.shadow.set_password(
  21. USERA, USERA_PWD if salt.utils.platform.is_darwin() else HASHED_USERA_PWD
  22. )
  23. assert USERA in sminion.functions.user.list_users()
  24. # Run tests
  25. yield
  26. finally:
  27. sminion.functions.user.delete(USERA, remove=True)
  28. SALTOPS = "saltops"
  29. @pytest.fixture(scope="module")
  30. def saltops_group(sminion):
  31. try:
  32. assert sminion.functions.group.add(SALTOPS)
  33. # Run tests
  34. yield
  35. finally:
  36. sminion.functions.group.delete(SALTOPS)
  37. USERB = "saltdev-adm"
  38. USERB_PWD = USERA_PWD
  39. HASHED_USERB_PWD = HASHED_USERA_PWD
  40. @pytest.fixture(scope="module")
  41. def saltadm_account(sminion, saltops_group):
  42. try:
  43. assert sminion.functions.user.add(USERB, groups=[SALTOPS], createhome=False)
  44. assert sminion.functions.shadow.set_password(
  45. USERB, USERB_PWD if salt.utils.platform.is_darwin() else HASHED_USERB_PWD
  46. )
  47. assert USERB in sminion.functions.user.list_users()
  48. # Run tests
  49. yield
  50. finally:
  51. sminion.functions.user.delete(USERB, remove=True)
  52. @pytest.mark.skip_if_not_root
  53. @pytest.mark.destructive_test
  54. @pytest.mark.skip_on_windows
  55. class TestUserAuth(object):
  56. """
  57. Test user auth mechanisms
  58. """
  59. def test_pam_auth_valid_user(self, salt_cli, saltdev_account):
  60. """
  61. test that pam auth mechanism works with a valid user
  62. """
  63. # test user auth against pam
  64. ret = salt_cli.run(
  65. "-a",
  66. "pam",
  67. "--username",
  68. USERA,
  69. "--password",
  70. USERA_PWD,
  71. "test.ping",
  72. minion_tgt="minion",
  73. )
  74. assert ret.exitcode == 0
  75. assert ret.json is True
  76. def test_pam_auth_invalid_user(self, salt_cli, saltdev_account):
  77. """
  78. test pam auth mechanism errors for an invalid user
  79. """
  80. ret = salt_cli.run(
  81. "-a",
  82. "pam",
  83. "--username",
  84. "nouser",
  85. "--password",
  86. "1234",
  87. "test.ping",
  88. minion_tgt="minion",
  89. )
  90. assert ret.stdout == "Authentication error occurred."
  91. @pytest.mark.skip_if_not_root
  92. @pytest.mark.destructive_test
  93. class TestGroupAuth(object):
  94. """
  95. Test group auth mechanisms
  96. """
  97. def test_pam_auth_valid_group(self, salt_cli, saltadm_account):
  98. """
  99. test that pam auth mechanism works for a valid group
  100. """
  101. # test group auth against pam: saltadm is not configured in
  102. # external_auth, but saltops is and saldadm is a member of saltops
  103. ret = salt_cli.run(
  104. "-a",
  105. "pam",
  106. "--username",
  107. USERB,
  108. "--password",
  109. USERB_PWD,
  110. "test.ping",
  111. minion_tgt="minion",
  112. )
  113. assert ret.exitcode == 0
  114. assert ret.json is True