Home Explore Help
Register Sign In
nee2c
/
salt
mirror of https://github.com/nee2c/salt.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: b95213ec90
Branches Tags
salt
/
tests
/
integration
/
netapi
/
rest_cherrypy
/
test_app_pam.py

test_app_pam.py 4.7 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139 
  1. # coding: utf-8
    2. 

  2. """
    3. 

  3. Integration Tests for restcherry salt-api with pam eauth
    4. 

  4. """
    5. 

  5. from __future__ import absolute_import
    6. 

  6. 

  7. import salt.utils.platform
    8. 

  8. import tests.support.cherrypy_testclasses as cptc
    9. 

  9. from salt.ext.six.moves.urllib.parse import (  # pylint: disable=no-name-in-module,import-error
    10. 

  10.     urlencode,
    11. 

  11. )
    12. 

  12. from tests.support.case import ModuleCase
    13. 

  13. from tests.support.helpers import destructiveTest, skip_if_not_root, slowTest
    14. 

  14. from tests.support.unit import skipIf
    15. 

  15. 

  16. if cptc.HAS_CHERRYPY:
    17. 

  17.     import cherrypy
    18. 

  18. 

  19. USERA = "saltdev"
    20. 

  20. USERA_PWD = "saltdev"
    21. 

  21. HASHED_USERA_PWD = "$6$SALTsalt$ZZFD90fKFWq8AGmmX0L3uBtS9fXL62SrTk5zcnQ6EkD6zoiM3kB88G1Zvs0xm/gZ7WXJRs5nsTBybUvGSqZkT."
    22. 

  22. 

  23. AUTH_CREDS = {"username": USERA, "password": USERA_PWD, "eauth": "pam"}
    24. 

  24. 

  25. 

  26. @skipIf(cptc.HAS_CHERRYPY is False, "CherryPy not installed")
    27. 

  27. class TestAuthPAM(cptc.BaseRestCherryPyTest, ModuleCase):
    28. 

  28.     """
    29. 

  29.     Test auth with pam using salt-api
    30. 

  30.     """
    31. 

  31. 

  32.     @destructiveTest
    33. 

  33.     @skip_if_not_root
    34. 

  34.     def setUp(self):
    35. 

  35.         super(TestAuthPAM, self).setUp()
    36. 

  36.         try:
    37. 

  37.             add_user = self.run_function("user.add", [USERA], createhome=False)
    38. 

  38.             add_pwd = self.run_function(
    39. 

  39.                 "shadow.set_password",
    40. 

  40.                 [
    41. 

  41.                     USERA,
    42. 

  42.                     USERA_PWD if salt.utils.platform.is_darwin() else HASHED_USERA_PWD,
    43. 

  43.                 ],
    44. 

  44.             )
    45. 

  45.             self.assertTrue(add_user)
    46. 

  46.             self.assertTrue(add_pwd)
    47. 

  47.             user_list = self.run_function("user.list_users")
    48. 

  48.             self.assertIn(USERA, str(user_list))
    49. 

  49.         except AssertionError:
    50. 

  50.             self.run_function("user.delete", [USERA], remove=True)
    51. 

  51.             self.skipTest("Could not add user or password, skipping test")
    52. 

  52. 

  53.     @slowTest
    54. 

  54.     def test_bad_pwd_pam_chsh_service(self):
    55. 

  55.         """
    56. 

  56.         Test login while specifying chsh service with bad passwd
    57. 

  57.         This test ensures this PR is working correctly:
    58. 

  58.         https://github.com/saltstack/salt/pull/31826
    59. 

  59.         """
    60. 

  60.         copyauth_creds = AUTH_CREDS.copy()
    61. 

  61.         copyauth_creds["service"] = "chsh"
    62. 

  62.         copyauth_creds["password"] = "wrong_password"
    63. 

  63.         body = urlencode(copyauth_creds)
    64. 

  64.         request, response = self.request(
    65. 

  65.             "/login",
    66. 

  66.             method="POST",
    67. 

  67.             body=body,
    68. 

  68.             headers={"content-type": "application/x-www-form-urlencoded"},
    69. 

  69.         )
    70. 

  70.         self.assertEqual(response.status, "401 Unauthorized")
    71. 

  71. 

  72.     @slowTest
    73. 

  73.     def test_bad_pwd_pam_login_service(self):
    74. 

  74.         """
    75. 

  75.         Test login while specifying login service with bad passwd
    76. 

  76.         This test ensures this PR is working correctly:
    77. 

  77.         https://github.com/saltstack/salt/pull/31826
    78. 

  78.        """
    79. 

  79.         copyauth_creds = AUTH_CREDS.copy()
    80. 

  80.         copyauth_creds["service"] = "login"
    81. 

  81.         copyauth_creds["password"] = "wrong_password"
    82. 

  82.         body = urlencode(copyauth_creds)
    83. 

  83.         request, response = self.request(
    84. 

  84.             "/login",
    85. 

  85.             method="POST",
    86. 

  86.             body=body,
    87. 

  87.             headers={"content-type": "application/x-www-form-urlencoded"},
    88. 

  88.         )
    89. 

  89.         self.assertEqual(response.status, "401 Unauthorized")
    90. 

  90. 

  91.     @slowTest
    92. 

  92.     def test_good_pwd_pam_chsh_service(self):
    93. 

  93.         """
    94. 

  94.         Test login while specifying chsh service with good passwd
    95. 

  95.         This test ensures this PR is working correctly:
    96. 

  96.         https://github.com/saltstack/salt/pull/31826
    97. 

  97.         """
    98. 

  98.         copyauth_creds = AUTH_CREDS.copy()
    99. 

  99.         copyauth_creds["service"] = "chsh"
    100. 

  100.         body = urlencode(copyauth_creds)
    101. 

  101.         request, response = self.request(
    102. 

  102.             "/login",
    103. 

  103.             method="POST",
    104. 

  104.             body=body,
    105. 

  105.             headers={"content-type": "application/x-www-form-urlencoded"},
    106. 

  106.         )
    107. 

  107.         self.assertEqual(response.status, "200 OK")
    108. 

  108. 

  109.     @slowTest
    110. 

  110.     def test_good_pwd_pam_login_service(self):
    111. 

  111.         """
    112. 

  112.         Test login while specifying login service with good passwd
    113. 

  113.         This test ensures this PR is working correctly:
    114. 

  114.         https://github.com/saltstack/salt/pull/31826
    115. 

  115.         """
    116. 

  116.         copyauth_creds = AUTH_CREDS.copy()
    117. 

  117.         copyauth_creds["service"] = "login"
    118. 

  118.         body = urlencode(copyauth_creds)
    119. 

  119.         request, response = self.request(
    120. 

  120.             "/login",
    121. 

  121.             method="POST",
    122. 

  122.             body=body,
    123. 

  123.             headers={"content-type": "application/x-www-form-urlencoded"},
    124. 

  124.         )
    125. 

  125.         self.assertEqual(response.status, "200 OK")
    126. 

  126. 

  127.     @destructiveTest
    128. 

  128.     @skip_if_not_root
    129. 

  129.     def tearDown(self):
    130. 

  130.         """
    131. 

  131.         Clean up after tests. Delete user
    132. 

  132.         """
    133. 

  133.         super(TestAuthPAM, self).tearDown()
    134. 

  134.         user_list = self.run_function("user.list_users")
    135. 

  135.         # Remove saltdev user
    136. 

  136.         if USERA in user_list:
    137. 

  137.             self.run_function("user.delete", [USERA], remove=True)
    138. 

  138.         # need to exit cherypy engine
    139. 

  139.         cherrypy.engine.exit()
    140.