# This file is part of cloud-init. See LICENSE file for license information.
from cloudinit.config import cc_users_groups
from cloudinit.tests.helpers import CiTestCase, mock
MODPATH = "cloudinit.config.cc_users_groups"
@mock.patch('cloudinit.distros.ubuntu.Distro.create_group')
@mock.patch('cloudinit.distros.ubuntu.Distro.create_user')
class TestHandleUsersGroups(CiTestCase):
"""Test cc_users_groups handling of config."""
with_logs = True
def test_handle_no_cfg_creates_no_users_or_groups(self, m_user, m_group):
"""Test handle with no config will not create users or groups."""
cfg = {} # merged cloud-config
# System config defines a default user for the distro.
sys_cfg = {'default_user': {'name': 'ubuntu', 'lock_passwd': True,
'groups': ['lxd', 'sudo'],
'shell': '/bin/bash'}}
metadata = {}
cloud = self.tmp_cloud(
distro='ubuntu', sys_cfg=sys_cfg, metadata=metadata)
cc_users_groups.handle('modulename', cfg, cloud, None, None)
m_user.assert_not_called()
m_group.assert_not_called()
def test_handle_users_in_cfg_calls_create_users(self, m_user, m_group):
"""When users in config, create users with distro.create_user."""
cfg = {'users': ['default', {'name': 'me2'}]} # merged cloud-config
# System config defines a default user for the distro.
sys_cfg = {'default_user': {'name': 'ubuntu', 'lock_passwd': True,
'groups': ['lxd', 'sudo'],
'shell': '/bin/bash'}}
metadata = {}
cloud = self.tmp_cloud(
distro='ubuntu', sys_cfg=sys_cfg, metadata=metadata)
cc_users_groups.handle('modulename', cfg, cloud, None, None)
self.assertCountEqual(
m_user.call_args_list,
[mock.call('ubuntu', groups='lxd,sudo', lock_passwd=True,
shell='/bin/bash'),
mock.call('me2', default=False)])
m_group.assert_not_called()
@mock.patch('cloudinit.distros.freebsd.Distro.create_group')
@mock.patch('cloudinit.distros.freebsd.Distro.create_user')
def test_handle_users_in_cfg_calls_create_users_on_bsd(
self,
m_fbsd_user,
m_fbsd_group,
m_linux_user,
m_linux_group,
):
"""When users in config, create users with freebsd.create_user."""
cfg = {'users': ['default', {'name': 'me2'}]} # merged cloud-config
# System config defines a default user for the distro.
sys_cfg = {'default_user': {'name': 'freebsd', 'lock_passwd': True,
'groups': ['wheel'],
'shell': '/bin/tcsh'}}
metadata = {}
cloud = self.tmp_cloud(
distro='freebsd', sys_cfg=sys_cfg, metadata=metadata)
cc_users_groups.handle('modulename', cfg, cloud, None, None)
self.assertCountEqual(
m_fbsd_user.call_args_list,
[mock.call('freebsd', groups='wheel', lock_passwd=True,
shell='/bin/tcsh'),
mock.call('me2', default=False)])
m_fbsd_group.assert_not_called()
m_linux_group.assert_not_called()
m_linux_user.assert_not_called()
def test_users_with_ssh_redirect_user_passes_keys(self, m_user, m_group):
"""When ssh_redirect_user is True pass default user and cloud keys."""
cfg = {
'users': ['default', {'name': 'me2', 'ssh_redirect_user': True}]}
# System config defines a default user for the distro.
sys_cfg = {'default_user': {'name': 'ubuntu', 'lock_passwd': True,
'groups': ['lxd', 'sudo'],
'shell': '/bin/bash'}}
metadata = {'public-keys': ['key1']}
cloud = self.tmp_cloud(
distro='ubuntu', sys_cfg=sys_cfg, metadata=metadata)
cc_users_groups.handle('modulename', cfg, cloud, None, None)
self.assertCountEqual(
m_user.call_args_list,
[mock.call('ubuntu', groups='lxd,sudo', lock_passwd=True,
shell='/bin/bash'),
mock.call('me2', cloud_public_ssh_keys=['key1'], default=False,
ssh_redirect_user='ubuntu')])
m_group.assert_not_called()
def test_users_with_ssh_redirect_user_default_str(self, m_user, m_group):
"""When ssh_redirect_user is 'default' pass default username."""
cfg = {
'users': ['default', {'name': 'me2',
'ssh_redirect_user': 'default'}]}
# System config defines a default user for the distro.
sys_cfg = {'default_user': {'name': 'ubuntu', 'lock_passwd': True,
'groups': ['lxd', 'sudo'],
'shell': '/bin/bash'}}
metadata = {'public-keys': ['key1']}
cloud = self.tmp_cloud(
distro='ubuntu', sys_cfg=sys_cfg, metadata=metadata)
cc_users_groups.handle('modulename', cfg, cloud, None, None)
self.assertCountEqual(
m_user.call_args_list,
[mock.call('ubuntu', groups='lxd,sudo', lock_passwd=True,
shell='/bin/bash'),
mock.call('me2', cloud_public_ssh_keys=['key1'], default=False,
ssh_redirect_user='ubuntu')])
m_group.assert_not_called()
def test_users_with_ssh_redirect_user_non_default(self, m_user, m_group):
"""Warn when ssh_redirect_user is not 'default'."""
cfg = {
'users': ['default', {'name': 'me2',
'ssh_redirect_user': 'snowflake'}]}
# System config defines a default user for the distro.
sys_cfg = {'default_user': {'name': 'ubuntu', 'lock_passwd': True,
'groups': ['lxd', 'sudo'],
'shell': '/bin/bash'}}
metadata = {'public-keys': ['key1']}
cloud = self.tmp_cloud(
distro='ubuntu', sys_cfg=sys_cfg, metadata=metadata)
with self.assertRaises(ValueError) as context_manager:
cc_users_groups.handle('modulename', cfg, cloud, None, None)
m_group.assert_not_called()
self.assertEqual(
'Not creating user me2. Invalid value of ssh_redirect_user:'
' snowflake. Expected values: true, default or false.',
str(context_manager.exception))
def test_users_with_ssh_redirect_user_default_false(self, m_user, m_group):
"""When unspecified ssh_redirect_user is false and not set up."""
cfg = {'users': ['default', {'name': 'me2'}]}
# System config defines a default user for the distro.
sys_cfg = {'default_user': {'name': 'ubuntu', 'lock_passwd': True,
'groups': ['lxd', 'sudo'],
'shell': '/bin/bash'}}
metadata = {'public-keys': ['key1']}
cloud = self.tmp_cloud(
distro='ubuntu', sys_cfg=sys_cfg, metadata=metadata)
cc_users_groups.handle('modulename', cfg, cloud, None, None)
self.assertCountEqual(
m_user.call_args_list,
[mock.call('ubuntu', groups='lxd,sudo', lock_passwd=True,
shell='/bin/bash'),
mock.call('me2', default=False)])
m_group.assert_not_called()
def test_users_ssh_redirect_user_and_no_default(self, m_user, m_group):
"""Warn when ssh_redirect_user is True and no default user present."""
cfg = {
'users': ['default', {'name': 'me2', 'ssh_redirect_user': True}]}
# System config defines *no* default user for the distro.
sys_cfg = {}
metadata = {} # no public-keys defined
cloud = self.tmp_cloud(
distro='ubuntu', sys_cfg=sys_cfg, metadata=metadata)
cc_users_groups.handle('modulename', cfg, cloud, None, None)
m_user.assert_called_once_with('me2', default=False)
m_group.assert_not_called()
self.assertEqual(
'WARNING: Ignoring ssh_redirect_user: True for me2. No'
' default_user defined. Perhaps missing'
' cloud configuration users: [default, ..].\n',
self.logs.getvalue())