tests: more work to standardize user accounts.

2018-04-16 18:35:13 +01:00 · 2018-04-16 18:35:13 +01:00 · ba8022424b
parent c2f94017c7
commit ba8022424b
6 changed files with 40 additions and 13 deletions
--- a/tests/README.md
+++ b/tests/README.md
@ -58,6 +58,20 @@ also by Ansible's `osx_setup.yml`.
    The login password is "has_sudo_nopw_password". It can sudo to root without
    supplying a password.

+`mitogen__pw_required`
+    The login password is "pw_required_password". When "sudo -u" is used to
+    target this account, its password must be entered rather than the login
+    user's password.
+
+`mitogen__require_tty`
+    The login password is "require_tty_password". When "sudo -u" is used to
+    target this account, the parent session requires a TTY.
+
+`mitogen__require_tty_pw_required`
+    The login password is "require_tty_pw_required_password". When "sudo -u" is
+    used to target this account, the parent session requires a TTY and the
+    account password must be entered.
+
 `mitogen__user1` .. `mitogen__user21`
    These accounts do not have passwords set. They exist to test the Ansible
    interpreter recycling logic.
--- a/tests/ansible/integration/become/sudo_password.yml
+++ b/tests/ansible/integration/become/sudo_password.yml
@ -43,7 +43,7 @@
      become_user: mitogen__pw_required
      register: out
      vars:
-        ansible_become_pass: mitogen__password
+        ansible_become_pass: pw_required_password

    - assert:
        that:
--- a/tests/ansible/integration/become/sudo_requiretty.yml
+++ b/tests/ansible/integration/become/sudo_requiretty.yml
@ -27,7 +27,7 @@
      become: true
      become_user: mitogen__require_tty_pw_required
      vars:
-        ansible_become_pass: mitogen__password
+        ansible_become_pass: require_tty_pw_required_password
      register: out
      when: is_mitogen

--- a/tests/ansible/osx_setup.yml
+++ b/tests/ansible/osx_setup.yml
@ -18,19 +18,19 @@

    - name: Create Mitogen test users
      user:
-        name: "{{item}}"
+        name: "mitogen__{{item}}"
        shell: /bin/bash
-        password: mitogen__password
+        password: "{{item}}_password"
      with_items:
-        - mitogen__require_tty
-        - mitogen__pw_required
-        - mitogen__require_tty_pw_required
+        - require_tty
+        - pw_required
+        - require_tty_pw_required

    - name: Create Mitogen test users
      user:
        name: "mitogen__user{{item}}"
        shell: /bin/bash
-        password: mitogen__password
+        password: "user{{item}}_password"
      with_sequence: start=1 end=21

    - name: Hide test users from login window.
--- a/tests/build_docker_images.py
+++ b/tests/build_docker_images.py
@ -24,27 +24,35 @@ FROM centos:7
 RUN yum clean all && \
    yum -y install -y python2.7 openssh-server sudo rsync git strace sudo && \
    yum clean all && \
-    groupadd sudo
+    groupadd sudo && \
+    ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key

 """

 DOCKERFILE = r"""
+COPY data/001-mitogen.sudo /etc/sudoers.d/001-mitogen
 RUN \
-    mkdir /var/run/sshd && \
-    echo '%mitogen__sudo_nopw ALL=(ALL:ALL) NOPASSWD:ALL' > /etc/sudoers.d/001-mitogen__sudo_nopw && \
+    mkdir -p /var/run/sshd && \
    echo i-am-mitogen-test-docker-image > /etc/sentinel && \
    groupadd mitogen__sudo_nopw && \
    useradd -s /bin/bash -m mitogen__has_sudo -G SUDO_GROUP && \
    useradd -s /bin/bash -m mitogen__has_sudo_pubkey -G SUDO_GROUP && \
    useradd -s /bin/bash -m mitogen__has_sudo_nopw -G mitogen__sudo_nopw && \
    useradd -s /bin/bash -m mitogen__webapp && \
+    useradd -s /bin/bash -m mitogen__pw_required && \
+    useradd -s /bin/bash -m mitogen__require_tty && \
+    useradd -s /bin/bash -m mitogen__require_tty_pw_required && \
+    { for i in `seq 1 21`; do useradd -s /bin/bash -m mitogen__user$i; done; } && \
    ( echo 'root:rootpassword' | chpasswd; ) && \
    ( echo 'mitogen__has_sudo:has_sudo_password' | chpasswd; ) && \
    ( echo 'mitogen__has_sudo_pubkey:has_sudo_pubkey_password' | chpasswd; ) && \
    ( echo 'mitogen__has_sudo_nopw:has_sudo_nopw_password' | chpasswd; ) && \
+    ( echo 'mitogen__webapp:webapp_password' | chpasswd; ) && \
+    ( echo 'mitogen__pw_required:pw_required_password' | chpasswd; ) && \
+    ( echo 'mitogen__require_tty:require_tty_password' | chpasswd; ) && \
+    ( echo 'mitogen__require_tty_pw_required:require_tty_pw_required_password' | chpasswd; ) && \
    mkdir ~mitogen__has_sudo_pubkey/.ssh && \
-    { echo '#!/bin/bash\nexec strace -ff -o /tmp/pywrap$$.trace python2.7 "$@"' > /usr/local/bin/pywrap; chmod +x /usr/local/bin/pywrap; } && \
-    { for i in `seq 1 21`; do useradd -s /bin/bash -m mitogen__user$i; done; }
+    { echo '#!/bin/bash\nexec strace -ff -o /tmp/pywrap$$.trace python2.7 "$@"' > /usr/local/bin/pywrap; chmod +x /usr/local/bin/pywrap; }

 COPY data/docker/mitogen__has_sudo_pubkey.key.pub /home/mitogen__has_sudo_pubkey/.ssh/authorized_keys
 RUN \
--- a/tests/data/001-mitogen.sudo
+++ b/tests/data/001-mitogen.sudo
@ -0,0 +1,5 @@
+Defaults>mitogen__pw_required targetpw
+Defaults>mitogen__require_tty requiretty
+Defaults>mitogen__require_tty_pw_required requiretty,targetpw
+
+%mitogen__sudo_nopw ALL=(ALL:ALL) NOPASSWD:ALL