mirror of
https://github.com/valitydev/salt.git
synced 2024-11-08 09:23:56 +00:00
3184168365
This PR is part of what will be an ongoing effort to use explicit unicode strings in Salt. Because Python 3 does not suport Python 2's raw unicode string syntax (i.e. `ur'\d+'`), we must use `salt.utils.locales.sdecode()` to ensure that the raw string is unicode. However, because of how `salt/utils/__init__.py` has evolved into the hulking monstrosity it is today, this means importing a large module in places where it is not needed, which could negatively impact performance. For this reason, this PR also breaks out some of the functions from `salt/utils/__init__.py` into new/existing modules under `salt/utils/`. The long term goal will be that the modules within this directory do not depend on importing `salt.utils`. A summary of the changes in this PR is as follows: * Moves the following functions from `salt.utils` to new locations (including a deprecation warning if invoked from `salt.utils`): `to_bytes`, `to_str`, `to_unicode`, `str_to_num`, `is_quoted`, `dequote`, `is_hex`, `is_bin_str`, `rand_string`, `contains_whitespace`, `clean_kwargs`, `invalid_kwargs`, `which`, `which_bin`, `path_join`, `shlex_split`, `rand_str`, `is_windows`, `is_proxy`, `is_linux`, `is_darwin`, `is_sunos`, `is_smartos`, `is_smartos_globalzone`, `is_smartos_zone`, `is_freebsd`, `is_netbsd`, `is_openbsd`, `is_aix` * Moves the functions already deprecated by @rallytime to the bottom of `salt/utils/__init__.py` for better organization, so we can keep the deprecated ones separate from the ones yet to be deprecated as we continue to break up `salt.utils` * Updates `salt/*.py` and all files under `salt/client/` to use explicit unicode string literals. * Gets rid of implicit imports of `salt.utils` (e.g. `from salt.utils import foo` becomes `import salt.utils.foo as foo`). * Renames the `test.rand_str` function to `test.random_hash` to more accurately reflect what it does * Modifies `salt.utils.stringutils.random()` (née `salt.utils.rand_string()`) such that it returns a string matching the passed size. Previously this function would get `size` bytes from `os.urandom()`, base64-encode it, and return the result, which would in most cases not be equal to the passed size.
137 lines
5.1 KiB
Python
137 lines
5.1 KiB
Python
# coding: utf-8
|
|
'''
|
|
Integration Tests for restcherry salt-api with pam eauth
|
|
'''
|
|
|
|
# Import Python libs
|
|
from __future__ import absolute_import
|
|
|
|
# Import test support libs
|
|
from tests.support.case import ModuleCase
|
|
from tests.support.unit import skipIf
|
|
from tests.support.helpers import destructiveTest, skip_if_not_root
|
|
import tests.support.cherrypy_testclasses as cptc
|
|
|
|
# Import Salt Libs
|
|
import salt.utils.platform
|
|
|
|
# Import 3rd-party libs
|
|
from salt.ext.six.moves.urllib.parse import urlencode # pylint: disable=no-name-in-module,import-error
|
|
if cptc.HAS_CHERRYPY:
|
|
import cherrypy
|
|
|
|
USERA = 'saltdev'
|
|
USERA_PWD = 'saltdev'
|
|
HASHED_USERA_PWD = '$6$SALTsalt$ZZFD90fKFWq8AGmmX0L3uBtS9fXL62SrTk5zcnQ6EkD6zoiM3kB88G1Zvs0xm/gZ7WXJRs5nsTBybUvGSqZkT.'
|
|
|
|
AUTH_CREDS = {
|
|
'username': USERA,
|
|
'password': USERA_PWD,
|
|
'eauth': 'pam'}
|
|
|
|
|
|
@skipIf(cptc.HAS_CHERRYPY is False, 'CherryPy not installed')
|
|
class TestAuthPAM(cptc.BaseRestCherryPyTest, ModuleCase):
|
|
'''
|
|
Test auth with pam using salt-api
|
|
'''
|
|
|
|
@destructiveTest
|
|
@skip_if_not_root
|
|
def setUp(self):
|
|
super(TestAuthPAM, self).setUp()
|
|
try:
|
|
add_user = self.run_function('user.add', [USERA], createhome=False)
|
|
add_pwd = self.run_function(
|
|
'shadow.set_password',
|
|
[
|
|
USERA,
|
|
USERA_PWD if salt.utils.platform.is_darwin() else HASHED_USERA_PWD
|
|
]
|
|
)
|
|
self.assertTrue(add_user)
|
|
self.assertTrue(add_pwd)
|
|
user_list = self.run_function('user.list_users')
|
|
self.assertIn(USERA, str(user_list))
|
|
except AssertionError:
|
|
self.run_function('user.delete', [USERA], remove=True)
|
|
self.skipTest(
|
|
'Could not add user or password, skipping test'
|
|
)
|
|
|
|
def test_bad_pwd_pam_chsh_service(self):
|
|
'''
|
|
Test login while specifying chsh service with bad passwd
|
|
This test ensures this PR is working correctly:
|
|
https://github.com/saltstack/salt/pull/31826
|
|
'''
|
|
copyauth_creds = AUTH_CREDS.copy()
|
|
copyauth_creds['service'] = 'chsh'
|
|
copyauth_creds['password'] = 'wrong_password'
|
|
body = urlencode(copyauth_creds)
|
|
request, response = self.request('/login', method='POST', body=body,
|
|
headers={
|
|
'content-type': 'application/x-www-form-urlencoded'
|
|
})
|
|
self.assertEqual(response.status, '401 Unauthorized')
|
|
|
|
def test_bad_pwd_pam_login_service(self):
|
|
'''
|
|
Test login while specifying login service with bad passwd
|
|
This test ensures this PR is working correctly:
|
|
https://github.com/saltstack/salt/pull/31826
|
|
'''
|
|
copyauth_creds = AUTH_CREDS.copy()
|
|
copyauth_creds['service'] = 'login'
|
|
copyauth_creds['password'] = 'wrong_password'
|
|
body = urlencode(copyauth_creds)
|
|
request, response = self.request('/login', method='POST', body=body,
|
|
headers={
|
|
'content-type': 'application/x-www-form-urlencoded'
|
|
})
|
|
self.assertEqual(response.status, '401 Unauthorized')
|
|
|
|
def test_good_pwd_pam_chsh_service(self):
|
|
'''
|
|
Test login while specifying chsh service with good passwd
|
|
This test ensures this PR is working correctly:
|
|
https://github.com/saltstack/salt/pull/31826
|
|
'''
|
|
copyauth_creds = AUTH_CREDS.copy()
|
|
copyauth_creds['service'] = 'chsh'
|
|
body = urlencode(copyauth_creds)
|
|
request, response = self.request('/login', method='POST', body=body,
|
|
headers={
|
|
'content-type': 'application/x-www-form-urlencoded'
|
|
})
|
|
self.assertEqual(response.status, '200 OK')
|
|
|
|
def test_good_pwd_pam_login_service(self):
|
|
'''
|
|
Test login while specifying login service with good passwd
|
|
This test ensures this PR is working correctly:
|
|
https://github.com/saltstack/salt/pull/31826
|
|
'''
|
|
copyauth_creds = AUTH_CREDS.copy()
|
|
copyauth_creds['service'] = 'login'
|
|
body = urlencode(copyauth_creds)
|
|
request, response = self.request('/login', method='POST', body=body,
|
|
headers={
|
|
'content-type': 'application/x-www-form-urlencoded'
|
|
})
|
|
self.assertEqual(response.status, '200 OK')
|
|
|
|
@destructiveTest
|
|
@skip_if_not_root
|
|
def tearDown(self):
|
|
'''
|
|
Clean up after tests. Delete user
|
|
'''
|
|
super(TestAuthPAM, self).tearDown()
|
|
user_list = self.run_function('user.list_users')
|
|
# Remove saltdev user
|
|
if USERA in user_list:
|
|
self.run_function('user.delete', [USERA], remove=True)
|
|
# need to exit cherypy engine
|
|
cherrypy.engine.exit()
|