ipautil.run: add test for runas parameter

Add a test for ipautil.run() method called with runas parameter.
The test is using ipautil.run() to execute /usr/bin/id and
checks that the uid/gid are consistent with the runas parameter.

Note that the test needs to be launched by the root user
(non-privileged user may not have the rights to execute ipautil.run()
with runas parameter).

Related to: https://pagure.io/freeipa/issue/7681

Reviewed-By: Rob Crittenden <rcritten@redhat.com>

ipatests/test_ipapython/test_ipautil.py

@@ -23,6 +23,8 @@ Test the `ipapython/ipautil.py` module.
 """
 from __future__ import absolute_import
 
+import os
+import pwd
 import socket
 import sys
 import tempfile
@@ -30,6 +32,7 @@ import tempfile
 import pytest
 import six
 
+from ipalib.constants import IPAAPI_USER
 from ipaplatform.paths import paths
 from ipapython import ipautil
 
@@ -513,6 +516,26 @@ def test_run_stderr():
     assert "message" not in str(cm.value.stderr)
 
 
+@pytest.mark.skipif(os.geteuid() != 0,
+                    reason="Must have root privileges to run this test")
+def test_run_runas():
+    """
+    Test run method with the runas parameter.
+    The test executes 'id' to make sure that the process is
+    executed with the user identity specified in runas parameter.
+    The test is using 'ipaapi' user as it is configured when
+    ipa-server-common package is installed.
+    """
+    user = pwd.getpwnam(IPAAPI_USER)
+    res = ipautil.run(['/usr/bin/id', '-u'], runas=IPAAPI_USER)
+    assert res.returncode == 0
+    assert res.raw_output == b'%d\n' % user.pw_uid
+
+    res = ipautil.run(['/usr/bin/id', '-g'], runas=IPAAPI_USER)
+    assert res.returncode == 0
+    assert res.raw_output == b'%d\n' % user.pw_gid
+
+
 @pytest.fixture(scope='function')
 def tcp_listen():
     s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)