From 79fb0cc6634c7ab76e8181d1c55ac92a123142d8 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Wed, 22 Aug 2018 10:23:10 +0200 Subject: [PATCH] ipautil.run: add test for runas parameter Add a test for ipautil.run() method called with runas parameter. The test is using ipautil.run() to execute /usr/bin/id and checks that the uid/gid are consistent with the runas parameter. Note that the test needs to be launched by the root user (non-privileged user may not have the rights to execute ipautil.run() with runas parameter). Related to: https://pagure.io/freeipa/issue/7681 Reviewed-By: Rob Crittenden --- ipatests/test_ipapython/test_ipautil.py | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/ipatests/test_ipapython/test_ipautil.py b/ipatests/test_ipapython/test_ipautil.py index abed9a694..a9c00d70a 100644 --- a/ipatests/test_ipapython/test_ipautil.py +++ b/ipatests/test_ipapython/test_ipautil.py @@ -23,6 +23,8 @@ Test the `ipapython/ipautil.py` module. """ from __future__ import absolute_import +import os +import pwd import socket import sys import tempfile @@ -30,6 +32,7 @@ import tempfile import pytest import six +from ipalib.constants import IPAAPI_USER from ipaplatform.paths import paths from ipapython import ipautil @@ -513,6 +516,26 @@ def test_run_stderr(): assert "message" not in str(cm.value.stderr) +@pytest.mark.skipif(os.geteuid() != 0, + reason="Must have root privileges to run this test") +def test_run_runas(): + """ + Test run method with the runas parameter. + The test executes 'id' to make sure that the process is + executed with the user identity specified in runas parameter. + The test is using 'ipaapi' user as it is configured when + ipa-server-common package is installed. + """ + user = pwd.getpwnam(IPAAPI_USER) + res = ipautil.run(['/usr/bin/id', '-u'], runas=IPAAPI_USER) + assert res.returncode == 0 + assert res.raw_output == b'%d\n' % user.pw_uid + + res = ipautil.run(['/usr/bin/id', '-g'], runas=IPAAPI_USER) + assert res.returncode == 0 + assert res.raw_output == b'%d\n' % user.pw_gid + + @pytest.fixture(scope='function') def tcp_listen(): s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)