From d1a1e7c68213b52ba679122f19ae84cc106310bf Mon Sep 17 00:00:00 2001 From: Marek Havrila Date: Mon, 6 Nov 2023 17:27:15 +0100 Subject: [PATCH] Add linter + fix formatting issues --- .flake8 | 3 ++ .github/workflows/flake8.yml | 25 +++++++++++++++++ Graphical/local-user-graphical-login.py | 3 +- Graphical/local-user-lock-on-removal.py | 8 ++---- Kerberos/test_kerberos_ssh_login.py | 28 ++++++++++--------- .../test_kerberos_user_change_password.py | 6 ++-- Kerberos/test_login_kerberos.py | 3 +- Local-user/test_local_user_login.py | 5 ++-- Sanity/test_certs.py | 2 +- Sanity/test_sssd_conf.py | 3 +- Sanity/test_ttylogin.py | 12 ++++---- fixtures.py | 18 +++++++----- 12 files changed, 77 insertions(+), 39 deletions(-) create mode 100644 .flake8 create mode 100644 .github/workflows/flake8.yml diff --git a/.flake8 b/.flake8 new file mode 100644 index 0000000..b14739a --- /dev/null +++ b/.flake8 @@ -0,0 +1,3 @@ +[flake8] +max-line-length = 100 +ignore = F401, F403 diff --git a/.github/workflows/flake8.yml b/.github/workflows/flake8.yml new file mode 100644 index 0000000..9e09123 --- /dev/null +++ b/.github/workflows/flake8.yml @@ -0,0 +1,25 @@ +name: Linter + +on: + push: + pull_request: + workflow_dispatch: + +jobs: + flake: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v2 + + - name: Set up Python 3 + uses: actions/setup-python@v2 + with: + python-version: 3 + + - name: Install dependencies + run: python3 -m pip install flake8 + + - name: Running flake8 + run: flake8 diff --git a/Graphical/local-user-graphical-login.py b/Graphical/local-user-graphical-login.py index 33b6c37..10c9581 100644 --- a/Graphical/local-user-graphical-login.py +++ b/Graphical/local-user-graphical-login.py @@ -120,8 +120,7 @@ def test_login_password(local_user): C. User is successfully logged into GNOME desktop environment """ expected_log = ( - r'.* pam_unix\(gdm-password:session\): session opened for user .*' - ) + r'.* pam_unix\(gdm-password:session\): session opened for user .*') with Authselect(required=False), GUI() as gui: gui.click_on(local_user.username) diff --git a/Graphical/local-user-lock-on-removal.py b/Graphical/local-user-lock-on-removal.py index b1fb501..df50bad 100644 --- a/Graphical/local-user-lock-on-removal.py +++ b/Graphical/local-user-lock-on-removal.py @@ -138,11 +138,9 @@ def test_lockscreen_password(local_user, lock_on_removal): D. The screen is locked E. Screen is unlocked successfully """ - with ( - Authselect(required=False, lock_on_removal=lock_on_removal), - GUI() as gui, - local_user.card(insert=False) as card - ): + with (Authselect(required=False, lock_on_removal=lock_on_removal), + GUI() as gui, + local_user.card(insert=False) as card): gui.click_on(local_user.username) gui.kb_write(local_user.password) gui.kb_send('enter', wait_time=20) diff --git a/Kerberos/test_kerberos_ssh_login.py b/Kerberos/test_kerberos_ssh_login.py index bd575c4..9fff902 100644 --- a/Kerberos/test_kerberos_ssh_login.py +++ b/Kerberos/test_kerberos_ssh_login.py @@ -9,9 +9,9 @@ def test_krb_user_ssh(ipa_user, user_shell): with Authselect(required=False), ipa_user.card(insert=True): user_shell.sendline(f"ssh -o StrictHostKeyChecking=no {ipa_user.username}@localhost") - user_shell.expect_exact(f"Password") + user_shell.expect_exact("Password") user_shell.sendline(ipa_user.password) - user_shell.sendline(f"whoami") + user_shell.sendline("whoami") user_shell.expect_exact(ipa_user.username) @@ -19,7 +19,8 @@ def test_krb_user_scp(ipa_user, user_shell): with Authselect(required=False), ipa_user.card(insert=True): user_shell.sendline('touch /tmp/scp_test_file') _, retcode = pexpect.run( - f'scp -o StrictHostKeyChecking=no /tmp/scp_test_file {ipa_user.username}@localhost:/tmp/scp_test_file_copied', + f'scp -o StrictHostKeyChecking=no ' + f'/tmp/scp_test_file {ipa_user.username}@localhost:/tmp/scp_test_file_copied', events={'(?i)password': ipa_user.password + '\n'}, # If we are prompted for password, enter ipa password + enter withexitstatus=1) @@ -30,11 +31,11 @@ def test_krb_user_scp(ipa_user, user_shell): def test_krb_user_ssh_required(ipa_user, user_shell): with Authselect(required=True), ipa_user.card(insert=True): user_shell.sendline(f"ssh -o StrictHostKeyChecking=no {ipa_user.username}@localhost") - user_shell.expect_exact(f"Password") + user_shell.expect_exact("Password") user_shell.sendline(ipa_user.password) # When smart card is required, SSH will fail even if we provide # the correct password and will ask for password again. - user_shell.expect_exact(f"Password") # Expect the second Password prompt. + user_shell.expect_exact("Password") # Expect the second Password prompt. user_shell.sendcontrol('c') # Send control-C to exit the prompt @@ -42,12 +43,13 @@ def test_krb_user_scp_required(ipa_user, user_shell): with Authselect(required=True), ipa_user.card(insert=True): user_shell.sendline('touch /tmp/scp_test_file1') user_shell.sendline( - f'scp -o StrictHostKeyChecking=no -o ConnectTimeout=5 /tmp/scp_test_file1 {ipa_user.username}@localhost:/tmp/scp_test_file_copied1') - user_shell.expect_exact(f"Password") + f'scp -o StrictHostKeyChecking=no -o ConnectTimeout=5 ' + f'/tmp/scp_test_file1 {ipa_user.username}@localhost:/tmp/scp_test_file_copied1') + user_shell.expect_exact("Password") user_shell.sendline(ipa_user.password) # When smart card is required, SCP will fail even if we provide # the correct password and will ask for password again. - user_shell.expect_exact(f"Password") # Expect the second Password prompt. + user_shell.expect_exact("Password") # Expect the second Password prompt. user_shell.sendcontrol('c') # Send control-C to exit the prompt assert not isfile('/tmp/scp_test_file_copied1') @@ -60,11 +62,11 @@ def test_krb_change_passwd_ssh(ipa_user, user_shell, ipa_login): user_shell.expect(f"PIN for {ipa_user.username}", timeout=10) user_shell.sendline(ipa_user.pin) user_shell.sendline(f"ssh -o StrictHostKeyChecking=no {ipa_user.username}@localhost") - user_shell.expect_exact(f"Password") + user_shell.expect_exact("Password") user_shell.sendline(ipa_user.password) - user_shell.sendline(f"whoami") + user_shell.sendline("whoami") user_shell.expect_exact(ipa_user.username) - user_shell.sendline(f"passwd") + user_shell.sendline("passwd") user_shell.expect_exact(f"Changing password for user {ipa_user.username}.") @@ -77,7 +79,7 @@ def test_different_user_ssh(ipa_user, base_user, user_shell): user_shell.expect(f"PIN for {ipa_user.username}", timeout=10) user_shell.sendline(ipa_user.pin) user_shell.sendline(f"ssh -o StrictHostKeyChecking=no {base_user.username}@localhost") - user_shell.expect_exact(f"Password") + user_shell.expect_exact("Password") user_shell.sendline(base_user.password) - user_shell.sendline(f"whoami") + user_shell.sendline("whoami") user_shell.expect_exact(base_user.username) diff --git a/Kerberos/test_kerberos_user_change_password.py b/Kerberos/test_kerberos_user_change_password.py index f6da4c4..c818f4b 100644 --- a/Kerberos/test_kerberos_user_change_password.py +++ b/Kerberos/test_kerberos_user_change_password.py @@ -6,9 +6,11 @@ @pytest.mark.parametrize("required,insert,expect,secret", [(False, False, "Password:", conftest.ipa_user.password), - (False, True, f"PIN for {conftest.ipa_user.username}:", conftest.ipa_user.pin), + (False, True, f"PIN for {conftest.ipa_user.username}: ", + conftest.ipa_user.pin), (True, False, "Password:", conftest.ipa_user.password), - (True, True, f"PIN for {conftest.ipa_user.username}: ", conftest.ipa_user.pin)]) + (True, True, f"PIN for {conftest.ipa_user.username}: ", + conftest.ipa_user.pin)]) def test_kerberos_change_passwd(ipa_user, user_shell, required, insert, expect, secret): """Kerberos user tries to change it kerberos password after he is logged in to the system. diff --git a/Kerberos/test_login_kerberos.py b/Kerberos/test_login_kerberos.py index e2b68a4..65baa2e 100644 --- a/Kerberos/test_login_kerberos.py +++ b/Kerberos/test_login_kerberos.py @@ -139,7 +139,8 @@ def test_kerberos_user_sudo_wrong_password(ipa_user, user_shell): user_shell.expect("Sorry, try again.") -def test_krb_user_sudo_correct_password_sc_required_no_sc(ipa_user, user_shell, allow_sudo_commands): +def test_krb_user_sudo_correct_password_sc_required_no_sc(ipa_user, + user_shell, allow_sudo_commands): with Authselect(required=True, sudo=True): with ipa_user.card(insert=True) as sc: output = pexpect.run("ls /", encoding="utf-8") diff --git a/Local-user/test_local_user_login.py b/Local-user/test_local_user_login.py index 564b3d3..3d26720 100644 --- a/Local-user/test_local_user_login.py +++ b/Local-user/test_local_user_login.py @@ -89,7 +89,7 @@ def test_su_login_with_sc_wrong(local_user, user_shell, required): user_shell.sendline(cmd) user_shell.expect_exact(f"PIN for {local_user.username}:") user_shell.sendline("wrong") - user_shell.expect(f"su: Authentication failure") + user_shell.expect("su: Authentication failure") def test_gdm_login_sc_required(local_user, root_shell): @@ -171,10 +171,11 @@ def test_su_login_without_sc(local_user, user_shell): with Authselect(): cmd = f"su - {local_user.username} -c whoami" user_shell.sendline(cmd) - user_shell.expect_exact(f"Password:") + user_shell.expect_exact("Password:") user_shell.sendline(local_user.password) user_shell.expect_exact(local_user.username) + @pytest.mark.parametrize( "required,lock_on_removal", [(True, True), (True, False), (False, True), (False, False),] ) diff --git a/Sanity/test_certs.py b/Sanity/test_certs.py index 7ed5f11..76cb0dd 100644 --- a/Sanity/test_certs.py +++ b/Sanity/test_certs.py @@ -38,7 +38,7 @@ def test_wrong_issuer_cert(local_user, sssd_db, user_shell, tmp_path): with local_user.card(insert=True): cmd = f'su {local_user.username} -c "whoami"' user_shell.sendline(cmd) - user_shell.expect_exact(f"Password:") + user_shell.expect_exact("Password:") user_shell.sendline(local_user.password) user_shell.expect_exact(local_user.username) diff --git a/Sanity/test_sssd_conf.py b/Sanity/test_sssd_conf.py index adfd429..2802f2e 100644 --- a/Sanity/test_sssd_conf.py +++ b/Sanity/test_sssd_conf.py @@ -152,7 +152,8 @@ def test_matchrule_defined_for_other_user(local_user, sssd, user_shell): user_shell.expect(local_user.username) -@pytest.mark.parametrize("rule", [".*CN=testuser.*", f".*UID={local_user_conftest.username}.*"]) +@pytest.mark.parametrize("rule", [".*CN=testuser.*", + f".*UID={local_user_conftest.username}.*"]) def test_user_mismatch(local_user, sssd, user_shell, rule): """Test smart card login fail when sssd.conf do not contain user from the smart card (wrong user in matchrule)""" diff --git a/Sanity/test_ttylogin.py b/Sanity/test_ttylogin.py index 5fb966b..f5269ea 100644 --- a/Sanity/test_ttylogin.py +++ b/Sanity/test_ttylogin.py @@ -90,7 +90,7 @@ def test_login_without_sc(user): """ with Authselect(): login_shell = login_shell_factory(user.username) - login_shell.expect(f"Password:") + login_shell.expect("Password:") login_shell.sendline(user.password) login_shell.expect(user.username) login_shell.sendline("exit") @@ -132,7 +132,7 @@ def test_login_without_sc_wrong(user): """ with Authselect(): login_shell = login_shell_factory(user.username) - login_shell.expect(f"Password:") + login_shell.expect("Password:") login_shell.sendline("wrong") login_shell.expect("Login incorrect") login_shell.sendline("exit") @@ -260,9 +260,9 @@ def test_login_sc_required(user, lock_on_removal): login_shell.sendline("exit") login_shell.close() + @pytest.mark.parametrize( - "required,lock_on_removal", [(True, True), (True, False), (False, True), (False, False),] - ) + "required,lock_on_removal", [(True, True), (True, False), (False, True), (False, False),]) def test_login_local_user_passwd(user, required, lock_on_removal): """Run 'passwd' command when smartcard login is enforced and after user is authenticated in with a smartcard. @@ -306,6 +306,7 @@ def test_login_local_user_passwd(user, required, lock_on_removal): login_shell.sendline("passwd") login_shell.expect_exact(f"Changing password for user {user.username}.") + @pytest.mark.parametrize( "required,lock_on_removal", [(True, True), (True, False), (False, True), (False, False),] ) @@ -356,6 +357,7 @@ def test_login_local_su_to_root(user, root_user, required, lock_on_removal): login_shell.sendline(root_user.password) login_shell.expect_exact("root") + @pytest.mark.parametrize("required", [True, False]) def test_login_kerberos_su_to_root(ipa_user, root_user, required): """Kerberos user tries to switch to the root user with root password after @@ -386,4 +388,4 @@ def test_login_kerberos_su_to_root(ipa_user, root_user, required): login_shell.sendline('su - root -c "whoami"') login_shell.expect_exact("Password:") login_shell.sendline(root_user.password) - login_shell.expect_exact("root") \ No newline at end of file + login_shell.expect_exact("root") diff --git a/fixtures.py b/fixtures.py index 5eecf68..55a867a 100644 --- a/fixtures.py +++ b/fixtures.py @@ -23,24 +23,28 @@ def root_shell(): shell.logfile = sys.stdout return shell + @pytest.fixture(scope="function") def allow_sudo_commands(ipa_user): """ - Modifying the IPA server's sudo rules to allow the test user to + Modifying the IPA server's sudo rules to allow the test user to run sudo commands and restore the original state afterward. """ logger = logging.getLogger() - run('ipa sudorule-add allow_sudo --hostcat=all --runasusercat=all --runasgroupcat=all --cmdcat=all'.split()) + run('ipa sudorule-add allow_sudo --hostcat=all --runasusercat=all ' + '--runasgroupcat=all --cmdcat=all'.split()) run(f'ipa sudorule-add-user allow_sudo --user {ipa_user.username}'.split()) - run("systemctl restart sssd".split(), sleep = 5) + run("systemctl restart sssd".split(), sleep=5) logger.debug("Checking that the sudo rule has been added (following command should succeed)") run('ipa sudorule-show allow_sudo'.split()) - yield # running the test's code + yield # running the test's code run('ipa sudorule-del allow_sudo'.split()) - run("systemctl restart sssd".split(), sleep = 5) - logger.debug("Checking that the sudo rule has been removed (following command should exit with status 2)") - run('ipa sudorule-show allow_sudo'.split(), return_code = [2]) + run("systemctl restart sssd".split(), sleep=5) + logger.debug("Checking that the sudo rule has been removed " + "(following command should exit with status 2)") + run('ipa sudorule-show allow_sudo'.split(), return_code=[2]) + @pytest.fixture(scope="session") def root_user():