Add linter

.flake8

@@ -0,0 +1,3 @@
+[flake8]
+max-line-length = 100
+ignore = F401, F403

.github/workflows/flake8.yml

@@ -0,0 +1,25 @@
+name: Linter
+
+on:
+  push:
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  flake:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Set up Python 3
+      uses: actions/setup-python@v2
+      with:
+        python-version: 3
+
+    - name: Install dependencies
+      run: python3 -m pip install flake8
+
+    - name: Running flake8
+      run: flake8

Graphical/local-user-graphical-login.py

@@ -120,8 +120,7 @@ def test_login_password(local_user):
         C. User is successfully logged into GNOME desktop environment
     """
     expected_log = (
-        r'.* pam_unix\(gdm-password:session\): session opened for user .*'
-        )
+        r'.* pam_unix\(gdm-password:session\): session opened for user .*')
 
     with Authselect(required=False), GUI() as gui:
         gui.click_on(local_user.username)

Graphical/local-user-lock-on-removal.py

@@ -138,11 +138,9 @@ def test_lockscreen_password(local_user, lock_on_removal):
         D. The screen is locked
         E. Screen is unlocked successfully
     """
-    with (
-        Authselect(required=False, lock_on_removal=lock_on_removal),
-        GUI() as gui,
-        local_user.card(insert=False) as card
-            ):
+    with (Authselect(required=False, lock_on_removal=lock_on_removal),
+          GUI() as gui,
+          local_user.card(insert=False) as card):
         gui.click_on(local_user.username)
         gui.kb_write(local_user.password)
         gui.kb_send('enter', wait_time=20)

Kerberos/test_kerberos_ssh_login.py

@@ -9,17 +9,18 @@
 def test_krb_user_ssh(ipa_user, user_shell):
     with Authselect(required=False), ipa_user.card(insert=True):
         user_shell.sendline(f"ssh -o StrictHostKeyChecking=no {ipa_user.username}@localhost")
-        user_shell.expect_exact(f"Password")
+        user_shell.expect_exact("Password")
         user_shell.sendline(ipa_user.password)
-        user_shell.sendline(f"whoami")
+        user_shell.sendline("whoami")
         user_shell.expect_exact(ipa_user.username)
 
 
 def test_krb_user_scp(ipa_user, user_shell):
     with Authselect(required=False), ipa_user.card(insert=True):
         user_shell.sendline('touch /tmp/scp_test_file')
         _, retcode = pexpect.run(
-            f'scp -o StrictHostKeyChecking=no /tmp/scp_test_file {ipa_user.username}@localhost:/tmp/scp_test_file_copied',
+            f'scp -o StrictHostKeyChecking=no '
+            f'/tmp/scp_test_file {ipa_user.username}@localhost:/tmp/scp_test_file_copied',
             events={'(?i)password': ipa_user.password + '\n'},
             # If we are prompted for password, enter ipa password + enter
             withexitstatus=1)
@@ -30,24 +31,25 @@ def test_krb_user_scp(ipa_user, user_shell):
 def test_krb_user_ssh_required(ipa_user, user_shell):
     with Authselect(required=True), ipa_user.card(insert=True):
         user_shell.sendline(f"ssh -o StrictHostKeyChecking=no {ipa_user.username}@localhost")
-        user_shell.expect_exact(f"Password")
+        user_shell.expect_exact("Password")
         user_shell.sendline(ipa_user.password)
         # When smart card is required, SSH will fail even if we provide
         # the correct password and will ask for password again.
-        user_shell.expect_exact(f"Password")  # Expect the second Password prompt.
+        user_shell.expect_exact("Password")  # Expect the second Password prompt.
         user_shell.sendcontrol('c')  # Send control-C to exit the prompt
 
 
 def test_krb_user_scp_required(ipa_user, user_shell):
     with Authselect(required=True), ipa_user.card(insert=True):
         user_shell.sendline('touch /tmp/scp_test_file1')
         user_shell.sendline(
-            f'scp -o StrictHostKeyChecking=no -o ConnectTimeout=5 /tmp/scp_test_file1 {ipa_user.username}@localhost:/tmp/scp_test_file_copied1')
-        user_shell.expect_exact(f"Password")
+            f'scp -o StrictHostKeyChecking=no -o ConnectTimeout=5 '
+            f'/tmp/scp_test_file1 {ipa_user.username}@localhost:/tmp/scp_test_file_copied1')
+        user_shell.expect_exact("Password")
         user_shell.sendline(ipa_user.password)
         # When smart card is required, SCP will fail even if we provide
         # the correct password and will ask for password again.
-        user_shell.expect_exact(f"Password")  # Expect the second Password prompt.
+        user_shell.expect_exact("Password")  # Expect the second Password prompt.
         user_shell.sendcontrol('c')  # Send control-C to exit the prompt
         assert not isfile('/tmp/scp_test_file_copied1')
 
@@ -60,11 +62,11 @@ def test_krb_change_passwd_ssh(ipa_user, user_shell, ipa_login):
             user_shell.expect(f"PIN for {ipa_user.username}", timeout=10)
             user_shell.sendline(ipa_user.pin)
         user_shell.sendline(f"ssh -o StrictHostKeyChecking=no {ipa_user.username}@localhost")
-        user_shell.expect_exact(f"Password")
+        user_shell.expect_exact("Password")
         user_shell.sendline(ipa_user.password)
-        user_shell.sendline(f"whoami")
+        user_shell.sendline("whoami")
         user_shell.expect_exact(ipa_user.username)
-        user_shell.sendline(f"passwd")
+        user_shell.sendline("passwd")
         user_shell.expect_exact(f"Changing password for user {ipa_user.username}.")
 
 
@@ -77,7 +79,7 @@ def test_different_user_ssh(ipa_user, base_user, user_shell):
             user_shell.expect(f"PIN for {ipa_user.username}", timeout=10)
             user_shell.sendline(ipa_user.pin)
             user_shell.sendline(f"ssh -o StrictHostKeyChecking=no {base_user.username}@localhost")
-            user_shell.expect_exact(f"Password")
+            user_shell.expect_exact("Password")
             user_shell.sendline(base_user.password)
-            user_shell.sendline(f"whoami")
+            user_shell.sendline("whoami")
             user_shell.expect_exact(base_user.username)

Kerberos/test_kerberos_user_change_password.py

@@ -6,9 +6,11 @@
 
 @pytest.mark.parametrize("required,insert,expect,secret",
                          [(False, False, "Password:", conftest.ipa_user.password),
-                          (False, True, f"PIN for {conftest.ipa_user.username}:", conftest.ipa_user.pin),
+                          (False, True, f"PIN for {conftest.ipa_user.username}: ",
+                           conftest.ipa_user.pin),
                           (True, False, "Password:", conftest.ipa_user.password),
-                          (True, True, f"PIN for {conftest.ipa_user.username}: ", conftest.ipa_user.pin)])
+                          (True, True, f"PIN for {conftest.ipa_user.username}: ",
+                           conftest.ipa_user.pin)])
 def test_kerberos_change_passwd(ipa_user, user_shell, required, insert, expect, secret):
     """Kerberos user tries to change it kerberos password after he is logged
     in to the system.

Kerberos/test_login_kerberos.py

@@ -139,7 +139,8 @@ def test_kerberos_user_sudo_wrong_password(ipa_user, user_shell):
             user_shell.expect("Sorry, try again.")
 
 
-def test_krb_user_sudo_correct_password_sc_required_no_sc(ipa_user, user_shell, allow_sudo_commands):
+def test_krb_user_sudo_correct_password_sc_required_no_sc(ipa_user,
+                                                          user_shell, allow_sudo_commands):
     with Authselect(required=True, sudo=True):
         with ipa_user.card(insert=True) as sc:
             output = pexpect.run("ls /", encoding="utf-8")

Local-user/test_local_user_login.py

@@ -89,7 +89,7 @@ def test_su_login_with_sc_wrong(local_user, user_shell, required):
             user_shell.sendline(cmd)
             user_shell.expect_exact(f"PIN for {local_user.username}:")
             user_shell.sendline("wrong")
-            user_shell.expect(f"su: Authentication failure")
+            user_shell.expect("su: Authentication failure")
 
 
 def test_gdm_login_sc_required(local_user, root_shell):
@@ -171,10 +171,11 @@ def test_su_login_without_sc(local_user, user_shell):
     with Authselect():
         cmd = f"su - {local_user.username} -c whoami"
         user_shell.sendline(cmd)
-        user_shell.expect_exact(f"Password:")
+        user_shell.expect_exact("Password:")
         user_shell.sendline(local_user.password)
         user_shell.expect_exact(local_user.username)
 
+
 @pytest.mark.parametrize(
     "required,lock_on_removal", [(True, True), (True, False), (False, True), (False, False),]
 )

Sanity/test_certs.py

@@ -38,7 +38,7 @@ def test_wrong_issuer_cert(local_user, sssd_db, user_shell, tmp_path):
         with local_user.card(insert=True):
             cmd = f'su {local_user.username} -c "whoami"'
             user_shell.sendline(cmd)
-            user_shell.expect_exact(f"Password:")
+            user_shell.expect_exact("Password:")
             user_shell.sendline(local_user.password)
             user_shell.expect_exact(local_user.username)
 

Sanity/test_sssd_conf.py

@@ -152,7 +152,8 @@ def test_matchrule_defined_for_other_user(local_user, sssd, user_shell):
             user_shell.expect(local_user.username)
 
 
-@pytest.mark.parametrize("rule", ["<SUBJECT>.*CN=testuser.*", f"<SUBJECT>.*UID={local_user_conftest.username}.*"])
+@pytest.mark.parametrize("rule", ["<SUBJECT>.*CN=testuser.*",
+                                  f"<SUBJECT>.*UID={local_user_conftest.username}.*"])
 def test_user_mismatch(local_user, sssd, user_shell, rule):
     """Test smart card login fail when sssd.conf do not contain user from
     the smart card (wrong user in matchrule)"""

Sanity/test_ttylogin.py

@@ -90,7 +90,7 @@ def test_login_without_sc(user):
     """
     with Authselect():
         login_shell = login_shell_factory(user.username)
-        login_shell.expect(f"Password:")
+        login_shell.expect("Password:")
         login_shell.sendline(user.password)
         login_shell.expect(user.username)
         login_shell.sendline("exit")
@@ -132,7 +132,7 @@ def test_login_without_sc_wrong(user):
     """
     with Authselect():
         login_shell = login_shell_factory(user.username)
-        login_shell.expect(f"Password:")
+        login_shell.expect("Password:")
         login_shell.sendline("wrong")
         login_shell.expect("Login incorrect")
         login_shell.sendline("exit")
@@ -260,9 +260,9 @@ def test_login_sc_required(user, lock_on_removal):
             login_shell.sendline("exit")
             login_shell.close()
 
+
 @pytest.mark.parametrize(
-        "required,lock_on_removal", [(True, True), (True, False), (False, True), (False, False),]
-    )
+    "required,lock_on_removal", [(True, True), (True, False), (False, True), (False, False),])
 def test_login_local_user_passwd(user, required, lock_on_removal):
     """Run 'passwd' command when smartcard login is enforced and after user is
     authenticated in with a smartcard.
@@ -306,6 +306,7 @@ def test_login_local_user_passwd(user, required, lock_on_removal):
             login_shell.sendline("passwd")
             login_shell.expect_exact(f"Changing password for user {user.username}.")
 
+
 @pytest.mark.parametrize(
     "required,lock_on_removal", [(True, True), (True, False), (False, True), (False, False),]
 )
@@ -356,6 +357,7 @@ def test_login_local_su_to_root(user, root_user, required, lock_on_removal):
             login_shell.sendline(root_user.password)
             login_shell.expect_exact("root")
 
+
 @pytest.mark.parametrize("required", [True, False])
 def test_login_kerberos_su_to_root(ipa_user, root_user, required):
     """Kerberos user tries to switch to the root user with root password after
@@ -386,4 +388,4 @@ def test_login_kerberos_su_to_root(ipa_user, root_user, required):
             login_shell.sendline('su - root -c "whoami"')
             login_shell.expect_exact("Password:")
             login_shell.sendline(root_user.password)
-            login_shell.expect_exact("root")
+            login_shell.expect_exact("root")

fixtures.py

@@ -23,24 +23,28 @@ def root_shell():
     shell.logfile = sys.stdout
     return shell
 
+
 @pytest.fixture(scope="function")
 def allow_sudo_commands(ipa_user):
     """
-    Modifying the IPA server's sudo rules to allow the test user to 
+    Modifying the IPA server's sudo rules to allow the test user to
     run sudo commands and restore the original state afterward.
     """
     logger = logging.getLogger()
 
-    run('ipa sudorule-add allow_sudo --hostcat=all --runasusercat=all --runasgroupcat=all --cmdcat=all'.split())
+    run('ipa sudorule-add allow_sudo --hostcat=all --runasusercat=all '
+        '--runasgroupcat=all --cmdcat=all'.split())
     run(f'ipa sudorule-add-user allow_sudo --user {ipa_user.username}'.split())
-    run("systemctl restart sssd".split(), sleep = 5)
+    run("systemctl restart sssd".split(), sleep=5)
     logger.debug("Checking that the sudo rule has been added (following command should succeed)")
     run('ipa sudorule-show allow_sudo'.split())
-    yield # running the test's code
+    yield   # running the test's code
     run('ipa sudorule-del allow_sudo'.split())
-    run("systemctl restart sssd".split(), sleep = 5)
-    logger.debug("Checking that the sudo rule has been removed (following command should exit with status 2)")
-    run('ipa sudorule-show allow_sudo'.split(), return_code = [2])
+    run("systemctl restart sssd".split(), sleep=5)
+    logger.debug("Checking that the sudo rule has been removed "
+                 "(following command should exit with status 2)")
+    run('ipa sudorule-show allow_sudo'.split(), return_code=[2])
+
 
 @pytest.fixture(scope="session")
 def root_user():