summaryrefslogtreecommitdiff
path: root/tests/unittests/test_distros/test_create_users.py
diff options
context:
space:
mode:
authorJacob Bednarz <jacob.bednarz@gmail.com>2018-06-19 16:04:17 -0600
committerChad Smith <chad.smith@canonical.com>2018-06-19 16:04:17 -0600
commit4d69fb44a5607e16843537be26758893f2dd79be (patch)
treeb30aba78a37957245a4ac1d368efb1181096933d /tests/unittests/test_distros/test_create_users.py
parent4ce6720104ec92d8d7c5aa993bf7ec405a2f53db (diff)
downloadvyos-cloud-init-4d69fb44a5607e16843537be26758893f2dd79be.tar.gz
vyos-cloud-init-4d69fb44a5607e16843537be26758893f2dd79be.zip
Explicitly prevent `sudo` access for user module
To deny a user elevated access, you can omit the `sudo` key from the `users` dictionary. This works fine however it's implicitly defined based on defaults of `cloud-init`. If the project moves to have `sudo` access allowed for all by default (quite unlikely but still possible) this will catch a few people out. This introduces the ability to define an explicit `sudo: False` in the `users` dictionary and it will prevent `sudo` access. The behaviour is identical to omitting the key. LP: #1771468
Diffstat (limited to 'tests/unittests/test_distros/test_create_users.py')
-rw-r--r--tests/unittests/test_distros/test_create_users.py8
1 files changed, 8 insertions, 0 deletions
diff --git a/tests/unittests/test_distros/test_create_users.py b/tests/unittests/test_distros/test_create_users.py
index 5670904a..07176caa 100644
--- a/tests/unittests/test_distros/test_create_users.py
+++ b/tests/unittests/test_distros/test_create_users.py
@@ -145,4 +145,12 @@ class TestCreateUser(TestCase):
mock.call(['passwd', '-l', user])]
self.assertEqual(m_subp.call_args_list, expected)
+ def test_explicit_sudo_false(self, m_subp, m_is_snappy):
+ user = 'foouser'
+ self.dist.create_user(user, sudo=False)
+ self.assertEqual(
+ m_subp.call_args_list,
+ [self._useradd2call([user, '-m']),
+ mock.call(['passwd', '-l', user])])
+
# vi: ts=4 expandtab