diff options
author | Jacob Bednarz <jacob.bednarz@gmail.com> | 2018-06-19 16:04:17 -0600 |
---|---|---|
committer | Chad Smith <chad.smith@canonical.com> | 2018-06-19 16:04:17 -0600 |
commit | 4d69fb44a5607e16843537be26758893f2dd79be (patch) | |
tree | b30aba78a37957245a4ac1d368efb1181096933d /tests/unittests/test_distros | |
parent | 4ce6720104ec92d8d7c5aa993bf7ec405a2f53db (diff) | |
download | vyos-cloud-init-4d69fb44a5607e16843537be26758893f2dd79be.tar.gz vyos-cloud-init-4d69fb44a5607e16843537be26758893f2dd79be.zip |
Explicitly prevent `sudo` access for user module
To deny a user elevated access, you can omit the `sudo` key from the
`users` dictionary. This works fine however it's implicitly defined
based on defaults of `cloud-init`. If the project moves to have `sudo`
access allowed for all by default (quite unlikely but still possible)
this will catch a few people out.
This introduces the ability to define an explicit `sudo: False` in the
`users` dictionary and it will prevent `sudo` access. The behaviour is
identical to omitting the key.
LP: #1771468
Diffstat (limited to 'tests/unittests/test_distros')
-rw-r--r-- | tests/unittests/test_distros/test_create_users.py | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/tests/unittests/test_distros/test_create_users.py b/tests/unittests/test_distros/test_create_users.py index 5670904a..07176caa 100644 --- a/tests/unittests/test_distros/test_create_users.py +++ b/tests/unittests/test_distros/test_create_users.py @@ -145,4 +145,12 @@ class TestCreateUser(TestCase): mock.call(['passwd', '-l', user])] self.assertEqual(m_subp.call_args_list, expected) + def test_explicit_sudo_false(self, m_subp, m_is_snappy): + user = 'foouser' + self.dist.create_user(user, sudo=False) + self.assertEqual( + m_subp.call_args_list, + [self._useradd2call([user, '-m']), + mock.call(['passwd', '-l', user])]) + # vi: ts=4 expandtab |