commit 013b9a853bbfb7ba00a88e49e48f8df4730b10ff · tjh.dev/nixpkgs

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

fork atom

Merge pull request #74076 from filalex77/nixosTests.sudo-python

nixosTests.sudo: port to python

authored by Florian Klink and committed by GitHub 6 years ago 013b9a85 2b2a7e81

+21 -31

1 changed file

expand all

unified split

nixos

tests

sudo.nix

+21 -31

nixos/tests/sudo.nix

··· 4 password = "helloworld"; 5 6 in 7 - import ./make-test.nix ({ pkgs, ...} : { 8 name = "sudo"; 9 meta = with pkgs.stdenv.lib.maintainers; { 10 maintainers = [ lschuermann ]; ··· 50 51 testScript = 52 '' 53 - subtest "users in wheel group should have passwordless sudo", sub { 54 - $machine->succeed("su - test0 -c \"sudo -u root true\""); 55 - }; 56 57 - subtest "test1 user should have sudo with password", sub { 58 - $machine->succeed("su - test1 -c \"echo ${password} | sudo -S -u root true\""); 59 - }; 60 61 - subtest "test1 user should not be able to use sudo without password", sub { 62 - $machine->fail("su - test1 -c \"sudo -n -u root true\""); 63 - }; 64 65 - subtest "users in group 'foobar' should be able to use sudo with password", sub { 66 - $machine->succeed("sudo -u test2 echo ${password} | sudo -S -u root true"); 67 - }; 68 69 - subtest "users in group 'barfoo' should be able to use sudo without password", sub { 70 - $machine->succeed("sudo -u test3 sudo -n -u root true"); 71 - }; 72 73 - subtest "users in group 'baz' (GID 1337) should be able to use sudo without password", sub { 74 - $machine->succeed("sudo -u test4 sudo -n -u root echo true"); 75 - }; 76 77 - subtest "test5 user should be able to run commands under test1", sub { 78 - $machine->succeed("sudo -u test5 sudo -n -u test1 true"); 79 - }; 80 81 - subtest "test5 user should not be able to run commands under root", sub { 82 - $machine->fail("sudo -u test5 sudo -n -u root true"); 83 - }; 84 85 - subtest "test5 user should be able to keep his environment", sub { 86 - $machine->succeed("sudo -u test5 sudo -n -E -u test1 true"); 87 - }; 88 89 - subtest "users in group 'barfoo' should not be able to keep their environment", sub { 90 - $machine->fail("sudo -u test3 sudo -n -E -u root true"); 91 - }; 92 ''; 93 })

··· 4 password = "helloworld"; 5 6 in 7 + import ./make-test-python.nix ({ pkgs, ...} : { 8 name = "sudo"; 9 meta = with pkgs.stdenv.lib.maintainers; { 10 maintainers = [ lschuermann ]; ··· 50 51 testScript = 52 '' 53 + with subtest("users in wheel group should have passwordless sudo"): 54 + machine.succeed('su - test0 -c "sudo -u root true"') 55 56 + with subtest("test1 user should have sudo with password"): 57 + machine.succeed('su - test1 -c "echo ${password} | sudo -S -u root true"') 58 59 + with subtest("test1 user should not be able to use sudo without password"): 60 + machine.fail('su - test1 -c "sudo -n -u root true"') 61 62 + with subtest("users in group 'foobar' should be able to use sudo with password"): 63 + machine.succeed("sudo -u test2 echo ${password} | sudo -S -u root true") 64 65 + with subtest("users in group 'barfoo' should be able to use sudo without password"): 66 + machine.succeed("sudo -u test3 sudo -n -u root true") 67 68 + with subtest("users in group 'baz' (GID 1337)"): 69 + machine.succeed("sudo -u test4 sudo -n -u root echo true") 70 71 + with subtest("test5 user should be able to run commands under test1"): 72 + machine.succeed("sudo -u test5 sudo -n -u test1 true") 73 74 + with subtest("test5 user should not be able to run commands under root"): 75 + machine.fail("sudo -u test5 sudo -n -u root true") 76 77 + with subtest("test5 user should be able to keep his environment"): 78 + machine.succeed("sudo -u test5 sudo -n -E -u test1 true") 79 80 + with subtest("users in group 'barfoo' should not be able to keep their environment"): 81 + machine.fail("sudo -u test3 sudo -n -E -u root true") 82 ''; 83 })