Migrate `tests/unit/utils/test_user.py` to Pytest functional tests

Refs #53681
2025-04-17 10:10:20 +00:00 · 2021-07-15 15:14:04 +01:00 · 2021-07-15 15:14:04 +01:00 · a2d6b1de51
commit a2d6b1de51
parent 45e2a02b83
4 changed files with 104 additions and 68 deletions
--- a/tests/pytests/functional/utils/init.py
+++ b/tests/pytests/functional/utils/init.py
--- a/tests/pytests/functional/utils/user/init.py
+++ b/tests/pytests/functional/utils/user/init.py
--- a/tests/pytests/functional/utils/user/test_chugid_and_umask.py
+++ b/tests/pytests/functional/utils/user/test_chugid_and_umask.py
@ -0,0 +1,104 @@
+import functools
+import os
+import subprocess
+
+import pytest
+import salt.utils.user
+
+pytestmark = [
+    pytest.mark.destructive_test,
+    pytest.mark.skip_if_not_root,
+    pytest.mark.skip_on_windows,
+]
+
+
+@pytest.fixture(scope="module")
+def account_1():
+    with pytest.helpers.create_account(create_group=True) as _account:
+        yield _account
+
+
+@pytest.fixture(scope="module")
+def account_2(account_1):
+    with pytest.helpers.create_account(group_name=account_1.group.name) as _account:
+        yield _account
+
+
+def test_chugid(account_1, tmp_path):
+
+    # Since we're changing accounts to touch the file, the parent directory must be user and group writable
+    tmp_path.chmod(0o770)
+
+    testfile = tmp_path / "testfile"
+
+    # We should fail because the parent directory group owner is not the account running the test
+    ret = subprocess.run(
+        ["touch", str(testfile)],
+        preexec_fn=functools.partial(
+            salt.utils.user.chugid_and_umask,
+            runas=account_1.username,
+            umask=None,
+            group=None,
+        ),
+        check=False,
+    )
+    assert ret.returncode != 0
+
+    # However if we change the group ownership to one of the account's groups, it should succeed
+    os.chown(str(tmp_path), 0, account_1.group.info.gid)
+
+    ret = subprocess.run(
+        ["touch", str(testfile)],
+        preexec_fn=functools.partial(
+            salt.utils.user.chugid_and_umask,
+            runas=account_1.username,
+            umask=None,
+            group=None,
+        ),
+        check=False,
+    )
+    assert ret.returncode == 0
+    assert testfile.exists()
+    testfile_stat = testfile.stat()
+    assert testfile_stat.st_uid == account_1.info.uid
+    assert testfile_stat.st_gid == account_1.info.gid
+
+
+def test_chugid_and_group(account_1, account_2, tmp_path):
+
+    # Since we're changing accounts to touch the file, the parent directory must be world-writable
+    tmp_path.chmod(0o770)
+
+    testfile = tmp_path / "testfile"
+
+    # We should fail because the parent directory group owner is not the account running the test
+    ret = subprocess.run(
+        ["touch", str(testfile)],
+        preexec_fn=functools.partial(
+            salt.utils.user.chugid_and_umask,
+            runas=account_2.username,
+            umask=None,
+            group=account_1.group.name,
+        ),
+        check=False,
+    )
+    assert ret.returncode != 0
+
+    # However if we change the group ownership to one of the account's groups, it should succeed
+    os.chown(str(tmp_path), 0, account_1.group.info.gid)
+
+    ret = subprocess.run(
+        ["touch", str(testfile)],
+        preexec_fn=functools.partial(
+            salt.utils.user.chugid_and_umask,
+            runas=account_2.username,
+            umask=None,
+            group=account_1.group.name,
+        ),
+        check=False,
+    )
+    assert ret.returncode == 0
+    assert testfile.exists()
+    testfile_stat = testfile.stat()
+    assert testfile_stat.st_uid == account_2.info.uid
+    assert testfile_stat.st_gid == account_1.group.info.gid
--- a/tests/unit/utils/test_user.py
+++ b/tests/unit/utils/test_user.py
@ -1,68 +0,0 @@
-# Imports Standards
-import os
-
-import salt.utils.platform
-import salt.utils.user
-from tests.support.mock import patch
-from tests.support.runtests import this_user
-from tests.support.unit import TestCase, skipIf
-
-# Import Conditionals
-try:
-    import grp
-
-    HAS_GRP = True
-except ImportError:
-    HAS_GRP = False
-
-try:
-    import pwd
-
-    HAS_PWD = True
-except ImportError:
-    HAS_PWD = False
-
-
-class TestUser(TestCase):
-    @skipIf(HAS_GRP is False or HAS_PWD is False, "Module grp or pwd is missing")
-    @skipIf(salt.utils.platform.is_windows(), "Module not available on Windows")
-    def test_chugid_and_umask(self):
-
-        running_user = this_user()
-        running_group = grp.getgrgid(os.getgid()).gr_name
-
-        gids = {30: "expectedgroup", 20: running_group}
-        getgrnams = {
-            "expectedgroup": grp.struct_group(
-                ("expectedgroup", "*", 30, ["expecteduser"])
-            ),
-            running_group: grp.struct_group((running_group, "*", 20, [running_user])),
-        }
-        getpwnams = {
-            "expecteduser": pwd.struct_passwd(
-                ("expecteduser", "x", 30, 30, "-", "-", "-")
-            ),
-            running_user: pwd.struct_passwd((running_user, "x", 20, 20, "-", "-", "-")),
-        }
-
-        def getgrnam(group):
-            return getgrnams[group]
-
-        def getpwnam(user):
-            return getpwnams[user]
-
-        def getgrgid(gid):
-            return getgrnams[gids[gid]]
-
-        with patch("grp.getgrgid", getgrgid):
-            with patch("grp.getgrnam", getgrnam):
-                with patch("pwd.getpwnam", getpwnam):
-                    with patch("salt.utils.user.chugid") as chugid_mock:
-                        salt.utils.user.chugid_and_umask(
-                            "expecteduser", umask=None, group=running_group
-                        )
-                        chugid_mock.assert_called_with("expecteduser", running_group)
-                        salt.utils.user.chugid_and_umask(
-                            "expecteduser", umask=None, group=None
-                        )
-                        chugid_mock.assert_called_with("expecteduser", "expectedgroup")