commit: 93731d4ad939156665887e430086f6853653bc41
Author: Aliaksei Urbanski <aliaksei.urbanski <AT> gmail <DOT> com>
AuthorDate: Tue Nov 7 00:55:56 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Nov 13 06:20:50 2023 +0000
URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=93731d4a
Add basic rendering tests with tox
Signed-off-by: Aliaksei Urbanski <aliaksei.urbanski <AT> gmail.com>
Signed-off-by: Sam James <sam <AT> gentoo.org>
.gitignore | 1 +
tests/rendered/custom/login | 5 +++++
tests/rendered/custom/other | 4 ++++
tests/rendered/custom/passwd | 4 ++++
tests/rendered/custom/su | 8 ++++++++
tests/rendered/custom/system-auth | 11 +++++++++++
tests/rendered/custom/system-local-login | 4 ++++
tests/rendered/custom/system-login | 15 +++++++++++++++
tests/rendered/custom/system-remote-login | 4 ++++
tests/rendered/custom/system-services | 6 ++++++
tests/rendered/default/login | 5 +++++
tests/rendered/default/other | 4 ++++
tests/rendered/default/passwd | 4 ++++
tests/rendered/default/su | 8 ++++++++
tests/rendered/default/system-auth | 10 ++++++++++
tests/rendered/default/system-local-login | 4 ++++
tests/rendered/default/system-login | 14 ++++++++++++++
tests/rendered/default/system-remote-login | 4 ++++
tests/rendered/default/system-services | 6 ++++++
tests/rendered/minimal/login | 5 +++++
tests/rendered/minimal/other | 4 ++++
tests/rendered/minimal/passwd | 4 ++++
tests/rendered/minimal/su | 8 ++++++++
tests/rendered/minimal/system-auth | 10 ++++++++++
tests/rendered/minimal/system-local-login | 4 ++++
tests/rendered/minimal/system-login | 11 +++++++++++
tests/rendered/minimal/system-remote-login | 4 ++++
tests/rendered/minimal/system-services | 6 ++++++
tox.ini | 18 ++++++++++++++++++
29 files changed, 195 insertions(+)
diff --git a/.gitignore b/.gitignore
index 844c82f..73c8fab 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
stack/
.idea/
+.tox/
diff --git a/tests/rendered/custom/login b/tests/rendered/custom/login
new file mode 100644
index 0000000..e5a66f2
--- /dev/null
+++ b/tests/rendered/custom/login
@@ -0,0 +1,5 @@
+auth include system-local-login
+account include system-local-login
+password include system-local-login
+session optional pam_lastlog.so
+session include system-local-login
diff --git a/tests/rendered/custom/other b/tests/rendered/custom/other
new file mode 100644
index 0000000..9544f8e
--- /dev/null
+++ b/tests/rendered/custom/other
@@ -0,0 +1,4 @@
+auth required pam_deny.so
+account required pam_deny.so
+password required pam_deny.so
+session required pam_deny.so
diff --git a/tests/rendered/custom/passwd b/tests/rendered/custom/passwd
new file mode 100644
index 0000000..0bde2a3
--- /dev/null
+++ b/tests/rendered/custom/passwd
@@ -0,0 +1,4 @@
+auth sufficient pam_rootok.so
+auth include system-auth
+account include system-auth
+password include system-auth
diff --git a/tests/rendered/custom/su b/tests/rendered/custom/su
new file mode 100644
index 0000000..a36b633
--- /dev/null
+++ b/tests/rendered/custom/su
@@ -0,0 +1,8 @@
+auth sufficient pam_rootok.so
+auth required pam_wheel.so use_uid
+auth include system-auth
+account include system-auth
+password include system-auth
+session include system-auth
+session required pam_env.so
+session optional pam_xauth.so
diff --git a/tests/rendered/custom/system-auth
b/tests/rendered/custom/system-auth
new file mode 100644
index 0000000..a84a45a
--- /dev/null
+++ b/tests/rendered/custom/system-auth
@@ -0,0 +1,11 @@
+auth required pam_env.so
+auth requisite pam_faillock.so preauth
+auth [success=1 default=ignore] pam_unix.so nullok
try_first_pass
+auth [default=die] pam_faillock.so authfail
+account required pam_unix.so
+account required pam_faillock.so
+password required pam_passwdqc.so
config=/etc/security/passwdqc.conf
+password required pam_unix.so try_first_pass use_authtok nullok
sha512 shadow
+session required pam_limits.so
+session required pam_env.so
+session required pam_unix.so
diff --git a/tests/rendered/custom/system-local-login
b/tests/rendered/custom/system-local-login
new file mode 100644
index 0000000..2f415ed
--- /dev/null
+++ b/tests/rendered/custom/system-local-login
@@ -0,0 +1,4 @@
+auth include system-login
+account include system-login
+password include system-login
+session include system-login
diff --git a/tests/rendered/custom/system-login
b/tests/rendered/custom/system-login
new file mode 100644
index 0000000..161a600
--- /dev/null
+++ b/tests/rendered/custom/system-login
@@ -0,0 +1,15 @@
+auth required pam_shells.so
+auth required pam_nologin.so
+auth include system-auth
+account required pam_access.so
+account required pam_nologin.so
+account required pam_time.so
+account include system-auth
+password include system-auth
+session optional pam_loginuid.so
+session required pam_env.so envfile=/etc/profile.env
+session optional pam_lastlog.so silent
+session include system-auth
+session optional pam_motd.so motd=/etc/motd
+session optional pam_mail.so
+-session optional pam_elogind.so
diff --git a/tests/rendered/custom/system-remote-login
b/tests/rendered/custom/system-remote-login
new file mode 100644
index 0000000..2f415ed
--- /dev/null
+++ b/tests/rendered/custom/system-remote-login
@@ -0,0 +1,4 @@
+auth include system-login
+account include system-login
+password include system-login
+session include system-login
diff --git a/tests/rendered/custom/system-services
b/tests/rendered/custom/system-services
new file mode 100644
index 0000000..857363a
--- /dev/null
+++ b/tests/rendered/custom/system-services
@@ -0,0 +1,6 @@
+auth sufficient pam_permit.so
+account include system-auth
+session optional pam_loginuid.so
+session required pam_limits.so
+session required pam_env.so
+session required pam_unix.so
diff --git a/tests/rendered/default/login b/tests/rendered/default/login
new file mode 100644
index 0000000..e5a66f2
--- /dev/null
+++ b/tests/rendered/default/login
@@ -0,0 +1,5 @@
+auth include system-local-login
+account include system-local-login
+password include system-local-login
+session optional pam_lastlog.so
+session include system-local-login
diff --git a/tests/rendered/default/other b/tests/rendered/default/other
new file mode 100644
index 0000000..9544f8e
--- /dev/null
+++ b/tests/rendered/default/other
@@ -0,0 +1,4 @@
+auth required pam_deny.so
+account required pam_deny.so
+password required pam_deny.so
+session required pam_deny.so
diff --git a/tests/rendered/default/passwd b/tests/rendered/default/passwd
new file mode 100644
index 0000000..0bde2a3
--- /dev/null
+++ b/tests/rendered/default/passwd
@@ -0,0 +1,4 @@
+auth sufficient pam_rootok.so
+auth include system-auth
+account include system-auth
+password include system-auth
diff --git a/tests/rendered/default/su b/tests/rendered/default/su
new file mode 100644
index 0000000..a36b633
--- /dev/null
+++ b/tests/rendered/default/su
@@ -0,0 +1,8 @@
+auth sufficient pam_rootok.so
+auth required pam_wheel.so use_uid
+auth include system-auth
+account include system-auth
+password include system-auth
+session include system-auth
+session required pam_env.so
+session optional pam_xauth.so
diff --git a/tests/rendered/default/system-auth
b/tests/rendered/default/system-auth
new file mode 100644
index 0000000..d84e030
--- /dev/null
+++ b/tests/rendered/default/system-auth
@@ -0,0 +1,10 @@
+auth required pam_env.so
+auth requisite pam_faillock.so preauth
+auth [success=1 default=ignore] pam_unix.so try_first_pass
+auth [default=die] pam_faillock.so authfail
+account required pam_unix.so
+account required pam_faillock.so
+password required pam_unix.so try_first_pass md5 shadow
+session required pam_limits.so
+session required pam_env.so
+session required pam_unix.so
diff --git a/tests/rendered/default/system-local-login
b/tests/rendered/default/system-local-login
new file mode 100644
index 0000000..2f415ed
--- /dev/null
+++ b/tests/rendered/default/system-local-login
@@ -0,0 +1,4 @@
+auth include system-login
+account include system-login
+password include system-login
+session include system-login
diff --git a/tests/rendered/default/system-login
b/tests/rendered/default/system-login
new file mode 100644
index 0000000..ae763fc
--- /dev/null
+++ b/tests/rendered/default/system-login
@@ -0,0 +1,14 @@
+auth required pam_shells.so
+auth required pam_nologin.so
+auth include system-auth
+account required pam_access.so
+account required pam_nologin.so
+account required pam_time.so
+account include system-auth
+password include system-auth
+session optional pam_loginuid.so
+session required pam_env.so envfile=/etc/profile.env
+session optional pam_lastlog.so silent
+session include system-auth
+session optional pam_motd.so motd=/etc/motd
+session optional pam_mail.so
diff --git a/tests/rendered/default/system-remote-login
b/tests/rendered/default/system-remote-login
new file mode 100644
index 0000000..2f415ed
--- /dev/null
+++ b/tests/rendered/default/system-remote-login
@@ -0,0 +1,4 @@
+auth include system-login
+account include system-login
+password include system-login
+session include system-login
diff --git a/tests/rendered/default/system-services
b/tests/rendered/default/system-services
new file mode 100644
index 0000000..857363a
--- /dev/null
+++ b/tests/rendered/default/system-services
@@ -0,0 +1,6 @@
+auth sufficient pam_permit.so
+account include system-auth
+session optional pam_loginuid.so
+session required pam_limits.so
+session required pam_env.so
+session required pam_unix.so
diff --git a/tests/rendered/minimal/login b/tests/rendered/minimal/login
new file mode 100644
index 0000000..e5a66f2
--- /dev/null
+++ b/tests/rendered/minimal/login
@@ -0,0 +1,5 @@
+auth include system-local-login
+account include system-local-login
+password include system-local-login
+session optional pam_lastlog.so
+session include system-local-login
diff --git a/tests/rendered/minimal/other b/tests/rendered/minimal/other
new file mode 100644
index 0000000..9544f8e
--- /dev/null
+++ b/tests/rendered/minimal/other
@@ -0,0 +1,4 @@
+auth required pam_deny.so
+account required pam_deny.so
+password required pam_deny.so
+session required pam_deny.so
diff --git a/tests/rendered/minimal/passwd b/tests/rendered/minimal/passwd
new file mode 100644
index 0000000..0bde2a3
--- /dev/null
+++ b/tests/rendered/minimal/passwd
@@ -0,0 +1,4 @@
+auth sufficient pam_rootok.so
+auth include system-auth
+account include system-auth
+password include system-auth
diff --git a/tests/rendered/minimal/su b/tests/rendered/minimal/su
new file mode 100644
index 0000000..a36b633
--- /dev/null
+++ b/tests/rendered/minimal/su
@@ -0,0 +1,8 @@
+auth sufficient pam_rootok.so
+auth required pam_wheel.so use_uid
+auth include system-auth
+account include system-auth
+password include system-auth
+session include system-auth
+session required pam_env.so
+session optional pam_xauth.so
diff --git a/tests/rendered/minimal/system-auth
b/tests/rendered/minimal/system-auth
new file mode 100644
index 0000000..d84e030
--- /dev/null
+++ b/tests/rendered/minimal/system-auth
@@ -0,0 +1,10 @@
+auth required pam_env.so
+auth requisite pam_faillock.so preauth
+auth [success=1 default=ignore] pam_unix.so try_first_pass
+auth [default=die] pam_faillock.so authfail
+account required pam_unix.so
+account required pam_faillock.so
+password required pam_unix.so try_first_pass md5 shadow
+session required pam_limits.so
+session required pam_env.so
+session required pam_unix.so
diff --git a/tests/rendered/minimal/system-local-login
b/tests/rendered/minimal/system-local-login
new file mode 100644
index 0000000..2f415ed
--- /dev/null
+++ b/tests/rendered/minimal/system-local-login
@@ -0,0 +1,4 @@
+auth include system-login
+account include system-login
+password include system-login
+session include system-login
diff --git a/tests/rendered/minimal/system-login
b/tests/rendered/minimal/system-login
new file mode 100644
index 0000000..cb63f65
--- /dev/null
+++ b/tests/rendered/minimal/system-login
@@ -0,0 +1,11 @@
+auth required pam_shells.so
+auth required pam_nologin.so
+auth include system-auth
+account required pam_access.so
+account required pam_nologin.so
+account required pam_time.so
+account include system-auth
+password include system-auth
+session optional pam_loginuid.so
+session required pam_env.so envfile=/etc/profile.env
+session include system-auth
diff --git a/tests/rendered/minimal/system-remote-login
b/tests/rendered/minimal/system-remote-login
new file mode 100644
index 0000000..2f415ed
--- /dev/null
+++ b/tests/rendered/minimal/system-remote-login
@@ -0,0 +1,4 @@
+auth include system-login
+account include system-login
+password include system-login
+session include system-login
diff --git a/tests/rendered/minimal/system-services
b/tests/rendered/minimal/system-services
new file mode 100644
index 0000000..857363a
--- /dev/null
+++ b/tests/rendered/minimal/system-services
@@ -0,0 +1,6 @@
+auth sufficient pam_permit.so
+account include system-auth
+session optional pam_loginuid.so
+session required pam_limits.so
+session required pam_env.so
+session required pam_unix.so
diff --git a/tox.ini b/tox.ini
new file mode 100644
index 0000000..818a012
--- /dev/null
+++ b/tox.ini
@@ -0,0 +1,18 @@
+[tox]
+min_version = 4.0
+skipsdist = true
+env_list = py3{10,11,12}-{default,minimal,custom}
+
+[testenv]
+description = check template rendering stability
+deps =
+ jinja2
+allowlist_externals = /usr/bin/diff
+commands =
+ python --version
+ default: python pambase.py
+ default: diff -Nru tests/rendered/default stack
+ minimal: python pambase.py --minimal
+ minimal: diff -Nru tests/rendered/minimal stack
+ custom: python pambase.py --elogind --nullok --passwdqc --sha512
+ custom: diff -Nru tests/rendered/custom stack
