chrome/test/functional/chromeos_ephemeral_users_enabled.py - Issue 9960074: Add a test for the "ephemeral_users_enabled" device policy

Side by Side Diff: chrome/test/functional/chromeos_ephemeral_users_enabled.py

Issue 9960074: Add a test for the "ephemeral_users_enabled" device policy (Closed) Base URL: http://git.chromium.org/chromium/src.git@master

Patch Set: Created 8 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 # Copyright (c) 2012 The Chromium OS Authors. All rights reserved.

	2 # Use of this source code is governed by a BSD-style license that can be

	3 # found in the LICENSE file.

	4

	5 import logging

	6 import os

	7 import sys

	8

	9 import pyauto_functional # must come before pyauto (and thus, policy_base).

	10 import policy_base

	11

	12 sys.path.append('/usr/local') # to import autotest libs.

	13 from autotest.cros import constants

	14 from autotest.cros import cryptohome

	15

	16

	17 class ChromeosEphemeralUsersEnabled(policy_base.PolicyTestBase):

	18 """Tests a policy that makes all users except the owners ephemeral.
	xot 2012/04/11 01:42:24 owner -- there can be only one. owner -- there can be only one. bartfab (slow) 2012/04/11 13:44:01 Done. Show quoted text On 2012/04/11 01:42:24, xot wrote: > owner -- there can be only one. Done.
	19

	20 When this policy is enabled, no persistent information in the form of

	21 cryptohome shadow directories or local state prefs should be created for

	22 users. Additionally, any persistent information previously accumulated should

	23 be cleared when a user first logs in after enabling the policy."""

	24

	25 def _SetEphemeralUsersEnabled(self, enabled):

	26 self.SetDevicePolicy(device_policy={'ephemeral_users_enabled': enabled},

	27 owner=self._usernames[0])

	28

	29 def _DoesVaultDirectoryExist(self, user_index):

	30 user_hash = cryptohome.get_user_hash(self._usernames[user_index])

	31 return os.path.exists(os.path.join('/home/.shadow', user_hash))

	32

	33 def _AssertLocalStatePrefsSet(self, user_index):

	34 username = self._usernames[user_index]

	35 # The OAuthTokenStatus pref is populated asynchronously. Checking whether it

	36 # is set would lead to an ugly race.

	37 for pref in ['LoggedInUsers', 'UserImages', 'UserDisplayEmail']:

	38 values = self.GetLocalStatePrefsInfo().Prefs(pref)

	39 self.assertTrue(username in values and len(values) == 1,

	40 msg='Expected to find prefs in local state for user.')

	41

	42 def _AssertLocalStatePrefsEmpty(self):

	43 for pref in ['LoggedInUsers',

	44 'UserImages',

	45 'UserDisplayEmail',

	46 'OAuthTokenStatus']:

	47 self.assertFalse(self.GetLocalStatePrefsInfo().Prefs(pref),

	48 msg='Expected to not find prefs in local state for any user.')

	49

	50 def _AssertVaultDirectoryExists(self, user_index):

	51 self.assertTrue(self._DoesVaultDirectoryExist(user_index=user_index),

	52 msg='Expected vault shadow directory to exist.')

	53

	54 def _AssertVaultDirectoryDoesNotExist(self, user_index):

	55 self.assertFalse(self._DoesVaultDirectoryExist(user_index=user_index),

	56 msg='Expected vault shadow directory to not exist.')

	57

	58 def _AssertVaultMounted(self, user_index, ephemeral):

	59 if ephemeral:

	60 device_regex = constants.CRYPTOHOME_DEV_REGEX_REGULAR_USER_EPHEMERAL

	61 fs_regex = constants.CRYPTOHOME_FS_REGEX_TMPFS

	62 else:

	63 device_regex = constants.CRYPTOHOME_DEV_REGEX_REGULAR_USER_SHADOW

	64 fs_regex = constants.CRYPTOHOME_FS_REGEX_ANY

	65 self.assertTrue(

	66 cryptohome.is_vault_mounted(device_regex=device_regex,

	67 fs_regex=fs_regex,

	68 user=self._usernames[user_index],

	69 allow_fail=True),

	70 msg='Expected vault backed by %s to be mounted.' %

	71 'tmpfs' if ephemeral else 'shadow directory')

	72

	73 def _AssertNoVaultMounted(self):

	74 self.assertFalse(cryptohome.is_vault_mounted(allow_fail=True),

	75 msg='Did not expect any vault to be mounted.')

	76

	77 def Login(self, user_index):

	78 self.assertFalse(self.GetLoginInfo()['is_logged_in'],

	79 msg='Expected to be logged out.')

	80 policy_base.PolicyTestBase.Login(self,

	81 self._usernames[user_index],

	82 self._passwords[user_index])

	83 self.assertTrue(self.GetLoginInfo()['is_logged_in'],

	84 msg='Expected to be logged in.')

	85

	86 def setUp(self):

	87 policy_base.PolicyTestBase.setUp(self)

	88 credentials = (self.GetPrivateInfo()['prod_enterprise_test_user'],

	89 self.GetPrivateInfo()['prod_enterprise_executive_user'],

	90 self.GetPrivateInfo()['prod_enterprise_sales_user'])

	91 self._usernames = [credential['username'] for credential in credentials]

	92 self._passwords = [credential['password'] for credential in credentials]

	93

	94 def testLoginAsOwnerIsNotEphemeral(self):

	95 """Checks that the owner does not become ephemeral."""

	96 self._SetEphemeralUsersEnabled(True)

	97

	98 self.Login(user_index=0)

	99 self._AssertLocalStatePrefsSet(user_index=0)

	100 self._AssertVaultDirectoryExists(user_index=0)

	101 self._AssertVaultMounted(user_index=0, ephemeral=False)

	102 self.Logout()

	103

	104 self._AssertVaultDirectoryExists(user_index=0)

	105 self._AssertNoVaultMounted()

	106

	107 def testLoginAsNonOwnerIsEphemeral(self):

	108 """Checks that a non-owner user does become ephemeral."""

	109 self._SetEphemeralUsersEnabled(True)

	110

	111 self.Login(user_index=1)

	112 self._AssertLocalStatePrefsEmpty()

	113 self._AssertVaultDirectoryDoesNotExist(user_index=1)

	114 self._AssertVaultMounted(user_index=1, ephemeral=True)

	115 self.Logout()

	116

	117 self._AssertVaultDirectoryDoesNotExist(user_index=1)

	118 self._AssertNoVaultMounted()

	119

	120 def testEnablingEphemeralUsersCleansUp(self):

	121 """Checks that persistent information is cleared.

	122

	123 Unfortunately, ChromeOS test images clear the local state on every logout.

	124 It is therefore not possible to test whether accumulated user prefs are

	125 cleared from local state.

	126 """
	xot 2012/04/11 01:42:24 I thought test images only did this when /root/for I thought test images only did this when /root/forget_usernames existed. Couldn't this file be temporarily removed for this test? bartfab (slow) 2012/04/11 13:44:01 The root file system is normally mounted read-only The root file system is normally mounted read-only but after remounting read-write, this file can be deleted temporarily to fully test the policy. I have updated the test accordingly.
	127 self._SetEphemeralUsersEnabled(False)

	128

	129 self.Login(user_index=0)

	130 self._AssertLocalStatePrefsSet(user_index=0)

	131 self.Logout()

	132 self.Login(user_index=1)

	133 self._AssertLocalStatePrefsSet(user_index=1)

	134 self.Logout()

	135 self.Login(user_index=2)

	136 self._AssertLocalStatePrefsSet(user_index=2)

	137 self.Logout()

	138

	139 self._AssertVaultDirectoryExists(user_index=0)

	140 self._AssertVaultDirectoryExists(user_index=1)

	141 self._AssertVaultDirectoryExists(user_index=2)

	142

	143 self._SetEphemeralUsersEnabled(True)

	144

	145 self.Login(user_index=1)

	146 self._AssertVaultMounted(user_index=1, ephemeral=True)

	147 self.Logout()

	148

	149 self._AssertVaultDirectoryExists(user_index=0)

	150 self._AssertVaultDirectoryDoesNotExist(user_index=1)

	151 self._AssertVaultDirectoryDoesNotExist(user_index=2)

	152

	153 if __name__ == '__main__':

	154 pyauto_functional.Main()

OLD	NEW

« no previous file with comments | « chrome/test/functional/PYAUTO_TESTS ('k') | no next file » | no next file with comments »