Chromium Code Reviews Chromium Code Reviews
Issue 9960074:
Add a test for the "ephemeral_users_enabled" device policy (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master| OLD | NEW |
|---|---|
| (Empty) | |
| 1 # Copyright (c) 2012 The Chromium OS Authors. All rights reserved. | |
| 2 # Use of this source code is governed by a BSD-style license that can be | |
|
Nirnimesh
2012/04/12 01:46:24
I'd prefer a shorter filename for this test.
chrom
bartfab (slow)
2012/04/12 12:49:31
Done.
| |
| 3 # found in the LICENSE file. | |
| 4 | |
| 5 import logging | |
| 6 import os | |
| 7 import sys | |
| 8 | |
| 9 import pyauto_functional # This must come before pyauto (and thus, policy_base). | |
| 10 import policy_base | |
| 11 | |
| 12 sys.path.append('/usr/local') # Required to import autotest libs. | |
|
Nirnimesh
2012/04/12 01:46:24
nit: need at least 2 spaces before #
bartfab (slow)
2012/04/12 12:49:31
Done.
| |
| 13 from autotest.cros import constants | |
| 14 from autotest.cros import cryptohome | |
| 15 | |
| 16 | |
| 17 class ChromeosEphemeralUsersEnabled(policy_base.PolicyTestBase): | |
| 18 """Tests a policy that makes all users except the owner ephemeral. | |
| 19 | |
| 20 When this policy is enabled, no persistent information in the form of | |
| 21 cryptohome shadow directories or local state prefs should be created for | |
| 22 users. Additionally, any persistent information previously accumulated should | |
| 23 be cleared when a user first logs in after enabling the policy.""" | |
| 24 | |
| 25 def _SetEphemeralUsersEnabled(self, enabled): | |
| 26 # The Login browser automation call fails when the login screen is showing | |
|
Nirnimesh
2012/04/12 01:46:24
Please provide a docstring.
Some of this info can
bartfab (slow)
2012/04/12 12:49:31
Done.
| |
| 27 # user pods instead of a login form. This class disables automatic clearing | |
| 28 # of the local state, allowing user information to accumulate. To ensure no | |
| 29 # pods are shown for recent users, pods are explicitly disabled by setting | |
| 30 # the show_user_names policy to False. | |
| 31 self.SetDevicePolicy(device_policy={'ephemeral_users_enabled': enabled, | |
| 32 'show_user_names': False}, | |
| 33 owner=self._usernames[0]) | |
|
Nirnimesh
2012/04/12 01:46:24
it's not clear from the docstring or the method na
bartfab (slow)
2012/04/12 12:49:31
It is SetDevicePolicy() that sets the owner. There
| |
| 34 | |
| 35 def _DoesVaultDirectoryExist(self, user_index): | |
| 36 user_hash = cryptohome.get_user_hash(self._usernames[user_index]) | |
| 37 return os.path.exists(os.path.join('/home/.shadow', user_hash)) | |
| 38 | |
| 39 def _AssertLocalStatePrefsSet(self, user_indexes): | |
| 40 expected = sorted([self._usernames[index] for index in user_indexes]) | |
| 41 # The OAuthTokenStatus pref is populated asynchronously. Checking whether it | |
| 42 # is set would lead to an ugly race. | |
| 43 for pref in ['LoggedInUsers', 'UserImages', 'UserDisplayEmail', ]: | |
| 44 actual = sorted(self.GetLocalStatePrefsInfo().Prefs(pref)) | |
| 45 self.assertTrue(actual == expected, | |
|
Nirnimesh
2012/04/12 01:46:24
use assertEqual
bartfab (slow)
2012/04/12 12:49:31
Done.
| |
| 46 msg='Expected to find prefs in local state for users.') | |
| 47 | |
| 48 def _AssertLocalStatePrefsEmpty(self): | |
| 49 for pref in ['LoggedInUsers', | |
| 50 'UserImages', | |
| 51 'UserDisplayEmail', | |
| 52 'OAuthTokenStatus']: | |
| 53 self.assertFalse(self.GetLocalStatePrefsInfo().Prefs(pref), | |
| 54 msg='Expected to not find prefs in local state for any user.') | |
| 55 | |
| 56 def _AssertVaultDirectoryExists(self, user_index): | |
| 57 self.assertTrue(self._DoesVaultDirectoryExist(user_index=user_index), | |
| 58 msg='Expected vault shadow directory to exist.') | |
| 59 | |
| 60 def _AssertVaultDirectoryDoesNotExist(self, user_index): | |
| 61 self.assertFalse(self._DoesVaultDirectoryExist(user_index=user_index), | |
| 62 msg='Expected vault shadow directory to not exist.') | |
| 63 | |
| 64 def _AssertVaultMounted(self, user_index, ephemeral): | |
| 65 if ephemeral: | |
| 66 device_regex = constants.CRYPTOHOME_DEV_REGEX_REGULAR_USER_EPHEMERAL | |
| 67 fs_regex = constants.CRYPTOHOME_FS_REGEX_TMPFS | |
| 68 else: | |
| 69 device_regex = constants.CRYPTOHOME_DEV_REGEX_REGULAR_USER_SHADOW | |
| 70 fs_regex = constants.CRYPTOHOME_FS_REGEX_ANY | |
| 71 self.assertTrue( | |
| 72 cryptohome.is_vault_mounted(device_regex=device_regex, | |
| 73 fs_regex=fs_regex, | |
| 74 user=self._usernames[user_index], | |
| 75 allow_fail=True), | |
| 76 msg='Expected vault backed by %s to be mounted.' % | |
| 77 'tmpfs' if ephemeral else 'shadow directory') | |
| 78 | |
| 79 def _AssertNoVaultMounted(self): | |
| 80 self.assertFalse(cryptohome.is_vault_mounted(allow_fail=True), | |
| 81 msg='Did not expect any vault to be mounted.') | |
| 82 | |
| 83 def Login(self, user_index): | |
| 84 self.assertFalse(self.GetLoginInfo()['is_logged_in'], | |
| 85 msg='Expected to be logged out.') | |
| 86 policy_base.PolicyTestBase.Login(self, | |
| 87 self._usernames[user_index], | |
| 88 self._passwords[user_index]) | |
| 89 self.assertTrue(self.GetLoginInfo()['is_logged_in'], | |
| 90 msg='Expected to be logged in.') | |
| 91 | |
| 92 def ExtraChromeFlags(self): | |
| 93 """Sets up Chrome to skip OOBE. | |
| 94 | |
| 95 A magic file normally exists on test images that tells the session manager | |
|
Nirnimesh
2012/04/12 01:46:24
How is this description related to --login-screen=
bartfab (slow)
2012/04/12 12:49:31
Rewritten to make it clearer.
| |
| 96 to skip OOBE. However, that same file also makes session manager clear the | |
| 97 local state during startup. This class requires local state to persist. | |
| 98 Thus, the magic file has to be removed temporarily and OOBE must be disabled | |
| 99 by passing an explicit flag. | |
| 100 """ | |
| 101 flags = policy_base.PolicyTestBase.ExtraChromeFlags(self) | |
| 102 flags.append('--login-screen=login') | |
| 103 return flags | |
| 104 | |
| 105 def setUp(self): | |
| 106 # Allow PolicyTestBase to clear local state and /home/chronos at the start | |
| 107 # for test isolation. | |
| 108 policy_base.PolicyTestBase.setUp(self) | |
| 109 # Disable clearing of local state and /home/chronos for the remainder of | |
| 110 # the test. | |
| 111 self.DisableLocalStateAutoClearingOnChromeOS() | |
| 112 self.set_clear_profile(False) | |
|
Nirnimesh
2012/04/12 01:46:24
Why is this necessary?
bartfab (slow)
2012/04/12 12:49:31
Added an explanation.
| |
| 113 | |
| 114 credentials = (self.GetPrivateInfo()['prod_enterprise_test_user'], | |
| 115 self.GetPrivateInfo()['prod_enterprise_executive_user'], | |
| 116 self.GetPrivateInfo()['prod_enterprise_sales_user']) | |
| 117 self._usernames = [credential['username'] for credential in credentials] | |
| 118 self._passwords = [credential['password'] for credential in credentials] | |
| 119 | |
| 120 def tearDown(self): | |
| 121 # Allow PolicyTestBase to clear local state and /home/chronos at the end for | |
| 122 # test isolation. | |
| 123 self.EnableLocalStateAutoClearingOnChromeOS() | |
| 124 self.set_clear_profile(True) | |
| 125 policy_base.PolicyTestBase.tearDown(self) | |
| 126 | |
| 127 def testLoginAsOwnerIsNotEphemeral(self): | |
| 128 """Checks that the owner does not become ephemeral.""" | |
| 129 self._SetEphemeralUsersEnabled(True) | |
| 130 | |
| 131 self.Login(user_index=0) | |
|
Nirnimesh
2012/04/12 01:46:24
How did user 0 become the owner? from line 33?
bartfab (slow)
2012/04/12 12:49:31
Renamed _SetEphemeralUsersEnabled() to _SetDeviceP
| |
| 132 self._AssertVaultDirectoryExists(user_index=0) | |
| 133 self._AssertVaultMounted(user_index=0, ephemeral=False) | |
| 134 self.Logout() | |
| 135 self._AssertLocalStatePrefsSet(user_indexes=[0]) | |
| 136 | |
| 137 self._AssertVaultDirectoryExists(user_index=0) | |
| 138 self._AssertNoVaultMounted() | |
| 139 | |
| 140 def testLoginAsNonOwnerIsEphemeral(self): | |
| 141 """Checks that a non-owner user does become ephemeral.""" | |
| 142 self._SetEphemeralUsersEnabled(True) | |
| 143 | |
| 144 self.Login(user_index=1) | |
| 145 self._AssertVaultDirectoryDoesNotExist(user_index=1) | |
| 146 self._AssertVaultMounted(user_index=1, ephemeral=True) | |
| 147 self.Logout() | |
| 148 self._AssertLocalStatePrefsEmpty() | |
| 149 | |
| 150 self._AssertVaultDirectoryDoesNotExist(user_index=1) | |
| 151 self._AssertNoVaultMounted() | |
| 152 | |
| 153 def testEnablingEphemeralUsersCleansUp(self): | |
| 154 """Checks that persistent information is cleared.""" | |
| 155 self._SetEphemeralUsersEnabled(False) | |
| 156 | |
| 157 self.Login(user_index=0) | |
| 158 self.Logout() | |
| 159 self._AssertLocalStatePrefsSet(user_indexes=[0]) | |
| 160 | |
| 161 self.Login(user_index=1) | |
| 162 self.Logout() | |
| 163 self._AssertLocalStatePrefsSet(user_indexes=[0, 1]) | |
| 164 | |
| 165 self.Login(user_index=2) | |
| 166 self.Logout() | |
| 167 self._AssertLocalStatePrefsSet(user_indexes=[0, 1, 2]) | |
| 168 | |
| 169 self._AssertVaultDirectoryExists(user_index=0) | |
| 170 self._AssertVaultDirectoryExists(user_index=1) | |
| 171 self._AssertVaultDirectoryExists(user_index=2) | |
| 172 | |
| 173 self._SetEphemeralUsersEnabled(True) | |
| 174 | |
| 175 self.Login(user_index=1) | |
| 176 self._AssertVaultMounted(user_index=1, ephemeral=True) | |
| 177 self.Logout() | |
| 178 | |
| 179 self._AssertLocalStatePrefsSet(user_indexes=[0]) | |
| 180 | |
| 181 self._AssertVaultDirectoryExists(user_index=0) | |
| 182 self._AssertVaultDirectoryDoesNotExist(user_index=1) | |
| 183 self._AssertVaultDirectoryDoesNotExist(user_index=2) | |
| 184 | |
| 185 | |
| 186 if __name__ == '__main__': | |
| 187 pyauto_functional.Main() | |
| OLD | NEW |
