use command_as_user

Test-tag: SecurityPoolACLTest SecurityPoolGroupsTest DaosContainerSecurityTest dfuse_mu Skip-unit-tests: true Skip-fault-injection-test: true Signed-off-by: Dalton Bohning <[email protected]>
daos-stack · Jan 24, 2025 · 849d8d7 · 849d8d7
1 parent e73aec1
commit 849d8d7
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 38 deletions.
diff --git a/src/tests/ftest/util/launch_utils.py b/src/tests/ftest/util/launch_utils.py
@@ -1,5 +1,6 @@
 """
   (C) Copyright 2022-2024 Intel Corporation.
+  (C) Copyright 2025 Hewlett Packard Enterprise Development LP
 
   SPDX-License-Identifier: BSD-2-Clause-Patent
 """
@@ -688,7 +689,7 @@ def _query_create_group(logger, hosts, group, create=False):
 
         # Create the group
         logger.info('Creating group %s', group)
-        if not groupadd(logger, hosts, group, True, True).passed:
+        if not groupadd(logger, hosts, group, True).passed:
             raise LaunchException(f'Error creating group {group}')
 
         # Get the group id on each node
@@ -726,11 +727,11 @@ def _query_create_user(logger, hosts, user, gid=None, create=False):
 
         # Delete and ignore errors, in case user account is inconsistent across nodes
         logger.info('Deleting user %s', user)
-        _ = userdel(logger, hosts, user, True)
+        _ = userdel(logger, hosts, user)
 
         logger.info('Creating user %s in group %s', user, gid)
         test_env = TestEnvironment()
-        if not useradd(logger, hosts, user, gid, test_env.user_dir, True).passed:
+        if not useradd(logger, hosts, user, gid, test_env.user_dir).passed:
             raise LaunchException(f'Error creating user {user}')
 
     def _clear_mount_points(self, logger, test, clear_mounts):

diff --git a/src/tests/ftest/util/pool_security_test_base.py b/src/tests/ftest/util/pool_security_test_base.py
@@ -364,13 +364,13 @@ def create_pool_acl(self, num_user, num_group, current_user_acl, acl_file):
         for uid in range(num_user):
             username = user_prefix + "_tester_" + str(uid + 1)
             new_user = "A::" + username + "@:" + PERMISSIONS[uid % 4]
-            if not useradd(self.log, self.hostlist_clients, username, sudo=True).passed:
+            if not useradd(self.log, self.hostlist_clients, username).passed:
                 self.fail(f"Failed to useradd {username}")
             user_list.append(new_user)
         for gid in range(num_group):
             groupname = user_prefix + "_testGrp_" + str(gid + 1)
             new_group = "A:G:" + groupname + "@:" + PERMISSIONS[(gid + 2) % 4]
-            if not groupadd(self.log, self.hostlist_clients, groupname, sudo=True).passed:
+            if not groupadd(self.log, self.hostlist_clients, groupname).passed:
                 self.fail(f"Failed to groupadd {groupname}")
             group_list.append(new_group)
         permission_list = group_list + user_list + current_user_acl
@@ -389,11 +389,11 @@ def cleanup_user_group(self, num_user, num_group):
         user_prefix = self.params.get("user_prefix", "/run/pool_acl/*")
         for uid in range(num_user):
             username = user_prefix + "_tester_" + str(uid + 1)
-            if not userdel(self.log, self.hostlist_clients, username, sudo=True).passed:
+            if not userdel(self.log, self.hostlist_clients, username).passed:
                 self.log.error("Failed to userdel %s", username)
         for gid in range(num_group):
             groupname = user_prefix + "_testGrp_" + str(gid + 1)
-            if not groupdel(self.log, self.hostlist_clients, groupname, sudo=True).passed:
+            if not groupdel(self.log, self.hostlist_clients, groupname).passed:
                 self.log.error("Failed to groupdel %s", groupname)
 
     def verify_pool_acl_prim_sec_groups(self, pool_acl_list, acl_file):
@@ -421,10 +421,10 @@ def verify_pool_acl_prim_sec_groups(self, pool_acl_list, acl_file):
             "sg_read_write", "/run/pool_acl/primary_secondary_group_test/*")
         l_group = grp.getgrgid(os.getegid())[0]
         for group in sec_group:
-            if not groupadd(self.log, self.hostlist_clients, group, sudo=True).passed:
+            if not groupadd(self.log, self.hostlist_clients, group).passed:
                 self.fail(f"Failed to groupadd {group}")
         self.log.info("  (8-1)verify_pool_acl_prim_sec_groups, cmd=usermod")
-        if not usermod(self.log, self.hostlist_clients, l_group, sec_group, sudo=True).passed:
+        if not usermod(self.log, self.hostlist_clients, l_group, sec_group).passed:
             self.fail(f"Failed to usermod {l_group}")
 
         self.log.info(
@@ -470,7 +470,7 @@ def verify_pool_acl_prim_sec_groups(self, pool_acl_list, acl_file):
         self.verify_pool_readwrite(self.pool, "write", expect=exp_write)
 
         for group in sec_group:
-            if not groupdel(self.log, self.hostlist_clients, group, sudo=True).passed:
+            if not groupdel(self.log, self.hostlist_clients, group).passed:
                 self.log.error("Failed to groupdel %s", group)
 
     def pool_acl_verification(self, current_user_acl, read, write,

diff --git a/src/tests/ftest/util/user_utils.py b/src/tests/ftest/util/user_utils.py
@@ -13,7 +13,7 @@
 
 from ClusterShell.NodeSet import NodeSet
 # pylint: disable=import-error,no-name-in-module
-from util.run_utils import run_remote
+from util.run_utils import command_as_user, run_remote
 
 
 def get_primary_group(user=None):
@@ -71,71 +71,69 @@ def get_chown_command(user=None, group=None, options=None, file=None):
     return " ".join(command)
 
 
-def getent(log, hosts, database, key, sudo=False):
+def getent(log, hosts, database, key, run_user=None):
     """Run getent remotely.
 
     Args:
         log (logger): logger for the messages produced by this method
         hosts (NodeSet): hosts on which to run the command
         database (str): the administrative database
         key (str): the key/entry to check for
-        sudo (bool): whether to execute commands with sudo
+        run_user (str, optional): user to run the command as.
+            Default is None, which runs as the current user
 
     Returns:
         CommandResult: groups of command results from the same hosts with the same return status
     """
     command = ' '.join(filter(None, [
-        'sudo -n' if sudo else None,
         'getent',
         database,
         key]))
-    return run_remote(log, hosts, command)
+    return run_remote(log, hosts, command_as_user(command, run_user))
 
 
-def groupadd(log, hosts, group, force=False, sudo=False):
+def groupadd(log, hosts, group, force=False, run_user="root"):
     """Run groupadd remotely.
 
     Args:
         log (logger): logger for the messages produced by this method
         hosts (NodeSet): hosts on which to run the command
         group (str): the group to create
         force (bool, optional): whether to use the force option. Default is False
-        sudo (bool, optional): whether to execute commands with sudo. Default is False
+        run_user (str, optional): user to run the command as. Default is root
 
     Returns:
         CommandResult: groups of command results from the same hosts with the same return status
     """
     command = ' '.join(filter(None, [
-        'sudo -n' if sudo else None,
         'groupadd',
         '-r',
         '-f' if force else None,
         group]))
-    return run_remote(log, hosts, command)
+    return run_remote(log, hosts, command_as_user(command, run_user))
 
 
-def groupdel(log, hosts, group, force=False, sudo=False):
+def groupdel(log, hosts, group, force=False, run_user="root"):
     """Run groupdel remotely.
 
     Args:
         log (logger): logger for the messages produced by this method
         hosts (NodeSet): hosts on which to run the command
         group (str): the group to delete
         force (bool, optional): whether to use the force option. Default is False
-        sudo (bool, optional): whether to execute commands with sudo. Default is False
+        run_user (str, optional): user to run the command as. Default is root
 
     Returns:
         CommandResult: groups of command results from the same hosts with the same return status
     """
     command = ' '.join(filter(None, [
-        'sudo -n' if sudo else None,
         'groupdel',
         '-f' if force else None,
         group]))
-    return run_remote(log, hosts, command)
+    return run_remote(log, hosts, command_as_user(command, run_user))
 
 
-def useradd(log, hosts, user, group=None, parent_dir=None, sudo=False):
+def useradd(log, hosts, user, group=None, parent_dir=None, run_user="root"):
     """Run useradd remotely.
 
     Args:
@@ -144,78 +142,76 @@ def useradd(log, hosts, user, group=None, parent_dir=None, sudo=False):
         user (str): user to create
         group (str, optional): user group. Default is None
         parent_dir (str, optional): parent home directory. Default is None
-        sudo (bool): whether to execute commands with sudo. Default is False
+        run_user (str, optional): user to run the command as. Default is root
 
     Returns:
         CommandResult: groups of command results from the same hosts with the same return status
     """
     command = ' '.join(filter(None, [
-        'sudo -n' if sudo else None,
         'useradd',
         '-m',
         f'-g {group}' if group else None,
         f'-d {os.path.join(parent_dir, user)}' if parent_dir else None,
         user]))
-    return run_remote(log, hosts, command)
+    return run_remote(log, hosts, command_as_user(command, run_user))
 
 
-def userdel(log, hosts, user, sudo=False):
+def userdel(log, hosts, user, run_user="root"):
     """Run userdel remotely.
 
     Args:
         log (logger): logger for the messages produced by this method
         hosts (NodeSet): hosts on which to run the command
         user (str): user to create
-        sudo (bool): whether to execute commands with sudo. Default is False
+        run_user (str, optional): user to run the command as. Default is root
 
     Returns:
         CommandResult: groups of command results from the same hosts with the same return status
     """
     command = ' '.join(filter(None, [
-        'sudo -n' if sudo else None,
         'userdel',
         '-f',
         '-r',
         user]))
-    return run_remote(log, hosts, command)
+    return run_remote(log, hosts, command_as_user(command, run_user))
 
 
-def usermod(log, hosts, login, groups, sudo=False):
+def usermod(log, hosts, login, groups, run_user="root"):
     """Run usermod remotely.
 
     Args:
         log (logger): logger for the messages produced by this method
         hosts (NodeSet): hosts on which to run the command
         login (str): login username
         groups (list): list of new groups
-        sudo (bool): whether to execute commands with sudo. Default is False
+        run_user (str, optional): user to run the command as. Default is root
 
     Returns:
         CommandResult: groups of command results from the same hosts with the same return status
     """
     command = ' '.join(filter(None, [
-        'sudo -n' if sudo else None,
         'usermod',
         f'-G {",".join(groups)}',
         login]))
-    return run_remote(log, hosts, command)
+    return run_remote(log, hosts, command_as_user(command, run_user))
 
 
-def get_group_id(log, hosts, group, sudo=False):
+def get_group_id(log, hosts, group, run_user=None):
     """Get a group's id on remote nodes.
 
     Args:
         log (logger): logger for the messages produced by this method
         hosts (NodeSet): hosts on which to run the command
         group (str): group to get id of
-        sudo (bool): whether to execute commands with sudo. Default is False
+        run_user (str, optional): user to run the command as.
+            Default is None, which runs as the current user
 
     Returns:
         dict: gid:NodeSet mapping for each gid, where gid is None if non-existent
 
     """
     gids = defaultdict(NodeSet)
-    result = getent(log, hosts, 'group', group, sudo)
+    result = getent(log, hosts, 'group', group, run_user)
     for data in result.output:
         if data.returncode == 0:
             gid = re.findall(r'.*:.*:(.*):.*', '\n'.join(data.stdout))[0]