1 files changed, 59 insertions, 0 deletions

diff --git a/roles/unix_users/subplot.py b/roles/unix_users/subplot.py
new file mode 100644
index 0000000..05330fd
--- /dev/null
+++ b/roles/unix_users/subplot.py
@@ -0,0 +1,59 @@
+import logging
+
+
+def host_does_not_have_user(ctx, username=None):
+    assert_ne = globals()["assert_ne"]
+    qemu = ctx["qemu"]
+    output, exit = qemu.ssh(["getent", "passwd", username])
+    assert_ne(exit, 0)
+
+
+def host_has_user(ctx, username=None):
+    assert_eq = globals()["assert_eq"]
+    qemu = ctx["qemu"]
+    output, exit = qemu.ssh(["getent", "passwd", username])
+    assert_eq(exit, 0)
+    output = output.decode("UTF8")
+    assert f"{username}:" in output
+
+
+def host_user_has_shell(ctx, username=None, shell=None):
+    assert_eq = globals()["assert_eq"]
+    qemu = ctx["qemu"]
+    output, exit = qemu.ssh(["getent", "passwd", username])
+    assert_eq(exit, 0)
+    for line in output.decode("UTF8").splitlines():
+        if line.startswith(f"{username}:"):
+            logging.debug(f"host_user_has_shell: line={line!r}")
+            assert line.endswith(f":{shell}")
+
+
+def host_user_has_password(ctx, username=None, password=None):
+    assert_eq = globals()["assert_eq"]
+    qemu = ctx["qemu"]
+    output, exit = qemu.ssh(["sudo", "grep", f"^{username}:", "/etc/shadow"])
+    assert_eq(exit, 0)
+    for line in output.decode("UTF8").splitlines():
+        if line.startswith(f"{username}:"):
+            parts = line.split(":")
+            assert_eq(parts[1], password)
+
+
+def host_user_has_authorized_keys_containing(ctx, username=None, substring=None):
+    assert_eq = globals()["assert_eq"]
+    qemu = ctx["qemu"]
+    output, exit = qemu.ssh(["sudo", "cat", f"/home/{username}/.ssh/authorized_keys"])
+    assert_eq(exit, 0)
+    output = output.decode("UTF8")
+    assert substring in output
+
+
+def host_user_is_in_group(ctx, username=None, group=None):
+    assert_eq = globals()["assert_eq"]
+    qemu = ctx["qemu"]
+    output, exit = qemu.ssh(["sudo", "-u", username, "groups"])
+    assert_eq(exit, 0)
+    output = output.decode("UTF8")
+    groups = output.split()
+    logging.debug(f"host_user_is_in_group: groups={groups}")
+    assert group in groups