From 93731d4ad939156665887e430086f6853653bc41 Mon Sep 17 00:00:00 2001
From: Aliaksei Urbanski <aliaksei.urbanski@gmail.com>
Date: Tue, 7 Nov 2023 03:55:56 +0300
Subject: Add basic rendering tests with tox

Signed-off-by: Aliaksei Urbanski <aliaksei.urbanski@gmail.com>
Signed-off-by: Sam James <sam@gentoo.org>
---
 .gitignore                                 |  1 +
 tests/rendered/custom/login                |  5 +++++
 tests/rendered/custom/other                |  4 ++++
 tests/rendered/custom/passwd               |  4 ++++
 tests/rendered/custom/su                   |  8 ++++++++
 tests/rendered/custom/system-auth          | 11 +++++++++++
 tests/rendered/custom/system-local-login   |  4 ++++
 tests/rendered/custom/system-login         | 15 +++++++++++++++
 tests/rendered/custom/system-remote-login  |  4 ++++
 tests/rendered/custom/system-services      |  6 ++++++
 tests/rendered/default/login               |  5 +++++
 tests/rendered/default/other               |  4 ++++
 tests/rendered/default/passwd              |  4 ++++
 tests/rendered/default/su                  |  8 ++++++++
 tests/rendered/default/system-auth         | 10 ++++++++++
 tests/rendered/default/system-local-login  |  4 ++++
 tests/rendered/default/system-login        | 14 ++++++++++++++
 tests/rendered/default/system-remote-login |  4 ++++
 tests/rendered/default/system-services     |  6 ++++++
 tests/rendered/minimal/login               |  5 +++++
 tests/rendered/minimal/other               |  4 ++++
 tests/rendered/minimal/passwd              |  4 ++++
 tests/rendered/minimal/su                  |  8 ++++++++
 tests/rendered/minimal/system-auth         | 10 ++++++++++
 tests/rendered/minimal/system-local-login  |  4 ++++
 tests/rendered/minimal/system-login        | 11 +++++++++++
 tests/rendered/minimal/system-remote-login |  4 ++++
 tests/rendered/minimal/system-services     |  6 ++++++
 tox.ini                                    | 18 ++++++++++++++++++
 29 files changed, 195 insertions(+)
 create mode 100644 tests/rendered/custom/login
 create mode 100644 tests/rendered/custom/other
 create mode 100644 tests/rendered/custom/passwd
 create mode 100644 tests/rendered/custom/su
 create mode 100644 tests/rendered/custom/system-auth
 create mode 100644 tests/rendered/custom/system-local-login
 create mode 100644 tests/rendered/custom/system-login
 create mode 100644 tests/rendered/custom/system-remote-login
 create mode 100644 tests/rendered/custom/system-services
 create mode 100644 tests/rendered/default/login
 create mode 100644 tests/rendered/default/other
 create mode 100644 tests/rendered/default/passwd
 create mode 100644 tests/rendered/default/su
 create mode 100644 tests/rendered/default/system-auth
 create mode 100644 tests/rendered/default/system-local-login
 create mode 100644 tests/rendered/default/system-login
 create mode 100644 tests/rendered/default/system-remote-login
 create mode 100644 tests/rendered/default/system-services
 create mode 100644 tests/rendered/minimal/login
 create mode 100644 tests/rendered/minimal/other
 create mode 100644 tests/rendered/minimal/passwd
 create mode 100644 tests/rendered/minimal/su
 create mode 100644 tests/rendered/minimal/system-auth
 create mode 100644 tests/rendered/minimal/system-local-login
 create mode 100644 tests/rendered/minimal/system-login
 create mode 100644 tests/rendered/minimal/system-remote-login
 create mode 100644 tests/rendered/minimal/system-services
 create mode 100644 tox.ini

diff --git a/.gitignore b/.gitignore
index 844c82f..73c8fab 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 stack/
 .idea/
+.tox/
diff --git a/tests/rendered/custom/login b/tests/rendered/custom/login
new file mode 100644
index 0000000..e5a66f2
--- /dev/null
+++ b/tests/rendered/custom/login
@@ -0,0 +1,5 @@
+auth		include		system-local-login
+account		include		system-local-login
+password	include		system-local-login
+session		optional	pam_lastlog.so
+session		include		system-local-login
diff --git a/tests/rendered/custom/other b/tests/rendered/custom/other
new file mode 100644
index 0000000..9544f8e
--- /dev/null
+++ b/tests/rendered/custom/other
@@ -0,0 +1,4 @@
+auth		required	pam_deny.so
+account		required	pam_deny.so
+password		required	pam_deny.so
+session		required	pam_deny.so
diff --git a/tests/rendered/custom/passwd b/tests/rendered/custom/passwd
new file mode 100644
index 0000000..0bde2a3
--- /dev/null
+++ b/tests/rendered/custom/passwd
@@ -0,0 +1,4 @@
+auth		sufficient	pam_rootok.so
+auth		include		system-auth
+account		include		system-auth
+password	include		system-auth
diff --git a/tests/rendered/custom/su b/tests/rendered/custom/su
new file mode 100644
index 0000000..a36b633
--- /dev/null
+++ b/tests/rendered/custom/su
@@ -0,0 +1,8 @@
+auth		sufficient	pam_rootok.so
+auth		required	pam_wheel.so use_uid
+auth		include		system-auth
+account		include		system-auth
+password	include		system-auth
+session		include		system-auth
+session		required	pam_env.so
+session		optional	pam_xauth.so
diff --git a/tests/rendered/custom/system-auth b/tests/rendered/custom/system-auth
new file mode 100644
index 0000000..a84a45a
--- /dev/null
+++ b/tests/rendered/custom/system-auth
@@ -0,0 +1,11 @@
+auth		required	pam_env.so
+auth		requisite	pam_faillock.so preauth
+auth            [success=1 default=ignore]      pam_unix.so nullok  try_first_pass
+auth		[default=die]	pam_faillock.so authfail
+account		required	pam_unix.so
+account         required        pam_faillock.so
+password	required	pam_passwdqc.so config=/etc/security/passwdqc.conf
+password	required	pam_unix.so try_first_pass use_authtok nullok sha512 shadow
+session		required	pam_limits.so
+session		required	pam_env.so
+session		required	pam_unix.so
diff --git a/tests/rendered/custom/system-local-login b/tests/rendered/custom/system-local-login
new file mode 100644
index 0000000..2f415ed
--- /dev/null
+++ b/tests/rendered/custom/system-local-login
@@ -0,0 +1,4 @@
+auth		include		system-login
+account		include		system-login
+password	include		system-login
+session		include		system-login
diff --git a/tests/rendered/custom/system-login b/tests/rendered/custom/system-login
new file mode 100644
index 0000000..161a600
--- /dev/null
+++ b/tests/rendered/custom/system-login
@@ -0,0 +1,15 @@
+auth		required	pam_shells.so
+auth		required	pam_nologin.so
+auth		include		system-auth
+account		required	pam_access.so
+account		required	pam_nologin.so
+account		required	pam_time.so
+account		include		system-auth
+password	include		system-auth
+session		optional	pam_loginuid.so
+session		required	pam_env.so envfile=/etc/profile.env
+session		optional	pam_lastlog.so silent
+session		include		system-auth
+session		optional	pam_motd.so motd=/etc/motd
+session		optional	pam_mail.so
+-session	optional	pam_elogind.so
diff --git a/tests/rendered/custom/system-remote-login b/tests/rendered/custom/system-remote-login
new file mode 100644
index 0000000..2f415ed
--- /dev/null
+++ b/tests/rendered/custom/system-remote-login
@@ -0,0 +1,4 @@
+auth		include		system-login
+account		include		system-login
+password	include		system-login
+session		include		system-login
diff --git a/tests/rendered/custom/system-services b/tests/rendered/custom/system-services
new file mode 100644
index 0000000..857363a
--- /dev/null
+++ b/tests/rendered/custom/system-services
@@ -0,0 +1,6 @@
+auth		sufficient	pam_permit.so
+account		include		system-auth
+session         optional        pam_loginuid.so
+session		required	pam_limits.so
+session		required	pam_env.so
+session		required	pam_unix.so
diff --git a/tests/rendered/default/login b/tests/rendered/default/login
new file mode 100644
index 0000000..e5a66f2
--- /dev/null
+++ b/tests/rendered/default/login
@@ -0,0 +1,5 @@
+auth		include		system-local-login
+account		include		system-local-login
+password	include		system-local-login
+session		optional	pam_lastlog.so
+session		include		system-local-login
diff --git a/tests/rendered/default/other b/tests/rendered/default/other
new file mode 100644
index 0000000..9544f8e
--- /dev/null
+++ b/tests/rendered/default/other
@@ -0,0 +1,4 @@
+auth		required	pam_deny.so
+account		required	pam_deny.so
+password		required	pam_deny.so
+session		required	pam_deny.so
diff --git a/tests/rendered/default/passwd b/tests/rendered/default/passwd
new file mode 100644
index 0000000..0bde2a3
--- /dev/null
+++ b/tests/rendered/default/passwd
@@ -0,0 +1,4 @@
+auth		sufficient	pam_rootok.so
+auth		include		system-auth
+account		include		system-auth
+password	include		system-auth
diff --git a/tests/rendered/default/su b/tests/rendered/default/su
new file mode 100644
index 0000000..a36b633
--- /dev/null
+++ b/tests/rendered/default/su
@@ -0,0 +1,8 @@
+auth		sufficient	pam_rootok.so
+auth		required	pam_wheel.so use_uid
+auth		include		system-auth
+account		include		system-auth
+password	include		system-auth
+session		include		system-auth
+session		required	pam_env.so
+session		optional	pam_xauth.so
diff --git a/tests/rendered/default/system-auth b/tests/rendered/default/system-auth
new file mode 100644
index 0000000..d84e030
--- /dev/null
+++ b/tests/rendered/default/system-auth
@@ -0,0 +1,10 @@
+auth		required	pam_env.so
+auth		requisite	pam_faillock.so preauth
+auth            [success=1 default=ignore]      pam_unix.so   try_first_pass
+auth		[default=die]	pam_faillock.so authfail
+account		required	pam_unix.so
+account         required        pam_faillock.so
+password        required        pam_unix.so try_first_pass  md5 shadow
+session		required	pam_limits.so
+session		required	pam_env.so
+session		required	pam_unix.so
diff --git a/tests/rendered/default/system-local-login b/tests/rendered/default/system-local-login
new file mode 100644
index 0000000..2f415ed
--- /dev/null
+++ b/tests/rendered/default/system-local-login
@@ -0,0 +1,4 @@
+auth		include		system-login
+account		include		system-login
+password	include		system-login
+session		include		system-login
diff --git a/tests/rendered/default/system-login b/tests/rendered/default/system-login
new file mode 100644
index 0000000..ae763fc
--- /dev/null
+++ b/tests/rendered/default/system-login
@@ -0,0 +1,14 @@
+auth		required	pam_shells.so
+auth		required	pam_nologin.so
+auth		include		system-auth
+account		required	pam_access.so
+account		required	pam_nologin.so
+account		required	pam_time.so
+account		include		system-auth
+password	include		system-auth
+session		optional	pam_loginuid.so
+session		required	pam_env.so envfile=/etc/profile.env
+session		optional	pam_lastlog.so silent
+session		include		system-auth
+session		optional	pam_motd.so motd=/etc/motd
+session		optional	pam_mail.so
diff --git a/tests/rendered/default/system-remote-login b/tests/rendered/default/system-remote-login
new file mode 100644
index 0000000..2f415ed
--- /dev/null
+++ b/tests/rendered/default/system-remote-login
@@ -0,0 +1,4 @@
+auth		include		system-login
+account		include		system-login
+password	include		system-login
+session		include		system-login
diff --git a/tests/rendered/default/system-services b/tests/rendered/default/system-services
new file mode 100644
index 0000000..857363a
--- /dev/null
+++ b/tests/rendered/default/system-services
@@ -0,0 +1,6 @@
+auth		sufficient	pam_permit.so
+account		include		system-auth
+session         optional        pam_loginuid.so
+session		required	pam_limits.so
+session		required	pam_env.so
+session		required	pam_unix.so
diff --git a/tests/rendered/minimal/login b/tests/rendered/minimal/login
new file mode 100644
index 0000000..e5a66f2
--- /dev/null
+++ b/tests/rendered/minimal/login
@@ -0,0 +1,5 @@
+auth		include		system-local-login
+account		include		system-local-login
+password	include		system-local-login
+session		optional	pam_lastlog.so
+session		include		system-local-login
diff --git a/tests/rendered/minimal/other b/tests/rendered/minimal/other
new file mode 100644
index 0000000..9544f8e
--- /dev/null
+++ b/tests/rendered/minimal/other
@@ -0,0 +1,4 @@
+auth		required	pam_deny.so
+account		required	pam_deny.so
+password		required	pam_deny.so
+session		required	pam_deny.so
diff --git a/tests/rendered/minimal/passwd b/tests/rendered/minimal/passwd
new file mode 100644
index 0000000..0bde2a3
--- /dev/null
+++ b/tests/rendered/minimal/passwd
@@ -0,0 +1,4 @@
+auth		sufficient	pam_rootok.so
+auth		include		system-auth
+account		include		system-auth
+password	include		system-auth
diff --git a/tests/rendered/minimal/su b/tests/rendered/minimal/su
new file mode 100644
index 0000000..a36b633
--- /dev/null
+++ b/tests/rendered/minimal/su
@@ -0,0 +1,8 @@
+auth		sufficient	pam_rootok.so
+auth		required	pam_wheel.so use_uid
+auth		include		system-auth
+account		include		system-auth
+password	include		system-auth
+session		include		system-auth
+session		required	pam_env.so
+session		optional	pam_xauth.so
diff --git a/tests/rendered/minimal/system-auth b/tests/rendered/minimal/system-auth
new file mode 100644
index 0000000..d84e030
--- /dev/null
+++ b/tests/rendered/minimal/system-auth
@@ -0,0 +1,10 @@
+auth		required	pam_env.so
+auth		requisite	pam_faillock.so preauth
+auth            [success=1 default=ignore]      pam_unix.so   try_first_pass
+auth		[default=die]	pam_faillock.so authfail
+account		required	pam_unix.so
+account         required        pam_faillock.so
+password        required        pam_unix.so try_first_pass  md5 shadow
+session		required	pam_limits.so
+session		required	pam_env.so
+session		required	pam_unix.so
diff --git a/tests/rendered/minimal/system-local-login b/tests/rendered/minimal/system-local-login
new file mode 100644
index 0000000..2f415ed
--- /dev/null
+++ b/tests/rendered/minimal/system-local-login
@@ -0,0 +1,4 @@
+auth		include		system-login
+account		include		system-login
+password	include		system-login
+session		include		system-login
diff --git a/tests/rendered/minimal/system-login b/tests/rendered/minimal/system-login
new file mode 100644
index 0000000..cb63f65
--- /dev/null
+++ b/tests/rendered/minimal/system-login
@@ -0,0 +1,11 @@
+auth		required	pam_shells.so
+auth		required	pam_nologin.so
+auth		include		system-auth
+account		required	pam_access.so
+account		required	pam_nologin.so
+account		required	pam_time.so
+account		include		system-auth
+password	include		system-auth
+session		optional	pam_loginuid.so
+session		required	pam_env.so envfile=/etc/profile.env
+session		include		system-auth
diff --git a/tests/rendered/minimal/system-remote-login b/tests/rendered/minimal/system-remote-login
new file mode 100644
index 0000000..2f415ed
--- /dev/null
+++ b/tests/rendered/minimal/system-remote-login
@@ -0,0 +1,4 @@
+auth		include		system-login
+account		include		system-login
+password	include		system-login
+session		include		system-login
diff --git a/tests/rendered/minimal/system-services b/tests/rendered/minimal/system-services
new file mode 100644
index 0000000..857363a
--- /dev/null
+++ b/tests/rendered/minimal/system-services
@@ -0,0 +1,6 @@
+auth		sufficient	pam_permit.so
+account		include		system-auth
+session         optional        pam_loginuid.so
+session		required	pam_limits.so
+session		required	pam_env.so
+session		required	pam_unix.so
diff --git a/tox.ini b/tox.ini
new file mode 100644
index 0000000..818a012
--- /dev/null
+++ b/tox.ini
@@ -0,0 +1,18 @@
+[tox]
+min_version = 4.0
+skipsdist = true
+env_list = py3{10,11,12}-{default,minimal,custom}
+
+[testenv]
+description = check template rendering stability
+deps =
+    jinja2
+allowlist_externals = /usr/bin/diff
+commands =
+    python --version
+    default: python pambase.py
+    default: diff -Nru tests/rendered/default stack
+    minimal: python pambase.py --minimal
+    minimal: diff -Nru tests/rendered/minimal stack
+    custom: python pambase.py --elogind --nullok --passwdqc --sha512
+    custom: diff -Nru tests/rendered/custom stack
-- 
cgit v1.2.3-65-gdbad