nss: add tests for DisablePasswd/EnablePasswd API methods

shiv-tyagi · shiv-tyagi · commit 698b2e0d8e5d · 2025-02-26T10:47:58.000+05:30
diff --git a/internal/services/nss/nss_test.go b/internal/services/nss/nss_test.go
@@ -256,6 +256,68 @@ func TestGetShadowEntries(t *testing.T) {
 	}
 }
 
+func TestDisablePasswd(t *testing.T) {
+	tests := map[string]struct {
+		sourceDB string
+
+		username           string
+		currentUserNotRoot bool
+
+		wantErr bool
+	}{
+		"Successfully_disable_user": {username: "user1"},
+
+		"Error_when_username_is_empty":   {wantErr: true},
+		"Error_when_user_does_not_exist": {username: "doesnotexist", wantErr: true},
+		"Error_when_not_root":            {username: "notroot", currentUserNotRoot: true, wantErr: true},
+	}
+	for name, tc := range tests {
+		t.Run(name, func(t *testing.T) {
+			client := newNSSClient(t, tc.sourceDB, tc.currentUserNotRoot)
+
+			_, err := client.DisablePasswd(context.Background(), &authd.DisablePasswdRequest{Name: tc.username})
+			if tc.wantErr {
+				require.Error(t, err, "DisablePasswd should return an error, but did not")
+				return
+			}
+			require.NoError(t, err, "DisablePasswd should not return an error, but did")
+		})
+	}
+}
+
+func TestEnablePasswd(t *testing.T) {
+	tests := map[string]struct {
+		sourceDB string
+
+		username           string
+		currentUserNotRoot bool
+
+		wantErr bool
+	}{
+		"Successfully_enable_user": {username: "user1"},
+
+		"Error_when_username_is_empty":   {wantErr: true},
+		"Error_when_user_does_not_exist": {username: "doesnotexist", wantErr: true},
+		"Error_when_not_root":            {username: "notroot", currentUserNotRoot: true, wantErr: true},
+	}
+	for name, tc := range tests {
+		t.Run(name, func(t *testing.T) {
+			if tc.sourceDB == "" {
+				tc.sourceDB = "disabled-user.db.yaml"
+			}
+
+			client := newNSSClient(t, tc.sourceDB, tc.currentUserNotRoot)
+
+			_, err := client.EnablePasswd(context.Background(), &authd.EnablePasswdRequest{Name: tc.username})
+			if tc.wantErr {
+				require.Error(t, err, "EnablePasswd should return an error, but did not")
+				return
+			}
+			require.NoError(t, err, "EnablePasswd should not return an error, but did")
+		})
+	}
+}
+
 func TestMockgpasswd(t *testing.T) {
 	localgroupstestutils.Mockgpasswd(t)
 }
diff --git a/internal/services/nss/testdata/disabled-user.db.yaml b/internal/services/nss/testdata/disabled-user.db.yaml
@@ -0,0 +1,49 @@
+users:
+    - name: user1
+      uid: 1111
+      gid: 11111
+      gecos: |-
+        User1 gecos
+        On multiple lines
+      dir: /home/user1
+      shell: /bin/bash
+      broker_id: broker-id
+      disabled: true
+    - name: user2
+      uid: 2222
+      gid: 22222
+      gecos: User2
+      dir: /home/user2
+      shell: /bin/dash
+      broker_id: broker-id
+    - name: user3
+      uid: 3333
+      gid: 33333
+      gecos: User3
+      dir: /home/user3
+      shell: /bin/zsh
+      broker_id: broker-id
+groups:
+    - name: group1
+      gid: 11111
+      ugid: group1
+    - name: group2
+      gid: 22222
+      ugid: group2
+    - name: group3
+      gid: 33333
+      ugid: group3
+    - name: commongroup
+      gid: 99999
+      ugid: commongroup
+users_to_groups:
+    - uid: 1111
+      gid: 11111
+    - uid: 2222
+      gid: 22222
+    - uid: 2222
+      gid: 99999
+    - uid: 3333
+      gid: 33333
+    - uid: 3333
+      gid: 99999
