diff --git a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/purge_machine_policies/polkit-1/localauthority.conf.d/.empty b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/already_up_to_date/polkit-1/localauthority.conf.d/.empty similarity index 100% rename from cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/purge_machine_policies/polkit-1/localauthority.conf.d/.empty rename to cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/already_up_to_date/polkit-1/localauthority.conf.d/.empty diff --git a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/already_up_to_date/polkit-1/rules.d/00-adsys-privilege-enforcement.rules b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/already_up_to_date/polkit-1/rules.d/00-adsys-privilege-enforcement.rules new file mode 100644 index 000000000..2a21705f1 --- /dev/null +++ b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/already_up_to_date/polkit-1/rules.d/00-adsys-privilege-enforcement.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject){ + return ["unix-user:bob@example.com","unix-group:mygroup@example2.com"]; +}); diff --git a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/purge_policies_for_all_cached_objects/polkit-1/localauthority.conf.d/.empty b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/does_not_error_when_certmonger_or_cepces_is_not_available/polkit-1/localauthority.conf.d/.empty similarity index 100% rename from cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/purge_policies_for_all_cached_objects/polkit-1/localauthority.conf.d/.empty rename to cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/does_not_error_when_certmonger_or_cepces_is_not_available/polkit-1/localauthority.conf.d/.empty diff --git a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/does_not_error_when_certmonger_or_cepces_is_not_available/polkit-1/rules.d/00-adsys-privilege-enforcement.rules b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/does_not_error_when_certmonger_or_cepces_is_not_available/polkit-1/rules.d/00-adsys-privilege-enforcement.rules new file mode 100644 index 000000000..2a21705f1 --- /dev/null +++ b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/does_not_error_when_certmonger_or_cepces_is_not_available/polkit-1/rules.d/00-adsys-privilege-enforcement.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject){ + return ["unix-user:bob@example.com","unix-group:mygroup@example2.com"]; +}); diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/no_rules_still_overwrite_those_files/polkit-1/localauthority.conf.d/.empty b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/does_not_error_when_d-bus_proxy_object_is_not_available/polkit-1/localauthority.conf.d/.empty similarity index 100% rename from internal/policies/privilege/testdata/TestApplyPolicy/golden/no_rules_still_overwrite_those_files/polkit-1/localauthority.conf.d/.empty rename to cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/does_not_error_when_d-bus_proxy_object_is_not_available/polkit-1/localauthority.conf.d/.empty diff --git a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/does_not_error_when_d-bus_proxy_object_is_not_available/polkit-1/rules.d/00-adsys-privilege-enforcement.rules b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/does_not_error_when_d-bus_proxy_object_is_not_available/polkit-1/rules.d/00-adsys-privilege-enforcement.rules new file mode 100644 index 000000000..2a21705f1 --- /dev/null +++ b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/does_not_error_when_d-bus_proxy_object_is_not_available/polkit-1/rules.d/00-adsys-privilege-enforcement.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject){ + return ["unix-user:bob@example.com","unix-group:mygroup@example2.com"]; +}); diff --git a/internal/policies/testdata/TestApplyPolicies/golden/second_call_with_no_rules_deletes_everything/etc/polkit-1/localauthority.conf.d/.empty b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/host_is_offline,_get_machine_from_cache_(no_update)/polkit-1/localauthority.conf.d/.empty similarity index 100% rename from internal/policies/testdata/TestApplyPolicies/golden/second_call_with_no_rules_deletes_everything/etc/polkit-1/localauthority.conf.d/.empty rename to cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/host_is_offline,_get_machine_from_cache_(no_update)/polkit-1/localauthority.conf.d/.empty diff --git a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/host_is_offline,_get_machine_from_cache_(no_update)/polkit-1/rules.d/00-adsys-privilege-enforcement.rules b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/host_is_offline,_get_machine_from_cache_(no_update)/polkit-1/rules.d/00-adsys-privilege-enforcement.rules new file mode 100644 index 000000000..cd34bc975 --- /dev/null +++ b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/host_is_offline,_get_machine_from_cache_(no_update)/polkit-1/rules.d/00-adsys-privilege-enforcement.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject){ + return ["unix-group:sudo","unix-group:admin","unix-user:carole cosmic@example.com"]; +}); diff --git a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/host_is_offline,_mach_gpos_cache_is_cleared,_with_policies_cache/polkit-1/rules.d/00-adsys-privilege-enforcement.rules b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/host_is_offline,_mach_gpos_cache_is_cleared,_with_policies_cache/polkit-1/rules.d/00-adsys-privilege-enforcement.rules new file mode 100644 index 000000000..cd34bc975 --- /dev/null +++ b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/host_is_offline,_mach_gpos_cache_is_cleared,_with_policies_cache/polkit-1/rules.d/00-adsys-privilege-enforcement.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject){ + return ["unix-group:sudo","unix-group:admin","unix-user:carole cosmic@example.com"]; +}); diff --git a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/host_is_offline,_regenerate_machine_from_old_data/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/host_is_offline,_regenerate_machine_from_old_data/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf deleted file mode 100644 index 4c88e198f..000000000 --- a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/host_is_offline,_regenerate_machine_from_old_data/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This file is managed by adsys. -# Do not edit this file manually. -# Any changes will be overwritten. - -[Configuration] -AdminIdentities=unix-user:carole cosmic@example.com diff --git a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/host_is_offline,_regenerate_machine_from_old_data/polkit-1/rules.d/00-adsys-privilege-enforcement.rules b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/host_is_offline,_regenerate_machine_from_old_data/polkit-1/rules.d/00-adsys-privilege-enforcement.rules new file mode 100644 index 000000000..cd34bc975 --- /dev/null +++ b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/host_is_offline,_regenerate_machine_from_old_data/polkit-1/rules.d/00-adsys-privilege-enforcement.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject){ + return ["unix-group:sudo","unix-group:admin","unix-user:carole cosmic@example.com"]; +}); diff --git a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/machine,_first_time/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/machine,_first_time/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf deleted file mode 100644 index 7b2facd62..000000000 --- a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/machine,_first_time/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This file is managed by adsys. -# Do not edit this file manually. -# Any changes will be overwritten. - -[Configuration] -AdminIdentities=unix-user:bob@example.com;unix-group:mygroup@example2.com diff --git a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/machine,_first_time/polkit-1/rules.d/00-adsys-privilege-enforcement.rules b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/machine,_first_time/polkit-1/rules.d/00-adsys-privilege-enforcement.rules new file mode 100644 index 000000000..2a21705f1 --- /dev/null +++ b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/machine,_first_time/polkit-1/rules.d/00-adsys-privilege-enforcement.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject){ + return ["unix-user:bob@example.com","unix-group:mygroup@example2.com"]; +}); diff --git a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/machine,_first_time_with_winbind_backend/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/machine,_first_time_with_winbind_backend/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf deleted file mode 100644 index 7b2facd62..000000000 --- a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/machine,_first_time_with_winbind_backend/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This file is managed by adsys. -# Do not edit this file manually. -# Any changes will be overwritten. - -[Configuration] -AdminIdentities=unix-user:bob@example.com;unix-group:mygroup@example2.com diff --git a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/machine,_first_time_with_winbind_backend/polkit-1/rules.d/00-adsys-privilege-enforcement.rules b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/machine,_first_time_with_winbind_backend/polkit-1/rules.d/00-adsys-privilege-enforcement.rules new file mode 100644 index 000000000..2a21705f1 --- /dev/null +++ b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/machine,_first_time_with_winbind_backend/polkit-1/rules.d/00-adsys-privilege-enforcement.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject){ + return ["unix-user:bob@example.com","unix-group:mygroup@example2.com"]; +}); diff --git "a/internal/policies/testdata/TestApplyPolicies/golden/second_call_with_no_rules_don't_remove_scripts_if_session_hasn\342\200\231t_ended/etc/polkit-1/localauthority.conf.d/.empty" b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/machine,_update_old_data/polkit-1/localauthority.conf.d/.empty similarity index 100% rename from "internal/policies/testdata/TestApplyPolicies/golden/second_call_with_no_rules_don't_remove_scripts_if_session_hasn\342\200\231t_ended/etc/polkit-1/localauthority.conf.d/.empty" rename to cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/machine,_update_old_data/polkit-1/localauthority.conf.d/.empty diff --git a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/machine,_update_old_data/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/machine,_update_old_data/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf deleted file mode 100644 index 7b2facd62..000000000 --- a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/machine,_update_old_data/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This file is managed by adsys. -# Do not edit this file manually. -# Any changes will be overwritten. - -[Configuration] -AdminIdentities=unix-user:bob@example.com;unix-group:mygroup@example2.com diff --git a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/machine,_update_old_data/polkit-1/rules.d/00-adsys-privilege-enforcement.rules b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/machine,_update_old_data/polkit-1/rules.d/00-adsys-privilege-enforcement.rules new file mode 100644 index 000000000..2a21705f1 --- /dev/null +++ b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/machine,_update_old_data/polkit-1/rules.d/00-adsys-privilege-enforcement.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject){ + return ["unix-user:bob@example.com","unix-group:mygroup@example2.com"]; +}); diff --git a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/already_up_to_date/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/purge_machine_policies/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf similarity index 74% rename from cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/already_up_to_date/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf rename to cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/purge_machine_policies/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf index 7b2facd62..8569c5f32 100644 --- a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/already_up_to_date/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf +++ b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/purge_machine_policies/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf @@ -2,5 +2,9 @@ # Do not edit this file manually. # Any changes will be overwritten. +[Configuration] +AdminIdentities=unix-group:sudo;unix-group:admin + [Configuration] AdminIdentities=unix-user:bob@example.com;unix-group:mygroup@example2.com + diff --git a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/host_is_offline,_mach_gpos_cache_is_cleared,_with_policies_cache/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/purge_policies_for_all_cached_objects/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf similarity index 99% rename from cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/host_is_offline,_mach_gpos_cache_is_cleared,_with_policies_cache/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf rename to cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/purge_policies_for_all_cached_objects/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf index 4c88e198f..16623a2ff 100644 --- a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/host_is_offline,_mach_gpos_cache_is_cleared,_with_policies_cache/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf +++ b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/purge_policies_for_all_cached_objects/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf @@ -4,3 +4,4 @@ [Configuration] AdminIdentities=unix-user:carole cosmic@example.com + diff --git "a/internal/policies/testdata/TestApplyPolicies/golden/second_call_with_no_subscription_don't_remove_scripts_if_session_hasn\342\200\231t_ended/etc/polkit-1/localauthority.conf.d/.empty" b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/refresh_all_connected/polkit-1/localauthority.conf.d/.empty similarity index 100% rename from "internal/policies/testdata/TestApplyPolicies/golden/second_call_with_no_subscription_don't_remove_scripts_if_session_hasn\342\200\231t_ended/etc/polkit-1/localauthority.conf.d/.empty" rename to cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/refresh_all_connected/polkit-1/localauthority.conf.d/.empty diff --git a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/refresh_all_connected/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/refresh_all_connected/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf deleted file mode 100644 index 7b2facd62..000000000 --- a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/refresh_all_connected/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This file is managed by adsys. -# Do not edit this file manually. -# Any changes will be overwritten. - -[Configuration] -AdminIdentities=unix-user:bob@example.com;unix-group:mygroup@example2.com diff --git a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/refresh_all_connected/polkit-1/rules.d/00-adsys-privilege-enforcement.rules b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/refresh_all_connected/polkit-1/rules.d/00-adsys-privilege-enforcement.rules new file mode 100644 index 000000000..2a21705f1 --- /dev/null +++ b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/refresh_all_connected/polkit-1/rules.d/00-adsys-privilege-enforcement.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject){ + return ["unix-user:bob@example.com","unix-group:mygroup@example2.com"]; +}); diff --git a/internal/policies/testdata/TestApplyPolicies/golden/second_call_with_no_subscription_should_remove_everything_but_dconf_content/etc/polkit-1/localauthority.conf.d/.empty b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/refresh_some_connected/polkit-1/localauthority.conf.d/.empty similarity index 100% rename from internal/policies/testdata/TestApplyPolicies/golden/second_call_with_no_subscription_should_remove_everything_but_dconf_content/etc/polkit-1/localauthority.conf.d/.empty rename to cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/refresh_some_connected/polkit-1/localauthority.conf.d/.empty diff --git a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/refresh_some_connected/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/refresh_some_connected/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf deleted file mode 100644 index 7b2facd62..000000000 --- a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/refresh_some_connected/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This file is managed by adsys. -# Do not edit this file manually. -# Any changes will be overwritten. - -[Configuration] -AdminIdentities=unix-user:bob@example.com;unix-group:mygroup@example2.com diff --git a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/refresh_some_connected/polkit-1/rules.d/00-adsys-privilege-enforcement.rules b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/refresh_some_connected/polkit-1/rules.d/00-adsys-privilege-enforcement.rules new file mode 100644 index 000000000..2a21705f1 --- /dev/null +++ b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/refresh_some_connected/polkit-1/rules.d/00-adsys-privilege-enforcement.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject){ + return ["unix-user:bob@example.com","unix-group:mygroup@example2.com"]; +}); diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_no_other_rules_is_a_noop/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/refresh_with_no_user_connected_updates_machines/polkit-1/localauthority.conf.d/.empty similarity index 100% rename from internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_no_other_rules_is_a_noop/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf rename to cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/refresh_with_no_user_connected_updates_machines/polkit-1/localauthority.conf.d/.empty diff --git a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/refresh_with_no_user_connected_updates_machines/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/refresh_with_no_user_connected_updates_machines/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf deleted file mode 100644 index 7b2facd62..000000000 --- a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/refresh_with_no_user_connected_updates_machines/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This file is managed by adsys. -# Do not edit this file manually. -# Any changes will be overwritten. - -[Configuration] -AdminIdentities=unix-user:bob@example.com;unix-group:mygroup@example2.com diff --git a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/refresh_with_no_user_connected_updates_machines/polkit-1/rules.d/00-adsys-privilege-enforcement.rules b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/refresh_with_no_user_connected_updates_machines/polkit-1/rules.d/00-adsys-privilege-enforcement.rules new file mode 100644 index 000000000..2a21705f1 --- /dev/null +++ b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/refresh_with_no_user_connected_updates_machines/polkit-1/rules.d/00-adsys-privilege-enforcement.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject){ + return ["unix-user:bob@example.com","unix-group:mygroup@example2.com"]; +}); diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/empty_client_ad_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/refresh_with_one_dangling_symlink_ignores_the_respective_user/polkit-1/localauthority.conf.d/.empty similarity index 100% rename from internal/policies/privilege/testdata/TestApplyPolicy/golden/empty_client_ad_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf rename to cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/refresh_with_one_dangling_symlink_ignores_the_respective_user/polkit-1/localauthority.conf.d/.empty diff --git a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/refresh_with_one_dangling_symlink_ignores_the_respective_user/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/refresh_with_one_dangling_symlink_ignores_the_respective_user/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf deleted file mode 100644 index 7b2facd62..000000000 --- a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/refresh_with_one_dangling_symlink_ignores_the_respective_user/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This file is managed by adsys. -# Do not edit this file manually. -# Any changes will be overwritten. - -[Configuration] -AdminIdentities=unix-user:bob@example.com;unix-group:mygroup@example2.com diff --git a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/refresh_with_one_dangling_symlink_ignores_the_respective_user/polkit-1/rules.d/00-adsys-privilege-enforcement.rules b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/refresh_with_one_dangling_symlink_ignores_the_respective_user/polkit-1/rules.d/00-adsys-privilege-enforcement.rules new file mode 100644 index 000000000..2a21705f1 --- /dev/null +++ b/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/refresh_with_one_dangling_symlink_ignores_the_respective_user/polkit-1/rules.d/00-adsys-privilege-enforcement.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject){ + return ["unix-user:bob@example.com","unix-group:mygroup@example2.com"]; +}); diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/no_client_ad_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_no_other_rules_is_a_noop/polkit-1/rules.d/00-adsys-privilege-enforcement.rules similarity index 100% rename from internal/policies/privilege/testdata/TestApplyPolicy/golden/no_client_ad_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf rename to internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_no_other_rules_is_a_noop/polkit-1/rules.d/00-adsys-privilege-enforcement.rules diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_(simple)_and_set_client_admins/polkit-1/localauthority.conf.d/50-local-admins.conf b/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_(simple)_and_set_client_admins/polkit-1/localauthority.conf.d/50-local-admins.conf deleted file mode 100644 index 8b08116b6..000000000 --- a/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_(simple)_and_set_client_admins/polkit-1/localauthority.conf.d/50-local-admins.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This file is managed by adsys. -# Do not edit this file manually. -# Any changes will be overwritten. - -[Configuration] -AdminIdentities=unix-user:local50admin1;unix-user:local50admin2 diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_(simple)_and_set_client_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_(simple)_and_set_client_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf deleted file mode 100644 index 23a2d1b11..000000000 --- a/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_(simple)_and_set_client_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This file is managed by adsys. -# Do not edit this file manually. -# Any changes will be overwritten. - -[Configuration] -AdminIdentities=unix-user:local50admin1;unix-user:local50admin2;unix-user:alice@domain.com diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_(simple)_and_set_client_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules b/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_(simple)_and_set_client_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules new file mode 100644 index 000000000..792a943d4 --- /dev/null +++ b/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_(simple)_and_set_client_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject){ + return ["unix-group:sudo","unix-group:admin","unix-user:alice@domain.com"]; +}); diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_(simple)_and_set_client_admins/polkit-1/rules.d/50-local-admins.rules b/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_(simple)_and_set_client_admins/polkit-1/rules.d/50-local-admins.rules new file mode 100644 index 000000000..c0f8907dd --- /dev/null +++ b/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_(simple)_and_set_client_admins/polkit-1/rules.d/50-local-admins.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject) { + return ["unix-user:local50admin1", "unix-user:local50admin2"]; +}); \ No newline at end of file diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_(with_adsys_file)_and_set_client_admins/polkit-1/localauthority.conf.d/40-local-admins.conf b/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_(with_adsys_file)_and_set_client_admins/polkit-1/localauthority.conf.d/40-local-admins.conf deleted file mode 100644 index 1b4411fd8..000000000 --- a/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_(with_adsys_file)_and_set_client_admins/polkit-1/localauthority.conf.d/40-local-admins.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This file is managed by adsys. -# Do not edit this file manually. -# Any changes will be overwritten. - -[Configuration] -AdminIdentities=unix-user:local40admin1;unix-user:local40admin2 diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_(with_adsys_file)_and_set_client_admins/polkit-1/localauthority.conf.d/50-local-admins.conf b/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_(with_adsys_file)_and_set_client_admins/polkit-1/localauthority.conf.d/50-local-admins.conf deleted file mode 100644 index 8b08116b6..000000000 --- a/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_(with_adsys_file)_and_set_client_admins/polkit-1/localauthority.conf.d/50-local-admins.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This file is managed by adsys. -# Do not edit this file manually. -# Any changes will be overwritten. - -[Configuration] -AdminIdentities=unix-user:local50admin1;unix-user:local50admin2 diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_(with_adsys_file)_and_set_client_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_(with_adsys_file)_and_set_client_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf deleted file mode 100644 index 23a2d1b11..000000000 --- a/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_(with_adsys_file)_and_set_client_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This file is managed by adsys. -# Do not edit this file manually. -# Any changes will be overwritten. - -[Configuration] -AdminIdentities=unix-user:local50admin1;unix-user:local50admin2;unix-user:alice@domain.com diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_(with_adsys_file)_and_set_client_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules b/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_(with_adsys_file)_and_set_client_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules new file mode 100644 index 000000000..d71c3e335 --- /dev/null +++ b/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_(with_adsys_file)_and_set_client_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject){ + return ["unix-user:local40admin1","unix-user:local40admin2","unix-user:alice@domain.com"]; +}); diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_(with_adsys_file)_and_set_client_admins/polkit-1/rules.d/40-local-admins.rules b/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_(with_adsys_file)_and_set_client_admins/polkit-1/rules.d/40-local-admins.rules new file mode 100644 index 000000000..383fbb8f1 --- /dev/null +++ b/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_(with_adsys_file)_and_set_client_admins/polkit-1/rules.d/40-local-admins.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject) { + return ["unix-user:local40admin1", "unix-user:local40admin2"]; +}); \ No newline at end of file diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_(with_adsys_file)_and_set_client_admins/polkit-1/rules.d/50-local-admins.rules b/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_(with_adsys_file)_and_set_client_admins/polkit-1/rules.d/50-local-admins.rules new file mode 100644 index 000000000..c0f8907dd --- /dev/null +++ b/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_(with_adsys_file)_and_set_client_admins/polkit-1/rules.d/50-local-admins.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject) { + return ["unix-user:local50admin1", "unix-user:local50admin2"]; +}); \ No newline at end of file diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_and_set_client_admins/polkit-1/localauthority.conf.d/40-local-admins.conf b/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_and_set_client_admins/polkit-1/localauthority.conf.d/40-local-admins.conf deleted file mode 100644 index 1b4411fd8..000000000 --- a/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_and_set_client_admins/polkit-1/localauthority.conf.d/40-local-admins.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This file is managed by adsys. -# Do not edit this file manually. -# Any changes will be overwritten. - -[Configuration] -AdminIdentities=unix-user:local40admin1;unix-user:local40admin2 diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_and_set_client_admins/polkit-1/localauthority.conf.d/50-local-admins.conf b/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_and_set_client_admins/polkit-1/localauthority.conf.d/50-local-admins.conf deleted file mode 100644 index 8b08116b6..000000000 --- a/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_and_set_client_admins/polkit-1/localauthority.conf.d/50-local-admins.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This file is managed by adsys. -# Do not edit this file manually. -# Any changes will be overwritten. - -[Configuration] -AdminIdentities=unix-user:local50admin1;unix-user:local50admin2 diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_and_set_client_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_and_set_client_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf deleted file mode 100644 index 23a2d1b11..000000000 --- a/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_and_set_client_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This file is managed by adsys. -# Do not edit this file manually. -# Any changes will be overwritten. - -[Configuration] -AdminIdentities=unix-user:local50admin1;unix-user:local50admin2;unix-user:alice@domain.com diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_and_set_client_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules b/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_and_set_client_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules new file mode 100644 index 000000000..d71c3e335 --- /dev/null +++ b/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_and_set_client_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject){ + return ["unix-user:local40admin1","unix-user:local40admin2","unix-user:alice@domain.com"]; +}); diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_and_set_client_admins/polkit-1/rules.d/40-local-admins.rules b/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_and_set_client_admins/polkit-1/rules.d/40-local-admins.rules new file mode 100644 index 000000000..383fbb8f1 --- /dev/null +++ b/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_and_set_client_admins/polkit-1/rules.d/40-local-admins.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject) { + return ["unix-user:local40admin1", "unix-user:local40admin2"]; +}); \ No newline at end of file diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_and_set_client_admins/polkit-1/rules.d/50-local-admins.rules b/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_and_set_client_admins/polkit-1/rules.d/50-local-admins.rules new file mode 100644 index 000000000..c0f8907dd --- /dev/null +++ b/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_with_previous_local_admin_conf_and_set_client_admins/polkit-1/rules.d/50-local-admins.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject) { + return ["unix-user:local50admin1", "unix-user:local50admin2"]; +}); \ No newline at end of file diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_without_previous_local_admin_conf_and_set_client_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules b/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_without_previous_local_admin_conf_and_set_client_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules new file mode 100644 index 000000000..792a943d4 --- /dev/null +++ b/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_without_previous_local_admin_conf_and_set_client_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject){ + return ["unix-group:sudo","unix-group:admin","unix-user:alice@domain.com"]; +}); diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/assume_old_polkit_if_cant_read_system_reserved_path/polkit-1/localauthority.conf.d/50-ubuntu-admin.conf b/internal/policies/privilege/testdata/TestApplyPolicy/golden/assume_old_polkit_if_cant_read_system_reserved_path/polkit-1/localauthority.conf.d/50-ubuntu-admin.conf new file mode 100644 index 000000000..6b7177dd4 --- /dev/null +++ b/internal/policies/privilege/testdata/TestApplyPolicy/golden/assume_old_polkit_if_cant_read_system_reserved_path/polkit-1/localauthority.conf.d/50-ubuntu-admin.conf @@ -0,0 +1,2 @@ +[Configuration] +AdminIdentities=unix-group:sudo;unix-group:admin \ No newline at end of file diff --git a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/does_not_error_when_certmonger_or_cepces_is_not_available/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/internal/policies/privilege/testdata/TestApplyPolicy/golden/assume_old_polkit_if_cant_read_system_reserved_path/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf similarity index 61% rename from cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/does_not_error_when_certmonger_or_cepces_is_not_available/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf rename to internal/policies/privilege/testdata/TestApplyPolicy/golden/assume_old_polkit_if_cant_read_system_reserved_path/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf index 7b2facd62..4b2cc78b1 100644 --- a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/does_not_error_when_certmonger_or_cepces_is_not_available/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf +++ b/internal/policies/privilege/testdata/TestApplyPolicy/golden/assume_old_polkit_if_cant_read_system_reserved_path/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf @@ -3,4 +3,4 @@ # Any changes will be overwritten. [Configuration] -AdminIdentities=unix-user:bob@example.com;unix-group:mygroup@example2.com +AdminIdentities=unix-group:sudo;unix-group:admin;unix-user:alice@domain.com diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/disallow_local_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/internal/policies/privilege/testdata/TestApplyPolicy/golden/assume_old_polkit_if_cant_read_system_reserved_path/sudoers.d/99-adsys-privilege-enforcement similarity index 73% rename from internal/policies/privilege/testdata/TestApplyPolicy/golden/disallow_local_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf rename to internal/policies/privilege/testdata/TestApplyPolicy/golden/assume_old_polkit_if_cant_read_system_reserved_path/sudoers.d/99-adsys-privilege-enforcement index 0ee940c01..1b44bcd07 100644 --- a/internal/policies/privilege/testdata/TestApplyPolicy/golden/disallow_local_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf +++ b/internal/policies/privilege/testdata/TestApplyPolicy/golden/assume_old_polkit_if_cant_read_system_reserved_path/sudoers.d/99-adsys-privilege-enforcement @@ -2,5 +2,5 @@ # Do not edit this file manually. # Any changes will be overwritten. -[Configuration] -AdminIdentities= +"alice@domain.com" ALL=(ALL:ALL) ALL + diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/create_on_new_polkit_version_and_remove_old_file/polkit-1/localauthority.conf.d/50-ubuntu-admin.conf b/internal/policies/privilege/testdata/TestApplyPolicy/golden/create_on_new_polkit_version_and_remove_old_file/polkit-1/localauthority.conf.d/50-ubuntu-admin.conf new file mode 100644 index 000000000..6b7177dd4 --- /dev/null +++ b/internal/policies/privilege/testdata/TestApplyPolicy/golden/create_on_new_polkit_version_and_remove_old_file/polkit-1/localauthority.conf.d/50-ubuntu-admin.conf @@ -0,0 +1,2 @@ +[Configuration] +AdminIdentities=unix-group:sudo;unix-group:admin \ No newline at end of file diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/create_on_new_polkit_version_and_remove_old_file/polkit-1/rules.d/00-adsys-privilege-enforcement.rules b/internal/policies/privilege/testdata/TestApplyPolicy/golden/create_on_new_polkit_version_and_remove_old_file/polkit-1/rules.d/00-adsys-privilege-enforcement.rules new file mode 100644 index 000000000..792a943d4 --- /dev/null +++ b/internal/policies/privilege/testdata/TestApplyPolicy/golden/create_on_new_polkit_version_and_remove_old_file/polkit-1/rules.d/00-adsys-privilege-enforcement.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject){ + return ["unix-group:sudo","unix-group:admin","unix-user:alice@domain.com"]; +}); diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/don't_overwrite_other_existing_files/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/internal/policies/privilege/testdata/TestApplyPolicy/golden/create_on_new_polkit_version_and_remove_old_file/sudoers.d/99-adsys-privilege-enforcement similarity index 73% rename from internal/policies/privilege/testdata/TestApplyPolicy/golden/don't_overwrite_other_existing_files/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf rename to internal/policies/privilege/testdata/TestApplyPolicy/golden/create_on_new_polkit_version_and_remove_old_file/sudoers.d/99-adsys-privilege-enforcement index 0ee940c01..1b44bcd07 100644 --- a/internal/policies/privilege/testdata/TestApplyPolicy/golden/don't_overwrite_other_existing_files/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf +++ b/internal/policies/privilege/testdata/TestApplyPolicy/golden/create_on_new_polkit_version_and_remove_old_file/sudoers.d/99-adsys-privilege-enforcement @@ -2,5 +2,5 @@ # Do not edit this file manually. # Any changes will be overwritten. -[Configuration] -AdminIdentities= +"alice@domain.com" ALL=(ALL:ALL) ALL + diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/disallow_local_admins_and_set_client_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/internal/policies/privilege/testdata/TestApplyPolicy/golden/disallow_local_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules similarity index 62% rename from internal/policies/privilege/testdata/TestApplyPolicy/golden/disallow_local_admins_and_set_client_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf rename to internal/policies/privilege/testdata/TestApplyPolicy/golden/disallow_local_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules index cd660dd0b..218ec1458 100644 --- a/internal/policies/privilege/testdata/TestApplyPolicy/golden/disallow_local_admins_and_set_client_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf +++ b/internal/policies/privilege/testdata/TestApplyPolicy/golden/disallow_local_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules @@ -2,5 +2,6 @@ # Do not edit this file manually. # Any changes will be overwritten. -[Configuration] -AdminIdentities=unix-user:alice@domain.com +polkit.addAdminRule(function(action, subject){ + return []; +}); diff --git a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/does_not_error_when_d-bus_proxy_object_is_not_available/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/internal/policies/privilege/testdata/TestApplyPolicy/golden/disallow_local_admins_and_set_client_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules similarity index 53% rename from cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/does_not_error_when_d-bus_proxy_object_is_not_available/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf rename to internal/policies/privilege/testdata/TestApplyPolicy/golden/disallow_local_admins_and_set_client_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules index 7b2facd62..6cfc3f44a 100644 --- a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/does_not_error_when_d-bus_proxy_object_is_not_available/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf +++ b/internal/policies/privilege/testdata/TestApplyPolicy/golden/disallow_local_admins_and_set_client_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules @@ -2,5 +2,6 @@ # Do not edit this file manually. # Any changes will be overwritten. -[Configuration] -AdminIdentities=unix-user:bob@example.com;unix-group:mygroup@example2.com +polkit.addAdminRule(function(action, subject){ + return ["unix-user:alice@domain.com"]; +}); diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/disallow_local_admins_with_previous_local_admin_conf_and_set_client_admins/polkit-1/localauthority.conf.d/40-local-admins.conf b/internal/policies/privilege/testdata/TestApplyPolicy/golden/disallow_local_admins_with_previous_local_admin_conf_and_set_client_admins/polkit-1/localauthority.conf.d/40-local-admins.conf deleted file mode 100644 index 1b4411fd8..000000000 --- a/internal/policies/privilege/testdata/TestApplyPolicy/golden/disallow_local_admins_with_previous_local_admin_conf_and_set_client_admins/polkit-1/localauthority.conf.d/40-local-admins.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This file is managed by adsys. -# Do not edit this file manually. -# Any changes will be overwritten. - -[Configuration] -AdminIdentities=unix-user:local40admin1;unix-user:local40admin2 diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/disallow_local_admins_with_previous_local_admin_conf_and_set_client_admins/polkit-1/localauthority.conf.d/50-local-admins.conf b/internal/policies/privilege/testdata/TestApplyPolicy/golden/disallow_local_admins_with_previous_local_admin_conf_and_set_client_admins/polkit-1/localauthority.conf.d/50-local-admins.conf deleted file mode 100644 index 8b08116b6..000000000 --- a/internal/policies/privilege/testdata/TestApplyPolicy/golden/disallow_local_admins_with_previous_local_admin_conf_and_set_client_admins/polkit-1/localauthority.conf.d/50-local-admins.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This file is managed by adsys. -# Do not edit this file manually. -# Any changes will be overwritten. - -[Configuration] -AdminIdentities=unix-user:local50admin1;unix-user:local50admin2 diff --git a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/host_is_offline,_get_machine_from_cache_(no_update)/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/internal/policies/privilege/testdata/TestApplyPolicy/golden/disallow_local_admins_with_previous_local_admin_conf_and_set_client_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules similarity index 53% rename from cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/host_is_offline,_get_machine_from_cache_(no_update)/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf rename to internal/policies/privilege/testdata/TestApplyPolicy/golden/disallow_local_admins_with_previous_local_admin_conf_and_set_client_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules index 4c88e198f..6cfc3f44a 100644 --- a/cmd/adsysd/integration_tests/testdata/TestPolicyUpdate/golden/host_is_offline,_get_machine_from_cache_(no_update)/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf +++ b/internal/policies/privilege/testdata/TestApplyPolicy/golden/disallow_local_admins_with_previous_local_admin_conf_and_set_client_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules @@ -2,5 +2,6 @@ # Do not edit this file manually. # Any changes will be overwritten. -[Configuration] -AdminIdentities=unix-user:carole cosmic@example.com +polkit.addAdminRule(function(action, subject){ + return ["unix-user:alice@domain.com"]; +}); diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/disallow_local_admins_with_previous_local_admin_conf_and_set_client_admins/polkit-1/rules.d/40-local-admins.rules b/internal/policies/privilege/testdata/TestApplyPolicy/golden/disallow_local_admins_with_previous_local_admin_conf_and_set_client_admins/polkit-1/rules.d/40-local-admins.rules new file mode 100644 index 000000000..383fbb8f1 --- /dev/null +++ b/internal/policies/privilege/testdata/TestApplyPolicy/golden/disallow_local_admins_with_previous_local_admin_conf_and_set_client_admins/polkit-1/rules.d/40-local-admins.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject) { + return ["unix-user:local40admin1", "unix-user:local40admin2"]; +}); \ No newline at end of file diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/disallow_local_admins_with_previous_local_admin_conf_and_set_client_admins/polkit-1/rules.d/50-local-admins.rules b/internal/policies/privilege/testdata/TestApplyPolicy/golden/disallow_local_admins_with_previous_local_admin_conf_and_set_client_admins/polkit-1/rules.d/50-local-admins.rules new file mode 100644 index 000000000..c0f8907dd --- /dev/null +++ b/internal/policies/privilege/testdata/TestApplyPolicy/golden/disallow_local_admins_with_previous_local_admin_conf_and_set_client_admins/polkit-1/rules.d/50-local-admins.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject) { + return ["unix-user:local50admin1", "unix-user:local50admin2"]; +}); \ No newline at end of file diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_without_previous_local_admin_conf_and_set_client_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/internal/policies/privilege/testdata/TestApplyPolicy/golden/don't_overwrite_other_existing_files/polkit-1/rules.d/00-adsys-privilege-enforcement.rules similarity index 62% rename from internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_without_previous_local_admin_conf_and_set_client_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf rename to internal/policies/privilege/testdata/TestApplyPolicy/golden/don't_overwrite_other_existing_files/polkit-1/rules.d/00-adsys-privilege-enforcement.rules index cd660dd0b..218ec1458 100644 --- a/internal/policies/privilege/testdata/TestApplyPolicy/golden/allow_local_admins_without_previous_local_admin_conf_and_set_client_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf +++ b/internal/policies/privilege/testdata/TestApplyPolicy/golden/don't_overwrite_other_existing_files/polkit-1/rules.d/00-adsys-privilege-enforcement.rules @@ -2,5 +2,6 @@ # Do not edit this file manually. # Any changes will be overwritten. -[Configuration] -AdminIdentities=unix-user:alice@domain.com +polkit.addAdminRule(function(action, subject){ + return []; +}); diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/don't_overwrite_other_existing_files/polkit-1/localauthority.conf.d/notadsys.conf b/internal/policies/privilege/testdata/TestApplyPolicy/golden/don't_overwrite_other_existing_files/polkit-1/rules.d/notadsys.rules similarity index 100% rename from internal/policies/privilege/testdata/TestApplyPolicy/golden/don't_overwrite_other_existing_files/polkit-1/localauthority.conf.d/notadsys.conf rename to internal/policies/privilege/testdata/TestApplyPolicy/golden/don't_overwrite_other_existing_files/polkit-1/rules.d/notadsys.rules diff --git a/internal/policies/privilege/testdata/incorrect-policikit-conf-is-dir/polkit-1/localauthority.conf.d/50-this-is-not-a-file.conf/somethinginit b/internal/policies/privilege/testdata/TestApplyPolicy/golden/empty_client_ad_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules similarity index 100% rename from internal/policies/privilege/testdata/incorrect-policikit-conf-is-dir/polkit-1/localauthority.conf.d/50-this-is-not-a-file.conf/somethinginit rename to internal/policies/privilege/testdata/TestApplyPolicy/golden/empty_client_ad_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/no_client_ad_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules b/internal/policies/privilege/testdata/TestApplyPolicy/golden/no_client_ad_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules new file mode 100644 index 000000000..e69de29bb diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/no_rules_still_overwrite_those_files/polkit-1/rules.d/.empty b/internal/policies/privilege/testdata/TestApplyPolicy/golden/no_rules_still_overwrite_those_files/polkit-1/rules.d/.empty new file mode 100644 index 000000000..e69de29bb diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/not_a_computer/polkit-1/localauthority.conf.d/notadsys.conf b/internal/policies/privilege/testdata/TestApplyPolicy/golden/not_a_computer/polkit-1/rules.d/notadsys.rules similarity index 100% rename from internal/policies/privilege/testdata/TestApplyPolicy/golden/not_a_computer/polkit-1/localauthority.conf.d/notadsys.conf rename to internal/policies/privilege/testdata/TestApplyPolicy/golden/not_a_computer/polkit-1/rules.d/notadsys.rules diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/overwrite_existing_polkit_file/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/internal/policies/privilege/testdata/TestApplyPolicy/golden/overwrite_existing_polkit_file/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf deleted file mode 100644 index 0ee940c01..000000000 --- a/internal/policies/privilege/testdata/TestApplyPolicy/golden/overwrite_existing_polkit_file/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This file is managed by adsys. -# Do not edit this file manually. -# Any changes will be overwritten. - -[Configuration] -AdminIdentities= diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/overwrite_existing_polkit_file/polkit-1/rules.d/.empty b/internal/policies/privilege/testdata/TestApplyPolicy/golden/overwrite_existing_polkit_file/polkit-1/rules.d/.empty new file mode 100644 index 000000000..e69de29bb diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/disallow_local_admins_with_previous_local_admin_conf_and_set_client_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/internal/policies/privilege/testdata/TestApplyPolicy/golden/overwrite_existing_polkit_file/polkit-1/rules.d/00-adsys-privilege-enforcement.rules similarity index 62% rename from internal/policies/privilege/testdata/TestApplyPolicy/golden/disallow_local_admins_with_previous_local_admin_conf_and_set_client_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf rename to internal/policies/privilege/testdata/TestApplyPolicy/golden/overwrite_existing_polkit_file/polkit-1/rules.d/00-adsys-privilege-enforcement.rules index cd660dd0b..218ec1458 100644 --- a/internal/policies/privilege/testdata/TestApplyPolicy/golden/disallow_local_admins_with_previous_local_admin_conf_and_set_client_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf +++ b/internal/policies/privilege/testdata/TestApplyPolicy/golden/overwrite_existing_polkit_file/polkit-1/rules.d/00-adsys-privilege-enforcement.rules @@ -2,5 +2,6 @@ # Do not edit this file manually. # Any changes will be overwritten. -[Configuration] -AdminIdentities=unix-user:alice@domain.com +polkit.addAdminRule(function(action, subject){ + return []; +}); diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/overwrite_existing_sudoers_file/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/internal/policies/privilege/testdata/TestApplyPolicy/golden/overwrite_existing_sudoers_file/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf deleted file mode 100644 index 0ee940c01..000000000 --- a/internal/policies/privilege/testdata/TestApplyPolicy/golden/overwrite_existing_sudoers_file/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This file is managed by adsys. -# Do not edit this file manually. -# Any changes will be overwritten. - -[Configuration] -AdminIdentities= diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/overwrite_existing_sudoers_file/polkit-1/rules.d/00-adsys-privilege-enforcement.rules b/internal/policies/privilege/testdata/TestApplyPolicy/golden/overwrite_existing_sudoers_file/polkit-1/rules.d/00-adsys-privilege-enforcement.rules new file mode 100644 index 000000000..218ec1458 --- /dev/null +++ b/internal/policies/privilege/testdata/TestApplyPolicy/golden/overwrite_existing_sudoers_file/polkit-1/rules.d/00-adsys-privilege-enforcement.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject){ + return []; +}); diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/set_client_group_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/internal/policies/privilege/testdata/TestApplyPolicy/golden/set_client_group_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf deleted file mode 100644 index 8eb4d72e5..000000000 --- a/internal/policies/privilege/testdata/TestApplyPolicy/golden/set_client_group_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This file is managed by adsys. -# Do not edit this file manually. -# Any changes will be overwritten. - -[Configuration] -AdminIdentities=unix-group:group@domain.com diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/set_client_group_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules b/internal/policies/privilege/testdata/TestApplyPolicy/golden/set_client_group_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules new file mode 100644 index 000000000..e7ab90b62 --- /dev/null +++ b/internal/policies/privilege/testdata/TestApplyPolicy/golden/set_client_group_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject){ + return ["unix-group:sudo","unix-group:admin","unix-group:group@domain.com"]; +}); diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/set_client_mixed_with_users_and_group_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/internal/policies/privilege/testdata/TestApplyPolicy/golden/set_client_mixed_with_users_and_group_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf deleted file mode 100644 index 80e313aec..000000000 --- a/internal/policies/privilege/testdata/TestApplyPolicy/golden/set_client_mixed_with_users_and_group_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This file is managed by adsys. -# Do not edit this file manually. -# Any changes will be overwritten. - -[Configuration] -AdminIdentities=unix-user:alice@domain.com;unix-group:group@domain.com diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/set_client_mixed_with_users_and_group_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules b/internal/policies/privilege/testdata/TestApplyPolicy/golden/set_client_mixed_with_users_and_group_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules new file mode 100644 index 000000000..fa900e280 --- /dev/null +++ b/internal/policies/privilege/testdata/TestApplyPolicy/golden/set_client_mixed_with_users_and_group_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject){ + return ["unix-group:sudo","unix-group:admin","unix-user:alice@domain.com","unix-group:group@domain.com"]; +}); diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/set_client_multiple_users_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/internal/policies/privilege/testdata/TestApplyPolicy/golden/set_client_multiple_users_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf deleted file mode 100644 index 7a4e3c7ac..000000000 --- a/internal/policies/privilege/testdata/TestApplyPolicy/golden/set_client_multiple_users_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This file is managed by adsys. -# Do not edit this file manually. -# Any changes will be overwritten. - -[Configuration] -AdminIdentities=unix-user:alice@domain.com;unix-user:bob@domain;unix-user:carole cosmic@otherdomain.com diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/set_client_multiple_users_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules b/internal/policies/privilege/testdata/TestApplyPolicy/golden/set_client_multiple_users_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules new file mode 100644 index 000000000..55e9ae3fa --- /dev/null +++ b/internal/policies/privilege/testdata/TestApplyPolicy/golden/set_client_multiple_users_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject){ + return ["unix-group:sudo","unix-group:admin","unix-user:alice@domain.com","unix-user:bob@domain","unix-user:carole cosmic@otherdomain.com"]; +}); diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/set_client_user_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/internal/policies/privilege/testdata/TestApplyPolicy/golden/set_client_user_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf deleted file mode 100644 index cd660dd0b..000000000 --- a/internal/policies/privilege/testdata/TestApplyPolicy/golden/set_client_user_admins/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This file is managed by adsys. -# Do not edit this file manually. -# Any changes will be overwritten. - -[Configuration] -AdminIdentities=unix-user:alice@domain.com diff --git a/internal/policies/privilege/testdata/TestApplyPolicy/golden/set_client_user_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules b/internal/policies/privilege/testdata/TestApplyPolicy/golden/set_client_user_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules new file mode 100644 index 000000000..792a943d4 --- /dev/null +++ b/internal/policies/privilege/testdata/TestApplyPolicy/golden/set_client_user_admins/polkit-1/rules.d/00-adsys-privilege-enforcement.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject){ + return ["unix-group:sudo","unix-group:admin","unix-user:alice@domain.com"]; +}); diff --git a/internal/policies/privilege/testdata/TestPolkitAdminIdentitiesFromConf/golden/fetch_previous_admin_identities b/internal/policies/privilege/testdata/TestPolkitAdminIdentitiesFromConf/golden/fetch_previous_admin_identities new file mode 100644 index 000000000..86a1393f2 --- /dev/null +++ b/internal/policies/privilege/testdata/TestPolkitAdminIdentitiesFromConf/golden/fetch_previous_admin_identities @@ -0,0 +1 @@ +unix-group:sudo;unix-group:admin \ No newline at end of file diff --git a/internal/policies/privilege/testdata/TestPolkitAdminIdentitiesFromConf/golden/fetch_previous_admin_identities_from_highest_ascii_file b/internal/policies/privilege/testdata/TestPolkitAdminIdentitiesFromConf/golden/fetch_previous_admin_identities_from_highest_ascii_file new file mode 100644 index 000000000..86a1393f2 --- /dev/null +++ b/internal/policies/privilege/testdata/TestPolkitAdminIdentitiesFromConf/golden/fetch_previous_admin_identities_from_highest_ascii_file @@ -0,0 +1 @@ +unix-group:sudo;unix-group:admin \ No newline at end of file diff --git a/internal/policies/privilege/testdata/TestPolkitAdminIdentitiesFromConf/golden/fetch_previous_admin_identities_ignoring_adsys b/internal/policies/privilege/testdata/TestPolkitAdminIdentitiesFromConf/golden/fetch_previous_admin_identities_ignoring_adsys new file mode 100644 index 000000000..86a1393f2 --- /dev/null +++ b/internal/policies/privilege/testdata/TestPolkitAdminIdentitiesFromConf/golden/fetch_previous_admin_identities_ignoring_adsys @@ -0,0 +1 @@ +unix-group:sudo;unix-group:admin \ No newline at end of file diff --git a/internal/policies/privilege/testdata/TestPolkitAdminIdentitiesFromRules/golden/consider_only_first_returned_value b/internal/policies/privilege/testdata/TestPolkitAdminIdentitiesFromRules/golden/consider_only_first_returned_value new file mode 100644 index 000000000..d90ae9e0a --- /dev/null +++ b/internal/policies/privilege/testdata/TestPolkitAdminIdentitiesFromRules/golden/consider_only_first_returned_value @@ -0,0 +1 @@ +"unix-user:local50admin1","unix-user:local50admin2" \ No newline at end of file diff --git a/internal/policies/privilege/testdata/TestPolkitAdminIdentitiesFromRules/golden/fetch_previous_admin_identities b/internal/policies/privilege/testdata/TestPolkitAdminIdentitiesFromRules/golden/fetch_previous_admin_identities new file mode 100644 index 000000000..d90ae9e0a --- /dev/null +++ b/internal/policies/privilege/testdata/TestPolkitAdminIdentitiesFromRules/golden/fetch_previous_admin_identities @@ -0,0 +1 @@ +"unix-user:local50admin1","unix-user:local50admin2" \ No newline at end of file diff --git a/internal/policies/privilege/testdata/TestPolkitAdminIdentitiesFromRules/golden/fetch_previous_admin_identities_from_lower_ascii_file b/internal/policies/privilege/testdata/TestPolkitAdminIdentitiesFromRules/golden/fetch_previous_admin_identities_from_lower_ascii_file new file mode 100644 index 000000000..5c5604383 --- /dev/null +++ b/internal/policies/privilege/testdata/TestPolkitAdminIdentitiesFromRules/golden/fetch_previous_admin_identities_from_lower_ascii_file @@ -0,0 +1 @@ +"unix-user:local40admin1","unix-user:local40admin2" \ No newline at end of file diff --git a/internal/policies/privilege/testdata/TestPolkitAdminIdentitiesFromRules/golden/fetch_previous_admin_identities_ignoring_adsys b/internal/policies/privilege/testdata/TestPolkitAdminIdentitiesFromRules/golden/fetch_previous_admin_identities_ignoring_adsys new file mode 100644 index 000000000..5c5604383 --- /dev/null +++ b/internal/policies/privilege/testdata/TestPolkitAdminIdentitiesFromRules/golden/fetch_previous_admin_identities_ignoring_adsys @@ -0,0 +1 @@ +"unix-user:local40admin1","unix-user:local40admin2" \ No newline at end of file diff --git a/internal/policies/privilege/testdata/TestPolkitAdminIdentitiesFromRules/golden/prioritize_first_specified_directory_if_files_have_same_ascii b/internal/policies/privilege/testdata/TestPolkitAdminIdentitiesFromRules/golden/prioritize_first_specified_directory_if_files_have_same_ascii new file mode 100644 index 000000000..d90ae9e0a --- /dev/null +++ b/internal/policies/privilege/testdata/TestPolkitAdminIdentitiesFromRules/golden/prioritize_first_specified_directory_if_files_have_same_ascii @@ -0,0 +1 @@ +"unix-user:local50admin1","unix-user:local50admin2" \ No newline at end of file diff --git a/internal/policies/privilege/testdata/TestPolkitAdminIdentitiesFromRules/golden/prioritize_lower_ascii_file_even_if_on_second_directory b/internal/policies/privilege/testdata/TestPolkitAdminIdentitiesFromRules/golden/prioritize_lower_ascii_file_even_if_on_second_directory new file mode 100644 index 000000000..5c5604383 --- /dev/null +++ b/internal/policies/privilege/testdata/TestPolkitAdminIdentitiesFromRules/golden/prioritize_lower_ascii_file_even_if_on_second_directory @@ -0,0 +1 @@ +"unix-user:local40admin1","unix-user:local40admin2" \ No newline at end of file diff --git a/internal/policies/privilege/testdata/existing-files/polkit-1/rules.d/.empty b/internal/policies/privilege/testdata/existing-files/polkit-1/rules.d/.empty new file mode 100644 index 000000000..e69de29bb diff --git a/internal/policies/privilege/testdata/existing-old-adsys-conf/polkit-1/localauthority.conf.d/50-ubuntu-admin.conf b/internal/policies/privilege/testdata/existing-old-adsys-conf/polkit-1/localauthority.conf.d/50-ubuntu-admin.conf new file mode 100644 index 000000000..6b7177dd4 --- /dev/null +++ b/internal/policies/privilege/testdata/existing-old-adsys-conf/polkit-1/localauthority.conf.d/50-ubuntu-admin.conf @@ -0,0 +1,2 @@ +[Configuration] +AdminIdentities=unix-group:sudo;unix-group:admin \ No newline at end of file diff --git a/internal/policies/privilege/testdata/existing-files/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/internal/policies/privilege/testdata/existing-old-adsys-conf/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf similarity index 100% rename from internal/policies/privilege/testdata/existing-files/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf rename to internal/policies/privilege/testdata/existing-old-adsys-conf/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf diff --git a/internal/policies/privilege/testdata/existing-other-files/polkit-1/localauthority.conf.d/notadsys.conf b/internal/policies/privilege/testdata/existing-old-adsys-conf/sudoers.d/99-adsys-privilege-enforcement similarity index 100% rename from internal/policies/privilege/testdata/existing-other-files/polkit-1/localauthority.conf.d/notadsys.conf rename to internal/policies/privilege/testdata/existing-old-adsys-conf/sudoers.d/99-adsys-privilege-enforcement diff --git a/internal/policies/privilege/testdata/existing-other-files/polkit-1/rules.d/notadsys.rules b/internal/policies/privilege/testdata/existing-other-files/polkit-1/rules.d/notadsys.rules new file mode 100644 index 000000000..df76d241e --- /dev/null +++ b/internal/policies/privilege/testdata/existing-other-files/polkit-1/rules.d/notadsys.rules @@ -0,0 +1,3 @@ +# RANDOM CONTENT +# On mutliple +# lines diff --git a/internal/policies/privilege/testdata/existing-previous-local-admins-multi/polkit-1/localauthority.conf.d/40-local-admins.conf b/internal/policies/privilege/testdata/existing-previous-local-admins-multi/polkit-1/localauthority.conf.d/40-local-admins.conf deleted file mode 100644 index 1b4411fd8..000000000 --- a/internal/policies/privilege/testdata/existing-previous-local-admins-multi/polkit-1/localauthority.conf.d/40-local-admins.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This file is managed by adsys. -# Do not edit this file manually. -# Any changes will be overwritten. - -[Configuration] -AdminIdentities=unix-user:local40admin1;unix-user:local40admin2 diff --git a/internal/policies/privilege/testdata/existing-previous-local-admins-multi/polkit-1/localauthority.conf.d/50-local-admins.conf b/internal/policies/privilege/testdata/existing-previous-local-admins-multi/polkit-1/localauthority.conf.d/50-local-admins.conf deleted file mode 100644 index 8b08116b6..000000000 --- a/internal/policies/privilege/testdata/existing-previous-local-admins-multi/polkit-1/localauthority.conf.d/50-local-admins.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This file is managed by adsys. -# Do not edit this file manually. -# Any changes will be overwritten. - -[Configuration] -AdminIdentities=unix-user:local50admin1;unix-user:local50admin2 diff --git a/internal/policies/privilege/testdata/existing-previous-local-admins-multi/polkit-1/rules.d/40-local-admins.rules b/internal/policies/privilege/testdata/existing-previous-local-admins-multi/polkit-1/rules.d/40-local-admins.rules new file mode 100644 index 000000000..383fbb8f1 --- /dev/null +++ b/internal/policies/privilege/testdata/existing-previous-local-admins-multi/polkit-1/rules.d/40-local-admins.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject) { + return ["unix-user:local40admin1", "unix-user:local40admin2"]; +}); \ No newline at end of file diff --git a/internal/policies/privilege/testdata/existing-previous-local-admins-multi/polkit-1/rules.d/50-local-admins.rules b/internal/policies/privilege/testdata/existing-previous-local-admins-multi/polkit-1/rules.d/50-local-admins.rules new file mode 100644 index 000000000..c0f8907dd --- /dev/null +++ b/internal/policies/privilege/testdata/existing-previous-local-admins-multi/polkit-1/rules.d/50-local-admins.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject) { + return ["unix-user:local50admin1", "unix-user:local50admin2"]; +}); \ No newline at end of file diff --git a/internal/policies/privilege/testdata/existing-previous-local-admins-one/polkit-1/localauthority.conf.d/50-local-admins.conf b/internal/policies/privilege/testdata/existing-previous-local-admins-one/polkit-1/localauthority.conf.d/50-local-admins.conf deleted file mode 100644 index 8b08116b6..000000000 --- a/internal/policies/privilege/testdata/existing-previous-local-admins-one/polkit-1/localauthority.conf.d/50-local-admins.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This file is managed by adsys. -# Do not edit this file manually. -# Any changes will be overwritten. - -[Configuration] -AdminIdentities=unix-user:local50admin1;unix-user:local50admin2 diff --git a/internal/policies/privilege/testdata/existing-previous-local-admins-one/polkit-1/rules.d/50-local-admins.rules b/internal/policies/privilege/testdata/existing-previous-local-admins-one/polkit-1/rules.d/50-local-admins.rules new file mode 100644 index 000000000..c0f8907dd --- /dev/null +++ b/internal/policies/privilege/testdata/existing-previous-local-admins-one/polkit-1/rules.d/50-local-admins.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject) { + return ["unix-user:local50admin1", "unix-user:local50admin2"]; +}); \ No newline at end of file diff --git a/internal/policies/privilege/testdata/existing-previous-local-admins-return-early/polkit-1/rules.d/50-local-admins.rules b/internal/policies/privilege/testdata/existing-previous-local-admins-return-early/polkit-1/rules.d/50-local-admins.rules new file mode 100644 index 000000000..c29b8ed40 --- /dev/null +++ b/internal/policies/privilege/testdata/existing-previous-local-admins-return-early/polkit-1/rules.d/50-local-admins.rules @@ -0,0 +1,11 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject) { + return ["unix-user:local50admin1", "unix-user:local50admin2"]; +}); + +polkit.addAdminRule(function(action, subject) { + return ["unix-user:shouldbeignored"]; +}); \ No newline at end of file diff --git a/internal/policies/privilege/testdata/existing-previous-local-admins-with-adsys-file/polkit-1/localauthority.conf.d/40-local-admins.conf b/internal/policies/privilege/testdata/existing-previous-local-admins-with-adsys-file/polkit-1/localauthority.conf.d/40-local-admins.conf deleted file mode 100644 index 1b4411fd8..000000000 --- a/internal/policies/privilege/testdata/existing-previous-local-admins-with-adsys-file/polkit-1/localauthority.conf.d/40-local-admins.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This file is managed by adsys. -# Do not edit this file manually. -# Any changes will be overwritten. - -[Configuration] -AdminIdentities=unix-user:local40admin1;unix-user:local40admin2 diff --git a/internal/policies/privilege/testdata/existing-previous-local-admins-with-adsys-file/polkit-1/localauthority.conf.d/50-local-admins.conf b/internal/policies/privilege/testdata/existing-previous-local-admins-with-adsys-file/polkit-1/localauthority.conf.d/50-local-admins.conf deleted file mode 100644 index 8b08116b6..000000000 --- a/internal/policies/privilege/testdata/existing-previous-local-admins-with-adsys-file/polkit-1/localauthority.conf.d/50-local-admins.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This file is managed by adsys. -# Do not edit this file manually. -# Any changes will be overwritten. - -[Configuration] -AdminIdentities=unix-user:local50admin1;unix-user:local50admin2 diff --git a/internal/policies/privilege/testdata/existing-previous-local-admins-with-adsys-file/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/internal/policies/privilege/testdata/existing-previous-local-admins-with-adsys-file/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf deleted file mode 100644 index ca37fbd9b..000000000 --- a/internal/policies/privilege/testdata/existing-previous-local-admins-with-adsys-file/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This file is managed by adsys. -# Do not edit this file manually. -# Any changes will be overwritten. - -[Configuration] -AdminIdentities=unix-user:shouldbeignored diff --git a/internal/policies/privilege/testdata/existing-previous-local-admins-with-adsys-file/polkit-1/rules.d/00-adsys-privilege-enforcement.rules b/internal/policies/privilege/testdata/existing-previous-local-admins-with-adsys-file/polkit-1/rules.d/00-adsys-privilege-enforcement.rules new file mode 100644 index 000000000..6f18803b7 --- /dev/null +++ b/internal/policies/privilege/testdata/existing-previous-local-admins-with-adsys-file/polkit-1/rules.d/00-adsys-privilege-enforcement.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject) { + return ["unix-user:shouldbeignored"]; +}); \ No newline at end of file diff --git a/internal/policies/privilege/testdata/existing-previous-local-admins-with-adsys-file/polkit-1/rules.d/40-local-admins.rules b/internal/policies/privilege/testdata/existing-previous-local-admins-with-adsys-file/polkit-1/rules.d/40-local-admins.rules new file mode 100644 index 000000000..383fbb8f1 --- /dev/null +++ b/internal/policies/privilege/testdata/existing-previous-local-admins-with-adsys-file/polkit-1/rules.d/40-local-admins.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject) { + return ["unix-user:local40admin1", "unix-user:local40admin2"]; +}); \ No newline at end of file diff --git a/internal/policies/privilege/testdata/existing-previous-local-admins-with-adsys-file/polkit-1/rules.d/50-local-admins.rules b/internal/policies/privilege/testdata/existing-previous-local-admins-with-adsys-file/polkit-1/rules.d/50-local-admins.rules new file mode 100644 index 000000000..c0f8907dd --- /dev/null +++ b/internal/policies/privilege/testdata/existing-previous-local-admins-with-adsys-file/polkit-1/rules.d/50-local-admins.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject) { + return ["unix-user:local50admin1", "unix-user:local50admin2"]; +}); \ No newline at end of file diff --git a/internal/policies/privilege/testdata/incorrect-policikit-conf-is-dir/polkit-1/rules.d/50-this-is-not-a-file.rules/somethinginit b/internal/policies/privilege/testdata/incorrect-policikit-conf-is-dir/polkit-1/rules.d/50-this-is-not-a-file.rules/somethinginit new file mode 100644 index 000000000..e69de29bb diff --git a/internal/policies/privilege/testdata/multiple-polkit-dirs-diff-file/polkit-1/rules.d/50-local-admins.rules b/internal/policies/privilege/testdata/multiple-polkit-dirs-diff-file/polkit-1/rules.d/50-local-admins.rules new file mode 100644 index 000000000..c0f8907dd --- /dev/null +++ b/internal/policies/privilege/testdata/multiple-polkit-dirs-diff-file/polkit-1/rules.d/50-local-admins.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject) { + return ["unix-user:local50admin1", "unix-user:local50admin2"]; +}); \ No newline at end of file diff --git a/internal/policies/privilege/testdata/multiple-polkit-dirs-diff-file/polkit-2/rules.d/40-local-admins.rules b/internal/policies/privilege/testdata/multiple-polkit-dirs-diff-file/polkit-2/rules.d/40-local-admins.rules new file mode 100644 index 000000000..383fbb8f1 --- /dev/null +++ b/internal/policies/privilege/testdata/multiple-polkit-dirs-diff-file/polkit-2/rules.d/40-local-admins.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject) { + return ["unix-user:local40admin1", "unix-user:local40admin2"]; +}); \ No newline at end of file diff --git a/internal/policies/privilege/testdata/multiple-polkit-dirs-same-file/polkit-1/rules.d/50-local-admins.rules b/internal/policies/privilege/testdata/multiple-polkit-dirs-same-file/polkit-1/rules.d/50-local-admins.rules new file mode 100644 index 000000000..c0f8907dd --- /dev/null +++ b/internal/policies/privilege/testdata/multiple-polkit-dirs-same-file/polkit-1/rules.d/50-local-admins.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject) { + return ["unix-user:local50admin1", "unix-user:local50admin2"]; +}); \ No newline at end of file diff --git a/internal/policies/privilege/testdata/multiple-polkit-dirs-same-file/polkit-2/rules.d/50-local-admins.rules b/internal/policies/privilege/testdata/multiple-polkit-dirs-same-file/polkit-2/rules.d/50-local-admins.rules new file mode 100644 index 000000000..321733482 --- /dev/null +++ b/internal/policies/privilege/testdata/multiple-polkit-dirs-same-file/polkit-2/rules.d/50-local-admins.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject) { + return ["unix-user:WhatEvenIsPolkit2"]; +}); \ No newline at end of file diff --git a/internal/policies/privilege/testdata/old-polkit-multiple-files/polkit-1/localauthority.conf.d/50-ubuntu-admin.conf b/internal/policies/privilege/testdata/old-polkit-multiple-files/polkit-1/localauthority.conf.d/50-ubuntu-admin.conf new file mode 100644 index 000000000..d33fa0d11 --- /dev/null +++ b/internal/policies/privilege/testdata/old-polkit-multiple-files/polkit-1/localauthority.conf.d/50-ubuntu-admin.conf @@ -0,0 +1,2 @@ +[Configuration] +AdminIdentities=unix-group:shouldbeignored \ No newline at end of file diff --git a/internal/policies/privilege/testdata/old-polkit-multiple-files/polkit-1/localauthority.conf.d/75-admin.conf b/internal/policies/privilege/testdata/old-polkit-multiple-files/polkit-1/localauthority.conf.d/75-admin.conf new file mode 100644 index 000000000..6b7177dd4 --- /dev/null +++ b/internal/policies/privilege/testdata/old-polkit-multiple-files/polkit-1/localauthority.conf.d/75-admin.conf @@ -0,0 +1,2 @@ +[Configuration] +AdminIdentities=unix-group:sudo;unix-group:admin \ No newline at end of file diff --git a/internal/policies/privilege/testdata/old-polkit-multiple-files/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/internal/policies/privilege/testdata/old-polkit-multiple-files/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf new file mode 100644 index 000000000..df76d241e --- /dev/null +++ b/internal/policies/privilege/testdata/old-polkit-multiple-files/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf @@ -0,0 +1,3 @@ +# RANDOM CONTENT +# On mutliple +# lines diff --git a/internal/policies/privilege/testdata/old-polkit-multiple-files/sudoers.d/99-adsys-privilege-enforcement b/internal/policies/privilege/testdata/old-polkit-multiple-files/sudoers.d/99-adsys-privilege-enforcement new file mode 100644 index 000000000..df76d241e --- /dev/null +++ b/internal/policies/privilege/testdata/old-polkit-multiple-files/sudoers.d/99-adsys-privilege-enforcement @@ -0,0 +1,3 @@ +# RANDOM CONTENT +# On mutliple +# lines diff --git a/internal/policies/privilege/testdata/old-polkit/polkit-1/localauthority.conf.d/50-ubuntu-admin.conf b/internal/policies/privilege/testdata/old-polkit/polkit-1/localauthority.conf.d/50-ubuntu-admin.conf new file mode 100644 index 000000000..6b7177dd4 --- /dev/null +++ b/internal/policies/privilege/testdata/old-polkit/polkit-1/localauthority.conf.d/50-ubuntu-admin.conf @@ -0,0 +1,2 @@ +[Configuration] +AdminIdentities=unix-group:sudo;unix-group:admin \ No newline at end of file diff --git a/internal/policies/privilege/testdata/old-polkit/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/internal/policies/privilege/testdata/old-polkit/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf new file mode 100644 index 000000000..df76d241e --- /dev/null +++ b/internal/policies/privilege/testdata/old-polkit/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf @@ -0,0 +1,3 @@ +# RANDOM CONTENT +# On mutliple +# lines diff --git a/internal/policies/privilege/testdata/old-polkit/sudoers.d/99-adsys-privilege-enforcement b/internal/policies/privilege/testdata/old-polkit/sudoers.d/99-adsys-privilege-enforcement new file mode 100644 index 000000000..df76d241e --- /dev/null +++ b/internal/policies/privilege/testdata/old-polkit/sudoers.d/99-adsys-privilege-enforcement @@ -0,0 +1,3 @@ +# RANDOM CONTENT +# On mutliple +# lines diff --git a/internal/policies/testdata/TestApplyPolicies/golden/second_call_with_no_rules_deletes_everything/etc/polkit-1/rules.d/.empty b/internal/policies/testdata/TestApplyPolicies/golden/second_call_with_no_rules_deletes_everything/etc/polkit-1/rules.d/.empty new file mode 100644 index 000000000..e69de29bb diff --git "a/internal/policies/testdata/TestApplyPolicies/golden/second_call_with_no_rules_don't_remove_scripts_if_session_hasn\342\200\231t_ended/etc/polkit-1/rules.d/.empty" "b/internal/policies/testdata/TestApplyPolicies/golden/second_call_with_no_rules_don't_remove_scripts_if_session_hasn\342\200\231t_ended/etc/polkit-1/rules.d/.empty" new file mode 100644 index 000000000..e69de29bb diff --git "a/internal/policies/testdata/TestApplyPolicies/golden/second_call_with_no_subscription_don't_remove_scripts_if_session_hasn\342\200\231t_ended/etc/polkit-1/rules.d/.empty" "b/internal/policies/testdata/TestApplyPolicies/golden/second_call_with_no_subscription_don't_remove_scripts_if_session_hasn\342\200\231t_ended/etc/polkit-1/rules.d/.empty" new file mode 100644 index 000000000..e69de29bb diff --git a/internal/policies/testdata/TestApplyPolicies/golden/second_call_with_no_subscription_should_remove_everything_but_dconf_content/etc/polkit-1/rules.d/.empty b/internal/policies/testdata/TestApplyPolicies/golden/second_call_with_no_subscription_should_remove_everything_but_dconf_content/etc/polkit-1/rules.d/.empty new file mode 100644 index 000000000..e69de29bb diff --git a/internal/policies/testdata/TestApplyPolicies/golden/succeed/etc/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/internal/policies/testdata/TestApplyPolicies/golden/succeed/etc/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf deleted file mode 100644 index dbf1b12ee..000000000 --- a/internal/policies/testdata/TestApplyPolicies/golden/succeed/etc/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This file is managed by adsys. -# Do not edit this file manually. -# Any changes will be overwritten. - -[Configuration] -AdminIdentities=unix-user:alice@domain;unix-user:bob@domain2;unix-group:mygroup@domain;unix-user:cosmic carole@domain diff --git a/internal/policies/testdata/TestApplyPolicies/golden/succeed/etc/polkit-1/rules.d/00-adsys-privilege-enforcement.rules b/internal/policies/testdata/TestApplyPolicies/golden/succeed/etc/polkit-1/rules.d/00-adsys-privilege-enforcement.rules new file mode 100644 index 000000000..cbf3b6829 --- /dev/null +++ b/internal/policies/testdata/TestApplyPolicies/golden/succeed/etc/polkit-1/rules.d/00-adsys-privilege-enforcement.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject){ + return ["unix-group:sudo","unix-group:admin","unix-user:alice@domain","unix-user:bob@domain2","unix-group:mygroup@domain","unix-user:cosmic carole@domain"]; +}); diff --git a/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/etc/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/etc/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf deleted file mode 100644 index dbf1b12ee..000000000 --- a/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/etc/polkit-1/localauthority.conf.d/99-adsys-privilege-enforcement.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This file is managed by adsys. -# Do not edit this file manually. -# Any changes will be overwritten. - -[Configuration] -AdminIdentities=unix-user:alice@domain;unix-user:bob@domain2;unix-group:mygroup@domain;unix-user:cosmic carole@domain diff --git a/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/etc/polkit-1/rules.d/00-adsys-privilege-enforcement.rules b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/etc/polkit-1/rules.d/00-adsys-privilege-enforcement.rules new file mode 100644 index 000000000..cbf3b6829 --- /dev/null +++ b/internal/policies/testdata/TestApplyPolicies/golden/succeed_if_checking_for_backend_online_status_returns_an_error/etc/polkit-1/rules.d/00-adsys-privilege-enforcement.rules @@ -0,0 +1,7 @@ +# This file is managed by adsys. +# Do not edit this file manually. +# Any changes will be overwritten. + +polkit.addAdminRule(function(action, subject){ + return ["unix-group:sudo","unix-group:admin","unix-user:alice@domain","unix-user:bob@domain2","unix-group:mygroup@domain","unix-user:cosmic carole@domain"]; +});