add feature for checking user password min/max days

Author: Jon Beilke

images/debian_bullseye/Dockerfile

@@ -64,7 +64,7 @@ RUN echo "user:foo" | chpasswd
 RUN echo "*nat\n:PREROUTING ACCEPT [0:0]\n:INPUT ACCEPT [0:0]\n:OUTPUT ACCEPT [0:0]\n:POSTROUTING ACCEPT [0:0]\n-A PREROUTING -d 192.168.0.1/32 -j REDIRECT\nCOMMIT\n*filter\n:INPUT ACCEPT [0:0]\n:FORWARD ACCEPT [0:0]\n:OUTPUT ACCEPT [0:0]\n-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT\nCOMMIT" > /etc/iptables/rules.v4
 
 # Expiration date for user "user"
-RUN chage -E 20000 user
+RUN chage -E 20000 -m 7 -M 90 user
 
 # Some python3 virtualenv
 RUN virtualenv /v

test/test_modules.py

@@ -271,6 +271,13 @@ def test_user(host):
     assert user.password == "*"
 
 
+def test_user_password_days(host):
+    assert host.user("root").password_max_days is 99999
+    assert host.user("root").password_min_days is 0
+    assert host.user("user").password_max_days == 90
+    assert host.user("user").password_min_days == 7
+
+
 def test_user_user(host):
     user = host.user("user")
     assert user.exists

testinfra/modules/user.py

@@ -91,6 +91,24 @@ def password(self):
         """Return the crypted user password"""
         return self.check_output("getent shadow %s", self.name).split(":")[1]
 
+    @property
+    def password_max_days(self):
+        """Return the maximum number of days between password changes"""
+        days = self.check_output("getent shadow %s", self.name).split(":")[4]
+        try:
+            return int(days)
+        except ValueError:
+            return None
+
+    @property
+    def password_min_days(self):
+        """Return the minimum number of days between password changes"""
+        days = self.check_output("getent shadow %s", self.name).split(":")[3]
+        try:
+            return int(days)
+        except ValueError:
+            return None
+
     @property
     def gecos(self):
         """Return the user comment/gecos field"""