Sudo_pair Charm

Merge ~peter-sabaini/charm-sudo-pair:feature/add-pd-logging into ~sudo-pair-charmers/charm-sudo-pair:master

Proposed by Peter Sabaini on 2021-06-09

Status:	Superseded
Proposed branch:	~peter-sabaini/charm-sudo-pair:feature/add-pd-logging
Merge into:	~sudo-pair-charmers/charm-sudo-pair:master
Diff against target:	1981 lines (+857/-382) 22 files modified .gitignore (+24/-16) Makefile (+60/-33) dev/null (+0/-185) interfaces/.empty (+0/-0) layers/.empty (+0/-0) src/README.md (+1/-1) src/actions/actions.py (+19/-2) src/actions/remove-sudopair (+1/-0) src/config.yaml (+8/-0) src/copyright (+16/-0) src/files/pagerdutyevent.py (+68/-0) src/lib/libsudopair.py (+237/-0) src/metadata.yaml (+1/-1) src/reactive/sudo_pair.py (+25/-10) src/templates/sudo_approve.tmpl (+5/-2) src/templates/sudo_pair.pagerduty.tmpl (+6/-0) src/tests/functional/conftest.py (+51/-38) src/tests/functional/test_deploy.py (+53/-66) src/tests/unit/conftest.py (+11/-5) src/tests/unit/test_actions.py (+23/-0) src/tests/unit/test_libsudopair.py (+206/-0) src/tox.ini (+42/-23)
Related bugs:	Link a bug report

Reviewer	Date Requested	Status
Giuseppe Petralia	2021-06-09	Pending
Paul Goins	2021-06-09	Pending
Review via email: mp+403955@code.launchpad.net

This proposal supersedes a proposal from 2020-11-23.

This proposal has been superseded by a proposal from 2021-06-09.

Commit message

Pagerduty alerting, action logging

Ability to have pagerduty alerts triggered on auto-approve. Revamp logging, add logging for remove-sudopair action. Use https proxy to contact the PD events endpoint if set in model config.

Revision history for this message

Giuseppe Petralia (peppepetra) wrote on 2020-02-17: Posted in a previous version of this proposal

Small comment on the pagerduty_proxy that may be removed in favor of the juju model-config if any.

Comments in line.

Other than that looks good to me.

review: Needs Fixing

Revision history for this message

Paul Goins (vultaire) wrote on 2020-09-19: Posted in a previous version of this proposal

I agree with Giuseppe. I think we should pull the proxy from the env's JUJU_CHARM_HTTPS_PROXY variable to avoid proliferating proxy settings. Other than that I'm +1.

review: Needs Fixing

Revision history for this message

Peter Sabaini (peter-sabaini) wrote on 2020-11-23: Posted in a previous version of this proposal

Thanks -- proxy config updated as requested. I've resubmitted the branch as there was some code reorg interim.

Revision history for this message

Celia Wang (ziyiwang) wrote on 2021-01-18: Posted in a previous version of this proposal

LGTM.

Revision history for this message

Paul Goins (vultaire) wrote on 2021-05-28: Posted in a previous version of this proposal

Sorry for the delay here - It looks like this is close to if not identical to https://code.launchpad.net/~peter-sabaini/charm-sudo-pair/+git/sudo-pair-charm/+merge/377884, except that it might be based off newer code. I don't see any changes re: proxy variable use; this code is still using pagerduty_proxy rather than e.g. JUJU_CHARM_HTTPS_PROXY.

review: Needs Fixing

Unmerged commits

3681b10... by Peter Sabaini on 2020-11-19

Pagerduty alerting, action logging

Ability to have pagerduty alerts triggered on auto-approve. Revamp
logging, add logging for remove-sudopair action. Use https proxy to
contact the PD events endpoint if set in model config.

0e31f83... by Alvaro Uria on 2020-10-19

Merge remote-tracking branch 'drew/copyright'

Reviewed-on: https://code.launchpad.net/~afreiberger/charm-sudo-pair/+git/charm-sudo-pair/+merge/392422
Reviewed-by: Alvaro Uria <email address hidden>

7628722... by Drew Freiberger on 2020-10-19

Update copyright to 2018-2020

24bbbb2... by Giuseppe Petralia on 2020-08-14

Add copyright Apache-2

7e3bae4... by Giuseppe Petralia on 2020-08-11

Update noqa comments to do a single check

625fd16... by Giuseppe Petralia on 2020-08-10

Fix flake8/black conflicts.

98e3587... by Giuseppe Petralia on 2020-08-10

Extra Linting completed for 20.08 charm release

224d950... by Giuseppe Petralia on 2020-08-10

Blackened repository to 88 lines

421e685... by Giuseppe Petralia on 2020-08-10

Imported standard Makefile and tox.ini and fixed up tests

de75f72... by Adam Dyess on 2020-07-08

Resolve issue where workload status isn't updated after remove-sudopair action

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Giuseppe Petralia

Peter Sabaini

Sudo_pair Charmers

 diff --git a/.gitignore b/.gitignore
 index eda8bea..6f1f367 100644
 --- a/.gitignore
 +++ b/.gitignore
@@ -1,33 +1,41 @@
++# Juju files
++.unit-state.db
++.go-cookies
++
++layers/*
++interfaces/*
++
  # Byte-compiled / optimized / DLL files
  __pycache__/
  *.py[cod]
  *$py.class
++# Tests files and dir
++.pytest_cache/
++.coverage
++.tox
++report/
++htmlcov/
++
  # Log files
  *.log
--.tox/
--src/.tox/
--.coverage
++# pycharm
++.idea/
  # vi
  .*.swp
--# pycharm
--.idea/
--.unit-state.db
--src/.unit-state.db
--
  # version data
  repo-info
++version
++# Python builds
++deb_dist/
++dist/
--# reports
--report/*
--src/report/*
--
--# virtual env
--venv/*
++# Snaps
++*.snap
--# builds
--builds/*
 \ No newline at end of file
++# Builds
++.build/
 \ No newline at end of file
 diff --git a/Makefile b/Makefile
 index c7506b2..0a84b5f 100644
 --- a/Makefile
 +++ b/Makefile
@@ -1,53 +1,80 @@
--PROJECTPATH = $(dir $(realpath $(MAKEFILE_LIST)))
--DIRNAME = $(notdir $(PROJECTPATH:%/=%))
++PYTHON := /usr/bin/python3
++PROJECTPATH=$(dir $(realpath $(MAKEFILE_LIST)))
  ifndef CHARM_BUILD_DIR
--    CHARM_BUILD_DIR := /tmp/$(DIRNAME)-builds
--    $(warning Warning CHARM_BUILD_DIR was not set, defaulting to $(CHARM_BUILD_DIR))
++	CHARM_BUILD_DIR=${PROJECTPATH}.build
  endif
++ifndef CHARM_LAYERS_DIR
++	CHARM_LAYERS_DIR=${PROJECTPATH}/layers
++endif
++ifndef CHARM_INTERFACES_DIR
++	CHARM_INTERFACES_DIR=${PROJECTPATH}/interfaces
++endif
++METADATA_FILE="src/metadata.yaml"
++CHARM_NAME=$(shell cat ${PROJECTPATH}/${METADATA_FILE} | grep -E "^name:" | awk '{print $$2}')
  help:
  	@echo "This project supports the following targets"
  	@echo ""
  	@echo " make help - show this text"
--	@echo " make lint - run flake8"
--	@echo " make test - run the functional tests, unittests and lint"
--	@echo " make unittest - run the tests defined in the unittest subdirectory"
--	@echo " make functional - run the tests defined in the functional subdirectory"
--	@echo " make release - build the charm"
  	@echo " make clean - remove unneeded files"
++	@echo " make submodules - make sure that the submodules are up-to-date"
++	@echo " make submodules-update - update submodules to latest changes on remote branch"
++	@echo " make build - build the charm"
++	@echo " make release - run clean, submodules, and build targets"
++	@echo " make lint - run flake8 and black --check"
++	@echo " make black - run black and reformat files"
++	@echo " make proof - run charm proof"
++	@echo " make unittests - run the tests defined in the unittest subdirectory"
++	@echo " make functional - run the tests defined in the functional subdirectory"
++	@echo " make test - run lint, proof, unittests and functional targets"
  	@echo ""
--lint:
--	@echo "Running flake8"
--	@tox -e lint
--
--test: lint unittest functional
++clean:
++	@echo "Cleaning files"
++	@git clean -ffXd -e '!.idea'
++	@echo "Cleaning existing build"
++	@rm -rf ${CHARM_BUILD_DIR}/${CHARM_NAME}
--functional: build
--	@PYTEST_KEEP_MODEL=$(PYTEST_KEEP_MODEL) \
--	    PYTEST_CLOUD_NAME=$(PYTEST_CLOUD_NAME) \
--	    PYTEST_CLOUD_REGION=$(PYTEST_CLOUD_REGION) \
--	    tox -e functional
++submodules:
++	# @git submodule update --init --recursive
++	@echo "No submodules. Skipping."
--unittest:
--	@tox -e unit
++submodules-update:
++	# @git submodule update --init --recursive --remote --merge
++	@echo "No submodules. Skipping."
  build:
--	@echo "Building charm to base directory $(CHARM_BUILD_DIR)"
--	@-git describe --tags > ./repo-info
--	@CHARM_LAYERS_DIR=./layers CHARM_INTERFACES_DIR=./interfaces TERM=linux\
--		charm build --output-dir $(CHARM_BUILD_DIR) $(PROJECTPATH) --force
++	@echo "Building charm to directory ${CHARM_BUILD_DIR}/${CHARM_NAME}"
++	@-git rev-parse --abbrev-ref HEAD > ./src/repo-info
++	@CHARM_LAYERS_DIR=${CHARM_LAYERS_DIR} CHARM_INTERFACES_DIR=${CHARM_INTERFACES_DIR} \
++		TERM=linux CHARM_BUILD_DIR=${CHARM_BUILD_DIR} charm build src/
  release: clean build
--	@echo "Charm is built at $(CHARM_BUILD_DIR)/builds"
++	@echo "Charm is built at ${CHARM_BUILD_DIR}/${CHARM_NAME}"
--clean:
--	@echo "Cleaning files"
--	@find $(PROJECTPATH) -iname __pycache__ -exec rm -r {} +
--	@if [ -d $(CHARM_BUILD_DIR)/builds ] ; then rm -r $(CHARM_BUILD_DIR)/builds ; fi
--	@if [ -d $(PROJECTPATH)/.tox ] ; then rm -r $(PROJECTPATH)/.tox ; fi
--	@if [ -d $(PROJECTPATH)/.pytest_cache ] ; then rm -r $(PROJECTPATH)/.pytest_cache ; fi
++lint:
++	@echo "Running lint checks"
++	@cd src && tox -e lint
++
++black:
++	@echo "Reformat files with black"
++	@cd src && tox -e black
++
++proof: build
++	@echo "Running charm proof"
++	@charm proof ${CHARM_BUILD_DIR}/${CHARM_NAME}
++
++unittests:
++	@echo "Running unit tests"
++	@cd src && tox -e unit
++
++functional: build
++	@echo "Executing functional tests in ${CHARM_BUILD_DIR}"
++	@cd src && CHARM_BUILD_DIR=${CHARM_BUILD_DIR} tox -e func
++
++test: lint proof unittests functional
++	@echo "Tests completed for charm ${CHARM_NAME}."
  # The targets below don't depend on a file
--.PHONY: lint test unittest functional build release clean help
++.PHONY: help submodules submodules-update clean build release lint black proof unittests functional test
 diff --git a/actions/remove-sudopair b/actions/remove-sudopair
 deleted file mode 120000
 index ff9536b..0000000
 --- a/actions/remove-sudopair
 +++ /dev/null
@@ -1 +0,0 @@
--./actions.py
 \ No newline at end of file
 diff --git a/interfaces/.empty b/interfaces/.empty
 new file mode 100644
 index 0000000..e69de29
 --- /dev/null
 +++ b/interfaces/.empty
 diff --git a/layers/.empty b/layers/.empty
 new file mode 100644
 index 0000000..e69de29
 --- /dev/null
 +++ b/layers/.empty
 diff --git a/lib/libsudopair.py b/lib/libsudopair.py
 deleted file mode 100644
 index 05d1f9d..0000000
 --- a/lib/libsudopair.py
 +++ /dev/null
@@ -1,151 +0,0 @@
--import grp
--import os
--
--from charmhelpers.core import hookenv, host, templating
--
--
--def check_valid_group(group_name):
--    """Check that a group exists."""
--    try:
--        grp.getgrnam(group_name)
--        return True
--    except KeyError:
--        return False
--
--
--def group_id(group_name):
--    """Check that a group exists."""
--    return grp.getgrnam(group_name).gr_gid
--
--
--def group_names_to_group_ids(group_names):
--    """
--    Return comma-separated list of Group Ids.
--
--    :param group_names: i.e. "root,user1,user2"
--    :return gids: i.e. "0,1001,1002"
--    """
--    group_names = list(filter(check_valid_group, group_names.split(',')))
--    return ','.join(map(str, (map(group_id, group_names))))
--
--
--def copy_file(source, destination, owner, group, perms):
--    """Copy a file on the unit."""
--    if destination is not None:
--        target_dir = os.path.dirname(destination)
--        if not os.path.exists(target_dir):
--            # This is a terrible default directory permission, as the file
--            # or its siblings will often contain secrets.
--            host.mkdir(os.path.dirname(destination), owner, group, perms=0o755)
--        with open(source, 'rb') as source_f:
--            host.write_file(destination, source_f.read(), perms=perms, owner=owner, group=group)
--
--
--class SudoPairHelper(object):
--    """Configure sudo-pair."""
--
--    def __init__(self):
--        """Retrieve charm config and set defaults."""
--        self.charm_config = hookenv.config()
--        self.binary_path = '/usr/bin/sudo_approve'
--        self.sudo_conf_path = '/etc/sudo.conf'
--        self.sudoers_path = '/etc/sudoers'
--        self.sudo_lib_path = '/usr/lib/sudo/sudo_pair.so'
--        self.sudoers_bypass_path = "/etc/sudoers.d/91-bypass-sudopair-cmds"
--        self.user_prompt_path = '/etc/sudo_pair.prompt.user'
--        self.pair_prompt_path = '/etc/sudo_pair.prompt.pair'
--        self.socket_dir = '/var/run/sudo_pair'
--        self.tmpfiles_conf = '/usr/lib/tmpfiles.d/sudo_pair.conf'
--        self.owner = 'root'
--        self.group = 'root'
--        self.socket_dir_perms = 0o644
--        self.sudo_pair_so_perms = 0o644
--        self.prompt_perms = 0o644
--        self.sudoers_perms = 0o440
--        self.sudo_conf_perms = 0o644
--        self.sudo_approve_perms = 0o755
--
--    def get_config(self):
--        """Return config as a dict."""
--        config = {
--            'binary_path': self.binary_path,
--            'user_prompt_path': self.user_prompt_path,
--            'pair_prompt_path': self.pair_prompt_path,
--            'socket_dir': self.socket_dir,
--            'gids_enforced': group_names_to_group_ids(self.charm_config['groups_enforced']),
--            'gids_exempted': group_names_to_group_ids(self.charm_config['groups_exempted']),
--        }
--
--        config.update(self.charm_config)
--        return config
--
--    def set_charm_config(self, charm_config):
--        """Update configuration."""
--        self.charm_config = charm_config
--
--    def render_sudo_conf(self):
--        """Render sudo.conf file."""
--        return templating.render('sudo.conf.tmpl', self.sudo_conf_path, self.get_config(),
--                                 perms=self.sudo_conf_perms, owner=self.owner, group=self.group)
--
--    def create_socket_dir(self):
--        """Create socket dir."""
--        host.mkdir(self.socket_dir, perms=self.socket_dir_perms, owner=self.owner, group=self.group)
--
--    def create_tmpfiles_conf(self):
--        """Create temporary conf file."""
--        with open(self.tmpfiles_conf, "w") as f:
--            f.write("d {} 0755 - - -\n".format(self.socket_dir))
--
--    def install_sudo_pair_so(self):
--        """Install sudo-pair lib."""
--        sudo_pair_lib = os.path.join(hookenv.charm_dir(), 'files', 'sudo_pair.so')
--        copy_file(sudo_pair_lib, self.sudo_lib_path, self.owner, self.group, self.sudo_pair_so_perms)
--
--    def copy_user_prompt(self):
--        """Copy user prompt on the unit."""
--        prompt_file = os.path.join(hookenv.charm_dir(), 'files', 'sudo.prompt.user')
--        copy_file(prompt_file, self.user_prompt_path, self.owner, self.group, self.prompt_perms)
--
--    def copy_pair_prompt(self):
--        """Copy pair prompt on the unit."""
--        prompt_file = os.path.join(hookenv.charm_dir(), 'files', 'sudo.prompt.pair')
--        copy_file(prompt_file, self.pair_prompt_path, self.owner, self.group, self.prompt_perms)
--
--    def copy_sudoers(self):
--        """Copy sudoers file on the unit."""
--        sudoers_file = os.path.join(hookenv.charm_dir(), 'files', 'sudoers')
--        copy_file(sudoers_file, self.sudoers_path, self.owner, self.group, self.sudoers_perms)
--
--    def render_sudo_approve(self):
--        """Render sudo-approve file."""
--        hookenv.log("Rendering sudo_approve.tmpl to {}".format(self.binary_path))
--        return templating.render('sudo_approve.tmpl', self.binary_path, self.get_config(),
--                                 perms=self.sudo_approve_perms, owner=self.owner, group=self.group)
--
--    def render_bypass_cmds(self):
--        """Render bypass command file."""
--        if self.get_config()['bypass_cmds'] != "" and self.get_config()['bypass_group'] != "":
--            hookenv.log("Render bypass cmds to {}".format(self.sudoers_bypass_path))
--            return templating.render('91-bypass-sudopair-cmds.tmpl', self.sudoers_bypass_path,
--                                     self.get_config(), perms=0o440, owner=self.owner, group=self.group)
--        return None
--
--    def deconfigure(self):
--        """Remove sudo-pair configuration."""
--        paths = [
--            self.sudo_conf_path,
--            self.sudo_lib_path,
--            self.binary_path,
--            self.user_prompt_path,
--            self.pair_prompt_path,
--            self.sudoers_bypass_path,
--            self.tmpfiles_conf
--        ]
--        hookenv.log("Deleting: {}".format(paths))
--        for path in paths:
--            try:
--                os.unlink(path)
--            except Exception as e:
--                # We're trying hard to delete all files, even if some might fail
--                hookenv.log("Got exception unlinking {}: {}, continuing".format(path, e))
 diff --git a/README.md b/src/README.md
 similarity index 98%
 rename from README.md
 rename to src/README.md
 index 0804cca..3c80295 100644
 --- a/README.md
 +++ b/src/README.md
@@ -45,7 +45,7 @@ tox -e functional
  # Contact Information
--Giuseppe Petralia <giuseppe.petralia@canonical.com>
++BootStack Charmers <bootstack-charmers@lists.canonical.com>
  [service]: https://github.com/square/sudo_pair
  [icon guidelines]: https://jujucharms.com/docs/stable/authors-charm-icon
 diff --git a/actions.yaml b/src/actions.yaml
 similarity index 100%
 rename from actions.yaml
 rename to src/actions.yaml
 diff --git a/actions/actions.py b/src/actions/actions.py
 similarity index 78%
 rename from actions/actions.py
 rename to src/actions/actions.py
 index ccf3ffc..6ab26a2 100755
 --- a/actions/actions.py
 +++ b/src/actions/actions.py
@@ -1,4 +1,5 @@
  #!/usr/local/sbin/charm-env python3
++"""Sudo Pair actions."""
+ #
  # Copyright 2016,2019,2020 Canonical Ltd
+ #
@@ -13,10 +14,13 @@
  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  # See the License for the specific language governing permissions and
  # limitations under the License.
++import logging
++import logging.handlers
  import os
++import subprocess
  import sys
--from charmhelpers.core.hookenv import action_fail, action_set
++from charmhelpers.core.hookenv import action_fail, action_set, status_set
  sys.path.append("lib")
@@ -24,11 +28,23 @@ sys.path.append("lib")
  import libsudopair  # NOQA
++logger = logging.getLogger("sudopair")
++logger.setLevel(logging.INFO)
++handler = logging.handlers.SysLogHandler(
++    address="/dev/log", facility=logging.handlers.SysLogHandler.LOG_AUTH
++)
++logger.addHandler(handler)
++
++
  def remove():
      """Remove sudo-pair config and binaries."""
      sph = libsudopair.SudoPairHelper()
      sph.deconfigure()
--    action_set({"message": "Successfully removed sudo-pair config and binaries"})
++    msg = "Successfully removed sudo-pair config and binaries"
++    logger.warning(msg)
++    subprocess.run(["/usr/bin/pagerdutyevent.py", msg])
++    action_set({"message": msg})
++    status_set("active", msg)
  # A dictionary of all the defined actions to callables (which take
@@ -37,6 +53,7 @@ ACTIONS = {"remove-sudopair": remove}
  def main(args):
++    """Dispatch actions based on command arguments."""
      action_name = os.path.basename(args[0])
      try:
          ACTIONS[action_name]()
 diff --git a/src/actions/remove-sudopair b/src/actions/remove-sudopair
 new file mode 120000
 index 0000000..ff9536b
 --- /dev/null
 +++ b/src/actions/remove-sudopair
@@ -0,0 +1 @@
++./actions.py
 \ No newline at end of file
 diff --git a/config.yaml b/src/config.yaml
 similarity index 86%
 rename from config.yaml
 rename to src/config.yaml
 index 795269b..6089ac9 100644
 --- a/config.yaml
 +++ b/src/config.yaml
@@ -19,3 +19,11 @@ options:
      type: boolean
      default: true
      description: "If true, auto approval is permitted."
++  pagerduty_key:
++    type: string
++    default: ''
++    description: "If set, a pagerduty event will be triggered upon auto-approving"
++  pagerduty_context:
++    type: string
++    default: ''
++    description: "Prefix to add to pagerduty events"
 diff --git a/src/copyright b/src/copyright
 new file mode 100644
 index 0000000..8fc50d9
 --- /dev/null
 +++ b/src/copyright
@@ -0,0 +1,16 @@
++Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0
++
++Files: *
++Copyright: 2018-2020, Canonical Ltd.
++License: Apache-2.0
++ Licensed under the Apache License, Version 2.0 (the "License"); you may
++ not use this file except in compliance with the License. You may obtain
++ a copy of the License at
++
++      http://www.apache.org/licenses/LICENSE-2.0
++
++ Unless required by applicable law or agreed to in writing, software
++ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
++ WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
++ License for the specific language governing permissions and limitations
++ under the License.
 diff --git a/src/files/pagerdutyevent.py b/src/files/pagerdutyevent.py
 new file mode 100644
 index 0000000..f33be42
 --- /dev/null
 +++ b/src/files/pagerdutyevent.py
@@ -0,0 +1,68 @@
++#!/usr/bin/env python3
++"""Send events to pagerduty."""
++
++import argparse
++import configparser
++import json
++import logging
++import logging.handlers
++
++import requests
++
++logger = logging.getLogger("sudopair")
++logger.setLevel(logging.INFO)
++handler = logging.handlers.SysLogHandler(
++    address="/dev/log", facility=logging.handlers.SysLogHandler.LOG_AUTH
++)
++logger.addHandler(handler)
++
++
++def args():
++    """Get cli args."""
++    parser = argparse.ArgumentParser()
++    parser.add_argument("summary")
++    return parser.parse_args()
++
++
++def trigger_incident(pd_key, summary, source, https_proxy=None):
++    """Send an event to the PD events endpoint."""
++    header = {"Content-Type": "application/json"}
++
++    payload = {
++        "routing_key": pd_key,
++        "event_action": "trigger",
++        "payload": {"summary": summary, "source": source, "severity": "info"},
++    }
++    if https_proxy:
++        proxies = {"https": https_proxy}
++    else:
++        proxies = None
++    response = requests.post(
++        "https://events.pagerduty.com/v2/enqueue",
++        data=json.dumps(payload),
++        proxies=proxies,
++        headers=header,
++    )
++
++    if response.json()["status"] == "success":
++        logger.info("Triggered alert with key {}".format(response.json()["dedup_key"]))
++    else:
++        logger.warning("Failed to send pagerduty alert: {}".format(response.text))
++
++
++def get_conf():
++    """Return config options from file."""
++    config = configparser.ConfigParser()
++    config.read("/etc/sudo_pair.pagerduty.ini")
++    sec = config["DEFAULT"]
++    return sec["pagerduty_key"], sec["pagerduty_source"], sec.get("https_proxy")
++
++
++def main():
++    """Run the script."""
++    pd_key, source, https_proxy = get_conf()
++    trigger_incident(pd_key, args().summary, source, https_proxy)
++
++
++if __name__ == "__main__":
++    main()
 diff --git a/files/sudo.prompt.pair b/src/files/sudo.prompt.pair
 similarity index 100%
 rename from files/sudo.prompt.pair
 rename to src/files/sudo.prompt.pair
 diff --git a/files/sudo.prompt.user b/src/files/sudo.prompt.user
 similarity index 100%
 rename from files/sudo.prompt.user
 rename to src/files/sudo.prompt.user
 diff --git a/files/sudo_pair.so b/src/files/sudo_pair.so
 similarity index 100%
 rename from files/sudo_pair.so
 rename to src/files/sudo_pair.so
 Binary files a/files/sudo_pair.so and b/src/files/sudo_pair.so differ
 diff --git a/files/sudoers b/src/files/sudoers
 similarity index 100%
 rename from files/sudoers
 rename to src/files/sudoers
 diff --git a/layer.yaml b/src/layer.yaml
 similarity index 100%
 rename from layer.yaml
 rename to src/layer.yaml
 diff --git a/src/lib/libsudopair.py b/src/lib/libsudopair.py
 new file mode 100644
 index 0000000..c66873a
 --- /dev/null
 +++ b/src/lib/libsudopair.py
@@ -0,0 +1,237 @@
++"""Sudo pair utilities."""
++import grp
++import os
++
++from charmhelpers.core import hookenv, host, templating
++
++
++def check_valid_group(group_name):
++    """Check that a group exists."""
++    try:
++        grp.getgrnam(group_name)
++        return True
++    except KeyError:
++        return False
++
++
++def group_id(group_name):
++    """Check that a group exists."""
++    return grp.getgrnam(group_name).gr_gid
++
++
++def group_names_to_group_ids(group_names):
++    """
++    Return comma-separated list of Group Ids.
++
++    :param group_names: i.e. "root,user1,user2"
++    :return gids: i.e. "0,1001,1002"
++    """
++    group_names = list(filter(check_valid_group, group_names.split(",")))
++    return ",".join(map(str, (map(group_id, group_names))))
++
++
++def copy_file(source, destination, owner, group, perms):
++    """Copy a file on the unit."""
++    if destination is not None:
++        target_dir = os.path.dirname(destination)
++        if not os.path.exists(target_dir):
++            # This is a terrible default directory permission, as the file
++            # or its siblings will often contain secrets.
++            host.mkdir(os.path.dirname(destination), owner, group, perms=0o755)
++        with open(source, "rb") as source_f:
++            host.write_file(
++                destination, source_f.read(), perms=perms, owner=owner, group=group
++            )
++
++
++class SudoPairHelper(object):
++    """Configure sudo-pair."""
++
++    def __init__(self):
++        """Retrieve charm config and set defaults."""
++        self.charm_config = hookenv.config()
++        self.binary_path = "/usr/bin/sudo_approve"
++        self.sudo_conf_path = "/etc/sudo.conf"
++        self.sudoers_path = "/etc/sudoers"
++        self.sudo_lib_path = "/usr/lib/sudo/sudo_pair.so"
++        self.sudoers_bypass_path = "/etc/sudoers.d/91-bypass-sudopair-cmds"
++        self.user_prompt_path = "/etc/sudo_pair.prompt.user"
++        self.pair_prompt_path = "/etc/sudo_pair.prompt.pair"
++        self.socket_dir = "/var/run/sudo_pair"
++        self.tmpfiles_conf = "/usr/lib/tmpfiles.d/sudo_pair.conf"
++        self.owner = "root"
++        self.group = "root"
++        self.socket_dir_perms = 0o644
++        self.sudo_pair_so_perms = 0o644
++        self.prompt_perms = 0o644
++        self.sudoers_perms = 0o440
++        self.sudo_conf_perms = 0o644
++        self.sudo_approve_perms = 0o755
++        self.pagerduty_conf_path = "/etc/sudo_pair.pagerduty.ini"
++        self.pagerduty_path = "/usr/bin/pagerdutyevent.py"
++        self.pagerduty_perms = 0o755
++
++    def get_config(self):
++        """Return config as a dict."""
++        config = {
++            "binary_path": self.binary_path,
++            "user_prompt_path": self.user_prompt_path,
++            "pair_prompt_path": self.pair_prompt_path,
++            "socket_dir": self.socket_dir,
++            "gids_enforced": group_names_to_group_ids(
++                self.charm_config["groups_enforced"]
++            ),
++            "gids_exempted": group_names_to_group_ids(
++                self.charm_config["groups_exempted"]
++            ),
++            "pagerduty_key": self.charm_config.get("pagerduty_key"),
++        }
++        proxy_settings = hookenv.env_proxy_settings()
++        if proxy_settings:
++            config["https_proxy"] = proxy_settings.get("https_proxy")
++        config.update(self.charm_config)
++        return config
++
++    def set_charm_config(self, charm_config):
++        """Update configuration."""
++        self.charm_config = charm_config
++
++    def copy_pagerduty(self):
++        """Copy PD script in place."""
++        pd_file = os.path.join(hookenv.charm_dir(), "files", "pagerdutyevent.py")
++        copy_file(
++            pd_file, self.pagerduty_path, self.owner, self.group, self.pagerduty_perms
++        )
++
++    def render_sudo_conf(self):
++        """Render sudo.conf file."""
++        return templating.render(
++            "sudo.conf.tmpl",
++            self.sudo_conf_path,
++            self.get_config(),
++            perms=self.sudo_conf_perms,
++            owner=self.owner,
++            group=self.group,
++        )
++
++    def create_socket_dir(self):
++        """Create socket dir."""
++        host.mkdir(
++            self.socket_dir,
++            perms=self.socket_dir_perms,
++            owner=self.owner,
++            group=self.group,
++        )
++
++    def create_tmpfiles_conf(self):
++        """Create temporary conf file."""
++        with open(self.tmpfiles_conf, "w") as f:
++            f.write("d {} 0755 - - -\n".format(self.socket_dir))
++
++    def install_sudo_pair_so(self):
++        """Install sudo-pair lib."""
++        sudo_pair_lib = os.path.join(hookenv.charm_dir(), "files", "sudo_pair.so")
++        copy_file(
++            sudo_pair_lib,
++            self.sudo_lib_path,
++            self.owner,
++            self.group,
++            self.sudo_pair_so_perms,
++        )
++
++    def copy_user_prompt(self):
++        """Copy user prompt on the unit."""
++        prompt_file = os.path.join(hookenv.charm_dir(), "files", "sudo.prompt.user")
++        copy_file(
++            prompt_file,
++            self.user_prompt_path,
++            self.owner,
++            self.group,
++            self.prompt_perms,
++        )
++
++    def copy_pair_prompt(self):
++        """Copy pair prompt on the unit."""
++        prompt_file = os.path.join(hookenv.charm_dir(), "files", "sudo.prompt.pair")
++        copy_file(
++            prompt_file,
++            self.pair_prompt_path,
++            self.owner,
++            self.group,
++            self.prompt_perms,
++        )
++
++    def copy_sudoers(self):
++        """Copy sudoers file on the unit."""
++        sudoers_file = os.path.join(hookenv.charm_dir(), "files", "sudoers")
++        copy_file(
++            sudoers_file, self.sudoers_path, self.owner, self.group, self.sudoers_perms
++        )
++
++    def render_sudo_approve(self):
++        """Render sudo-approve file."""
++        hookenv.log("Rendering sudo_approve.tmpl to {}".format(self.binary_path))
++        return templating.render(
++            "sudo_approve.tmpl",
++            self.binary_path,
++            self.get_config(),
++            perms=self.sudo_approve_perms,
++            owner=self.owner,
++            group=self.group,
++        )
++
++    def render_bypass_cmds(self):
++        """Render bypass command file."""
++        if (
++            self.get_config()["bypass_cmds"] != ""
++            and self.get_config()["bypass_group"] != ""
++        ):
++            hookenv.log("Render bypass cmds to {}".format(self.sudoers_bypass_path))
++            return templating.render(
++                "91-bypass-sudopair-cmds.tmpl",
++                self.sudoers_bypass_path,
++                self.get_config(),
++                perms=0o440,
++                owner=self.owner,
++                group=self.group,
++            )
++        return None
++
++    def render_pagerduty_conf(self):
++        """Create the PD script configuration."""
++        pd_source = "{}-{}".format(
++            self.charm_config.get("pagerduty_context", "juju"), hookenv.principal_unit()
++        )
++        cfg = self.get_config()
++        cfg["pagerduty_source"] = pd_source
++        hookenv.log(
++            "Rendering pagerduty configuration to {}".format(self.pagerduty_conf_path)
++        )
++        return templating.render(
++            "sudo_pair.pagerduty.tmpl",
++            self.pagerduty_conf_path,
++            cfg,
++            owner=self.owner,
++            group=self.group,
++        )
++
++    def deconfigure(self):
++        """Remove sudo-pair configuration."""
++        paths = [
++            self.sudo_conf_path,
++            self.sudo_lib_path,
++            self.binary_path,
++            self.user_prompt_path,
++            self.pair_prompt_path,
++            self.sudoers_bypass_path,
++            self.tmpfiles_conf,
++        ]
++        hookenv.log("Deleting: {}".format(paths))
++        for path in paths:
++            try:
++                os.unlink(path)
++            except Exception as e:
++                # We're trying hard to delete all files, even if some might fail
++                hookenv.log(
++                    "Got exception unlinking {}: {}, continuing".format(path, e)
++                )
 diff --git a/metadata.yaml b/src/metadata.yaml
 similarity index 94%
 rename from metadata.yaml
 rename to src/metadata.yaml
 index fe2a13c..8b6a9d4 100644
 --- a/metadata.yaml
 +++ b/src/metadata.yaml
@@ -1,7 +1,7 @@
  name: sudo-pair
  display-name: sudo-pair
  summary: sudo_pair is a sudo plugin to manage root privileges
--maintainer: LMA Charmers <llama-charmers@lists.ubuntu.com>
++maintainer: BootStack Charmers <bootstack-charmers@lists.canonical.com>
  description: |
    sudo_pair is a sudo plugin that ensure that if a user tries to get root privileges,
    he will need an authorization from a pair
 diff --git a/reactive/sudo_pair.py b/src/reactive/sudo_pair.py
 similarity index 55%
 rename from reactive/sudo_pair.py
 rename to src/reactive/sudo_pair.py
 index 974dd66..392383b 100644
 --- a/reactive/sudo_pair.py
 +++ b/src/reactive/sudo_pair.py
@@ -1,3 +1,5 @@
++"""Charm reactive hooks."""
++
  from charmhelpers.core import hookenv
  from charms.reactive import hook, remove_state, set_state, when, when_not
@@ -7,10 +9,14 @@ from libsudopair import SudoPairHelper
  sph = SudoPairHelper()
--@when('apt.installed.socat')
--@when_not('sudo-pair.configured')
++@when("apt.installed.socat")
++@when_not("sudo-pair.configured")
  def install_sudo_pair():
--    # Install sudo_pair.so, create socket dir, copy sudo_approve to /usr/bin, copy prompts to /etc
++    """Install sudo pair.
++
++    Install sudo_pair.so, create socket dir, copy sudo_approve to /usr/bin
++    and copy prompts to /etc.
++    """
      sph.install_sudo_pair_so()
      sph.create_socket_dir()
@@ -26,24 +32,33 @@ def install_sudo_pair():
      # Add "Defaults log_output to /etc/sudoers
      sph.copy_sudoers()
++    # Add pagerduty script and config
++    sph.copy_pagerduty()
++    sph.render_pagerduty_conf()
++
      # If there are cmds to bypass sudo pairing create file unders sudoers.d
      sph.render_bypass_cmds()
      # Add Plugin sudo_pair sudo_pair.so to sudo.conf
      sph.render_sudo_conf()
--    set_state('sudo-pair.installed')
--    set_state('sudo-pair.configured')
--    hookenv.status_set('active', 'sudo pairing for users groups: [{}]'.format(sph.get_config()['gids_enforced']))
++    set_state("sudo-pair.installed")
++    set_state("sudo-pair.configured")
++    hookenv.status_set(
++        "active",
++        "sudo pairing for users groups: [{}]".format(sph.get_config()["gids_enforced"]),
++    )
--@hook('config-changed')
++@hook("config-changed")
  def reconfigure_sudo_pair_charm():
++    """Run config-changed hook."""
      sph.set_charm_config(hookenv.config())
--    remove_state('sudo-pair.configured')
++    remove_state("sudo-pair.configured")
--@hook('stop')
++@hook("stop")
  def stop():
++    """Run stop hook and remove charm configuration."""
      sph.deconfigure()
--    remove_state('sudo-pair.installed')
++    remove_state("sudo-pair.installed")
 diff --git a/templates/91-bypass-sudopair-cmds.tmpl b/src/templates/91-bypass-sudopair-cmds.tmpl
 similarity index 100%
 rename from templates/91-bypass-sudopair-cmds.tmpl
 rename to src/templates/91-bypass-sudopair-cmds.tmpl
 diff --git a/templates/sudo.conf.tmpl b/src/templates/sudo.conf.tmpl
 similarity index 100%
 rename from templates/sudo.conf.tmpl
 rename to src/templates/sudo.conf.tmpl
 diff --git a/templates/sudo_approve.tmpl b/src/templates/sudo_approve.tmpl
 similarity index 96%
 rename from templates/sudo_approve.tmpl
 rename to src/templates/sudo_approve.tmpl
 index 7164b5a..49665d3 100755
 --- a/templates/sudo_approve.tmpl
 +++ b/src/templates/sudo_approve.tmpl
@@ -88,7 +88,7 @@ main() {
      declare -r username
      declare log_line
--    log_line="$(date "+[%b %d %H:%M:%S] WARNING: ${username} approved is own sudo session.")"
++    log_line="WARNING: ${username} approved own sudo session."
      declare -r log_line
      if [[ "${uid}" -eq "${ruid}" ]]; then
@@ -97,7 +97,10 @@ main() {
          exit 1
          {% else %}
          echo "You are approving your own session. The incident will be logged."
--        echo ${log_line} >> /var/log/sudo_pair.log
++        logger -p auth.warn $log_line
++        {% if pagerduty_key %}
++          /usr/bin/pagerdutyevent.py "$log_line"
++        {% endif %}
          {% endif %}
      fi
 diff --git a/src/templates/sudo_pair.pagerduty.tmpl b/src/templates/sudo_pair.pagerduty.tmpl
 new file mode 100644
 index 0000000..2185cf9
 --- /dev/null
 +++ b/src/templates/sudo_pair.pagerduty.tmpl
@@ -0,0 +1,6 @@
++[DEFAULT]
++pagerduty_key: {{ pagerduty_key }}
++pagerduty_source: {{ pagerduty_source }}
++{% if https_proxy -%}
++https_proxy: {{ https_proxy }}
++{% endif %}
 \ No newline at end of file
 diff --git a/tests/00-unit b/src/tests/00-unit
 similarity index 100%
 rename from tests/00-unit
 rename to src/tests/00-unit
 diff --git a/tests/01-functional b/src/tests/01-functional
 similarity index 100%
 rename from tests/01-functional
 rename to src/tests/01-functional
 diff --git a/tests/functional/conftest.py b/src/tests/functional/conftest.py
 similarity index 75%
 rename from tests/functional/conftest.py
 rename to src/tests/functional/conftest.py
 index aa42a09..fdd4356 100644
 --- a/tests/functional/conftest.py
 +++ b/src/tests/functional/conftest.py
@@ -1,4 +1,5 @@
  #!/usr/bin/python3
++"""Functional tests utilities."""
  import asyncio
  import json
@@ -16,7 +17,7 @@ import pytest
  STAT_FILE = "python3 -c \"import json; import os; s=os.stat('%s'); print(json.dumps({'uid': s.st_uid, 'gid': s.st_gid, 'mode': oct(s.st_mode), 'size': s.st_size}))\""  # noqa: E501
--@pytest.yield_fixture(scope='module')
++@pytest.yield_fixture(scope="module")
  def event_loop(request):
      """Override the default pytest event loop to allow for broaded scopedv fixtures."""
      loop = asyncio.get_event_loop_policy().new_event_loop()
@@ -27,7 +28,7 @@ def event_loop(request):
      asyncio.set_event_loop(None)
--@pytest.fixture(scope='module')
++@pytest.fixture(scope="module")
  async def controller():
      """Connect to the current controller."""
      controller = Controller()
@@ -36,21 +37,21 @@ async def controller():
      await controller.disconnect()
--@pytest.fixture(scope='module')
++@pytest.fixture(scope="module")
  async def model(controller):
      """Create a model that lives only for the duration of the test."""
      model_name = "functest-{}".format(uuid.uuid4())
      model = await controller.add_model(model_name)
      yield model
      await model.disconnect()
--    if os.getenv('test_preserve_model'):
++    if os.getenv("PYTEST_KEEP_MODEL"):
          return
      await controller.destroy_model(model_name)
      while model_name in await controller.list_models():
          await asyncio.sleep(1)
--@pytest.fixture(scope='module')
++@pytest.fixture(scope="module")
  async def current_model():
      """Return the current model, does not create or destroy it."""
      model = Model()
@@ -60,31 +61,36 @@ async def current_model():
  @pytest.fixture
--async def get_app(model):
++async def get_app(model):  # noqa: D202
      """Return the application requested."""
++
      async def _get_app(name):
          try:
              return model.applications[name]
          except KeyError:
              raise JujuError("Cannot find application {}".format(name))
++
      return _get_app
  @pytest.fixture
--async def get_unit(model):
++async def get_unit(model):  # noqa: D202
      """Return the requested <app_name>/<unit_number> unit."""
++
      async def _get_unit(name):
          try:
--            (app_name, unit_number) = name.split('/')
++            (app_name, unit_number) = name.split("/")
              return model.applications[app_name].units[unit_number]
          except (KeyError, ValueError):
              raise JujuError("Cannot find unit {}".format(name))
++
      return _get_unit
  @pytest.fixture
--async def get_entity(model, get_unit, get_app):
++async def get_entity(model, get_unit, get_app):  # noqa: D202
      """Return a unit or an application."""
++
      async def _get_entity(name):
          try:
              return await get_unit(name)
@@ -93,61 +99,65 @@ async def get_entity(model, get_unit, get_app):
                  return await get_app(name)
              except JujuError:
                  raise JujuError("Cannot find entity {}".format(name))
++
      return _get_entity
  @pytest.fixture
--async def run_command(get_unit):
--    """
--    Run a command on a unit.
++async def run_command(get_unit):  # noqa: D202
++    """Run a command on an unit."""
--    :param cmd: Command to be run
--    :param target: Unit object or unit name string
--    """
      async def _run_command(cmd, target):
--        unit = (
--            target
--            if type(target) is juju.unit.Unit
--            else await get_unit(target)
--        )
++        """Run a command on a unit.
++
++        :param cmd: Command to be run
++        :param target: Unit object or unit name string
++        """
++        unit = target if type(target) is juju.unit.Unit else await get_unit(target)
          action = await unit.run(cmd)
          return action.results
++
      return _run_command
  @pytest.fixture
--async def file_stat(run_command):
--    """
--    Run stat on a file.
++async def file_stat(run_command):  # noqa: D202
++    """Get file stat from an unit."""
--    :param path: File path
--    :param target: Unit object or unit name string
--    """
      async def _file_stat(path, target):
++        """Run stat on a file.
++
++        :param path: File path
++        :param target: Unit object or unit name string
++        """
          cmd = STAT_FILE % path
          results = await run_command(cmd, target)
--        return json.loads(results['Stdout'])
++        return json.loads(results["Stdout"])
++
      return _file_stat
  @pytest.fixture
--async def file_contents(run_command):
--    """
--    Return the contents of a file.
++async def file_contents(run_command):  # noqa: D202
++    """Return the contents of a file."""
--    :param path: File path
--    :param target: Unit object or unit name string
--    """
      async def _file_contents(path, target):
--        cmd = 'cat {}'.format(path)
++        """Return the contents of a file.
++
++        :param path: File path
++        :param target: Unit object or unit name string
++        """
++        cmd = "cat {}".format(path)
          results = await run_command(cmd, target)
--        return results['Stdout']
++        return results["Stdout"]
++
      return _file_contents
  @pytest.fixture
--async def reconfigure_app(get_app, model):
++async def reconfigure_app(get_app, model):  # noqa: D202
      """Apply a different config to the requested app."""
++
      async def _reconfigure_app(cfg, target):
          application = (
              target
@@ -156,14 +166,17 @@ async def reconfigure_app(get_app, model):
+         )
          await application.set_config(cfg)
          await application.get_config()
--        await model.block_until(lambda: application.status == 'active')
++        await model.block_until(lambda: application.status == "active")
++
      return _reconfigure_app
  @pytest.fixture
--async def create_group(run_command):
++async def create_group(run_command):  # noqa: D202
      """Create the UNIX group specified."""
++
      async def _create_group(group_name, target):
          cmd = "sudo groupadd %s" % group_name
          await run_command(cmd, target)
++
      return _create_group
 diff --git a/tests/functional/requirements.txt b/src/tests/functional/requirements.txt
 similarity index 100%
 rename from tests/functional/requirements.txt
 rename to src/tests/functional/requirements.txt
 diff --git a/tests/functional/test_deploy.py b/src/tests/functional/test_deploy.py
 similarity index 51%
 rename from tests/functional/test_deploy.py
 rename to src/tests/functional/test_deploy.py
 index cdb5ae4..11e8297 100644
 --- a/tests/functional/test_deploy.py
 +++ b/src/tests/functional/test_deploy.py
@@ -1,4 +1,5 @@
  #!/usr/bin/python3.6
++"""Charm functional tests."""
  import os
@@ -6,14 +7,16 @@ import pytest
  pytestmark = pytest.mark.asyncio
--charm_build_dir = os.getenv('CHARM_BUILD_DIR', '..').rstrip('/')
++charm_build_dir = os.getenv("CHARM_BUILD_DIR").rstrip("/")
--sources = [('local', '{}/builds/sudo-pair'.format(charm_build_dir))]
++sources = [("local", "{}/sudo-pair".format(charm_build_dir))]
--series = ['xenial',
--          'bionic',
--          ]
++series = [
++    "xenial",
++    "bionic",
++    "focal",
++]
  ############
@@ -36,8 +39,8 @@ def source(request):
  @pytest.fixture
  async def app(model, series, source):
      """Return application of the charm under test."""
--    app_name = 'sudo-pair-{}'.format(series)
--    return await model._wait_for_new('application', app_name)
++    app_name = "sudo-pair-{}".format(series)
++    return await model._wait_for_new("application", app_name)
  @pytest.fixture
@@ -50,108 +53,92 @@ async def unit(app):
  # TESTS #
  #########
++
  async def test_deploy_app(model, series, source):
      """Deploy the sudo_pair app as a subordinate of ubuntu."""
      await model.deploy(
--        'ubuntu',
--        application_name='ubuntu-' + series,
--        series=series,
--        channel='stable'
++        "ubuntu", application_name="ubuntu-" + series, series=series, channel="stable"
+     )
      sudo_pair_app = await model.deploy(
          source[1],
--        application_name='sudo-pair-' + series,
++        application_name="sudo-pair-" + series,
          series=series,
          num_units=0,
          config={
--            'bypass_cmds': '/bin/ls',
--            'groups_enforced': 'ubuntu',
--            'bypass_group': 'warthogs',
--        }
++            "bypass_cmds": "/bin/ls",
++            "groups_enforced": "ubuntu",
++            "bypass_group": "warthogs",
++        },
+     )
      await model.add_relation(
--        'ubuntu-{}:juju-info'.format(series),
--        'sudo-pair-{}:juju-info'.format(series))
++        "ubuntu-{}:juju-info".format(series), "sudo-pair-{}:juju-info".format(series)
++    )
--    await model.block_until(lambda: sudo_pair_app.status == 'active')
++    await model.block_until(lambda: sudo_pair_app.status == "active")
      # no need to cleanup since the model will be be torn down at the end of the
      # testing
  async def test_status(app):
      """Check that the app is in active state."""
--    assert app.status == 'active'
--
--
--@pytest.mark.parametrize("path,expected_stat", [
--    ('/usr/lib/sudo/sudo_pair.so', {
--        'gid': 0,
--        'uid': 0,
--        'mode': '0o100644'}),
--    ('/usr/bin/sudo_approve', {
--        'gid': 0,
--        'uid': 0,
--        'mode': '0o100755'}),
--    ('/etc/sudo_pair.prompt.user', {
--        'gid': 0,
--        'uid': 0,
--        'mode': '0o100644'}),
--    ('/etc/sudo_pair.prompt.pair', {
--        'gid': 0,
--        'uid': 0,
--        'mode': '0o100644'}),
--    ('/var/run/sudo_pair', {
--        'gid': 0,
--        'uid': 0,
--        'mode': '0o40644'})])
++    assert app.status == "active"
++
++
++@pytest.mark.parametrize(
++    "path,expected_stat",
++    [
++        ("/usr/lib/sudo/sudo_pair.so", {"gid": 0, "uid": 0, "mode": "0o100644"}),
++        ("/usr/bin/sudo_approve", {"gid": 0, "uid": 0, "mode": "0o100755"}),
++        ("/etc/sudo_pair.prompt.user", {"gid": 0, "uid": 0, "mode": "0o100644"}),
++        ("/etc/sudo_pair.prompt.pair", {"gid": 0, "uid": 0, "mode": "0o100644"}),
++        ("/var/run/sudo_pair", {"gid": 0, "uid": 0, "mode": "0o40644"}),
++    ],
++)
  async def test_stats(path, expected_stat, unit, file_stat):
      """Check that created files have the correct permissions."""
      test_stat = await file_stat(path, unit)
--    assert test_stat['size'] > 0
--    assert test_stat['gid'] == expected_stat['gid']
--    assert test_stat['uid'] == expected_stat['uid']
--    assert test_stat['mode'] == expected_stat['mode']
++    assert test_stat["size"] > 0
++    assert test_stat["gid"] == expected_stat["gid"]
++    assert test_stat["uid"] == expected_stat["uid"]
++    assert test_stat["mode"] == expected_stat["mode"]
  async def test_sudoers(file_contents, unit):
      """Check the content of sudoers file."""
      sudoers_content = await file_contents("/etc/sudoers", unit)
--    assert 'Defaults	log_output' in sudoers_content
++    assert "Defaults	log_output" in sudoers_content
  async def test_sudoers_bypass_conf(file_contents, unit):
      """Check the content of sudoers bypass command file."""
      path = "/etc/sudoers.d/91-bypass-sudopair-cmds"
--    sudoers_bypass_content = await file_contents(path=path,
--                                                 target=unit)
--    content = '%warthogs ALL = (ALL) NOLOG_OUTPUT: /bin/ls'
++    sudoers_bypass_content = await file_contents(path=path, target=unit)
++    content = "%warthogs ALL = (ALL) NOLOG_OUTPUT: /bin/ls"
      assert content in sudoers_bypass_content
  async def test_reconfigure(reconfigure_app, file_contents, unit, app):
--    """Change a charm config parameter and verify that it has been propagated to the unit."""
--    sudo_approve_path = '/usr/bin/sudo_approve'
--    await reconfigure_app(cfg={'auto_approve': 'false'},
--                          target=app)
--    sudo_approve_content = await file_contents(path=sudo_approve_path,
--                                               target=unit)
++    """Change a charm config parameter and verify it is applied."""
++    sudo_approve_path = "/usr/bin/sudo_approve"
++    await reconfigure_app(cfg={"auto_approve": "false"}, target=app)
++    sudo_approve_content = await file_contents(path=sudo_approve_path, target=unit)
      new_content = 'echo "You can\'t approve your own session."'
      assert new_content in sudo_approve_content
  async def test_remove_relation(app, model, run_command):
      """Check that the relation is removed."""
--    series = app.units[0].data['series']
--    app_name = 'sudo-pair-{}'.format(series)
--    principalname = 'ubuntu-{}'.format(series)
++    series = app.units[0].data["series"]
++    app_name = "sudo-pair-{}".format(series)
++    principalname = "ubuntu-{}".format(series)
      await app.remove_relation(
--        '{}:juju-info'.format(app_name),
--        '{}:juju-info'.format(principalname))
++        "{}:juju-info".format(app_name), "{}:juju-info".format(principalname)
++    )
      await model.block_until(lambda: not app.relations)
      principal = model.applications[principalname].units[0]
--    res = await run_command('test -f /etc/sudo.conf || echo gone', target=principal)
--    assert res['Stdout'].strip() == 'gone'
++    res = await run_command("test -f /etc/sudo.conf || echo gone", target=principal)
++    assert res["Stdout"].strip() == "gone"
      await model.add_relation(
--        '{}:juju-info'.format(principalname),
--        '{}:juju-info'.format(app_name))
++        "{}:juju-info".format(principalname), "{}:juju-info".format(app_name)
++    )
      await model.block_until(lambda: app.relations)
 diff --git a/tests/tests.yaml b/src/tests/tests.yaml
 similarity index 100%
 rename from tests/tests.yaml
 rename to src/tests/tests.yaml
 diff --git a/tests/unit/conftest.py b/src/tests/unit/conftest.py
 similarity index 82%
 rename from tests/unit/conftest.py
 rename to src/tests/unit/conftest.py
 index c0800ea..bc65d15 100644
 --- a/tests/unit/conftest.py
 +++ b/src/tests/unit/conftest.py
@@ -1,4 +1,5 @@
  #!/usr/bin/python3
++"""Unit tests utilities."""
  import grp
  import os
@@ -10,29 +11,33 @@ import pytest
  @pytest.fixture
  def mock_hookenv_config(monkeypatch):
++    """Mock hookenv config."""
      import yaml
      def mock_config():
          cfg = {}
--        yml = yaml.load(open('./config.yaml'))
++        yml = yaml.safe_load(open("./config.yaml"))
          # Load all defaults
--        for key, value in yml['options'].items():
--            cfg[key] = value['default']
++        for key, value in yml["options"].items():
++            cfg[key] = value["default"]
          return cfg
--    monkeypatch.setattr('charmhelpers.core.hookenv.config', mock_config)
++    monkeypatch.setattr("charmhelpers.core.hookenv.config", mock_config)
  @pytest.fixture
  def mock_charm_dir(monkeypatch):
--    monkeypatch.setattr('charmhelpers.core.hookenv.charm_dir', lambda: '.')
++    """Mock charm dir."""
++    monkeypatch.setattr("charmhelpers.core.hookenv.charm_dir", lambda: ".")
  @pytest.fixture
  def sph(mock_hookenv_config, mock_charm_dir, tmpdir):
++    """Return SudoPairHelpers with mocks."""
      from libsudopair import SudoPairHelper
++
      sph = SudoPairHelper()
      sph.owner = pwd.getpwuid(os.getuid()).pw_name
      sph.group = grp.getgrgid(os.getgid()).gr_name
@@ -49,4 +54,5 @@ def sph(mock_hookenv_config, mock_charm_dir, tmpdir):
      sph.sudoers_bypass_path = tmpdir.join(sph.sudoers_bypass_path)
      sph.socket_dir_perms = 0o775
      sph.sudo_conf_perms = 0o644
++    sph.pagerduty_path = tmpdir.join(sph.pagerduty_path)
      return sph
 diff --git a/tests/unit/requirements.txt b/src/tests/unit/requirements.txt
 similarity index 100%
 rename from tests/unit/requirements.txt
 rename to src/tests/unit/requirements.txt
 diff --git a/src/tests/unit/test_actions.py b/src/tests/unit/test_actions.py
 new file mode 100644
 index 0000000..fd0758a
 --- /dev/null
 +++ b/src/tests/unit/test_actions.py
@@ -0,0 +1,23 @@
++"""Unit tests for charm actions."""
++
++import os
++import sys
++import unittest.mock as mock
++
++action_path = os.path.join(os.path.dirname(__file__), "..", "..", "actions")
++sys.path.append(action_path)
++import actions  # NOQA
++
++
++@mock.patch("libsudopair.SudoPairHelper")
++@mock.patch("actions.action_set")
++@mock.patch("actions.status_set")
++@mock.patch("actions.subprocess.run")
++def test_remove_action(subprocess_run, status_set, action_set, sudo_pair_helper):
++    """Verify remove action."""
++    actions.remove()
++    msg = "Successfully removed sudo-pair config and binaries"
++    action_set.assert_called_with({"message": msg})
++    status_set.assert_called_with("active", msg)
++    sudo_pair_helper().deconfigure.assert_called()
++    subprocess_run.assert_called_with(["/usr/bin/pagerdutyevent.py", msg])
 diff --git a/src/tests/unit/test_libsudopair.py b/src/tests/unit/test_libsudopair.py
 new file mode 100644
 index 0000000..8d730ad
 --- /dev/null
 +++ b/src/tests/unit/test_libsudopair.py
@@ -0,0 +1,206 @@
++"""Sudopair lib unit tests."""
++
++import filecmp
++import grp
++import os
++
++from libsudopair import check_valid_group, group_id
++
++
++def test_check_valid_group():
++    """Check an unix group is valid."""
++    assert not check_valid_group("fake_group")
++    assert check_valid_group(grp.getgrgid(os.getgid()).gr_name)
++
++
++def test_group_id():
++    """Verify group_id() is correct."""
++    assert group_id(grp.getgrgid(os.getgid()).gr_name) == os.getgid()
++
++
++class TestSudoPairHelper:
++    """Module to test SudoPairHelper lib."""
++
++    def test_pytest(self):
++        """Assert testing is carryied using pytest."""
++        assert True
++
++    def test_sph(self, sph):
++        """See if the sph fixture works to load charm configs."""
++        assert isinstance(sph.charm_config, dict)
++
++    def test_get_config(self, sph):
++        """Check if config contains all the required entries."""
++        default_keywords = [
++            "binary_path",
++            "user_prompt_path",
++            "pair_prompt_path",
++            "socket_dir",
++            "gids_enforced",
++            "gids_exempted",
++        ]
++        config = sph.get_config()
++        for option in default_keywords:
++            assert option in config
++
++    def test_set_charm_config(self, sph):
++        """Set new config."""
++        charm_config = {
++            "groups_enforced": "root",
++            "groups_exempted": "",
++            "bypass_cmds": "",
++            "bypass_group": "",
++            "auto_approve": True,
++        }
++
++        sph.set_charm_config(charm_config)
++
++        for option in charm_config:
++            assert option in sph.get_config()
++            assert sph.get_config()[option] == charm_config[option]
++
++    def test_render_sudo_conf(self, sph, tmpdir):
++        """Check that sudo.conf is rendered correctly."""
++        # Default config
++        content = sph.render_sudo_conf()
++        expected_content = (
++            "Plugin sudo_pair sudo_pair.so binary_path={} "
++            "user_prompt_path={} "
++            "pair_prompt_path={} socket_dir={} gids_enforced={}".format(
++                tmpdir.join("/usr/bin/sudo_approve"),
++                tmpdir.join("/etc/sudo_pair.prompt.user"),
++                tmpdir.join("/etc/sudo_pair.prompt.pair"),
++                tmpdir.join("/var/run/sudo_pair"),
++                "0",
++            )
++        )
++        assert expected_content in content
++
++        # Gid exempted
++        groups_exempted = grp.getgrgid(os.getgid()).gr_name
++        charm_config = {
++            "groups_enforced": "root",
++            "groups_exempted": groups_exempted,
++            "bypass_cmds": "",
++            "bypass_group": "",
++            "auto_approve": True,
++        }
++
++        sph.set_charm_config(charm_config)
++        expected_content = (
++            "Plugin sudo_pair sudo_pair.so binary_path={} user_prompt_path={} "
++            "pair_prompt_path={} socket_dir={} gids_enforced={} "
++            "gids_exempted={}".format(
++                tmpdir.join("/usr/bin/sudo_approve"),
++                tmpdir.join("/etc/sudo_pair.prompt.user"),
++                tmpdir.join("/etc/sudo_pair.prompt.pair"),
++                tmpdir.join("/var/run/sudo_pair"),
++                "0",
++                os.getgid(),
++            )
++        )
++
++        content = sph.render_sudo_conf()
++        assert expected_content in content
++
++        # Groups enforced
++        groups_enforced = "root," + grp.getgrgid(os.getgid()).gr_name
++        charm_config = {
++            "groups_enforced": groups_enforced,
++            "groups_exempted": "",
++            "bypass_cmds": "",
++            "bypass_group": "",
++            "auto_approve": True,
++        }
++        sph.set_charm_config(charm_config)
++        expected_content = (
++            "Plugin sudo_pair sudo_pair.so binary_path={} user_prompt_path={} "
++            "pair_prompt_path={} socket_dir={} gids_enforced={}".format(
++                tmpdir.join("/usr/bin/sudo_approve"),
++                tmpdir.join("/etc/sudo_pair.prompt.user"),
++                tmpdir.join("/etc/sudo_pair.prompt.pair"),
++                tmpdir.join("/var/run/sudo_pair"),
++                "0,{}".format(os.getgid()),
++            )
++        )
++        content = sph.render_sudo_conf()
++        assert expected_content in content
++
++    def test_render_bypass_cmds(self, sph):
++        """Check that sudoers file is rendered correctly."""
++        # Root bypass /bin/ls
++        expected_content = "%root ALL = (ALL) NOLOG_OUTPUT: /bin/ls"
++        charm_config = {
++            "groups_enforced": "root",
++            "groups_exempted": "",
++            "bypass_cmds": "/bin/ls",
++            "bypass_group": "root",
++            "auto_approve": True,
++        }
++        sph.set_charm_config(charm_config)
++        content = sph.render_bypass_cmds()
++        assert expected_content in content
++
++    def test_render_sudo_approve(self, sph, tmpdir):
++        """Check that sudo_approve file is rendered correctly."""
++        # Auto Approve true
++        expected_content = "logger -p auth.warn $log_line"
++        socket_dir = tmpdir.join("/var/run/sudo_pair")
++        expected_content_socket_dir = 'declare -r SUDO_SOCKET_PATH="{}"'.format(
++            socket_dir
++        )
++        content = sph.render_sudo_approve()
++        assert expected_content in content
++        assert expected_content_socket_dir in content
++
++        # Auto Approve false
++        expected_content = 'echo "You can\'t approve your own session."'
++        charm_config = {
++            "groups_enforced": "root",
++            "groups_exempted": "",
++            "bypass_cmds": "/bin/ls",
++            "bypass_group": "root",
++            "auto_approve": False,
++        }
++        sph.set_charm_config(charm_config)
++        content = sph.render_sudo_approve()
++        assert expected_content in content
++
++    def test_create_socket_dir(self, sph, tmpdir):
++        """Check that sudo_pair socket dir exists."""
++        sph.create_socket_dir()
++        assert os.path.exists(tmpdir.join("/var/run/sudo_pair"))
++
++    def test_create_tmpfiles_conf(self, sph, tmpdir):
++        """Check that sudo pair temporary conf is rendered correctly."""
++        sph.create_tmpfiles_conf()
++        expected_content = "d {} 0755 - - -\n".format(sph.socket_dir)
++        with open(tmpdir.join("/usr/lib/tmpfiles.d/sudo_pair.conf")) as f:
++            content = f.read()
++        assert expected_content in content
++
++    def test_install_sudo_pair_so(self, sph, tmpdir):
++        """Check that sudo system lib exists."""
++        sph.install_sudo_pair_so()
++        assert filecmp.cmp(
++            "./files/sudo_pair.so", tmpdir.join("/usr/lib/sudo/sudo_pair.so")
++        )
++
++    def test_copy_user_prompt(self, sph, tmpdir):
++        """Check that user prompt exists."""
++        sph.copy_user_prompt()
++        assert filecmp.cmp(
++            "./files/sudo.prompt.user", tmpdir.join("/etc/sudo_pair.prompt.user")
++        )
++
++    def test_copy_pair_prompt(self, sph, tmpdir):
++        """Check that pair prompt exists."""
++        sph.copy_pair_prompt()
++        assert filecmp.cmp(
++            "./files/sudo.prompt.pair", tmpdir.join("/etc/sudo_pair.prompt.pair")
++        )
++
++    def test_copy_sudoers(self, sph, tmpdir):
++        """Check that sudoers file exists."""
++        sph.copy_sudoers()
++        assert filecmp.cmp("./files/sudoers", tmpdir.join("/etc/sudoers"))
 diff --git a/tox.ini b/src/tox.ini
 similarity index 66%
 rename from tox.ini
 rename to src/tox.ini
 index fc364de..2900ead 100644
 --- a/tox.ini
 +++ b/src/tox.ini
@@ -1,40 +1,33 @@
  [tox]
  skipsdist=True
--envlist = unit, functional
  skip_missing_interpreters = True
++envlist = lint, unit, func
  [testenv]
  basepython = python3
  setenv =
--  PYTHONPATH = .
--
--[testenv:unit]
--commands = pytest -v --ignore {toxinidir}/tests/functional \
--	   --cov=lib \
--	   --cov=reactive \
--	   --cov=actions \
--	   --cov-report=term \
--	   --cov-report=annotate:report/annotated \
--	   --cov-report=html:report/html
--deps = -r{toxinidir}/tests/unit/requirements.txt
--
--setenv = PYTHONPATH={toxinidir}/lib
--
--[testenv:functional]
++  PYTHONPATH = {toxinidir}:{toxinidir}/lib/:{toxinidir}/hooks/
  passenv =
    HOME
--  CHARM_BUILD_DIR
    PATH
++  CHARM_BUILD_DIR
    PYTEST_KEEP_MODEL
    PYTEST_CLOUD_NAME
    PYTEST_CLOUD_REGION
--commands = pytest -v --ignore {toxinidir}/tests/unit
--deps = -r{toxinidir}/tests/functional/requirements.txt
--
++  PYTEST_MODEL
++  MODEL_SETTINGS
++  HTTP_PROXY
++  HTTPS_PROXY
++  NO_PROXY
++  SNAP_HTTP_PROXY
++  SNAP_HTTPS_PROXY
  [testenv:lint]
--commands = flake8
++commands =
++    flake8
++    black --check --exclude "/(\.eggs|\.git|\.tox|\.venv|\.build|dist|charmhelpers|mod)/" .
  deps =
++    black
      flake8
      flake8-docstrings
      flake8-import-order
@@ -42,10 +35,36 @@ deps =
      flake8-colors
  [flake8]
--ignore = D100,D103  # Missing docstring in public module/function
  exclude =
      .git,
      __pycache__,
      .tox,
--max-line-length = 120
++    charmhelpers,
++    mod,
++    .build
++
++max-line-length = 88
  max-complexity = 10
++
++[testenv:black]
++commands =
++    black --exclude "/(\.eggs|\.git|\.tox|\.venv|\.build|dist|charmhelpers|mod)/" .
++deps =
++    black
++
++[testenv:unit]
++commands =
++  pytest -v --ignore {toxinidir}/tests/functional \
++           --cov=lib \
++           --cov=reactive \
++           --cov=actions \
++           --cov=hooks \
++           --cov=src \
++           --cov-report=term \
++           --cov-report=annotate:report/annotated \
++           --cov-report=html:report/html
++deps = -r{toxinidir}/tests/unit/requirements.txt
++
++[testenv:func]
++commands = pytest -v --ignore {toxinidir}/tests/unit
++deps = -r{toxinidir}/tests/functional/requirements.txt
 diff --git a/tests/unit/test_libsudopair.py b/tests/unit/test_libsudopair.py
 deleted file mode 100644
 index 3a598af..0000000
 --- a/tests/unit/test_libsudopair.py
 +++ /dev/null
@@ -1,185 +0,0 @@
--import filecmp
--import grp
--import os
--
--from libsudopair import (
--    check_valid_group,
--    group_id
--)
--
--
--def test_check_valid_group():
--    assert not check_valid_group('fake_group')
--    assert check_valid_group(grp.getgrgid(os.getgid()).gr_name)
--
--
--def test_group_id():
--    assert group_id(grp.getgrgid(os.getgid()).gr_name) == os.getgid()
--
--
--class TestSudoPairHelper():
--    """Module to test SudoPairHelper lib."""
--
--    def test_pytest(self):
--        """Assert testing is carryied using pytest."""
--        assert True
--
--    def test_sph(self, sph):
--        """See if the sph fixture works to load charm configs."""
--        assert isinstance(sph.charm_config, dict)
--
--    def test_get_config(self, sph):
--        """Check if config contains all the required entries."""
--        default_keywords = [
--            'binary_path',
--            'user_prompt_path',
--            'pair_prompt_path',
--            'socket_dir',
--            'gids_enforced',
--            'gids_exempted',
--        ]
--        config = sph.get_config()
--        for option in default_keywords:
--            assert option in config
--
--    def test_set_charm_config(self, sph):
--        """Set new config."""
--        charm_config = {
--            'groups_enforced': 'root',
--            'groups_exempted': '',
--            'bypass_cmds': '',
--            'bypass_group': '',
--            'auto_approve': True
--        }
--
--        sph.set_charm_config(charm_config)
--
--        for option in charm_config:
--            assert option in sph.get_config()
--            assert sph.get_config()[option] == charm_config[option]
--
--    def test_render_sudo_conf(self, sph, tmpdir):
--        """Check that sudo.conf is rendered correctly."""
--        # Default config
--        content = sph.render_sudo_conf()
--        expected_content = 'Plugin sudo_pair sudo_pair.so binary_path={} ' \
--                           'user_prompt_path={} ' \
--                           'pair_prompt_path={} socket_dir={} gids_enforced={}'.format(
--                               tmpdir.join('/usr/bin/sudo_approve'),
--                               tmpdir.join('/etc/sudo_pair.prompt.user'),
--                               tmpdir.join('/etc/sudo_pair.prompt.pair'),
--                               tmpdir.join('/var/run/sudo_pair'),
--                               '0')
--        assert expected_content in content
--
--        # Gid exempted
--        groups_exempted = grp.getgrgid(os.getgid()).gr_name
--        charm_config = {
--            'groups_enforced': 'root',
--            'groups_exempted': groups_exempted,
--            'bypass_cmds': '',
--            'bypass_group': '',
--            'auto_approve': True
--        }
--
--        sph.set_charm_config(charm_config)
--        expected_content = \
--            'Plugin sudo_pair sudo_pair.so binary_path={} user_prompt_path={} ' \
--            'pair_prompt_path={} socket_dir={} gids_enforced={} gids_exempted={}'.format(
--                tmpdir.join('/usr/bin/sudo_approve'),
--                tmpdir.join('/etc/sudo_pair.prompt.user'),
--                tmpdir.join('/etc/sudo_pair.prompt.pair'),
--                tmpdir.join('/var/run/sudo_pair'), '0', os.getgid())
--
--        content = sph.render_sudo_conf()
--        assert expected_content in content
--
--        # Groups enforced
--        groups_enforced = 'root,' + grp.getgrgid(os.getgid()).gr_name
--        charm_config = {
--            'groups_enforced': groups_enforced,
--            'groups_exempted': '',
--            'bypass_cmds': '',
--            'bypass_group': '',
--            'auto_approve': True
--        }
--        sph.set_charm_config(charm_config)
--        expected_content = 'Plugin sudo_pair sudo_pair.so binary_path={} user_prompt_path={} ' \
--                           'pair_prompt_path={} socket_dir={} gids_enforced={}'.format(
--                               tmpdir.join('/usr/bin/sudo_approve'),
--                               tmpdir.join('/etc/sudo_pair.prompt.user'),
--                               tmpdir.join('/etc/sudo_pair.prompt.pair'),
--                               tmpdir.join('/var/run/sudo_pair'), '0,{}'.format(os.getgid()))
--        content = sph.render_sudo_conf()
--        assert expected_content in content
--
--    def test_render_bypass_cmds(self, sph):
--        """Check that sudoers file is rendered correctly."""
--        # Root bypass /bin/ls
--        expected_content = '%root ALL = (ALL) NOLOG_OUTPUT: /bin/ls'
--        charm_config = {
--            'groups_enforced': 'root',
--            'groups_exempted': '',
--            'bypass_cmds': '/bin/ls',
--            'bypass_group': 'root',
--            'auto_approve': True
--        }
--        sph.set_charm_config(charm_config)
--        content = sph.render_bypass_cmds()
--        assert expected_content in content
--
--    def test_render_sudo_approve(self, sph, tmpdir):
--        """Check that sudo_approve file is rendered correctly."""
--        # Auto Approve true
--        expected_content = 'echo ${log_line} >> /var/log/sudo_pair.log'
--        socket_dir = tmpdir.join('/var/run/sudo_pair')
--        expected_content_socket_dir = 'declare -r SUDO_SOCKET_PATH="{}"'.format(socket_dir)
--        content = sph.render_sudo_approve()
--        assert expected_content in content
--        assert expected_content_socket_dir in content
--
--        # Auto Approve false
--        expected_content = 'echo "You can\'t approve your own session."'
--        charm_config = {
--            'groups_enforced': 'root',
--            'groups_exempted': '',
--            'bypass_cmds': '/bin/ls',
--            'bypass_group': 'root',
--            'auto_approve': False
--        }
--        sph.set_charm_config(charm_config)
--        content = sph.render_sudo_approve()
--        assert expected_content in content
--
--    def test_create_socket_dir(self, sph, tmpdir):
--        """Check that sudo_pair socket dir exists."""
--        sph.create_socket_dir()
--        assert os.path.exists(tmpdir.join('/var/run/sudo_pair'))
--
--    def test_create_tmpfiles_conf(self, sph, tmpdir):
--        """Check that sudo pair temporary conf is rendered correctly."""
--        sph.create_tmpfiles_conf()
--        expected_content = 'd {} 0755 - - -\n'.format(sph.socket_dir)
--        with open(tmpdir.join('/usr/lib/tmpfiles.d/sudo_pair.conf')) as f:
--            content = f.read()
--        assert expected_content in content
--
--    def test_install_sudo_pair_so(self, sph, tmpdir):
--        """Check that sudo system lib exists."""
--        sph.install_sudo_pair_so()
--        assert filecmp.cmp('./files/sudo_pair.so', tmpdir.join('/usr/lib/sudo/sudo_pair.so'))
--
--    def test_copy_user_prompt(self, sph, tmpdir):
--        """Check that user prompt exists."""
--        sph.copy_user_prompt()
--        assert filecmp.cmp('./files/sudo.prompt.user', tmpdir.join('/etc/sudo_pair.prompt.user'))
--
--    def test_copy_pair_prompt(self, sph, tmpdir):
--        """Check that pair prompt exists."""
--        sph.copy_pair_prompt()
--        assert filecmp.cmp('./files/sudo.prompt.pair', tmpdir.join('/etc/sudo_pair.prompt.pair'))
--
--    def test_copy_sudoers(self, sph, tmpdir):
--        """Check that sudoers file exists."""
--        sph.copy_sudoers()
--        assert filecmp.cmp('./files/sudoers', tmpdir.join('/etc/sudoers'))

Sudo_pair Charm

Merge ~peter-sabaini/charm-sudo-pair:feature/add-pd-logging into ~sudo-pair-charmers/charm-sudo-pair:master

Commit message

Description of the change

Unmerged commits

Preview Diff

Subscribers