From 7587f37c59d689945b2060e8c79f4b0244979ef2 Mon Sep 17 00:00:00 2001
From: Arvindsrinivasan Lakshmi Narasimhan <arlakshm@microsoft.com>
Date: Fri, 19 Feb 2021 19:53:35 +0000
Subject: [PATCH 1/2] add 'ipintutil' , 'show ip interface' and other commonly
 used sonic cli commands

Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <arlakshm@microsoft.com>
---
 tests/tacacs/test_ro_user.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/tests/tacacs/test_ro_user.py b/tests/tacacs/test_ro_user.py
index 3270ad1a71c..67c6dd8324c 100644
--- a/tests/tacacs/test_ro_user.py
+++ b/tests/tacacs/test_ro_user.py
@@ -80,10 +80,16 @@ def test_ro_user_allowed_command(localhost, duthosts, rand_one_dut_hostname, cre
             # 'sudo psuutil *',
             # 'sudo sfputil show *',
             'sudo ip netns identify 1',
+            'sudo ipintutil'
     ]
         # Run as readonly use the commands allowed indirectly based on sudoers file
     commands_indirect = [
             'show version',
+            'show interface status',
+            'show interface portchannel',
+            'show ip bgp summary',
+            'show ip interface',
+            'show lldp table'
     ]
 
     for command in commands_direct + commands_indirect:
@@ -105,6 +111,8 @@ def test_ro_user_banned_command(localhost, duthosts, rand_one_dut_hostname, cred
     # Run as readonly use the commands allowed by sudoers file
     commands = [
             'sudo shutdown',
+            # all commands under the config tree
+            'sudo config'
     ]
 
     for command in commands:

From d8bf60efc6758dff0dc76e0ca31ce3e1a17b86c6 Mon Sep 17 00:00:00 2001
From: Arvindsrinivasan Lakshmi Narasimhan <arlakshm@microsoft.com>
Date: Mon, 22 Feb 2021 22:38:18 +0000
Subject: [PATCH 2/2] add more positive cases

Signed-off-by: Arvindsrinivasan Lakshmi Narasimhan <arlakshm@microsoft.com>
---
 tests/tacacs/test_ro_user.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/tests/tacacs/test_ro_user.py b/tests/tacacs/test_ro_user.py
index 67c6dd8324c..abffbbdd4ed 100644
--- a/tests/tacacs/test_ro_user.py
+++ b/tests/tacacs/test_ro_user.py
@@ -80,7 +80,10 @@ def test_ro_user_allowed_command(localhost, duthosts, rand_one_dut_hostname, cre
             # 'sudo psuutil *',
             # 'sudo sfputil show *',
             'sudo ip netns identify 1',
-            'sudo ipintutil'
+            'sudo ipintutil',
+            'sudo ipintutil -a ipv6',
+            'sudo ipintutil -n asic0 -d all',
+            'sudo ipintutil -n asic0 -d all -a ipv6'
     ]
         # Run as readonly use the commands allowed indirectly based on sudoers file
     commands_indirect = [
@@ -89,6 +92,7 @@ def test_ro_user_allowed_command(localhost, duthosts, rand_one_dut_hostname, cre
             'show interface portchannel',
             'show ip bgp summary',
             'show ip interface',
+            'show ipv6 interface',
             'show lldp table'
     ]