1 // Copyright (C) 2021 Simon Ruderich
3 // This program is free software: you can redistribute it and/or modify
4 // it under the terms of the GNU General Public License as published by
5 // the Free Software Foundation, either version 3 of the License, or
6 // (at your option) any later version.
8 // This program is distributed in the hope that it will be useful,
9 // but WITHOUT ANY WARRANTY; without even the implied warranty of
10 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 // GNU General Public License for more details.
13 // You should have received a copy of the GNU General Public License
14 // along with this program. If not, see <http://www.gnu.org/licenses/>.
25 "github.com/google/go-cmp/cmp"
27 "ruderich.org/simon/safcm"
30 func TestLoadPermissions(t *testing.T) {
31 cwd, err := os.Getwd()
37 err = os.Chdir("../testdata/project")
44 exp map[string]*safcm.File
56 map[string]*safcm.File{
59 Mode: fs.ModeDir | 0755 | fs.ModeSetgid,
65 Mode: fs.ModeDir | 0755,
71 Mode: 0100 | fs.ModeSetuid | fs.ModeSetgid | fs.ModeSticky,
81 Data: []byte(`Welcome to
82 {{- if .IsHost "host1.example.org"}} Host ONE
83 {{- else if "host2"}} Host TWO
86 {{if .InGroup "detected_linux"}}
87 This is GNU/Linux host
89 {{if .InGroup "detected_freebsd"}}
95 Path: "/etc/rc.local",
99 Data: []byte("#!/bin/sh\n"),
101 "/etc/resolv.conf": {
102 Path: "/etc/resolv.conf",
108 Data: []byte("nameserver ::1\n"),
112 Mode: fs.ModeSymlink | 0777,
115 Data: []byte("doesnt-exist"),
122 "permissions-invalid-execute",
123 map[string]*safcm.File{
126 Mode: fs.ModeDir | 0755,
132 Mode: fs.ModeDir | 0755,
137 Path: "/etc/rc.local",
141 Data: []byte("#!/bin/sh\n"),
144 fmt.Errorf("permissions-invalid-execute/permissions.yaml: \"/etc/rc.local\": trying to remove +x from file, manually chmod -x in files/"),
147 "permissions-invalid-line",
148 map[string]*safcm.File{
151 Mode: fs.ModeDir | 0755,
157 Mode: fs.ModeDir | 0755,
161 "/etc/resolv.conf": {
162 Path: "/etc/resolv.conf",
166 Data: []byte("nameserver ::1\n"),
169 fmt.Errorf("permissions-invalid-line/permissions.yaml: invalid line \"invalid line\" (expected <perm> [<user> <group>])"),
172 "permissions-invalid-path",
174 fmt.Errorf("permissions-invalid-path/permissions.yaml: \"/does/not/exist\" does not exist in files/"),
177 "permissions-invalid-permission",
178 map[string]*safcm.File{
181 Mode: fs.ModeDir | 0755,
187 Mode: fs.ModeDir | 0755,
191 "/etc/resolv.conf": {
192 Path: "/etc/resolv.conf",
196 Data: []byte("nameserver ::1\n"),
199 fmt.Errorf("permissions-invalid-permission/permissions.yaml: invalid permission \"u=rwg=r\" (expected e.g. \"0644\" or \"01777\")"),
202 "permissions-invalid-permission-int",
203 map[string]*safcm.File{
206 Mode: fs.ModeDir | 0755,
212 Mode: fs.ModeDir | 0755,
216 "/etc/resolv.conf": {
217 Path: "/etc/resolv.conf",
221 Data: []byte("nameserver ::1\n"),
224 fmt.Errorf("permissions-invalid-permission-int/permissions.yaml: invalid permission 066066 (expected e.g. 0644 or 01777)"),
228 for _, tc := range tests {
229 t.Run(tc.group, func(t *testing.T) {
230 // Use LoadFiles() so we work on real data and don't make any
231 // mistakes generating it
232 files, err := LoadFiles(tc.group)
234 t.Fatalf("err = %#v, want nil", err)
236 err = LoadPermissions(tc.group, files)
238 if !reflect.DeepEqual(tc.exp, files) {
240 cmp.Diff(tc.exp, files))
242 // Ugly but the simplest way to compare errors (including nil)
243 if fmt.Sprintf("%s", err) != fmt.Sprintf("%s", tc.expErr) {
244 t.Errorf("err = %#v, want %#v",