]> ruderich.org/simon Gitweb - safcm/safcm.git/blob - cmd/safcm/config/permissions_test.go
98b82b6ba877d0aaae02959384404a4f863815a6
[safcm/safcm.git] / cmd / safcm / config / permissions_test.go
1 // Copyright (C) 2021  Simon Ruderich
2 //
3 // This program is free software: you can redistribute it and/or modify
4 // it under the terms of the GNU General Public License as published by
5 // the Free Software Foundation, either version 3 of the License, or
6 // (at your option) any later version.
7 //
8 // This program is distributed in the hope that it will be useful,
9 // but WITHOUT ANY WARRANTY; without even the implied warranty of
10 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
11 // GNU General Public License for more details.
12 //
13 // You should have received a copy of the GNU General Public License
14 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
15
16 package config
17
18 import (
19         "fmt"
20         "io/fs"
21         "os"
22         "testing"
23
24         "ruderich.org/simon/safcm"
25         "ruderich.org/simon/safcm/testutil"
26 )
27
28 func TestLoadPermissions(t *testing.T) {
29         cwd, err := os.Getwd()
30         if err != nil {
31                 t.Fatal(err)
32         }
33         defer os.Chdir(cwd)
34
35         err = os.Chdir("../testdata/project")
36         if err != nil {
37                 t.Fatal(err)
38         }
39
40         tests := []struct {
41                 group  string
42                 exp    map[string]*safcm.File
43                 expErr error
44         }{
45
46                 {
47                         "empty",
48                         nil,
49                         nil,
50                 },
51
52                 {
53                         "group",
54                         map[string]*safcm.File{
55                                 "/": {
56                                         Path: "/",
57                                         Mode: fs.ModeDir | 0755 | fs.ModeSetgid,
58                                         Uid:  -1,
59                                         Gid:  -1,
60                                 },
61                                 "/etc": {
62                                         Path: "/etc",
63                                         Mode: fs.ModeDir | 0755,
64                                         Uid:  -1,
65                                         Gid:  -1,
66                                 },
67                                 "/etc/.hidden": {
68                                         Path: "/etc/.hidden",
69                                         Mode: 0100 | fs.ModeSetuid | fs.ModeSetgid | fs.ModeSticky,
70                                         Uid:  -1,
71                                         Gid:  -1,
72                                         Data: []byte("..."),
73                                 },
74                                 "/etc/motd": {
75                                         Path: "/etc/motd",
76                                         Mode: 0644,
77                                         Uid:  -1,
78                                         Gid:  -1,
79                                         Data: []byte(`Welcome to
80 {{- if .IsHost "host1.example.org"}} Host ONE
81 {{- else if "host2"}} Host TWO
82 {{- end}}
83
84 {{if .InGroup "detected_linux"}}
85 This is GNU/Linux host
86 {{end}}
87 {{if .InGroup "detected_freebsd"}}
88 This is FreeBSD host
89 {{end}}
90 `),
91                                 },
92                                 "/etc/rc.local": {
93                                         Path: "/etc/rc.local",
94                                         Mode: 0700,
95                                         Uid:  -1,
96                                         Gid:  -1,
97                                         Data: []byte("#!/bin/sh\n"),
98                                 },
99                                 "/etc/resolv.conf": {
100                                         Path:  "/etc/resolv.conf",
101                                         Mode:  0641,
102                                         User:  "user",
103                                         Uid:   -1,
104                                         Group: "group",
105                                         Gid:   -1,
106                                         Data:  []byte("nameserver ::1\n"),
107                                 },
108                                 "/etc/test": {
109                                         Path: "/etc/test",
110                                         Mode: fs.ModeSymlink | 0777,
111                                         Uid:  -1,
112                                         Gid:  -1,
113                                         Data: []byte("doesnt-exist"),
114                                 },
115                         },
116                         nil,
117                 },
118
119                 {
120                         "permissions-invalid-execute",
121                         map[string]*safcm.File{
122                                 "/": {
123                                         Path: "/",
124                                         Mode: fs.ModeDir | 0755,
125                                         Uid:  -1,
126                                         Gid:  -1,
127                                 },
128                                 "/etc": {
129                                         Path: "/etc",
130                                         Mode: fs.ModeDir | 0755,
131                                         Uid:  -1,
132                                         Gid:  -1,
133                                 },
134                                 "/etc/rc.local": {
135                                         Path: "/etc/rc.local",
136                                         Mode: 0755,
137                                         Uid:  -1,
138                                         Gid:  -1,
139                                         Data: []byte("#!/bin/sh\n"),
140                                 },
141                         },
142                         fmt.Errorf("permissions-invalid-execute/permissions.yaml: \"/etc/rc.local\": trying to remove +x from file, manually chmod -x in files/"),
143                 },
144                 {
145                         "permissions-invalid-line",
146                         map[string]*safcm.File{
147                                 "/": {
148                                         Path: "/",
149                                         Mode: fs.ModeDir | 0755,
150                                         Uid:  -1,
151                                         Gid:  -1,
152                                 },
153                                 "/etc": {
154                                         Path: "/etc",
155                                         Mode: fs.ModeDir | 0755,
156                                         Uid:  -1,
157                                         Gid:  -1,
158                                 },
159                                 "/etc/resolv.conf": {
160                                         Path: "/etc/resolv.conf",
161                                         Mode: 0644,
162                                         Uid:  -1,
163                                         Gid:  -1,
164                                         Data: []byte("nameserver ::1\n"),
165                                 },
166                         },
167                         fmt.Errorf("permissions-invalid-line/permissions.yaml: invalid line \"invalid line\" (expected <perm> [<user> <group>])"),
168                 },
169                 {
170                         "permissions-invalid-path",
171                         nil,
172                         fmt.Errorf("permissions-invalid-path/permissions.yaml: \"/does/not/exist\" does not exist in files/"),
173                 },
174                 {
175                         "permissions-invalid-permission",
176                         map[string]*safcm.File{
177                                 "/": {
178                                         Path: "/",
179                                         Mode: fs.ModeDir | 0755,
180                                         Uid:  -1,
181                                         Gid:  -1,
182                                 },
183                                 "/etc": {
184                                         Path: "/etc",
185                                         Mode: fs.ModeDir | 0755,
186                                         Uid:  -1,
187                                         Gid:  -1,
188                                 },
189                                 "/etc/resolv.conf": {
190                                         Path: "/etc/resolv.conf",
191                                         Mode: 0644,
192                                         Uid:  -1,
193                                         Gid:  -1,
194                                         Data: []byte("nameserver ::1\n"),
195                                 },
196                         },
197                         fmt.Errorf("permissions-invalid-permission/permissions.yaml: invalid permission \"u=rwg=r\" (expected e.g. \"0644\" or \"01777\")"),
198                 },
199                 {
200                         "permissions-invalid-permission-int",
201                         map[string]*safcm.File{
202                                 "/": {
203                                         Path: "/",
204                                         Mode: fs.ModeDir | 0755,
205                                         Uid:  -1,
206                                         Gid:  -1,
207                                 },
208                                 "/etc": {
209                                         Path: "/etc",
210                                         Mode: fs.ModeDir | 0755,
211                                         Uid:  -1,
212                                         Gid:  -1,
213                                 },
214                                 "/etc/resolv.conf": {
215                                         Path: "/etc/resolv.conf",
216                                         Mode: 0644,
217                                         Uid:  -1,
218                                         Gid:  -1,
219                                         Data: []byte("nameserver ::1\n"),
220                                 },
221                         },
222                         fmt.Errorf("permissions-invalid-permission-int/permissions.yaml: invalid permission 066066 (expected e.g. 0644 or 01777)"),
223                 },
224         }
225
226         for _, tc := range tests {
227                 t.Run(tc.group, func(t *testing.T) {
228                         // Use LoadFiles() so we work on real data and don't
229                         // make any mistakes generating it
230                         files, err := LoadFiles(tc.group)
231                         if err != nil {
232                                 t.Fatalf("err = %#v, want nil", err)
233                         }
234                         err = LoadPermissions(tc.group, files)
235
236                         testutil.AssertEqual(t, "res", files, tc.exp)
237                         testutil.AssertErrorEqual(t, "err", err, tc.expErr)
238                 })
239         }
240 }