X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=cmd%2Fsafcm%2Fconfig%2Ffiles_test.go;fp=cmd%2Fsafcm%2Fconfig%2Ffiles_test.go;h=398394c8f43d3fc0c28027500e4605db9f2625ee;hb=f2f2bc47e8729548f3c10117f7f008b547c4afc5;hp=0000000000000000000000000000000000000000;hpb=dc0d431a778a50e6732b9eb91384a07a207b772d;p=safcm%2Fsafcm.git diff --git a/cmd/safcm/config/files_test.go b/cmd/safcm/config/files_test.go new file mode 100644 index 0000000..398394c --- /dev/null +++ b/cmd/safcm/config/files_test.go @@ -0,0 +1,203 @@ +// Copyright (C) 2021 Simon Ruderich +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package config + +import ( + "fmt" + "io/fs" + "os" + "reflect" + "syscall" + "testing" + + "github.com/google/go-cmp/cmp" + + "ruderich.org/simon/safcm" +) + +func chmod(name string, perm int) { + err := os.Chmod(name, FullPermToFileMode(perm)) + if err != nil { + panic(err) + } +} + +func TestLoadFiles(t *testing.T) { + cwd, err := os.Getwd() + if err != nil { + t.Fatal(err) + } + defer os.Chdir(cwd) + + err = os.Chdir("../testdata/project") + if err != nil { + t.Fatal(err) + } + + chmod("files-invalid-perm-dir/files", 0500) + defer chmod("files-invalid-perm-dir/files", 0700) + chmod("files-invalid-perm-dir/files/etc/", 0755) + chmod("files-invalid-perm-dir/files/etc/resolv.conf", 0644) + chmod("files-invalid-perm-dir-setgid/files", 0755) + chmod("files-invalid-perm-dir-setgid/files/etc/", 02755) + chmod("files-invalid-perm-dir-setgid/files/etc/resolv.conf", 0644) + chmod("files-invalid-perm-file/files", 0755) + chmod("files-invalid-perm-file/files/etc/", 0755) + chmod("files-invalid-perm-file/files/etc/resolv.conf", 0600) + chmod("files-invalid-perm-file-executable/files", 0755) + chmod("files-invalid-perm-file-executable/files/etc", 0755) + chmod("files-invalid-perm-file-executable/files/etc/rc.local", 0750) + chmod("files-invalid-perm-file-sticky/files", 0755) + chmod("files-invalid-perm-file-sticky/files/etc", 0755) + chmod("files-invalid-perm-file-sticky/files/etc/resolv.conf", 01644) + + err = syscall.Mkfifo("files-invalid-type/files/invalid", 0644) + if err != nil { + t.Fatal(err) + } + defer os.Remove("files-invalid-type/files/invalid") + + const errMsg = ` +The actual permissions and user/group of files and directories are not used +(except for +x on files). 0644/0755 and current remote user/group is used per +default. Apply different file permissions via permissions.yaml. To prevent +confusion files must be manually chmodded 0644/0755 and directories 0755 or +via "safcm fixperms". +` + + tests := []struct { + group string + exp map[string]*safcm.File + expErr error + }{ + + { + "empty", + nil, + nil, + }, + + { + "group", + map[string]*safcm.File{ + "/": { + Path: "/", + Mode: fs.ModeDir | 0755, + Uid: -1, + Gid: -1, + }, + "/etc": { + Path: "/etc", + Mode: fs.ModeDir | 0755, + Uid: -1, + Gid: -1, + }, + "/etc/.hidden": { + Path: "/etc/.hidden", + Mode: 0644, + Uid: -1, + Gid: -1, + Data: []byte("..."), + }, + "/etc/motd": { + Path: "/etc/motd", + Mode: 0644, + Uid: -1, + Gid: -1, + Data: []byte(`Welcome to +{{- if .IsHost "host1.example.org"}} Host ONE +{{- else if "host2"}} Host TWO +{{- end}} + +{{if .InGroup "detected_linux"}} +This is GNU/Linux host +{{end}} +{{if .InGroup "detected_freebsd"}} +This is FreeBSD host +{{end}} +`), + }, + "/etc/rc.local": { + Path: "/etc/rc.local", + Mode: 0755, + Uid: -1, + Gid: -1, + Data: []byte("#!/bin/sh\n"), + }, + "/etc/resolv.conf": { + Path: "/etc/resolv.conf", + Mode: 0644, + Uid: -1, + Gid: -1, + Data: []byte("nameserver ::1\n"), + }, + "/etc/test": { + Path: "/etc/test", + Mode: fs.ModeSymlink | 0777, + Uid: -1, + Gid: -1, + Data: []byte("doesnt-exist"), + }, + }, + nil, + }, + + { + "files-invalid-type", + nil, + fmt.Errorf("files-invalid-type: \"files-invalid-type/files/invalid\": file type not supported"), + }, + { + "files-invalid-perm-dir", + nil, + fmt.Errorf("files-invalid-perm-dir: \"files-invalid-perm-dir/files\": invalid permissions 0500" + errMsg), + }, + { + "files-invalid-perm-dir-setgid", + nil, + fmt.Errorf("files-invalid-perm-dir-setgid: \"files-invalid-perm-dir-setgid/files/etc\": invalid permissions 02755" + errMsg), + }, + { + "files-invalid-perm-file", + nil, + fmt.Errorf("files-invalid-perm-file: \"files-invalid-perm-file/files/etc/resolv.conf\": invalid permissions 0600" + errMsg), + }, + { + "files-invalid-perm-file-executable", + nil, + fmt.Errorf("files-invalid-perm-file-executable: \"files-invalid-perm-file-executable/files/etc/rc.local\": invalid permissions 0750" + errMsg), + }, + { + "files-invalid-perm-file-sticky", + nil, + fmt.Errorf("files-invalid-perm-file-sticky: \"files-invalid-perm-file-sticky/files/etc/resolv.conf\": invalid permissions 01644" + errMsg), + }, + } + + for _, tc := range tests { + res, err := LoadFiles(tc.group) + + if !reflect.DeepEqual(tc.exp, res) { + t.Errorf("%s: res: %s", tc.group, + cmp.Diff(tc.exp, res)) + } + // Ugly but the simplest way to compare errors (including nil) + if fmt.Sprintf("%s", err) != fmt.Sprintf("%s", tc.expErr) { + t.Errorf("%s: err = %#v, want %#v", + tc.group, err, tc.expErr) + } + } +}