Simon Ruderich [Sun, 9 May 2021 10:15:58 +0000 (12:15 +0200)]
sync: tests: use strict perm for os.WriteFile() in CreateFile()
This parameter is modified by the umask. The proper permissions are set
by os.Chmod() afterwards. Don't confuse the reader by using a value
which is not relevant.
Simon Ruderich [Sun, 9 May 2021 09:36:44 +0000 (11:36 +0200)]
safcm: strip invalid characters from detected os/arch groups
Handle them like any other detected group because the remote can send
invalid values. The current code can handle arbitrary group names just
fine but it's better to treat all untrusted input the same.
Simon Ruderich [Wed, 28 Apr 2021 10:26:18 +0000 (12:26 +0200)]
sync: run most tests which modify the host only in CI
This is especially important in case the user executes the tests as root
(no recommended but not prevented either). Permissions on paths like /
or /tmp which differ from those expected by the test could otherwise be
modified by the tests.
However, the end-to-end SSH tests which write /tmp/safcm-remote-$uid
(but no other paths) are still run so we get proper coverage of basic
features.
Simon Ruderich [Wed, 28 Apr 2021 05:57:52 +0000 (07:57 +0200)]
sync: remove duplicate "priority" from group priority log message
Now that the configuration option is called "group_priority" we can
remove the second "priority" and spell out "descending" (takes less
space than before).
Simon Ruderich [Wed, 28 Apr 2021 05:32:37 +0000 (07:32 +0200)]
safcm: group_order: higher priority for listed groups over remaining groups
The priority for all groups listed in `group_order` was properly
respected: Early entries had the highest priority. However, groups which
were not listed in `group_order` had a higher priority and overwrote
files from all groups configured in `group_order`.
The priority is now as expected (from high to low): host itself, groups
in group_order (from high to low), remaining groups.
Simon Ruderich [Sun, 25 Apr 2021 07:57:37 +0000 (09:57 +0200)]
changes: display "no changes" when nothing was changed
It's confusing to show nothing at all when no changes occur on a host.
To inform the user that the sync was successful but nothing changed
display a short message.
Simon Ruderich [Sat, 10 Apr 2021 18:16:06 +0000 (20:16 +0200)]
changes: hide commands if quiet and dry-run is active
The goal of quiet is to get a quick overview what is happening or what
is going to happen (when combined with dry-run). While quiet worked fine
for non dry-run syncs it was not very helpful for dry-runs. This change
makes the output much more compact and readable with many commands and
hosts.
Simon Ruderich [Tue, 6 Apr 2021 09:44:47 +0000 (11:44 +0200)]
remote: add "sync" sub-command to perform changes
Performing the changes when no command line arguments were given became
problematic in ddd21f0 (remote: add ainsl sub-command ("append if no
such line"), 2021-04-04). With "ainsl" as sub-command a user might be
tempted to run the helper manually to test it. But running it without
any arguments causes it to hang (waiting for commands from stdin) which
is confusing. Instead, use the new separate "sync" sub-command to
perform the changes and abort when no sub-command is given.
Simon Ruderich [Mon, 5 Apr 2021 08:36:02 +0000 (10:36 +0200)]
tests: use subtests
This removes the need to print the name of the test in each t.Errorf()
call which reduces unnecessary code. It also permits skipping tests
which will be used in the future.
Simon Ruderich [Sun, 4 Apr 2021 21:35:50 +0000 (23:35 +0200)]
remote: add ainsl sub-command ("append if no such line")
It is preferred to deploy complete files by putting them in the files/
directory of a group. However, sometimes this is not possible because
parts of the file's content are unknown or managed by other programs or
users. An example is .ssh/authorized_keys which should contain certain
keys but which is also managed manually. `ainsl` permits adding a key to
the file without rewriting it completely.
`ainsl` can be used by specifying the following command:
$SAFCM_HELPER ainsl /path/to/file line-to-add
Per default non-existent files are an error. To create the file if
necessary use: