config: permit "all" and host group in .InGroup of templates

[safcm/safcm.git] / cmd / safcm / config / files_test.go

// Copyright (C) 2021  Simon Ruderich
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program.  If not, see <http://www.gnu.org/licenses/>.

package config

import (
        "fmt"
        "io/fs"
        "os"
        "syscall"
        "testing"

        "ruderich.org/simon/safcm"
        "ruderich.org/simon/safcm/testutil"
)

func chmod(name string, perm int) {
        err := os.Chmod(name, FullPermToFileMode(perm))
        if err != nil {
                panic(err)
        }
}

func TestLoadFiles(t *testing.T) {
        cwd, err := os.Getwd()
        if err != nil {
                t.Fatal(err)
        }
        defer os.Chdir(cwd)

        err = os.Chdir("../testdata/project")
        if err != nil {
                t.Fatal(err)
        }

        chmod("files-invalid-perm-dir/files", 0500)
        defer chmod("files-invalid-perm-dir/files", 0700)
        chmod("files-invalid-perm-dir/files/etc/", 0755)
        chmod("files-invalid-perm-dir/files/etc/resolv.conf", 0644)
        chmod("files-invalid-perm-dir-setgid/files", 0755)
        chmod("files-invalid-perm-dir-setgid/files/etc/", 02755)
        chmod("files-invalid-perm-dir-setgid/files/etc/resolv.conf", 0644)
        chmod("files-invalid-perm-file/files", 0755)
        chmod("files-invalid-perm-file/files/etc/", 0755)
        chmod("files-invalid-perm-file/files/etc/resolv.conf", 0600)
        chmod("files-invalid-perm-file-executable/files", 0755)
        chmod("files-invalid-perm-file-executable/files/etc", 0755)
        chmod("files-invalid-perm-file-executable/files/etc/rc.local", 0750)
        chmod("files-invalid-perm-file-sticky/files", 0755)
        chmod("files-invalid-perm-file-sticky/files/etc", 0755)
        chmod("files-invalid-perm-file-sticky/files/etc/resolv.conf", 01644)

        err = syscall.Mkfifo("files-invalid-type/files/invalid", 0644)
        if err != nil {
                t.Fatal(err)
        }
        defer os.Remove("files-invalid-type/files/invalid")

        const errMsg = `
The actual permissions and user/group of files and directories are not used
(except for +x on files). 0644/0755 and current remote user/group is used per
default. Apply different file permissions via permissions.yaml. To prevent
confusion files must be manually chmodded 0644/0755 and directories 0755 or
via "safcm fixperms".
`

        tests := []struct {
                group  string
                exp    map[string]*safcm.File
                expErr error
        }{

                {
                        "empty",
                        nil,
                        nil,
                },

                {
                        "group",
                        map[string]*safcm.File{
                                "/": {
                                        Path: "/",
                                        Mode: fs.ModeDir | 0755,
                                        Uid:  -1,
                                        Gid:  -1,
                                },
                                "/etc": {
                                        Path: "/etc",
                                        Mode: fs.ModeDir | 0755,
                                        Uid:  -1,
                                        Gid:  -1,
                                },
                                "/etc/.hidden": {
                                        Path: "/etc/.hidden",
                                        Mode: 0644,
                                        Uid:  -1,
                                        Gid:  -1,
                                        Data: []byte("..."),
                                },
                                "/etc/motd": {
                                        Path: "/etc/motd",
                                        Mode: 0644,
                                        Uid:  -1,
                                        Gid:  -1,
                                        Data: []byte(`Welcome to
{{- if .IsHost "host1.example.org"}} Host ONE
{{- else if "host2"}} Host TWO
{{- end}}

{{if .InGroup "detected_linux"}}
This is GNU/Linux host
{{end}}
{{if .InGroup "detected_freebsd"}}
This is FreeBSD host
{{end}}

{{if .InGroup "all"}}
all
{{end}}
{{if .InGroup "host1.example.org"}}
host1.example.org
{{end}}
{{if .InGroup "host2"}}
host2
{{end}}
{{if .InGroup "host3.example.net"}}
host3.example.net
{{end}}
`),
                                },
                                "/etc/rc.local": {
                                        Path: "/etc/rc.local",
                                        Mode: 0755,
                                        Uid:  -1,
                                        Gid:  -1,
                                        Data: []byte("#!/bin/sh\n"),
                                },
                                "/etc/resolv.conf": {
                                        Path: "/etc/resolv.conf",
                                        Mode: 0644,
                                        Uid:  -1,
                                        Gid:  -1,
                                        Data: []byte("nameserver ::1\n"),
                                },
                                "/etc/test": {
                                        Path: "/etc/test",
                                        Mode: fs.ModeSymlink | 0777,
                                        Uid:  -1,
                                        Gid:  -1,
                                        Data: []byte("doesnt-exist"),
                                },
                        },
                        nil,
                },

                {
                        "files-invalid-type",
                        nil,
                        fmt.Errorf("files-invalid-type: \"files-invalid-type/files/invalid\": file type not supported"),
                },
                {
                        "files-invalid-perm-dir",
                        nil,
                        fmt.Errorf("files-invalid-perm-dir: \"files-invalid-perm-dir/files\": invalid permissions 0500" + errMsg),
                },
                {
                        "files-invalid-perm-dir-setgid",
                        nil,
                        fmt.Errorf("files-invalid-perm-dir-setgid: \"files-invalid-perm-dir-setgid/files/etc\": invalid permissions 02755" + errMsg),
                },
                {
                        "files-invalid-perm-file",
                        nil,
                        fmt.Errorf("files-invalid-perm-file: \"files-invalid-perm-file/files/etc/resolv.conf\": invalid permissions 0600" + errMsg),
                },
                {
                        "files-invalid-perm-file-executable",
                        nil,
                        fmt.Errorf("files-invalid-perm-file-executable: \"files-invalid-perm-file-executable/files/etc/rc.local\": invalid permissions 0750" + errMsg),
                },
                {
                        "files-invalid-perm-file-sticky",
                        nil,
                        fmt.Errorf("files-invalid-perm-file-sticky: \"files-invalid-perm-file-sticky/files/etc/resolv.conf\": invalid permissions 01644" + errMsg),
                },
        }

        for _, tc := range tests {
                t.Run(tc.group, func(t *testing.T) {
                        res, err := LoadFiles(tc.group)
                        testutil.AssertEqual(t, "res", res, tc.exp)
                        testutil.AssertErrorEqual(t, "err", err, tc.expErr)
                })
        }
}