--- /dev/null
+// Copyright (C) 2021 Simon Ruderich
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+package config
+
+import (
+ "fmt"
+ "io/fs"
+ "os"
+ "reflect"
+ "syscall"
+ "testing"
+
+ "github.com/google/go-cmp/cmp"
+
+ "ruderich.org/simon/safcm"
+)
+
+func chmod(name string, perm int) {
+ err := os.Chmod(name, FullPermToFileMode(perm))
+ if err != nil {
+ panic(err)
+ }
+}
+
+func TestLoadFiles(t *testing.T) {
+ cwd, err := os.Getwd()
+ if err != nil {
+ t.Fatal(err)
+ }
+ defer os.Chdir(cwd)
+
+ err = os.Chdir("../testdata/project")
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ chmod("files-invalid-perm-dir/files", 0500)
+ defer chmod("files-invalid-perm-dir/files", 0700)
+ chmod("files-invalid-perm-dir/files/etc/", 0755)
+ chmod("files-invalid-perm-dir/files/etc/resolv.conf", 0644)
+ chmod("files-invalid-perm-dir-setgid/files", 0755)
+ chmod("files-invalid-perm-dir-setgid/files/etc/", 02755)
+ chmod("files-invalid-perm-dir-setgid/files/etc/resolv.conf", 0644)
+ chmod("files-invalid-perm-file/files", 0755)
+ chmod("files-invalid-perm-file/files/etc/", 0755)
+ chmod("files-invalid-perm-file/files/etc/resolv.conf", 0600)
+ chmod("files-invalid-perm-file-executable/files", 0755)
+ chmod("files-invalid-perm-file-executable/files/etc", 0755)
+ chmod("files-invalid-perm-file-executable/files/etc/rc.local", 0750)
+ chmod("files-invalid-perm-file-sticky/files", 0755)
+ chmod("files-invalid-perm-file-sticky/files/etc", 0755)
+ chmod("files-invalid-perm-file-sticky/files/etc/resolv.conf", 01644)
+
+ err = syscall.Mkfifo("files-invalid-type/files/invalid", 0644)
+ if err != nil {
+ t.Fatal(err)
+ }
+ defer os.Remove("files-invalid-type/files/invalid")
+
+ const errMsg = `
+The actual permissions and user/group of files and directories are not used
+(except for +x on files). 0644/0755 and current remote user/group is used per
+default. Apply different file permissions via permissions.yaml. To prevent
+confusion files must be manually chmodded 0644/0755 and directories 0755 or
+via "safcm fixperms".
+`
+
+ tests := []struct {
+ group string
+ exp map[string]*safcm.File
+ expErr error
+ }{
+
+ {
+ "empty",
+ nil,
+ nil,
+ },
+
+ {
+ "group",
+ map[string]*safcm.File{
+ "/": {
+ Path: "/",
+ Mode: fs.ModeDir | 0755,
+ Uid: -1,
+ Gid: -1,
+ },
+ "/etc": {
+ Path: "/etc",
+ Mode: fs.ModeDir | 0755,
+ Uid: -1,
+ Gid: -1,
+ },
+ "/etc/.hidden": {
+ Path: "/etc/.hidden",
+ Mode: 0644,
+ Uid: -1,
+ Gid: -1,
+ Data: []byte("..."),
+ },
+ "/etc/motd": {
+ Path: "/etc/motd",
+ Mode: 0644,
+ Uid: -1,
+ Gid: -1,
+ Data: []byte(`Welcome to
+{{- if .IsHost "host1.example.org"}} Host ONE
+{{- else if "host2"}} Host TWO
+{{- end}}
+
+{{if .InGroup "detected_linux"}}
+This is GNU/Linux host
+{{end}}
+{{if .InGroup "detected_freebsd"}}
+This is FreeBSD host
+{{end}}
+`),
+ },
+ "/etc/rc.local": {
+ Path: "/etc/rc.local",
+ Mode: 0755,
+ Uid: -1,
+ Gid: -1,
+ Data: []byte("#!/bin/sh\n"),
+ },
+ "/etc/resolv.conf": {
+ Path: "/etc/resolv.conf",
+ Mode: 0644,
+ Uid: -1,
+ Gid: -1,
+ Data: []byte("nameserver ::1\n"),
+ },
+ "/etc/test": {
+ Path: "/etc/test",
+ Mode: fs.ModeSymlink | 0777,
+ Uid: -1,
+ Gid: -1,
+ Data: []byte("doesnt-exist"),
+ },
+ },
+ nil,
+ },
+
+ {
+ "files-invalid-type",
+ nil,
+ fmt.Errorf("files-invalid-type: \"files-invalid-type/files/invalid\": file type not supported"),
+ },
+ {
+ "files-invalid-perm-dir",
+ nil,
+ fmt.Errorf("files-invalid-perm-dir: \"files-invalid-perm-dir/files\": invalid permissions 0500" + errMsg),
+ },
+ {
+ "files-invalid-perm-dir-setgid",
+ nil,
+ fmt.Errorf("files-invalid-perm-dir-setgid: \"files-invalid-perm-dir-setgid/files/etc\": invalid permissions 02755" + errMsg),
+ },
+ {
+ "files-invalid-perm-file",
+ nil,
+ fmt.Errorf("files-invalid-perm-file: \"files-invalid-perm-file/files/etc/resolv.conf\": invalid permissions 0600" + errMsg),
+ },
+ {
+ "files-invalid-perm-file-executable",
+ nil,
+ fmt.Errorf("files-invalid-perm-file-executable: \"files-invalid-perm-file-executable/files/etc/rc.local\": invalid permissions 0750" + errMsg),
+ },
+ {
+ "files-invalid-perm-file-sticky",
+ nil,
+ fmt.Errorf("files-invalid-perm-file-sticky: \"files-invalid-perm-file-sticky/files/etc/resolv.conf\": invalid permissions 01644" + errMsg),
+ },
+ }
+
+ for _, tc := range tests {
+ res, err := LoadFiles(tc.group)
+
+ if !reflect.DeepEqual(tc.exp, res) {
+ t.Errorf("%s: res: %s", tc.group,
+ cmp.Diff(tc.exp, res))
+ }
+ // Ugly but the simplest way to compare errors (including nil)
+ if fmt.Sprintf("%s", err) != fmt.Sprintf("%s", tc.expErr) {
+ t.Errorf("%s: err = %#v, want %#v",
+ tc.group, err, tc.expErr)
+ }
+ }
+}