-// Copyright (C) 2021 Simon Ruderich
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with this program. If not, see <http://www.gnu.org/licenses/>.
+// SPDX-License-Identifier: GPL-3.0-or-later
+// Copyright (C) 2021-2024 Simon Ruderich
package config
"fmt"
"io/fs"
"os"
- "reflect"
- "syscall"
+ "runtime"
"testing"
- "github.com/google/go-cmp/cmp"
-
"ruderich.org/simon/safcm"
+ ft "ruderich.org/simon/safcm/remote/sync/filetest"
+ "ruderich.org/simon/safcm/testutil"
)
-func chmod(name string, perm int) {
- err := os.Chmod(name, FullPermToFileMode(perm))
+func chmod(name string, mode fs.FileMode) {
+ err := os.Chmod(name, mode)
if err != nil {
panic(err)
}
if err != nil {
t.Fatal(err)
}
- defer os.Chdir(cwd)
+ defer os.Chdir(cwd) //nolint:errcheck
err = os.Chdir("../testdata/project")
if err != nil {
t.Fatal(err)
}
+ // Regular users cannot create sticky files
+ skipInvalidSticky := os.Getuid() != 0 &&
+ (runtime.GOOS == "freebsd" || runtime.GOOS == "openbsd")
+
chmod("files-invalid-perm-dir/files", 0500)
defer chmod("files-invalid-perm-dir/files", 0700)
chmod("files-invalid-perm-dir/files/etc/", 0755)
chmod("files-invalid-perm-dir/files/etc/resolv.conf", 0644)
chmod("files-invalid-perm-dir-setgid/files", 0755)
- chmod("files-invalid-perm-dir-setgid/files/etc/", 02755)
+ chmod("files-invalid-perm-dir-setgid/files/etc/", 0755|fs.ModeSetgid)
chmod("files-invalid-perm-dir-setgid/files/etc/resolv.conf", 0644)
chmod("files-invalid-perm-file/files", 0755)
chmod("files-invalid-perm-file/files/etc/", 0755)
chmod("files-invalid-perm-file-executable/files", 0755)
chmod("files-invalid-perm-file-executable/files/etc", 0755)
chmod("files-invalid-perm-file-executable/files/etc/rc.local", 0750)
- chmod("files-invalid-perm-file-sticky/files", 0755)
- chmod("files-invalid-perm-file-sticky/files/etc", 0755)
- chmod("files-invalid-perm-file-sticky/files/etc/resolv.conf", 01644)
-
- err = syscall.Mkfifo("files-invalid-type/files/invalid", 0644)
- if err != nil {
- t.Fatal(err)
+ if !skipInvalidSticky {
+ chmod("files-invalid-perm-file-sticky/files", 0755)
+ chmod("files-invalid-perm-file-sticky/files/etc", 0755)
+ chmod("files-invalid-perm-file-sticky/files/etc/resolv.conf",
+ 0644|fs.ModeSticky)
}
+
+ ft.CreateFifo("files-invalid-type/files/invalid", 0644)
defer os.Remove("files-invalid-type/files/invalid")
const errMsg = `
+
The actual permissions and user/group of files and directories are not used
(except for +x on files). 0644/0755 and current remote user/group is used per
default. Apply different file permissions via permissions.yaml. To prevent
tests := []struct {
group string
+ skip bool
exp map[string]*safcm.File
expErr error
}{
{
"empty",
+ false,
nil,
nil,
},
{
"group",
+ false,
map[string]*safcm.File{
"/": {
Path: "/",
{{if .InGroup "detected_freebsd"}}
This is FreeBSD host
{{end}}
+
+{{if .InGroup "all"}}
+all
+{{end}}
+{{if .InGroup "host1.example.org"}}
+host1.example.org
+{{end}}
+{{if .InGroup "host2"}}
+host2
+{{end}}
+{{if .InGroup "host3.example.net"}}
+host3.example.net
+{{end}}
`),
},
"/etc/rc.local": {
{
"files-invalid-type",
+ false,
nil,
fmt.Errorf("files-invalid-type: \"files-invalid-type/files/invalid\": file type not supported"),
},
{
"files-invalid-perm-dir",
+ false,
nil,
fmt.Errorf("files-invalid-perm-dir: \"files-invalid-perm-dir/files\": invalid permissions 0500" + errMsg),
},
{
"files-invalid-perm-dir-setgid",
+ false,
nil,
fmt.Errorf("files-invalid-perm-dir-setgid: \"files-invalid-perm-dir-setgid/files/etc\": invalid permissions 02755" + errMsg),
},
{
"files-invalid-perm-file",
+ false,
nil,
fmt.Errorf("files-invalid-perm-file: \"files-invalid-perm-file/files/etc/resolv.conf\": invalid permissions 0600" + errMsg),
},
{
"files-invalid-perm-file-executable",
+ false,
nil,
fmt.Errorf("files-invalid-perm-file-executable: \"files-invalid-perm-file-executable/files/etc/rc.local\": invalid permissions 0750" + errMsg),
},
{
"files-invalid-perm-file-sticky",
+ skipInvalidSticky,
nil,
fmt.Errorf("files-invalid-perm-file-sticky: \"files-invalid-perm-file-sticky/files/etc/resolv.conf\": invalid permissions 01644" + errMsg),
},
for _, tc := range tests {
t.Run(tc.group, func(t *testing.T) {
- res, err := LoadFiles(tc.group)
-
- if !reflect.DeepEqual(tc.exp, res) {
- t.Errorf("res: %s",
- cmp.Diff(tc.exp, res))
- }
- // Ugly but the simplest way to compare errors (including nil)
- if fmt.Sprintf("%s", err) != fmt.Sprintf("%s", tc.expErr) {
- t.Errorf("err = %#v, want %#v",
- err, tc.expErr)
- }
+ if tc.skip {
+ t.SkipNow()
+ }
+
+ res, err := LoadFiles(tc.group)
+ testutil.AssertEqual(t, "res", res, tc.exp)
+ testutil.AssertErrorEqual(t, "err", err, tc.expErr)
})
}
}
ruderich.org/simon / safcm / safcm.git / blobdiff