config: disallow negative permissions

[safcm/safcm.git] / cmd / safcm / config / permissions_test.go

diff --git a/cmd/safcm/config/permissions_test.go b/cmd/safcm/config/permissions_test.go
index 4efefafd2deb9af727d9b08894211ed41c3231f6..001489e903e2d6c4507c4235f92793761198a94a 100644 (file)
--- a/cmd/safcm/config/permissions_test.go
+++ b/cmd/safcm/config/permissions_test.go
@@ -19,12 +19,10 @@ import (
        "fmt"
        "io/fs"
        "os"
-       "reflect"
        "testing"
 
-       "github.com/google/go-cmp/cmp"
-
        "ruderich.org/simon/safcm"
+       "ruderich.org/simon/safcm/testutil"
 )
 
 func TestLoadPermissions(t *testing.T) {
@@ -89,6 +87,19 @@ This is GNU/Linux host
 {{if .InGroup "detected_freebsd"}}
 This is FreeBSD host
 {{end}}
+
+{{if .InGroup "all"}}
+all
+{{end}}
+{{if .InGroup "host1.example.org"}}
+host1.example.org
+{{end}}
+{{if .InGroup "host2"}}
+host2
+{{end}}
+{{if .InGroup "host3.example.net"}}
+host3.example.net
+{{end}}
 `),
                                },
                                "/etc/rc.local": {
@@ -223,27 +234,45 @@ This is FreeBSD host
                        },
                        fmt.Errorf("permissions-invalid-permission-int/permissions.yaml: invalid permission 066066 (expected e.g. 0644 or 01777)"),
                },
+               {
+                       "permissions-invalid-permission-negative",
+                       map[string]*safcm.File{
+                               "/": {
+                                       Path: "/",
+                                       Mode: fs.ModeDir | 0755,
+                                       Uid:  -1,
+                                       Gid:  -1,
+                               },
+                               "/etc": {
+                                       Path: "/etc",
+                                       Mode: fs.ModeDir | 0755,
+                                       Uid:  -1,
+                                       Gid:  -1,
+                               },
+                               "/etc/resolv.conf": {
+                                       Path: "/etc/resolv.conf",
+                                       Mode: 0644,
+                                       Uid:  -1,
+                                       Gid:  -1,
+                                       Data: []byte("nameserver ::1\n"),
+                               },
+                       },
+                       fmt.Errorf("permissions-invalid-permission-negative/permissions.yaml: invalid permission -042 (expected e.g. 0644 or 01777)"),
+               },
        }
 
        for _, tc := range tests {
                t.Run(tc.group, func(t *testing.T) {
-               // Use LoadFiles() so we work on real data and don't make any
-               // mistakes generating it
-               files, err := LoadFiles(tc.group)
-               if err != nil {
-                       t.Fatalf("err = %#v, want nil", err)
-               }
-               err = LoadPermissions(tc.group, files)
+                       // Use LoadFiles() so we work on real data and don't
+                       // make any mistakes generating it
+                       files, err := LoadFiles(tc.group)
+                       if err != nil {
+                               t.Fatalf("err = %#v, want nil", err)
+                       }
+                       err = LoadPermissions(tc.group, files)
 
-               if !reflect.DeepEqual(tc.exp, files) {
-                       t.Errorf("res: %s",
-                               cmp.Diff(tc.exp, files))
-               }
-               // Ugly but the simplest way to compare errors (including nil)
-               if fmt.Sprintf("%s", err) != fmt.Sprintf("%s", tc.expErr) {
-                       t.Errorf("err = %#v, want %#v",
-                               err, tc.expErr)
-               }
+                       testutil.AssertEqual(t, "res", files, tc.exp)
+                       testutil.AssertErrorEqual(t, "err", err, tc.expErr)
                })
        }
 }