1 // SPDX-License-Identifier: GPL-3.0-or-later
2 // Copyright (C) 2021-2024 Simon Ruderich
12 "ruderich.org/simon/safcm"
13 "ruderich.org/simon/safcm/testutil"
16 func TestLoadPermissions(t *testing.T) {
17 cwd, err := os.Getwd()
21 defer os.Chdir(cwd) //nolint:errcheck
23 err = os.Chdir("../testdata/project")
30 exp map[string]*safcm.File
42 map[string]*safcm.File{
45 Mode: fs.ModeDir | 0755 | fs.ModeSetgid,
51 Mode: fs.ModeDir | 0755,
57 Mode: 0100 | fs.ModeSetuid | fs.ModeSetgid | fs.ModeSticky,
67 Data: []byte(`Welcome to
68 {{- if .IsHost "host1.example.org"}} Host ONE
69 {{- else if "host2"}} Host TWO
72 {{if .InGroup "detected_linux"}}
73 This is GNU/Linux host
75 {{if .InGroup "detected_freebsd"}}
82 {{if .InGroup "host1.example.org"}}
85 {{if .InGroup "host2"}}
88 {{if .InGroup "host3.example.net"}}
94 Path: "/etc/rc.local",
98 Data: []byte("#!/bin/sh\n"),
100 "/etc/resolv.conf": {
101 Path: "/etc/resolv.conf",
107 Data: []byte("nameserver ::1\n"),
111 Mode: fs.ModeSymlink | 0777,
114 Data: []byte("doesnt-exist"),
121 "permissions-invalid-execute",
122 map[string]*safcm.File{
125 Mode: fs.ModeDir | 0755,
131 Mode: fs.ModeDir | 0755,
136 Path: "/etc/rc.local",
140 Data: []byte("#!/bin/sh\n"),
143 fmt.Errorf("permissions-invalid-execute/permissions.yaml: \"/etc/rc.local\": trying to remove +x from file, manually chmod -x in files/"),
146 "permissions-invalid-line",
147 map[string]*safcm.File{
150 Mode: fs.ModeDir | 0755,
156 Mode: fs.ModeDir | 0755,
160 "/etc/resolv.conf": {
161 Path: "/etc/resolv.conf",
165 Data: []byte("nameserver ::1\n"),
168 fmt.Errorf("permissions-invalid-line/permissions.yaml: invalid line \"invalid line\" (expected <perm> [<user> <group>])"),
171 "permissions-invalid-path",
173 fmt.Errorf("permissions-invalid-path/permissions.yaml: \"/does/not/exist\" does not exist in files/"),
176 "permissions-invalid-permission",
177 map[string]*safcm.File{
180 Mode: fs.ModeDir | 0755,
186 Mode: fs.ModeDir | 0755,
190 "/etc/resolv.conf": {
191 Path: "/etc/resolv.conf",
195 Data: []byte("nameserver ::1\n"),
198 fmt.Errorf("permissions-invalid-permission/permissions.yaml: invalid permission \"u=rwg=r\" (expected e.g. \"0644\" or \"01777\")"),
201 "permissions-invalid-permission-int",
202 map[string]*safcm.File{
205 Mode: fs.ModeDir | 0755,
211 Mode: fs.ModeDir | 0755,
215 "/etc/resolv.conf": {
216 Path: "/etc/resolv.conf",
220 Data: []byte("nameserver ::1\n"),
223 fmt.Errorf("permissions-invalid-permission-int/permissions.yaml: invalid permission 066066 (expected e.g. 0644 or 01777)"),
226 "permissions-invalid-permission-negative",
227 map[string]*safcm.File{
230 Mode: fs.ModeDir | 0755,
236 Mode: fs.ModeDir | 0755,
240 "/etc/resolv.conf": {
241 Path: "/etc/resolv.conf",
245 Data: []byte("nameserver ::1\n"),
248 fmt.Errorf("permissions-invalid-permission-negative/permissions.yaml: invalid permission -042 (expected e.g. 0644 or 01777)"),
252 for _, tc := range tests {
253 t.Run(tc.group, func(t *testing.T) {
254 // Use LoadFiles() so we work on real data and don't
255 // make any mistakes generating it
256 files, err := LoadFiles(tc.group)
258 t.Fatalf("err = %#v, want nil", err)
260 err = LoadPermissions(tc.group, files)
262 testutil.AssertEqual(t, "res", files, tc.exp)
263 testutil.AssertErrorEqual(t, "err", err, tc.expErr)