1
0
Fork 0
mirror of synced 2025-01-21 19:39:28 -05:00
yadm/test/test_perms.py

94 lines
3.4 KiB
Python
Raw Normal View History

"""Test perms"""
import os
2023-07-10 10:14:33 -04:00
import pytest
2023-07-10 15:43:17 -04:00
@pytest.mark.parametrize("autoperms", ["notest", "unset", "true", "false"])
@pytest.mark.usefixtures("ds1_copy")
def test_perms(runner, yadm_cmd, paths, ds1, autoperms):
"""Test perms"""
# set the value of auto-perms
2023-07-10 15:43:17 -04:00
if autoperms != "notest":
if autoperms != "unset":
os.system(" ".join(yadm_cmd("config", "yadm.auto-perms", autoperms)))
# privatepaths will hold all paths that should become secured
2023-07-10 15:43:17 -04:00
privatepaths = [paths.work.join(".ssh"), paths.work.join(".gnupg")]
privatepaths += [paths.work.join(private.path) for private in ds1.private]
# create an archive file
os.system(f'touch "{str(paths.archive)}"')
privatepaths.append(paths.archive)
# create encrypted file test data
2023-07-10 15:43:17 -04:00
efile1 = paths.work.join("efile1")
efile1.write("efile1")
efile2 = paths.work.join("efile2")
efile2.write("efile2")
paths.encrypt.write("efile1\nefile2\n!efile1\n")
insecurepaths = [efile1]
privatepaths.append(efile2)
# assert these paths begin unsecured
for private in privatepaths + insecurepaths:
2023-07-10 15:43:17 -04:00
assert not oct(private.stat().mode).endswith("00"), "Path started secured"
2023-07-10 15:43:17 -04:00
cmd = "perms"
if autoperms != "notest":
cmd = "status"
run = runner(yadm_cmd(cmd), env={"HOME": paths.work})
assert run.success
2023-07-10 15:43:17 -04:00
assert run.err == ""
if cmd == "perms":
assert run.out == ""
# these paths should be secured if processing perms
for private in privatepaths:
2023-07-10 15:43:17 -04:00
if autoperms == "false":
assert not oct(private.stat().mode).endswith("00"), "Path should not be secured"
else:
2023-07-10 15:43:17 -04:00
assert oct(private.stat().mode).endswith("00"), "Path has not been secured"
# these paths should never be secured
for private in insecurepaths:
2023-07-10 15:43:17 -04:00
assert not oct(private.stat().mode).endswith("00"), "Path should not be secured"
2023-07-10 15:43:17 -04:00
@pytest.mark.parametrize("sshperms", [None, "true", "false"])
@pytest.mark.parametrize("gpgperms", [None, "true", "false"])
@pytest.mark.usefixtures("ds1_copy")
def test_perms_control(runner, yadm_cmd, paths, ds1, sshperms, gpgperms):
"""Test fine control of perms"""
# set the value of ssh-perms
if sshperms:
2023-07-10 15:43:17 -04:00
os.system(" ".join(yadm_cmd("config", "yadm.ssh-perms", sshperms)))
# set the value of gpg-perms
if gpgperms:
2023-07-10 15:43:17 -04:00
os.system(" ".join(yadm_cmd("config", "yadm.gpg-perms", gpgperms)))
# privatepaths will hold all paths that should become secured
2023-07-10 15:43:17 -04:00
privatepaths = [paths.work.join(".ssh"), paths.work.join(".gnupg")]
privatepaths += [paths.work.join(private.path) for private in ds1.private]
# assert these paths begin unsecured
for private in privatepaths:
2023-07-10 15:43:17 -04:00
assert not oct(private.stat().mode).endswith("00"), "Path started secured"
2023-07-10 15:43:17 -04:00
run = runner(yadm_cmd("perms"), env={"HOME": paths.work})
assert run.success
2023-07-10 15:43:17 -04:00
assert run.err == ""
assert run.out == ""
# these paths should be secured if processing perms
for private in privatepaths:
2023-07-10 15:43:17 -04:00
if (sshperms == "false" and "ssh" in str(private)) or (gpgperms == "false" and "gnupg" in str(private)):
assert not oct(private.stat().mode).endswith("00"), "Path should not be secured"
else:
2023-07-10 15:43:17 -04:00
assert oct(private.stat().mode).endswith("00"), "Path has not been secured"
2019-11-12 00:28:16 -05:00
# verify permissions aren't changed for the worktree
2023-07-10 15:43:17 -04:00
assert oct(paths.work.stat().mode).endswith("0755")