1
0
Fork 0
mirror of synced 2024-11-04 17:08:56 -05:00
yadm/test/test_perms.py

105 lines
3.6 KiB
Python
Raw Normal View History

"""Test perms"""
import os
import pytest
@pytest.mark.parametrize('autoperms', ['notest', 'unset', 'true', 'false'])
@pytest.mark.usefixtures('ds1_copy')
def test_perms(runner, yadm_cmd, paths, ds1, autoperms):
"""Test perms"""
# set the value of auto-perms
if autoperms != 'notest':
if autoperms != 'unset':
os.system(' '.join(
yadm_cmd('config', 'yadm.auto-perms', autoperms)))
# privatepaths will hold all paths that should become secured
privatepaths = [paths.work.join('.ssh'), paths.work.join('.gnupg')]
privatepaths += [paths.work.join(private.path) for private in ds1.private]
# create an archive file
os.system(f'touch "{str(paths.archive)}"')
privatepaths.append(paths.archive)
# create encrypted file test data
efile1 = paths.work.join('efile1')
efile1.write('efile1')
efile2 = paths.work.join('efile2')
efile2.write('efile2')
paths.encrypt.write('efile1\nefile2\n!efile1\n')
insecurepaths = [efile1]
privatepaths.append(efile2)
# assert these paths begin unsecured
for private in privatepaths + insecurepaths:
assert not oct(private.stat().mode).endswith('00'), (
'Path started secured')
cmd = 'perms'
if autoperms != 'notest':
cmd = 'status'
run = runner(yadm_cmd(cmd), env={'HOME': paths.work})
assert run.success
assert run.err == ''
if cmd == 'perms':
assert run.out == ''
# these paths should be secured if processing perms
for private in privatepaths:
if autoperms == 'false':
assert not oct(private.stat().mode).endswith('00'), (
'Path should not be secured')
else:
assert oct(private.stat().mode).endswith('00'), (
'Path has not been secured')
# these paths should never be secured
for private in insecurepaths:
assert not oct(private.stat().mode).endswith('00'), (
'Path should not be secured')
@pytest.mark.parametrize('sshperms', [None, 'true', 'false'])
@pytest.mark.parametrize('gpgperms', [None, 'true', 'false'])
@pytest.mark.usefixtures('ds1_copy')
def test_perms_control(runner, yadm_cmd, paths, ds1, sshperms, gpgperms):
"""Test fine control of perms"""
# set the value of ssh-perms
if sshperms:
os.system(' '.join(yadm_cmd('config', 'yadm.ssh-perms', sshperms)))
# set the value of gpg-perms
if gpgperms:
os.system(' '.join(yadm_cmd('config', 'yadm.gpg-perms', gpgperms)))
# privatepaths will hold all paths that should become secured
privatepaths = [paths.work.join('.ssh'), paths.work.join('.gnupg')]
privatepaths += [paths.work.join(private.path) for private in ds1.private]
# assert these paths begin unsecured
for private in privatepaths:
assert not oct(private.stat().mode).endswith('00'), (
'Path started secured')
run = runner(yadm_cmd('perms'), env={'HOME': paths.work})
assert run.success
assert run.err == ''
assert run.out == ''
# these paths should be secured if processing perms
for private in privatepaths:
if (
(sshperms == 'false' and 'ssh' in str(private))
or
(gpgperms == 'false' and 'gnupg' in str(private))
):
assert not oct(private.stat().mode).endswith('00'), (
'Path should not be secured')
else:
assert oct(private.stat().mode).endswith('00'), (
'Path has not been secured')
2019-11-12 00:28:16 -05:00
# verify permissions aren't changed for the worktree
assert oct(paths.work.stat().mode).endswith('0755')