1
0
Fork 0
mirror of synced 2024-12-04 14:45:36 -05:00
yadm/test/test_perms.py
2023-07-12 09:20:00 -05:00

93 lines
3.4 KiB
Python

"""Test perms"""
import os
import pytest
@pytest.mark.parametrize("autoperms", ["notest", "unset", "true", "false"])
@pytest.mark.usefixtures("ds1_copy")
def test_perms(runner, yadm_cmd, paths, ds1, autoperms):
"""Test perms"""
# set the value of auto-perms
if autoperms != "notest":
if autoperms != "unset":
os.system(" ".join(yadm_cmd("config", "yadm.auto-perms", autoperms)))
# privatepaths will hold all paths that should become secured
privatepaths = [paths.work.join(".ssh"), paths.work.join(".gnupg")]
privatepaths += [paths.work.join(private.path) for private in ds1.private]
# create an archive file
os.system(f'touch "{str(paths.archive)}"')
privatepaths.append(paths.archive)
# create encrypted file test data
efile1 = paths.work.join("efile1")
efile1.write("efile1")
efile2 = paths.work.join("efile2")
efile2.write("efile2")
paths.encrypt.write("efile1\nefile2\n!efile1\n")
insecurepaths = [efile1]
privatepaths.append(efile2)
# assert these paths begin unsecured
for private in privatepaths + insecurepaths:
assert not oct(private.stat().mode).endswith("00"), "Path started secured"
cmd = "perms"
if autoperms != "notest":
cmd = "status"
run = runner(yadm_cmd(cmd), env={"HOME": paths.work})
assert run.success
assert run.err == ""
if cmd == "perms":
assert run.out == ""
# these paths should be secured if processing perms
for private in privatepaths:
if autoperms == "false":
assert not oct(private.stat().mode).endswith("00"), "Path should not be secured"
else:
assert oct(private.stat().mode).endswith("00"), "Path has not been secured"
# these paths should never be secured
for private in insecurepaths:
assert not oct(private.stat().mode).endswith("00"), "Path should not be secured"
@pytest.mark.parametrize("sshperms", [None, "true", "false"])
@pytest.mark.parametrize("gpgperms", [None, "true", "false"])
@pytest.mark.usefixtures("ds1_copy")
def test_perms_control(runner, yadm_cmd, paths, ds1, sshperms, gpgperms):
"""Test fine control of perms"""
# set the value of ssh-perms
if sshperms:
os.system(" ".join(yadm_cmd("config", "yadm.ssh-perms", sshperms)))
# set the value of gpg-perms
if gpgperms:
os.system(" ".join(yadm_cmd("config", "yadm.gpg-perms", gpgperms)))
# privatepaths will hold all paths that should become secured
privatepaths = [paths.work.join(".ssh"), paths.work.join(".gnupg")]
privatepaths += [paths.work.join(private.path) for private in ds1.private]
# assert these paths begin unsecured
for private in privatepaths:
assert not oct(private.stat().mode).endswith("00"), "Path started secured"
run = runner(yadm_cmd("perms"), env={"HOME": paths.work})
assert run.success
assert run.err == ""
assert run.out == ""
# these paths should be secured if processing perms
for private in privatepaths:
if (sshperms == "false" and "ssh" in str(private)) or (gpgperms == "false" and "gnupg" in str(private)):
assert not oct(private.stat().mode).endswith("00"), "Path should not be secured"
else:
assert oct(private.stat().mode).endswith("00"), "Path has not been secured"
# verify permissions aren't changed for the worktree
assert oct(paths.work.stat().mode).endswith("0755")