1
0
Fork 0
mirror of synced 2025-01-22 19:52:07 -05:00
yadm/test/test_perms.py
Tim Byrne e7f9616b39
Rewrite testing system ()
The new test system is written with py.test. These tests are more
comprehensive, run faster by an order of magnitude, and are far more
maintainable. The tests themselves conform to PEP8.
2019-02-20 07:48:25 -06:00

111 lines
3.9 KiB
Python

"""Test perms"""
import os
import warnings
import pytest
@pytest.mark.parametrize('autoperms', ['notest', 'unset', 'true', 'false'])
@pytest.mark.usefixtures('ds1_copy')
def test_perms(runner, yadm_y, paths, ds1, autoperms):
"""Test perms"""
# set the value of auto-perms
if autoperms != 'notest':
if autoperms != 'unset':
os.system(' '.join(yadm_y('config', 'yadm.auto-perms', autoperms)))
# privatepaths will hold all paths that should become secured
privatepaths = [paths.work.join('.ssh'), paths.work.join('.gnupg')]
privatepaths += [paths.work.join(private.path) for private in ds1.private]
# create an archive file
os.system(f'touch "{str(paths.archive)}"')
privatepaths.append(paths.archive)
# create encrypted file test data
efile1 = paths.work.join('efile1')
efile1.write('efile1')
efile2 = paths.work.join('efile2')
efile2.write('efile2')
paths.encrypt.write('efile1\nefile2\n!efile1\n')
insecurepaths = [efile1]
privatepaths.append(efile2)
# assert these paths begin unsecured
for private in privatepaths + insecurepaths:
assert not oct(private.stat().mode).endswith('00'), (
'Path started secured')
cmd = 'perms'
if autoperms != 'notest':
cmd = 'status'
run = runner(yadm_y(cmd))
assert run.success
assert run.err == ''
if cmd == 'perms':
assert run.out == ''
# these paths should be secured if processing perms
for private in privatepaths:
if '.p2' in private.basename or '.p4' in private.basename:
# Dot files within .ssh/.gnupg are not protected.
# This is a but which must be fixed
warnings.warn('Unhandled bug: private dot files', Warning)
continue
if autoperms == 'false':
assert not oct(private.stat().mode).endswith('00'), (
'Path should not be secured')
else:
assert oct(private.stat().mode).endswith('00'), (
'Path has not been secured')
# these paths should never be secured
for private in insecurepaths:
assert not oct(private.stat().mode).endswith('00'), (
'Path should not be secured')
@pytest.mark.parametrize('sshperms', [None, 'true', 'false'])
@pytest.mark.parametrize('gpgperms', [None, 'true', 'false'])
@pytest.mark.usefixtures('ds1_copy')
def test_perms_control(runner, yadm_y, paths, ds1, sshperms, gpgperms):
"""Test fine control of perms"""
# set the value of ssh-perms
if sshperms:
os.system(' '.join(yadm_y('config', 'yadm.ssh-perms', sshperms)))
# set the value of gpg-perms
if gpgperms:
os.system(' '.join(yadm_y('config', 'yadm.gpg-perms', gpgperms)))
# privatepaths will hold all paths that should become secured
privatepaths = [paths.work.join('.ssh'), paths.work.join('.gnupg')]
privatepaths += [paths.work.join(private.path) for private in ds1.private]
# assert these paths begin unsecured
for private in privatepaths:
assert not oct(private.stat().mode).endswith('00'), (
'Path started secured')
run = runner(yadm_y('perms'))
assert run.success
assert run.err == ''
assert run.out == ''
# these paths should be secured if processing perms
for private in privatepaths:
if '.p2' in private.basename or '.p4' in private.basename:
# Dot files within .ssh/.gnupg are not protected.
# This is a but which must be fixed
warnings.warn('Unhandled bug: private dot files', Warning)
continue
if (
(sshperms == 'false' and 'ssh' in str(private))
or
(gpgperms == 'false' and 'gnupg' in str(private))
):
assert not oct(private.stat().mode).endswith('00'), (
'Path should not be secured')
else:
assert oct(private.stat().mode).endswith('00'), (
'Path has not been secured')