mirror of
https://github.com/TheLocehiliosan/yadm
synced 2024-10-27 20:34:27 +00:00
180 lines
3.6 KiB
Plaintext
180 lines
3.6 KiB
Plaintext
|
load common
|
||
|
load_fixtures
|
||
|
|
||
|
setup() {
|
||
|
destroy_tmp
|
||
|
build_repo
|
||
|
}
|
||
|
|
||
|
function is_restricted() {
|
||
|
local p
|
||
|
for p in "${restricted[@]}"; do [ "$p" = "$1" ] && return 0; done
|
||
|
return 1
|
||
|
}
|
||
|
|
||
|
function validate_perms() {
|
||
|
local perms="$@"
|
||
|
|
||
|
#; determine which paths should have restricted permissions
|
||
|
restricted=()
|
||
|
local p
|
||
|
for p in $perms; do
|
||
|
case $p in
|
||
|
ssh)
|
||
|
restricted=("${restricted[@]}" $T_DIR_WORK/.ssh $T_DIR_WORK/.ssh/*)
|
||
|
;;
|
||
|
gpg)
|
||
|
restricted=("${restricted[@]}" $T_DIR_WORK/.gnupg $T_DIR_WORK/.gnupg/*)
|
||
|
;;
|
||
|
encrypt)
|
||
|
local glob
|
||
|
while IFS='' read -r glob || [ -n "$glob" ]; do
|
||
|
if [[ ! $glob =~ ^# ]] ; then
|
||
|
restricted=("${restricted[@]}" $T_DIR_WORK/$glob)
|
||
|
fi
|
||
|
done < "$T_YADM_ENCRYPT"
|
||
|
;;
|
||
|
esac
|
||
|
done
|
||
|
|
||
|
#; validate permissions of each path in the worktere
|
||
|
local testpath
|
||
|
for testpath in $(find "$T_DIR_WORK"); do
|
||
|
local perm_regex="....rwxrwx"
|
||
|
if is_restricted "$testpath"; then
|
||
|
perm_regex="....------"
|
||
|
fi
|
||
|
test_perms "$testpath" "$perm_regex" || return 1
|
||
|
done
|
||
|
}
|
||
|
|
||
|
@test "Command 'perms'" {
|
||
|
echo "
|
||
|
When the command 'perms' is provided
|
||
|
Update permissions for ssh/gpg
|
||
|
Verify correct permissions
|
||
|
Exit with 0
|
||
|
"
|
||
|
|
||
|
#; run perms
|
||
|
run $T_YADM_Y perms
|
||
|
|
||
|
#; validate status and output
|
||
|
[ "$status" -eq 0 ]
|
||
|
[ "$output" = "" ]
|
||
|
|
||
|
#; validate permissions
|
||
|
validate_perms ssh gpg
|
||
|
}
|
||
|
|
||
|
@test "Command 'perms' (with encrypt)" {
|
||
|
echo "
|
||
|
When the command 'perms' is provided
|
||
|
And YADM_ENCRYPT is present
|
||
|
Update permissions for ssh/gpg/encrypt
|
||
|
Support comments in YADM_ENCRYPT
|
||
|
Verify correct permissions
|
||
|
Exit with 0
|
||
|
"
|
||
|
|
||
|
#; this version has a comment in it
|
||
|
echo -e "#.vimrc\n.hammerspoon/*" > "$T_YADM_ENCRYPT"
|
||
|
|
||
|
#; run perms
|
||
|
run $T_YADM_Y perms
|
||
|
|
||
|
#; validate status and output
|
||
|
[ "$status" -eq 0 ]
|
||
|
[ "$output" = "" ]
|
||
|
|
||
|
#; this version has no comments in it
|
||
|
echo -e ".hammerspoon/*" > "$T_YADM_ENCRYPT"
|
||
|
|
||
|
#; validate permissions
|
||
|
validate_perms ssh gpg encrypt
|
||
|
}
|
||
|
|
||
|
@test "Command 'perms' (ssh-perms=false)" {
|
||
|
echo "
|
||
|
When the command 'perms' is provided
|
||
|
And yadm.ssh-perms=false
|
||
|
Update permissions for gpg only
|
||
|
Verify correct permissions
|
||
|
Exit with 0
|
||
|
"
|
||
|
|
||
|
#; configure yadm.ssh-perms
|
||
|
git config --file="$T_YADM_CONFIG" "yadm.ssh-perms" "false"
|
||
|
|
||
|
#; run perms
|
||
|
run $T_YADM_Y perms
|
||
|
|
||
|
#; validate status and output
|
||
|
[ "$status" -eq 0 ]
|
||
|
[ "$output" = "" ]
|
||
|
|
||
|
#; validate permissions
|
||
|
validate_perms gpg
|
||
|
}
|
||
|
|
||
|
@test "Command 'perms' (gpg-perms=false)" {
|
||
|
echo "
|
||
|
When the command 'perms' is provided
|
||
|
And yadm.gpg-perms=false
|
||
|
Update permissions for ssh only
|
||
|
Verify correct permissions
|
||
|
Exit with 0
|
||
|
"
|
||
|
|
||
|
#; configure yadm.gpg-perms
|
||
|
git config --file="$T_YADM_CONFIG" "yadm.gpg-perms" "false"
|
||
|
|
||
|
#; run perms
|
||
|
run $T_YADM_Y perms
|
||
|
|
||
|
#; validate status and output
|
||
|
[ "$status" -eq 0 ]
|
||
|
[ "$output" = "" ]
|
||
|
|
||
|
#; validate permissions
|
||
|
validate_perms ssh
|
||
|
}
|
||
|
|
||
|
@test "Command 'auto-perms' (enabled)" {
|
||
|
echo "
|
||
|
When a command possibly changes the repo
|
||
|
Update permissions for ssh/gpg
|
||
|
Verify correct permissions
|
||
|
"
|
||
|
|
||
|
#; run status
|
||
|
run $T_YADM_Y status
|
||
|
|
||
|
#; validate status
|
||
|
[ "$status" -eq 0 ]
|
||
|
|
||
|
#; validate permissions
|
||
|
validate_perms ssh gpg
|
||
|
}
|
||
|
|
||
|
@test "Command 'auto-perms' (disabled)" {
|
||
|
echo "
|
||
|
When a command possibly changes the repo
|
||
|
And yadm.auto-perms=false
|
||
|
Take no action
|
||
|
Verify permissions are intact
|
||
|
"
|
||
|
|
||
|
#; configure yadm.auto-perms
|
||
|
git config --file="$T_YADM_CONFIG" "yadm.auto-perms" "false"
|
||
|
|
||
|
#; run status
|
||
|
run $T_YADM_Y status
|
||
|
|
||
|
#; validate status
|
||
|
[ "$status" -eq 0 ]
|
||
|
|
||
|
#; validate permissions
|
||
|
validate_perms
|
||
|
}
|