Skip to content

Commit

Permalink
Added tests for file permissions of /var/run/docker.sock
Browse files Browse the repository at this point in the history
  • Loading branch information
ckunki committed Mar 11, 2024
1 parent 0a6e9d5 commit 2513f36
Showing 1 changed file with 28 additions and 14 deletions.
42 changes: 28 additions & 14 deletions test/unit/entrypoint/test_file_permissions.py
Original file line number Diff line number Diff line change
@@ -1,9 +1,11 @@
import grp
import pytest
import os
import re
import stat

from exasol.ds.sandbox.runtime.ansible.roles.entrypoint.files import entrypoint
from unittest.mock import MagicMock

# def stat_result(
# st_mode=0,
Expand Down Expand Up @@ -33,20 +35,6 @@ def test_file_inspector_non_existing_file(mocker):
assert not os.stat.called


@pytest.fixture
def accessible_file(tmp_path):
mode = os.stat(tmp_path).st_mode | stat.S_IRGRP | stat.S_IWGRP
os.chmod(tmp_path, mode)
return tmp_path


@pytest.fixture
def non_accessible_file(tmp_path):
mode = stat.S_IRUSR | stat.S_IWUSR
os.chmod(tmp_path, mode)
return tmp_path


def test_file_inspector_group_accessible(accessible_file):
testee = entrypoint.FileInspector(accessible_file)
assert testee.is_group_accessible()
Expand All @@ -56,3 +44,29 @@ def test_file_inspector_not_group_accessible(non_accessible_file, caplog):
testee = entrypoint.FileInspector(non_accessible_file)
assert not testee.is_group_accessible()
assert re.match(r"ERROR .* No rw permissions for group", caplog.text)


def test_group_access_unknown_group_id():
testee = entrypoint.GroupAccess(None, None)
assert testee._find_group(9999999) is None


def test_group_access_enable_existing_group(mocker, capsys):
grdb_entry = MagicMock(gr_name="existing")
mocker.patch("grp.getgrgid", return_value=grdb_entry)
testee = entrypoint.GroupAccess("jennifer", entrypoint.Group("other", 666))
testee._run = print
actual = testee.enable()
captured = capsys.readouterr()
assert captured.out == "usermod --append --groups existing jennifer\n"
assert actual == entrypoint.Group("existing", 666)


def test_group_access_enable_unknown_gid(mocker, capsys):
mocker.patch("grp.getgrgid", side_effect=KeyError)
testee = entrypoint.GroupAccess("jennifer", entrypoint.Group("other", 666))
testee._run = print
actual = testee.enable()
captured = capsys.readouterr()
assert captured.out == "groupmod -g 666 other\n"
assert actual == entrypoint.Group("other", 666)

0 comments on commit 2513f36

Please sign in to comment.