salt/tests/unit/perm_test.py

# -*- coding: utf-8 -*-
'''
    :codeauthor: :email:`Mike Place <mp@saltstack.com`


    Tests to ensure that the file permissions are set correctly when
    importing from the git repo.
'''

# Import python libs
import os
import stat
import pprint

# Import salt testing libs
from salttesting import TestCase
from salttesting.helpers import ensure_in_syspath

ensure_in_syspath('..')

from integration import CODE_DIR

EXEMPT_DIRS = []
EXEMPT_FILES = [
    'debian/rules',
    'doc/.scripts/compile-translation-catalogs',
    'doc/.scripts/download-translation-catalog',
    'doc/.scripts/setup-transifex-config',
    'doc/.scripts/update-transifex-source-translations',
    'pkg/arch/Makefile',
    'pkg/arch/PKGBUILD',
    'pkg/arch/PKGBUILD-git',
    'pkg/arch/PKGBUILD-local',
    'pkg/arch/git/PKGBUILD',
    'pkg/rpm/build.py',
    'pkg/rpm/salt-master',
    'pkg/rpm/salt-minion',
    'pkg/rpm/salt-syndic',
    'pkg/shar/build_shar.sh',
    'pkg/smartos/esky/install.sh',
    'salt/templates/git/ssh-id-wrapper',
    'scripts/salt',
    'scripts/salt-call',
    'scripts/salt-cloud',
    'scripts/salt-cp',
    'scripts/salt-key',
    'scripts/salt-master',
    'scripts/salt-minion',
    'scripts/salt-run',
    'scripts/salt-ssh',
    'scripts/salt-syndic',
    'setup.py',
    'tests/integration/mockbin/su',
    'tests/runtests.py',
    'tests/saltsh.py',
]

IGNORE_PATHS = [
    '.git',
    '.wti',
    'build',
    'dist',
    'salt.egg-info',
    '.ropeproject',
]


class GitPermTestCase(TestCase):
    def test_perms(self):
        suspect_entries = []
        for root, dirnames, filenames in os.walk(CODE_DIR, topdown=True):
            for dirname in dirnames:
                entry = os.path.relpath(
                    os.path.join(root, dirname), CODE_DIR
                )
                if entry in IGNORE_PATHS:
                    continue

                skip_entry = False
                for ignore_path in IGNORE_PATHS:
                    if entry.startswith(ignore_path):
                        skip_entry = True
                        break

                if skip_entry:
                    continue

                fn_mode = stat.S_IMODE(os.stat(entry).st_mode)
                if fn_mode != 493 and entry not in EXEMPT_DIRS:  # In octal! 493 == 0755
                    suspect_entries.append(entry)

            for filename in filenames:
                entry = os.path.relpath(
                    os.path.join(root, filename), CODE_DIR
                )
                if entry in IGNORE_PATHS:
                    continue

                skip_entry = False
                for ignore_path in IGNORE_PATHS:
                    if entry.startswith(ignore_path):
                        skip_entry = True
                        break

                if skip_entry:
                    continue

                fn_mode = stat.S_IMODE(os.stat(entry).st_mode)
                if fn_mode != 420 and entry not in EXEMPT_FILES:  # In octal! 420 == 0644
                    suspect_entries.append(entry)

        try:
            self.assertEqual(suspect_entries, [])
        except AssertionError:
            self.fail(
                'Found file(s) with incorrect permissions:\n{0}'.format(
                    pprint.pformat(sorted(suspect_entries))
                )
            )


if __name__ == '__main__':
    from integration import run_tests
    run_tests(GitPermTestCase, needs_daemon=False)
Warn us about suspect perms. I've found cases where people have been setting permissions for files and then those permissions are being pushed into git. This is annoying at best and potentially dangerous at worst. This test walks the tree and warns us about anything that's out of order. 2014-02-27 18:33:27 +00:00			`# -- coding: utf-8 --`
			`'''`
			:codeauthor: :email:`Mike Place <mp@saltstack.com`


			`Tests to ensure that the file permissions are set correctly when`
			`importing from the git repo.`
			`'''`

http://www.youtube.com/watch?v=v7NzBTRzCkg 2014-02-27 19:58:39 +00:00			`# Import python libs`
Warn us about suspect perms. I've found cases where people have been setting permissions for files and then those permissions are being pushed into git. This is annoying at best and potentially dangerous at worst. This test walks the tree and warns us about anything that's out of order. 2014-02-27 18:33:27 +00:00			`import os`
			`import stat`
Improve permissions check testcase. 2014-03-23 18:20:42 +00:00			`import pprint`
Warn us about suspect perms. I've found cases where people have been setting permissions for files and then those permissions are being pushed into git. This is annoying at best and potentially dangerous at worst. This test walks the tree and warns us about anything that's out of order. 2014-02-27 18:33:27 +00:00
http://www.youtube.com/watch?v=v7NzBTRzCkg 2014-02-27 19:58:39 +00:00			`# Import salt testing libs`
Warn us about suspect perms. I've found cases where people have been setting permissions for files and then those permissions are being pushed into git. This is annoying at best and potentially dangerous at worst. This test walks the tree and warns us about anything that's out of order. 2014-02-27 18:33:27 +00:00			`from salttesting import TestCase`
Reuse existing vars. Allow standalone execution. 2014-03-23 16:57:51 +00:00			`from salttesting.helpers import ensure_in_syspath`
Warn us about suspect perms. I've found cases where people have been setting permissions for files and then those permissions are being pushed into git. This is annoying at best and potentially dangerous at worst. This test walks the tree and warns us about anything that's out of order. 2014-02-27 18:33:27 +00:00
Reuse existing vars. Allow standalone execution. 2014-03-23 16:57:51 +00:00			`ensure_in_syspath('..')`
Warn us about suspect perms. I've found cases where people have been setting permissions for files and then those permissions are being pushed into git. This is annoying at best and potentially dangerous at worst. This test walks the tree and warns us about anything that's out of order. 2014-02-27 18:33:27 +00:00
Reuse existing vars. Allow standalone execution. 2014-03-23 16:57:51 +00:00			`from integration import CODE_DIR`
Warn us about suspect perms. I've found cases where people have been setting permissions for files and then those permissions are being pushed into git. This is annoying at best and potentially dangerous at worst. This test walks the tree and warns us about anything that's out of order. 2014-02-27 18:33:27 +00:00
Improve permissions check testcase. 2014-03-23 18:20:42 +00:00			`EXEMPT_DIRS = []`
			`EXEMPT_FILES = [`
			`'debian/rules',`
			`'doc/.scripts/compile-translation-catalogs',`
			`'doc/.scripts/download-translation-catalog',`
			`'doc/.scripts/setup-transifex-config',`
			`'doc/.scripts/update-transifex-source-translations',`
			`'pkg/arch/Makefile',`
			`'pkg/arch/PKGBUILD',`
			`'pkg/arch/PKGBUILD-git',`
			`'pkg/arch/PKGBUILD-local',`
			`'pkg/arch/git/PKGBUILD',`
Add some more files to the exempt ones 2014-03-24 17:02:23 +00:00			`'pkg/rpm/build.py',`
Improve permissions check testcase. 2014-03-23 18:20:42 +00:00			`'pkg/rpm/salt-master',`
			`'pkg/rpm/salt-minion',`
			`'pkg/rpm/salt-syndic',`
Add missing comma. 2014-03-29 01:26:02 +00:00			`'pkg/shar/build_shar.sh',`
Improve permissions check testcase. 2014-03-23 18:20:42 +00:00			`'pkg/smartos/esky/install.sh',`
			`'salt/templates/git/ssh-id-wrapper',`
			`'scripts/salt',`
			`'scripts/salt-call',`
			`'scripts/salt-cloud',`
			`'scripts/salt-cp',`
			`'scripts/salt-key',`
			`'scripts/salt-master',`
			`'scripts/salt-minion',`
			`'scripts/salt-run',`
			`'scripts/salt-ssh',`
			`'scripts/salt-syndic',`
			`'setup.py',`
			`'tests/integration/mockbin/su',`
			`'tests/runtests.py',`
Add some more files to the exempt ones 2014-03-24 17:02:23 +00:00			`'tests/saltsh.py',`
Improve permissions check testcase. 2014-03-23 18:20:42 +00:00			`]`

			`IGNORE_PATHS = [`
			`'.git',`
			`'.wti',`
			`'build',`
			`'dist',`
			`'salt.egg-info',`
			`'.ropeproject',`
			`]`
Warn us about suspect perms. I've found cases where people have been setting permissions for files and then those permissions are being pushed into git. This is annoying at best and potentially dangerous at worst. This test walks the tree and warns us about anything that's out of order. 2014-02-27 18:33:27 +00:00
http://www.youtube.com/watch?v=v7NzBTRzCkg 2014-02-27 19:58:39 +00:00
Warn us about suspect perms. I've found cases where people have been setting permissions for files and then those permissions are being pushed into git. This is annoying at best and potentially dangerous at worst. This test walks the tree and warns us about anything that's out of order. 2014-02-27 18:33:27 +00:00			`class GitPermTestCase(TestCase):`
			`def test_perms(self):`
Improve permissions check testcase. 2014-03-23 18:20:42 +00:00			`suspect_entries = []`
			`for root, dirnames, filenames in os.walk(CODE_DIR, topdown=True):`
			`for dirname in dirnames:`
			`entry = os.path.relpath(`
			`os.path.join(root, dirname), CODE_DIR`
			`)`
			`if entry in IGNORE_PATHS:`
			`continue`

			`skip_entry = False`
			`for ignore_path in IGNORE_PATHS:`
			`if entry.startswith(ignore_path):`
			`skip_entry = True`
			`break`

			`if skip_entry:`
			`continue`

			`fn_mode = stat.S_IMODE(os.stat(entry).st_mode)`
			`if fn_mode != 493 and entry not in EXEMPT_DIRS: # In octal! 493 == 0755`
			`suspect_entries.append(entry)`

			`for filename in filenames:`
			`entry = os.path.relpath(`
			`os.path.join(root, filename), CODE_DIR`
			`)`
			`if entry in IGNORE_PATHS:`
			`continue`

			`skip_entry = False`
			`for ignore_path in IGNORE_PATHS:`
			`if entry.startswith(ignore_path):`
			`skip_entry = True`
			`break`

			`if skip_entry:`
			`continue`

			`fn_mode = stat.S_IMODE(os.stat(entry).st_mode)`
			`if fn_mode != 420 and entry not in EXEMPT_FILES: # In octal! 420 == 0644`
			`suspect_entries.append(entry)`

			`try:`
			`self.assertEqual(suspect_entries, [])`
			`except AssertionError:`
			`self.fail(`
			`'Found file(s) with incorrect permissions:\n{0}'.format(`
			`pprint.pformat(sorted(suspect_entries))`
			`)`
			`)`
Reuse existing vars. Allow standalone execution. 2014-03-23 16:57:51 +00:00

			`if __name__ == '__main__':`
			`from integration import run_tests`
			`run_tests(GitPermTestCase, needs_daemon=False)`