def test_directory_test_mode_user_group_not_present():
name = "/etc/testdir"
user = "******"
group = "saltstack"
if salt.utils.platform.is_windows():
name = name.replace("/", "\\")
ret = {
"name": name,
"result": None,
"comment": "",
"changes": {
name: {
"directory": "new"
}
},
}
if salt.utils.platform.is_windows():
comt = 'The directory "{}" will be changed' "".format(name)
else:
comt = "The following files will be changed:\n{}:" " directory - new\n".format(
name)
ret["comment"] = comt
mock_f = MagicMock(return_value=False)
mock_uid = MagicMock(side_effect=[
"",
"U12",
"",
])
mock_gid = MagicMock(side_effect=[
"G12",
"",
"",
])
mock_error = CommandExecutionError
with patch.dict(
filestate.__salt__,
{
"file.user_to_uid": mock_uid,
"file.group_to_gid": mock_gid,
"file.stats": mock_f,
},
), patch("salt.utils.win_dacl.get_sid", mock_error), patch.object(
os.path, "isdir", mock_f), patch.dict(filestate.__opts__,
{"test": True}):
assert filestate.directory(name, user=user, group=group) == ret
assert filestate.directory(name, user=user, group=group) == ret
assert filestate.directory(name, user=user, group=group) == ret
def test_directory_new_reset_no_inherit(tmp_path):
"""
Test file.directory when the directory does not exist
Should just return "New Dir"
"""
path = os.path.join(tmp_path, "test")
ret = file.directory(
name=path,
makedirs=True,
win_perms={"Administrators": {"perms": "full_control"}},
win_deny_perms={"Guest": {"perms": "full_control"}},
win_inheritance=False,
win_perms_reset=True,
)
expected = {path: {"directory": "new"}}
assert ret["changes"] == expected
permissions = win_dacl.get_permissions(path)
expected = {
"Inherited": {},
"Not Inherited": {
"Administrators": {
"grant": {
"applies to": "This folder, subfolders and files",
"permissions": "Full control",
}
},
"Guest": {
"deny": {
"applies to": "This folder, subfolders and files",
"permissions": "Full control",
}
},
},
}
assert permissions == expected
def test_directory_new_no_inherit(tmp_path):
"""
Test file.directory when the directory does not exist
Should just return "New Dir"
"""
path = os.path.join(tmp_path, "test")
ret = file.directory(
name=path,
makedirs=True,
win_perms={"Administrators": {"perms": "full_control"}},
win_deny_perms={"Guest": {"perms": "full_control"}},
win_inheritance=False,
)
expected = {path: {"directory": "new"}}
assert ret["changes"] == expected
assert not win_dacl.get_inheritance(path)
permissions = win_dacl.get_permissions(path)
assert permissions["Inherited"] == {}
def test_directory_existing_no_inherit(tmp_path):
path = str(tmp_path)
ret = file.directory(
name=path,
makedirs=True,
win_perms={"Everyone": {"perms": "full_control"}},
win_deny_perms={"Guest": {"perms": ["write_data", "write_attributes"]}},
win_inheritance=False,
)
expected = {
"deny_perms": {"Guest": {"permissions": ["write_data", "write_attributes"]}},
"grant_perms": {"Everyone": {"permissions": "full_control"}},
"inheritance": False,
}
# We are checking these individually because sometimes it will return an
# owner if it is running under the Administrator account
assert ret["changes"]["deny_perms"] == expected["deny_perms"]
assert ret["changes"]["grant_perms"] == expected["grant_perms"]
assert ret["changes"]["inheritance"] == expected["inheritance"]
assert not win_dacl.get_inheritance(path)
permissions = win_dacl.get_permissions(path)
assert permissions["Inherited"] == {}
def managed(
name,
conf_dir='/etc/salt',
cloud_servers_pillar=None,
cloud_providers_pillar=None,
cloud_defaults_pillar=None,
file_mode='0600',
dir_mode='0700',
user='******',
group='root',
test=False
):
from salt.states import file
file.__instance_id__ = str(id(managed))
file.__env__ = __env__
file.__opts__ = __opts__
file.__salt__ = __salt__
ret = {
'name': name,
'result': False,
'comment': '',
'changes': {},
}
comments = []
results = []
changes = {}
provider_path = os.path.join(conf_dir, 'cloud.providers.d')
profile_path = os.path.join(conf_dir, 'cloud.profiles.d')
map_path = os.path.join(conf_dir, 'cloud.maps')
cloud_servers = __salt__['pillar.get'](cloud_servers_pillar)
cloud_providers = __salt__['pillar.get'](cloud_providers_pillar)
cloud_defaults = __salt__['pillar.get'](cloud_defaults_pillar)
providers, profiles, maps = __salt__['simplecloud.consume_map'](
cloud_providers,
cloud_servers,
cloud_defaults
)
provider_dir_results = file.directory(
provider_path,
user=user,
group=group,
dir_mode=dir_mode,
test=test
)
comments.append(provider_dir_results['comment'])
results.append(provider_dir_results['result'])
if provider_dir_results['changes']:
changes[provider_path] = provider_dir_results['changes']
profile_dir_results = file.directory(
profile_path,
user=user,
group=group,
dir_mode=dir_mode,
test=test
)
comments.append(profile_dir_results['comment'])
results.append(profile_dir_results['result'])
if profile_dir_results['changes']:
changes[profile_path] = profile_dir_results['changes']
map_dir_results = file.directory(
map_path,
user=user,
group=group,
dir_mode=dir_mode,
test=test
)
comments.append(map_dir_results['comment'])
results.append(map_dir_results['result'])
if map_dir_results['changes']:
changes[map_path] = map_dir_results['changes']
for provider_name, provider in providers.items():
provider_data = {provider_name: provider}
provider_file = os.path.join(provider_path, '%s.conf' % provider_name)
source = _ordered_dump(provider_data, default_flow_style=False)
provider_results = file.managed(
provider_file,
user=user,
group=group,
mode=file_mode,
contents=source,
test=test
)
comments.append(provider_results['comment'])
results.append(provider_results['result'])
if provider_results['changes']:
changes[provider_file] = provider_results['changes']
for env_name, profile_data in profiles.items():
profile_file = os.path.join(profile_path, '%s.conf' % env_name)
source = _ordered_dump(profile_data, default_flow_style=False)
profile_results = file.managed(
profile_file,
user=user,
group=group,
mode=file_mode,
contents=source,
test=test
)
comments.append(profile_results['comment'])
results.append(profile_results['result'])
if profile_results['changes']:
changes[profile_file] = profile_results['changes']
for env_name, map_data in maps.items():
map_file = os.path.join(map_path, env_name)
source = _ordered_dump(map_data, default_flow_style=False)
map_results = file.managed(
map_file,
user=user,
group=group,
mode=file_mode,
contents=source,
test=test
)
comments.append(map_results['comment'])
results.append(map_results['result'])
if map_results['changes']:
changes[map_file] = map_results['changes']
ret['changes'] = {s: c for s, c in changes.items() if c}
ret['comment'] = '\n'.join([c for c in comments if c])
ret['result'] = all(results)
return ret
def test_directory():
"""
Test to ensure that a named directory is present and has the right perms
"""
name = "/etc/testdir"
user = "******"
group = "saltstack"
if salt.utils.platform.is_windows():
name = name.replace("/", "\\")
ret = {"name": name, "result": False, "comment": "", "changes": {}}
check_perms_ret = {
"name": name,
"result": False,
"comment": "",
"changes": {}
}
comt = "Must provide name to file.directory"
ret.update({"comment": comt, "name": ""})
assert filestate.directory("") == ret
comt = "Cannot specify both max_depth and clean"
ret.update({"comment": comt, "name": name})
assert filestate.directory(name, clean=True, max_depth=2) == ret
mock_t = MagicMock(return_value=True)
mock_f = MagicMock(return_value=False)
if salt.utils.platform.is_windows():
mock_perms = MagicMock(return_value=check_perms_ret)
else:
mock_perms = MagicMock(return_value=(check_perms_ret, ""))
mock_uid = MagicMock(side_effect=[
"",
"U12",
"U12",
"U12",
"U12",
"U12",
"U12",
"U12",
"U12",
"U12",
"U12",
])
mock_gid = MagicMock(side_effect=[
"",
"G12",
"G12",
"G12",
"G12",
"G12",
"G12",
"G12",
"G12",
"G12",
"G12",
])
mock_check = MagicMock(return_value=(
None,
'The directory "{}" will be changed'.format(name),
{
name: {
"directory": "new"
}
},
))
mock_error = CommandExecutionError
with patch.dict(
filestate.__salt__,
{
"config.manage_mode": mock_t,
"file.user_to_uid": mock_uid,
"file.group_to_gid": mock_gid,
"file.stats": mock_f,
"file.check_perms": mock_perms,
"file.mkdir": mock_t,
},
), patch("salt.utils.win_dacl.get_sid",
mock_error), patch("os.path.isdir", mock_t), patch(
"salt.states.file._check_directory_win", mock_check):
if salt.utils.platform.is_windows():
comt = ""
else:
comt = "User salt is not available Group saltstack is not available"
ret.update({"comment": comt, "name": name})
assert filestate.directory(name, user=user, group=group) == ret
with patch.object(os.path, "isabs", mock_f):
comt = "Specified file {} is not an absolute path".format(name)
ret.update({"comment": comt})
assert filestate.directory(name, user=user, group=group) == ret
with patch.object(os.path, "isabs", mock_t):
with patch.object(
os.path,
"isfile",
MagicMock(side_effect=[
True, True, False, True, True, True, False
]),
):
with patch.object(os.path, "lexists", mock_t):
comt = "File exists where the backup target A should go"
ret.update({"comment": comt})
assert (filestate.directory(name,
user=user,
group=group,
backupname="A") == ret)
with patch.object(os.path, "isfile", mock_t):
comt = "Specified location {} exists and is a file".format(
name)
ret.update({"comment": comt})
assert filestate.directory(name, user=user,
group=group) == ret
with patch.object(os.path, "islink", mock_t):
comt = "Specified location {} exists and is a symlink".format(
name)
ret.update({"comment": comt})
assert filestate.directory(name, user=user,
group=group) == ret
with patch.object(os.path, "isdir", mock_f):
with patch.dict(filestate.__opts__, {"test": True}):
if salt.utils.platform.is_windows():
comt = 'The directory "{}" will be changed' "".format(
name)
else:
comt = ("The following files will be changed:\n{}:"
" directory - new\n".format(name))
ret.update({
"comment": comt,
"result": None,
"changes": {
name: {
"directory": "new"
}
},
})
assert filestate.directory(name, user=user,
group=group) == ret
with patch.dict(filestate.__opts__, {"test": False}):
with patch.object(os.path, "isdir", mock_f):
comt = "No directory to create {} in".format(name)
ret.update({"comment": comt, "result": False})
assert filestate.directory(name,
user=user,
group=group) == ret
if salt.utils.platform.is_windows():
isdir_side_effect = [False, True, False]
else:
isdir_side_effect = [True, False, True, False]
with patch.object(
os.path, "isdir",
MagicMock(side_effect=isdir_side_effect)):
comt = "Failed to create directory {}".format(name)
ret.update({
"comment": comt,
"result": False,
"changes": {
name: {
"directory": "new"
}
},
})
assert filestate.directory(name,
user=user,
group=group) == ret
check_perms_ret = {
"name": name,
"result": False,
"comment": "",
"changes": {},
}
if salt.utils.platform.is_windows():
mock_perms = MagicMock(return_value=check_perms_ret)
else:
mock_perms = MagicMock(return_value=(check_perms_ret,
""))
recurse = ["silent"]
ret = {
"name": name,
"result": False,
"comment": "Directory /etc/testdir updated",
"changes": {
"recursion": "Changes silenced"
},
}
if salt.utils.platform.is_windows():
ret["comment"] = ret["comment"].replace("/", "\\")
with patch.dict(filestate.__salt__,
{"file.check_perms": mock_perms}):
with patch.object(os.path, "isdir", mock_t):
assert (filestate.directory(name,
user=user,
recurse=recurse,
group=group) == ret)
check_perms_ret = {
"name": name,
"result": False,
"comment": "",
"changes": {},
}
if salt.utils.platform.is_windows():
mock_perms = MagicMock(return_value=check_perms_ret)
else:
mock_perms = MagicMock(return_value=(check_perms_ret,
""))
recurse = ["ignore_files", "ignore_dirs"]
ret = {
"name":
name,
"result":
False,
"comment":
'Must not specify "recurse" '
'options "ignore_files" and '
'"ignore_dirs" at the same '
"time.",
"changes": {},
}
with patch.dict(filestate.__salt__,
{"file.check_perms": mock_perms}):
with patch.object(os.path, "isdir", mock_t):
assert (filestate.directory(name,
user=user,
recurse=recurse,
group=group) == ret)
comt = "Directory {} updated".format(name)
ret = {
"name": name,
"result": True,
"comment": comt,
"changes": {
"group": "group",
"mode": "0777",
"user": "******"
},
}
check_perms_ret = {
"name": name,
"result": True,
"comment": "",
"changes": {
"group": "group",
"mode": "0777",
"user": "******"
},
}
if salt.utils.platform.is_windows():
_mock_perms = MagicMock(return_value=check_perms_ret)
else:
_mock_perms = MagicMock(return_value=(check_perms_ret,
""))
with patch.object(os.path, "isdir", mock_t):
with patch.dict(filestate.__salt__,
{"file.check_perms": _mock_perms}):
assert (filestate.directory(name,
user=user,
group=group) == ret)
def test_directory_existing_reset_no_inherit(tmp_path):
path = str(tmp_path)
ret = file.directory(
name=path,
makedirs=True,
win_perms={"Everyone": {
"perms": "full_control"
}},
win_deny_perms={
"Guest": {
"perms": ["write_data", "write_attributes"]
}
},
win_perms_reset=True,
win_inheritance=False,
)
expected = {
"deny_perms": {
"Guest": {
"permissions": ["write_data", "write_attributes"]
}
},
"grant_perms": {
"Everyone": {
"permissions": "full_control"
}
},
"inheritance": False,
"remove_perms": {
"Administrators": {
"grant": {
"applies to": "This folder, subfolders and files",
"permissions": "Full control",
},
},
"SYSTEM": {
"grant": {
"applies to": "This folder, subfolders and files",
"permissions": "Full control",
},
},
CURRENT_USER: {
"grant": {
"applies to": "This folder, subfolders and files",
"permissions": "Full control",
},
},
},
}
# We are checking these individually because sometimes it will return an
# owner if it is running under the Administrator account
assert ret["changes"]["deny_perms"] == expected["deny_perms"]
assert ret["changes"]["grant_perms"] == expected["grant_perms"]
assert ret["changes"]["inheritance"] == expected["inheritance"]
assert ret["changes"]["remove_perms"] == expected["remove_perms"]
permissions = win_dacl.get_permissions(path)
expected = {
"Inherited": {},
"Not Inherited": {
"Everyone": {
"grant": {
"applies to": "This folder, subfolders and files",
"permissions": "Full control",
}
},
"Guest": {
"deny": {
"applies to":
"This folder, subfolders and files",
"permissions":
["Create files / write data", "Write attributes"],
}
},
},
}
assert permissions == expected
