From 948a7398906cb8aba21b5538f7b6906a6aa1df96 Mon Sep 17 00:00:00 2001 From: Max Resnick Date: Mon, 15 Apr 2024 22:23:59 -0700 Subject: feat: readonly fs support, policy built in temp --- internal/admin/model.go | 21 +++++++++++++++++++++ internal/admin/model_test.go | 25 +++++++++++++++++++++++++ internal/admin/service.go | 6 +++++- internal/admin/service_test.go | 30 +++++++++++++++++++----------- 4 files changed, 70 insertions(+), 12 deletions(-) (limited to 'internal') diff --git a/internal/admin/model.go b/internal/admin/model.go index fef73ca..ee65045 100644 --- a/internal/admin/model.go +++ b/internal/admin/model.go @@ -127,6 +127,27 @@ func loadLocalFile(path string) ([]byte, error) { return configBytes, nil } +// setupPolicyFile +func setupPolicyFile(src string) (string, error) { + workingPolicyFile, err := os.CreateTemp("", "go-git-server-policy") + if err != nil { + return "", fmt.Errorf("coudn't read base policy %w", err) + } + defer workingPolicyFile.Close() + basePolicy, err := os.ReadFile(src) + if err != nil { + return "", fmt.Errorf("coudn't read base policy %w", err) + } + written, err := workingPolicyFile.Write(basePolicy) + if err != nil { + return "", fmt.Errorf("encountered error writting policy %w", err) + } + if written == 0 { + return "", fmt.Errorf("nothing was written") + } + return workingPolicyFile.Name(), nil +} + // loadServerConfig configPath should be the absolutepath to the configmap if it's not in a repo func loadServerConfig(mgmtRepo bool, baseDir, configPath string) (*ServerRepos, error) { var ( diff --git a/internal/admin/model_test.go b/internal/admin/model_test.go index 6f8531d..b73280a 100644 --- a/internal/admin/model_test.go +++ b/internal/admin/model_test.go @@ -328,3 +328,28 @@ bare = true t.Fatal("expected git export magic to be created, but does not exist") } } + +func TestSetupPolicyFile(t *testing.T) { + tempDir := t.TempDir() + fOrig, err := os.Create(filepath.Join(tempDir, "origpolicy.csv")) + if err != nil { + t.Fatal(err) + } + testContents := []byte("stuff") + _, err = fOrig.Write(testContents) + if err != nil { + t.Fatal(err) + } + fOrig.Close() + workingPolicy, err := setupPolicyFile(fOrig.Name()) + if err != nil { + t.Fatal(err) + } + contentBytes, err := os.ReadFile(workingPolicy) + if err != nil { + t.Fatal(err) + } + if !bytes.Equal(contentBytes, testContents) { + t.Fatalf("found %s expected %s", contentBytes, testContents) + } +} diff --git a/internal/admin/service.go b/internal/admin/service.go index 182c153..bcf42f9 100644 --- a/internal/admin/service.go +++ b/internal/admin/service.go @@ -63,7 +63,11 @@ func (s *Servicer) InitServer() error { // NewService create a new admin service, load config, and generate policies func NewService(modelPath, policyPath, serverConfigPath, reposDir string, mgmtRepo bool) (*Servicer, error) { - enf, err := casbin.NewSyncedEnforcer(modelPath, policyPath) + workingPolicyPath, err := setupPolicyFile(policyPath) + if err != nil { + return &Servicer{}, err + } + enf, err := casbin.NewSyncedEnforcer(modelPath, workingPolicyPath) if err != nil { return &Servicer{}, fmt.Errorf("Couldn't load the enforcer encountered the following error: %w", err) } diff --git a/internal/admin/service_test.go b/internal/admin/service_test.go index bbdab85..13a0007 100644 --- a/internal/admin/service_test.go +++ b/internal/admin/service_test.go @@ -5,7 +5,6 @@ import ( "log" "os" "path/filepath" - "strings" "testing" ) @@ -97,12 +96,16 @@ func TestInitServer(t *testing.T) { // stuff svc.Reload() // check policy file to make sure it was saved - data, err := os.ReadFile(destPolicyFile) - if err != nil { - t.Fatal(err) + expectedPolicies := [][]string{ + {"role:maintainers", "/thisismynewrepo/info/refs", "GET"}, + {"role:maintainers", "/thisismynewrepo/git-upload-pack", "POST"}, + {"role:maintainers", "/thisismynewrepo/git-receive-pack", "POST"}, } - if !strings.Contains(string(data), "thisismynewrepo") { - t.Fatal("expected to find test new repo but didn't") + for _, policy := range expectedPolicies { + if !svc.HasPolicy(policy[0], policy[1], policy[2]) { + t.Log("policy not found", policy) + t.Fail() + } } }) t.Run("test reload config err", func(t *testing.T) { @@ -121,12 +124,16 @@ func TestInitServer(t *testing.T) { // stuff svc.Reload() // check policy file to make sure it wasn't saved - data, err := os.ReadFile(destPolicyFile) - if err != nil { - log.Fatal(err) + expectedPolicies := [][]string{ + {"role:admin", "/mgmt/info/refs", "GET"}, + {"role:admin", "/mgmt/git-upload-pack", "POST"}, + {"role:admin", "/mgmt/git-receive-pack", "POST"}, } - if !strings.Contains(string(data), "mgmt") { - log.Fatal("expected to mgmt repo but didn't in policy") + for _, policy := range expectedPolicies { + if !svc.HasPolicy(policy[0], policy[1], policy[2]) { + t.Log("policy not found", policy) + t.Fail() + } } }) t.Run("test an unitialized server config", func(t *testing.T) { @@ -139,6 +146,7 @@ func TestInitServer(t *testing.T) { true) if svc.Conf.Name != "default config" { log.Fatalf("found %s expected 'default config'", svc.Conf.Name) + t.Fail() } }) } -- cgit v1.2.3