Check conf file permission

Since SafeConfigParser.read doesn't thrown an exception when a file can not be opened, we must explicitly check first. Change-Id: Ifa5c58e5c30323956a401beae9396ffb0b97dbd9 Closes-Bug: #1692587
2017-05-23 18:17:38 -07:00 · 2017-05-23 18:17:38 -07:00 · 770acc7765
commit 770acc7765
parent 2d97cdff88
2 changed files with 17 additions and 0 deletions
--- a/refstack_client/refstack_client.py
+++ b/refstack_client/refstack_client.py
@ -93,6 +93,11 @@ class RefstackClient:
            self.logger.error("Conf file not valid: %s" % self.args.conf_file)
            exit(1)

+        if not os.access(self.args.conf_file, os.R_OK):
+            self.logger.error("You do not have read access to: %s"
+                              % self.args.conf_file)
+            exit(1)
+
        # Initialize environment variables with config file info
        os.environ["TEMPEST_CONFIG_DIR"] = os.path.abspath(
            os.path.dirname(self.args.conf_file))
--- a/refstack_client/tests/unit/test_client.py
+++ b/refstack_client/tests/unit/test_client.py
@ -686,6 +686,18 @@ class TestRefstackClient(unittest.TestCase):
        client = rc.RefstackClient(args)
        self.assertRaises(SystemExit, client.test)

+    def test_forbidden_conf_file(self):
+        """
+        Test when the user passes in a file that the user does not have
+        read access to.
+        """
+        file = tempfile.NamedTemporaryFile()
+        # Remove read access
+        os.chmod(file.name, 0o220)
+        args = rc.parse_cli_args(self.mock_argv(conf_file_name=file.name))
+        client = rc.RefstackClient(args)
+        self.assertRaises(SystemExit, client.test)
+
    def test_run_tempest_nonexisting_directory(self):
        """
        Test when the Tempest directory does not exist.