Add further test cases to tox-remote
We need to test things which are allowed and not allowed. Further this adds test cases for the security issue which is fixed in the previous change. Change-Id: I0b243d21bf626d35eacf83e0bd5c59d19509aaae
This commit is contained in:
parent
53147dd648
commit
916c65cdf7
|
@ -2006,6 +2006,11 @@ class BaseTestCase(testtools.TestCase):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
class SymLink(object):
|
||||||
|
def __init__(self, target):
|
||||||
|
self.target = target
|
||||||
|
|
||||||
|
|
||||||
class ZuulTestCase(BaseTestCase):
|
class ZuulTestCase(BaseTestCase):
|
||||||
"""A test case with a functioning Zuul.
|
"""A test case with a functioning Zuul.
|
||||||
|
|
||||||
|
@ -2399,13 +2404,24 @@ class ZuulTestCase(BaseTestCase):
|
||||||
|
|
||||||
files = {}
|
files = {}
|
||||||
for (dirpath, dirnames, filenames) in os.walk(source_path):
|
for (dirpath, dirnames, filenames) in os.walk(source_path):
|
||||||
|
# Note: In case a symlink points to an already existing directory
|
||||||
|
# os.walk includes that in the dirnames list. In order to properly
|
||||||
|
# copy these links, just add them to the filenames list.
|
||||||
|
for dirname in dirnames:
|
||||||
|
test_tree_filepath = os.path.join(dirpath, dirname)
|
||||||
|
if os.path.islink(test_tree_filepath):
|
||||||
|
filenames.append(dirname)
|
||||||
|
|
||||||
for filename in filenames:
|
for filename in filenames:
|
||||||
test_tree_filepath = os.path.join(dirpath, filename)
|
test_tree_filepath = os.path.join(dirpath, filename)
|
||||||
common_path = os.path.commonprefix([test_tree_filepath,
|
common_path = os.path.commonprefix([test_tree_filepath,
|
||||||
source_path])
|
source_path])
|
||||||
relative_filepath = test_tree_filepath[len(common_path) + 1:]
|
relative_filepath = test_tree_filepath[len(common_path) + 1:]
|
||||||
with open(test_tree_filepath, 'r') as f:
|
if os.path.islink(test_tree_filepath):
|
||||||
content = f.read()
|
content = SymLink(os.readlink(test_tree_filepath))
|
||||||
|
else:
|
||||||
|
with open(test_tree_filepath, 'rb') as f:
|
||||||
|
content = f.read()
|
||||||
files[relative_filepath] = content
|
files[relative_filepath] = content
|
||||||
self.addCommitToRepo(project, 'add content from fixture',
|
self.addCommitToRepo(project, 'add content from fixture',
|
||||||
files, branch='master', tag='init')
|
files, branch='master', tag='init')
|
||||||
|
@ -2925,8 +2941,16 @@ class ZuulTestCase(BaseTestCase):
|
||||||
os.makedirs(os.path.dirname(fn))
|
os.makedirs(os.path.dirname(fn))
|
||||||
except OSError:
|
except OSError:
|
||||||
pass
|
pass
|
||||||
with open(fn, 'w') as f:
|
if isinstance(content, SymLink):
|
||||||
f.write(content)
|
os.symlink(content.target, fn)
|
||||||
|
else:
|
||||||
|
mode = 'w'
|
||||||
|
if isinstance(content, bytes):
|
||||||
|
# the file fixtures are loaded as bytes such that
|
||||||
|
# we also support binary files
|
||||||
|
mode = 'wb'
|
||||||
|
with open(fn, mode) as f:
|
||||||
|
f.write(content)
|
||||||
repo.index.add([fn])
|
repo.index.add([fn])
|
||||||
commit = repo.index.commit(message)
|
commit = repo.index.commit(message)
|
||||||
before = repo.heads[branch].commit
|
before = repo.heads[branch].commit
|
||||||
|
|
Binary file not shown.
|
@ -0,0 +1 @@
|
||||||
|
one
|
|
@ -0,0 +1 @@
|
||||||
|
two
|
|
@ -0,0 +1,7 @@
|
||||||
|
diff --git a/readme.txt b/readme.txt
|
||||||
|
index 24308cb..b07f0ed 100644
|
||||||
|
--- a/readme.txt
|
||||||
|
+++ b/readme.txt
|
||||||
|
@@ -1 +1 @@
|
||||||
|
-This is a readme
|
||||||
|
+This is a README
|
|
@ -0,0 +1,3 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
echo one
|
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
some_var: one
|
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
first_var: one
|
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
second_var: two
|
|
@ -0,0 +1,4 @@
|
||||||
|
- hosts: all
|
||||||
|
roles:
|
||||||
|
- role: assemble-test
|
||||||
|
src_file: symlink
|
4
tests/fixtures/config/remote-action-modules/git/org_project/playbooks/assemble-bad.yaml
vendored
Normal file
4
tests/fixtures/config/remote-action-modules/git/org_project/playbooks/assemble-bad.yaml
vendored
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
- hosts: all
|
||||||
|
roles:
|
||||||
|
- role: assemble-test
|
||||||
|
src_file: /opt/assemble
|
4
tests/fixtures/config/remote-action-modules/git/org_project/playbooks/assemble-good.yaml
vendored
Normal file
4
tests/fixtures/config/remote-action-modules/git/org_project/playbooks/assemble-good.yaml
vendored
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
- hosts: all
|
||||||
|
roles:
|
||||||
|
- role: assemble-test
|
||||||
|
src_file: dir
|
4
tests/fixtures/config/remote-action-modules/git/org_project/playbooks/copy-bad-symlink.yaml
vendored
Normal file
4
tests/fixtures/config/remote-action-modules/git/org_project/playbooks/copy-bad-symlink.yaml
vendored
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
- hosts: all
|
||||||
|
roles:
|
||||||
|
- role: copy-test
|
||||||
|
src_file: symlink
|
|
@ -0,0 +1,4 @@
|
||||||
|
- hosts: all
|
||||||
|
roles:
|
||||||
|
- role: includevarsdir-test
|
||||||
|
src_file: symlink
|
|
@ -0,0 +1,4 @@
|
||||||
|
- hosts: all
|
||||||
|
roles:
|
||||||
|
- role: includevarsdir-test
|
||||||
|
src_file: /opt/vars
|
|
@ -0,0 +1,4 @@
|
||||||
|
- hosts: all
|
||||||
|
roles:
|
||||||
|
- role: includevars-test
|
||||||
|
src_file: symlink.yaml
|
4
tests/fixtures/config/remote-action-modules/git/org_project/playbooks/includevars-bad.yaml
vendored
Normal file
4
tests/fixtures/config/remote-action-modules/git/org_project/playbooks/includevars-bad.yaml
vendored
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
- hosts: all
|
||||||
|
roles:
|
||||||
|
- role: includevars-test
|
||||||
|
src_file: /opt/vars.yaml
|
|
@ -0,0 +1,4 @@
|
||||||
|
- hosts: all
|
||||||
|
roles:
|
||||||
|
- role: includevarsdir-test
|
||||||
|
src_file: dir
|
4
tests/fixtures/config/remote-action-modules/git/org_project/playbooks/includevars-good.yaml
vendored
Normal file
4
tests/fixtures/config/remote-action-modules/git/org_project/playbooks/includevars-good.yaml
vendored
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
- hosts: all
|
||||||
|
roles:
|
||||||
|
- role: includevars-test
|
||||||
|
src_file: vars.yaml
|
4
tests/fixtures/config/remote-action-modules/git/org_project/playbooks/patch-bad-symlink.yaml
vendored
Normal file
4
tests/fixtures/config/remote-action-modules/git/org_project/playbooks/patch-bad-symlink.yaml
vendored
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
- hosts: all
|
||||||
|
roles:
|
||||||
|
- role: patch-test
|
||||||
|
src_file: symlink
|
4
tests/fixtures/config/remote-action-modules/git/org_project/playbooks/patch-bad.yaml
vendored
Normal file
4
tests/fixtures/config/remote-action-modules/git/org_project/playbooks/patch-bad.yaml
vendored
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
- hosts: all
|
||||||
|
roles:
|
||||||
|
- role: patch-test
|
||||||
|
src_file: /opt/patch
|
4
tests/fixtures/config/remote-action-modules/git/org_project/playbooks/patch-good.yaml
vendored
Normal file
4
tests/fixtures/config/remote-action-modules/git/org_project/playbooks/patch-good.yaml
vendored
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
- hosts: all
|
||||||
|
roles:
|
||||||
|
- role: patch-test
|
||||||
|
src_file: patch
|
|
@ -0,0 +1 @@
|
||||||
|
one
|
|
@ -0,0 +1 @@
|
||||||
|
/opt/assemble
|
|
@ -0,0 +1,11 @@
|
||||||
|
- name: Create a destination directory for copied files
|
||||||
|
tempfile:
|
||||||
|
state: directory
|
||||||
|
register: destdir
|
||||||
|
|
||||||
|
- name: Assemble
|
||||||
|
assemble:
|
||||||
|
src: "{{src_file}}"
|
||||||
|
dest: "{{destdir.path}}/copy"
|
||||||
|
remote_src: no
|
||||||
|
regexp: resolv.conf
|
1
tests/fixtures/config/remote-action-modules/git/org_project/playbooks/roles/copy-test/files/symlink
vendored
Symbolic link
1
tests/fixtures/config/remote-action-modules/git/org_project/playbooks/roles/copy-test/files/symlink
vendored
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
/opt/file
|
|
@ -0,0 +1,2 @@
|
||||||
|
- name: Include vars
|
||||||
|
include_vars: "{{src_file}}"
|
|
@ -0,0 +1 @@
|
||||||
|
/opt/vars.yaml
|
|
@ -0,0 +1,3 @@
|
||||||
|
- name: Include vars
|
||||||
|
include_vars:
|
||||||
|
dir: "{{src_file}}"
|
|
@ -0,0 +1 @@
|
||||||
|
/opt/vars
|
|
@ -0,0 +1,7 @@
|
||||||
|
diff --git a/readme.txt b/readme.txt
|
||||||
|
index 24308cb..b07f0ed 100644
|
||||||
|
--- a/readme.txt
|
||||||
|
+++ b/readme.txt
|
||||||
|
@@ -1 +1 @@
|
||||||
|
-This is a readme
|
||||||
|
+This is a README
|
|
@ -0,0 +1 @@
|
||||||
|
This is a readme
|
1
tests/fixtures/config/remote-action-modules/git/org_project/playbooks/roles/patch-test/files/symlink
vendored
Symbolic link
1
tests/fixtures/config/remote-action-modules/git/org_project/playbooks/roles/patch-test/files/symlink
vendored
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
/opt/patch
|
|
@ -0,0 +1,15 @@
|
||||||
|
- name: Create a destination directory for copied files
|
||||||
|
tempfile:
|
||||||
|
state: directory
|
||||||
|
register: destdir
|
||||||
|
|
||||||
|
- name: Copy readme
|
||||||
|
copy:
|
||||||
|
src: readme.txt
|
||||||
|
dest: "{{destdir.path}}/readme.txt"
|
||||||
|
|
||||||
|
- name: Patch
|
||||||
|
patch:
|
||||||
|
src: "{{src_file}}"
|
||||||
|
basedir: "{{destdir.path}}"
|
||||||
|
strip: 1
|
Binary file not shown.
|
@ -0,0 +1 @@
|
||||||
|
one
|
|
@ -0,0 +1,3 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
echo one
|
|
@ -0,0 +1 @@
|
||||||
|
/opt/script.sh
|
|
@ -0,0 +1,2 @@
|
||||||
|
- name: Script
|
||||||
|
script: "{{src_file}}"
|
|
@ -0,0 +1,9 @@
|
||||||
|
- name: Create a destination directory for copied files
|
||||||
|
tempfile:
|
||||||
|
state: directory
|
||||||
|
register: destdir
|
||||||
|
|
||||||
|
- name: Copy
|
||||||
|
template:
|
||||||
|
src: "{{src_file}}"
|
||||||
|
dest: "{{destdir.path}}/template"
|
|
@ -0,0 +1 @@
|
||||||
|
/opt/file
|
Binary file not shown.
|
@ -0,0 +1 @@
|
||||||
|
/opt/archive.tar
|
|
@ -0,0 +1,9 @@
|
||||||
|
- name: Create a destination directory for copied files
|
||||||
|
tempfile:
|
||||||
|
state: directory
|
||||||
|
register: destdir
|
||||||
|
|
||||||
|
- name: Unarchive
|
||||||
|
copy:
|
||||||
|
src: "{{src_file}}"
|
||||||
|
dest: "{{destdir.path}}"
|
|
@ -0,0 +1,4 @@
|
||||||
|
- hosts: all
|
||||||
|
roles:
|
||||||
|
- role: script-test
|
||||||
|
src_file: symlink
|
4
tests/fixtures/config/remote-action-modules/git/org_project/playbooks/script-bad.yaml
vendored
Normal file
4
tests/fixtures/config/remote-action-modules/git/org_project/playbooks/script-bad.yaml
vendored
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
- hosts: all
|
||||||
|
roles:
|
||||||
|
- role: script-test
|
||||||
|
src_file: /opt/script.sh
|
4
tests/fixtures/config/remote-action-modules/git/org_project/playbooks/script-good.yaml
vendored
Normal file
4
tests/fixtures/config/remote-action-modules/git/org_project/playbooks/script-good.yaml
vendored
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
- hosts: all
|
||||||
|
roles:
|
||||||
|
- role: script-test
|
||||||
|
src_file: script.sh
|
|
@ -0,0 +1,4 @@
|
||||||
|
- hosts: all
|
||||||
|
roles:
|
||||||
|
- role: template-test
|
||||||
|
src_file: symlink
|
4
tests/fixtures/config/remote-action-modules/git/org_project/playbooks/template-bad.yaml
vendored
Normal file
4
tests/fixtures/config/remote-action-modules/git/org_project/playbooks/template-bad.yaml
vendored
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
- hosts: all
|
||||||
|
roles:
|
||||||
|
- role: template-test
|
||||||
|
src_file: /opt/file
|
4
tests/fixtures/config/remote-action-modules/git/org_project/playbooks/template-good.yaml
vendored
Normal file
4
tests/fixtures/config/remote-action-modules/git/org_project/playbooks/template-good.yaml
vendored
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
- hosts: all
|
||||||
|
roles:
|
||||||
|
- role: template-test
|
||||||
|
src_file: template
|
|
@ -0,0 +1,4 @@
|
||||||
|
- hosts: all
|
||||||
|
roles:
|
||||||
|
- role: unarchive-test
|
||||||
|
src_file: symlink
|
4
tests/fixtures/config/remote-action-modules/git/org_project/playbooks/unarchive-bad.yaml
vendored
Normal file
4
tests/fixtures/config/remote-action-modules/git/org_project/playbooks/unarchive-bad.yaml
vendored
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
- hosts: all
|
||||||
|
roles:
|
||||||
|
- role: unarchive-test
|
||||||
|
src_file: /opt/archive.tar
|
4
tests/fixtures/config/remote-action-modules/git/org_project/playbooks/unarchive-good.yaml
vendored
Normal file
4
tests/fixtures/config/remote-action-modules/git/org_project/playbooks/unarchive-good.yaml
vendored
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
- hosts: all
|
||||||
|
roles:
|
||||||
|
- role: unarchive-test
|
||||||
|
src_file: archive.tar
|
|
@ -68,6 +68,47 @@ class TestActionModules(AnsibleZuulTestCase):
|
||||||
build = self.history[-1]
|
build = self.history[-1]
|
||||||
self.assertEqual(build.result, result)
|
self.assertEqual(build.result, result)
|
||||||
|
|
||||||
|
def test_assemble_module(self):
|
||||||
|
self._run_job('assemble-good', 'SUCCESS')
|
||||||
|
|
||||||
|
self._run_job('assemble-bad', 'FAILURE')
|
||||||
|
self._run_job('assemble-bad-symlink', 'FAILURE')
|
||||||
|
|
||||||
def test_copy_module(self):
|
def test_copy_module(self):
|
||||||
self._run_job('copy-good', 'SUCCESS')
|
self._run_job('copy-good', 'SUCCESS')
|
||||||
|
|
||||||
self._run_job('copy-bad', 'FAILURE')
|
self._run_job('copy-bad', 'FAILURE')
|
||||||
|
self._run_job('copy-bad-symlink', 'FAILURE')
|
||||||
|
|
||||||
|
def test_includevars_module(self):
|
||||||
|
self._run_job('includevars-good', 'SUCCESS')
|
||||||
|
self._run_job('includevars-good-dir', 'SUCCESS')
|
||||||
|
|
||||||
|
self._run_job('includevars-bad', 'FAILURE')
|
||||||
|
self._run_job('includevars-bad-symlink', 'FAILURE')
|
||||||
|
self._run_job('includevars-bad-dir', 'FAILURE')
|
||||||
|
self._run_job('includevars-bad-dir-symlink', 'FAILURE')
|
||||||
|
|
||||||
|
def test_patch_module(self):
|
||||||
|
self._run_job('patch-good', 'SUCCESS')
|
||||||
|
|
||||||
|
self._run_job('patch-bad', 'FAILURE')
|
||||||
|
self._run_job('patch-bad-symlink', 'FAILURE')
|
||||||
|
|
||||||
|
def test_script_module(self):
|
||||||
|
self._run_job('script-good', 'SUCCESS')
|
||||||
|
|
||||||
|
self._run_job('script-bad', 'FAILURE')
|
||||||
|
self._run_job('script-bad-symlink', 'FAILURE')
|
||||||
|
|
||||||
|
def test_template_module(self):
|
||||||
|
self._run_job('template-good', 'SUCCESS')
|
||||||
|
|
||||||
|
self._run_job('template-bad', 'FAILURE')
|
||||||
|
self._run_job('template-bad-symlink', 'FAILURE')
|
||||||
|
|
||||||
|
def test_unarchive_module(self):
|
||||||
|
self._run_job('unarchive-good', 'SUCCESS')
|
||||||
|
|
||||||
|
self._run_job('unarchive-bad', 'FAILURE')
|
||||||
|
self._run_job('unarchive-bad-symlink', 'FAILURE')
|
||||||
|
|
Loading…
Reference in New Issue