Change permissions for parent work dir

Add tests for permissions and new function in test lib
cinek810 · Mar 31, 2022 · 5216e98 · 5216e98
1 parent c903825
commit 5216e98
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 3 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -35,6 +35,7 @@ jobs:
           command: |
             ./tests/01-test_argument_parsing.sh
             ./tests/02-checkrun.sh
+            ./tests/05-permission_checks.sh
       - run:
           name: "Create incompatible config file"
           command: cp ./tests/files/incompatible_config.yml /etc/ansible-deploy

diff --git a/ansible_deployer/command_line.py b/ansible_deployer/command_line.py
@@ -114,6 +114,14 @@ def create_workdir(timestamp: str):
 
     if short_ts not in os.listdir(conf["global_paths"]["work_dir"]):
         seq_path = os.path.join(date_dir, f"{conf['file_naming']['sequence_prefix']}0000")
+        try:
+            os.mkdir(date_dir)
+            os.chmod(date_dir, int(conf["permissions"]["parent_workdir"].split("o")[1], 8))
+            logger.debug("Successfully created parent work dir: %s", seq_path)
+        except Exception as e:
+            logger.critical("Failed to create parent work dir: %s error was: %s", seq_path, e,
+                            file=sys.stderr)
+            sys.exit(90)
     else:
         sequence_list = os.listdir(date_dir)
         sequence_list.sort()
@@ -122,11 +130,11 @@ def create_workdir(timestamp: str):
                                           f"{new_sequence:04d}")
 
     try:
-        os.makedirs(seq_path)
+        os.mkdir(seq_path)
         os.chdir(seq_path)
     except Exception as e:
-        logger.critical("Failed to create work dir:%s error was:%s", seq_path, e, file=sys.stderr)
-        sys.exit(90)
+        logger.critical("Failed to create work dir: %s error was: %s", seq_path, e, file=sys.stderr)
+        sys.exit(91)
     logger.debug("Successfully created workdir: %s", seq_path)
     return seq_path
 

diff --git a/etc/ansible-deploy.yaml b/etc/ansible-deploy.yaml
@@ -5,3 +5,6 @@ global_paths:
 file_naming:
   log_file_name_frmt: "ansible-deploy_execution_{}.log"
   sequence_prefix: "SEQ"
+
+permissions:
+  parent_workdir: "0o1777"
diff --git a/tests/05-permission_checks.sh b/tests/05-permission_checks.sh
@@ -0,0 +1,8 @@
+#!/bin/bash -l
+
+
+source ./tests/testing_lib.sh
+
+check_run_ok 'ansible-deployer run -t task_exec_bin_true -s prod -i testInfra'
+
+check_permissions "/tmp/$(date +%Y%m%d)" 1777 
diff --git a/tests/testing_lib.sh b/tests/testing_lib.sh
@@ -41,3 +41,12 @@ check_message_not_in_output() {
         fi
 }
 
+check_file_permissions() {
+	filemode=$(stat -c '%a' $1)
+	if [ $filemode -eq $2 ]
+	then
+		echo "OK: $1 has correct permissions $2"
+	else
+		echo "FAILED: $1 has incorrect permissions $2"
+	fi
+}