aboutsummaryrefslogtreecommitdiff
path: root/libexec
diff options
context:
space:
mode:
Diffstat (limited to 'libexec')
-rw-r--r--libexec/nuageinit/tests/Makefile4
-rw-r--r--libexec/nuageinit/tests/adddoas.lua64
-rw-r--r--libexec/nuageinit/tests/addsudo.lua61
-rw-r--r--libexec/nuageinit/tests/decode_base64.lua61
-rw-r--r--libexec/nuageinit/tests/nuage.sh30
-rw-r--r--libexec/nuageinit/tests/update_sshd_config.lua73
6 files changed, 293 insertions, 0 deletions
diff --git a/libexec/nuageinit/tests/Makefile b/libexec/nuageinit/tests/Makefile
index dc8997717b59..fc7765268660 100644
--- a/libexec/nuageinit/tests/Makefile
+++ b/libexec/nuageinit/tests/Makefile
@@ -18,5 +18,9 @@ ${PACKAGE}FILES+= sethostname.lua
${PACKAGE}FILES+= settimezone.lua
${PACKAGE}FILES+= warn.lua
${PACKAGE}FILES+= addfile.lua
+${PACKAGE}FILES+= decode_base64.lua
+${PACKAGE}FILES+= addsudo.lua
+${PACKAGE}FILES+= adddoas.lua
+${PACKAGE}FILES+= update_sshd_config.lua
.include <bsd.test.mk>
diff --git a/libexec/nuageinit/tests/adddoas.lua b/libexec/nuageinit/tests/adddoas.lua
new file mode 100644
index 000000000000..d4bab41ecc3d
--- /dev/null
+++ b/libexec/nuageinit/tests/adddoas.lua
@@ -0,0 +1,64 @@
+#!/usr/libexec/flua
+---
+-- SPDX-License-Identifier: BSD-2-Clause
+--
+-- Copyright (c) 2026 Baptiste Daroussin <bapt@FreeBSD.org>
+
+local n = require("nuage")
+
+local root = os.getenv("NUAGE_FAKE_ROOTDIR")
+if not root then
+ root = ""
+end
+
+local function get_localbase()
+ local f = io.popen("sysctl -in user.localbase 2> /dev/null")
+ local lb = f:read("*l")
+ f:close()
+ if lb == nil or lb:len() == 0 then
+ lb = "/usr/local"
+ end
+ return lb
+end
+
+local function read_doasconf()
+ local path = root .. get_localbase() .. "/etc/doas.conf"
+ local f = io.open(path, "r")
+ if not f then
+ return nil
+ end
+ local content = f:read("*a")
+ f:close()
+ return content
+end
+
+-- test with a single string rule with %u substitution
+n.adddoas({ name = "testuser", doas = "permit persist %u as root" })
+local content = read_doasconf()
+if not content then
+ n.err("doas.conf not created")
+end
+if content ~= "permit persist testuser as root\n" then
+ n.err("unexpected doas.conf content with %u: '" .. content .. "'")
+end
+
+-- remove file for next test
+os.remove(root .. get_localbase() .. "/etc/doas.conf")
+
+-- test with a table of rules
+n.adddoas({
+ name = "testuser",
+ doas = {
+ "deny %u as foobar",
+ "permit persist %u as root cmd whoami"
+ }
+})
+content = read_doasconf()
+if not content then
+ n.err("doas.conf not created for table")
+end
+if content ~= "deny testuser as foobar\npermit persist testuser as root cmd whoami\n" then
+ n.err("unexpected doas.conf content for table: '" .. content .. "'")
+end
+
+os.exit(0)
diff --git a/libexec/nuageinit/tests/addsudo.lua b/libexec/nuageinit/tests/addsudo.lua
new file mode 100644
index 000000000000..7fc5865d83f4
--- /dev/null
+++ b/libexec/nuageinit/tests/addsudo.lua
@@ -0,0 +1,61 @@
+#!/usr/libexec/flua
+---
+-- SPDX-License-Identifier: BSD-2-Clause
+--
+-- Copyright (c) 2026 Baptiste Daroussin <bapt@FreeBSD.org>
+
+local n = require("nuage")
+
+local root = os.getenv("NUAGE_FAKE_ROOTDIR")
+if not root then
+ root = ""
+end
+
+local function get_localbase()
+ local f = io.popen("sysctl -in user.localbase 2> /dev/null")
+ local lb = f:read("*l")
+ f:close()
+ if lb == nil or lb:len() == 0 then
+ lb = "/usr/local"
+ end
+ return lb
+end
+
+local function read_sudoers()
+ local path = root .. get_localbase() .. "/etc/sudoers.d/90-nuageinit-users"
+ local f = io.open(path, "r")
+ if not f then
+ return nil
+ end
+ local content = f:read("*a")
+ f:close()
+ return content
+end
+
+-- test with a single string rule
+n.addsudo({ name = "testuser", sudo = "ALL=(ALL) NOPASSWD:ALL" })
+local content = read_sudoers()
+if not content then
+ n.err("sudoers file not created")
+end
+if content ~= "testuser ALL=(ALL) NOPASSWD:ALL\n" then
+ n.err("unexpected sudoers content for string rule: '" .. content .. "'")
+end
+
+-- remove file for next test
+os.remove(root .. get_localbase() .. "/etc/sudoers.d/90-nuageinit-users")
+
+-- test with a table of rules
+n.addsudo({
+ name = "testuser",
+ sudo = { "ALL=(ALL) NOPASSWD:/usr/sbin/pw", "ALL=(ALL) ALL" }
+})
+content = read_sudoers()
+if not content then
+ n.err("sudoers file not created for table")
+end
+if content ~= "testuser ALL=(ALL) NOPASSWD:/usr/sbin/pw\ntestuser ALL=(ALL) ALL\n" then
+ n.err("unexpected sudoers content for table: '" .. content .. "'")
+end
+
+os.exit(0)
diff --git a/libexec/nuageinit/tests/decode_base64.lua b/libexec/nuageinit/tests/decode_base64.lua
new file mode 100644
index 000000000000..0951d77f0ed7
--- /dev/null
+++ b/libexec/nuageinit/tests/decode_base64.lua
@@ -0,0 +1,61 @@
+#!/usr/libexec/flua
+---
+-- SPDX-License-Identifier: BSD-2-Clause
+--
+-- Copyright (c) 2026 Baptiste Daroussin <bapt@FreeBSD.org>
+
+local n = require("nuage")
+
+-- decode_base64 is not exported, test via addfile
+
+local function test_decode(input, expected)
+ local r, err = n.addfile({
+ content = input,
+ encoding = "base64",
+ path = "/tmp/nuage_test_b64"
+ }, false)
+ if not r then
+ n.err(err)
+ end
+ local root = os.getenv("NUAGE_FAKE_ROOTDIR")
+ if not root then
+ root = ""
+ end
+ local f = assert(io.open(root .. "/tmp/nuage_test_b64", "r"))
+ local str = f:read("*all")
+ f:close()
+ if str ~= expected then
+ n.err("base64 decode failed: expected '" .. expected
+ .. "' got '" .. str .. "'")
+ end
+end
+
+-- empty input
+test_decode("", "")
+
+-- single byte: 'a'
+test_decode("YQ==", "a")
+
+-- two bytes: 'ab'
+test_decode("YWI=", "ab")
+
+-- three bytes: 'abc'
+test_decode("YWJj", "abc")
+
+-- newline in base64
+test_decode("YmxhCg==", "bla\n")
+
+-- spaces should be ignored
+test_decode("Y Q = =", "a")
+
+-- b64 alias
+local r, err = n.addfile({
+ content = "YQ==",
+ encoding = "b64",
+ path = "/tmp/nuage_test_b64_b64"
+}, false)
+if not r then
+ n.err("b64 encoding alias should work: " .. tostring(err))
+end
+
+os.exit(0)
diff --git a/libexec/nuageinit/tests/nuage.sh b/libexec/nuageinit/tests/nuage.sh
index 57d83b62928a..348a8d93ba09 100644
--- a/libexec/nuageinit/tests/nuage.sh
+++ b/libexec/nuageinit/tests/nuage.sh
@@ -14,6 +14,10 @@ atf_test_case adduser
atf_test_case adduser_passwd
atf_test_case addgroup
atf_test_case addfile
+atf_test_case decode_base64
+atf_test_case addsudo
+atf_test_case adddoas
+atf_test_case update_sshd_config
settimezone_body()
{
@@ -90,6 +94,28 @@ addfile_body()
atf_check /usr/libexec/flua $(atf_get_srcdir)/addfile.lua
}
+decode_base64_body()
+{
+ mkdir tmp
+ atf_check /usr/libexec/flua $(atf_get_srcdir)/decode_base64.lua
+}
+
+addsudo_body()
+{
+ atf_check /usr/libexec/flua $(atf_get_srcdir)/addsudo.lua
+}
+
+adddoas_body()
+{
+ atf_check /usr/libexec/flua $(atf_get_srcdir)/adddoas.lua
+}
+
+update_sshd_config_body()
+{
+ mkdir -p etc/ssh
+ atf_check /usr/libexec/flua $(atf_get_srcdir)/update_sshd_config.lua
+}
+
atf_init_test_cases()
{
atf_add_test_case sethostname
@@ -98,4 +124,8 @@ atf_init_test_cases()
atf_add_test_case adduser_passwd
atf_add_test_case addgroup
atf_add_test_case addfile
+ atf_add_test_case decode_base64
+ atf_add_test_case addsudo
+ atf_add_test_case adddoas
+ atf_add_test_case update_sshd_config
}
diff --git a/libexec/nuageinit/tests/update_sshd_config.lua b/libexec/nuageinit/tests/update_sshd_config.lua
new file mode 100644
index 000000000000..ac56c29986ac
--- /dev/null
+++ b/libexec/nuageinit/tests/update_sshd_config.lua
@@ -0,0 +1,73 @@
+#!/usr/libexec/flua
+---
+-- SPDX-License-Identifier: BSD-2-Clause
+--
+-- Copyright (c) 2026 Baptiste Daroussin <bapt@FreeBSD.org>
+
+local n = require("nuage")
+
+local root = os.getenv("NUAGE_FAKE_ROOTDIR")
+if not root then
+ root = ""
+end
+
+local sshd_config = root .. "/etc/ssh/sshd_config"
+
+local function setup(content)
+ local dir = root .. "/etc/ssh"
+ n.mkdir_p(dir)
+ local f = assert(io.open(sshd_config, "w"))
+ f:write(content)
+ f:close()
+end
+
+local function read_config()
+ local f = assert(io.open(sshd_config, "r"))
+ local content = f:read("*a")
+ f:close()
+ return content
+end
+
+-- Key not found: appended
+setup("SomeOtherKey yes\n")
+n.update_sshd_config("PasswordAuthentication", "yes")
+if read_config() ~= "SomeOtherKey yes\nPasswordAuthentication yes\n" then
+ n.err("Key not found: should be appended")
+end
+
+-- Key with same value: no change
+setup("PasswordAuthentication yes\n")
+n.update_sshd_config("PasswordAuthentication", "yes")
+if read_config() ~= "PasswordAuthentication yes\n" then
+ n.err("Same value: should not change")
+end
+
+-- Key with different value: changed
+setup("PasswordAuthentication no\n")
+n.update_sshd_config("PasswordAuthentication", "yes")
+if read_config() ~= "PasswordAuthentication yes\n" then
+ n.err("Different value: should change")
+end
+
+-- Key with comment
+setup("PasswordAuthentication no # keep this\n")
+n.update_sshd_config("PasswordAuthentication", "yes")
+if read_config() ~= "PasswordAuthentication yes\n" then
+ n.err("Comment stripped: '" .. read_config() .. "'")
+end
+
+-- Case insensitive key matching
+setup("passwordauthentication no\n")
+n.update_sshd_config("PasswordAuthentication", "yes")
+if read_config() ~= "PasswordAuthentication yes\n" then
+ n.err("Case insensitive matching failed")
+end
+
+-- Extra spaces
+setup(" PasswordAuthentication no \n")
+n.update_sshd_config("PasswordAuthentication", "yes")
+if read_config() ~= "PasswordAuthentication yes\n" then
+ n.err("Extra spaces handling failed: '" .. read_config() .. "'")
+end
+
+os.exit(0)
generated by cgit v1.3 (git 2.53.0) at 2026-05-11 16:25:36 +0000