Permissions tests for modules and plugins
This commit is contained in:
Jason Tedor
parent
9f73152940
commit
6ecfc7adbe
|
|
@ -29,12 +29,22 @@ check_module() {
|
|||
local name=$1
|
||||
shift
|
||||
|
||||
assert_module_or_plugin_directory "$ESMODULES/$name"
|
||||
|
||||
for file in "$@"; do
|
||||
assert_file_exist "$(readlink -m $ESMODULES/$name/$file)"
|
||||
assert_module_file "$ESMODULES/$name/$file"
|
||||
done
|
||||
|
||||
assert_file_exist "$(readlink -m $ESMODULES/$name/$name-*.jar)"
|
||||
assert_file_exist "$(readlink -m $ESMODULES/$name/plugin-descriptor.properties)"
|
||||
assert_module_file "$ESMODULES/$name/$name-*.jar"
|
||||
assert_module_file "$ESMODULES/$name/plugin-descriptor.properties"
|
||||
}
|
||||
|
||||
assert_module_file() {
|
||||
local file=$1
|
||||
shift
|
||||
|
||||
assert_file_exist "$(readlink -m $file)"
|
||||
assert_module_or_plugin_file $file
|
||||
}
|
||||
|
||||
check_secure_module() {
|
||||
|
|
|
|||
|
|
@ -179,6 +179,30 @@ assert_file() {
|
|||
fi
|
||||
}
|
||||
|
||||
assert_module_or_plugin_directory() {
|
||||
local directory=$1
|
||||
shift
|
||||
|
||||
#owner group and permissions vary depending on how es was installed
|
||||
#just make sure that everything is the same as $CONFIG_DIR, which was properly set up during install
|
||||
config_user=$(find "$ESHOME" -maxdepth 0 -printf "%u")
|
||||
config_owner=$(find "$ESHOME" -maxdepth 0 -printf "%g")
|
||||
# directories should use the user file-creation mask
|
||||
config_privileges=$((0777 & ~$(sudo -E -u $ESPLUGIN_COMMAND_USER sh -c umask) | 0111))
|
||||
|
||||
assert_file $directory d $config_user $config_owner $(printf "%o" $config_privileges)
|
||||
}
|
||||
|
||||
assert_module_or_plugin_file() {
|
||||
local file=$1
|
||||
shift
|
||||
|
||||
# config files should not be executable and otherwise use the user
|
||||
# file-creation mask
|
||||
expected_file_privileges=$((0777 & ~$(sudo -E -u $ESPLUGIN_COMMAND_USER sh -c umask) & ~0111))
|
||||
assert_file $file f $config_user $config_owner $(printf "%o" $expected_file_privileges)
|
||||
}
|
||||
|
||||
assert_output() {
|
||||
echo "$output" | grep -E "$1"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -133,14 +133,25 @@ install_and_check_plugin() {
|
|||
fi
|
||||
|
||||
install_jvm_plugin $fullName "$(readlink -m $fullName-*.zip)"
|
||||
|
||||
assert_module_or_plugin_directory "$ESPLUGINS/$fullName"
|
||||
|
||||
if [ $prefix == 'analysis' ]; then
|
||||
assert_file_exist "$(readlink -m $ESPLUGINS/$fullName/lucene-analyzers-$name-*.jar)"
|
||||
assert_plugin_file "$ESPLUGINS/$fullName/lucene-analyzers-$name-*.jar"
|
||||
fi
|
||||
for file in "$@"; do
|
||||
assert_file_exist "$(readlink -m $ESPLUGINS/$fullName/$file)"
|
||||
assert_plugin_file "$ESPLUGINS/$fullName/$file"
|
||||
done
|
||||
}
|
||||
|
||||
assert_plugin_file() {
|
||||
local file=$1
|
||||
shift
|
||||
|
||||
assert_file_exist "$(readlink -m $file)"
|
||||
assert_module_or_plugin_file $file
|
||||
}
|
||||
|
||||
# Compare a list of plugin names to the plugins in the plugins pom and see if they are the same
|
||||
# $1 the file containing the list of plugins we want to compare to
|
||||
# $2 description of the source of the plugin list
|
||||
|
|
|
|||
Loading…
Reference in New Issue