git: 0f92bee2b3e0 - main - nuageinit: add adddoas tests
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 10 May 2026 15:56:28 UTC
The branch main has been updated by bapt:
URL: https://cgit.FreeBSD.org/src/commit/?id=0f92bee2b3e08ffa34720a2eeffbce01af3f19f9
commit 0f92bee2b3e08ffa34720a2eeffbce01af3f19f9
Author: Baptiste Daroussin <bapt@FreeBSD.org>
AuthorDate: 2026-05-10 15:54:48 +0000
Commit: Baptiste Daroussin <bapt@FreeBSD.org>
CommitDate: 2026-05-10 15:54:48 +0000
nuageinit: add adddoas tests
---
libexec/nuageinit/tests/Makefile | 1 +
libexec/nuageinit/tests/adddoas.lua | 64 +++++++++++++++++++++++++++++++++++++
libexec/nuageinit/tests/nuage.sh | 7 ++++
3 files changed, 72 insertions(+)
diff --git a/libexec/nuageinit/tests/Makefile b/libexec/nuageinit/tests/Makefile
index d13ad14f1d8f..4c99f8e31ce3 100644
--- a/libexec/nuageinit/tests/Makefile
+++ b/libexec/nuageinit/tests/Makefile
@@ -20,5 +20,6 @@ ${PACKAGE}FILES+= warn.lua
${PACKAGE}FILES+= addfile.lua
${PACKAGE}FILES+= decode_base64.lua
${PACKAGE}FILES+= addsudo.lua
+${PACKAGE}FILES+= adddoas.lua
.include <bsd.test.mk>
diff --git a/libexec/nuageinit/tests/adddoas.lua b/libexec/nuageinit/tests/adddoas.lua
new file mode 100644
index 000000000000..d4bab41ecc3d
--- /dev/null
+++ b/libexec/nuageinit/tests/adddoas.lua
@@ -0,0 +1,64 @@
+#!/usr/libexec/flua
+---
+-- SPDX-License-Identifier: BSD-2-Clause
+--
+-- Copyright (c) 2026 Baptiste Daroussin <bapt@FreeBSD.org>
+
+local n = require("nuage")
+
+local root = os.getenv("NUAGE_FAKE_ROOTDIR")
+if not root then
+ root = ""
+end
+
+local function get_localbase()
+ local f = io.popen("sysctl -in user.localbase 2> /dev/null")
+ local lb = f:read("*l")
+ f:close()
+ if lb == nil or lb:len() == 0 then
+ lb = "/usr/local"
+ end
+ return lb
+end
+
+local function read_doasconf()
+ local path = root .. get_localbase() .. "/etc/doas.conf"
+ local f = io.open(path, "r")
+ if not f then
+ return nil
+ end
+ local content = f:read("*a")
+ f:close()
+ return content
+end
+
+-- test with a single string rule with %u substitution
+n.adddoas({ name = "testuser", doas = "permit persist %u as root" })
+local content = read_doasconf()
+if not content then
+ n.err("doas.conf not created")
+end
+if content ~= "permit persist testuser as root\n" then
+ n.err("unexpected doas.conf content with %u: '" .. content .. "'")
+end
+
+-- remove file for next test
+os.remove(root .. get_localbase() .. "/etc/doas.conf")
+
+-- test with a table of rules
+n.adddoas({
+ name = "testuser",
+ doas = {
+ "deny %u as foobar",
+ "permit persist %u as root cmd whoami"
+ }
+})
+content = read_doasconf()
+if not content then
+ n.err("doas.conf not created for table")
+end
+if content ~= "deny testuser as foobar\npermit persist testuser as root cmd whoami\n" then
+ n.err("unexpected doas.conf content for table: '" .. content .. "'")
+end
+
+os.exit(0)
diff --git a/libexec/nuageinit/tests/nuage.sh b/libexec/nuageinit/tests/nuage.sh
index 9e3442281c15..01c4612eb8ec 100644
--- a/libexec/nuageinit/tests/nuage.sh
+++ b/libexec/nuageinit/tests/nuage.sh
@@ -16,6 +16,7 @@ atf_test_case addgroup
atf_test_case addfile
atf_test_case decode_base64
atf_test_case addsudo
+atf_test_case adddoas
settimezone_body()
{
@@ -103,6 +104,11 @@ addsudo_body()
atf_check /usr/libexec/flua $(atf_get_srcdir)/addsudo.lua
}
+adddoas_body()
+{
+ atf_check /usr/libexec/flua $(atf_get_srcdir)/adddoas.lua
+}
+
atf_init_test_cases()
{
atf_add_test_case sethostname
@@ -113,4 +119,5 @@ atf_init_test_cases()
atf_add_test_case addfile
atf_add_test_case decode_base64
atf_add_test_case addsudo
+ atf_add_test_case adddoas
}