diff --git a/signature/policy_config.go b/signature/policy_config.go index ad532278a6..b5731477a1 100644 --- a/signature/policy_config.go +++ b/signature/policy_config.go @@ -60,7 +60,7 @@ func DefaultPolicy(sys *types.SystemContext) (*Policy, error) { // defaultPolicyPath returns a path to the relevant policy of the system, or an error if the policy is missing. func defaultPolicyPath(sys *types.SystemContext) (string, error) { - policyFilePath, err := defaultPolicyPathWithHomeDir(sys, homedir.Get()) + policyFilePath, err := defaultPolicyPathWithHomeDir(sys, homedir.Get(), systemDefaultPolicyPath) if err != nil { return "", err } @@ -69,7 +69,7 @@ func defaultPolicyPath(sys *types.SystemContext) (string, error) { // defaultPolicyPathWithHomeDir is an internal implementation detail of defaultPolicyPath, // it exists only to allow testing it with an artificial home directory. -func defaultPolicyPathWithHomeDir(sys *types.SystemContext, homeDir string) (string, error) { +func defaultPolicyPathWithHomeDir(sys *types.SystemContext, homeDir string, policyPath string) (string, error) { if sys != nil && sys.SignaturePolicyPath != "" { return sys.SignaturePolicyPath, nil @@ -80,12 +80,12 @@ func defaultPolicyPathWithHomeDir(sys *types.SystemContext, homeDir string) (str return userPolicyFilePath, nil } if sys != nil && sys.RootForImplicitAbsolutePaths != "" { - return filepath.Join(sys.RootForImplicitAbsolutePaths, systemDefaultPolicyPath), nil + return filepath.Join(sys.RootForImplicitAbsolutePaths, policyPath), nil } - if err := fileutils.Exists(systemDefaultPolicyPath); err == nil { - return systemDefaultPolicyPath, nil + if err := fileutils.Exists(policyPath); err == nil { + return policyPath, nil } - return "", fmt.Errorf("no policy.json file found at any of the following: %q, %q", userPolicyFilePath, systemDefaultPolicyPath) + return "", fmt.Errorf("no policy.json file found at any of the following: %q, %q", userPolicyFilePath, policyPath) } // NewPolicyFromFile returns a policy configured in the specified file. diff --git a/signature/policy_config_test.go b/signature/policy_config_test.go index 3b83772a8a..6931752c5e 100644 --- a/signature/policy_config_test.go +++ b/signature/policy_config_test.go @@ -152,28 +152,32 @@ func TestDefaultPolicyPath(t *testing.T) { const rootPrefix = "/root/prefix" tempHome := t.TempDir() userDefaultPolicyPath := filepath.Join(tempHome, userPolicyFile) - + tempsystemdefaultpath := filepath.Join(tempHome, systemDefaultPolicyPath) for _, c := range []struct { - sys *types.SystemContext - userfilePresent bool - expected string + sys *types.SystemContext + userfilePresent bool + expected string + createSystemTempFile bool + expectedError string }{ // The common case - {nil, false, systemDefaultPolicyPath}, + {nil, false, tempsystemdefaultpath, true, ""}, // There is a context, but it does not override the path. - {&types.SystemContext{}, false, systemDefaultPolicyPath}, + {&types.SystemContext{}, false, tempsystemdefaultpath, true, ""}, // Path overridden - {&types.SystemContext{SignaturePolicyPath: nondefaultPath}, false, nondefaultPath}, + {&types.SystemContext{SignaturePolicyPath: nondefaultPath}, false, nondefaultPath, false, ""}, // Root overridden { &types.SystemContext{RootForImplicitAbsolutePaths: rootPrefix}, false, - filepath.Join(rootPrefix, systemDefaultPolicyPath), + filepath.Join(rootPrefix, tempsystemdefaultpath), + false, + "", }, // Empty context and user policy present - {&types.SystemContext{}, true, userDefaultPolicyPath}, + {&types.SystemContext{}, true, userDefaultPolicyPath, false, ""}, // Only user policy present - {nil, true, userDefaultPolicyPath}, + {nil, true, userDefaultPolicyPath, false, ""}, // Context signature path and user policy present { &types.SystemContext{ @@ -181,6 +185,8 @@ func TestDefaultPolicyPath(t *testing.T) { }, true, nondefaultPath, + false, + "", }, // Root and user policy present { @@ -189,6 +195,8 @@ func TestDefaultPolicyPath(t *testing.T) { }, true, userDefaultPolicyPath, + false, + "", }, // Context and user policy file preset simultaneously { @@ -198,6 +206,8 @@ func TestDefaultPolicyPath(t *testing.T) { }, true, nondefaultPath, + false, + "", }, // Root and path overrides present simultaneously, { @@ -207,21 +217,41 @@ func TestDefaultPolicyPath(t *testing.T) { }, false, nondefaultPath, + false, + "", }, // No environment expansion happens in the overridden paths - {&types.SystemContext{SignaturePolicyPath: variableReference}, false, variableReference}, + {&types.SystemContext{SignaturePolicyPath: variableReference}, false, variableReference, false, ""}, + + {nil, false, "", false, fmt.Sprintf("no policy.json file found at any of the following: %q, %q", userDefaultPolicyPath, tempsystemdefaultpath)}, } { - if c.userfilePresent { - err := os.MkdirAll(filepath.Dir(userDefaultPolicyPath), os.ModePerm) - require.NoError(t, err) - f, err := os.Create(userDefaultPolicyPath) - require.NoError(t, err) - f.Close() + paths := []struct { + condition bool + path string + }{ + {c.userfilePresent, userDefaultPolicyPath}, + {c.createSystemTempFile, tempsystemdefaultpath}, + } + + for _, p := range paths { + if p.condition { + err := os.MkdirAll(filepath.Dir(p.path), os.ModePerm) + require.NoError(t, err) + f, err := os.Create(p.path) + require.NoError(t, err) + f.Close() + } else { + os.Remove(p.path) + } + } + path, err := defaultPolicyPathWithHomeDir(c.sys, tempHome, tempsystemdefaultpath) + if c.expectedError != "" && err != nil { + assert.Empty(t, path) + assert.Error(t, err) + assert.EqualError(t, err, c.expectedError) } else { - os.Remove(userDefaultPolicyPath) + assert.Equal(t, c.expected, path) } - path, _ := defaultPolicyPathWithHomeDir(c.sys, tempHome) - assert.Equal(t, c.expected, path) } }