diff options
| author | Vinnie Okada <vokada@mrvinn.com> | 2015-03-15 12:54:36 -0600 |
|---|---|---|
| committer | Vinnie Okada <vokada@mrvinn.com> | 2015-03-15 13:14:30 -0600 |
| commit | 8587a2937020eca2fda3efbcf31862697e7f5b3f (patch) | |
| tree | 3bce665b790723c778e2e33f48f85e7026d314e2 /spec/tasks | |
| parent | aea75cfb0ac7b373bacdee17ee9e8c1314c3b676 (diff) | |
| download | gitlab-ce-8587a2937020eca2fda3efbcf31862697e7f5b3f.tar.gz | |
Change permissions on backup files
Use more restrictive permissions for backup tar files and for the db,
uploads, and repositories directories inside the tar files.
Diffstat (limited to 'spec/tasks')
| -rw-r--r-- | spec/tasks/gitlab/backup_rake_spec.rb | 50 |
1 files changed, 43 insertions, 7 deletions
diff --git a/spec/tasks/gitlab/backup_rake_spec.rb b/spec/tasks/gitlab/backup_rake_spec.rb index 60942cc95fc..e6763be7b8f 100644 --- a/spec/tasks/gitlab/backup_rake_spec.rb +++ b/spec/tasks/gitlab/backup_rake_spec.rb @@ -10,17 +10,17 @@ describe 'gitlab:app namespace rake task' do Rake::Task.define_task :environment end + def run_rake_task(task_name) + Rake::Task[task_name].reenable + Rake.application.invoke_task task_name + end + describe 'backup_restore' do before do # avoid writing task output to spec progress allow($stdout).to receive :write end - let :run_rake_task do - Rake::Task["gitlab:backup:restore"].reenable - Rake.application.invoke_task "gitlab:backup:restore" - end - context 'gitlab version' do before do Dir.stub glob: [] @@ -36,7 +36,9 @@ describe 'gitlab:app namespace rake task' do it 'should fail on mismatch' do YAML.stub load_file: {gitlab_version: "not #{gitlab_version}" } - expect { run_rake_task }.to raise_error SystemExit + expect { run_rake_task('gitlab:backup:restore') }.to( + raise_error SystemExit + ) end it 'should invoke restoration on mach' do @@ -44,9 +46,43 @@ describe 'gitlab:app namespace rake task' do expect(Rake::Task["gitlab:backup:db:restore"]).to receive :invoke expect(Rake::Task["gitlab:backup:repo:restore"]).to receive :invoke expect(Rake::Task["gitlab:shell:setup"]).to receive :invoke - expect { run_rake_task }.to_not raise_error + expect { run_rake_task('gitlab:backup:restore') }.to_not raise_error end end end # backup_restore task + + describe 'backup_create' do + def tars_glob + Dir.glob(File.join(Gitlab.config.backup.path, '*_gitlab_backup.tar')) + end + + before :all do + FileUtils.rm(tars_glob) + orig_stdout = $stdout + $stdout = StringIO.new + run_rake_task('gitlab:backup:create') + $stdout = orig_stdout + + @backup_tar = tars_glob.first + end + + before do + backup_path = File.join(Gitlab.config.backup.path, 'test') + allow(Gitlab.config.backup).to receive(:path).and_return(backup_path) + end + + it 'should set correct permissions on the tar file' do + expect(File.exist?(@backup_tar)).to be_truthy + expect(File::Stat.new(@backup_tar).mode.to_s(8)).to eq('100600') + end + + it 'should set correct permissions on the tar contents' do + tar_contents, exit_status = Gitlab::Popen.popen( + %W{tar -tvf #{@backup_tar} db uploads repositories} + ) + expect(exit_status).to eq(0) + expect(tar_contents).not_to match(/^.{4,9}[rwx]/) + end + end # backup_create task end # gitlab:app namespace |