refactor permission reset logic

Author: spencerugbo

internal/file/file_manager_service.go

@@ -16,7 +16,6 @@ import (
 	"path"
 	"path/filepath"
 	"strconv"
-	"strings"
 	"sync"
 
 	"google.golang.org/grpc"
@@ -161,7 +160,7 @@ func (fms *FileManagerService) ConfigApply(ctx context.Context,
 
 	permissionErr := fms.validateAndFixPermissions(ctx, fileOverview.GetFiles())
 	if permissionErr != nil {
-		return model.PermissionChange, permissionErr
+		return model.RollbackRequired, permissionErr
 	}
 
 	diffFiles, fileContent, compareErr := fms.DetermineFileActions(
@@ -604,32 +603,24 @@ func (fms *FileManagerService) checkAllowedDirectory(checkFiles []*mpi.File) err
 }
 
 func (fms *FileManagerService) validateAndFixPermissions(ctx context.Context, fileList []*mpi.File) error {
-	var permissionIssues []string
-
 	for _, file := range fileList {
-		if err := fms.checkFilePermissions(file); err != nil {
-			permissionIssues = append(permissionIssues, file.GetFileMeta().GetName())
-
-			if resetErr := fms.resetFilePermissions(file); resetErr != nil {
+		err := fms.checkFilePermissions(file)
+		if err != nil {
+			resetErr := fms.resetFilePermissions(ctx, file)
+			if resetErr != nil {
 				return fmt.Errorf("failed to reset permissions for %s: %w", file.GetFileMeta().GetName(), resetErr)
 			}
-
-			slog.InfoContext(ctx, "Reset execute permissions", "file", file.GetFileMeta().GetName())
 		}
 	}
 
-	if len(permissionIssues) > 0 {
-		return fmt.Errorf("reset execute permissions for files: %s", strings.Join(permissionIssues, ", "))
-	}
-
 	return nil
 }
 
 func (fms *FileManagerService) checkFilePermissions(file *mpi.File) error {
 	filePermission := file.GetFileMeta().GetPermissions()
 
 	permissionOctal, err := strconv.ParseUint(filePermission, 8, 32)
-	if err != nil {
+	if err != nil || len(filePermission) != 4 {
 		return fmt.Errorf("file %s has malformed permissions", file.GetFileMeta().GetName())
 	}
 
@@ -640,25 +631,21 @@ func (fms *FileManagerService) checkFilePermissions(file *mpi.File) error {
 	return nil
 }
 
-func (fms *FileManagerService) resetFilePermissions(file *mpi.File) error {
+func (fms *FileManagerService) resetFilePermissions(ctx context.Context, file *mpi.File) error {
 	filePermission := file.GetFileMeta().GetPermissions()
 
 	permissionOctal, err := strconv.ParseUint(filePermission, 8, 32)
 	if err != nil {
-		chmodErr := os.Chmod(file.GetFileMeta().GetName(), os.FileMode(filePerm))
-		if chmodErr != nil {
-			return fmt.Errorf("failed to set file permissions: %w", err)
-		}
-
-		return fmt.Errorf("falied to parse file permissions, permissions set to 0o644: %w", err)
+		return fmt.Errorf("falied to parse file permissions: %w", err)
 	}
 
-	newPermission := permissionOctal &^ executePerm
+	permissionOctal &^= executePerm
 
-	err = os.Chmod(file.GetFileMeta().GetName(), os.FileMode(newPermission))
-	if err != nil {
-		return fmt.Errorf("failed to set file permissions: %w", err)
-	}
+	newPermission := "0" + strconv.FormatUint(permissionOctal, 8)
+	file.FileMeta.Permissions = newPermission
+
+	slog.DebugContext(ctx, "Permissions have been changed", "file", file.GetFileMeta().GetName(),
+		"old permissions", filePermission, "new permissions", newPermission)
 
 	return nil
 }

internal/file/file_manager_service_test.go

@@ -13,7 +13,6 @@ import (
 	"os"
 	"path"
 	"path/filepath"
-	"strconv"
 	"sync"
 	"testing"
 
@@ -327,46 +326,62 @@ func TestFileManagerService_validateAndFixPermissions(t *testing.T) {
 	ctx := context.Background()
 	fileManagerService := NewFileManagerService(nil, types.AgentConfig(), &sync.RWMutex{})
 
-	tempDir := t.TempDir()
-	execFile := helpers.CreateFileWithErrorCheck(t, tempDir, "exec.conf")
-	defer helpers.RemoveFileWithErrorCheck(t, execFile.Name())
-
-	normalFile := helpers.CreateFileWithErrorCheck(t, tempDir, "normal.conf")
-	defer helpers.RemoveFileWithErrorCheck(t, normalFile.Name())
-
-	err := os.Chmod(execFile.Name(), 0o700)
-	require.NoError(t, err)
-	err = os.Chmod(normalFile.Name(), 0o620)
-	require.NoError(t, err)
-
-	fileList := []*mpi.File{
+	tests := []struct {
+		name        string
+		errorMsg    string
+		files       []*mpi.File
+		expectError bool
+	}{
 		{
-			FileMeta: &mpi.FileMeta{
-				Name:        execFile.Name(),
-				Permissions: "0700",
+			name:        "Test 1: File list with valid permissions",
+			expectError: false,
+			files: []*mpi.File{
+				{
+					FileMeta: &mpi.FileMeta{
+						Name:        "exec.conf",
+						Permissions: "0700",
+					},
+				},
+				{
+					FileMeta: &mpi.FileMeta{
+						Name:        "normal.conf",
+						Permissions: "0620",
+					},
+				},
 			},
 		},
 		{
-			FileMeta: &mpi.FileMeta{
-				Name:        normalFile.Name(),
-				Permissions: "0620",
+			name:        "Test 2: File list with invalid permissions",
+			expectError: true,
+			errorMsg:    "failed to reset permissions",
+			files: []*mpi.File{
+				{
+					FileMeta: &mpi.FileMeta{
+						Name:        "malformed.conf",
+						Permissions: "07000",
+					},
+				},
+				{
+					FileMeta: &mpi.FileMeta{
+						Name:        "invalid.conf",
+						Permissions: "abcde",
+					},
+				},
 			},
 		},
 	}
 
-	err = fileManagerService.validateAndFixPermissions(ctx, fileList)
-
-	require.Error(t, err)
-	assert.Contains(t, err.Error(), "reset execute permissions for files")
-	assert.Contains(t, err.Error(), execFile.Name())
-
-	info, err := os.Stat(execFile.Name())
-	require.NoError(t, err)
-	assert.Equal(t, os.FileMode(0o600), info.Mode().Perm())
-
-	info, err = os.Stat(normalFile.Name())
-	require.NoError(t, err)
-	assert.Equal(t, os.FileMode(0o620), info.Mode().Perm())
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			err := fileManagerService.validateAndFixPermissions(ctx, test.files)
+			if test.expectError {
+				require.Error(t, err)
+				assert.Contains(t, err.Error(), test.errorMsg)
+			} else {
+				require.NoError(t, err)
+			}
+		})
+	}
 }
 
 func TestFileManagerService_checkFilePermissions(t *testing.T) {
@@ -379,22 +394,28 @@ func TestFileManagerService_checkFilePermissions(t *testing.T) {
 		expectError bool
 	}{
 		{
-			name:        "File with read and write permissions for owner",
+			name:        "Test 1: File with read and write permissions for owner",
 			permissions: "0600",
 			expectError: false,
 		},
 		{
-			name:        "File with read/write and execute permissions for owner",
+			name:        "Test 2: File with read/write and execute permissions for owner",
 			permissions: "0700",
 			expectError: true,
 			errorMsg:    "has execute permissions",
 		},
 		{
-			name:        "File with malformed permissions",
+			name:        "Test 3: File with malformed permissions",
 			permissions: "abcde",
 			expectError: true,
 			errorMsg:    "has malformed permissions",
 		},
+		{
+			name:        "Test 4: File with invalid permissions",
+			permissions: "000070",
+			expectError: true,
+			errorMsg:    "has malformed permissions",
+		},
 	}
 
 	for _, test := range tests {
@@ -420,7 +441,6 @@ func TestFileManagerService_checkFilePermissions(t *testing.T) {
 
 func TestFileManagerService_resetFilePermissions(t *testing.T) {
 	fileManagerService := NewFileManagerService(nil, types.AgentConfig(), &sync.RWMutex{})
-	tempDir := t.TempDir()
 
 	tests := []struct {
 		name              string
@@ -430,13 +450,13 @@ func TestFileManagerService_resetFilePermissions(t *testing.T) {
 		expectError       bool
 	}{
 		{
-			name:              "File with execute permissions for owner and others",
+			name:              "Test 1: File with execute permissions for owner and others",
 			permissions:       "0703",
 			expectError:       false,
 			expectPermissions: "0602",
 		},
 		{
-			name:              "File with malformed permissions",
+			name:              "Test 2: File with malformed permissions",
 			permissions:       "abcde",
 			expectError:       true,
 			expectPermissions: "0600",
@@ -446,30 +466,21 @@ func TestFileManagerService_resetFilePermissions(t *testing.T) {
 
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
-			tempFile := helpers.CreateFileWithErrorCheck(t, tempDir, "test.conf")
-			defer helpers.RemoveFileWithErrorCheck(t, tempFile.Name())
-
 			file := &mpi.File{
 				FileMeta: &mpi.FileMeta{
-					Name:        tempFile.Name(),
+					Name:        "test.conf",
 					Permissions: test.permissions,
 				},
 			}
 
-			parseErr := fileManagerService.resetFilePermissions(file)
-
-			info, err := os.Stat(tempFile.Name())
-			require.NoError(t, err)
-
-			actual := "0" + strconv.FormatUint(uint64(info.Mode().Perm()), 8)
+			parseErr := fileManagerService.resetFilePermissions(t.Context(), file)
 
 			if test.expectError {
 				require.Error(t, parseErr)
-				assert.Equal(t, test.expectPermissions, actual)
 				assert.Contains(t, parseErr.Error(), test.errorMsg)
 			} else {
 				require.NoError(t, parseErr)
-				assert.Equal(t, test.expectPermissions, actual)
+				assert.Equal(t, test.expectPermissions, file.GetFileMeta().GetPermissions())
 			}
 		})
 	}

internal/file/file_plugin.go

@@ -347,26 +347,6 @@ func (fp *FilePlugin) handleConfigApplyRequest(ctx context.Context, msg *bus.Mes
 		}
 
 		fp.messagePipe.Process(ctx, &bus.Message{Topic: bus.WriteConfigSuccessfulTopic, Data: data})
-	case model.PermissionChange:
-		slog.WarnContext(ctx, "Files with execute permissions found and reset",
-			"details", err.Error())
-		dpResponse := fp.createDataPlaneResponse(
-			correlationID,
-			mpi.CommandResponse_COMMAND_STATUS_OK,
-			"Config apply successful, files updated with permission changes",
-			instanceID,
-			"",
-		)
-
-		successMessage := &model.ConfigApplySuccess{
-			ConfigContext:     &model.NginxConfigContext{},
-			DataPlaneResponse: dpResponse,
-		}
-
-		fp.fileManagerService.ClearCache()
-		fp.messagePipe.Process(ctx, &bus.Message{Topic: bus.ConfigApplySuccessfulTopic, Data: successMessage})
-
-		return
 	}
 }
 

internal/model/config.go

@@ -75,7 +75,6 @@ const (
 	NoChange
 	Error
 	OK
-	PermissionChange = 5
 )
 
 type ConfigApplySuccess struct {