allow-policy-legacy 0.1.9

Legacy policy adapters for cargo-allow migrations.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

use allow_core::{CargoAllowError, CargoAllowResult};
use std::fs;
use std::path::Path;

pub(crate) fn read_policy(path: &Path) -> CargoAllowResult<String> {
    fs::read_to_string(path).map_err(|e| {
        CargoAllowError::new(format!(
            "failed to read legacy policy {}: {e}",
            path.display()
        ))
    })
}

pub(crate) fn legacy_table(input: &str) -> CargoAllowResult<Option<toml::Table>> {
    toml::from_str::<toml::Table>(input)
        .map(Some)
        .map_err(|e| CargoAllowError::new(format!("failed to parse legacy policy TOML: {e}")))
}

#[cfg(test)]
mod tests {
    use super::*;
    use std::fs;
    use std::time::{SystemTime, UNIX_EPOCH};

    #[test]
    fn read_policy_returns_file_text_or_contextual_error() {
        let path = temp_policy_path("read-policy");
        fs::write(&path, "policy = \"non-rust-allowlist\"\n")
            .unwrap_or_else(|err| std::panic::panic_any(format!("fixture write: {err}")));

        let text = read_policy(&path)
            .unwrap_or_else(|err| std::panic::panic_any(format!("policy reads: {err}")));

        assert_eq!(text, "policy = \"non-rust-allowlist\"\n");
        fs::remove_file(&path)
            .unwrap_or_else(|err| std::panic::panic_any(format!("fixture cleanup: {err}")));

        let err = read_policy(&path).expect_err("missing policy should produce read error");
        assert!(err.to_string().contains("failed to read legacy policy"));
        assert!(err.to_string().contains(&path.display().to_string()));
    }

    #[test]
    fn legacy_table_parses_toml_or_reports_parse_error() {
        let table = legacy_table("policy = \"workflow-allowlist\"\n")
            .unwrap_or_else(|err| std::panic::panic_any(format!("legacy TOML parses: {err}")))
            .unwrap_or_else(|| std::panic::panic_any("legacy table exists"));

        assert_eq!(
            table.get("policy").and_then(toml::Value::as_str),
            Some("workflow-allowlist")
        );

        let err = legacy_table("policy = [").expect_err("invalid TOML should fail");
        assert!(
            err.to_string()
                .contains("failed to parse legacy policy TOML")
        );
    }

    fn temp_policy_path(name: &str) -> std::path::PathBuf {
        let unique = SystemTime::now()
            .duration_since(UNIX_EPOCH)
            .unwrap_or_else(|err| std::panic::panic_any(format!("system clock ok: {err}")))
            .as_nanos();
        std::env::temp_dir().join(format!(
            "cargo-allow-{name}-{}-{unique}.toml",
            std::process::id()
        ))
    }
}