gloves 0.5.11

seamless secret manager and handoff
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55

use gloves::fs_secure::{
    create_private_file_if_missing, ensure_private_dir, write_private_file_atomic,
};

#[test]
fn create_private_file_if_missing_does_not_overwrite() {
    let temp_dir = tempfile::tempdir().unwrap();
    let file_path = temp_dir.path().join("data.bin");

    create_private_file_if_missing(&file_path, b"one").unwrap();
    create_private_file_if_missing(&file_path, b"two").unwrap();

    assert_eq!(std::fs::read(&file_path).unwrap(), b"one");
}

#[test]
fn write_private_file_atomic_overwrites() {
    let temp_dir = tempfile::tempdir().unwrap();
    let file_path = temp_dir.path().join("data.bin");

    write_private_file_atomic(&file_path, b"one").unwrap();
    write_private_file_atomic(&file_path, b"two").unwrap();

    assert_eq!(std::fs::read(&file_path).unwrap(), b"two");
}

#[test]
fn ensure_private_dir_creates_directory() {
    let temp_dir = tempfile::tempdir().unwrap();
    let dir_path = temp_dir.path().join("nested/private");

    ensure_private_dir(&dir_path).unwrap();

    assert!(dir_path.exists());
    assert!(dir_path.is_dir());
}

#[cfg(unix)]
#[test]
fn private_permissions_are_restricted() {
    use std::os::unix::fs::PermissionsExt;

    let temp_dir = tempfile::tempdir().unwrap();
    let dir_path = temp_dir.path().join("private_dir");
    let file_path = dir_path.join("file.bin");

    ensure_private_dir(&dir_path).unwrap();
    write_private_file_atomic(&file_path, b"secret").unwrap();

    let dir_mode = std::fs::metadata(&dir_path).unwrap().permissions().mode() & 0o777;
    let file_mode = std::fs::metadata(&file_path).unwrap().permissions().mode() & 0o777;

    assert_eq!(dir_mode, 0o700);
    assert_eq!(file_mode, 0o600);
}