ubuntu · adombeck · Dec 19, 2024 · Nov 27, 2024 · Nov 27, 2024
@@ -15,7 +15,7 @@ import (
 	"github.com/ubuntu/authd/cmd/authd/daemon"
 	"github.com/ubuntu/authd/internal/consts"
 	"github.com/ubuntu/authd/internal/testutils"
-	cachetestutils "github.com/ubuntu/authd/internal/users/cache/testutils"
+	"github.com/ubuntu/authd/internal/users/cache"
 )
 
 func TestHelp(t *testing.T) {
@@ -176,7 +176,7 @@ func TestAppRunFailsOnComponentsCreationAndQuit(t *testing.T) {
 				err := os.MkdirAll(config.Paths.Cache, 0700)
 				require.NoError(t, err, "Setup: could not create cache directory")
 				//nolint: gosec // This is a file with invalid permission for tests.
-				err = os.WriteFile(filepath.Join(config.Paths.Cache, cachetestutils.DbName), nil, 0644)
+				err = os.WriteFile(filepath.Join(config.Paths.Cache, cache.Z_ForTests_DBName()), nil, 0644)
 				require.NoError(t, err, "Setup: could not create database with invalid permissions")
 			}
 

@@ -6,21 +6,21 @@ import (
 	"os"
 	"strings"
 
-	permissionstestutils "github.com/ubuntu/authd/internal/services/permissions/testutils"
-	localgroupstestutils "github.com/ubuntu/authd/internal/users/localgroups/testutils"
+	"github.com/ubuntu/authd/internal/services/permissions"
+	"github.com/ubuntu/authd/internal/users/localgroups"
 )
 
 // load any behaviour modifiers from env variable.
 func init() {
 	if os.Getenv("AUTHD_INTEGRATIONTESTS_CURRENT_USER_AS_ROOT") != "" {
-		permissionstestutils.DefaultCurrentUserAsRoot()
+		permissions.Z_ForTests_DefaultCurrentUserAsRoot()
 	}
 
 	gpasswdArgs := os.Getenv("AUTHD_INTEGRATIONTESTS_GPASSWD_ARGS")
 	grpFilePath := os.Getenv("AUTHD_INTEGRATIONTESTS_GPASSWD_GRP_FILE_PATH")
 	if gpasswdArgs == "" || grpFilePath == "" {
 		panic("AUTHD_INTEGRATIONTESTS_GPASSWD_ARGS and AUTHD_INTEGRATIONTESTS_GPASSWD_GRP_FILE_PATH must be set")
 	}
-	localgroupstestutils.SetGpasswdCmd(strings.Split(gpasswdArgs, " "))
-	localgroupstestutils.SetGroupPath(grpFilePath)
+	localgroups.Z_ForTests_SetGpasswdCmd(strings.Split(gpasswdArgs, " "))
+	localgroups.Z_ForTests_SetGroupPath(grpFilePath)
 }
@@ -14,11 +14,10 @@ import (
 	"github.com/ubuntu/authd/internal/services/errmessages"
 	"github.com/ubuntu/authd/internal/services/nss"
 	"github.com/ubuntu/authd/internal/services/permissions"
-	permissionstestutils "github.com/ubuntu/authd/internal/services/permissions/testutils"
 	"github.com/ubuntu/authd/internal/testutils"
 	"github.com/ubuntu/authd/internal/testutils/golden"
 	"github.com/ubuntu/authd/internal/users"
-	cachetestutils "github.com/ubuntu/authd/internal/users/cache/testutils"
+	"github.com/ubuntu/authd/internal/users/cache"
 	localgroupstestutils "github.com/ubuntu/authd/internal/users/localgroups/testutils"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
@@ -286,7 +285,7 @@ func newNSSClient(t *testing.T, sourceDB string, currentUserNotRoot bool) (clien
 
 	var opts []permissions.Option
 	if !currentUserNotRoot {
-		opts = append(opts, permissionstestutils.WithCurrentUserAsRoot())
+		opts = append(opts, permissions.Z_ForTests_WithCurrentUserAsRoot())
 	}
 	pm := permissions.New(opts...)
 
@@ -330,7 +329,7 @@ func newUserManagerForTests(t *testing.T, sourceDB string) *users.Manager {
 	if sourceDB == "" {
 		sourceDB = "cache.db.yaml"
 	}
-	cachetestutils.CreateDBFromYAML(t, filepath.Join("testdata", sourceDB), cacheDir)
+	cache.Z_ForTests_CreateDBFromYAML(t, filepath.Join("testdata", sourceDB), cacheDir)
 
 	m, err := users.NewManager(users.DefaultConfig, cacheDir)
 	require.NoError(t, err, "Setup: could not create user manager")

@@ -23,11 +23,10 @@ import (
 	"github.com/ubuntu/authd/internal/services/errmessages"
 	"github.com/ubuntu/authd/internal/services/pam"
 	"github.com/ubuntu/authd/internal/services/permissions"
-	permissionstestutils "github.com/ubuntu/authd/internal/services/permissions/testutils"
 	"github.com/ubuntu/authd/internal/testutils"
 	"github.com/ubuntu/authd/internal/testutils/golden"
 	"github.com/ubuntu/authd/internal/users"
-	cachetestutils "github.com/ubuntu/authd/internal/users/cache/testutils"
+	"github.com/ubuntu/authd/internal/users/cache"
 	localgroupstestutils "github.com/ubuntu/authd/internal/users/localgroups/testutils"
 	userstestutils "github.com/ubuntu/authd/internal/users/testutils"
 	"google.golang.org/grpc"
@@ -157,7 +156,7 @@ func TestGetPreviousBroker(t *testing.T) {
 			d, err := io.ReadAll(f)
 			require.NoError(t, err, "Setup: could not read fixture database file")
 			d = bytes.ReplaceAll(d, []byte("MOCKBROKERID"), []byte(mockBrokerGeneratedID))
-			err = cachetestutils.DbfromYAML(bytes.NewBuffer(d), cacheDir)
+			err = cache.Z_ForTests_FromYAML(bytes.NewBuffer(d), cacheDir)
 			require.NoError(t, err, "Setup: could not prepare cache database file")
 
 			m, err := users.NewManager(users.DefaultConfig, cacheDir)
@@ -300,7 +299,7 @@ func TestGetAuthenticationModes(t *testing.T) {
 			}
 
 			// Now, set tests permissions for this use case
-			permissionstestutils.SetCurrentUserAsRoot(&pm, !tc.currentUserNotRoot)
+			permissions.Z_ForTests_SetCurrentUserAsRoot(&pm, !tc.currentUserNotRoot)
 
 			if tc.supportedUILayouts == nil {
 				tc.supportedUILayouts = []*authd.UILayout{requiredEntry}
@@ -394,7 +393,7 @@ func TestSelectAuthenticationMode(t *testing.T) {
 			}
 
 			// Now, set tests permissions for this use case
-			permissionstestutils.SetCurrentUserAsRoot(&pm, !tc.currentUserNotRoot)
+			permissions.Z_ForTests_SetCurrentUserAsRoot(&pm, !tc.currentUserNotRoot)
 
 			samReq := &authd.SAMRequest{
 				SessionId:            tc.sessionID,
@@ -464,7 +463,7 @@ func TestIsAuthenticated(t *testing.T) {
 
 			cacheDir := t.TempDir()
 			if tc.existingDB != "" {
-				cachetestutils.CreateDBFromYAML(t, filepath.Join(testutils.TestFamilyPath(t), tc.existingDB), cacheDir)
+				cache.Z_ForTests_CreateDBFromYAML(t, filepath.Join(testutils.TestFamilyPath(t), tc.existingDB), cacheDir)
 			}
 
 			m, err := users.NewManager(users.DefaultConfig, cacheDir)
@@ -485,7 +484,7 @@ func TestIsAuthenticated(t *testing.T) {
 			}
 
 			// Now, set tests permissions for this use case
-			permissionstestutils.SetCurrentUserAsRoot(&pm, !tc.currentUserNotRoot)
+			permissions.Z_ForTests_SetCurrentUserAsRoot(&pm, !tc.currentUserNotRoot)
 
 			var firstCall, secondCall string
 			ctx, cancel := context.WithCancel(context.Background())
@@ -528,12 +527,12 @@ func TestIsAuthenticated(t *testing.T) {
 			<-done
 
 			got := firstCall + secondCall
-			got = permissionstestutils.IdempotentPermissionError(got)
+			got = permissions.Z_ForTests_IdempotentPermissionError(got)
 			want := golden.LoadWithUpdate(t, got, golden.WithPath("IsAuthenticated"))
 			require.Equal(t, want, got, "IsAuthenticated should return the expected combined data, but did not")
 
 			// Check that cache has been updated too.
-			gotDB, err := cachetestutils.DumpNormalizedYAML(userstestutils.GetManagerCache(m))
+			gotDB, err := cache.Z_ForTests_DumpNormalizedYAML(userstestutils.GetManagerCache(m))
 			require.NoError(t, err, "Setup: failed to dump database for comparing")
 			wantDB := golden.LoadWithUpdate(t, gotDB, golden.WithPath("cache.db"))
 			require.Equal(t, wantDB, gotDB, "IsAuthenticated should update the cache database as expected")
@@ -574,7 +573,7 @@ func TestIDGeneration(t *testing.T) {
 			require.NoError(t, err, "Setup: could not authenticate user")
 			require.Equal(t, "granted", resp.GetAccess(), "Setup: authentication should be granted")
 
-			gotDB, err := cachetestutils.DumpNormalizedYAML(userstestutils.GetManagerCache(m))
+			gotDB, err := cache.Z_ForTests_DumpNormalizedYAML(userstestutils.GetManagerCache(m))
 			require.NoError(t, err, "Setup: failed to dump database for comparing")
 			wantDB := golden.LoadWithUpdate(t, gotDB, golden.WithPath("cache.db"))
 			require.Equal(t, wantDB, gotDB, "IsAuthenticated should update the cache database as expected")
@@ -606,7 +605,7 @@ func TestSetDefaultBrokerForUser(t *testing.T) {
 			t.Parallel()
 
 			cacheDir := t.TempDir()
-			cachetestutils.CreateDBFromYAML(t, filepath.Join(testutils.TestFamilyPath(t), "set-default-broker.db"), cacheDir)
+			cache.Z_ForTests_CreateDBFromYAML(t, filepath.Join(testutils.TestFamilyPath(t), "set-default-broker.db"), cacheDir)
 
 			m, err := users.NewManager(users.DefaultConfig, cacheDir)
 			require.NoError(t, err, "Setup: could not create user manager")
@@ -634,7 +633,7 @@ func TestSetDefaultBrokerForUser(t *testing.T) {
 			require.Equal(t, tc.brokerID, gpbResp.GetPreviousBroker(), "SetDefaultBrokerForUser should set the default broker as expected")
 
 			// Check that cache has been updated too.
-			gotDB, err := cachetestutils.DumpNormalizedYAML(userstestutils.GetManagerCache(m))
+			gotDB, err := cache.Z_ForTests_DumpNormalizedYAML(userstestutils.GetManagerCache(m))
 			require.NoError(t, err, "Setup: failed to dump database for comparing")
 			wantDB := golden.LoadWithUpdate(t, gotDB, golden.WithPath("cache.db"))
 			require.Equal(t, wantDB, gotDB, "SetDefaultBrokerForUser should update the cache database as expected")
@@ -679,7 +678,7 @@ func TestEndSession(t *testing.T) {
 			}
 
 			// Now, set tests permissions for this use case
-			permissionstestutils.SetCurrentUserAsRoot(&pm, !tc.currentUserNotRoot)
+			permissions.Z_ForTests_SetCurrentUserAsRoot(&pm, !tc.currentUserNotRoot)
 
 			esReq := &authd.ESRequest{
 				SessionId: tc.sessionID,
@@ -772,7 +771,7 @@ func newPermissionManager(t *testing.T, currentUserNotRoot bool) permissions.Man
 
 	var opts = []permissions.Option{}
 	if !currentUserNotRoot {
-		opts = append(opts, permissionstestutils.WithCurrentUserAsRoot())
+		opts = append(opts, permissions.Z_ForTests_WithCurrentUserAsRoot())
 	}
 	return permissions.New(opts...)
 }

@@ -8,6 +8,5 @@ func NewTestPeerCredsInfo(uid uint32, pid int32) PeerCredsInfo {
 }
 
 var (
-	CurrentUserUID        = currentUserUID
-	WithCurrentUserAsRoot = withCurrentUserAsRoot
+	CurrentUserUID = currentUserUID
 )
@@ -8,7 +8,6 @@ import (
 
 	"github.com/stretchr/testify/require"
 	"github.com/ubuntu/authd/internal/services/permissions"
-	permissionstestutils "github.com/ubuntu/authd/internal/services/permissions/testutils"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/peer"
@@ -63,7 +62,7 @@ func TestIsRequestFromRoot(t *testing.T) {
 
 			var opts []permissions.Option
 			if !tc.currentUserNotRoot {
-				opts = append(opts, permissionstestutils.WithCurrentUserAsRoot())
+				opts = append(opts, permissions.Z_ForTests_WithCurrentUserAsRoot())
 			}
 			pm := permissions.New(opts...)
 

@@ -8,12 +8,15 @@ import (
 	"math"
 	"os/user"
 	"strconv"
+	"strings"
 
 	"github.com/ubuntu/authd/internal/testsdetection"
 )
 
-// withCurrentUserAsRoot returns an Option that sets the rootUID to the current user's UID.
-func withCurrentUserAsRoot() Option {
+// Z_ForTests_WithCurrentUserAsRoot returns an Option that sets the rootUID to the current user's UID.
+//
+// nolint:revive,nolintlint // We want to use underscores in the function name here.
+func Z_ForTests_WithCurrentUserAsRoot() Option {
 	testsdetection.MustBeTesting()
 
 	uid := currentUserUID()
@@ -38,10 +41,10 @@ func currentUserUID() uint32 {
 	return uint32(uid)
 }
 
-// setCurrentUserAsRoot mutates a default permission to the current user's UID if currentUserAsRoot is true.
+// Z_ForTests_SetCurrentUserAsRoot mutates a default permission to the current user's UID if currentUserAsRoot is true.
 //
-//nolint:unused // false positive as used in permissionstests with linkname.
-func (m *Manager) setCurrentUserAsRoot(currentUserAsRoot bool) {
+// nolint:revive,nolintlint // We want to use underscores in the function name here.
+func Z_ForTests_SetCurrentUserAsRoot(m *Manager, currentUserAsRoot bool) {
 	testsdetection.MustBeTesting()
 
 	if !currentUserAsRoot {
@@ -51,3 +54,21 @@ func (m *Manager) setCurrentUserAsRoot(currentUserAsRoot bool) {
 
 	m.rootUID = currentUserUID()
 }
+
+// Z_ForTests_IdempotentPermissionError strips the UID from the permission error message.
+//
+// nolint:revive,nolintlint // We want to use underscores in the function name here.
+func Z_ForTests_IdempotentPermissionError(msg string) string {
+	testsdetection.MustBeTesting()
+
+	return strings.ReplaceAll(msg, fmt.Sprint(currentUserUID()), "XXXX")
+}
+
+// Z_ForTests_DefaultCurrentUserAsRoot mocks the current user as root for the permission manager.
+//
+// nolint:revive,nolintlint // We want to use underscores in the function name here.
+func Z_ForTests_DefaultCurrentUserAsRoot() {
+	testsdetection.MustBeTesting()
+
+	defaultOptions.rootUID = currentUserUID()
+}
@@ -13,7 +13,7 @@ import (
 	"github.com/stretchr/testify/require"
 	"github.com/ubuntu/authd/internal/grpcutils"
 	"github.com/ubuntu/authd/internal/services/errmessages"
-	cachetestutils "github.com/ubuntu/authd/internal/users/cache/testutils"
+	"github.com/ubuntu/authd/internal/users/cache"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials/insecure"
 )
@@ -77,7 +77,7 @@ func RunDaemon(ctx context.Context, t *testing.T, execPath string, args ...Daemo
 	}
 
 	if opts.existentDB != "" {
-		cachetestutils.CreateDBFromYAML(t, filepath.Join("testdata", "db", opts.existentDB+".db.yaml"), opts.cachePath)
+		cache.Z_ForTests_CreateDBFromYAML(t, filepath.Join("testdata", "db", opts.existentDB+".db.yaml"), opts.cachePath)
 	}
 
 	if opts.socketPath == "" {