/
FilePermissions.hs
47 lines (36 loc) · 1.44 KB
/
FilePermissions.hs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE TemplateHaskell #-}
module Test.Cli.FilePermissions
( tests
) where
import Cardano.Prelude
import Cardano.Node.Run (checkVRFFilePermissions)
import Hedgehog (Property, discover, success)
import qualified Hedgehog
import qualified Hedgehog.Extras.Test.Base as H
import Hedgehog.Internal.Property (failWith)
import Test.OptParse (execCardanoCLI)
-- | This property ensures that the VRF signing key file is created only with owner permissions
prop_createVRFSigningKeyFilePermissions :: Property
prop_createVRFSigningKeyFilePermissions =
H.propertyOnce . H.moduleWorkspace "tmp" $ \tempDir -> do
-- Key filepaths
vrfVerKey <- H.noteTempFile tempDir "VRF-verification-key-file"
vrfSignKey <- H.noteTempFile tempDir "VRF-signing-key-file"
-- Create VRF key pair
void $ execCardanoCLI
[ "shelley", "node", "key-gen-VRF"
, "--verification-key-file", vrfVerKey
, "--signing-key-file", vrfSignKey
]
result <- liftIO . runExceptT $ checkVRFFilePermissions vrfSignKey
case result of
Left err ->
failWith Nothing
$ "key-gen-VRF cli command created a VRF signing key \
\file with the wrong permissions: " <> show err
Right () -> success
-- -----------------------------------------------------------------------------
tests :: IO Bool
tests =
Hedgehog.checkParallel $$discover