1
#!/usr/libexec/flua
2
---
3
-- SPDX-License-Identifier: BSD-2-Clause
4
--
5
-- Copyright (c) 2026 Baptiste Daroussin <[email protected]>
6

7
local n = require("nuage")
8

9
local root = os.getenv("NUAGE_FAKE_ROOTDIR")
10
if not root then
11
	root = ""
12
end
13

14
local function get_localbase()
15
	local f = io.popen("sysctl -in user.localbase 2> /dev/null")
16
	local lb = f:read("*l")
17
	f:close()
18
	if lb == nil or lb:len() == 0 then
19
		lb = "/usr/local"
20
	end
21
	return lb
22
end
23

24
local function read_sudoers()
25
	local path = root .. get_localbase() .. "/etc/sudoers.d/90-nuageinit-users"
26
	local f = io.open(path, "r")
27
	if not f then
28
		return nil
29
	end
30
	local content = f:read("*a")
31
	f:close()
32
	return content
33
end
34

35
-- test with a single string rule
36
n.addsudo({ name = "testuser", sudo = "ALL=(ALL) NOPASSWD:ALL" })
37
local content = read_sudoers()
38
if not content then
39
	n.err("sudoers file not created")
40
end
41
if content ~= "testuser ALL=(ALL) NOPASSWD:ALL\n" then
42
	n.err("unexpected sudoers content for string rule: '" .. content .. "'")
43
end
44

45
-- remove file for next test
46
os.remove(root .. get_localbase() .. "/etc/sudoers.d/90-nuageinit-users")
47

48
-- test with a table of rules
49
n.addsudo({
50
	name = "testuser",
51
	sudo = { "ALL=(ALL) NOPASSWD:/usr/sbin/pw", "ALL=(ALL) ALL" }
52
})
53
content = read_sudoers()
54
if not content then
55
	n.err("sudoers file not created for table")
56
end
57
if content ~= "testuser ALL=(ALL) NOPASSWD:/usr/sbin/pw\ntestuser ALL=(ALL) ALL\n" then
58
	n.err("unexpected sudoers content for table: '" .. content .. "'")
59
end
60

61
os.exit(0)
62

63