// Copyright (c) Tailscale Inc & AUTHORS
// SPDX-License-Identifier: BSD-3-Clause

//go:build unix

package dns

import (
	"context"
	"os"
	"path/filepath"
	"syscall"
	"testing"
)

func TestWriteFileUmask(t *testing.T) {
	// Set a umask that disallows world-readable files for the duration of
	// this test.
	oldUmask := syscall.Umask(0027)
	defer syscall.Umask(oldUmask)

	tmp := t.TempDir()
	fs := directFS{prefix: tmp}

	ctx, cancel := context.WithCancel(context.Background())
	defer cancel()

	m := directManager{logf: t.Logf, fs: fs, ctx: ctx, ctxClose: cancel}

	const perms = 0644
	if err := m.atomicWriteFile(fs, "resolv.conf", []byte("nameserver 8.8.8.8\n"), perms); err != nil {
		t.Fatal(err)
	}

	// Ensure that the created file has the world-readable bit set.
	fi, err := os.Stat(filepath.Join(tmp, "resolv.conf"))
	if err != nil {
		t.Fatal(err)
	}
	if got := fi.Mode().Perm(); got != perms {
		t.Fatalf("file mode: got 0o%o, want 0o%o", got, perms)
	}
}