Merge pull request #194 from chef/cd/run-acl-specs

Make ACLs for policies/policy_groups/cookbook_artifacts work
author: John Keiser <john@johnkeiser.com> 2016-01-28 10:51:09 -0800
committer: John Keiser <john@johnkeiser.com> 2016-01-28 10:51:09 -0800
commit: 59d187df7b3acfa99a448fd9374fcd17303bffc8 (patch)
tree: 263d371284d298c4e50466ec0cc7faca74674ac2
parent: 57f2536f25b06930dbbf3560dfc6e2b0c644af03 (diff)
parent: 80783dac0105c37a857534d91cf38918608c3966 (diff)
download: chef-zero-59d187df7b3acfa99a448fd9374fcd17303bffc8.tar.gz
8 files changed, 14 insertions, 17 deletions
diff --git a/Gemfile b/Gemfile
index c0d8cbc..900c416 100644
--- a/Gemfile
+++ b/Gemfile
@@ -3,12 +3,9 @@ gemspec
 
 gem 'rest-client', :github => 'chef/rest-client'
 
-gem 'oc-chef-pedant', :github => 'chef/chef-server'
-
-# gem 'oc-chef-pedant', :path => "../chef-server"
+gem 'oc-chef-pedant', :github => 'chef/chef-server', :branch => "jk/authorization-tags"
 
 # bundler resolve failure on "rspec_junit_formatter"
 # gem 'chef-pedant', :github => 'opscode/chef-pedant', :ref => "server-cli-option"
 
-gem 'chef', :github => 'chef/chef'
-# gem 'chef', :path => "../chef"
+gem 'chef', :github => 'chef/chef', :branch => 'jk/policies-acls'
diff --git a/lib/chef_zero/chef_data/acl_path.rb b/lib/chef_zero/chef_data/acl_path.rb
index c783a1a..52b43d4 100644
--- a/lib/chef_zero/chef_data/acl_path.rb
+++ b/lib/chef_zero/chef_data/acl_path.rb
@@ -13,7 +13,8 @@ module ChefZero
     #   specified on X, they are not inherited from X's parent
     # - stop adding pivotal to acls (he already has access to what he needs)
     module AclPath
-      ORG_DATA_TYPES = %w(clients cookbooks containers data environments groups nodes roles sandboxes)
+      ORG_DATA_TYPES = %w(clients cookbook_artifacts cookbooks containers data environments groups
+                          nodes policies policy_groups roles sandboxes)
       TOP_DATA_TYPES = %w(containers organizations users)
 
       # ACL data paths for a partition are:
diff --git a/lib/chef_zero/chef_data/data_normalizer.rb b/lib/chef_zero/chef_data/data_normalizer.rb
index 9a6d1ae..95f3daa 100644
--- a/lib/chef_zero/chef_data/data_normalizer.rb
+++ b/lib/chef_zero/chef_data/data_normalizer.rb
@@ -8,7 +8,7 @@ module ChefZero
       def self.normalize_acls(acls)
         ChefData::DefaultCreator::PERMISSIONS.each do |perm|
           acls[perm] ||= {}
-          acls[perm]['actors'] ||= []
+          (acls[perm]['actors'] ||= []).uniq!    # this gets doubled sometimes, for reasons.
           acls[perm]['groups'] ||= []
         end
         acls
diff --git a/lib/chef_zero/chef_data/default_creator.rb b/lib/chef_zero/chef_data/default_creator.rb
index b066a25..957018c 100644
--- a/lib/chef_zero/chef_data/default_creator.rb
+++ b/lib/chef_zero/chef_data/default_creator.rb
@@ -148,6 +148,7 @@ module ChefZero
 
       DEFAULT_ORG_SPINE = {
         'clients' => {},
+        'cookbook_artifacts' => {},
         'cookbooks' => {},
         'data' => {},
         'environments' => %w(_default),
@@ -281,7 +282,7 @@ module ChefZero
               'delete' => { 'groups' => %w(admins) },
               'grant'  => { 'groups' => %w(admins) },
             }
-          when 'containers/cookbooks', 'containers/environments', 'containers/roles'
+          when 'containers/environments', 'containers/roles', 'containers/policy_groups', 'containers/policies'
             {
               'create' => { 'groups' => %w(admins users) },
               'read'   => { 'groups' => %w(admins users clients) },
@@ -289,7 +290,7 @@ module ChefZero
               'delete' => { 'groups' => %w(admins users) },
               'grant'  => { 'groups' => %w(admins) },
             }
-          when 'containers/cookbooks', 'containers/data'
+          when 'containers/cookbooks', 'containers/cookbook_artifacts', 'containers/data'
             {
               'create' => { 'groups' => %w(admins users clients) },
               'read'   => { 'groups' => %w(admins users clients) },
@@ -439,7 +440,7 @@ module ChefZero
         when 4
           return path[0] == 'organizations' && (
             (path[2] == 'acls' && path[1] != 'root') ||
-            %w(cookbooks data).include?(path[2]))
+            %w(cookbooks cookbook_artifacts data policies policy_groups).include?(path[2]))
         else
           return false
         end
diff --git a/lib/chef_zero/data_store/default_facade.rb b/lib/chef_zero/data_store/default_facade.rb
index 0d4cf34..c941322 100644
--- a/lib/chef_zero/data_store/default_facade.rb
+++ b/lib/chef_zero/data_store/default_facade.rb
@@ -62,7 +62,7 @@ module ChefZero
         end
 
         options_hash = options.last.is_a?(Hash) ? options.last : {}
-        default_creator.created(path + [ name ], options_hash[:requestor], options.include?(:recursive))
+        default_creator.created(path + [ name ], options_hash[:requestor], options.include?(:create_dir))
       end
 
       def get(path, request=nil)
diff --git a/lib/chef_zero/endpoints/containers_endpoint.rb b/lib/chef_zero/endpoints/containers_endpoint.rb
index 931fe6c..8a4220f 100644
--- a/lib/chef_zero/endpoints/containers_endpoint.rb
+++ b/lib/chef_zero/endpoints/containers_endpoint.rb
@@ -16,8 +16,7 @@ module ChefZero
         # if they don't match, id wins.
         container_name = data["id"] || data["containername"]
         container_path_suffix = data["containerpath"].split("/").reject { |o| o.empty? }
-        container_data_path = request.rest_path + container_path_suffix
-        create_data(request, container_data_path, container_name, to_json({}), :create_dir)
+        create_data(request, request.rest_path, container_name, to_json({}), :create_dir)
 
         json_response(201, { uri: build_uri(request.base_uri, request.rest_path + container_path_suffix + [container_name]) })
       end
diff --git a/lib/chef_zero/endpoints/policy_group_policy_endpoint.rb b/lib/chef_zero/endpoints/policy_group_policy_endpoint.rb
index 5d32aac..d227905 100644
--- a/lib/chef_zero/endpoints/policy_group_policy_endpoint.rb
+++ b/lib/chef_zero/endpoints/policy_group_policy_endpoint.rb
@@ -56,7 +56,7 @@ module ChefZero
         # group.
         # Storage: /organizations/ORG/policies/POLICY/revisions/REVISION
         response_code = exists_data?(request) ? 200 : 201
-        set_data(request, nil, to_json(revision_id), :create_dir)
+        set_data(request, nil, to_json(revision_id), :create, :create_dir)
 
         already_json_response(response_code, request.body)
       end
diff --git a/spec/run_oc_pedant.rb b/spec/run_oc_pedant.rb
index cb24122..47d878b 100644
--- a/spec/run_oc_pedant.rb
+++ b/spec/run_oc_pedant.rb
@@ -101,7 +101,6 @@ begin
     #
     # ...but we're not there yet
     '--skip-keys',
-    '--skip-acl',
 
     # Chef Zero does not intend to support validation the way erchef does.
     '--skip-validation',
@@ -142,8 +141,8 @@ begin
 
   Pedant.setup(pedant_args)
 
-  fail_fast = []
-  # fail_fast = ["--fail-fast"]
+  fail_fast = %w()#--fail-fast)
+  #fail_fast = ["--fail-fast"]
 
   result = RSpec::Core::Runner.run(Pedant.config.rspec_args + fail_fast)
author	John Keiser <john@johnkeiser.com>	2016-01-28 10:51:09 -0800
committer	John Keiser <john@johnkeiser.com>	2016-01-28 10:51:09 -0800
commit	59d187df7b3acfa99a448fd9374fcd17303bffc8 (patch)
tree	263d371284d298c4e50466ec0cc7faca74674ac2
parent	57f2536f25b06930dbbf3560dfc6e2b0c644af03 (diff)
parent	80783dac0105c37a857534d91cf38918608c3966 (diff)
download	chef-zero-59d187df7b3acfa99a448fd9374fcd17303bffc8.tar.gz