diff options
author | sersut <serdar@opscode.com> | 2013-05-18 15:50:15 -0700 |
---|---|---|
committer | sersut <serdar@opscode.com> | 2013-05-18 15:50:15 -0700 |
commit | 3b3f7a1ceaea09d1258c1c7e23d8b2051f09cc71 (patch) | |
tree | 51256966bd146c69b776caf5b32a3e6780433e14 | |
parent | 69bf097dd284cc69b31936c838731eabb2999cbe (diff) | |
download | chef-3b3f7a1ceaea09d1258c1c7e23d8b2051f09cc71.tar.gz |
Refactor securable tests to differentiate based on target file availability. Fix inherits tests so that we are catching ACL issue when we use mv_windows when creating temp files under tmpdir.
-rw-r--r-- | spec/functional/resource/cookbook_file_spec.rb | 1 | ||||
-rw-r--r-- | spec/functional/resource/file_spec.rb | 2 | ||||
-rw-r--r-- | spec/functional/resource/link_spec.rb | 2 | ||||
-rw-r--r-- | spec/support/shared/functional/directory_resource.rb | 2 | ||||
-rw-r--r-- | spec/support/shared/functional/file_resource.rb | 48 | ||||
-rw-r--r-- | spec/support/shared/functional/securable_resource.rb | 45 |
6 files changed, 68 insertions, 32 deletions
diff --git a/spec/functional/resource/cookbook_file_spec.rb b/spec/functional/resource/cookbook_file_spec.rb index d61668853c..adaa494e05 100644 --- a/spec/functional/resource/cookbook_file_spec.rb +++ b/spec/functional/resource/cookbook_file_spec.rb @@ -77,6 +77,5 @@ describe Chef::Resource::CookbookFile do FileUtils.rm_r(windows_non_temp_dir) if Chef::Platform.windows? && File.exists?(windows_non_temp_dir) end - it_behaves_like "a file that inherits permissions from a parent directory" end end diff --git a/spec/functional/resource/file_spec.rb b/spec/functional/resource/file_spec.rb index 7da15ff2e5..3f9ec4a18d 100644 --- a/spec/functional/resource/file_spec.rb +++ b/spec/functional/resource/file_spec.rb @@ -54,7 +54,7 @@ describe Chef::Resource::File do let(:default_mode) { ((0100666 - File.umask) & 07777).to_s(8) } - it_behaves_like "a file resource" + it_behaves_like "a file resource", :focus => true it_behaves_like "a securable resource with reporting" diff --git a/spec/functional/resource/link_spec.rb b/spec/functional/resource/link_spec.rb index ca022260cf..fb26282bfc 100644 --- a/spec/functional/resource/link_spec.rb +++ b/spec/functional/resource/link_spec.rb @@ -330,7 +330,7 @@ describe Chef::Resource::Link, :not_supported_on_win2k3 do end context 'and the link already exists and is not writeable to this user', :pending do end - it_behaves_like 'a securable resource' do + it_behaves_like 'a securable resource without existing target' do let(:path) { target_file } def allowed_acl(sid, expected_perms) [ ACE.access_allowed(sid, expected_perms[:specific]) ] diff --git a/spec/support/shared/functional/directory_resource.rb b/spec/support/shared/functional/directory_resource.rb index b9be4ad5fe..c345585690 100644 --- a/spec/support/shared/functional/directory_resource.rb +++ b/spec/support/shared/functional/directory_resource.rb @@ -135,7 +135,7 @@ shared_examples_for "a directory resource" do ] end - it_behaves_like "a securable resource" + it_behaves_like "a securable resource without existing target" end shared_context Chef::Resource::Directory do diff --git a/spec/support/shared/functional/file_resource.rb b/spec/support/shared/functional/file_resource.rb index 8b5c987bb3..9ee6bf5c9d 100644 --- a/spec/support/shared/functional/file_resource.rb +++ b/spec/support/shared/functional/file_resource.rb @@ -155,7 +155,7 @@ shared_examples_for "a file resource" do end # note the stripping of the drive letter from the tmpdir on windows - let(:backup_glob) { File.join(CHEF_SPEC_BACKUP_PATH, Dir.tmpdir.sub(/^([A-Za-z]:)/, ""), "#{file_base}*") } + let(:backup_glob) { File.join(CHEF_SPEC_BACKUP_PATH, test_file_dir.sub(/^([A-Za-z]:)/, ""), "#{file_base}*") } # Most tests update the resource, but a few do not. We need to test that the # resource is marked updated or not correctly, but the test contexts are @@ -234,6 +234,7 @@ shared_examples_for "a file resource" do [ ACE.access_denied(sid, expected_perms[:specific]) ] end + it_behaves_like "a securable resource without existing target" context "when the target file has the wrong content" do before(:each) do @@ -250,7 +251,7 @@ shared_examples_for "a file resource" do it_behaves_like "a file with the wrong content" - it_behaves_like "a securable resource" + it_behaves_like "a securable resource with existing target" end context "and the target file has incorrect permissions" do @@ -258,7 +259,7 @@ shared_examples_for "a file resource" do it_behaves_like "a file with the wrong content" - it_behaves_like "a securable resource" + it_behaves_like "a securable resource with existing target" end end @@ -282,46 +283,45 @@ shared_examples_for "a file resource" do it_behaves_like "a file with the correct content" - it_behaves_like "a securable resource" + it_behaves_like "a securable resource with existing target" end context "and the target file has incorrect permissions" do include_context "setup broken permissions" it_behaves_like "a file with the correct content" - - it_behaves_like "a securable resource" + + it_behaves_like "a securable resource with existing target" end end - it_behaves_like "a file that inherits permissions from a parent directory" - end -shared_examples_for "a file that inherits permissions from a parent directory" do - include_context "diff disabled" - include_context "use Windows permissions" - context "on Windows", :windows_only do - it "has only inherited aces if no explicit aces were specified" do - File.exist?(path).should == false - - resource.run_action(:create) - - descriptor.dacl_inherits?.should == true - descriptor.dacl.each do | ace | - ace.inherited?.should == true - end +shared_context Chef::Resource::File do + # We create the files in a different directory than tmp to exercise + # different file deployment strategies more completely. + let(:test_file_dir) do + if windows? + File.join(ENV['systemdrive'], "test-dir") + else + "/test-dir" end end -end -shared_context Chef::Resource::File do let(:path) do - File.join(Dir.tmpdir, make_tmpname(file_base)) + File.join(test_file_dir, make_tmpname(file_base)) + end + + before do + FileUtils::mkdir_p(test_file_dir) end after(:each) do FileUtils.rm_r(path) if File.exists?(path) FileUtils.rm_r(CHEF_SPEC_BACKUP_PATH) if File.exists?(CHEF_SPEC_BACKUP_PATH) end + + after do + FileUtils::rm_rf(test_file_dir) + end end diff --git a/spec/support/shared/functional/securable_resource.rb b/spec/support/shared/functional/securable_resource.rb index c8e42f1546..b8a9760dfc 100644 --- a/spec/support/shared/functional/securable_resource.rb +++ b/spec/support/shared/functional/securable_resource.rb @@ -126,7 +126,7 @@ shared_context "use Windows permissions", :windows_only do end end -shared_examples_for "a securable resource" do +shared_examples_for "a securable resource with existing target" do include_context "diff disabled" @@ -211,9 +211,21 @@ shared_examples_for "a securable resource" do context "on Windows", :windows_only do include_context "use Windows permissions" - before(:each) do - resource.run_action(:delete) - end + pending "coming soon..." + end + +end + +shared_examples_for "a securable resource without existing target" do + + include_context "diff disabled" + + context "on Unix", :unix_only do + pending "if we need any securable resource tests on Unix without existing target resource." + end + + context "on Windows", :windows_only do + include_context "use Windows permissions" it "sets owner to Administrators on create if owner is not specified" do File.exist?(path).should == false @@ -428,5 +440,30 @@ shared_examples_for "a securable resource" do end end + it "does not inherit aces if inherits is set to false" do + resource.inherits(false) + resource.run_action(:create) + + descriptor.dacl.each do | ace | + ace.inherited?.should == false + end + end + + it "has the inheritable acls of parent directory if no acl is specified" do + File.exist?(path).should == false + + resource.run_action(:create) + + dummy_file_path = File.join(test_file_dir, "dummy_file") + dummy_file = FileUtils.touch(dummy_file_path) + dummy_desc = get_security_descriptor(dummy_file_path) + + descriptor.dacl.each_with_index do |ace, index| + ace.inherited?.should == true + ace.should == dummy_desc.dacl[index] + end + end + end end + |