Refactor securable tests to differentiate based on target file availability. Fix inherits tests so that we are catching ACL issue when we use mv_windows when creating temp files under tmpdir.

6 files changed, 68 insertions, 32 deletions

diff --git a/spec/functional/resource/cookbook_file_spec.rb b/spec/functional/resource/cookbook_file_spec.rb
index d61668853c..adaa494e05 100644
--- a/spec/functional/resource/cookbook_file_spec.rb
+++ b/spec/functional/resource/cookbook_file_spec.rb
@@ -77,6 +77,5 @@ describe Chef::Resource::CookbookFile do
       FileUtils.rm_r(windows_non_temp_dir) if Chef::Platform.windows? && File.exists?(windows_non_temp_dir)
     end
 
-    it_behaves_like "a file that inherits permissions from a parent directory"
   end
 end
diff --git a/spec/functional/resource/file_spec.rb b/spec/functional/resource/file_spec.rb
index 7da15ff2e5..3f9ec4a18d 100644
--- a/spec/functional/resource/file_spec.rb
+++ b/spec/functional/resource/file_spec.rb
@@ -54,7 +54,7 @@ describe Chef::Resource::File do
 
   let(:default_mode) { ((0100666 - File.umask) & 07777).to_s(8) }
 
-  it_behaves_like "a file resource"
+  it_behaves_like "a file resource", :focus => true
 
   it_behaves_like "a securable resource with reporting"
 
diff --git a/spec/functional/resource/link_spec.rb b/spec/functional/resource/link_spec.rb
index ca022260cf..fb26282bfc 100644
--- a/spec/functional/resource/link_spec.rb
+++ b/spec/functional/resource/link_spec.rb
@@ -330,7 +330,7 @@ describe Chef::Resource::Link, :not_supported_on_win2k3 do
       end
       context 'and the link already exists and is not writeable to this user', :pending do
       end
-      it_behaves_like 'a securable resource' do
+      it_behaves_like 'a securable resource without existing target' do
         let(:path) { target_file }
         def allowed_acl(sid, expected_perms)
           [ ACE.access_allowed(sid, expected_perms[:specific]) ]
diff --git a/spec/support/shared/functional/directory_resource.rb b/spec/support/shared/functional/directory_resource.rb
index b9be4ad5fe..c345585690 100644
--- a/spec/support/shared/functional/directory_resource.rb
+++ b/spec/support/shared/functional/directory_resource.rb
@@ -135,7 +135,7 @@ shared_examples_for "a directory resource" do
     ]
   end
 
-  it_behaves_like "a securable resource"
+  it_behaves_like "a securable resource without existing target"
 end
 
 shared_context Chef::Resource::Directory do
diff --git a/spec/support/shared/functional/file_resource.rb b/spec/support/shared/functional/file_resource.rb
index 8b5c987bb3..9ee6bf5c9d 100644
--- a/spec/support/shared/functional/file_resource.rb
+++ b/spec/support/shared/functional/file_resource.rb
@@ -155,7 +155,7 @@ shared_examples_for "a file resource" do
   end
 
    # note the stripping of the drive letter from the tmpdir on windows
-  let(:backup_glob) { File.join(CHEF_SPEC_BACKUP_PATH, Dir.tmpdir.sub(/^([A-Za-z]:)/, ""), "#{file_base}*") }
+  let(:backup_glob) { File.join(CHEF_SPEC_BACKUP_PATH, test_file_dir.sub(/^([A-Za-z]:)/, ""), "#{file_base}*") }
 
   # Most tests update the resource, but a few do not. We need to test that the
   # resource is marked updated or not correctly, but the test contexts are
@@ -234,6 +234,7 @@ shared_examples_for "a file resource" do
     [ ACE.access_denied(sid, expected_perms[:specific]) ]
   end
 
+  it_behaves_like "a securable resource without existing target"
 
   context "when the target file has the wrong content" do
     before(:each) do
@@ -250,7 +251,7 @@ shared_examples_for "a file resource" do
 
       it_behaves_like "a file with the wrong content"
 
-      it_behaves_like "a securable resource"
+      it_behaves_like "a securable resource with existing target"
     end
 
     context "and the target file has incorrect permissions" do
@@ -258,7 +259,7 @@ shared_examples_for "a file resource" do
 
       it_behaves_like "a file with the wrong content"
 
-      it_behaves_like "a securable resource"
+      it_behaves_like "a securable resource with existing target"
     end
   end
 
@@ -282,46 +283,45 @@ shared_examples_for "a file resource" do
 
       it_behaves_like "a file with the correct content"
 
-      it_behaves_like "a securable resource"
+      it_behaves_like "a securable resource with existing target"
     end
 
     context "and the target file has incorrect permissions" do
       include_context "setup broken permissions"
 
       it_behaves_like "a file with the correct content"
-  
-      it_behaves_like "a securable resource"
+
+      it_behaves_like "a securable resource with existing target"
     end
   end
 
-  it_behaves_like "a file that inherits permissions from a parent directory"
-  
 end
 
-shared_examples_for "a file that inherits permissions from a parent directory" do
-  include_context "diff disabled"
-  include_context "use Windows permissions"
-  context "on Windows", :windows_only do
-    it "has only inherited aces if no explicit aces were specified" do
-      File.exist?(path).should == false
-
-      resource.run_action(:create)
-
-      descriptor.dacl_inherits?.should == true
-      descriptor.dacl.each do | ace |
-        ace.inherited?.should == true
-      end
+shared_context Chef::Resource::File  do
+  # We create the files in a different directory than tmp to exercise
+  # different file deployment strategies more completely.
+  let(:test_file_dir) do
+    if windows?
+      File.join(ENV['systemdrive'], "test-dir")
+    else
+      "/test-dir"
     end
   end
-end
 
-shared_context Chef::Resource::File  do
   let(:path) do
-    File.join(Dir.tmpdir, make_tmpname(file_base))
+    File.join(test_file_dir, make_tmpname(file_base))
+  end
+
+  before do
+    FileUtils::mkdir_p(test_file_dir)
   end
 
   after(:each) do
     FileUtils.rm_r(path) if File.exists?(path)
     FileUtils.rm_r(CHEF_SPEC_BACKUP_PATH) if File.exists?(CHEF_SPEC_BACKUP_PATH)
   end
+
+  after do
+    FileUtils::rm_rf(test_file_dir)
+  end
 end
diff --git a/spec/support/shared/functional/securable_resource.rb b/spec/support/shared/functional/securable_resource.rb
index c8e42f1546..b8a9760dfc 100644
--- a/spec/support/shared/functional/securable_resource.rb
+++ b/spec/support/shared/functional/securable_resource.rb
@@ -126,7 +126,7 @@ shared_context "use Windows permissions", :windows_only do
   end
 end
 
-shared_examples_for "a securable resource" do
+shared_examples_for "a securable resource with existing target" do
 
   include_context "diff disabled"
 
@@ -211,9 +211,21 @@ shared_examples_for "a securable resource" do
   context "on Windows", :windows_only do
     include_context "use Windows permissions"
 
-    before(:each) do
-      resource.run_action(:delete)
-    end
+    pending "coming soon..."
+  end
+
+end
+
+shared_examples_for "a securable resource without existing target" do
+
+  include_context "diff disabled"
+
+  context "on Unix", :unix_only do
+    pending "if we need any securable resource tests on Unix without existing target resource."
+  end
+
+  context "on Windows", :windows_only do
+    include_context "use Windows permissions"
 
     it "sets owner to Administrators on create if owner is not specified" do
       File.exist?(path).should == false
@@ -428,5 +440,30 @@ shared_examples_for "a securable resource" do
       end
     end
 
+    it "does not inherit aces if inherits is set to false" do
+      resource.inherits(false)
+      resource.run_action(:create)
+
+      descriptor.dacl.each do | ace |
+        ace.inherited?.should == false
+      end
+    end
+
+    it "has the inheritable acls of parent directory if no acl is specified" do
+      File.exist?(path).should == false
+
+      resource.run_action(:create)
+
+      dummy_file_path = File.join(test_file_dir, "dummy_file")
+      dummy_file = FileUtils.touch(dummy_file_path)
+      dummy_desc = get_security_descriptor(dummy_file_path)
+
+      descriptor.dacl.each_with_index do |ace, index|
+        ace.inherited?.should == true
+        ace.should == dummy_desc.dacl[index]
+      end
+    end
+
   end
 end
+