summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authornimisha <nimisha.sharad@msystechnologies.com>2017-01-27 15:44:48 +0530
committernimisha <nimisha.sharad@msystechnologies.com>2017-02-02 18:00:37 +0530
commitc39006c5f757281525703d8506bfb6d4e9340082 (patch)
tree05477983a26f0d2db4bcabceaa9ac6c475c1301e
parentdd75bf444a73bc35c226aabaf4f5ea26b8528285 (diff)
downloadchef-c39006c5f757281525703d8506bfb6d4e9340082.tar.gz
Fixed bugs, review comments and specs
Signed-off-by: nimisha <nimisha.sharad@msystechnologies.com>
-rw-r--r--lib/chef/mixin/user_identity.rb21
-rw-r--r--lib/chef/provider/execute.rb10
-rw-r--r--spec/support/shared/functional/execute_resource.rb4
-rw-r--r--spec/support/shared/functional/windows_script.rb5
-rw-r--r--spec/unit/mixin/user_identity_spec.rb15
5 files changed, 41 insertions, 14 deletions
diff --git a/lib/chef/mixin/user_identity.rb b/lib/chef/mixin/user_identity.rb
index 8cb8f72ed6..bc8626ac65 100644
--- a/lib/chef/mixin/user_identity.rb
+++ b/lib/chef/mixin/user_identity.rb
@@ -53,18 +53,27 @@ class Chef
raise ArgumentError, "The domain `#{specified_domain}` was specified, but no user name was given"
end
+ # if domain is provided in both username and domain
+ if specified_user && ((specified_user.include? '\\') || (specified_user.include? "@")) && specified_domain
+ raise ArgumentError, "The domain is provided twice. Username: `#{specified_user}`, Domain: `#{specified_domain}`. Please specify domain only once."
+ end
+
if ! specified_user.nil? && specified_domain.nil?
+ # Splitting username of format: Domain\Username
domain_and_user = user.split('\\')
- if domain_and_user.length == 1
- domain_and_user = user.split("@")
- end
-
if domain_and_user.length == 2
domain = domain_and_user[0]
user = domain_and_user[1]
- elsif domain_and_user.length != 1
- raise ArgumentError, "The specified user name `#{user}` is not a syntactically valid user name"
+ elsif domain_and_user.length == 1
+ # Splitting username of format: Username@Domain
+ domain_and_user = user.split("@")
+ if domain_and_user.length == 2
+ domain = domain_and_user[1]
+ user = domain_and_user[0]
+ elsif domain_and_user.length != 1
+ raise ArgumentError, "The specified user name `#{user}` is not a syntactically valid user name"
+ end
end
end
diff --git a/lib/chef/provider/execute.rb b/lib/chef/provider/execute.rb
index c2498ab90b..5494405a02 100644
--- a/lib/chef/provider/execute.rb
+++ b/lib/chef/provider/execute.rb
@@ -43,6 +43,10 @@ class Chef
def define_resource_requirements
# @todo: this should change to raise in some appropriate major version bump.
+ requirements.assert(:all_actions) do |a|
+ a.assertion { validate_identity(new_resource.user, new_resource.password, new_resource.domain) }
+ end
+
if creates && creates_relative? && !cwd
Chef::Log.warn "Providing a relative path for the creates attribute without the cwd is deprecated and will be changed to fail in the future (CHEF-3819)"
end
@@ -55,7 +59,11 @@ class Chef
end
def action_run
- validate_identity(new_resource.user, new_resource.password, new_resource.domain)
+ # parse username if it's in the following format: domain/username or username@domain
+ identity = qualify_user(new_resource.user, new_resource.domain)
+ new_resource.user identity[:user]
+ new_resource.domain identity[:domain]
+
if creates && sentinel_file.exist?
Chef::Log.debug("#{new_resource} sentinel file #{sentinel_file} exists - nothing to do")
return false
diff --git a/spec/support/shared/functional/execute_resource.rb b/spec/support/shared/functional/execute_resource.rb
index 6561f95ec1..3f9dd8af5c 100644
--- a/spec/support/shared/functional/execute_resource.rb
+++ b/spec/support/shared/functional/execute_resource.rb
@@ -76,12 +76,12 @@ shared_examples_for "an execute resource that supports alternate user identity"
let(:windows_current_user_qualified) { "#{ENV['USERDOMAIN'] || ENV['COMPUTERNAME']}\\#{windows_current_user}" }
let(:resource_identity_command) { "powershell.exe -noprofile -command \"import-module microsoft.powershell.utility;([Security.Principal.WindowsPrincipal]([Security.Principal.WindowsIdentity]::GetCurrent())).identity.name | out-file -encoding ASCII '#{script_output_path}'\"" }
- let(:execute_resource) {
+ let(:execute_resource) do
resource.user(windows_alternate_user)
resource.password(windows_alternate_user_password)
resource.send(resource_command_property, resource_identity_command)
resource
- }
+ end
it "executes the process as an alternate user" do
expect(windows_current_user.length).to be > 0
diff --git a/spec/support/shared/functional/windows_script.rb b/spec/support/shared/functional/windows_script.rb
index 4bd6bdf230..8a9a19d4ad 100644
--- a/spec/support/shared/functional/windows_script.rb
+++ b/spec/support/shared/functional/windows_script.rb
@@ -160,11 +160,6 @@ shared_context Chef::Resource::WindowsScript do
end
end
- context "when a different non-admin user attempts read to access the script" do
- let(:file_access_command) { read_access_denied_command }
- it_behaves_like "a script whose file system location cannot be accessed by other non-admin users"
- end
-
context "when a different non-admin user attempts write (modify) to access the script" do
let(:file_access_command) { modify_access_denied_command }
it_behaves_like "a script whose file system location cannot be accessed by other non-admin users"
diff --git a/spec/unit/mixin/user_identity_spec.rb b/spec/unit/mixin/user_identity_spec.rb
index 799260b25a..790e0a6ab9 100644
--- a/spec/unit/mixin/user_identity_spec.rb
+++ b/spec/unit/mixin/user_identity_spec.rb
@@ -94,6 +94,21 @@ shared_examples_for "a consumer of the ::Chef::Mixin::UserIdentity mixin" do
it_behaves_like "it received valid credentials"
end
end
+
+ context "when the domain is provided in both username and domain" do
+ let(:domain) { "some_domain" }
+ let(:password) { "we.funk!" }
+
+ context "when username is in the form domain\\user" do
+ let(:username) { "mothership\\starchild" }
+ it_behaves_like "it received invalid credentials"
+ end
+
+ context "when username is in the form user@domain" do
+ let(:username) { "starchild@mothership" }
+ it_behaves_like "it received invalid credentials"
+ end
+ end
end
context "when the username is not specified" do