diff options
author | nimisha <nimisha.sharad@msystechnologies.com> | 2017-01-27 15:44:48 +0530 |
---|---|---|
committer | nimisha <nimisha.sharad@msystechnologies.com> | 2017-02-02 18:00:37 +0530 |
commit | c39006c5f757281525703d8506bfb6d4e9340082 (patch) | |
tree | 05477983a26f0d2db4bcabceaa9ac6c475c1301e | |
parent | dd75bf444a73bc35c226aabaf4f5ea26b8528285 (diff) | |
download | chef-c39006c5f757281525703d8506bfb6d4e9340082.tar.gz |
Fixed bugs, review comments and specs
Signed-off-by: nimisha <nimisha.sharad@msystechnologies.com>
-rw-r--r-- | lib/chef/mixin/user_identity.rb | 21 | ||||
-rw-r--r-- | lib/chef/provider/execute.rb | 10 | ||||
-rw-r--r-- | spec/support/shared/functional/execute_resource.rb | 4 | ||||
-rw-r--r-- | spec/support/shared/functional/windows_script.rb | 5 | ||||
-rw-r--r-- | spec/unit/mixin/user_identity_spec.rb | 15 |
5 files changed, 41 insertions, 14 deletions
diff --git a/lib/chef/mixin/user_identity.rb b/lib/chef/mixin/user_identity.rb index 8cb8f72ed6..bc8626ac65 100644 --- a/lib/chef/mixin/user_identity.rb +++ b/lib/chef/mixin/user_identity.rb @@ -53,18 +53,27 @@ class Chef raise ArgumentError, "The domain `#{specified_domain}` was specified, but no user name was given" end + # if domain is provided in both username and domain + if specified_user && ((specified_user.include? '\\') || (specified_user.include? "@")) && specified_domain + raise ArgumentError, "The domain is provided twice. Username: `#{specified_user}`, Domain: `#{specified_domain}`. Please specify domain only once." + end + if ! specified_user.nil? && specified_domain.nil? + # Splitting username of format: Domain\Username domain_and_user = user.split('\\') - if domain_and_user.length == 1 - domain_and_user = user.split("@") - end - if domain_and_user.length == 2 domain = domain_and_user[0] user = domain_and_user[1] - elsif domain_and_user.length != 1 - raise ArgumentError, "The specified user name `#{user}` is not a syntactically valid user name" + elsif domain_and_user.length == 1 + # Splitting username of format: Username@Domain + domain_and_user = user.split("@") + if domain_and_user.length == 2 + domain = domain_and_user[1] + user = domain_and_user[0] + elsif domain_and_user.length != 1 + raise ArgumentError, "The specified user name `#{user}` is not a syntactically valid user name" + end end end diff --git a/lib/chef/provider/execute.rb b/lib/chef/provider/execute.rb index c2498ab90b..5494405a02 100644 --- a/lib/chef/provider/execute.rb +++ b/lib/chef/provider/execute.rb @@ -43,6 +43,10 @@ class Chef def define_resource_requirements # @todo: this should change to raise in some appropriate major version bump. + requirements.assert(:all_actions) do |a| + a.assertion { validate_identity(new_resource.user, new_resource.password, new_resource.domain) } + end + if creates && creates_relative? && !cwd Chef::Log.warn "Providing a relative path for the creates attribute without the cwd is deprecated and will be changed to fail in the future (CHEF-3819)" end @@ -55,7 +59,11 @@ class Chef end def action_run - validate_identity(new_resource.user, new_resource.password, new_resource.domain) + # parse username if it's in the following format: domain/username or username@domain + identity = qualify_user(new_resource.user, new_resource.domain) + new_resource.user identity[:user] + new_resource.domain identity[:domain] + if creates && sentinel_file.exist? Chef::Log.debug("#{new_resource} sentinel file #{sentinel_file} exists - nothing to do") return false diff --git a/spec/support/shared/functional/execute_resource.rb b/spec/support/shared/functional/execute_resource.rb index 6561f95ec1..3f9dd8af5c 100644 --- a/spec/support/shared/functional/execute_resource.rb +++ b/spec/support/shared/functional/execute_resource.rb @@ -76,12 +76,12 @@ shared_examples_for "an execute resource that supports alternate user identity" let(:windows_current_user_qualified) { "#{ENV['USERDOMAIN'] || ENV['COMPUTERNAME']}\\#{windows_current_user}" } let(:resource_identity_command) { "powershell.exe -noprofile -command \"import-module microsoft.powershell.utility;([Security.Principal.WindowsPrincipal]([Security.Principal.WindowsIdentity]::GetCurrent())).identity.name | out-file -encoding ASCII '#{script_output_path}'\"" } - let(:execute_resource) { + let(:execute_resource) do resource.user(windows_alternate_user) resource.password(windows_alternate_user_password) resource.send(resource_command_property, resource_identity_command) resource - } + end it "executes the process as an alternate user" do expect(windows_current_user.length).to be > 0 diff --git a/spec/support/shared/functional/windows_script.rb b/spec/support/shared/functional/windows_script.rb index 4bd6bdf230..8a9a19d4ad 100644 --- a/spec/support/shared/functional/windows_script.rb +++ b/spec/support/shared/functional/windows_script.rb @@ -160,11 +160,6 @@ shared_context Chef::Resource::WindowsScript do end end - context "when a different non-admin user attempts read to access the script" do - let(:file_access_command) { read_access_denied_command } - it_behaves_like "a script whose file system location cannot be accessed by other non-admin users" - end - context "when a different non-admin user attempts write (modify) to access the script" do let(:file_access_command) { modify_access_denied_command } it_behaves_like "a script whose file system location cannot be accessed by other non-admin users" diff --git a/spec/unit/mixin/user_identity_spec.rb b/spec/unit/mixin/user_identity_spec.rb index 799260b25a..790e0a6ab9 100644 --- a/spec/unit/mixin/user_identity_spec.rb +++ b/spec/unit/mixin/user_identity_spec.rb @@ -94,6 +94,21 @@ shared_examples_for "a consumer of the ::Chef::Mixin::UserIdentity mixin" do it_behaves_like "it received valid credentials" end end + + context "when the domain is provided in both username and domain" do + let(:domain) { "some_domain" } + let(:password) { "we.funk!" } + + context "when username is in the form domain\\user" do + let(:username) { "mothership\\starchild" } + it_behaves_like "it received invalid credentials" + end + + context "when username is in the form user@domain" do + let(:username) { "starchild@mothership" } + it_behaves_like "it received invalid credentials" + end + end end context "when the username is not specified" do |