- Minor fixes to fix functional test cases

- Added functional test cases for deny_rights option - Ensured chef style - Fixes MSYS-958 Signed-off-by: vijaymmali1990 <vijay.mali@msystechnologies.com>
author: vijaymmali1990 <vijay.mali@msystechnologies.com> 2019-01-29 01:58:14 -0800
committer: Tim Smith <tsmith@chef.io> 2019-05-29 14:20:56 -0700
commit: 4f0ef4aa27f06834d2f54d8ea865f29badeb101f (patch)
tree: 529abac4c2ee134847584dddd284311633b7b04f
parent: 4a22dc0b4e6cfdf4cffdb81792d29e5a1f234de6 (diff)
download: chef-4f0ef4aa27f06834d2f54d8ea865f29badeb101f.tar.gz
4 files changed, 43 insertions, 16 deletions
diff --git a/spec/functional/resource/link_spec.rb b/spec/functional/resource/link_spec.rb
index 4464b6ed69..4c8545e60b 100644
--- a/spec/functional/resource/link_spec.rb
+++ b/spec/functional/resource/link_spec.rb
@@ -417,11 +417,11 @@ describe Chef::Resource::Link do
 
         it_behaves_like "a securable resource without existing target" do
           let(:path) { target_file }
-          def allowed_acl(sid, expected_perms)
+          def allowed_acl(sid, expected_perms, flags = 0)
             [ ACE.access_allowed(sid, expected_perms[:specific]) ]
           end
 
-          def denied_acl(sid, expected_perms)
+          def denied_acl(sid, expected_perms, flags = 0)
             [ ACE.access_denied(sid, expected_perms[:specific]) ]
           end
 
diff --git a/spec/support/shared/functional/directory_resource.rb b/spec/support/shared/functional/directory_resource.rb
index 5e5e2bb360..c910e7c668 100644
--- a/spec/support/shared/functional/directory_resource.rb
+++ b/spec/support/shared/functional/directory_resource.rb
@@ -65,18 +65,20 @@ shared_examples_for "a directory resource" do
     end
 
     # Set up the context for security tests
-    def allowed_acl(sid, expected_perms)
-      [
-       ACE.access_allowed(sid, expected_perms[:specific]),
-       ACE.access_allowed(sid, expected_perms[:generic], (Chef::ReservedNames::Win32::API::Security::INHERIT_ONLY_ACE | Chef::ReservedNames::Win32::API::Security::CONTAINER_INHERIT_ACE | Chef::ReservedNames::Win32::API::Security::OBJECT_INHERIT_ACE)),
-      ]
+    def allowed_acl(sid, expected_perms, flags = 0)
+      acl = [ ACE.access_allowed(sid, expected_perms[:specific], flags) ]
+      if expected_perms[:generic]
+        acl << ACE.access_allowed(sid, expected_perms[:generic], (Chef::ReservedNames::Win32::API::Security::INHERIT_ONLY_ACE | Chef::ReservedNames::Win32::API::Security::CONTAINER_INHERIT_ACE | Chef::ReservedNames::Win32::API::Security::OBJECT_INHERIT_ACE))
+      end
+      acl
     end
 
-    def denied_acl(sid, expected_perms)
-      [
-       ACE.access_denied(sid, expected_perms[:specific]),
-       ACE.access_denied(sid, expected_perms[:generic], (Chef::ReservedNames::Win32::API::Security::INHERIT_ONLY_ACE | Chef::ReservedNames::Win32::API::Security::CONTAINER_INHERIT_ACE | Chef::ReservedNames::Win32::API::Security::OBJECT_INHERIT_ACE)),
-      ]
+    def denied_acl(sid, expected_perms, flags = 0)
+      acl = [ ACE.access_denied(sid, expected_perms[:specific], flags) ]
+      if expected_perms[:generic]
+        acl << ACE.access_denied(sid, expected_perms[:generic], (Chef::ReservedNames::Win32::API::Security::INHERIT_ONLY_ACE | Chef::ReservedNames::Win32::API::Security::CONTAINER_INHERIT_ACE | Chef::ReservedNames::Win32::API::Security::OBJECT_INHERIT_ACE))
+      end
+      acl
     end
 
     def parent_inheritable_acls
diff --git a/spec/support/shared/functional/file_resource.rb b/spec/support/shared/functional/file_resource.rb
index 8ae5db6a57..8aa4ffb65e 100644
--- a/spec/support/shared/functional/file_resource.rb
+++ b/spec/support/shared/functional/file_resource.rb
@@ -899,11 +899,11 @@ shared_examples_for "a configured file resource" do
   end
 
   # Set up the context for security tests
-  def allowed_acl(sid, expected_perms)
+  def allowed_acl(sid, expected_perms, flags = 0)
     [ ACE.access_allowed(sid, expected_perms[:specific]) ]
   end
 
-  def denied_acl(sid, expected_perms)
+  def denied_acl(sid, expected_perms, flags = 0)
     [ ACE.access_denied(sid, expected_perms[:specific]) ]
   end
 
diff --git a/spec/support/shared/functional/securable_resource.rb b/spec/support/shared/functional/securable_resource.rb
index d9a2110543..0a7eac442d 100644
--- a/spec/support/shared/functional/securable_resource.rb
+++ b/spec/support/shared/functional/securable_resource.rb
@@ -117,7 +117,6 @@ shared_context "use Windows permissions", :windows_only do
 
   let(:expected_write_perms) do
     {
-      generic: Chef::ReservedNames::Win32::API::Security::GENERIC_WRITE,
       specific: Chef::ReservedNames::Win32::API::Security::WRITE,
     }
   end
@@ -136,6 +135,8 @@ shared_context "use Windows permissions", :windows_only do
     }
   end
 
+  let (:write_flag) { 3 }
+
   RSpec::Matchers.define :have_expected_properties do |mask, type, flags|
     match do |ace|
       ace.mask == mask &&
@@ -380,7 +381,7 @@ shared_examples_for "a securable resource without existing target" do
       it "correctly sets :write rights" do
         resource.rights(:write, "Guest")
         resource.run_action(:create)
-        expect(explicit_aces).to eq(allowed_acl(SID.Guest, expected_write_perms))
+        expect(explicit_aces).to eq(allowed_acl(SID.Guest, expected_write_perms, write_flag))
       end
 
       it "correctly sets :modify rights" do
@@ -395,6 +396,30 @@ shared_examples_for "a securable resource without existing target" do
         expect(explicit_aces).to eq(allowed_acl(SID.Guest, expected_full_control_perms))
       end
 
+      it "correctly sets :read deny_rights" do
+        resource.deny_rights(:read, "Guest")
+        resource.run_action(:create)
+        expect(explicit_aces).to eq(denied_acl(SID.Guest, expected_read_perms))
+      end
+
+      it "correctly sets :read_execute deny_rights" do
+        resource.deny_rights(:read_execute, "Guest")
+        resource.run_action(:create)
+        expect(explicit_aces).to eq(denied_acl(SID.Guest, expected_read_execute_perms))
+      end
+
+      it "correctly sets :write deny_rights" do
+        resource.deny_rights(:write, "Guest")
+        resource.run_action(:create)
+        expect(explicit_aces).to eq(denied_acl(SID.Guest, expected_write_perms, write_flag))
+      end
+
+      it "correctly sets :modify deny_rights" do
+        resource.deny_rights(:modify, "Guest")
+        resource.run_action(:create)
+        expect(explicit_aces).to eq(denied_acl(SID.Guest, expected_modify_perms))
+      end
+
       it "correctly sets deny_rights" do
         # deny is an ACE with full rights, but is a deny type ace, not an allow type
         resource.deny_rights(:full_control, "Guest")
author	vijaymmali1990 <vijay.mali@msystechnologies.com>	2019-01-29 01:58:14 -0800
committer	Tim Smith <tsmith@chef.io>	2019-05-29 14:20:56 -0700
commit	4f0ef4aa27f06834d2f54d8ea865f29badeb101f (patch)
tree	529abac4c2ee134847584dddd284311633b7b04f
parent	4a22dc0b4e6cfdf4cffdb81792d29e5a1f234de6 (diff)
download	chef-4f0ef4aa27f06834d2f54d8ea865f29badeb101f.tar.gz