diff options
author | John Keiser <john@johnkeiser.com> | 2016-02-01 12:20:56 -0800 |
---|---|---|
committer | John Keiser <john@johnkeiser.com> | 2016-02-01 12:20:56 -0800 |
commit | abc81c0eb35a73e15217371c37235d5f13f55df7 (patch) | |
tree | f8ca0469817d0de824e4de40bc87efe6ff03ea26 | |
parent | 1a0d94db2974d42f047d20dc7928893696d0bf1f (diff) | |
parent | fce4104a51d0c64ef8eb88f3bfd3a7ac86cbd973 (diff) | |
download | chef-abc81c0eb35a73e15217371c37235d5f13f55df7.tar.gz |
Merge branch 'jk/policies-acls'
-rw-r--r-- | .gitignore | 10 | ||||
-rw-r--r-- | .travis.yml | 2 | ||||
-rw-r--r-- | chef.gemspec | 2 | ||||
-rw-r--r-- | lib/chef/chef_fs/chef_fs_data_store.rb | 6 | ||||
-rw-r--r-- | lib/chef/chef_fs/file_system/chef_server/acls_dir.rb | 9 | ||||
-rw-r--r-- | lib/chef/chef_fs/file_system/chef_server/cookbooks_acl_dir.rb | 1 | ||||
-rw-r--r-- | lib/chef/chef_fs/file_system/chef_server/policies_acl_dir.rb | 41 | ||||
-rw-r--r-- | lib/chef/chef_fs/file_system/chef_server/policy_revision_entry.rb | 11 | ||||
-rw-r--r-- | spec/integration/knife/chef_fs_data_store_spec.rb | 15 | ||||
-rw-r--r-- | spec/integration/knife/download_spec.rb | 9 | ||||
-rw-r--r-- | spec/integration/knife/list_spec.rb | 33 |
11 files changed, 131 insertions, 8 deletions
diff --git a/.gitignore b/.gitignore index 044899b03d..3a15888ded 100644 --- a/.gitignore +++ b/.gitignore @@ -10,6 +10,7 @@ tags # You should check in your Gemfile.lock in applications, and not in gems # This also matches Berksfile.lock external_tests/*.lock +acceptance/Gemfile.lock /*.lock /Gemfile.local @@ -22,7 +23,14 @@ external_tests/*.lock # http://gembundler.com/man/bundle-exec.1.html b/ binstubs/ - +bin +!bin/chef-apply +!bin/chef-client +!bin/chef-service-manager +!bin/chef-shell +!bin/chef-solo +!bin/chef-windows-service +!bin/knife # RVM and RBENV ruby version files .rbenv-version .rvmrc diff --git a/.travis.yml b/.travis.yml index b95c2f0d75..be50c6bea4 100644 --- a/.travis.yml +++ b/.travis.yml @@ -39,7 +39,7 @@ matrix: sudo: true bundler_args: --without server docgen maintenance - rvm: 2.2 - env: "GEMFILE_MOD=\"gem 'chef-zero', github: 'chef/chef-zero', branch: '57f2536f25b06930dbbf3560dfc6e2b0c644af03'\"" + env: "GEMFILE_MOD=\"gem 'chef-zero', github: 'chef/chef-zero'\"" script: bundle exec rake chef_zero_spec - rvm: 2.2 env: "GEMFILE_MOD=\"gem 'cheffish', github: 'chef/cheffish'\"" diff --git a/chef.gemspec b/chef.gemspec index 3f96d963e3..ef85920077 100644 --- a/chef.gemspec +++ b/chef.gemspec @@ -30,7 +30,7 @@ Gem::Specification.new do |s| s.add_dependency "erubis", "~> 2.7" s.add_dependency "diff-lcs", "~> 1.2", ">= 1.2.4" - s.add_dependency "chef-zero", "~> 4.4" + s.add_dependency "chef-zero", "~> 4.5" s.add_dependency "pry", "~> 0.9" s.add_dependency "plist", "~> 3.1.0" diff --git a/lib/chef/chef_fs/chef_fs_data_store.rb b/lib/chef/chef_fs/chef_fs_data_store.rb index 729b01fdcc..a02fe605f4 100644 --- a/lib/chef/chef_fs/chef_fs_data_store.rb +++ b/lib/chef/chef_fs/chef_fs_data_store.rb @@ -696,6 +696,12 @@ class Chef end elsif path[0] == "acls" + # /acls/data -> /acls/data_bags + if path[1] == "data" + path = path.dup + path[1] = "data_bags" + end + # /acls/containers|nodes|.../x.json # /acls/organization.json if path.length == 3 || path == [ "acls", "organization" ] diff --git a/lib/chef/chef_fs/file_system/chef_server/acls_dir.rb b/lib/chef/chef_fs/file_system/chef_server/acls_dir.rb index 4f8fff1bda..e9db42d14f 100644 --- a/lib/chef/chef_fs/file_system/chef_server/acls_dir.rb +++ b/lib/chef/chef_fs/file_system/chef_server/acls_dir.rb @@ -19,6 +19,7 @@ require "chef/chef_fs/file_system/base_fs_dir" require "chef/chef_fs/file_system/chef_server/acl_dir" require "chef/chef_fs/file_system/chef_server/cookbooks_acl_dir" +require "chef/chef_fs/file_system/chef_server/policies_acl_dir" require "chef/chef_fs/file_system/chef_server/acl_entry" require "chef/chef_fs/data_handler/acl_data_handler" @@ -27,7 +28,7 @@ class Chef module FileSystem module ChefServer class AclsDir < BaseFSDir - ENTITY_TYPES = %w{clients containers cookbooks data_bags environments groups nodes roles} # we don't read sandboxes, so we don't read their acls + ENTITY_TYPES = %w{clients containers cookbook_artifacts cookbooks data_bags environments groups nodes policies policy_groups roles} # we don't read sandboxes, so we don't read their acls def data_handler @data_handler ||= Chef::ChefFS::DataHandler::AclDataHandler.new @@ -48,9 +49,13 @@ class Chef def children if @children.nil? @children = ENTITY_TYPES.map do |entity_type| + # All three of these can be versioned (NAME-VERSION), but only have + # one ACL that covers them all (NAME.json). case entity_type - when "cookbooks" + when "cookbooks", "cookbook_artifacts" CookbooksAclDir.new(entity_type, self) + when "policies" + PoliciesAclDir.new(entity_type, self) else AclDir.new(entity_type, self) end diff --git a/lib/chef/chef_fs/file_system/chef_server/cookbooks_acl_dir.rb b/lib/chef/chef_fs/file_system/chef_server/cookbooks_acl_dir.rb index 2460aba47f..7cf11d8fc7 100644 --- a/lib/chef/chef_fs/file_system/chef_server/cookbooks_acl_dir.rb +++ b/lib/chef/chef_fs/file_system/chef_server/cookbooks_acl_dir.rb @@ -17,7 +17,6 @@ # require "chef/chef_fs/file_system/chef_server/acl_dir" -require "chef/chef_fs/file_system/chef_server/acl_entry" class Chef module ChefFS diff --git a/lib/chef/chef_fs/file_system/chef_server/policies_acl_dir.rb b/lib/chef/chef_fs/file_system/chef_server/policies_acl_dir.rb new file mode 100644 index 0000000000..d72b90f5c0 --- /dev/null +++ b/lib/chef/chef_fs/file_system/chef_server/policies_acl_dir.rb @@ -0,0 +1,41 @@ +# +# Author:: John Keiser (<jkeiser@opscode.com>) +# Copyright:: Copyright (c) 2013 Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "chef/chef_fs/file_system/chef_server/acl_dir" + +class Chef + module ChefFS + module FileSystem + module ChefServer + class PoliciesAclDir < AclDir + # Policies are presented like /NAME-VERSION.json. But there is only + # one ACL for a given NAME. So we find out the unique policy names, + # and make one acls/policies/NAME.json for each one. + def children + if @children.nil? + # /acls/policies -> List ../../policies + names = parent.parent.child(name).children.map { |child| "#{child.policy_name}.json" } + @children = names.uniq.map { |name| make_child_entry(name, true) } + end + @children + end + end + end + end + end +end diff --git a/lib/chef/chef_fs/file_system/chef_server/policy_revision_entry.rb b/lib/chef/chef_fs/file_system/chef_server/policy_revision_entry.rb index a51a1ff5c9..941c0268cc 100644 --- a/lib/chef/chef_fs/file_system/chef_server/policy_revision_entry.rb +++ b/lib/chef/chef_fs/file_system/chef_server/policy_revision_entry.rb @@ -11,13 +11,22 @@ class Chef # /policies/foo-1.0.0.json -> /policies/foo/revisions/1.0.0 def api_path(options={}) - policy_name, revision_id = data_handler.name_and_revision(name) "#{parent.api_path}/#{policy_name}/revisions/#{revision_id}" end def write(file_contents) raise OperationNotAllowedError.new(:write, self, nil, "cannot be updated: policy revisions are immutable once uploaded. If you want to change the policy, create a new revision with your changes") end + + def policy_name + policy_name, revision_id = data_handler.name_and_revision(name) + policy_name + end + + def revision_id + policy_name, revision_id = data_handler.name_and_revision(name) + revision_id + end end end end diff --git a/spec/integration/knife/chef_fs_data_store_spec.rb b/spec/integration/knife/chef_fs_data_store_spec.rb index 145adc3e4c..d6338cc3e3 100644 --- a/spec/integration/knife/chef_fs_data_store_spec.rb +++ b/spec/integration/knife/chef_fs_data_store_spec.rb @@ -37,6 +37,7 @@ describe "ChefFSDataStore tests", :workstation do when_the_repository "has one of each thing" do before do file "clients/x.json", {} + file "cookbook_artifacts/x-111/metadata.rb", cookbook_x_100_metadata_rb file "cookbooks/x/metadata.rb", cookbook_x_100_metadata_rb file "data_bags/x/y.json", {} file "environments/x.json", {} @@ -47,7 +48,7 @@ describe "ChefFSDataStore tests", :workstation do file "groups/x.json", {} file "containers/x.json", {} file "groups/x.json", {} - file "policies/x.json", {} + file "policies/x-111.json", {} file "policy_groups/x.json", {} end @@ -59,6 +60,8 @@ describe "ChefFSDataStore tests", :workstation do /acls/clients/x.json /acls/containers/ /acls/containers/x.json +/acls/cookbook_artifacts/ +/acls/cookbook_artifacts/x.json /acls/cookbooks/ /acls/cookbooks/x.json /acls/data_bags/ @@ -70,6 +73,10 @@ describe "ChefFSDataStore tests", :workstation do /acls/nodes/ /acls/nodes/x.json /acls/organization.json +/acls/policies/ +/acls/policies/x.json +/acls/policy_groups/ +/acls/policy_groups/x.json /acls/roles/ /acls/roles/x.json /clients/ @@ -77,6 +84,8 @@ describe "ChefFSDataStore tests", :workstation do /containers/ /containers/x.json /cookbook_artifacts/ +/cookbook_artifacts/x-111/ +/cookbook_artifacts/x-111/metadata.rb /cookbooks/ /cookbooks/x/ /cookbooks/x/metadata.rb @@ -93,6 +102,7 @@ describe "ChefFSDataStore tests", :workstation do /nodes/x.json /org.json /policies/ +/policies/x-111.json /policy_groups/ /policy_groups/x.json /roles/ @@ -287,12 +297,15 @@ EOM /acls/ /acls/clients/ /acls/containers/ +/acls/cookbook_artifacts/ /acls/cookbooks/ /acls/data_bags/ /acls/environments/ /acls/groups/ /acls/nodes/ /acls/organization.json +/acls/policies/ +/acls/policy_groups/ /acls/roles/ /clients/ /containers/ diff --git a/spec/integration/knife/download_spec.rb b/spec/integration/knife/download_spec.rb index 86f1d9f4a4..c6755cccaa 100644 --- a/spec/integration/knife/download_spec.rb +++ b/spec/integration/knife/download_spec.rb @@ -1120,8 +1120,10 @@ Created /acls/containers/environments.json Created /acls/containers/groups.json Created /acls/containers/nodes.json Created /acls/containers/policies.json +Created /acls/containers/policy_groups.json Created /acls/containers/roles.json Created /acls/containers/sandboxes.json +Created /acls/cookbook_artifacts Created /acls/cookbooks Created /acls/data_bags Created /acls/environments @@ -1132,6 +1134,8 @@ Created /acls/groups/billing-admins.json Created /acls/groups/clients.json Created /acls/groups/users.json Created /acls/nodes +Created /acls/policies +Created /acls/policy_groups Created /acls/roles Created /acls/organization.json Created /clients @@ -1146,6 +1150,7 @@ Created /containers/environments.json Created /containers/groups.json Created /containers/nodes.json Created /containers/policies.json +Created /containers/policy_groups.json Created /containers/roles.json Created /containers/sandboxes.json Created /cookbook_artifacts @@ -1196,11 +1201,15 @@ EOM knife("download /acls /groups/clients.json /groups/users.json").should_succeed <<-EOM Created /acls/clients/x.json Created /acls/containers/x.json +Created /acls/cookbook_artifacts/x.json Created /acls/cookbooks/x.json Created /acls/data_bags/x.json Created /acls/environments/x.json Created /acls/groups/x.json Created /acls/nodes/x.json +Created /acls/policies/blah.json +Created /acls/policies/x.json +Created /acls/policy_groups/x.json Created /acls/roles/x.json Updated /groups/clients.json Updated /groups/users.json diff --git a/spec/integration/knife/list_spec.rb b/spec/integration/knife/list_spec.rb index 85eb959847..0db7831518 100644 --- a/spec/integration/knife/list_spec.rb +++ b/spec/integration/knife/list_spec.rb @@ -698,12 +698,15 @@ roles /acls: clients containers +cookbook_artifacts cookbooks data_bags environments groups nodes organization.json +policies +policy_groups roles /acls/clients: @@ -719,9 +722,12 @@ environments.json groups.json nodes.json policies.json +policy_groups.json roles.json sandboxes.json +/acls/cookbook_artifacts: + /acls/cookbooks: /acls/data_bags: @@ -737,6 +743,10 @@ users.json /acls/nodes: +/acls/policies: + +/acls/policy_groups: + /acls/roles: /clients: @@ -752,6 +762,7 @@ environments.json groups.json nodes.json policies.json +policy_groups.json roles.json sandboxes.json @@ -803,12 +814,15 @@ roles /acls: clients containers +cookbook_artifacts cookbooks data_bags environments groups nodes organization.json +policies +policy_groups roles /acls/clients: @@ -824,9 +838,12 @@ environments.json groups.json nodes.json policies.json +policy_groups.json roles.json sandboxes.json +/acls/cookbook_artifacts: + /acls/cookbooks: /acls/data_bags: @@ -842,6 +859,10 @@ users.json /acls/nodes: +/acls/policies: + +/acls/policy_groups: + /acls/roles: /clients: @@ -857,6 +878,7 @@ environments.json groups.json nodes.json policies.json +policy_groups.json roles.json sandboxes.json @@ -935,8 +957,12 @@ EOM /acls/containers/groups.json /acls/containers/nodes.json /acls/containers/policies.json +/acls/containers/policy_groups.json /acls/containers/roles.json /acls/containers/sandboxes.json +/acls/cookbook_artifacts/ +/acls/cookbook_artifacts/cookbook_artifact1.json +/acls/cookbook_artifacts/cookbook_artifact2.json /acls/cookbooks/ /acls/cookbooks/cookbook1.json /acls/cookbooks/cookbook2.json @@ -958,6 +984,12 @@ EOM /acls/nodes/node1.json /acls/nodes/node2.json /acls/organization.json +/acls/policies/ +/acls/policies/policy1.json +/acls/policies/policy2.json +/acls/policy_groups/ +/acls/policy_groups/policy_group1.json +/acls/policy_groups/policy_group2.json /acls/roles/ /acls/roles/role1.json /acls/roles/role2.json @@ -977,6 +1009,7 @@ EOM /containers/groups.json /containers/nodes.json /containers/policies.json +/containers/policy_groups.json /containers/roles.json /containers/sandboxes.json /cookbook_artifacts/ |