diff options
| author | Tim Smith <tsmith@chef.io> | 2018-09-21 15:04:09 -0700 |
|---|---|---|
| committer | Lamont Granquist <lamont@scriptkiddie.org> | 2019-03-11 12:20:20 -0700 |
| commit | df23dbbda7d4eb621804f004ff85181d83a11641 (patch) | |
| tree | dc4ac3d354e5b9eb3229ed9be56d5447cc9a1d85 /spec/unit | |
| parent | b870d8c578a6424e405ec2083d5f47d331f09d14 (diff) | |
| download | chef-df23dbbda7d4eb621804f004ff85181d83a11641.tar.gz | |
WIP: Remove audit mode from chef-client
This just gives us a line count to the change and perhaps a starting
point for when we do this in Chef 15
Signed-off-by: Tim Smith <tsmith@chef.io>
Signed-off-by: Lamont Granquist <lamont@scriptkiddie.org>
Diffstat (limited to 'spec/unit')
| -rw-r--r-- | spec/unit/application/client_spec.rb | 69 | ||||
| -rw-r--r-- | spec/unit/application/exit_code_spec.rb | 10 | ||||
| -rw-r--r-- | spec/unit/application/solo_spec.rb | 5 | ||||
| -rw-r--r-- | spec/unit/application_spec.rb | 4 | ||||
| -rw-r--r-- | spec/unit/audit/audit_event_proxy_spec.rb | 318 | ||||
| -rw-r--r-- | spec/unit/audit/audit_reporter_spec.rb | 435 | ||||
| -rw-r--r-- | spec/unit/audit/control_group_data_spec.rb | 482 | ||||
| -rw-r--r-- | spec/unit/audit/logger_spec.rb | 42 | ||||
| -rw-r--r-- | spec/unit/audit/rspec_formatter_spec.rb | 29 | ||||
| -rw-r--r-- | spec/unit/audit/runner_spec.rb | 144 | ||||
| -rw-r--r-- | spec/unit/client_spec.rb | 145 | ||||
| -rw-r--r-- | spec/unit/dsl/audit_spec.rb | 43 | ||||
| -rw-r--r-- | spec/unit/recipe_spec.rb | 5 | ||||
| -rw-r--r-- | spec/unit/run_context/child_run_context_spec.rb | 7 |
14 files changed, 4 insertions, 1734 deletions
diff --git a/spec/unit/application/client_spec.rb b/spec/unit/application/client_spec.rb index 40f690abb1..f58d1ed079 100644 --- a/spec/unit/application/client_spec.rb +++ b/spec/unit/application/client_spec.rb @@ -337,75 +337,6 @@ Enable chef-client interval runs by setting `:client_fork = true` in your config end end - describe "audit mode" do - shared_examples "experimental feature" do - before do - allow(Chef::Log).to receive(:warn) - end - end - - shared_examples "unrecognized setting" do - it "fatals with a message including the incorrect setting" do - expect(Chef::Application).to receive(:fatal!).with(/Unrecognized setting #{mode} for audit mode/) - app.reconfigure - end - end - - shared_context "set via config file" do - before do - Chef::Config[:audit_mode] = mode - end - end - - shared_context "set via command line" do - before do - ARGV.replace(["--audit-mode", mode]) - end - end - - describe "enabled via config file" do - include_context "set via config file" do - let(:mode) { :enabled } - include_examples "experimental feature" - end - end - - describe "enabled via command line" do - include_context "set via command line" do - let(:mode) { "enabled" } - include_examples "experimental feature" - end - end - - describe "audit_only via config file" do - include_context "set via config file" do - let(:mode) { :audit_only } - include_examples "experimental feature" - end - end - - describe "audit-only via command line" do - include_context "set via command line" do - let(:mode) { "audit-only" } - include_examples "experimental feature" - end - end - - describe "unrecognized setting via config file" do - include_context "set via config file" do - let(:mode) { :derp } - include_examples "unrecognized setting" - end - end - - describe "unrecognized setting via command line" do - include_context "set via command line" do - let(:mode) { "derp" } - include_examples "unrecognized setting" - end - end - end - describe "when both the pidfile and lockfile opts are set to the same value" do before do diff --git a/spec/unit/application/exit_code_spec.rb b/spec/unit/application/exit_code_spec.rb index 7783cf3ed7..e8a0072ff3 100644 --- a/spec/unit/application/exit_code_spec.rb +++ b/spec/unit/application/exit_code_spec.rb @@ -49,10 +49,6 @@ describe Chef::Application::ExitCode do expect(valid_rfc_exit_codes.include?(3)).to eq(true) end - it "validates a AUDIT_MODE_FAILURE return code of 42" do - expect(valid_rfc_exit_codes.include?(42)).to eq(true) - end - it "validates a REBOOT_SCHEDULED return code of 35" do expect(valid_rfc_exit_codes.include?(35)).to eq(true) end @@ -98,12 +94,6 @@ describe Chef::Application::ExitCode do expect(exit_codes.normalize_exit_code(Exception.new("BOOM"))).to eq(1) end - it "returns AUDIT_MODE_FAILURE when there is an audit error" do - audit_error = Chef::Exceptions::AuditError.new("BOOM") - runtime_error = Chef::Exceptions::RunFailedWrappingError.new(audit_error) - expect(exit_codes.normalize_exit_code(runtime_error)).to eq(42) - end - it "returns REBOOT_SCHEDULED when there is an reboot requested" do reboot_error = Chef::Exceptions::Reboot.new("BOOM") runtime_error = Chef::Exceptions::RunFailedWrappingError.new(reboot_error) diff --git a/spec/unit/application/solo_spec.rb b/spec/unit/application/solo_spec.rb index 3f7c203c67..939300b7e4 100644 --- a/spec/unit/application/solo_spec.rb +++ b/spec/unit/application/solo_spec.rb @@ -49,11 +49,6 @@ describe Chef::Application::Solo do expect(Chef::Config[:solo]).to be_truthy end - it "should set audit-mode to :disabled" do - app.reconfigure - expect(Chef::Config[:audit_mode]).to be :disabled - end - describe "when configured to not fork the client process" do before do Chef::Config[:client_fork] = false diff --git a/spec/unit/application_spec.rb b/spec/unit/application_spec.rb index b8d7242466..ef28dbb21b 100644 --- a/spec/unit/application_spec.rb +++ b/spec/unit/application_spec.rb @@ -305,8 +305,8 @@ describe Chef::Application do describe "when a standard exit code is supplied" do it "should exit with the given exit code" do - expect(Process).to receive(:exit).with(42).and_return(true) - Chef::Application.fatal! "blah", 42 + expect(Process).to receive(:exit).with(41).and_return(true) + Chef::Application.fatal! "blah", 41 end end diff --git a/spec/unit/audit/audit_event_proxy_spec.rb b/spec/unit/audit/audit_event_proxy_spec.rb deleted file mode 100644 index a9b27f238e..0000000000 --- a/spec/unit/audit/audit_event_proxy_spec.rb +++ /dev/null @@ -1,318 +0,0 @@ -# -# Author:: Tyler Ball (<tball@chef.io>) -# Author:: Claire McQuin (<claire@chef.io>) -# -# Copyright:: Copyright 2014-2016, Chef Software, Inc. -# License:: Apache License, Version 2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -require "spec_helper" -require "chef/audit/audit_event_proxy" - -describe Chef::Audit::AuditEventProxy do - - let(:stdout) { StringIO.new } - let(:events) { double("Chef::Events") } - let(:audit_event_proxy) { Chef::Audit::AuditEventProxy.new(stdout) } - - before do - Chef::Audit::AuditEventProxy.events = events - end - - describe "#example_group_started" do - - let(:description) { "poots" } - let(:group) do - double("ExampleGroup", parent_groups: parents, - description: description) end - let(:notification) { double("Notification", group: group) } - - context "when notified from a top-level example group" do - - let(:parents) { [double("ExampleGroup")] } - - it "notifies control_group_started event" do - expect(Chef::Log).to receive(:trace) - .with("Entered \`control_group\` block named poots") - expect(events).to receive(:control_group_started) - .with(description) - audit_event_proxy.example_group_started(notification) - end - end - - context "when notified from an inner-level example group" do - - let(:parents) { [double("ExampleGroup"), double("OuterExampleGroup")] } - - it "does nothing" do - expect(events).to_not receive(:control_group_started) - audit_event_proxy.example_group_started(notification) - end - end - end - - describe "#stop" do - - let(:examples) { [] } - let(:notification) { double("Notification", examples: examples) } - let(:exception) { nil } - let(:example) { double("Example", exception: exception) } - let(:control_group_name) { "audit test" } - let(:control_data) { double("ControlData") } - - before do - allow(Chef::Log).to receive(:info) # silence messages to output stream - end - - it "sends a message that audits completed" do - expect(Chef::Log).to receive(:info).with("Successfully executed all \`control_group\` blocks and contained examples") - audit_event_proxy.stop(notification) - end - - context "when an example succeeded" do - - let(:examples) { [example] } - let(:excpetion) { nil } - - before do - allow(audit_event_proxy).to receive(:build_control_from) - .with(example) - .and_return([control_group_name, control_data]) - end - - it "notifies events" do - expect(events).to receive(:control_example_success) - .with(control_group_name, control_data) - audit_event_proxy.stop(notification) - end - end - - context "when an example failed" do - - let(:examples) { [example] } - let(:exception) { double("ExpectationNotMet") } - - before do - allow(audit_event_proxy).to receive(:build_control_from) - .with(example) - .and_return([control_group_name, control_data]) - end - - it "notifies events" do - expect(events).to receive(:control_example_failure) - .with(control_group_name, control_data, exception) - audit_event_proxy.stop(notification) - end - end - - describe "#build_control_from" do - - let(:examples) { [example] } - - let(:example) do - double("Example", metadata: metadata, - description: example_description, - full_description: full_description, exception: nil) end - - let(:metadata) do - { - described_class: described_class, - example_group: example_group, - line_number: line, - } - end - - let(:example_group) do - { - description: group_description, - parent_example_group: parent_group, - } - end - - let(:parent_group) do - { - description: control_group_name, - parent_example_group: nil, - } - end - - let(:line) { 27 } - - let(:control_data) do - { - name: example_description, - desc: full_description, - resource_type: resource_type, - resource_name: resource_name, - context: context, - line_number: line, - } - end - - shared_examples "built control" do - - before do - if described_class - allow(described_class).to receive(:instance_variable_get) - .with(:@name) - .and_return(resource_name) - allow(described_class.class).to receive(:name) - .and_return(described_class.class) - end - end - - it "returns the controls block name and example metadata for reporting" do - expect(events).to receive(:control_example_success) - .with(control_group_name, control_data) - audit_event_proxy.stop(notification) - end - end - - describe "a top-level example" do - # controls "port 111" do - # it "has nobody listening" do - # expect(port("111")).to_not be_listening - # end - # end - - # Description parts - let(:group_description) { "port 111" } - let(:example_description) { "has nobody listening" } - let(:full_description) { group_description + " " + example_description } - - # Metadata fields - let(:described_class) { nil } - - # Example group (metadata[:example_group]) fields - let(:parent_group) { nil } - - # Expected returns - let(:control_group_name) { group_description } - - # Control data fields - let(:resource_type) { nil } - let(:resource_name) { nil } - let(:context) { [] } - - include_examples "built control" - end - - describe "an example with an implicit subject" do - # controls "application ports" do - # control port(111) do - # it { is_expected.to_not be_listening } - # end - # end - - # Description parts - let(:control_group_name) { "application ports" } - let(:group_description) { "#{resource_type} #{resource_name}" } - let(:example_description) { "should not be listening" } - let(:full_description) do - [control_group_name, group_description, - example_description].join(" ") end - - # Metadata fields - let(:described_class) do - double("Serverspec::Type::Port", - class: "Serverspec::Type::Port", name: resource_name) end - - # Control data fields - let(:resource_type) { "Port" } - let(:resource_name) { "111" } - let(:context) { [] } - - include_examples "built control" - end - - describe "an example in a nested context" do - # controls "application ports" do - # control "port 111" do - # it "is not listening" do - # expect(port(111)).to_not be_listening - # end - # end - # end - - # Description parts - let(:control_group_name) { "application ports" } - let(:group_description) { "port 111" } - let(:example_description) { "is not listening" } - let(:full_description) do - [control_group_name, group_description, - example_description].join(" ") end - - # Metadata fields - let(:described_class) { nil } - - # Control data fields - let(:resource_type) { nil } - let(:resource_name) { nil } - let(:context) { [group_description] } - - include_examples "built control" - end - - describe "an example in a nested context including Serverspec" do - # controls "application directory" do - # control file("/tmp/audit") do - # describe file("/tmp/audit/test_file") do - # it "is a file" do - # expect(subject).to be_file - # end - # end - # end - # end - - # Description parts - let(:control_group_name) { "application directory" } - let(:outer_group_description) { "File \"tmp/audit\"" } - let(:group_description) { "#{resource_type} #{resource_name}" } - let(:example_description) { "is a file" } - let(:full_description) do - [control_group_name, outer_group_description, - group_description, example_description].join(" ") end - - # Metadata parts - let(:described_class) do - double("Serverspec::Type::File", - class: "Serverspec::Type::File", name: resource_name) end - - # Example group parts - let(:parent_group) do - { - description: outer_group_description, - parent_example_group: control_group, - } - end - - let(:control_group) do - { - description: control_group_name, - parent_example_group: nil, - } - end - - # Control data parts - let(:resource_type) { "File" } - let(:resource_name) { "/tmp/audit/test_file" } - let(:context) { [outer_group_description] } - - include_examples "built control" - end - end - end - -end diff --git a/spec/unit/audit/audit_reporter_spec.rb b/spec/unit/audit/audit_reporter_spec.rb deleted file mode 100644 index 0a023babd0..0000000000 --- a/spec/unit/audit/audit_reporter_spec.rb +++ /dev/null @@ -1,435 +0,0 @@ -# -# Author:: Tyler Ball (<tball@chef.io>) -# Author:: Claire McQuin (<claire@chef.io>) -# -# Copyright:: Copyright 2014-2018, Chef Software Inc. -# License:: Apache License, Version 2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -require "spec_helper" - -describe Chef::Audit::AuditReporter do - - let(:rest) { double("rest") } - let(:reporter) { described_class.new(rest) } - let(:node) { double("node", name: "sofreshsoclean") } - let(:run_id) { 0 } - let(:start_time) { Time.new(2014, 12, 3, 9, 31, 05, "-08:00") } - let(:end_time) { Time.new(2014, 12, 3, 9, 36, 14, "-08:00") } - let(:run_status) do - instance_double(Chef::RunStatus, node: node, run_id: run_id, - start_time: start_time, end_time: end_time) end - - describe "#audit_phase_start" do - - it "notifies audit phase start to trace log" do - expect(Chef::Log).to receive(:trace).with(/Audit Reporter starting/) - reporter.audit_phase_start(run_status) - end - - it "initializes an AuditData object" do - expect(Chef::Audit::AuditData).to receive(:new).with(run_status.node.name, run_status.run_id) - reporter.audit_phase_start(run_status) - end - - it "saves the run status" do - reporter.audit_phase_start(run_status) - expect(reporter.instance_variable_get(:@run_status)).to eq run_status - end - end - - describe "#run_completed" do - - let(:audit_data) { Chef::Audit::AuditData.new(node.name, run_id) } - let(:run_data) { audit_data.to_h } - - before do - allow(reporter).to receive(:auditing_enabled?).and_return(true) - allow(reporter).to receive(:run_status).and_return(run_status) - allow(rest).to receive(:post).and_return(true) - allow(reporter).to receive(:audit_data).and_return(audit_data) - allow(reporter).to receive(:run_status).and_return(run_status) - allow(audit_data).to receive(:to_h).and_return(run_data) - end - - describe "a successful run with auditing enabled" do - it "sets run start and end times" do - iso_start_time = "2014-12-03T17:31:05Z" - iso_end_time = "2014-12-03T17:36:14Z" - - reporter.run_completed(node) - expect(audit_data.start_time).to eq iso_start_time - expect(audit_data.end_time).to eq iso_end_time - end - - it "posts audit data to server endpoint" do - headers = { - "X-Ops-Audit-Report-Protocol-Version" => Chef::Audit::AuditReporter::PROTOCOL_VERSION, - } - - expect(rest).to receive(:post) - .with("controls", run_data, headers) - reporter.run_completed(node) - end - - context "when audit phase failed" do - - let(:audit_error) do - double("AuditError", class: "Chef::Exceptions::AuditError", - message: "Audit phase failed with error message: derpderpderp", - backtrace: ["/path/recipe.rb:57", "/path/library.rb:106"]) end - - before do - reporter.instance_variable_set(:@audit_phase_error, audit_error) - end - - it "reports an error" do - reporter.run_completed(node) - expect(run_data).to have_key(:error) - expect(run_data).to have_key(:error) - expect(run_data[:error]).to eq <<~EOM.strip! - Chef::Exceptions::AuditError: Audit phase failed with error message: derpderpderp - /path/recipe.rb:57 - /path/library.rb:106 - EOM - end - - end - - context "when unable to post to server" do - - let(:error) do - e = StandardError.new - e.set_backtrace(caller) - e - end - - before do - expect(rest).to receive(:post).and_raise(error) - allow(error).to receive(:respond_to?).and_call_original - end - - context "the error is an http error" do - - let(:response) { double("response", code: code) } - - before do - expect(Chef::Log).to receive(:trace).with(/Sending audit report/) - expect(Chef::Log).to receive(:trace).with(/Audit Report/) - allow(error).to receive(:response).and_return(response) - expect(error).to receive(:respond_to?).with(:response).and_return(true) - end - - context "when the code is 404" do - - let(:code) { "404" } - - it "logs that the server doesn't support audit reporting" do - expect(Chef::Log).to receive(:trace).with(/Server doesn't support audit reporting/) - reporter.run_completed(node) - end - end - - shared_examples "non-404 error code" do - - it "saves the error report" do - expect(Chef::FileCache).to receive(:store) - .with("failed-audit-data.json", an_instance_of(String), 0640) - .and_return(true) - expect(Chef::FileCache).to receive(:load) - .with("failed-audit-data.json", false) - .and_return(true) - expect(Chef::Log).to receive(:error).with(/Failed to post audit report to server/) - reporter.run_completed(node) - end - - end - - context "when the code is not 404" do - include_examples "non-404 error code" do - let(:code) { "505" } - end - end - - context "when there is no code" do - include_examples "non-404 error code" do - let(:code) { nil } - end - end - - end - - context "the error is not an http error" do - - it "logs the error" do - expect(error).to receive(:respond_to?).with(:response).and_return(false) - expect(Chef::Log).to receive(:error).with(/Failed to post audit report to server/) - reporter.run_completed(node) - end - - end - - context "when reporting url fatals are enabled" do - - before do - allow(Chef::Config).to receive(:[]) - .with(:enable_reporting_url_fatals) - .and_return(true) - end - - it "raises the error" do - expect(error).to receive(:respond_to?).with(:response).and_return(false) - allow(Chef::Log).to receive(:error).and_return(true) - expect(Chef::Log).to receive(:error).with(/Reporting fatals enabled. Aborting run./) - expect { reporter.run_completed(node) }.to raise_error(error) - end - - end - end - end - - context "when auditing is not enabled" do - - before do - allow(Chef::Log).to receive(:trace) - end - - it "doesn't send reports" do - expect(reporter).to receive(:auditing_enabled?).and_return(false) - expect(Chef::Log).to receive(:trace).with("Audit Reports are disabled. Skipping sending reports.") - reporter.run_completed(node) - end - - end - - context "when the run fails before audits" do - - before do - allow(Chef::Log).to receive(:trace) - end - - it "doesn't send reports" do - expect(reporter).to receive(:auditing_enabled?).and_return(true) - expect(reporter).to receive(:run_status).and_return(nil) - expect(Chef::Log).to receive(:trace).with("Run failed before audit mode was initialized, not sending audit report to server") - reporter.run_completed(node) - end - - end - end - - describe "#run_failed" do - - let(:audit_data) { Chef::Audit::AuditData.new(node.name, run_id) } - let(:run_data) { audit_data.to_h } - - let(:audit_error) do - double("AuditError", class: "Chef::Exceptions::AuditError", - message: "Audit phase failed with error message: derpderpderp", - backtrace: ["/path/recipe.rb:57", "/path/library.rb:106"]) end - - let(:run_error) do - double("RunError", class: "Chef::Exceptions::RunError", - message: "This error shouldn't be reported.", - backtrace: ["fix it", "fix it", "fix it"]) end - - before do - allow(reporter).to receive(:auditing_enabled?).and_return(true) - allow(reporter).to receive(:run_status).and_return(run_status) - allow(reporter).to receive(:audit_data).and_return(audit_data) - allow(audit_data).to receive(:to_h).and_return(run_data) - end - - context "when no prior exception is stored" do - it "reports no error" do - expect(rest).to receive(:post) - reporter.run_failed(run_error) - expect(run_data).to_not have_key(:error) - end - end - - context "when some prior exception is stored" do - before do - reporter.instance_variable_set(:@audit_phase_error, audit_error) - end - - it "reports the prior error" do - expect(rest).to receive(:post) - reporter.run_failed(run_error) - expect(run_data).to have_key(:error) - expect(run_data[:error]).to eq <<~EOM.strip! - Chef::Exceptions::AuditError: Audit phase failed with error message: derpderpderp - /path/recipe.rb:57 - /path/library.rb:106 - EOM - end - end - end - - shared_context "audit data" do - - let(:control_group_foo) do - instance_double(Chef::Audit::ControlGroupData, - metadata: double("foo metadata")) end - let(:control_group_bar) do - instance_double(Chef::Audit::ControlGroupData, - metadata: double("bar metadata")) end - - let(:ordered_control_groups) do - { - "foo" => control_group_foo, - "bar" => control_group_bar, - } - end - - let(:audit_data) do - instance_double(Chef::Audit::AuditData, - add_control_group: true) end - - let(:run_context) do - instance_double(Chef::RunContext, - audits: ordered_control_groups) end - - before do - allow(reporter).to receive(:ordered_control_groups).and_return(ordered_control_groups) - allow(reporter).to receive(:audit_data).and_return(audit_data) - allow(reporter).to receive(:run_status).and_return(run_status) - allow(run_status).to receive(:run_context).and_return(run_context) - end - end - - describe "#audit_phase_complete" do - include_context "audit data" - - it "notifies audit phase finished to trace log" do - expect(Chef::Log).to receive(:trace).with(/Audit Reporter completed/) - reporter.audit_phase_complete("Output from audit mode") - end - - it "collects audit data" do - ordered_control_groups.each_value do |group| - expect(audit_data).to receive(:add_control_group).with(group) - end - reporter.audit_phase_complete("Output from audit mode") - end - end - - describe "#audit_phase_failed" do - include_context "audit data" - - let(:error) { double("Exception") } - - it "notifies audit phase failed to trace log" do - expect(Chef::Log).to receive(:trace).with(/Audit Reporter failed/) - reporter.audit_phase_failed(error, "Output from audit mode") - end - - it "collects audit data" do - ordered_control_groups.each_value do |group| - expect(audit_data).to receive(:add_control_group).with(group) - end - reporter.audit_phase_failed(error, "Output from audit mode") - end - end - - describe "#control_group_started" do - include_context "audit data" - - let(:name) { "bat" } - let(:control_group) do - instance_double(Chef::Audit::ControlGroupData, - metadata: double("metadata")) end - - before do - allow(Chef::Audit::ControlGroupData).to receive(:new) - .with(name, control_group.metadata) - .and_return(control_group) - end - - it "stores the control group" do - expect(ordered_control_groups).to receive(:key?).with(name).and_return(false) - allow(run_context.audits).to receive(:[]).with(name).and_return(control_group) - expect(ordered_control_groups).to receive(:store) - .with(name, control_group) - .and_call_original - reporter.control_group_started(name) - expect(ordered_control_groups[name]).to eq control_group - end - - context "when a control group with the same name has been seen" do - it "raises an exception" do - expect(ordered_control_groups).to receive(:key?).with(name).and_return(true) - expect { reporter.control_group_started(name) }.to raise_error(Chef::Exceptions::AuditControlGroupDuplicate) - end - end - end - - describe "#control_example_success" do - include_context "audit data" - - let(:name) { "foo" } - let(:example_data) { double("example data") } - - it "notifies the control group the example succeeded" do - expect(control_group_foo).to receive(:example_success).with(example_data) - reporter.control_example_success(name, example_data) - end - end - - describe "#control_example_failure" do - include_context "audit data" - - let(:name) { "bar" } - let(:example_data) { double("example data") } - let(:error) { double("Exception", message: "oopsie") } - - it "notifies the control group the example failed" do - expect(control_group_bar).to receive(:example_failure) - .with(example_data, error.message) - reporter.control_example_failure(name, example_data, error) - end - end - - describe "#auditing_enabled?" do - shared_examples "enabled?" do |true_or_false| - - it "returns #{true_or_false}" do - expect(Chef::Config).to receive(:[]) - .with(:audit_mode) - .and_return(audit_setting) - expect(reporter.auditing_enabled?).to be true_or_false - end - end - - context "when auditing is disabled" do - include_examples "enabled?", false do - let(:audit_setting) { :disabled } - end - end - - context "when auditing in audit-only mode" do - include_examples "enabled?", true do - let(:audit_setting) { :audit_only } - end - end - - context "when auditing is enabled" do - include_examples "enabled?", true do - let(:audit_setting) { :enabled } - end - end - end - -end diff --git a/spec/unit/audit/control_group_data_spec.rb b/spec/unit/audit/control_group_data_spec.rb deleted file mode 100644 index e8af8be90d..0000000000 --- a/spec/unit/audit/control_group_data_spec.rb +++ /dev/null @@ -1,482 +0,0 @@ -# -# Author:: Tyler Ball (<tball@chef.io>) -# Author:: Claire McQuin (<claire@chef.io>) -# -# Copyright:: Copyright 2014-2018, Chef Software Inc. -# License:: Apache License, Version 2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -require "spec_helper" -require "securerandom" - -describe Chef::Audit::AuditData do - - let(:node_name) { "noodles" } - let(:run_id) { SecureRandom.uuid } - let(:audit_data) { described_class.new(node_name, run_id) } - - let(:control_group_1) { double("control group 1") } - let(:control_group_2) { double("control group 2") } - - describe "#add_control_group" do - context "when no control groups have been added" do - it "stores the control group" do - audit_data.add_control_group(control_group_1) - expect(audit_data.control_groups).to include(control_group_1) - end - - end - - context "when adding additional control groups" do - - before do - audit_data.add_control_group(control_group_1) - end - - it "stores the control group" do - audit_data.add_control_group(control_group_2) - expect(audit_data.control_groups).to include(control_group_2) - end - - it "stores all control groups" do - audit_data.add_control_group(control_group_2) - expect(audit_data.control_groups).to include(control_group_1) - end - end - end - - describe "#to_h" do - - let(:audit_data_hash) { audit_data.to_h } - - it "returns a hash" do - expect(audit_data_hash).to be_a(Hash) - end - - it "describes a Chef::Audit::AuditData object" do - keys = [:node_name, :run_id, :start_time, :end_time, :control_groups] - expect(audit_data_hash.keys).to match_array(keys) - end - - describe ":control_groups" do - - let(:control_hash_1) { { name: "control group 1" } } - let(:control_hash_2) { { name: "control group 2" } } - - let(:control_groups) { audit_data_hash[:control_groups] } - - context "with no control groups added" do - it "is an empty list" do - expect(control_groups).to eq [] - end - end - - context "with one control group added" do - - before do - allow(audit_data).to receive(:control_groups).and_return([control_group_1]) - end - - it "is a one-element list containing the control group hash" do - expect(control_group_1).to receive(:to_h).once.and_return(control_hash_1) - expect(control_groups.size).to eq 1 - expect(control_groups).to include(control_hash_1) - end - end - - context "with multiple control groups added" do - - before do - allow(audit_data).to receive(:control_groups).and_return([control_group_1, control_group_2]) - end - - it "is a list of control group hashes" do - expect(control_group_1).to receive(:to_h).and_return(control_hash_1) - expect(control_group_2).to receive(:to_h).and_return(control_hash_2) - expect(control_groups.size).to eq 2 - expect(control_groups).to include(control_hash_1) - expect(control_groups).to include(control_hash_2) - end - end - end - end -end - -describe Chef::Audit::ControlData do - - let(:name) { "ramen" } - let(:resource_type) { double("Service") } - let(:resource_name) { "mysql" } - let(:context) { nil } - let(:line_number) { 27 } - - let(:control_data) do - described_class.new(name: name, - resource_type: resource_type, resource_name: resource_name, - context: context, line_number: line_number) end - - describe "#to_h" do - - let(:control_data_hash) { control_data.to_h } - - it "returns a hash" do - expect(control_data_hash).to be_a(Hash) - end - - it "describes a Chef::Audit::ControlData object" do - keys = [:name, :resource_type, :resource_name, :context, :status, :details] - expect(control_data_hash.keys).to match_array(keys) - end - - context "when context is nil" do - - it "sets :context to an empty array" do - expect(control_data_hash[:context]).to eq [] - end - - end - - context "when context is non-nil" do - - let(:context) { ["outer"] } - - it "sets :context to its value" do - expect(control_data_hash[:context]).to eq context - end - end - end -end - -describe Chef::Audit::ControlGroupData do - - let(:name) { "balloon" } - let(:control_group_data) { described_class.new(name) } - - shared_context "control data" do - - let(:name) { "" } - let(:resource_type) { nil } - let(:resource_name) { nil } - let(:context) { nil } - let(:line_number) { 0 } - - let(:control_data) do - { - name: name, - resource_type: resource_type, - resource_name: resource_name, - context: context, - line_number: line_number, - } - end - - end - - shared_context "control" do - include_context "control data" - - let(:control) do - Chef::Audit::ControlData.new(name: name, - resource_type: resource_type, resource_name: resource_name, - context: context, line_number: line_number) end - - before do - allow(Chef::Audit::ControlData).to receive(:new) - .with(name: name, resource_type: resource_type, - resource_name: resource_name, context: context, - line_number: line_number) - .and_return(control) - end - end - - describe "#new" do - it "has status \"success\"" do - expect(control_group_data.status).to eq "success" - end - end - - describe "#example_success" do - include_context "control" - - def notify_success - control_group_data.example_success(control_data) - end - - it "increments the number of successful audits" do - num_success = control_group_data.number_succeeded - notify_success - expect(control_group_data.number_succeeded).to eq (num_success + 1) - end - - it "does not increment the number of failed audits" do - num_failed = control_group_data.number_failed - notify_success - expect(control_group_data.number_failed).to eq (num_failed) - end - - it "marks the audit's status as success" do - notify_success - expect(control.status).to eq "success" - end - - it "does not modify its own status" do - expect(control_group_data).to_not receive(:status=) - status = control_group_data.status - notify_success - expect(control_group_data.status).to eq status - end - - it "saves the control" do - controls = control_group_data.controls - expect(controls).to_not include(control) - notify_success - expect(controls).to include(control) - end - end - - describe "#example_failure" do - include_context "control" - - let(:details) { "poop" } - - def notify_failure - control_group_data.example_failure(control_data, details) - end - - it "does not increment the number of successful audits" do - num_success = control_group_data.number_succeeded - notify_failure - expect(control_group_data.number_succeeded).to eq num_success - end - - it "increments the number of failed audits" do - num_failed = control_group_data.number_failed - notify_failure - expect(control_group_data.number_failed).to eq (num_failed + 1) - end - - it "marks the audit's status as failure" do - notify_failure - expect(control.status).to eq "failure" - end - - it "marks its own status as failure" do - notify_failure - expect(control_group_data.status).to eq "failure" - end - - it "saves the control" do - controls = control_group_data.controls - expect(controls).to_not include(control) - notify_failure - expect(controls).to include(control) - end - - context "when details are not provided" do - - let(:details) { nil } - - it "does not save details to the control" do - default_details = control.details - expect(control).to_not receive(:details=) - notify_failure - expect(control.details).to eq default_details - end - end - - context "when details are provided" do - - let(:details) { "yep that didn't work" } - - it "saves details to the control" do - notify_failure - expect(control.details).to eq details - end - end - end - - shared_examples "multiple audits" do |success_or_failure| - include_context "control" - - let(:num_success) { 0 } - let(:num_failure) { 0 } - - before do - if num_failure == 0 - num_success.times { control_group_data.example_success(control_data) } - elsif num_success == 0 - num_failure.times { control_group_data.example_failure(control_data, nil) } - end - end - - it "counts the number of successful audits" do - expect(control_group_data.number_succeeded).to eq num_success - end - - it "counts the number of failed audits" do - expect(control_group_data.number_failed).to eq num_failure - end - - it "marks its status as \"#{success_or_failure}\"" do - expect(control_group_data.status).to eq success_or_failure - end - end - - context "when all audits pass" do - include_examples "multiple audits", "success" do - let(:num_success) { 3 } - end - end - - context "when one audit fails" do - shared_examples "mixed audit results" do - include_examples "multiple audits", "failure" do - - let(:audit_results) { [] } - let(:num_success) { audit_results.count("success") } - let(:num_failure) { 1 } - - before do - audit_results.each do |result| - if result == "success" - control_group_data.example_success(control_data) - else - control_group_data.example_failure(control_data, nil) - end - end - end - end - end - - context "and it's the first audit" do - include_examples "mixed audit results" do - let(:audit_results) { %w{failure success success} } - end - end - - context "and it's an audit in the middle" do - include_examples "mixed audit results" do - let(:audit_results) { %w{success failure success} } - end - end - - context "and it's the last audit" do - include_examples "mixed audit results" do - let(:audit_results) { %w{success success failure} } - end - end - end - - context "when all audits fail" do - include_examples "multiple audits", "failure" do - let(:num_failure) { 3 } - end - end - - describe "#to_h" do - - let(:control_group_data_hash) { control_group_data.to_h } - - it "returns a hash" do - expect(control_group_data_hash).to be_a(Hash) - end - - it "describes a Chef::Audit::ControlGroupData object" do - keys = [:name, :status, :number_succeeded, :number_failed, - :controls, :id] - expect(control_group_data_hash.keys).to match_array(keys) - end - - describe ":controls" do - - let(:control_group_controls) { control_group_data_hash[:controls] } - - context "with no controls added" do - it "is an empty list" do - expect(control_group_controls).to eq [] - end - end - - context "with one control added" do - include_context "control" - - let(:control_list) { [control_data] } - let(:control_hash) { control.to_h } - - before do - expect(control_group_data).to receive(:controls).twice.and_return(control_list) - expect(control_data).to receive(:to_h).and_return(control_hash) - end - - it "is a one-element list containing the control hash" do - expect(control_group_controls.size).to eq 1 - expect(control_group_controls).to include(control_hash) - end - - it "adds a sequence number to the control" do - control_group_data.to_h - expect(control_hash).to have_key(:sequence_number) - end - - end - - context "with multiple controls added" do - - let(:control_hash_1) { { line_number: 27 } } - let(:control_hash_2) { { line_number: 13 } } - let(:control_hash_3) { { line_number: 35 } } - - let(:control_1) do - double("control 1", - line_number: control_hash_1[:line_number], - to_h: control_hash_1) end - let(:control_2) do - double("control 2", - line_number: control_hash_2[:line_number], - to_h: control_hash_2) end - let(:control_3) do - double("control 3", - line_number: control_hash_3[:line_number], - to_h: control_hash_3) end - - let(:control_list) { [control_1, control_2, control_3] } - let(:ordered_control_hashes) { [control_hash_2, control_hash_1, control_hash_3] } - - before do - # Another way to do this would be to call #example_success - # or #example_failure per control hash, but we'd have to - # then stub #create_control and it's a lot of extra stubbing work. - # We can't stub the controls reader to return a list of - # controls because of the call to sort! and the following - # reading of controls. - control_group_data.instance_variable_set(:@controls, control_list) - end - - it "is a list of control group hashes ordered by line number" do - expect(control_group_controls.size).to eq 3 - expect(control_group_controls).to eq ordered_control_hashes - end - - it "assigns sequence numbers in order" do - control_group_data.to_h - ordered_control_hashes.each_with_index do |control_hash, idx| - expect(control_hash[:sequence_number]).to eq idx + 1 - end - end - end - end - end - -end diff --git a/spec/unit/audit/logger_spec.rb b/spec/unit/audit/logger_spec.rb deleted file mode 100644 index 51a32d906e..0000000000 --- a/spec/unit/audit/logger_spec.rb +++ /dev/null @@ -1,42 +0,0 @@ -# -# Copyright:: Copyright 2014-2016, Chef Software, Inc. -# License:: Apache License, Version 2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -require "spec_helper" - -describe Chef::Audit::Logger do - - before(:each) do - Chef::Audit::Logger.instance_variable_set(:@buffer, nil) - end - - it "calling puts creates @buffer and adds the message" do - Chef::Audit::Logger.puts("Output message") - expect(Chef::Audit::Logger.read_buffer).to eq("Output message\n") - end - - it "calling puts multiple times adds to the message" do - Chef::Audit::Logger.puts("Output message") - Chef::Audit::Logger.puts("Output message") - Chef::Audit::Logger.puts("Output message") - expect(Chef::Audit::Logger.read_buffer).to eq("Output message\nOutput message\nOutput message\n") - end - - it "calling it before @buffer is set returns an empty string" do - expect(Chef::Audit::Logger.read_buffer).to eq("") - end - -end diff --git a/spec/unit/audit/rspec_formatter_spec.rb b/spec/unit/audit/rspec_formatter_spec.rb deleted file mode 100644 index 8c266fbb8b..0000000000 --- a/spec/unit/audit/rspec_formatter_spec.rb +++ /dev/null @@ -1,29 +0,0 @@ -# -# Author:: Tyler Ball (<tball@chef.io>) -# Author:: Claire McQuin (<claire@chef.io>) -# -# Copyright:: Copyright 2014-2016, Chef Software, Inc. -# License:: Apache License, Version 2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -require "spec_helper" -require "chef/audit/rspec_formatter" - -describe Chef::Audit::RspecFormatter do - let(:formatter) { Chef::Audit::RspecFormatter.new(nil) } - it "should respond to close" do - expect(formatter).to respond_to(:close) - end -end diff --git a/spec/unit/audit/runner_spec.rb b/spec/unit/audit/runner_spec.rb deleted file mode 100644 index 902ede62ed..0000000000 --- a/spec/unit/audit/runner_spec.rb +++ /dev/null @@ -1,144 +0,0 @@ -# -# Author:: Tyler Ball (<tball@chef.io>) -# Copyright:: Copyright 2014-2016, Chef Software, Inc. -# License:: Apache License, Version 2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -require "spec_helper" -require "rspec/core/sandbox" -require "chef/audit/runner" -require "chef/audit/audit_event_proxy" -require "chef/audit/rspec_formatter" -require "rspec/support/spec/in_sub_process" -require "rspec/support/spec/stderr_splitter" - -describe Chef::Audit::Runner do - include RSpec::Support::InSubProcess - - let(:events) { double("events") } - let(:run_context) { instance_double(Chef::RunContext, events: events) } - let(:runner) { Chef::Audit::Runner.new(run_context) } - - around(:each) do |ex| - RSpec::Core::Sandbox.sandboxed { ex.run } - end - - context "when we run in audit mode" do - let(:paths) { [ "/opt/chef/lib/chef/", 'C:\windows/here/lib/chef/' , "/opt/chef/extra/folders/lib/chef/"] } - it "excludes the current path from backtrace" do - paths.each do |path| - expect(runner.exclusion_pattern).to match(path) - end - end - end - - describe "#initialize" do - it "correctly sets the run_context during initialization" do - expect(runner.instance_variable_get(:@run_context)).to eq(run_context) - end - end - - context "during #run" do - - describe "#setup" do - let(:log_location) { File.join(Dir.tmpdir, "audit_log") } - let(:color) { false } - - before do - Chef::Config[:log_location] = log_location - Chef::Config[:color] = color - end - - it "sets all the config values" do - # This runs the Serverspec includes - we don't want these hanging around in all subsequent tests so - # we run this in a forked process. Keeps Serverspec files from getting loaded into main process. - in_sub_process do - runner.send(:setup) - - expect(RSpec.configuration.output_stream).to eq(Chef::Audit::Logger) - expect(RSpec.configuration.error_stream).to eq(Chef::Audit::Logger) - - expect(RSpec.configuration.formatters.size).to eq(2) - expect(RSpec.configuration.formatters).to include(instance_of(Chef::Audit::AuditEventProxy)) - expect(RSpec.configuration.formatters).to include(instance_of(Chef::Audit::RspecFormatter)) - expect(Chef::Audit::AuditEventProxy.class_variable_get(:@@events)).to eq(run_context.events) - - expect(RSpec.configuration.expectation_frameworks).to eq([RSpec::Matchers]) - expect(RSpec::Matchers.configuration.syntax).to eq([:expect]) - - expect(RSpec.configuration.color).to eq(color) - expect(RSpec.configuration.expose_dsl_globally?).to eq(false) - expect(RSpec.configuration.backtrace_exclusion_patterns).to include(runner.exclusion_pattern) - - expect(Specinfra.configuration.backend).to eq(:exec) - end - end - end - - describe "#register_control_groups" do - let(:audits) { [] } - let(:run_context) { instance_double(Chef::RunContext, audits: audits) } - - it "adds the control group aliases" do - runner.send(:register_control_groups) - - expect(RSpec::Core::DSL.example_group_aliases).to include(:__control_group__) - expect(RSpec::Core::DSL.example_group_aliases).to include(:control) - end - - context "audits exist" do - let(:audits) { { "audit_name" => group } } - let(:group) { Struct.new(:args, :block).new(["group_name"], nil) } - - it "sends the audits to the world" do - runner.send(:register_control_groups) - - expect(RSpec.world.example_groups.size).to eq(1) - # For whatever reason, `kind_of` is not working - # expect(RSpec.world.example_groups).to include(kind_of(RSpec::Core::ExampleGroup)) => FAIL - g = RSpec.world.example_groups[0] - expect(g.ancestors).to include(RSpec::Core::ExampleGroup) - expect(g.description).to eq("group_name") - end - end - end - - describe "#do_run" do - let(:rspec_runner) { instance_double(RSpec::Core::Runner) } - - it "executes the runner" do - expect(RSpec::Core::Runner).to receive(:new).with(nil).and_return(rspec_runner) - expect(rspec_runner).to receive(:run_specs).with([]) - - runner.send(:do_run) - end - end - end - - describe "counters" do - it "correctly calculates failed?" do - expect(runner.failed?).to eq(false) - end - - it "correctly calculates num_failed" do - expect(runner.num_failed).to eq(0) - end - - it "correctly calculates num_total" do - expect(runner.num_total).to eq(0) - end - end - -end diff --git a/spec/unit/client_spec.rb b/spec/unit/client_spec.rb index 370d5d34e7..41091f5716 100644 --- a/spec/unit/client_spec.rb +++ b/spec/unit/client_spec.rb @@ -108,8 +108,7 @@ shared_context "a client run" do let(:http_node_save) { double("Chef::ServerAPI (node save)") } let(:reporting_rest_client) { double("Chef::ServerAPI (reporting client)") } - let(:runner) { instance_double("Chef::Runner") } - let(:audit_runner) { instance_double("Chef::Audit::Runner", failed?: false) } + let(:runner) { instance_double("Chef::Runner") } def stub_for_register # --Client.register @@ -131,7 +130,6 @@ shared_context "a client run" do expect(client.events).to receive(:register).with(instance_of(Chef::DataCollector::Reporter)) expect(client.events).to receive(:register).with(instance_of(Chef::ResourceReporter)) expect(client.events).to receive(:register).with(instance_of(Chef::ActionCollection)) - expect(client.events).to receive(:register).with(instance_of(Chef::Audit::AuditReporter)) end def stub_for_node_load @@ -174,10 +172,6 @@ shared_context "a client run" do # define me end - def stub_for_audit - # define me - end - def stub_for_node_save # define me end @@ -190,7 +184,6 @@ shared_context "a client run" do Chef::Config[:client_fork] = enable_fork Chef::Config[:cache_path] = windows? ? 'C:\chef' : "/var/chef" Chef::Config[:why_run] = false - Chef::Config[:audit_mode] = :enabled Chef::Config[:chef_guid] = "default-guid" stub_rest_clean @@ -200,7 +193,6 @@ shared_context "a client run" do stub_for_sync_cookbooks stub_for_required_recipe stub_for_converge - stub_for_audit stub_for_node_save expect_any_instance_of(Chef::RunLock).to receive(:acquire) @@ -248,52 +240,6 @@ shared_context "converge failed" do end end -shared_context "audit phase completed" do - def stub_for_audit - # -- Client#run_audits - expect(Chef::Audit::Runner).to receive(:new).and_return(audit_runner) - expect(audit_runner).to receive(:run).and_return(true) - expect(client.events).to receive(:audit_phase_complete) - end -end - -shared_context "audit phase failed with error" do - let(:audit_error) do - err = RuntimeError.new("Unexpected audit error") - err.set_backtrace([ "/path/recipe.rb:57", "/path/recipe.rb:55" ]) - err - end - - def stub_for_audit - expect(Chef::Audit::Runner).to receive(:new).and_return(audit_runner) - expect(Chef::Audit::Logger).to receive(:read_buffer).and_return("Audit mode output!") - expect(audit_runner).to receive(:run).and_raise(audit_error) - expect(client.events).to receive(:audit_phase_failed).with(audit_error, "Audit mode output!") - end -end - -shared_context "audit phase completed with failed controls" do - let(:audit_runner) do - instance_double("Chef::Audit::Runner", failed?: true, - num_failed: 1, num_total: 3) end - - let(:audit_error) do - err = Chef::Exceptions::AuditsFailed.new(audit_runner.num_failed, audit_runner.num_total) - err.set_backtrace([ "/path/recipe.rb:108", "/path/recipe.rb:103" ]) - err - end - - def stub_for_audit - expect(Chef::Audit::Runner).to receive(:new).and_return(audit_runner) - expect(Chef::Audit::Logger).to receive(:read_buffer).and_return("Audit mode output!") - expect(audit_runner).to receive(:run) - expect(Chef::Exceptions::AuditsFailed).to receive(:new).with( - audit_runner.num_failed, audit_runner.num_total - ).and_return(audit_error) - expect(client.events).to receive(:audit_phase_failed).with(audit_error, "Audit mode output!") - end -end - shared_context "run completed" do def stub_for_run expect(client).to receive(:run_completed_successfully) @@ -318,7 +264,7 @@ end shared_examples "a completed run" do include_context "run completed" - it "runs ohai, sets up authentication, loads node state, synchronizes policy, converges, and runs audits" do + it "runs ohai, sets up authentication, loads node state, synchronizes policy, converges" do # This is what we're testing. expect(client.run).to be true @@ -328,28 +274,6 @@ shared_examples "a completed run" do end end -shared_examples "a completed run with audit failure" do - include_context "run completed" - - before do - expect(Chef::Application).to receive(:debug_stacktrace).with an_instance_of(Chef::Exceptions::RunFailedWrappingError) - end - - it "converges, runs audits, saves the node and raises the error in a wrapping error" do - expect { client.run }.to raise_error(Chef::Exceptions::RunFailedWrappingError) do |error| - expect(error.wrapped_errors.size).to eq(run_errors.size) - run_errors.each do |run_error| - expect(error.wrapped_errors).to include(run_error) - expect(error.backtrace).to include(*run_error.backtrace) - end - end - - # fork is stubbed, so we can see the outcome of the run - expect(node.automatic_attrs[:platform]).to eq(platform) - expect(node.automatic_attrs[:platform_version]).to eq(platform_version) - end -end - shared_examples "a failed run" do include_context "run failed" @@ -497,7 +421,6 @@ describe Chef::Client do shared_examples_for "a successful client run" do include_context "a client run" include_context "converge completed" - include_context "audit phase completed" include_examples "a completed run" end @@ -577,52 +500,11 @@ describe Chef::Client do describe "when converge completes successfully" do include_context "a client run" include_context "converge completed" - context "when audit mode is enabled" do - describe "when audit phase errors" do - include_context "audit phase failed with error" - include_examples "a completed run with audit failure" do - let(:run_errors) { [audit_error] } - end - end - - describe "when audit phase completed" do - include_context "audit phase completed" - include_examples "a completed run" - end - - describe "when audit phase completed with failed controls" do - include_context "audit phase completed with failed controls" - include_examples "a completed run with audit failure" do - let(:run_errors) { [audit_error] } - end - end - end end describe "when converge errors" do include_context "a client run" include_context "converge failed" - - describe "when audit phase errors" do - include_context "audit phase failed with error" - include_examples "a failed run" do - let(:run_errors) { [converge_error, audit_error] } - end - end - - describe "when audit phase completed" do - include_context "audit phase completed" - include_examples "a failed run" do - let(:run_errors) { [converge_error] } - end - end - - describe "when audit phase completed with failed controls" do - include_context "audit phase completed with failed controls" - include_examples "a failed run" do - let(:run_errors) { [converge_error, audit_error] } - end - end end end @@ -903,28 +785,5 @@ describe Chef::Client do # fail on the first thing in begin block allow_any_instance_of(Chef::RunLock).to receive(:save_pid).and_raise(NoMethodError) end - - context "when audit mode is enabled" do - before do - Chef::Config[:audit_mode] = :enabled - end - it "should run exception handlers on early fail" do - expect(subject).to receive(:run_failed) - expect { subject.run }.to raise_error(Chef::Exceptions::RunFailedWrappingError) do |error| - expect(error.wrapped_errors.size).to eq 1 - expect(error.wrapped_errors).to include(NoMethodError) - end - end - end - - context "when audit mode is disabled" do - before do - Chef::Config[:audit_mode] = :disabled - end - it "should run exception handlers on early fail" do - expect(subject).to receive(:run_failed) - expect { subject.run }.to raise_error(NoMethodError) - end - end end end diff --git a/spec/unit/dsl/audit_spec.rb b/spec/unit/dsl/audit_spec.rb deleted file mode 100644 index e24fbc4589..0000000000 --- a/spec/unit/dsl/audit_spec.rb +++ /dev/null @@ -1,43 +0,0 @@ - -require "spec_helper" -require "chef/dsl/audit" - -class AuditDSLTester < Chef::Recipe - include Chef::DSL::Audit -end - -class BadAuditDSLTester - include Chef::DSL::Audit -end - -describe Chef::DSL::Audit do - let(:auditor) { AuditDSLTester.new("cookbook_name", "recipe_name", run_context) } - let(:run_context) { instance_double(Chef::RunContext, audits: audits, cookbook_collection: cookbook_collection) } - let(:audits) { {} } - let(:cookbook_collection) { {} } - - it "raises an error when a block of audits is not provided" do - expect { auditor.control_group "name" }.to raise_error(Chef::Exceptions::NoAuditsProvided) - end - - it "raises an error when no audit name is given" do - expect { auditor.control_group {} }.to raise_error(Chef::Exceptions::AuditNameMissing) - end - - context "audits already populated" do - let(:audits) { { "unique" => {} } } - - it "raises an error if the audit name is a duplicate" do - expect { auditor.control_group("unique") {} }.to raise_error(Chef::Exceptions::AuditControlGroupDuplicate) - end - end - - context "included in a class without recipe DSL" do - let(:auditor) { BadAuditDSLTester.new } - - it "fails because it relies on the recipe DSL existing" do - expect { auditor.control_group("unique") {} }.to raise_error(NoMethodError, /undefined method `cookbook_name'/) - end - end - -end diff --git a/spec/unit/recipe_spec.rb b/spec/unit/recipe_spec.rb index 2d5bb81c95..1bc84745ad 100644 --- a/spec/unit/recipe_spec.rb +++ b/spec/unit/recipe_spec.rb @@ -577,11 +577,6 @@ describe Chef::Recipe do end describe "included DSL" do - it "should include features from Chef::DSL::Audit" do - expect(recipe.singleton_class.included_modules).to include(Chef::DSL::Audit) - expect(recipe.respond_to?(:control_group)).to be true - end - it "should respond to :ps_credential from Chef::DSL::Powershell" do expect(recipe.respond_to?(:ps_credential)).to be true end diff --git a/spec/unit/run_context/child_run_context_spec.rb b/spec/unit/run_context/child_run_context_spec.rb index be45aaa1cc..a5a4aea4a1 100644 --- a/spec/unit/run_context/child_run_context_spec.rb +++ b/spec/unit/run_context/child_run_context_spec.rb @@ -44,13 +44,6 @@ describe Chef::RunContext::ChildRunContext do expect(child.parent_run_context).to eq run_context end - it "audits is not the same as the parent" do - expect(child.audits.object_id).not_to eq run_context.audits.object_id - child.audits["hi"] = "lo" - expect(child.audits["hi"]).to eq("lo") - expect(run_context.audits["hi"]).not_to eq("lo") - end - it "resource_collection is not the same as the parent" do expect(child.resource_collection.object_id).not_to eq run_context.resource_collection.object_id f = Chef::Resource::File.new("hi", child) |