summaryrefslogtreecommitdiff
path: root/spec
diff options
context:
space:
mode:
authorvijaymmali1990 <vijay.mali@msystechnologies.com>2019-02-12 03:31:02 -0800
committervijaymmali1990 <vijay.mali@msystechnologies.com>2019-02-12 04:33:32 -0800
commit3e2c9bcfb0423dce05a1e29f11ddef3f4f562713 (patch)
treef81ac839ed0bb39bec728c156604eed77b8c5bc0 /spec
parent7658fba8df362c5674008ab6a2852592b6ec9cd1 (diff)
downloadchef-3e2c9bcfb0423dce05a1e29f11ddef3f4f562713.tar.gz
Minor fixes as per the review comments
- Using proper verbiage for constant SUBFOLDERS_AND_FILES_ONLY - Source https://metacpan.org/pod/Win32::Security::ACE#dbmAceFlags - Minor DRY up and Fixes - Ensured chefstyle Signed-off-by: vijaymmali1990 <vijay.mali@msystechnologies.com>
Diffstat (limited to 'spec')
-rw-r--r--spec/functional/resource/link_spec.rb4
-rw-r--r--spec/support/shared/functional/directory_resource.rb4
-rw-r--r--spec/support/shared/functional/file_resource.rb4
-rw-r--r--spec/support/shared/functional/securable_resource.rb192
4 files changed, 105 insertions, 99 deletions
diff --git a/spec/functional/resource/link_spec.rb b/spec/functional/resource/link_spec.rb
index 4c8545e60b..d86a904098 100644
--- a/spec/functional/resource/link_spec.rb
+++ b/spec/functional/resource/link_spec.rb
@@ -417,11 +417,11 @@ describe Chef::Resource::Link do
it_behaves_like "a securable resource without existing target" do
let(:path) { target_file }
- def allowed_acl(sid, expected_perms, flags = 0)
+ def allowed_acl(sid, expected_perms, _flags = 0)
[ ACE.access_allowed(sid, expected_perms[:specific]) ]
end
- def denied_acl(sid, expected_perms, flags = 0)
+ def denied_acl(sid, expected_perms, _flags = 0)
[ ACE.access_denied(sid, expected_perms[:specific]) ]
end
diff --git a/spec/support/shared/functional/directory_resource.rb b/spec/support/shared/functional/directory_resource.rb
index c910e7c668..4fb08479e6 100644
--- a/spec/support/shared/functional/directory_resource.rb
+++ b/spec/support/shared/functional/directory_resource.rb
@@ -68,7 +68,7 @@ shared_examples_for "a directory resource" do
def allowed_acl(sid, expected_perms, flags = 0)
acl = [ ACE.access_allowed(sid, expected_perms[:specific], flags) ]
if expected_perms[:generic]
- acl << ACE.access_allowed(sid, expected_perms[:generic], (Chef::ReservedNames::Win32::API::Security::INHERIT_ONLY_ACE | Chef::ReservedNames::Win32::API::Security::CONTAINER_INHERIT_ACE | Chef::ReservedNames::Win32::API::Security::OBJECT_INHERIT_ACE))
+ acl << ACE.access_allowed(sid, expected_perms[:generic], (Chef::ReservedNames::Win32::API::Security::SUBFOLDERS_AND_FILES_ONLY))
end
acl
end
@@ -76,7 +76,7 @@ shared_examples_for "a directory resource" do
def denied_acl(sid, expected_perms, flags = 0)
acl = [ ACE.access_denied(sid, expected_perms[:specific], flags) ]
if expected_perms[:generic]
- acl << ACE.access_denied(sid, expected_perms[:generic], (Chef::ReservedNames::Win32::API::Security::INHERIT_ONLY_ACE | Chef::ReservedNames::Win32::API::Security::CONTAINER_INHERIT_ACE | Chef::ReservedNames::Win32::API::Security::OBJECT_INHERIT_ACE))
+ acl << ACE.access_denied(sid, expected_perms[:generic], (Chef::ReservedNames::Win32::API::Security::SUBFOLDERS_AND_FILES_ONLY))
end
acl
end
diff --git a/spec/support/shared/functional/file_resource.rb b/spec/support/shared/functional/file_resource.rb
index 8aa4ffb65e..db947614b3 100644
--- a/spec/support/shared/functional/file_resource.rb
+++ b/spec/support/shared/functional/file_resource.rb
@@ -899,11 +899,11 @@ shared_examples_for "a configured file resource" do
end
# Set up the context for security tests
- def allowed_acl(sid, expected_perms, flags = 0)
+ def allowed_acl(sid, expected_perms, _flags = 0)
[ ACE.access_allowed(sid, expected_perms[:specific]) ]
end
- def denied_acl(sid, expected_perms, flags = 0)
+ def denied_acl(sid, expected_perms, _flags = 0)
[ ACE.access_denied(sid, expected_perms[:specific]) ]
end
diff --git a/spec/support/shared/functional/securable_resource.rb b/spec/support/shared/functional/securable_resource.rb
index 0a7eac442d..18e7243453 100644
--- a/spec/support/shared/functional/securable_resource.rb
+++ b/spec/support/shared/functional/securable_resource.rb
@@ -364,102 +364,108 @@ shared_examples_for "a securable resource without existing target" do
expect(descriptor.group).to eq(arbitrary_non_default_group)
end
- describe "with rights and deny_rights attributes" do
-
- it "correctly sets :read rights" do
- resource.rights(:read, "Guest")
- resource.run_action(:create)
- expect(explicit_aces).to eq(allowed_acl(SID.Guest, expected_read_perms))
- end
-
- it "correctly sets :read_execute rights" do
- resource.rights(:read_execute, "Guest")
- resource.run_action(:create)
- expect(explicit_aces).to eq(allowed_acl(SID.Guest, expected_read_execute_perms))
- end
-
- it "correctly sets :write rights" do
- resource.rights(:write, "Guest")
- resource.run_action(:create)
- expect(explicit_aces).to eq(allowed_acl(SID.Guest, expected_write_perms, write_flag))
- end
-
- it "correctly sets :modify rights" do
- resource.rights(:modify, "Guest")
- resource.run_action(:create)
- expect(explicit_aces).to eq(allowed_acl(SID.Guest, expected_modify_perms))
+ describe "#allowed_acl" do
+ context "correctly sets" do
+
+ it ":read rights" do
+ resource.rights(:read, "Guest")
+ resource.run_action(:create)
+ expect(explicit_aces).to eq(allowed_acl(SID.Guest, expected_read_perms))
+ end
+
+ it ":read_execute rights" do
+ resource.rights(:read_execute, "Guest")
+ resource.run_action(:create)
+ expect(explicit_aces).to eq(allowed_acl(SID.Guest, expected_read_execute_perms))
+ end
+
+ it ":write rights" do
+ resource.rights(:write, "Guest")
+ resource.run_action(:create)
+ expect(explicit_aces).to eq(allowed_acl(SID.Guest, expected_write_perms, write_flag))
+ end
+
+ it ":modify rights" do
+ resource.rights(:modify, "Guest")
+ resource.run_action(:create)
+ expect(explicit_aces).to eq(allowed_acl(SID.Guest, expected_modify_perms))
+ end
+
+ it ":full_control rights" do
+ resource.rights(:full_control, "Guest")
+ resource.run_action(:create)
+ expect(explicit_aces).to eq(allowed_acl(SID.Guest, expected_full_control_perms))
+ end
+
+ it "multiple rights" do
+ resource.rights(:read, "Everyone")
+ resource.rights(:modify, "Guest")
+ resource.run_action(:create)
+
+ expect(explicit_aces).to eq(
+ allowed_acl(SID.Everyone, expected_read_perms) +
+ allowed_acl(SID.Guest, expected_modify_perms)
+ )
+ end
end
+ end
- it "correctly sets :full_control rights" do
- resource.rights(:full_control, "Guest")
- resource.run_action(:create)
- expect(explicit_aces).to eq(allowed_acl(SID.Guest, expected_full_control_perms))
- end
-
- it "correctly sets :read deny_rights" do
- resource.deny_rights(:read, "Guest")
- resource.run_action(:create)
- expect(explicit_aces).to eq(denied_acl(SID.Guest, expected_read_perms))
- end
-
- it "correctly sets :read_execute deny_rights" do
- resource.deny_rights(:read_execute, "Guest")
- resource.run_action(:create)
- expect(explicit_aces).to eq(denied_acl(SID.Guest, expected_read_execute_perms))
- end
-
- it "correctly sets :write deny_rights" do
- resource.deny_rights(:write, "Guest")
- resource.run_action(:create)
- expect(explicit_aces).to eq(denied_acl(SID.Guest, expected_write_perms, write_flag))
- end
-
- it "correctly sets :modify deny_rights" do
- resource.deny_rights(:modify, "Guest")
- resource.run_action(:create)
- expect(explicit_aces).to eq(denied_acl(SID.Guest, expected_modify_perms))
- end
-
- it "correctly sets deny_rights" do
- # deny is an ACE with full rights, but is a deny type ace, not an allow type
- resource.deny_rights(:full_control, "Guest")
- resource.run_action(:create)
- expect(explicit_aces).to eq(denied_acl(SID.Guest, expected_full_control_perms))
- end
-
- it "Sets multiple rights" do
- resource.rights(:read, "Everyone")
- resource.rights(:modify, "Guest")
- resource.run_action(:create)
-
- expect(explicit_aces).to eq(
- allowed_acl(SID.Everyone, expected_read_perms) +
- allowed_acl(SID.Guest, expected_modify_perms)
- )
- end
-
- it "Sets deny_rights ahead of rights" do
- resource.rights(:read, "Everyone")
- resource.deny_rights(:modify, "Guest")
- resource.run_action(:create)
-
- expect(explicit_aces).to eq(
- denied_acl(SID.Guest, expected_modify_perms) +
- allowed_acl(SID.Everyone, expected_read_perms)
- )
- end
-
- it "Sets deny_rights ahead of rights when specified in reverse order" do
- resource.deny_rights(:modify, "Guest")
- resource.rights(:read, "Everyone")
- resource.run_action(:create)
-
- expect(explicit_aces).to eq(
- denied_acl(SID.Guest, expected_modify_perms) +
- allowed_acl(SID.Everyone, expected_read_perms)
- )
+ describe "#denied_acl" do
+ context "correctly sets" do
+
+ it ":read rights" do
+ resource.deny_rights(:read, "Guest")
+ resource.run_action(:create)
+ expect(explicit_aces).to eq(denied_acl(SID.Guest, expected_read_perms))
+ end
+
+ it ":read_execute rights" do
+ resource.deny_rights(:read_execute, "Guest")
+ resource.run_action(:create)
+ expect(explicit_aces).to eq(denied_acl(SID.Guest, expected_read_execute_perms))
+ end
+
+ it ":write rights" do
+ resource.deny_rights(:write, "Guest")
+ resource.run_action(:create)
+ expect(explicit_aces).to eq(denied_acl(SID.Guest, expected_write_perms, write_flag))
+ end
+
+ it ":modify rights" do
+ resource.deny_rights(:modify, "Guest")
+ resource.run_action(:create)
+ expect(explicit_aces).to eq(denied_acl(SID.Guest, expected_modify_perms))
+ end
+
+ it ":full_control rights" do
+ # deny is an ACE with full rights, but is a deny type ace, not an allow type
+ resource.deny_rights(:full_control, "Guest")
+ resource.run_action(:create)
+ expect(explicit_aces).to eq(denied_acl(SID.Guest, expected_full_control_perms))
+ end
+
+ it "deny_rights ahead of rights" do
+ resource.rights(:read, "Everyone")
+ resource.deny_rights(:modify, "Guest")
+ resource.run_action(:create)
+
+ expect(explicit_aces).to eq(
+ denied_acl(SID.Guest, expected_modify_perms) +
+ allowed_acl(SID.Everyone, expected_read_perms)
+ )
+ end
+
+ it "deny_rights ahead of rights when specified in reverse order" do
+ resource.deny_rights(:modify, "Guest")
+ resource.rights(:read, "Everyone")
+ resource.run_action(:create)
+
+ expect(explicit_aces).to eq(
+ denied_acl(SID.Guest, expected_modify_perms) +
+ allowed_acl(SID.Everyone, expected_read_perms)
+ )
+ end
end
-
end
context "with a mode attribute" do