- Minor fixes to fix functional test cases

- Added functional test cases for deny_rights option - Ensured chef style - Fixes MSYS-958 Signed-off-by: vijaymmali1990 <vijay.mali@msystechnologies.com>
author: vijaymmali1990 <vijay.mali@msystechnologies.com> 2019-01-29 01:58:14 -0800
committer: vijaymmali1990 <vijay.mali@msystechnologies.com> 2019-02-11 22:14:47 -0800
commit: 7658fba8df362c5674008ab6a2852592b6ec9cd1 (patch)
tree: 9ab4ae08eb0203168e6803c816fbe9d91b22b4e5 /spec
parent: 080c4a435af9192bcb46d7ff14840e62ab3911a4 (diff)
download: chef-7658fba8df362c5674008ab6a2852592b6ec9cd1.tar.gz
4 files changed, 43 insertions, 16 deletions
diff --git a/spec/functional/resource/link_spec.rb b/spec/functional/resource/link_spec.rb
index 4464b6ed69..4c8545e60b 100644
--- a/spec/functional/resource/link_spec.rb
+++ b/spec/functional/resource/link_spec.rb
@@ -417,11 +417,11 @@ describe Chef::Resource::Link do
 
         it_behaves_like "a securable resource without existing target" do
           let(:path) { target_file }
-          def allowed_acl(sid, expected_perms)
+          def allowed_acl(sid, expected_perms, flags = 0)
             [ ACE.access_allowed(sid, expected_perms[:specific]) ]
           end
 
-          def denied_acl(sid, expected_perms)
+          def denied_acl(sid, expected_perms, flags = 0)
             [ ACE.access_denied(sid, expected_perms[:specific]) ]
           end
 
diff --git a/spec/support/shared/functional/directory_resource.rb b/spec/support/shared/functional/directory_resource.rb
index 5e5e2bb360..c910e7c668 100644
--- a/spec/support/shared/functional/directory_resource.rb
+++ b/spec/support/shared/functional/directory_resource.rb
@@ -65,18 +65,20 @@ shared_examples_for "a directory resource" do
     end
 
     # Set up the context for security tests
-    def allowed_acl(sid, expected_perms)
-      [
-       ACE.access_allowed(sid, expected_perms[:specific]),
-       ACE.access_allowed(sid, expected_perms[:generic], (Chef::ReservedNames::Win32::API::Security::INHERIT_ONLY_ACE | Chef::ReservedNames::Win32::API::Security::CONTAINER_INHERIT_ACE | Chef::ReservedNames::Win32::API::Security::OBJECT_INHERIT_ACE)),
-      ]
+    def allowed_acl(sid, expected_perms, flags = 0)
+      acl = [ ACE.access_allowed(sid, expected_perms[:specific], flags) ]
+      if expected_perms[:generic]
+        acl << ACE.access_allowed(sid, expected_perms[:generic], (Chef::ReservedNames::Win32::API::Security::INHERIT_ONLY_ACE | Chef::ReservedNames::Win32::API::Security::CONTAINER_INHERIT_ACE | Chef::ReservedNames::Win32::API::Security::OBJECT_INHERIT_ACE))
+      end
+      acl
     end
 
-    def denied_acl(sid, expected_perms)
-      [
-       ACE.access_denied(sid, expected_perms[:specific]),
-       ACE.access_denied(sid, expected_perms[:generic], (Chef::ReservedNames::Win32::API::Security::INHERIT_ONLY_ACE | Chef::ReservedNames::Win32::API::Security::CONTAINER_INHERIT_ACE | Chef::ReservedNames::Win32::API::Security::OBJECT_INHERIT_ACE)),
-      ]
+    def denied_acl(sid, expected_perms, flags = 0)
+      acl = [ ACE.access_denied(sid, expected_perms[:specific], flags) ]
+      if expected_perms[:generic]
+        acl << ACE.access_denied(sid, expected_perms[:generic], (Chef::ReservedNames::Win32::API::Security::INHERIT_ONLY_ACE | Chef::ReservedNames::Win32::API::Security::CONTAINER_INHERIT_ACE | Chef::ReservedNames::Win32::API::Security::OBJECT_INHERIT_ACE))
+      end
+      acl
     end
 
     def parent_inheritable_acls
diff --git a/spec/support/shared/functional/file_resource.rb b/spec/support/shared/functional/file_resource.rb
index 8ae5db6a57..8aa4ffb65e 100644
--- a/spec/support/shared/functional/file_resource.rb
+++ b/spec/support/shared/functional/file_resource.rb
@@ -899,11 +899,11 @@ shared_examples_for "a configured file resource" do
   end
 
   # Set up the context for security tests
-  def allowed_acl(sid, expected_perms)
+  def allowed_acl(sid, expected_perms, flags = 0)
     [ ACE.access_allowed(sid, expected_perms[:specific]) ]
   end
 
-  def denied_acl(sid, expected_perms)
+  def denied_acl(sid, expected_perms, flags = 0)
     [ ACE.access_denied(sid, expected_perms[:specific]) ]
   end
 
diff --git a/spec/support/shared/functional/securable_resource.rb b/spec/support/shared/functional/securable_resource.rb
index d9a2110543..0a7eac442d 100644
--- a/spec/support/shared/functional/securable_resource.rb
+++ b/spec/support/shared/functional/securable_resource.rb
@@ -117,7 +117,6 @@ shared_context "use Windows permissions", :windows_only do
 
   let(:expected_write_perms) do
     {
-      generic: Chef::ReservedNames::Win32::API::Security::GENERIC_WRITE,
       specific: Chef::ReservedNames::Win32::API::Security::WRITE,
     }
   end
@@ -136,6 +135,8 @@ shared_context "use Windows permissions", :windows_only do
     }
   end
 
+  let (:write_flag) { 3 }
+
   RSpec::Matchers.define :have_expected_properties do |mask, type, flags|
     match do |ace|
       ace.mask == mask &&
@@ -380,7 +381,7 @@ shared_examples_for "a securable resource without existing target" do
       it "correctly sets :write rights" do
         resource.rights(:write, "Guest")
         resource.run_action(:create)
-        expect(explicit_aces).to eq(allowed_acl(SID.Guest, expected_write_perms))
+        expect(explicit_aces).to eq(allowed_acl(SID.Guest, expected_write_perms, write_flag))
       end
 
       it "correctly sets :modify rights" do
@@ -395,6 +396,30 @@ shared_examples_for "a securable resource without existing target" do
         expect(explicit_aces).to eq(allowed_acl(SID.Guest, expected_full_control_perms))
       end
 
+      it "correctly sets :read deny_rights" do
+        resource.deny_rights(:read, "Guest")
+        resource.run_action(:create)
+        expect(explicit_aces).to eq(denied_acl(SID.Guest, expected_read_perms))
+      end
+
+      it "correctly sets :read_execute deny_rights" do
+        resource.deny_rights(:read_execute, "Guest")
+        resource.run_action(:create)
+        expect(explicit_aces).to eq(denied_acl(SID.Guest, expected_read_execute_perms))
+      end
+
+      it "correctly sets :write deny_rights" do
+        resource.deny_rights(:write, "Guest")
+        resource.run_action(:create)
+        expect(explicit_aces).to eq(denied_acl(SID.Guest, expected_write_perms, write_flag))
+      end
+
+      it "correctly sets :modify deny_rights" do
+        resource.deny_rights(:modify, "Guest")
+        resource.run_action(:create)
+        expect(explicit_aces).to eq(denied_acl(SID.Guest, expected_modify_perms))
+      end
+
       it "correctly sets deny_rights" do
         # deny is an ACE with full rights, but is a deny type ace, not an allow type
         resource.deny_rights(:full_control, "Guest")
author	vijaymmali1990 <vijay.mali@msystechnologies.com>	2019-01-29 01:58:14 -0800
committer	vijaymmali1990 <vijay.mali@msystechnologies.com>	2019-02-11 22:14:47 -0800
commit	7658fba8df362c5674008ab6a2852592b6ec9cd1 (patch)
tree	9ab4ae08eb0203168e6803c816fbe9d91b22b4e5 /spec
parent	080c4a435af9192bcb46d7ff14840e62ab3911a4 (diff)
download	chef-7658fba8df362c5674008ab6a2852592b6ec9cd1.tar.gz