diff options
author | Scott Christopherson <scott@scott-christopherson.com> | 2016-11-29 15:18:10 -0500 |
---|---|---|
committer | Scott Christopherson <scott@scott-christopherson.com> | 2016-12-06 16:09:46 -0500 |
commit | a0342df6a901110a48f1f2d4074d7bb5ea3cdc30 (patch) | |
tree | 873b884344296c3964d42d0fcf423de87b9c8b72 /spec | |
parent | 8b1600d825a7f9509f9448d0b831b8a07c9aec02 (diff) | |
download | chef-a0342df6a901110a48f1f2d4074d7bb5ea3cdc30.tar.gz |
Ensure chef-solo creates node files w/ correct permissionsCOOL-604/chef-solo-node-permissions
This commit ensures that the `nodes` dir and the node files within
it are created with the correct permissions by chef-solo.
Signed-off-by: Scott Christopherson <scott@chef.io>
Diffstat (limited to 'spec')
-rw-r--r-- | spec/integration/solo/solo_spec.rb | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/spec/integration/solo/solo_spec.rb b/spec/integration/solo/solo_spec.rb index e4228a7559..f6cb2e43ef 100644 --- a/spec/integration/solo/solo_spec.rb +++ b/spec/integration/solo/solo_spec.rb @@ -4,6 +4,7 @@ require "chef/run_lock" require "chef/config" require "timeout" require "fileutils" +require "chef/win32/security" if Chef::Platform.windows? describe "chef-solo" do include IntegrationSupport @@ -17,6 +18,55 @@ describe "chef-solo" do let(:chef_solo) { "ruby bin/chef-solo --legacy-mode --minimal-ohai" } + when_the_repository "creates nodes" do + let(:nodes_dir) { File.join(@repository_dir, "nodes") } + let(:node_file) { Dir[File.join(nodes_dir, "*.json")][0] } + + before do + file "config/solo.rb", <<EOM +chef_repo_path "#{@repository_dir}" +EOM + result = shell_out("ruby bin/chef-solo -c \"#{path_to('config/solo.rb')}\" -l debug", :cwd => chef_dir) + result.error! + end + + describe "on unix", :unix_only do + describe "the nodes directory" do + it "has the correct permissions" do + expect(File.stat(nodes_dir).mode.to_s(8)[2..5]).to eq("700") + end + end + + describe "the node file" do + it "has the correct permissions" do + expect(File.stat(node_file).mode.to_s(8)[2..5]).to eq("0600") + end + end + end + + describe "on windows", :windows_only do + let(:read_mask) { Chef::ReservedNames::Win32::API::Security::GENERIC_READ } + let(:write_mask) { Chef::ReservedNames::Win32::API::Security::GENERIC_WRITE } + let(:execute_mask) { Chef::ReservedNames::Win32::API::Security::GENERIC_EXECUTE } + + describe "the nodes directory" do + it "has the correct permissions" do + expect(Chef::ReservedNames::Win32::File.file_access_check(nodes_dir, read_mask)).to be(true) + expect(Chef::ReservedNames::Win32::File.file_access_check(nodes_dir, write_mask)).to be(true) + expect(Chef::ReservedNames::Win32::File.file_access_check(nodes_dir, execute_mask)).to be(true) + end + end + + describe "the node file" do + it "has the correct permissions" do + expect(Chef::ReservedNames::Win32::File.file_access_check(node_file, read_mask)).to be(true) + expect(Chef::ReservedNames::Win32::File.file_access_check(node_file, write_mask)).to be(true) + expect(Chef::ReservedNames::Win32::File.file_access_check(node_file, execute_mask)).to be(false) + end + end + end + end + when_the_repository "has a cookbook with a basic recipe" do before do file "cookbooks/x/metadata.rb", cookbook_x_100_metadata_rb |