diff options
| -rw-r--r-- | lib/chef/chef_fs/data_handler/data_bag_item_data_handler.rb | 5 | ||||
| -rw-r--r-- | spec/unit/chef_fs/data_handler/data_bag_item_data_handler.rb | 79 |
2 files changed, 84 insertions, 0 deletions
diff --git a/lib/chef/chef_fs/data_handler/data_bag_item_data_handler.rb b/lib/chef/chef_fs/data_handler/data_bag_item_data_handler.rb index e799e72e36..4b272daabc 100644 --- a/lib/chef/chef_fs/data_handler/data_bag_item_data_handler.rb +++ b/lib/chef/chef_fs/data_handler/data_bag_item_data_handler.rb @@ -5,6 +5,8 @@ class Chef module ChefFS module DataHandler class DataBagItemDataHandler < DataHandlerBase + RESERVED_NAMES = /node|role|environment|client/ + def normalize(data_bag_item, entry) # If it's wrapped with raw_data, unwrap it. if data_bag_item["json_class"] == "Chef::DataBagItem" && data_bag_item["raw_data"] @@ -43,6 +45,7 @@ class Chef end # Verify that the JSON hash for this type has a key that matches its name. + # Also check that the data bag name is not a reserved search index name. # # @param object [Object] JSON hash of the object # @param entry [Chef::ChefFS::FileSystem::BaseFSObject] filesystem object we are verifying @@ -52,6 +55,8 @@ class Chef base_name = remove_dot_json(entry.name) if object["raw_data"]["id"] != base_name yield("ID in #{entry.path_for_printing} must be '#{base_name}' (is '#{object['raw_data']['id']}')") + elsif entry.parent.name =~ RESERVED_NAMES + yield("Data bag name ('#{entry.parent.name}') must not match #{RESERVED_NAMES.inspect}") end end diff --git a/spec/unit/chef_fs/data_handler/data_bag_item_data_handler.rb b/spec/unit/chef_fs/data_handler/data_bag_item_data_handler.rb new file mode 100644 index 0000000000..c90532c078 --- /dev/null +++ b/spec/unit/chef_fs/data_handler/data_bag_item_data_handler.rb @@ -0,0 +1,79 @@ +# +# Author:: Sandra Tiffin (<sandi.tiffin@gmail.com>) +# Copyright:: Copyright 2014-2016, Chef Software Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "spec_helper" +require "lib/chef/chef_fs/data_handler/data_bag_item_data_handler.rb" + +class TestDataBag < Mash + attr_accessor :name + + def initialize(bag_name) + @name = bag_name + end +end + +class TestDataBagItem < Mash + attr_accessor :name, :parent + + def path_for_printing + "/some/path" + end + + def initialize(bag_name, item_name) + @name = "#{item_name}.json" + @parent = TestDataBag.new(bag_name) + end +end + +describe Chef::ChefFS::DataHandler::DataBagItemDataHandler do + let(:handler) { described_class.new } + + describe "#verify_integrity" do + context "json id does not match data bag item name" do + let(:entry) { TestDataBagItem.new("luggage", "bag") } + let(:object) do + { "raw_data" => { "id" => "duffel" } } + end + it "rejects the data bag item name" do + expect { |b| handler.verify_integrity(object, entry, &b) }.to yield_with_args + end + end + + context "using a reserved word for the data bag name" do + %w(node role environment client).each do |reserved_word| + let(:entry) { TestDataBagItem.new(reserved_word, "bag") } + let(:object) do + { "raw_data" => { "id" => "bag" } } + end + it "rejects the data bag name '#{reserved_word}'" do + expect { |b| handler.verify_integrity(object, entry, &b) }.to yield_with_args + end + end + end + + context "valid data" do + let(:entry) { TestDataBagItem.new("luggage", "bag") } + let(:object) do + { "raw_data" => { "id" => "bag" } } + end + it "validates the data bag item" do + expect(handler.verify_integrity(object, entry)).to be_nil + end + end + end +end |