aws-codedeploy-agent 0.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (84) hide show
  1. data/.gitignore +2 -0
  2. data/CHANGES.md +3 -0
  3. data/Gemfile +13 -0
  4. data/LICENSE +177 -0
  5. data/NOTICE +2 -0
  6. data/README.md +16 -0
  7. data/aws-codedeploy-agent.gemspec +39 -0
  8. data/bin/codedeploy-agent +78 -0
  9. data/bin/codedeploy-install +15 -0
  10. data/bin/codedeploy-uninstall +13 -0
  11. data/certs/host-agent-deployment-signer-ca-chain.pem +76 -0
  12. data/conf/codedeployagent.yml +9 -0
  13. data/init.d/codedeploy-agent +61 -0
  14. data/lib/core_ext.rb +71 -0
  15. data/lib/instance_agent.rb +35 -0
  16. data/lib/instance_agent/agent/base.rb +34 -0
  17. data/lib/instance_agent/codedeploy_plugin/application_specification/ace_info.rb +133 -0
  18. data/lib/instance_agent/codedeploy_plugin/application_specification/acl_info.rb +163 -0
  19. data/lib/instance_agent/codedeploy_plugin/application_specification/application_specification.rb +142 -0
  20. data/lib/instance_agent/codedeploy_plugin/application_specification/context_info.rb +23 -0
  21. data/lib/instance_agent/codedeploy_plugin/application_specification/file_info.rb +23 -0
  22. data/lib/instance_agent/codedeploy_plugin/application_specification/linux_permission_info.rb +121 -0
  23. data/lib/instance_agent/codedeploy_plugin/application_specification/mode_info.rb +66 -0
  24. data/lib/instance_agent/codedeploy_plugin/application_specification/range_info.rb +134 -0
  25. data/lib/instance_agent/codedeploy_plugin/application_specification/script_info.rb +27 -0
  26. data/lib/instance_agent/codedeploy_plugin/codedeploy_control.rb +72 -0
  27. data/lib/instance_agent/codedeploy_plugin/command_executor.rb +357 -0
  28. data/lib/instance_agent/codedeploy_plugin/command_poller.rb +146 -0
  29. data/lib/instance_agent/codedeploy_plugin/deployment_specification.rb +150 -0
  30. data/lib/instance_agent/codedeploy_plugin/hook_executor.rb +206 -0
  31. data/lib/instance_agent/codedeploy_plugin/install_instruction.rb +374 -0
  32. data/lib/instance_agent/codedeploy_plugin/installer.rb +143 -0
  33. data/lib/instance_agent/codedeploy_plugin/request_helper.rb +28 -0
  34. data/lib/instance_agent/config.rb +43 -0
  35. data/lib/instance_agent/log.rb +3 -0
  36. data/lib/instance_agent/platform.rb +17 -0
  37. data/lib/instance_agent/platform/linux_util.rb +57 -0
  38. data/lib/instance_agent/runner/child.rb +57 -0
  39. data/lib/instance_agent/runner/master.rb +103 -0
  40. data/lib/instance_metadata.rb +47 -0
  41. data/test/certificate_helper.rb +120 -0
  42. data/test/helpers/instance_agent_helper.rb +25 -0
  43. data/test/instance_agent/agent/base_test.rb +49 -0
  44. data/test/instance_agent/codedeploy_plugin/application_specification_test.rb +1710 -0
  45. data/test/instance_agent/codedeploy_plugin/codedeploy_control_test.rb +51 -0
  46. data/test/instance_agent/codedeploy_plugin/command_executor_test.rb +513 -0
  47. data/test/instance_agent/codedeploy_plugin/command_poller_test.rb +459 -0
  48. data/test/instance_agent/codedeploy_plugin/deployment_specification_test.rb +335 -0
  49. data/test/instance_agent/codedeploy_plugin/hook_executor_test.rb +250 -0
  50. data/test/instance_agent/codedeploy_plugin/install_instruction_test.rb +566 -0
  51. data/test/instance_agent/codedeploy_plugin/installer_test.rb +519 -0
  52. data/test/instance_agent/codedeploy_plugin/request_helper_test.rb +37 -0
  53. data/test/instance_agent/config_test.rb +64 -0
  54. data/test/instance_agent/runner/child_test.rb +87 -0
  55. data/test/instance_metadata_test.rb +97 -0
  56. data/test/test_helper.rb +16 -0
  57. data/vendor/gems/.codedeploy-commands-1.0.0.created.rid +1 -0
  58. data/vendor/gems/codedeploy-commands/apis/CodeDeployCommand.api.json +372 -0
  59. data/vendor/gems/codedeploy-commands/codedeploy-commands-1.0.0.gemspec +28 -0
  60. data/vendor/gems/codedeploy-commands/lib/aws/codedeploy_commands.rb +18 -0
  61. data/vendor/gems/codedeploy-commands/lib/aws/plugins/certificate_authority.rb +12 -0
  62. data/vendor/gems/codedeploy-commands/lib/aws/plugins/deploy_control_endpoint.rb +22 -0
  63. data/vendor/gems/process_manager/README.md +1 -0
  64. data/vendor/gems/process_manager/lib/blank.rb +153 -0
  65. data/vendor/gems/process_manager/lib/core_ext.rb +73 -0
  66. data/vendor/gems/process_manager/lib/process_manager.rb +49 -0
  67. data/vendor/gems/process_manager/lib/process_manager/child.rb +119 -0
  68. data/vendor/gems/process_manager/lib/process_manager/config.rb +112 -0
  69. data/vendor/gems/process_manager/lib/process_manager/log.rb +107 -0
  70. data/vendor/gems/process_manager/lib/process_manager/master.rb +322 -0
  71. data/vendor/gems/process_manager/process_manager-0.0.13.gemspec +42 -0
  72. data/vendor/specifications/aws-sdk-core-2.0.5.gemspec +39 -0
  73. data/vendor/specifications/builder-3.2.2.gemspec +29 -0
  74. data/vendor/specifications/codedeploy-commands-1.0.0.gemspec +28 -0
  75. data/vendor/specifications/gli-2.5.6.gemspec +51 -0
  76. data/vendor/specifications/jamespath-0.5.1.gemspec +35 -0
  77. data/vendor/specifications/little-plugger-1.1.3.gemspec +32 -0
  78. data/vendor/specifications/logging-1.8.1.gemspec +44 -0
  79. data/vendor/specifications/multi_json-1.7.7.gemspec +30 -0
  80. data/vendor/specifications/multi_json-1.8.4.gemspec +30 -0
  81. data/vendor/specifications/multi_xml-0.5.5.gemspec +30 -0
  82. data/vendor/specifications/process_manager-0.0.13.gemspec +42 -0
  83. data/vendor/specifications/simple_pid-0.2.1.gemspec +28 -0
  84. metadata +377 -0
data/test/helpers/instance_agent_helper.rb ADDED
@@ -0,0 +1,25 @@
1
+ # require the code
2
+ require 'instance_agent'
3
+
4
+ class InstanceAgentTestCase < Test::Unit::TestCase
5
+ include ActiveSupport::Testing::Assertions
6
+
7
+ def setup
8
+ @dir = '/tmp'
9
+ ProcessManager::Config.init
10
+ InstanceAgent::Log.init(File.join(@dir, 'codedeploy-agent.log'))
11
+ InstanceAgent::Config.init
12
+ InstanceAgent::Config.config[:log_dir] = @dir
13
+ InstanceAgent::Config.config[:pid_dir] = @dir
14
+ InstanceAgent::Config.config[:instance_service_region] = 'a-region'
15
+ InstanceAgent::Config.config[:instance_service_endpoint] = 'instance-service-endpoint'
16
+ InstanceAgent::Config.config[:instance_service_port] = 123
17
+ InstanceAgent::Config.config[:wait_after_error] = 0
18
+ InstanceAgent::Platform.util = InstanceAgent::LinuxUtil
19
+ end
20
+
21
+ def assert_raised_with_message(message, error_type = RuntimeError)
22
+ error = assert_raise(error_type) { yield }
23
+ assert_equal(message, error.message)
24
+ end
25
+ end
data/test/instance_agent/agent/base_test.rb ADDED
@@ -0,0 +1,49 @@
1
+ # encode: UTF-8
2
+ require 'test_helper'
3
+
4
+ class InstanceAgentBaseTest < InstanceAgentTestCase
5
+ context 'The instance agent base' do
6
+ setup do
7
+ @base = InstanceAgent::Agent::Base.new
8
+ @base.stubs(:sleep).returns true
9
+ end
10
+
11
+ context 'have a set of public methods' do
12
+ should 'have a class method called runner' do
13
+ assert InstanceAgent::Agent::Base.respond_to?('runner')
14
+ end
15
+ should 'have a description method' do
16
+ assert @base.respond_to?('description')
17
+ end
18
+ should 'have a log method' do
19
+ assert @base.respond_to?('log')
20
+ end
21
+ should 'have a run method' do
22
+ assert @base.respond_to?('run')
23
+ end
24
+ end
25
+
26
+ context 'rescues exceptions when running perform' do
27
+ should 'rescue Aws::Errors::MissingCredentialsError' do
28
+ @base.stubs(:perform).raises Aws::Errors::MissingCredentialsError
29
+ @base.expects(:sleep).with 0
30
+ @base.expects(:log).with(:error, "Missing credentials - please check if this instance was started with an IAM instance profile")
31
+ assert_nothing_raised(Aws::Errors::MissingCredentialsError) { @base.run }
32
+ end
33
+
34
+ should 'rescue Aws::Errors::ServiceError' do
35
+ @base.stubs(:perform).raises Aws::Errors::ServiceError.new(nil, "http error")
36
+ @base.expects(:sleep).with(0)
37
+ @base.expects(:log).with { |v1, v2| v1.eql?(:error) && v2 =~ /Cannot reach InstanceService/ }
38
+ assert_nothing_raised(Aws::Errors::ServiceError) { @base.run }
39
+ end
40
+
41
+ should 'rescue all other types of exception' do
42
+ @base.stubs(:perform).raises Exception
43
+ @base.expects(:sleep).with(0)
44
+ @base.expects(:log).with { |v1, v2| v1.eql?(:error) && v2 =~ /Error during perform/ }
45
+ assert_nothing_raised(Exception) { @base.run }
46
+ end
47
+ end
48
+ end
49
+ end
data/test/instance_agent/codedeploy_plugin/application_specification_test.rb ADDED
@@ -0,0 +1,1710 @@
1
+ require 'test_helper'
2
+ require 'ostruct'
3
+ require 'yaml'
4
+
5
+ module InstanceAgent
6
+ module CodeDeployPlugin
7
+ module ApplicationSpecification
8
+ class ApplicationSpecificationTest < InstanceAgentTestCase
9
+ context 'The Application Specification' do
10
+ setup do
11
+ @test_revision_id = 'bar'
12
+ end
13
+
14
+ private
15
+ def make_app_spec
16
+ ApplicationSpecification.new(YAML.load(@app_spec_string), {:revision_id => @test_revision_id})
17
+ end
18
+
19
+ context "With missing version" do
20
+ setup do
21
+ @app_spec_string = <<-END
22
+ os: linux
23
+ END
24
+ end
25
+
26
+ should "raise an exception" do
27
+ assert_raised_with_message('unsupported version: ',AppSpecValidationException) do
28
+ make_app_spec()
29
+ end
30
+ end
31
+ end
32
+
33
+ context "With invalid version" do
34
+ setup do
35
+ @app_spec_string = <<-END
36
+ version: invalid
37
+ os: linux
38
+ END
39
+ end
40
+
41
+ should "raise an exception" do
42
+ assert_raised_with_message('unsupported version: invalid',AppSpecValidationException) do
43
+ make_app_spec()
44
+ end
45
+ end
46
+ end
47
+
48
+ context "With missing os" do
49
+ setup do
50
+ @app_spec_string = <<-END
51
+ version: 0.0
52
+ END
53
+ end
54
+
55
+ should "raise an exception" do
56
+ assert_raised_with_message('unsupported os: ',AppSpecValidationException) do
57
+ make_app_spec()
58
+ end
59
+ end
60
+ end
61
+
62
+ context "With invalid os" do
63
+ setup do
64
+ @app_spec_string = <<-END
65
+ version: 0.0
66
+ os: unsupported
67
+ END
68
+ end
69
+
70
+ should "raise an exception" do
71
+ assert_raised_with_message('unsupported os: unsupported',AppSpecValidationException) do
72
+ make_app_spec()
73
+ end
74
+ end
75
+ end
76
+
77
+ context "With no hooks or files" do
78
+ setup do
79
+ @app_spec_string = "version: 0.0\nos: linux\n"
80
+ end
81
+ should "Return an empty hooks hash" do
82
+ app_spec = make_app_spec
83
+ assert_equal({}, app_spec.hooks)
84
+ end
85
+ should "Return an empty files array" do
86
+ app_spec = make_app_spec
87
+ assert_equal([], app_spec.files)
88
+ end
89
+ end
90
+
91
+ context "With a single complete hook" do
92
+ setup do
93
+ #A single test script with all parameters
94
+ @app_spec_string = <<-END
95
+ version: 0.0
96
+ os: linux
97
+ hooks:
98
+ test_hook:
99
+ - location: test_location_1
100
+ runas: foo
101
+ timeout: 30
102
+ END
103
+ end
104
+ should "Return a collection containing test script 1" do
105
+ app_spec = make_app_spec
106
+ assert_not_equal nil, app_spec.hooks
107
+ assert_equal ['test_location_1'] , app_spec.hooks["test_hook"].map(&:location)
108
+ assert_equal ['foo'] , app_spec.hooks["test_hook"].map(&:runas)
109
+ assert_equal [30] , app_spec.hooks["test_hook"].map(&:timeout)
110
+ end
111
+ end
112
+
113
+ context "With two complete hooks" do
114
+ setup do
115
+ #A pair of test scripts with all parameters
116
+ @app_spec_string = <<-END
117
+ version: 0.0
118
+ os: linux
119
+ hooks:
120
+ test_hook:
121
+ - location: test_location_1
122
+ runas: foo
123
+ timeout: 30
124
+ - location: test_location_2
125
+ runas: foo2
126
+ timeout: 30
127
+ END
128
+ end
129
+
130
+ should "Return a collection containing test script 1 and test script 2" do
131
+ app_spec = make_app_spec
132
+ assert_not_equal nil, app_spec.hooks
133
+ assert_equal ['test_location_1', 'test_location_2'] , app_spec.hooks["test_hook"].map(&:location)
134
+ end
135
+ end
136
+
137
+ context "With partial hooks (just a runas)" do
138
+ setup do
139
+ #A test script with just a location
140
+ #A test script with location and runas
141
+ @app_spec_string = <<-END
142
+ version: 0.0
143
+ os: linux
144
+ hooks:
145
+ test_hook:
146
+ - location: test_location
147
+ - location: test_location_lr
148
+ runas: foo3
149
+ END
150
+ end
151
+
152
+ should "Return a collection containing the two scripts in order" do
153
+ app_spec = make_app_spec()
154
+ assert_not_equal nil, app_spec.hooks
155
+ assert_equal [nil, 'foo3'] , app_spec.hooks["test_hook"].map(&:runas)
156
+ end
157
+ end
158
+
159
+ context "With partial hooks (just a timeout)" do
160
+ setup do
161
+ #A test script with just a location
162
+ #A test script with location and timeout
163
+ @app_spec_string = <<-END
164
+ version: 0.0
165
+ os: linux
166
+ hooks:
167
+ test_hook:
168
+ - location: test_location
169
+ - location: test_location_lt
170
+ timeout: 30
171
+ END
172
+ end
173
+
174
+ should "Return a collection containing the two scripts in order" do
175
+ app_spec = make_app_spec()
176
+ assert_not_equal nil, app_spec.hooks
177
+ assert_equal [3600, 30] , app_spec.hooks["test_hook"].map(&:timeout)
178
+ end
179
+ end
180
+
181
+ context "With missing location data" do
182
+ setup do
183
+ #A test script without a location
184
+ @app_spec_string = <<-END
185
+ version: 0.0
186
+ os: linux
187
+ hooks:
188
+ test_hook:
189
+ - timeout: 30
190
+ END
191
+ end
192
+
193
+ should "raise an exception" do
194
+ assert_raised_with_message('script provided without a location value',AppSpecValidationException) do
195
+ make_app_spec()
196
+ end
197
+ end
198
+ end
199
+
200
+ context "With non numerical timeout data" do
201
+ setup do
202
+ #A test script with bad timeout data
203
+ @app_spec_string = <<-END
204
+ version: 0.0
205
+ os: linux
206
+ hooks:
207
+ test_hook:
208
+ - location: test_location
209
+ timeout: foo
210
+ END
211
+ end
212
+
213
+ should "raise an exception" do
214
+ assert_raised_with_message('Timeout needs to be an integer greater than 0',AppSpecValidationException) do
215
+ make_app_spec()
216
+ end
217
+ end
218
+ end
219
+
220
+ context "App spec has a file mapping" do
221
+ context "file map contains a single file" do
222
+ setup do
223
+ @app_spec_string = <<-END
224
+ version: 0.0
225
+ os: linux
226
+ files:
227
+ - source: test_source
228
+ destination: test_destination
229
+ END
230
+ end
231
+
232
+ should "return a hash containing the file mapping objects" do
233
+ app_spec = make_app_spec
234
+ assert_not_equal nil, app_spec.files
235
+ assert_equal ['test_source'] , app_spec.files.map(&:source)
236
+ assert_equal ['test_destination'] , app_spec.files.map(&:destination)
237
+ end
238
+ end
239
+
240
+ context "file map contains multiple files" do
241
+ setup do
242
+ @app_spec_string = <<-END
243
+ version: 0.0
244
+ os: linux
245
+ files:
246
+ - source: test_source
247
+ destination: test_destination
248
+ - source: test_source_2
249
+ destination: test_destination_2
250
+ END
251
+ end
252
+
253
+ should "return a hash containing the file mapping objects" do
254
+ app_spec = make_app_spec
255
+ assert_not_equal nil, app_spec.files
256
+ assert_equal ['test_source', 'test_source_2'] , app_spec.files.map(&:source)
257
+ assert_equal ['test_destination','test_destination_2'] , app_spec.files.map(&:destination)
258
+ end
259
+ end
260
+
261
+ context "file map is missing a destination" do
262
+ setup do
263
+ @app_spec_string = <<-END
264
+ version: 0.0
265
+ os: linux
266
+ files:
267
+ - source: test_source
268
+ END
269
+ end
270
+
271
+ should "raise and AppSpecValidationException" do
272
+ assert_raised_with_message('File needs to have a destination',AppSpecValidationException) do
273
+ make_app_spec()
274
+ end
275
+ end
276
+ end
277
+
278
+ context "file map is missing a source" do
279
+ setup do
280
+ @app_spec_string = <<-END
281
+ version: 0.0
282
+ os: linux
283
+ files:
284
+ - destination: test_destination
285
+ END
286
+ end
287
+
288
+ should "raise and AppSpecValidationException" do
289
+ assert_raised_with_message('File needs to have a source',AppSpecValidationException) do
290
+ make_app_spec()
291
+ end
292
+ end
293
+ end
294
+ end
295
+
296
+ context "With permission without object set" do
297
+ setup do
298
+ @app_spec_string = <<-END
299
+ version: 0.0
300
+ os: linux
301
+ permissions:
302
+ - pattern: test
303
+ END
304
+ end
305
+
306
+ should "raise an exception" do
307
+ assert_raised_with_message('permission provided without a object value',AppSpecValidationException) do
308
+ make_app_spec()
309
+ end
310
+ end
311
+ end
312
+
313
+ context "With permission pattern of **" do
314
+ setup do
315
+ @app_spec_string = <<-END
316
+ version: 0.0
317
+ os: linux
318
+ permissions:
319
+ - object: '/'
320
+ pattern: '**'
321
+ END
322
+ end
323
+
324
+ should "match all objects" do
325
+ app_spec = make_app_spec()
326
+ assert_equal '**', app_spec.permissions[0].pattern
327
+ end
328
+ end
329
+
330
+ context "With multiple permissions" do
331
+ setup do
332
+ @app_spec_string = <<-END
333
+ version: 0.0
334
+ os: linux
335
+ permissions:
336
+ - object: '/'
337
+ - object: test
338
+ - object: more
339
+ END
340
+ end
341
+
342
+ should "match all objects" do
343
+ app_spec = make_app_spec()
344
+ assert_equal 3, app_spec.permissions.length
345
+ assert_equal '/', app_spec.permissions[0].object
346
+ assert_equal "test", app_spec.permissions[1].object
347
+ assert_equal "more", app_spec.permissions[2].object
348
+ end
349
+ end
350
+
351
+ context "With permissions with pattern" do
352
+ setup do
353
+ @app_spec_string = <<-END
354
+ version: 0.0
355
+ os: linux
356
+ permissions:
357
+ - object: '/'
358
+ pattern: 'glob'
359
+ END
360
+ end
361
+
362
+ should "raise when validated as file permission" do
363
+ app_spec = make_app_spec()
364
+ assert_raised_with_message('Attempt to use pattern glob when assigning permissions to file /',AppSpecValidationException) do
365
+ app_spec.permissions[0].validate_file_permission
366
+ end
367
+ end
368
+ end
369
+
370
+ context "With permissions with except" do
371
+ setup do
372
+ @app_spec_string = <<-END
373
+ version: 0.0
374
+ os: linux
375
+ permissions:
376
+ - object: '/'
377
+ except:
378
+ - 'glob'
379
+ END
380
+ end
381
+
382
+ should "raise when validated as file permission" do
383
+ app_spec = make_app_spec()
384
+ assert_raised_with_message('Attempt to use except ["glob"] when assigning permissions to file /',AppSpecValidationException) do
385
+ app_spec.permissions[0].validate_file_permission
386
+ end
387
+ end
388
+ end
389
+
390
+ context "With permissions" do
391
+ setup do
392
+ @app_spec_string = <<-END
393
+ version: 0.0
394
+ os: linux
395
+ permissions:
396
+ - object: '/'
397
+ END
398
+ end
399
+
400
+ should "not raise when validated as file permission" do
401
+ app_spec = make_app_spec()
402
+ assert_nothing_raised do
403
+ app_spec.permissions[0].validate_file_permission
404
+ end
405
+ end
406
+ end
407
+
408
+ context "With permissions with pattern without file type" do
409
+ setup do
410
+ @app_spec_string = <<-END
411
+ version: 0.0
412
+ os: linux
413
+ permissions:
414
+ - object: '/'
415
+ pattern: 'glob'
416
+ type:
417
+ - "directory"
418
+ END
419
+ end
420
+
421
+ should "not raise when validated as file permission" do
422
+ app_spec = make_app_spec()
423
+ assert_nothing_raised do
424
+ app_spec.permissions[0].validate_file_permission
425
+ end
426
+ end
427
+ end
428
+
429
+ context "With permissions with acl without default ace" do
430
+ setup do
431
+ @app_spec_string = <<-END
432
+ version: 0.0
433
+ os: linux
434
+ permissions:
435
+ - object: '/'
436
+ acls:
437
+ - 'user:name:rwx'
438
+ END
439
+ end
440
+
441
+ should "be able to validate as a file acl" do
442
+ app_spec = make_app_spec()
443
+ assert_nothing_raised do
444
+ app_spec.permissions[0].validate_file_acl("test")
445
+ end
446
+ end
447
+ end
448
+
449
+ context "With permissions with acl with default ace" do
450
+ setup do
451
+ @app_spec_string = <<-END
452
+ version: 0.0
453
+ os: linux
454
+ permissions:
455
+ - object: '/'
456
+ acls:
457
+ - 'd:user:name:rwx'
458
+ END
459
+ end
460
+
461
+ should "be able to validate as a file acl" do
462
+ app_spec = make_app_spec()
463
+ assert_raised_with_message('Attempt to set default acl default:user:name:rwx on file test',RuntimeError) do
464
+ app_spec.permissions[0].validate_file_acl("test")
465
+ end
466
+ end
467
+ end
468
+
469
+ context "With valid permission object" do
470
+ setup do
471
+ @app_spec_string = <<-END
472
+ version: 0.0
473
+ os: linux
474
+ permissions:
475
+ - object: 'test'
476
+ pattern: 'prefix*'
477
+ except: ['*ReadMe', '*.tmp']
478
+ type: ['file']
479
+ owner: 'bob'
480
+ group: 'dev'
481
+ mode: 6763
482
+ acls:
483
+ - 'u:henry:7'
484
+ - 'd:g:manager:rw'
485
+ context:
486
+ name: 'user_u'
487
+ type: 'unconfined_t'
488
+ range: 's3-s5:c0.c7,c13'
489
+ END
490
+ end
491
+
492
+ should "match pattern when appropriate" do
493
+ app_spec = make_app_spec()
494
+ permission = app_spec.permissions[0]
495
+
496
+ assert permission.matches_pattern?(File.expand_path("test/prefix")), "Should match test/prefix for pattern"
497
+ assert permission.matches_pattern?(File.expand_path("test/prefix_matches")), "Should match test/prefix_matches for pattern"
498
+ assert !permission.matches_pattern?(File.expand_path("test/prefix/does_not_match")), "Should not match test/prefix/does_not_match for pattern"
499
+ assert !permission.matches_pattern?(File.expand_path("testprefix/")), "Should not match testprefix/ for pattern"
500
+ assert !permission.matches_pattern?(File.expand_path("tst/prefix")), "Should not match tst/prefix for pattern"
501
+ assert !permission.matches_pattern?(File.expand_path("test/not_prefix")), "Should not match test/not_prefix for pattern"
502
+ end
503
+
504
+ should "match except when appropriate" do
505
+ app_spec = make_app_spec()
506
+ permission = app_spec.permissions[0]
507
+
508
+ assert permission.matches_except?(File.expand_path("test/this.tmp")), "Should match test/this.tmp for except"
509
+ assert permission.matches_except?(File.expand_path("test/this_ReadMe")), "Should match test/this_ReadMe for except"
510
+ assert !permission.matches_except?(File.expand_path("test/prefix/does_not_match.tmp")), "Should not match test/prefix/does_not_match.tmp for except"
511
+ assert !permission.matches_except?(File.expand_path("testprefix/")), "Should not match testprefix/ for except"
512
+ assert !permission.matches_except?(File.expand_path("tst/prefix")), "Should not match tst/prefix for except"
513
+ assert !permission.matches_except?(File.expand_path("test/not_match")), "Should not match test/not_match for except"
514
+ end
515
+
516
+ should "set fields correctly" do
517
+ app_spec = make_app_spec()
518
+ permission = app_spec.permissions[0]
519
+ assert_equal 'test', permission.object
520
+ assert_equal 'prefix*', permission.pattern
521
+ assert_equal ['*ReadMe', '*.tmp'], permission.except
522
+ assert_equal ['file'], permission.type
523
+ assert_equal 'bob', permission.owner
524
+ assert_equal 'dev', permission.group
525
+
526
+ mode = permission.mode
527
+ assert_equal '6763', mode.mode
528
+ assert_equal '3', mode.world
529
+ assert_equal false, mode.world_readable
530
+ assert_equal true, mode.world_writable
531
+ assert_equal true, mode.world_executable
532
+ assert_equal '6', mode.group
533
+ assert_equal true, mode.group_readable
534
+ assert_equal true, mode.group_writable
535
+ assert_equal false, mode.group_executable
536
+ assert_equal '7', mode.owner
537
+ assert_equal true, mode.owner_readable
538
+ assert_equal true, mode.owner_writable
539
+ assert_equal true, mode.owner_executable
540
+ assert_equal true, mode.setuid
541
+ assert_equal true, mode.setgid
542
+ assert_equal false, mode.sticky
543
+
544
+ acl = permission.acls
545
+ assert_equal 2, acl.aces.length
546
+ ace = acl.aces[0]
547
+ assert_equal false, ace.default
548
+ assert_equal 'user', ace.type
549
+ assert_equal 'henry', ace.name
550
+ assert_equal true, ace.read
551
+ assert_equal true, ace.write
552
+ assert_equal true, ace.execute
553
+
554
+ ace = acl.aces[1]
555
+ assert_equal true, ace.default
556
+ assert_equal 'group', ace.type
557
+ assert_equal 'manager', ace.name
558
+ assert_equal true, ace.read
559
+ assert_equal true, ace.write
560
+ assert_equal false, ace.execute
561
+
562
+ context = permission.context
563
+ assert_equal 'user_u', context.user
564
+ assert_equal nil, context.role
565
+ assert_equal 'unconfined_t', context.type
566
+
567
+ range = context.range
568
+ assert_equal 3, range.low_sensitivity
569
+ assert_equal 5, range.high_sensitivity
570
+
571
+ categories = range.categories
572
+ assert_equal 9, categories.length
573
+ [(0..7).to_a,13].flatten!.each do |category|
574
+ assert_equal true, categories.include?(category), "Unable to find expected category #{category}"
575
+ end
576
+ end
577
+ end
578
+
579
+ context "With permission with acl with ace with too few parts" do
580
+ setup do
581
+ @app_spec_string = <<-END
582
+ version: 0.0
583
+ os: linux
584
+ permissions:
585
+ - object: 'test/'
586
+ acls:
587
+ - '7'
588
+ END
589
+ end
590
+
591
+ should "raise an exception" do
592
+ assert_raised_with_message('invalid acl entry 7',AppSpecValidationException) do
593
+ make_app_spec()
594
+ end
595
+ end
596
+ end
597
+
598
+ context "With permission with acl with ace with too many parts" do
599
+ setup do
600
+ @app_spec_string = <<-END
601
+ version: 0.0
602
+ os: linux
603
+ permissions:
604
+ - object: 'test/'
605
+ acls:
606
+ - 'd:u:bob:7:rwx'
607
+ END
608
+ end
609
+
610
+ should "raise an exception" do
611
+ assert_raised_with_message('invalid acl entry d:u:bob:7:rwx',AppSpecValidationException) do
612
+ make_app_spec()
613
+ end
614
+ end
615
+ end
616
+
617
+ context "With permission with acl with ace with invalid first part" do
618
+ setup do
619
+ @app_spec_string = <<-END
620
+ version: 0.0
621
+ os: linux
622
+ permissions:
623
+ - object: 'test/'
624
+ acls:
625
+ - 'invalid:u:bob:7:rwx'
626
+ END
627
+ end
628
+
629
+ should "raise an exception" do
630
+ assert_raised_with_message('invalid acl entry invalid:u:bob:7:rwx',AppSpecValidationException) do
631
+ make_app_spec()
632
+ end
633
+ end
634
+ end
635
+
636
+ context "With permission with acl with ace with invalid second part" do
637
+ setup do
638
+ @app_spec_string = <<-END
639
+ version: 0.0
640
+ os: linux
641
+ permissions:
642
+ - object: 'test/'
643
+ acls:
644
+ - 'd:invalid:bob:7:rwx'
645
+ END
646
+ end
647
+
648
+ should "raise an exception" do
649
+ assert_raised_with_message('invalid acl entry d:invalid:bob:7:rwx',AppSpecValidationException) do
650
+ make_app_spec()
651
+ end
652
+ end
653
+ end
654
+
655
+ context "With permission with acl with ace with default as first and second part" do
656
+ setup do
657
+ @app_spec_string = <<-END
658
+ version: 0.0
659
+ os: linux
660
+ permissions:
661
+ - object: 'test/'
662
+ acls:
663
+ - 'd:d:bob:7:rwx'
664
+ END
665
+ end
666
+
667
+ should "raise an exception" do
668
+ assert_raised_with_message('invalid acl entry d:d:bob:7:rwx',AppSpecValidationException) do
669
+ make_app_spec()
670
+ end
671
+ end
672
+ end
673
+
674
+ context "With permission with acl with ace with mask with name" do
675
+ setup do
676
+ @app_spec_string = <<-END
677
+ version: 0.0
678
+ os: linux
679
+ permissions:
680
+ - object: 'test/'
681
+ acls:
682
+ - 'mask:name:rwx'
683
+ END
684
+ end
685
+
686
+ should "raise an exception" do
687
+ assert_raised_with_message('invalid acl entry mask:name:rwx',AppSpecValidationException) do
688
+ make_app_spec()
689
+ end
690
+ end
691
+ end
692
+
693
+ context "With permission with acl with ace with other with name" do
694
+ setup do
695
+ @app_spec_string = <<-END
696
+ version: 0.0
697
+ os: linux
698
+ permissions:
699
+ - object: 'test/'
700
+ acls:
701
+ - 'd:other:name:rwx'
702
+ END
703
+ end
704
+
705
+ should "raise an exception" do
706
+ assert_raised_with_message('invalid acl entry d:other:name:rwx',AppSpecValidationException) do
707
+ make_app_spec()
708
+ end
709
+ end
710
+ end
711
+
712
+ context "With permission with acl with ace with invalid permission character" do
713
+ setup do
714
+ @app_spec_string = <<-END
715
+ version: 0.0
716
+ os: linux
717
+ permissions:
718
+ - object: 'test/'
719
+ acls:
720
+ - 'user:bob:rwxd'
721
+ END
722
+ end
723
+
724
+ should "raise an exception" do
725
+ assert_raised_with_message('unrecognized permission character d in user:bob:rwxd',AppSpecValidationException) do
726
+ make_app_spec()
727
+ end
728
+ end
729
+ end
730
+
731
+ context "With permission with acl with valid ace with 4 parts" do
732
+ setup do
733
+ @app_spec_string = <<-END
734
+ version: 0.0
735
+ os: linux
736
+ permissions:
737
+ - object: 'test/'
738
+ acls:
739
+ - 'd:u:bob:rwx'
740
+ - 'default:g:dev:rw'
741
+ END
742
+ end
743
+
744
+ should "generate correct fields" do
745
+ app_spec = make_app_spec()
746
+
747
+ acl = app_spec.permissions[0].acls
748
+ assert_equal 2, acl.aces.length
749
+
750
+ ace = acl.aces[0]
751
+ assert_equal true, ace.default
752
+ assert_equal 'user', ace.type
753
+ assert_equal 'bob', ace.name
754
+ assert_equal true, ace.read
755
+ assert_equal true, ace.write
756
+ assert_equal true, ace.execute
757
+
758
+ ace = acl.aces[1]
759
+ assert_equal true, ace.default
760
+ assert_equal 'group', ace.type
761
+ assert_equal 'dev', ace.name
762
+ assert_equal true, ace.read
763
+ assert_equal true, ace.write
764
+ assert_equal false, ace.execute
765
+ end
766
+ end
767
+
768
+ context "With permission with acl with valid ace with 3 parts" do
769
+ setup do
770
+ @app_spec_string = <<-END
771
+ version: 0.0
772
+ os: linux
773
+ permissions:
774
+ - object: 'test/'
775
+ acls:
776
+ - 'd:bob:rwx'
777
+ - 'default::rw'
778
+ - 'm::7'
779
+ - 'mask::7'
780
+ - 'g:dev:7'
781
+ - 'group:dev:7'
782
+ - 'u:bob:7'
783
+ - 'user:bob:7'
784
+ - 'u:mask:7'
785
+ - 'u:other:7'
786
+ END
787
+ end
788
+
789
+ should "generate correct fields" do
790
+ app_spec = make_app_spec()
791
+
792
+ acl = app_spec.permissions[0].acls
793
+ assert_equal 10, acl.aces.length
794
+
795
+ ace = acl.aces[0]
796
+ assert_equal true, ace.default
797
+ assert_equal 'user', ace.type
798
+ assert_equal 'bob', ace.name
799
+ assert_equal true, ace.read
800
+ assert_equal true, ace.write
801
+ assert_equal true, ace.execute
802
+
803
+ ace = acl.aces[1]
804
+ assert_equal true, ace.default
805
+ assert_equal 'user', ace.type
806
+ assert_equal '', ace.name
807
+ assert_equal true, ace.read
808
+ assert_equal true, ace.write
809
+ assert_equal false, ace.execute
810
+
811
+ ace = acl.aces[2]
812
+ assert_equal false, ace.default
813
+ assert_equal 'mask', ace.type
814
+ assert_equal '', ace.name
815
+ assert_equal true, ace.read
816
+ assert_equal true, ace.write
817
+ assert_equal true, ace.execute
818
+
819
+ ace = acl.aces[3]
820
+ assert_equal false, ace.default
821
+ assert_equal 'mask', ace.type
822
+ assert_equal '', ace.name
823
+ assert_equal true, ace.read
824
+ assert_equal true, ace.write
825
+ assert_equal true, ace.execute
826
+
827
+ ace = acl.aces[4]
828
+ assert_equal false, ace.default
829
+ assert_equal 'group', ace.type
830
+ assert_equal 'dev', ace.name
831
+ assert_equal true, ace.read
832
+ assert_equal true, ace.write
833
+ assert_equal true, ace.execute
834
+
835
+ ace = acl.aces[5]
836
+ assert_equal false, ace.default
837
+ assert_equal 'group', ace.type
838
+ assert_equal 'dev', ace.name
839
+ assert_equal true, ace.read
840
+ assert_equal true, ace.write
841
+ assert_equal true, ace.execute
842
+
843
+ ace = acl.aces[6]
844
+ assert_equal false, ace.default
845
+ assert_equal 'user', ace.type
846
+ assert_equal 'bob', ace.name
847
+ assert_equal true, ace.read
848
+ assert_equal true, ace.write
849
+ assert_equal true, ace.execute
850
+
851
+ ace = acl.aces[7]
852
+ assert_equal false, ace.default
853
+ assert_equal 'user', ace.type
854
+ assert_equal 'bob', ace.name
855
+ assert_equal true, ace.read
856
+ assert_equal true, ace.write
857
+ assert_equal true, ace.execute
858
+
859
+ ace = acl.aces[8]
860
+ assert_equal false, ace.default
861
+ assert_equal 'user', ace.type
862
+ assert_equal 'mask', ace.name
863
+ assert_equal true, ace.read
864
+ assert_equal true, ace.write
865
+ assert_equal true, ace.execute
866
+
867
+ ace = acl.aces[9]
868
+ assert_equal false, ace.default
869
+ assert_equal 'user', ace.type
870
+ assert_equal 'other', ace.name
871
+ assert_equal true, ace.read
872
+ assert_equal true, ace.write
873
+ assert_equal true, ace.execute
874
+ end
875
+ end
876
+
877
+ context "With permission with acl with valid ace with 2 parts" do
878
+ setup do
879
+ @app_spec_string = <<-END
880
+ version: 0.0
881
+ os: linux
882
+ permissions:
883
+ - object: 'test/'
884
+ acls:
885
+ - 'bob:0'
886
+ - 'm:7'
887
+ - 'mask:'
888
+ END
889
+ end
890
+
891
+ should "generate correct fields" do
892
+ app_spec = make_app_spec()
893
+
894
+ acl = app_spec.permissions[0].acls
895
+ assert_equal 3, acl.aces.length
896
+
897
+ ace = acl.aces[0]
898
+ assert_equal false, ace.default
899
+ assert_equal 'user', ace.type
900
+ assert_equal 'bob', ace.name
901
+ assert_equal false, ace.read
902
+ assert_equal false, ace.write
903
+ assert_equal false, ace.execute
904
+
905
+ ace = acl.aces[1]
906
+ assert_equal false, ace.default
907
+ assert_equal 'mask', ace.type
908
+ assert_equal '', ace.name
909
+ assert_equal true, ace.read
910
+ assert_equal true, ace.write
911
+ assert_equal true, ace.execute
912
+
913
+ ace = acl.aces[2]
914
+ assert_equal false, ace.default
915
+ assert_equal 'mask', ace.type
916
+ assert_equal '', ace.name
917
+ assert_equal false, ace.read
918
+ assert_equal false, ace.write
919
+ assert_equal false, ace.execute
920
+ end
921
+ end
922
+
923
+ context "With permission with context with invalid sensitivity range" do
924
+ setup do
925
+ @app_spec_string = <<-END
926
+ version: 0.0
927
+ os: linux
928
+ permissions:
929
+ - object: 'test/'
930
+ context:
931
+ name: 'name'
932
+ type: 'type'
933
+ range: 's3-s2:c0'
934
+ END
935
+ end
936
+
937
+ should "raise an exception" do
938
+ assert_raised_with_message('invalid sensitivity range in s3-s2:c0',AppSpecValidationException) do
939
+ make_app_spec()
940
+ end
941
+ end
942
+ end
943
+
944
+ context "With permission with context with missing sensitivity range part" do
945
+ setup do
946
+ @app_spec_string = <<-END
947
+ version: 0.0
948
+ os: linux
949
+ permissions:
950
+ - object: 'test/'
951
+ context:
952
+ name: 'name'
953
+ type: 'type'
954
+ range: 's3-:c0'
955
+ END
956
+ end
957
+
958
+ should "raise an exception" do
959
+ assert_raised_with_message('invalid range part s3-',AppSpecValidationException) do
960
+ make_app_spec()
961
+ end
962
+ end
963
+ end
964
+
965
+ context "With single sensitivity" do
966
+ setup do
967
+ @app_spec_string = <<-END
968
+ version: 0.0
969
+ os: linux
970
+ permissions:
971
+ - object: 'test/'
972
+ context:
973
+ type: 'type'
974
+ range: 's5'
975
+ END
976
+ end
977
+
978
+ should "generate correct fields" do
979
+ app_spec = make_app_spec()
980
+
981
+ assert_equal 5, app_spec.permissions[0].context.range.low_sensitivity
982
+ assert_equal 5, app_spec.permissions[0].context.range.high_sensitivity
983
+ assert_equal nil, app_spec.permissions[0].context.range.categories
984
+ end
985
+ end
986
+
987
+ context "With permission with context with missing sensitivity" do
988
+ setup do
989
+ @app_spec_string = <<-END
990
+ version: 0.0
991
+ os: linux
992
+ permissions:
993
+ - object: 'test/'
994
+ context:
995
+ name: 'name'
996
+ type: 'type'
997
+ range: ':c0'
998
+ END
999
+ end
1000
+
1001
+ should "raise an exception" do
1002
+ assert_raised_with_message('invalid range part :c0',AppSpecValidationException) do
1003
+ make_app_spec()
1004
+ end
1005
+ end
1006
+ end
1007
+
1008
+ context "With permission with context with missing sensitivity value" do
1009
+ setup do
1010
+ @app_spec_string = <<-END
1011
+ version: 0.0
1012
+ os: linux
1013
+ permissions:
1014
+ - object: 'test/'
1015
+ context:
1016
+ name: 'name'
1017
+ type: 'type'
1018
+ range: 's'
1019
+ END
1020
+ end
1021
+
1022
+ should "raise an exception" do
1023
+ assert_raised_with_message('invalid sensitivity s',AppSpecValidationException) do
1024
+ make_app_spec()
1025
+ end
1026
+ end
1027
+ end
1028
+
1029
+ context "With permission with context with negative sensitivity value" do
1030
+ setup do
1031
+ @app_spec_string = <<-END
1032
+ version: 0.0
1033
+ os: linux
1034
+ permissions:
1035
+ - object: 'test/'
1036
+ context:
1037
+ name: 'name'
1038
+ type: 'type'
1039
+ range: 's0-s-1'
1040
+ END
1041
+ end
1042
+
1043
+ should "raise an exception" do
1044
+ assert_raised_with_message('invalid sensitivity s-1',AppSpecValidationException) do
1045
+ make_app_spec()
1046
+ end
1047
+ end
1048
+ end
1049
+
1050
+ context "With permission with context with invalid sensitivity" do
1051
+ setup do
1052
+ @app_spec_string = <<-END
1053
+ version: 0.0
1054
+ os: linux
1055
+ permissions:
1056
+ - object: 'test/'
1057
+ context:
1058
+ name: 'name'
1059
+ type: 'type'
1060
+ range: 'sd3'
1061
+ END
1062
+ end
1063
+
1064
+ should "raise an exception" do
1065
+ assert_raised_with_message('invalid sensitivity sd3',AppSpecValidationException) do
1066
+ make_app_spec()
1067
+ end
1068
+ end
1069
+ end
1070
+
1071
+ context "With permission with context with invalid sensitivity 2" do
1072
+ setup do
1073
+ @app_spec_string = <<-END
1074
+ version: 0.0
1075
+ os: linux
1076
+ permissions:
1077
+ - object: 'test/'
1078
+ context:
1079
+ name: 'name'
1080
+ type: 'type'
1081
+ range: 'd3'
1082
+ END
1083
+ end
1084
+
1085
+ should "raise an exception" do
1086
+ assert_raised_with_message('invalid sensitivity d3',AppSpecValidationException) do
1087
+ make_app_spec()
1088
+ end
1089
+ end
1090
+ end
1091
+
1092
+ context "With permission with context with invalid category range" do
1093
+ setup do
1094
+ @app_spec_string = <<-END
1095
+ version: 0.0
1096
+ os: linux
1097
+ permissions:
1098
+ - object: 'test/'
1099
+ context:
1100
+ name: 'name'
1101
+ type: 'type'
1102
+ range: 's0:c2.c1'
1103
+ END
1104
+ end
1105
+
1106
+ should "raise an exception" do
1107
+ assert_raised_with_message('invalid category range c2.c1',AppSpecValidationException) do
1108
+ make_app_spec()
1109
+ end
1110
+ end
1111
+ end
1112
+
1113
+ context "With permission with context with missing category range part" do
1114
+ setup do
1115
+ @app_spec_string = <<-END
1116
+ version: 0.0
1117
+ os: linux
1118
+ permissions:
1119
+ - object: 'test/'
1120
+ context:
1121
+ name: 'name'
1122
+ type: 'type'
1123
+ range: 's0:c2.'
1124
+ END
1125
+ end
1126
+
1127
+ should "raise an exception" do
1128
+ assert_raised_with_message('invalid range part c2.',AppSpecValidationException) do
1129
+ make_app_spec()
1130
+ end
1131
+ end
1132
+ end
1133
+
1134
+ context "With valid category" do
1135
+ setup do
1136
+ @app_spec_string = <<-END
1137
+ version: 0.0
1138
+ os: linux
1139
+ permissions:
1140
+ - object: 'test/'
1141
+ context:
1142
+ type: 'type'
1143
+ range: 's0:c0.c1,c15,c7.c9'
1144
+ END
1145
+ end
1146
+
1147
+ should "generate correct fields" do
1148
+ app_spec = make_app_spec()
1149
+
1150
+ categories = app_spec.permissions[0].context.range.categories
1151
+ assert_equal 6, categories.length
1152
+ [(0..1).to_a, (7..9).to_a, 15].flatten!.each do |category|
1153
+ assert_equal true, categories.include?(category), "Unable to find expected category #{category}"
1154
+ end
1155
+ end
1156
+ end
1157
+
1158
+ context "With permission with context with missing category" do
1159
+ setup do
1160
+ @app_spec_string = <<-END
1161
+ version: 0.0
1162
+ os: linux
1163
+ permissions:
1164
+ - object: 'test/'
1165
+ context:
1166
+ name: 'name'
1167
+ type: 'type'
1168
+ range: 's0:'
1169
+ END
1170
+ end
1171
+
1172
+ should "raise an exception" do
1173
+ assert_raised_with_message('invalid range part s0:',AppSpecValidationException) do
1174
+ make_app_spec()
1175
+ end
1176
+ end
1177
+ end
1178
+
1179
+ context "With permission with context with missing category value" do
1180
+ setup do
1181
+ @app_spec_string = <<-END
1182
+ version: 0.0
1183
+ os: linux
1184
+ permissions:
1185
+ - object: 'test/'
1186
+ context:
1187
+ name: 'name'
1188
+ type: 'type'
1189
+ range: 's0:c'
1190
+ END
1191
+ end
1192
+
1193
+ should "raise an exception" do
1194
+ assert_raised_with_message('invalid category c',AppSpecValidationException) do
1195
+ make_app_spec()
1196
+ end
1197
+ end
1198
+ end
1199
+
1200
+ context "With permission with context with negative category value" do
1201
+ setup do
1202
+ @app_spec_string = <<-END
1203
+ version: 0.0
1204
+ os: linux
1205
+ permissions:
1206
+ - object: 'test/'
1207
+ context:
1208
+ name: 'name'
1209
+ type: 'type'
1210
+ range: 's0:c-1'
1211
+ END
1212
+ end
1213
+
1214
+ should "raise an exception" do
1215
+ assert_raised_with_message('invalid category c-1',AppSpecValidationException) do
1216
+ make_app_spec()
1217
+ end
1218
+ end
1219
+ end
1220
+
1221
+ context "With permission with context with category value above 1023" do
1222
+ setup do
1223
+ @app_spec_string = <<-END
1224
+ version: 0.0
1225
+ os: linux
1226
+ permissions:
1227
+ - object: 'test/'
1228
+ context:
1229
+ name: 'name'
1230
+ type: 'type'
1231
+ range: 's0:c1024'
1232
+ END
1233
+ end
1234
+
1235
+ should "raise an exception" do
1236
+ assert_raised_with_message('invalid category c1024',AppSpecValidationException) do
1237
+ make_app_spec()
1238
+ end
1239
+ end
1240
+ end
1241
+
1242
+ context "With permission with context without type" do
1243
+ setup do
1244
+ @app_spec_string = <<-END
1245
+ version: 0.0
1246
+ os: linux
1247
+ permissions:
1248
+ - object: 'test/'
1249
+ context:
1250
+ name: 'name'
1251
+ END
1252
+ end
1253
+
1254
+ should "raise an exception" do
1255
+ assert_raised_with_message("invalid context type required {\"name\"=>\"name\"}",AppSpecValidationException) do
1256
+ make_app_spec()
1257
+ end
1258
+ end
1259
+ end
1260
+
1261
+ context "With permission with context with invalid category" do
1262
+ setup do
1263
+ @app_spec_string = <<-END
1264
+ version: 0.0
1265
+ os: linux
1266
+ permissions:
1267
+ - object: 'test/'
1268
+ context:
1269
+ name: 'name'
1270
+ type: 'type'
1271
+ range: 's0:cd3'
1272
+ END
1273
+ end
1274
+
1275
+ should "raise an exception" do
1276
+ assert_raised_with_message('invalid category cd3',AppSpecValidationException) do
1277
+ make_app_spec()
1278
+ end
1279
+ end
1280
+ end
1281
+
1282
+ context "With permission with context with invalid category 2" do
1283
+ setup do
1284
+ @app_spec_string = <<-END
1285
+ version: 0.0
1286
+ os: linux
1287
+ permissions:
1288
+ - object: 'test/'
1289
+ context:
1290
+ name: 'name'
1291
+ type: 'type'
1292
+ range: 's0:d3'
1293
+ END
1294
+ end
1295
+
1296
+ should "raise an exception" do
1297
+ assert_raised_with_message('invalid category d3',AppSpecValidationException) do
1298
+ make_app_spec()
1299
+ end
1300
+ end
1301
+ end
1302
+
1303
+ context "With permission with context with duplicate categories" do
1304
+ setup do
1305
+ @app_spec_string = <<-END
1306
+ version: 0.0
1307
+ os: linux
1308
+ permissions:
1309
+ - object: 'test/'
1310
+ context:
1311
+ name: 'name'
1312
+ type: 'type'
1313
+ range: 's0:c0.c2,c1'
1314
+ END
1315
+ end
1316
+
1317
+ should "raise an exception" do
1318
+ assert_raised_with_message('duplicate categories',AppSpecValidationException) do
1319
+ make_app_spec()
1320
+ end
1321
+ end
1322
+ end
1323
+
1324
+ context "With permission with mode with 5 digits" do
1325
+ setup do
1326
+ @app_spec_string = <<-END
1327
+ version: 0.0
1328
+ os: linux
1329
+ permissions:
1330
+ - object: 'test/'
1331
+ mode: 12345
1332
+ END
1333
+ end
1334
+
1335
+ should "raise an exception" do
1336
+ assert_raised_with_message('permission mode length incorrect: 12345',AppSpecValidationException) do
1337
+ make_app_spec()
1338
+ end
1339
+ end
1340
+ end
1341
+
1342
+ context "With permission with mode with 2 digits" do
1343
+ setup do
1344
+ @app_spec_string = <<-END
1345
+ version: 0.0
1346
+ os: linux
1347
+ permissions:
1348
+ - object: 'test/'
1349
+ mode: 12
1350
+ END
1351
+ end
1352
+
1353
+ should "fill in needed zeros" do
1354
+ app_spec = make_app_spec()
1355
+
1356
+ mode = app_spec.permissions[0].mode
1357
+ assert_equal '012', mode.mode
1358
+ assert_equal '2', mode.world
1359
+ assert_equal false, mode.world_readable
1360
+ assert_equal true, mode.world_writable
1361
+ assert_equal false, mode.world_executable
1362
+ assert_equal '1', mode.group
1363
+ assert_equal false, mode.group_readable
1364
+ assert_equal false, mode.group_writable
1365
+ assert_equal true, mode.group_executable
1366
+ assert_equal '0', mode.owner
1367
+ assert_equal false, mode.owner_readable
1368
+ assert_equal false, mode.owner_writable
1369
+ assert_equal false, mode.owner_executable
1370
+ assert_equal false, mode.setuid
1371
+ assert_equal false, mode.setgid
1372
+ assert_equal false, mode.sticky
1373
+ end
1374
+ end
1375
+
1376
+ context "With permission with mode with invalid char" do
1377
+ setup do
1378
+ @app_spec_string = <<-END
1379
+ version: 0.0
1380
+ os: linux
1381
+ permissions:
1382
+ - object: 'test/'
1383
+ mode: 12a
1384
+ END
1385
+ end
1386
+
1387
+ should "raise an exception" do
1388
+ assert_raised_with_message('invalid character a in permission mode 12a',AppSpecValidationException) do
1389
+ make_app_spec()
1390
+ end
1391
+ end
1392
+ end
1393
+
1394
+ context "With permission with valid modes" do
1395
+ setup do
1396
+ @app_spec_string = <<-END
1397
+ version: 0.0
1398
+ os: linux
1399
+ permissions:
1400
+ - object: 'test/'
1401
+ mode: 7777
1402
+ - object: 'test1/'
1403
+ mode: 0000
1404
+ - object: 'test2/'
1405
+ mode: 777
1406
+ END
1407
+ end
1408
+
1409
+ should "generate correct fields" do
1410
+ app_spec = make_app_spec()
1411
+
1412
+ mode = app_spec.permissions[0].mode
1413
+ assert_equal '7777', mode.mode
1414
+ assert_equal '7', mode.world
1415
+ assert_equal true, mode.world_readable
1416
+ assert_equal true, mode.world_writable
1417
+ assert_equal true, mode.world_executable
1418
+ assert_equal '7', mode.group
1419
+ assert_equal true, mode.group_readable
1420
+ assert_equal true, mode.group_writable
1421
+ assert_equal true, mode.group_executable
1422
+ assert_equal '7', mode.owner
1423
+ assert_equal true, mode.owner_readable
1424
+ assert_equal true, mode.owner_writable
1425
+ assert_equal true, mode.owner_executable
1426
+ assert_equal true, mode.setuid
1427
+ assert_equal true, mode.setgid
1428
+ assert_equal true, mode.sticky
1429
+
1430
+ mode = app_spec.permissions[1].mode
1431
+ assert_equal '000', mode.mode
1432
+ assert_equal '0', mode.world
1433
+ assert_equal false, mode.world_readable
1434
+ assert_equal false, mode.world_writable
1435
+ assert_equal false, mode.world_executable
1436
+ assert_equal '0', mode.group
1437
+ assert_equal false, mode.group_readable
1438
+ assert_equal false, mode.group_writable
1439
+ assert_equal false, mode.group_executable
1440
+ assert_equal '0', mode.owner
1441
+ assert_equal false, mode.owner_readable
1442
+ assert_equal false, mode.owner_writable
1443
+ assert_equal false, mode.owner_executable
1444
+ assert_equal false, mode.setuid
1445
+ assert_equal false, mode.setgid
1446
+ assert_equal false, mode.sticky
1447
+
1448
+ mode = app_spec.permissions[2].mode
1449
+ assert_equal '777', mode.mode
1450
+ assert_equal '7', mode.world
1451
+ assert_equal true, mode.world_readable
1452
+ assert_equal true, mode.world_writable
1453
+ assert_equal true, mode.world_executable
1454
+ assert_equal '7', mode.group
1455
+ assert_equal true, mode.group_readable
1456
+ assert_equal true, mode.group_writable
1457
+ assert_equal true, mode.group_executable
1458
+ assert_equal '7', mode.owner
1459
+ assert_equal true, mode.owner_readable
1460
+ assert_equal true, mode.owner_writable
1461
+ assert_equal true, mode.owner_executable
1462
+ assert_equal false, mode.setuid
1463
+ assert_equal false, mode.setgid
1464
+ assert_equal false, mode.sticky
1465
+ end
1466
+ end
1467
+
1468
+ context "When acl is present" do
1469
+ setup do
1470
+ @app_spec_string = <<-END
1471
+ version: 0.0
1472
+ os: linux
1473
+ permissions:
1474
+ - object: 'test/'
1475
+ acls: []
1476
+ END
1477
+ app_spec = make_app_spec()
1478
+ @acl = app_spec.permissions[0].acls
1479
+ end
1480
+
1481
+ should "be able to add and clear additional aces" do
1482
+ @acl.add_ace("d:henry:4")
1483
+ @acl.clear_additional
1484
+ end
1485
+
1486
+ should "be able to get an empty acl" do
1487
+ assert_equal [], @acl.get_acl
1488
+ end
1489
+
1490
+ should "be able to get added aces in the acl" do
1491
+ @acl.add_ace("d:henry:4")
1492
+ assert_equal 1, @acl.get_acl.length
1493
+ @acl.clear_additional
1494
+ end
1495
+
1496
+ should "not be able to get a default ace" do
1497
+ assert_equal nil, @acl.get_default_ace
1498
+ end
1499
+
1500
+ should "be able to get an added default ace" do
1501
+ @acl.add_ace("d:henry:4")
1502
+ assert_not_nil @acl.get_default_ace
1503
+ @acl.clear_additional
1504
+ end
1505
+
1506
+ should "not be able to get a default group ace" do
1507
+ assert_equal nil, @acl.get_default_group_ace
1508
+ end
1509
+
1510
+ should "be able to get an added default group ace" do
1511
+ @acl.add_ace("d:g::4")
1512
+ assert_not_nil @acl.get_default_group_ace
1513
+ @acl.clear_additional
1514
+ end
1515
+
1516
+ should "not have a base named ace" do
1517
+ assert !@acl.has_base_named?
1518
+ end
1519
+
1520
+ should "have a base named ace when added" do
1521
+ @acl.add_ace("bob:4")
1522
+ assert @acl.has_base_named?
1523
+ @acl.clear_additional
1524
+ end
1525
+
1526
+ should "not have a base mask ace" do
1527
+ assert !@acl.has_base_mask?
1528
+ end
1529
+
1530
+ should "have a base mask ace when added" do
1531
+ @acl.add_ace("m:4")
1532
+ assert @acl.has_base_mask?
1533
+ @acl.clear_additional
1534
+ end
1535
+
1536
+ should "not have a default ace" do
1537
+ assert !@acl.has_default?
1538
+ end
1539
+
1540
+ should "have a default ace when added" do
1541
+ @acl.add_ace("d:bob:4")
1542
+ assert @acl.has_default?
1543
+ @acl.clear_additional
1544
+ end
1545
+
1546
+ should "not have a default user ace" do
1547
+ assert !@acl.has_default_user?
1548
+ end
1549
+
1550
+ should "have a default user ace when added" do
1551
+ @acl.add_ace("d::4")
1552
+ assert @acl.has_default_user?
1553
+ @acl.clear_additional
1554
+ end
1555
+
1556
+ should "not have a default group ace" do
1557
+ assert !@acl.has_default_group?
1558
+ end
1559
+
1560
+ should "have a default group ace when added" do
1561
+ @acl.add_ace("d:g::4")
1562
+ assert @acl.has_default_group?
1563
+ @acl.clear_additional
1564
+ end
1565
+
1566
+ should "not have a default other ace" do
1567
+ assert !@acl.has_default_other?
1568
+ end
1569
+
1570
+ should "have a default other ace when added" do
1571
+ @acl.add_ace("d:o:4")
1572
+ assert @acl.has_default_other?
1573
+ @acl.clear_additional
1574
+ end
1575
+
1576
+ should "not have a default named ace" do
1577
+ assert !@acl.has_default_named?
1578
+ end
1579
+
1580
+ should "have a default named ace when added" do
1581
+ @acl.add_ace("d:bob:4")
1582
+ assert @acl.has_default_named?
1583
+ @acl.clear_additional
1584
+ end
1585
+
1586
+ should "not have a default mask ace" do
1587
+ assert !@acl.has_default_mask?
1588
+ end
1589
+
1590
+ should "have a default mask ace when added" do
1591
+ @acl.add_ace("d:m:4")
1592
+ assert @acl.has_default_mask?
1593
+ @acl.clear_additional
1594
+ end
1595
+ end
1596
+
1597
+ context "When acl is present with existing aces" do
1598
+ setup do
1599
+ @app_spec_string = <<-END
1600
+ version: 0.0
1601
+ os: linux
1602
+ permissions:
1603
+ - object: 'test/'
1604
+ acls:
1605
+ - 'bob:6'
1606
+ - 'm:6'
1607
+ - 'd:bob:0'
1608
+ - 'd::3'
1609
+ - 'd:g::4'
1610
+ - 'd:o:3'
1611
+ - 'd:m:7'
1612
+ END
1613
+ app_spec = make_app_spec()
1614
+ @acl = app_spec.permissions[0].acls
1615
+ end
1616
+
1617
+ should "be able to get the acl" do
1618
+ assert_equal 7, @acl.get_acl.length
1619
+ end
1620
+
1621
+ should "be able to get default ace" do
1622
+ assert_not_nil @acl.get_default_ace
1623
+ end
1624
+
1625
+ should "be able to get default group ace" do
1626
+ assert_not_nil @acl.get_default_group_ace
1627
+ end
1628
+
1629
+ should "have base named ace" do
1630
+ assert_not_nil @acl.has_base_named?
1631
+ end
1632
+
1633
+ should "have base mask ace" do
1634
+ assert_not_nil @acl.has_base_mask?
1635
+ end
1636
+
1637
+ should "have default ace" do
1638
+ assert_not_nil @acl.has_default?
1639
+ end
1640
+
1641
+ should "have default user ace" do
1642
+ assert_not_nil @acl.has_default_user?
1643
+ end
1644
+
1645
+ should "have default group ace" do
1646
+ assert_not_nil @acl.has_default_group?
1647
+ end
1648
+
1649
+ should "have default other ace" do
1650
+ assert_not_nil @acl.has_default_other?
1651
+ end
1652
+
1653
+ should "have default named ace" do
1654
+ assert_not_nil @acl.has_default_named?
1655
+ end
1656
+
1657
+ should "have default mask ace" do
1658
+ assert_not_nil @acl.has_default_mask?
1659
+ end
1660
+ end
1661
+ end
1662
+
1663
+ context "With a ContextInfo" do
1664
+ should "with a simple range" do
1665
+ info = InstanceAgent::CodeDeployPlugin::ApplicationSpecification::ContextInfo.new({"type"=>"type","range"=>"s3"})
1666
+ assert_equal "s3", info.range.get_range
1667
+ end
1668
+
1669
+ should "with a complex range" do
1670
+ info = InstanceAgent::CodeDeployPlugin::ApplicationSpecification::ContextInfo.new({"type"=>"type","range"=>"s3-s7:c5,c8.c10,c17"})
1671
+ assert_equal "s3-s7:c5,c8.c10,c17", info.range.get_range
1672
+ end
1673
+ end
1674
+
1675
+ context "With a ACEInfo" do
1676
+ should "not raise if made internal with base entries" do
1677
+ assert_nothing_raised do
1678
+ InstanceAgent::CodeDeployPlugin::ApplicationSpecification::AceInfo.new("u::7", true)
1679
+ InstanceAgent::CodeDeployPlugin::ApplicationSpecification::AceInfo.new("g::7", true)
1680
+ InstanceAgent::CodeDeployPlugin::ApplicationSpecification::AceInfo.new("o::7", true)
1681
+ end
1682
+ end
1683
+
1684
+ should "raise when not internal and has base user" do
1685
+ assert_raised_with_message("use mode to set the base acl entry u::7",AppSpecValidationException) do
1686
+ InstanceAgent::CodeDeployPlugin::ApplicationSpecification::AceInfo.new("u::7")
1687
+ end
1688
+ end
1689
+
1690
+ should "raise when not internal and has base group" do
1691
+ assert_raised_with_message("use mode to set the base acl entry g::7",AppSpecValidationException) do
1692
+ InstanceAgent::CodeDeployPlugin::ApplicationSpecification::AceInfo.new("g::7")
1693
+ end
1694
+ end
1695
+
1696
+ should "raise when not internal and has base other" do
1697
+ assert_raised_with_message("use mode to set the base acl entry o:7",AppSpecValidationException) do
1698
+ InstanceAgent::CodeDeployPlugin::ApplicationSpecification::AceInfo.new("o:7")
1699
+ end
1700
+ end
1701
+
1702
+ should "be able to get the ace" do
1703
+ assert_equal("default:user:bob:rwx", InstanceAgent::CodeDeployPlugin::ApplicationSpecification::AceInfo.new("d:u:bob:7").get_ace)
1704
+ assert_equal("mask::---", InstanceAgent::CodeDeployPlugin::ApplicationSpecification::AceInfo.new("m:0").get_ace)
1705
+ end
1706
+ end
1707
+ end
1708
+ end
1709
+ end
1710
+ end