aws-codedeploy-agent 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (84) hide show
  1. data/.gitignore +2 -0
  2. data/CHANGES.md +3 -0
  3. data/Gemfile +13 -0
  4. data/LICENSE +177 -0
  5. data/NOTICE +2 -0
  6. data/README.md +16 -0
  7. data/aws-codedeploy-agent.gemspec +39 -0
  8. data/bin/codedeploy-agent +78 -0
  9. data/bin/codedeploy-install +15 -0
  10. data/bin/codedeploy-uninstall +13 -0
  11. data/certs/host-agent-deployment-signer-ca-chain.pem +76 -0
  12. data/conf/codedeployagent.yml +9 -0
  13. data/init.d/codedeploy-agent +61 -0
  14. data/lib/core_ext.rb +71 -0
  15. data/lib/instance_agent.rb +35 -0
  16. data/lib/instance_agent/agent/base.rb +34 -0
  17. data/lib/instance_agent/codedeploy_plugin/application_specification/ace_info.rb +133 -0
  18. data/lib/instance_agent/codedeploy_plugin/application_specification/acl_info.rb +163 -0
  19. data/lib/instance_agent/codedeploy_plugin/application_specification/application_specification.rb +142 -0
  20. data/lib/instance_agent/codedeploy_plugin/application_specification/context_info.rb +23 -0
  21. data/lib/instance_agent/codedeploy_plugin/application_specification/file_info.rb +23 -0
  22. data/lib/instance_agent/codedeploy_plugin/application_specification/linux_permission_info.rb +121 -0
  23. data/lib/instance_agent/codedeploy_plugin/application_specification/mode_info.rb +66 -0
  24. data/lib/instance_agent/codedeploy_plugin/application_specification/range_info.rb +134 -0
  25. data/lib/instance_agent/codedeploy_plugin/application_specification/script_info.rb +27 -0
  26. data/lib/instance_agent/codedeploy_plugin/codedeploy_control.rb +72 -0
  27. data/lib/instance_agent/codedeploy_plugin/command_executor.rb +357 -0
  28. data/lib/instance_agent/codedeploy_plugin/command_poller.rb +146 -0
  29. data/lib/instance_agent/codedeploy_plugin/deployment_specification.rb +150 -0
  30. data/lib/instance_agent/codedeploy_plugin/hook_executor.rb +206 -0
  31. data/lib/instance_agent/codedeploy_plugin/install_instruction.rb +374 -0
  32. data/lib/instance_agent/codedeploy_plugin/installer.rb +143 -0
  33. data/lib/instance_agent/codedeploy_plugin/request_helper.rb +28 -0
  34. data/lib/instance_agent/config.rb +43 -0
  35. data/lib/instance_agent/log.rb +3 -0
  36. data/lib/instance_agent/platform.rb +17 -0
  37. data/lib/instance_agent/platform/linux_util.rb +57 -0
  38. data/lib/instance_agent/runner/child.rb +57 -0
  39. data/lib/instance_agent/runner/master.rb +103 -0
  40. data/lib/instance_metadata.rb +47 -0
  41. data/test/certificate_helper.rb +120 -0
  42. data/test/helpers/instance_agent_helper.rb +25 -0
  43. data/test/instance_agent/agent/base_test.rb +49 -0
  44. data/test/instance_agent/codedeploy_plugin/application_specification_test.rb +1710 -0
  45. data/test/instance_agent/codedeploy_plugin/codedeploy_control_test.rb +51 -0
  46. data/test/instance_agent/codedeploy_plugin/command_executor_test.rb +513 -0
  47. data/test/instance_agent/codedeploy_plugin/command_poller_test.rb +459 -0
  48. data/test/instance_agent/codedeploy_plugin/deployment_specification_test.rb +335 -0
  49. data/test/instance_agent/codedeploy_plugin/hook_executor_test.rb +250 -0
  50. data/test/instance_agent/codedeploy_plugin/install_instruction_test.rb +566 -0
  51. data/test/instance_agent/codedeploy_plugin/installer_test.rb +519 -0
  52. data/test/instance_agent/codedeploy_plugin/request_helper_test.rb +37 -0
  53. data/test/instance_agent/config_test.rb +64 -0
  54. data/test/instance_agent/runner/child_test.rb +87 -0
  55. data/test/instance_metadata_test.rb +97 -0
  56. data/test/test_helper.rb +16 -0
  57. data/vendor/gems/.codedeploy-commands-1.0.0.created.rid +1 -0
  58. data/vendor/gems/codedeploy-commands/apis/CodeDeployCommand.api.json +372 -0
  59. data/vendor/gems/codedeploy-commands/codedeploy-commands-1.0.0.gemspec +28 -0
  60. data/vendor/gems/codedeploy-commands/lib/aws/codedeploy_commands.rb +18 -0
  61. data/vendor/gems/codedeploy-commands/lib/aws/plugins/certificate_authority.rb +12 -0
  62. data/vendor/gems/codedeploy-commands/lib/aws/plugins/deploy_control_endpoint.rb +22 -0
  63. data/vendor/gems/process_manager/README.md +1 -0
  64. data/vendor/gems/process_manager/lib/blank.rb +153 -0
  65. data/vendor/gems/process_manager/lib/core_ext.rb +73 -0
  66. data/vendor/gems/process_manager/lib/process_manager.rb +49 -0
  67. data/vendor/gems/process_manager/lib/process_manager/child.rb +119 -0
  68. data/vendor/gems/process_manager/lib/process_manager/config.rb +112 -0
  69. data/vendor/gems/process_manager/lib/process_manager/log.rb +107 -0
  70. data/vendor/gems/process_manager/lib/process_manager/master.rb +322 -0
  71. data/vendor/gems/process_manager/process_manager-0.0.13.gemspec +42 -0
  72. data/vendor/specifications/aws-sdk-core-2.0.5.gemspec +39 -0
  73. data/vendor/specifications/builder-3.2.2.gemspec +29 -0
  74. data/vendor/specifications/codedeploy-commands-1.0.0.gemspec +28 -0
  75. data/vendor/specifications/gli-2.5.6.gemspec +51 -0
  76. data/vendor/specifications/jamespath-0.5.1.gemspec +35 -0
  77. data/vendor/specifications/little-plugger-1.1.3.gemspec +32 -0
  78. data/vendor/specifications/logging-1.8.1.gemspec +44 -0
  79. data/vendor/specifications/multi_json-1.7.7.gemspec +30 -0
  80. data/vendor/specifications/multi_json-1.8.4.gemspec +30 -0
  81. data/vendor/specifications/multi_xml-0.5.5.gemspec +30 -0
  82. data/vendor/specifications/process_manager-0.0.13.gemspec +42 -0
  83. data/vendor/specifications/simple_pid-0.2.1.gemspec +28 -0
  84. metadata +377 -0
data/test/helpers/instance_agent_helper.rb ADDED
@@ -0,0 +1,25 @@
1
+ # require the code
2
+ require 'instance_agent'
3
+
4
+ class InstanceAgentTestCase < Test::Unit::TestCase
5
+ include ActiveSupport::Testing::Assertions
6
+
7
+ def setup
8
+ @dir = '/tmp'
9
+ ProcessManager::Config.init
10
+ InstanceAgent::Log.init(File.join(@dir, 'codedeploy-agent.log'))
11
+ InstanceAgent::Config.init
12
+ InstanceAgent::Config.config[:log_dir] = @dir
13
+ InstanceAgent::Config.config[:pid_dir] = @dir
14
+ InstanceAgent::Config.config[:instance_service_region] = 'a-region'
15
+ InstanceAgent::Config.config[:instance_service_endpoint] = 'instance-service-endpoint'
16
+ InstanceAgent::Config.config[:instance_service_port] = 123
17
+ InstanceAgent::Config.config[:wait_after_error] = 0
18
+ InstanceAgent::Platform.util = InstanceAgent::LinuxUtil
19
+ end
20
+
21
+ def assert_raised_with_message(message, error_type = RuntimeError)
22
+ error = assert_raise(error_type) { yield }
23
+ assert_equal(message, error.message)
24
+ end
25
+ end
data/test/instance_agent/agent/base_test.rb ADDED
@@ -0,0 +1,49 @@
1
+ # encode: UTF-8
2
+ require 'test_helper'
3
+
4
+ class InstanceAgentBaseTest < InstanceAgentTestCase
5
+ context 'The instance agent base' do
6
+ setup do
7
+ @base = InstanceAgent::Agent::Base.new
8
+ @base.stubs(:sleep).returns true
9
+ end
10
+
11
+ context 'have a set of public methods' do
12
+ should 'have a class method called runner' do
13
+ assert InstanceAgent::Agent::Base.respond_to?('runner')
14
+ end
15
+ should 'have a description method' do
16
+ assert @base.respond_to?('description')
17
+ end
18
+ should 'have a log method' do
19
+ assert @base.respond_to?('log')
20
+ end
21
+ should 'have a run method' do
22
+ assert @base.respond_to?('run')
23
+ end
24
+ end
25
+
26
+ context 'rescues exceptions when running perform' do
27
+ should 'rescue Aws::Errors::MissingCredentialsError' do
28
+ @base.stubs(:perform).raises Aws::Errors::MissingCredentialsError
29
+ @base.expects(:sleep).with 0
30
+ @base.expects(:log).with(:error, "Missing credentials - please check if this instance was started with an IAM instance profile")
31
+ assert_nothing_raised(Aws::Errors::MissingCredentialsError) { @base.run }
32
+ end
33
+
34
+ should 'rescue Aws::Errors::ServiceError' do
35
+ @base.stubs(:perform).raises Aws::Errors::ServiceError.new(nil, "http error")
36
+ @base.expects(:sleep).with(0)
37
+ @base.expects(:log).with { |v1, v2| v1.eql?(:error) && v2 =~ /Cannot reach InstanceService/ }
38
+ assert_nothing_raised(Aws::Errors::ServiceError) { @base.run }
39
+ end
40
+
41
+ should 'rescue all other types of exception' do
42
+ @base.stubs(:perform).raises Exception
43
+ @base.expects(:sleep).with(0)
44
+ @base.expects(:log).with { |v1, v2| v1.eql?(:error) && v2 =~ /Error during perform/ }
45
+ assert_nothing_raised(Exception) { @base.run }
46
+ end
47
+ end
48
+ end
49
+ end
data/test/instance_agent/codedeploy_plugin/application_specification_test.rb ADDED
@@ -0,0 +1,1710 @@
1
+ require 'test_helper'
2
+ require 'ostruct'
3
+ require 'yaml'
4
+
5
+ module InstanceAgent
6
+ module CodeDeployPlugin
7
+ module ApplicationSpecification
8
+ class ApplicationSpecificationTest < InstanceAgentTestCase
9
+ context 'The Application Specification' do
10
+ setup do
11
+ @test_revision_id = 'bar'
12
+ end
13
+
14
+ private
15
+ def make_app_spec
16
+ ApplicationSpecification.new(YAML.load(@app_spec_string), {:revision_id => @test_revision_id})
17
+ end
18
+
19
+ context "With missing version" do
20
+ setup do
21
+ @app_spec_string = <<-END
22
+ os: linux
23
+ END
24
+ end
25
+
26
+ should "raise an exception" do
27
+ assert_raised_with_message('unsupported version: ',AppSpecValidationException) do
28
+ make_app_spec()
29
+ end
30
+ end
31
+ end
32
+
33
+ context "With invalid version" do
34
+ setup do
35
+ @app_spec_string = <<-END
36
+ version: invalid
37
+ os: linux
38
+ END
39
+ end
40
+
41
+ should "raise an exception" do
42
+ assert_raised_with_message('unsupported version: invalid',AppSpecValidationException) do
43
+ make_app_spec()
44
+ end
45
+ end
46
+ end
47
+
48
+ context "With missing os" do
49
+ setup do
50
+ @app_spec_string = <<-END
51
+ version: 0.0
52
+ END
53
+ end
54
+
55
+ should "raise an exception" do
56
+ assert_raised_with_message('unsupported os: ',AppSpecValidationException) do
57
+ make_app_spec()
58
+ end
59
+ end
60
+ end
61
+
62
+ context "With invalid os" do
63
+ setup do
64
+ @app_spec_string = <<-END
65
+ version: 0.0
66
+ os: unsupported
67
+ END
68
+ end
69
+
70
+ should "raise an exception" do
71
+ assert_raised_with_message('unsupported os: unsupported',AppSpecValidationException) do
72
+ make_app_spec()
73
+ end
74
+ end
75
+ end
76
+
77
+ context "With no hooks or files" do
78
+ setup do
79
+ @app_spec_string = "version: 0.0\nos: linux\n"
80
+ end
81
+ should "Return an empty hooks hash" do
82
+ app_spec = make_app_spec
83
+ assert_equal({}, app_spec.hooks)
84
+ end
85
+ should "Return an empty files array" do
86
+ app_spec = make_app_spec
87
+ assert_equal([], app_spec.files)
88
+ end
89
+ end
90
+
91
+ context "With a single complete hook" do
92
+ setup do
93
+ #A single test script with all parameters
94
+ @app_spec_string = <<-END
95
+ version: 0.0
96
+ os: linux
97
+ hooks:
98
+ test_hook:
99
+ - location: test_location_1
100
+ runas: foo
101
+ timeout: 30
102
+ END
103
+ end
104
+ should "Return a collection containing test script 1" do
105
+ app_spec = make_app_spec
106
+ assert_not_equal nil, app_spec.hooks
107
+ assert_equal ['test_location_1'] , app_spec.hooks["test_hook"].map(&:location)
108
+ assert_equal ['foo'] , app_spec.hooks["test_hook"].map(&:runas)
109
+ assert_equal [30] , app_spec.hooks["test_hook"].map(&:timeout)
110
+ end
111
+ end
112
+
113
+ context "With two complete hooks" do
114
+ setup do
115
+ #A pair of test scripts with all parameters
116
+ @app_spec_string = <<-END
117
+ version: 0.0
118
+ os: linux
119
+ hooks:
120
+ test_hook:
121
+ - location: test_location_1
122
+ runas: foo
123
+ timeout: 30
124
+ - location: test_location_2
125
+ runas: foo2
126
+ timeout: 30
127
+ END
128
+ end
129
+
130
+ should "Return a collection containing test script 1 and test script 2" do
131
+ app_spec = make_app_spec
132
+ assert_not_equal nil, app_spec.hooks
133
+ assert_equal ['test_location_1', 'test_location_2'] , app_spec.hooks["test_hook"].map(&:location)
134
+ end
135
+ end
136
+
137
+ context "With partial hooks (just a runas)" do
138
+ setup do
139
+ #A test script with just a location
140
+ #A test script with location and runas
141
+ @app_spec_string = <<-END
142
+ version: 0.0
143
+ os: linux
144
+ hooks:
145
+ test_hook:
146
+ - location: test_location
147
+ - location: test_location_lr
148
+ runas: foo3
149
+ END
150
+ end
151
+
152
+ should "Return a collection containing the two scripts in order" do
153
+ app_spec = make_app_spec()
154
+ assert_not_equal nil, app_spec.hooks
155
+ assert_equal [nil, 'foo3'] , app_spec.hooks["test_hook"].map(&:runas)
156
+ end
157
+ end
158
+
159
+ context "With partial hooks (just a timeout)" do
160
+ setup do
161
+ #A test script with just a location
162
+ #A test script with location and timeout
163
+ @app_spec_string = <<-END
164
+ version: 0.0
165
+ os: linux
166
+ hooks:
167
+ test_hook:
168
+ - location: test_location
169
+ - location: test_location_lt
170
+ timeout: 30
171
+ END
172
+ end
173
+
174
+ should "Return a collection containing the two scripts in order" do
175
+ app_spec = make_app_spec()
176
+ assert_not_equal nil, app_spec.hooks
177
+ assert_equal [3600, 30] , app_spec.hooks["test_hook"].map(&:timeout)
178
+ end
179
+ end
180
+
181
+ context "With missing location data" do
182
+ setup do
183
+ #A test script without a location
184
+ @app_spec_string = <<-END
185
+ version: 0.0
186
+ os: linux
187
+ hooks:
188
+ test_hook:
189
+ - timeout: 30
190
+ END
191
+ end
192
+
193
+ should "raise an exception" do
194
+ assert_raised_with_message('script provided without a location value',AppSpecValidationException) do
195
+ make_app_spec()
196
+ end
197
+ end
198
+ end
199
+
200
+ context "With non numerical timeout data" do
201
+ setup do
202
+ #A test script with bad timeout data
203
+ @app_spec_string = <<-END
204
+ version: 0.0
205
+ os: linux
206
+ hooks:
207
+ test_hook:
208
+ - location: test_location
209
+ timeout: foo
210
+ END
211
+ end
212
+
213
+ should "raise an exception" do
214
+ assert_raised_with_message('Timeout needs to be an integer greater than 0',AppSpecValidationException) do
215
+ make_app_spec()
216
+ end
217
+ end
218
+ end
219
+
220
+ context "App spec has a file mapping" do
221
+ context "file map contains a single file" do
222
+ setup do
223
+ @app_spec_string = <<-END
224
+ version: 0.0
225
+ os: linux
226
+ files:
227
+ - source: test_source
228
+ destination: test_destination
229
+ END
230
+ end
231
+
232
+ should "return a hash containing the file mapping objects" do
233
+ app_spec = make_app_spec
234
+ assert_not_equal nil, app_spec.files
235
+ assert_equal ['test_source'] , app_spec.files.map(&:source)
236
+ assert_equal ['test_destination'] , app_spec.files.map(&:destination)
237
+ end
238
+ end
239
+
240
+ context "file map contains multiple files" do
241
+ setup do
242
+ @app_spec_string = <<-END
243
+ version: 0.0
244
+ os: linux
245
+ files:
246
+ - source: test_source
247
+ destination: test_destination
248
+ - source: test_source_2
249
+ destination: test_destination_2
250
+ END
251
+ end
252
+
253
+ should "return a hash containing the file mapping objects" do
254
+ app_spec = make_app_spec
255
+ assert_not_equal nil, app_spec.files
256
+ assert_equal ['test_source', 'test_source_2'] , app_spec.files.map(&:source)
257
+ assert_equal ['test_destination','test_destination_2'] , app_spec.files.map(&:destination)
258
+ end
259
+ end
260
+
261
+ context "file map is missing a destination" do
262
+ setup do
263
+ @app_spec_string = <<-END
264
+ version: 0.0
265
+ os: linux
266
+ files:
267
+ - source: test_source
268
+ END
269
+ end
270
+
271
+ should "raise and AppSpecValidationException" do
272
+ assert_raised_with_message('File needs to have a destination',AppSpecValidationException) do
273
+ make_app_spec()
274
+ end
275
+ end
276
+ end
277
+
278
+ context "file map is missing a source" do
279
+ setup do
280
+ @app_spec_string = <<-END
281
+ version: 0.0
282
+ os: linux
283
+ files:
284
+ - destination: test_destination
285
+ END
286
+ end
287
+
288
+ should "raise and AppSpecValidationException" do
289
+ assert_raised_with_message('File needs to have a source',AppSpecValidationException) do
290
+ make_app_spec()
291
+ end
292
+ end
293
+ end
294
+ end
295
+
296
+ context "With permission without object set" do
297
+ setup do
298
+ @app_spec_string = <<-END
299
+ version: 0.0
300
+ os: linux
301
+ permissions:
302
+ - pattern: test
303
+ END
304
+ end
305
+
306
+ should "raise an exception" do
307
+ assert_raised_with_message('permission provided without a object value',AppSpecValidationException) do
308
+ make_app_spec()
309
+ end
310
+ end
311
+ end
312
+
313
+ context "With permission pattern of **" do
314
+ setup do
315
+ @app_spec_string = <<-END
316
+ version: 0.0
317
+ os: linux
318
+ permissions:
319
+ - object: '/'
320
+ pattern: '**'
321
+ END
322
+ end
323
+
324
+ should "match all objects" do
325
+ app_spec = make_app_spec()
326
+ assert_equal '**', app_spec.permissions[0].pattern
327
+ end
328
+ end
329
+
330
+ context "With multiple permissions" do
331
+ setup do
332
+ @app_spec_string = <<-END
333
+ version: 0.0
334
+ os: linux
335
+ permissions:
336
+ - object: '/'
337
+ - object: test
338
+ - object: more
339
+ END
340
+ end
341
+
342
+ should "match all objects" do
343
+ app_spec = make_app_spec()
344
+ assert_equal 3, app_spec.permissions.length
345
+ assert_equal '/', app_spec.permissions[0].object
346
+ assert_equal "test", app_spec.permissions[1].object
347
+ assert_equal "more", app_spec.permissions[2].object
348
+ end
349
+ end
350
+
351
+ context "With permissions with pattern" do
352
+ setup do
353
+ @app_spec_string = <<-END
354
+ version: 0.0
355
+ os: linux
356
+ permissions:
357
+ - object: '/'
358
+ pattern: 'glob'
359
+ END
360
+ end
361
+
362
+ should "raise when validated as file permission" do
363
+ app_spec = make_app_spec()
364
+ assert_raised_with_message('Attempt to use pattern glob when assigning permissions to file /',AppSpecValidationException) do
365
+ app_spec.permissions[0].validate_file_permission
366
+ end
367
+ end
368
+ end
369
+
370
+ context "With permissions with except" do
371
+ setup do
372
+ @app_spec_string = <<-END
373
+ version: 0.0
374
+ os: linux
375
+ permissions:
376
+ - object: '/'
377
+ except:
378
+ - 'glob'
379
+ END
380
+ end
381
+
382
+ should "raise when validated as file permission" do
383
+ app_spec = make_app_spec()
384
+ assert_raised_with_message('Attempt to use except ["glob"] when assigning permissions to file /',AppSpecValidationException) do
385
+ app_spec.permissions[0].validate_file_permission
386
+ end
387
+ end
388
+ end
389
+
390
+ context "With permissions" do
391
+ setup do
392
+ @app_spec_string = <<-END
393
+ version: 0.0
394
+ os: linux
395
+ permissions:
396
+ - object: '/'
397
+ END
398
+ end
399
+
400
+ should "not raise when validated as file permission" do
401
+ app_spec = make_app_spec()
402
+ assert_nothing_raised do
403
+ app_spec.permissions[0].validate_file_permission
404
+ end
405
+ end
406
+ end
407
+
408
+ context "With permissions with pattern without file type" do
409
+ setup do
410
+ @app_spec_string = <<-END
411
+ version: 0.0
412
+ os: linux
413
+ permissions:
414
+ - object: '/'
415
+ pattern: 'glob'
416
+ type:
417
+ - "directory"
418
+ END
419
+ end
420
+
421
+ should "not raise when validated as file permission" do
422
+ app_spec = make_app_spec()
423
+ assert_nothing_raised do
424
+ app_spec.permissions[0].validate_file_permission
425
+ end
426
+ end
427
+ end
428
+
429
+ context "With permissions with acl without default ace" do
430
+ setup do
431
+ @app_spec_string = <<-END
432
+ version: 0.0
433
+ os: linux
434
+ permissions:
435
+ - object: '/'
436
+ acls:
437
+ - 'user:name:rwx'
438
+ END
439
+ end
440
+
441
+ should "be able to validate as a file acl" do
442
+ app_spec = make_app_spec()
443
+ assert_nothing_raised do
444
+ app_spec.permissions[0].validate_file_acl("test")
445
+ end
446
+ end
447
+ end
448
+
449
+ context "With permissions with acl with default ace" do
450
+ setup do
451
+ @app_spec_string = <<-END
452
+ version: 0.0
453
+ os: linux
454
+ permissions:
455
+ - object: '/'
456
+ acls:
457
+ - 'd:user:name:rwx'
458
+ END
459
+ end
460
+
461
+ should "be able to validate as a file acl" do
462
+ app_spec = make_app_spec()
463
+ assert_raised_with_message('Attempt to set default acl default:user:name:rwx on file test',RuntimeError) do
464
+ app_spec.permissions[0].validate_file_acl("test")
465
+ end
466
+ end
467
+ end
468
+
469
+ context "With valid permission object" do
470
+ setup do
471
+ @app_spec_string = <<-END
472
+ version: 0.0
473
+ os: linux
474
+ permissions:
475
+ - object: 'test'
476
+ pattern: 'prefix*'
477
+ except: ['*ReadMe', '*.tmp']
478
+ type: ['file']
479
+ owner: 'bob'
480
+ group: 'dev'
481
+ mode: 6763
482
+ acls:
483
+ - 'u:henry:7'
484
+ - 'd:g:manager:rw'
485
+ context:
486
+ name: 'user_u'
487
+ type: 'unconfined_t'
488
+ range: 's3-s5:c0.c7,c13'
489
+ END
490
+ end
491
+
492
+ should "match pattern when appropriate" do
493
+ app_spec = make_app_spec()
494
+ permission = app_spec.permissions[0]
495
+
496
+ assert permission.matches_pattern?(File.expand_path("test/prefix")), "Should match test/prefix for pattern"
497
+ assert permission.matches_pattern?(File.expand_path("test/prefix_matches")), "Should match test/prefix_matches for pattern"
498
+ assert !permission.matches_pattern?(File.expand_path("test/prefix/does_not_match")), "Should not match test/prefix/does_not_match for pattern"
499
+ assert !permission.matches_pattern?(File.expand_path("testprefix/")), "Should not match testprefix/ for pattern"
500
+ assert !permission.matches_pattern?(File.expand_path("tst/prefix")), "Should not match tst/prefix for pattern"
501
+ assert !permission.matches_pattern?(File.expand_path("test/not_prefix")), "Should not match test/not_prefix for pattern"
502
+ end
503
+
504
+ should "match except when appropriate" do
505
+ app_spec = make_app_spec()
506
+ permission = app_spec.permissions[0]
507
+
508
+ assert permission.matches_except?(File.expand_path("test/this.tmp")), "Should match test/this.tmp for except"
509
+ assert permission.matches_except?(File.expand_path("test/this_ReadMe")), "Should match test/this_ReadMe for except"
510
+ assert !permission.matches_except?(File.expand_path("test/prefix/does_not_match.tmp")), "Should not match test/prefix/does_not_match.tmp for except"
511
+ assert !permission.matches_except?(File.expand_path("testprefix/")), "Should not match testprefix/ for except"
512
+ assert !permission.matches_except?(File.expand_path("tst/prefix")), "Should not match tst/prefix for except"
513
+ assert !permission.matches_except?(File.expand_path("test/not_match")), "Should not match test/not_match for except"
514
+ end
515
+
516
+ should "set fields correctly" do
517
+ app_spec = make_app_spec()
518
+ permission = app_spec.permissions[0]
519
+ assert_equal 'test', permission.object
520
+ assert_equal 'prefix*', permission.pattern
521
+ assert_equal ['*ReadMe', '*.tmp'], permission.except
522
+ assert_equal ['file'], permission.type
523
+ assert_equal 'bob', permission.owner
524
+ assert_equal 'dev', permission.group
525
+
526
+ mode = permission.mode
527
+ assert_equal '6763', mode.mode
528
+ assert_equal '3', mode.world
529
+ assert_equal false, mode.world_readable
530
+ assert_equal true, mode.world_writable
531
+ assert_equal true, mode.world_executable
532
+ assert_equal '6', mode.group
533
+ assert_equal true, mode.group_readable
534
+ assert_equal true, mode.group_writable
535
+ assert_equal false, mode.group_executable
536
+ assert_equal '7', mode.owner
537
+ assert_equal true, mode.owner_readable
538
+ assert_equal true, mode.owner_writable
539
+ assert_equal true, mode.owner_executable
540
+ assert_equal true, mode.setuid
541
+ assert_equal true, mode.setgid
542
+ assert_equal false, mode.sticky
543
+
544
+ acl = permission.acls
545
+ assert_equal 2, acl.aces.length
546
+ ace = acl.aces[0]
547
+ assert_equal false, ace.default
548
+ assert_equal 'user', ace.type
549
+ assert_equal 'henry', ace.name
550
+ assert_equal true, ace.read
551
+ assert_equal true, ace.write
552
+ assert_equal true, ace.execute
553
+
554
+ ace = acl.aces[1]
555
+ assert_equal true, ace.default
556
+ assert_equal 'group', ace.type
557
+ assert_equal 'manager', ace.name
558
+ assert_equal true, ace.read
559
+ assert_equal true, ace.write
560
+ assert_equal false, ace.execute
561
+
562
+ context = permission.context
563
+ assert_equal 'user_u', context.user
564
+ assert_equal nil, context.role
565
+ assert_equal 'unconfined_t', context.type
566
+
567
+ range = context.range
568
+ assert_equal 3, range.low_sensitivity
569
+ assert_equal 5, range.high_sensitivity
570
+
571
+ categories = range.categories
572
+ assert_equal 9, categories.length
573
+ [(0..7).to_a,13].flatten!.each do |category|
574
+ assert_equal true, categories.include?(category), "Unable to find expected category #{category}"
575
+ end
576
+ end
577
+ end
578
+
579
+ context "With permission with acl with ace with too few parts" do
580
+ setup do
581
+ @app_spec_string = <<-END
582
+ version: 0.0
583
+ os: linux
584
+ permissions:
585
+ - object: 'test/'
586
+ acls:
587
+ - '7'
588
+ END
589
+ end
590
+
591
+ should "raise an exception" do
592
+ assert_raised_with_message('invalid acl entry 7',AppSpecValidationException) do
593
+ make_app_spec()
594
+ end
595
+ end
596
+ end
597
+
598
+ context "With permission with acl with ace with too many parts" do
599
+ setup do
600
+ @app_spec_string = <<-END
601
+ version: 0.0
602
+ os: linux
603
+ permissions:
604
+ - object: 'test/'
605
+ acls:
606
+ - 'd:u:bob:7:rwx'
607
+ END
608
+ end
609
+
610
+ should "raise an exception" do
611
+ assert_raised_with_message('invalid acl entry d:u:bob:7:rwx',AppSpecValidationException) do
612
+ make_app_spec()
613
+ end
614
+ end
615
+ end
616
+
617
+ context "With permission with acl with ace with invalid first part" do
618
+ setup do
619
+ @app_spec_string = <<-END
620
+ version: 0.0
621
+ os: linux
622
+ permissions:
623
+ - object: 'test/'
624
+ acls:
625
+ - 'invalid:u:bob:7:rwx'
626
+ END
627
+ end
628
+
629
+ should "raise an exception" do
630
+ assert_raised_with_message('invalid acl entry invalid:u:bob:7:rwx',AppSpecValidationException) do
631
+ make_app_spec()
632
+ end
633
+ end
634
+ end
635
+
636
+ context "With permission with acl with ace with invalid second part" do
637
+ setup do
638
+ @app_spec_string = <<-END
639
+ version: 0.0
640
+ os: linux
641
+ permissions:
642
+ - object: 'test/'
643
+ acls:
644
+ - 'd:invalid:bob:7:rwx'
645
+ END
646
+ end
647
+
648
+ should "raise an exception" do
649
+ assert_raised_with_message('invalid acl entry d:invalid:bob:7:rwx',AppSpecValidationException) do
650
+ make_app_spec()
651
+ end
652
+ end
653
+ end
654
+
655
+ context "With permission with acl with ace with default as first and second part" do
656
+ setup do
657
+ @app_spec_string = <<-END
658
+ version: 0.0
659
+ os: linux
660
+ permissions:
661
+ - object: 'test/'
662
+ acls:
663
+ - 'd:d:bob:7:rwx'
664
+ END
665
+ end
666
+
667
+ should "raise an exception" do
668
+ assert_raised_with_message('invalid acl entry d:d:bob:7:rwx',AppSpecValidationException) do
669
+ make_app_spec()
670
+ end
671
+ end
672
+ end
673
+
674
+ context "With permission with acl with ace with mask with name" do
675
+ setup do
676
+ @app_spec_string = <<-END
677
+ version: 0.0
678
+ os: linux
679
+ permissions:
680
+ - object: 'test/'
681
+ acls:
682
+ - 'mask:name:rwx'
683
+ END
684
+ end
685
+
686
+ should "raise an exception" do
687
+ assert_raised_with_message('invalid acl entry mask:name:rwx',AppSpecValidationException) do
688
+ make_app_spec()
689
+ end
690
+ end
691
+ end
692
+
693
+ context "With permission with acl with ace with other with name" do
694
+ setup do
695
+ @app_spec_string = <<-END
696
+ version: 0.0
697
+ os: linux
698
+ permissions:
699
+ - object: 'test/'
700
+ acls:
701
+ - 'd:other:name:rwx'
702
+ END
703
+ end
704
+
705
+ should "raise an exception" do
706
+ assert_raised_with_message('invalid acl entry d:other:name:rwx',AppSpecValidationException) do
707
+ make_app_spec()
708
+ end
709
+ end
710
+ end
711
+
712
+ context "With permission with acl with ace with invalid permission character" do
713
+ setup do
714
+ @app_spec_string = <<-END
715
+ version: 0.0
716
+ os: linux
717
+ permissions:
718
+ - object: 'test/'
719
+ acls:
720
+ - 'user:bob:rwxd'
721
+ END
722
+ end
723
+
724
+ should "raise an exception" do
725
+ assert_raised_with_message('unrecognized permission character d in user:bob:rwxd',AppSpecValidationException) do
726
+ make_app_spec()
727
+ end
728
+ end
729
+ end
730
+
731
+ context "With permission with acl with valid ace with 4 parts" do
732
+ setup do
733
+ @app_spec_string = <<-END
734
+ version: 0.0
735
+ os: linux
736
+ permissions:
737
+ - object: 'test/'
738
+ acls:
739
+ - 'd:u:bob:rwx'
740
+ - 'default:g:dev:rw'
741
+ END
742
+ end
743
+
744
+ should "generate correct fields" do
745
+ app_spec = make_app_spec()
746
+
747
+ acl = app_spec.permissions[0].acls
748
+ assert_equal 2, acl.aces.length
749
+
750
+ ace = acl.aces[0]
751
+ assert_equal true, ace.default
752
+ assert_equal 'user', ace.type
753
+ assert_equal 'bob', ace.name
754
+ assert_equal true, ace.read
755
+ assert_equal true, ace.write
756
+ assert_equal true, ace.execute
757
+
758
+ ace = acl.aces[1]
759
+ assert_equal true, ace.default
760
+ assert_equal 'group', ace.type
761
+ assert_equal 'dev', ace.name
762
+ assert_equal true, ace.read
763
+ assert_equal true, ace.write
764
+ assert_equal false, ace.execute
765
+ end
766
+ end
767
+
768
+ context "With permission with acl with valid ace with 3 parts" do
769
+ setup do
770
+ @app_spec_string = <<-END
771
+ version: 0.0
772
+ os: linux
773
+ permissions:
774
+ - object: 'test/'
775
+ acls:
776
+ - 'd:bob:rwx'
777
+ - 'default::rw'
778
+ - 'm::7'
779
+ - 'mask::7'
780
+ - 'g:dev:7'
781
+ - 'group:dev:7'
782
+ - 'u:bob:7'
783
+ - 'user:bob:7'
784
+ - 'u:mask:7'
785
+ - 'u:other:7'
786
+ END
787
+ end
788
+
789
+ should "generate correct fields" do
790
+ app_spec = make_app_spec()
791
+
792
+ acl = app_spec.permissions[0].acls
793
+ assert_equal 10, acl.aces.length
794
+
795
+ ace = acl.aces[0]
796
+ assert_equal true, ace.default
797
+ assert_equal 'user', ace.type
798
+ assert_equal 'bob', ace.name
799
+ assert_equal true, ace.read
800
+ assert_equal true, ace.write
801
+ assert_equal true, ace.execute
802
+
803
+ ace = acl.aces[1]
804
+ assert_equal true, ace.default
805
+ assert_equal 'user', ace.type
806
+ assert_equal '', ace.name
807
+ assert_equal true, ace.read
808
+ assert_equal true, ace.write
809
+ assert_equal false, ace.execute
810
+
811
+ ace = acl.aces[2]
812
+ assert_equal false, ace.default
813
+ assert_equal 'mask', ace.type
814
+ assert_equal '', ace.name
815
+ assert_equal true, ace.read
816
+ assert_equal true, ace.write
817
+ assert_equal true, ace.execute
818
+
819
+ ace = acl.aces[3]
820
+ assert_equal false, ace.default
821
+ assert_equal 'mask', ace.type
822
+ assert_equal '', ace.name
823
+ assert_equal true, ace.read
824
+ assert_equal true, ace.write
825
+ assert_equal true, ace.execute
826
+
827
+ ace = acl.aces[4]
828
+ assert_equal false, ace.default
829
+ assert_equal 'group', ace.type
830
+ assert_equal 'dev', ace.name
831
+ assert_equal true, ace.read
832
+ assert_equal true, ace.write
833
+ assert_equal true, ace.execute
834
+
835
+ ace = acl.aces[5]
836
+ assert_equal false, ace.default
837
+ assert_equal 'group', ace.type
838
+ assert_equal 'dev', ace.name
839
+ assert_equal true, ace.read
840
+ assert_equal true, ace.write
841
+ assert_equal true, ace.execute
842
+
843
+ ace = acl.aces[6]
844
+ assert_equal false, ace.default
845
+ assert_equal 'user', ace.type
846
+ assert_equal 'bob', ace.name
847
+ assert_equal true, ace.read
848
+ assert_equal true, ace.write
849
+ assert_equal true, ace.execute
850
+
851
+ ace = acl.aces[7]
852
+ assert_equal false, ace.default
853
+ assert_equal 'user', ace.type
854
+ assert_equal 'bob', ace.name
855
+ assert_equal true, ace.read
856
+ assert_equal true, ace.write
857
+ assert_equal true, ace.execute
858
+
859
+ ace = acl.aces[8]
860
+ assert_equal false, ace.default
861
+ assert_equal 'user', ace.type
862
+ assert_equal 'mask', ace.name
863
+ assert_equal true, ace.read
864
+ assert_equal true, ace.write
865
+ assert_equal true, ace.execute
866
+
867
+ ace = acl.aces[9]
868
+ assert_equal false, ace.default
869
+ assert_equal 'user', ace.type
870
+ assert_equal 'other', ace.name
871
+ assert_equal true, ace.read
872
+ assert_equal true, ace.write
873
+ assert_equal true, ace.execute
874
+ end
875
+ end
876
+
877
+ context "With permission with acl with valid ace with 2 parts" do
878
+ setup do
879
+ @app_spec_string = <<-END
880
+ version: 0.0
881
+ os: linux
882
+ permissions:
883
+ - object: 'test/'
884
+ acls:
885
+ - 'bob:0'
886
+ - 'm:7'
887
+ - 'mask:'
888
+ END
889
+ end
890
+
891
+ should "generate correct fields" do
892
+ app_spec = make_app_spec()
893
+
894
+ acl = app_spec.permissions[0].acls
895
+ assert_equal 3, acl.aces.length
896
+
897
+ ace = acl.aces[0]
898
+ assert_equal false, ace.default
899
+ assert_equal 'user', ace.type
900
+ assert_equal 'bob', ace.name
901
+ assert_equal false, ace.read
902
+ assert_equal false, ace.write
903
+ assert_equal false, ace.execute
904
+
905
+ ace = acl.aces[1]
906
+ assert_equal false, ace.default
907
+ assert_equal 'mask', ace.type
908
+ assert_equal '', ace.name
909
+ assert_equal true, ace.read
910
+ assert_equal true, ace.write
911
+ assert_equal true, ace.execute
912
+
913
+ ace = acl.aces[2]
914
+ assert_equal false, ace.default
915
+ assert_equal 'mask', ace.type
916
+ assert_equal '', ace.name
917
+ assert_equal false, ace.read
918
+ assert_equal false, ace.write
919
+ assert_equal false, ace.execute
920
+ end
921
+ end
922
+
923
+ context "With permission with context with invalid sensitivity range" do
924
+ setup do
925
+ @app_spec_string = <<-END
926
+ version: 0.0
927
+ os: linux
928
+ permissions:
929
+ - object: 'test/'
930
+ context:
931
+ name: 'name'
932
+ type: 'type'
933
+ range: 's3-s2:c0'
934
+ END
935
+ end
936
+
937
+ should "raise an exception" do
938
+ assert_raised_with_message('invalid sensitivity range in s3-s2:c0',AppSpecValidationException) do
939
+ make_app_spec()
940
+ end
941
+ end
942
+ end
943
+
944
+ context "With permission with context with missing sensitivity range part" do
945
+ setup do
946
+ @app_spec_string = <<-END
947
+ version: 0.0
948
+ os: linux
949
+ permissions:
950
+ - object: 'test/'
951
+ context:
952
+ name: 'name'
953
+ type: 'type'
954
+ range: 's3-:c0'
955
+ END
956
+ end
957
+
958
+ should "raise an exception" do
959
+ assert_raised_with_message('invalid range part s3-',AppSpecValidationException) do
960
+ make_app_spec()
961
+ end
962
+ end
963
+ end
964
+
965
+ context "With single sensitivity" do
966
+ setup do
967
+ @app_spec_string = <<-END
968
+ version: 0.0
969
+ os: linux
970
+ permissions:
971
+ - object: 'test/'
972
+ context:
973
+ type: 'type'
974
+ range: 's5'
975
+ END
976
+ end
977
+
978
+ should "generate correct fields" do
979
+ app_spec = make_app_spec()
980
+
981
+ assert_equal 5, app_spec.permissions[0].context.range.low_sensitivity
982
+ assert_equal 5, app_spec.permissions[0].context.range.high_sensitivity
983
+ assert_equal nil, app_spec.permissions[0].context.range.categories
984
+ end
985
+ end
986
+
987
+ context "With permission with context with missing sensitivity" do
988
+ setup do
989
+ @app_spec_string = <<-END
990
+ version: 0.0
991
+ os: linux
992
+ permissions:
993
+ - object: 'test/'
994
+ context:
995
+ name: 'name'
996
+ type: 'type'
997
+ range: ':c0'
998
+ END
999
+ end
1000
+
1001
+ should "raise an exception" do
1002
+ assert_raised_with_message('invalid range part :c0',AppSpecValidationException) do
1003
+ make_app_spec()
1004
+ end
1005
+ end
1006
+ end
1007
+
1008
+ context "With permission with context with missing sensitivity value" do
1009
+ setup do
1010
+ @app_spec_string = <<-END
1011
+ version: 0.0
1012
+ os: linux
1013
+ permissions:
1014
+ - object: 'test/'
1015
+ context:
1016
+ name: 'name'
1017
+ type: 'type'
1018
+ range: 's'
1019
+ END
1020
+ end
1021
+
1022
+ should "raise an exception" do
1023
+ assert_raised_with_message('invalid sensitivity s',AppSpecValidationException) do
1024
+ make_app_spec()
1025
+ end
1026
+ end
1027
+ end
1028
+
1029
+ context "With permission with context with negative sensitivity value" do
1030
+ setup do
1031
+ @app_spec_string = <<-END
1032
+ version: 0.0
1033
+ os: linux
1034
+ permissions:
1035
+ - object: 'test/'
1036
+ context:
1037
+ name: 'name'
1038
+ type: 'type'
1039
+ range: 's0-s-1'
1040
+ END
1041
+ end
1042
+
1043
+ should "raise an exception" do
1044
+ assert_raised_with_message('invalid sensitivity s-1',AppSpecValidationException) do
1045
+ make_app_spec()
1046
+ end
1047
+ end
1048
+ end
1049
+
1050
+ context "With permission with context with invalid sensitivity" do
1051
+ setup do
1052
+ @app_spec_string = <<-END
1053
+ version: 0.0
1054
+ os: linux
1055
+ permissions:
1056
+ - object: 'test/'
1057
+ context:
1058
+ name: 'name'
1059
+ type: 'type'
1060
+ range: 'sd3'
1061
+ END
1062
+ end
1063
+
1064
+ should "raise an exception" do
1065
+ assert_raised_with_message('invalid sensitivity sd3',AppSpecValidationException) do
1066
+ make_app_spec()
1067
+ end
1068
+ end
1069
+ end
1070
+
1071
+ context "With permission with context with invalid sensitivity 2" do
1072
+ setup do
1073
+ @app_spec_string = <<-END
1074
+ version: 0.0
1075
+ os: linux
1076
+ permissions:
1077
+ - object: 'test/'
1078
+ context:
1079
+ name: 'name'
1080
+ type: 'type'
1081
+ range: 'd3'
1082
+ END
1083
+ end
1084
+
1085
+ should "raise an exception" do
1086
+ assert_raised_with_message('invalid sensitivity d3',AppSpecValidationException) do
1087
+ make_app_spec()
1088
+ end
1089
+ end
1090
+ end
1091
+
1092
+ context "With permission with context with invalid category range" do
1093
+ setup do
1094
+ @app_spec_string = <<-END
1095
+ version: 0.0
1096
+ os: linux
1097
+ permissions:
1098
+ - object: 'test/'
1099
+ context:
1100
+ name: 'name'
1101
+ type: 'type'
1102
+ range: 's0:c2.c1'
1103
+ END
1104
+ end
1105
+
1106
+ should "raise an exception" do
1107
+ assert_raised_with_message('invalid category range c2.c1',AppSpecValidationException) do
1108
+ make_app_spec()
1109
+ end
1110
+ end
1111
+ end
1112
+
1113
+ context "With permission with context with missing category range part" do
1114
+ setup do
1115
+ @app_spec_string = <<-END
1116
+ version: 0.0
1117
+ os: linux
1118
+ permissions:
1119
+ - object: 'test/'
1120
+ context:
1121
+ name: 'name'
1122
+ type: 'type'
1123
+ range: 's0:c2.'
1124
+ END
1125
+ end
1126
+
1127
+ should "raise an exception" do
1128
+ assert_raised_with_message('invalid range part c2.',AppSpecValidationException) do
1129
+ make_app_spec()
1130
+ end
1131
+ end
1132
+ end
1133
+
1134
+ context "With valid category" do
1135
+ setup do
1136
+ @app_spec_string = <<-END
1137
+ version: 0.0
1138
+ os: linux
1139
+ permissions:
1140
+ - object: 'test/'
1141
+ context:
1142
+ type: 'type'
1143
+ range: 's0:c0.c1,c15,c7.c9'
1144
+ END
1145
+ end
1146
+
1147
+ should "generate correct fields" do
1148
+ app_spec = make_app_spec()
1149
+
1150
+ categories = app_spec.permissions[0].context.range.categories
1151
+ assert_equal 6, categories.length
1152
+ [(0..1).to_a, (7..9).to_a, 15].flatten!.each do |category|
1153
+ assert_equal true, categories.include?(category), "Unable to find expected category #{category}"
1154
+ end
1155
+ end
1156
+ end
1157
+
1158
+ context "With permission with context with missing category" do
1159
+ setup do
1160
+ @app_spec_string = <<-END
1161
+ version: 0.0
1162
+ os: linux
1163
+ permissions:
1164
+ - object: 'test/'
1165
+ context:
1166
+ name: 'name'
1167
+ type: 'type'
1168
+ range: 's0:'
1169
+ END
1170
+ end
1171
+
1172
+ should "raise an exception" do
1173
+ assert_raised_with_message('invalid range part s0:',AppSpecValidationException) do
1174
+ make_app_spec()
1175
+ end
1176
+ end
1177
+ end
1178
+
1179
+ context "With permission with context with missing category value" do
1180
+ setup do
1181
+ @app_spec_string = <<-END
1182
+ version: 0.0
1183
+ os: linux
1184
+ permissions:
1185
+ - object: 'test/'
1186
+ context:
1187
+ name: 'name'
1188
+ type: 'type'
1189
+ range: 's0:c'
1190
+ END
1191
+ end
1192
+
1193
+ should "raise an exception" do
1194
+ assert_raised_with_message('invalid category c',AppSpecValidationException) do
1195
+ make_app_spec()
1196
+ end
1197
+ end
1198
+ end
1199
+
1200
+ context "With permission with context with negative category value" do
1201
+ setup do
1202
+ @app_spec_string = <<-END
1203
+ version: 0.0
1204
+ os: linux
1205
+ permissions:
1206
+ - object: 'test/'
1207
+ context:
1208
+ name: 'name'
1209
+ type: 'type'
1210
+ range: 's0:c-1'
1211
+ END
1212
+ end
1213
+
1214
+ should "raise an exception" do
1215
+ assert_raised_with_message('invalid category c-1',AppSpecValidationException) do
1216
+ make_app_spec()
1217
+ end
1218
+ end
1219
+ end
1220
+
1221
+ context "With permission with context with category value above 1023" do
1222
+ setup do
1223
+ @app_spec_string = <<-END
1224
+ version: 0.0
1225
+ os: linux
1226
+ permissions:
1227
+ - object: 'test/'
1228
+ context:
1229
+ name: 'name'
1230
+ type: 'type'
1231
+ range: 's0:c1024'
1232
+ END
1233
+ end
1234
+
1235
+ should "raise an exception" do
1236
+ assert_raised_with_message('invalid category c1024',AppSpecValidationException) do
1237
+ make_app_spec()
1238
+ end
1239
+ end
1240
+ end
1241
+
1242
+ context "With permission with context without type" do
1243
+ setup do
1244
+ @app_spec_string = <<-END
1245
+ version: 0.0
1246
+ os: linux
1247
+ permissions:
1248
+ - object: 'test/'
1249
+ context:
1250
+ name: 'name'
1251
+ END
1252
+ end
1253
+
1254
+ should "raise an exception" do
1255
+ assert_raised_with_message("invalid context type required {\"name\"=>\"name\"}",AppSpecValidationException) do
1256
+ make_app_spec()
1257
+ end
1258
+ end
1259
+ end
1260
+
1261
+ context "With permission with context with invalid category" do
1262
+ setup do
1263
+ @app_spec_string = <<-END
1264
+ version: 0.0
1265
+ os: linux
1266
+ permissions:
1267
+ - object: 'test/'
1268
+ context:
1269
+ name: 'name'
1270
+ type: 'type'
1271
+ range: 's0:cd3'
1272
+ END
1273
+ end
1274
+
1275
+ should "raise an exception" do
1276
+ assert_raised_with_message('invalid category cd3',AppSpecValidationException) do
1277
+ make_app_spec()
1278
+ end
1279
+ end
1280
+ end
1281
+
1282
+ context "With permission with context with invalid category 2" do
1283
+ setup do
1284
+ @app_spec_string = <<-END
1285
+ version: 0.0
1286
+ os: linux
1287
+ permissions:
1288
+ - object: 'test/'
1289
+ context:
1290
+ name: 'name'
1291
+ type: 'type'
1292
+ range: 's0:d3'
1293
+ END
1294
+ end
1295
+
1296
+ should "raise an exception" do
1297
+ assert_raised_with_message('invalid category d3',AppSpecValidationException) do
1298
+ make_app_spec()
1299
+ end
1300
+ end
1301
+ end
1302
+
1303
+ context "With permission with context with duplicate categories" do
1304
+ setup do
1305
+ @app_spec_string = <<-END
1306
+ version: 0.0
1307
+ os: linux
1308
+ permissions:
1309
+ - object: 'test/'
1310
+ context:
1311
+ name: 'name'
1312
+ type: 'type'
1313
+ range: 's0:c0.c2,c1'
1314
+ END
1315
+ end
1316
+
1317
+ should "raise an exception" do
1318
+ assert_raised_with_message('duplicate categories',AppSpecValidationException) do
1319
+ make_app_spec()
1320
+ end
1321
+ end
1322
+ end
1323
+
1324
+ context "With permission with mode with 5 digits" do
1325
+ setup do
1326
+ @app_spec_string = <<-END
1327
+ version: 0.0
1328
+ os: linux
1329
+ permissions:
1330
+ - object: 'test/'
1331
+ mode: 12345
1332
+ END
1333
+ end
1334
+
1335
+ should "raise an exception" do
1336
+ assert_raised_with_message('permission mode length incorrect: 12345',AppSpecValidationException) do
1337
+ make_app_spec()
1338
+ end
1339
+ end
1340
+ end
1341
+
1342
+ context "With permission with mode with 2 digits" do
1343
+ setup do
1344
+ @app_spec_string = <<-END
1345
+ version: 0.0
1346
+ os: linux
1347
+ permissions:
1348
+ - object: 'test/'
1349
+ mode: 12
1350
+ END
1351
+ end
1352
+
1353
+ should "fill in needed zeros" do
1354
+ app_spec = make_app_spec()
1355
+
1356
+ mode = app_spec.permissions[0].mode
1357
+ assert_equal '012', mode.mode
1358
+ assert_equal '2', mode.world
1359
+ assert_equal false, mode.world_readable
1360
+ assert_equal true, mode.world_writable
1361
+ assert_equal false, mode.world_executable
1362
+ assert_equal '1', mode.group
1363
+ assert_equal false, mode.group_readable
1364
+ assert_equal false, mode.group_writable
1365
+ assert_equal true, mode.group_executable
1366
+ assert_equal '0', mode.owner
1367
+ assert_equal false, mode.owner_readable
1368
+ assert_equal false, mode.owner_writable
1369
+ assert_equal false, mode.owner_executable
1370
+ assert_equal false, mode.setuid
1371
+ assert_equal false, mode.setgid
1372
+ assert_equal false, mode.sticky
1373
+ end
1374
+ end
1375
+
1376
+ context "With permission with mode with invalid char" do
1377
+ setup do
1378
+ @app_spec_string = <<-END
1379
+ version: 0.0
1380
+ os: linux
1381
+ permissions:
1382
+ - object: 'test/'
1383
+ mode: 12a
1384
+ END
1385
+ end
1386
+
1387
+ should "raise an exception" do
1388
+ assert_raised_with_message('invalid character a in permission mode 12a',AppSpecValidationException) do
1389
+ make_app_spec()
1390
+ end
1391
+ end
1392
+ end
1393
+
1394
+ context "With permission with valid modes" do
1395
+ setup do
1396
+ @app_spec_string = <<-END
1397
+ version: 0.0
1398
+ os: linux
1399
+ permissions:
1400
+ - object: 'test/'
1401
+ mode: 7777
1402
+ - object: 'test1/'
1403
+ mode: 0000
1404
+ - object: 'test2/'
1405
+ mode: 777
1406
+ END
1407
+ end
1408
+
1409
+ should "generate correct fields" do
1410
+ app_spec = make_app_spec()
1411
+
1412
+ mode = app_spec.permissions[0].mode
1413
+ assert_equal '7777', mode.mode
1414
+ assert_equal '7', mode.world
1415
+ assert_equal true, mode.world_readable
1416
+ assert_equal true, mode.world_writable
1417
+ assert_equal true, mode.world_executable
1418
+ assert_equal '7', mode.group
1419
+ assert_equal true, mode.group_readable
1420
+ assert_equal true, mode.group_writable
1421
+ assert_equal true, mode.group_executable
1422
+ assert_equal '7', mode.owner
1423
+ assert_equal true, mode.owner_readable
1424
+ assert_equal true, mode.owner_writable
1425
+ assert_equal true, mode.owner_executable
1426
+ assert_equal true, mode.setuid
1427
+ assert_equal true, mode.setgid
1428
+ assert_equal true, mode.sticky
1429
+
1430
+ mode = app_spec.permissions[1].mode
1431
+ assert_equal '000', mode.mode
1432
+ assert_equal '0', mode.world
1433
+ assert_equal false, mode.world_readable
1434
+ assert_equal false, mode.world_writable
1435
+ assert_equal false, mode.world_executable
1436
+ assert_equal '0', mode.group
1437
+ assert_equal false, mode.group_readable
1438
+ assert_equal false, mode.group_writable
1439
+ assert_equal false, mode.group_executable
1440
+ assert_equal '0', mode.owner
1441
+ assert_equal false, mode.owner_readable
1442
+ assert_equal false, mode.owner_writable
1443
+ assert_equal false, mode.owner_executable
1444
+ assert_equal false, mode.setuid
1445
+ assert_equal false, mode.setgid
1446
+ assert_equal false, mode.sticky
1447
+
1448
+ mode = app_spec.permissions[2].mode
1449
+ assert_equal '777', mode.mode
1450
+ assert_equal '7', mode.world
1451
+ assert_equal true, mode.world_readable
1452
+ assert_equal true, mode.world_writable
1453
+ assert_equal true, mode.world_executable
1454
+ assert_equal '7', mode.group
1455
+ assert_equal true, mode.group_readable
1456
+ assert_equal true, mode.group_writable
1457
+ assert_equal true, mode.group_executable
1458
+ assert_equal '7', mode.owner
1459
+ assert_equal true, mode.owner_readable
1460
+ assert_equal true, mode.owner_writable
1461
+ assert_equal true, mode.owner_executable
1462
+ assert_equal false, mode.setuid
1463
+ assert_equal false, mode.setgid
1464
+ assert_equal false, mode.sticky
1465
+ end
1466
+ end
1467
+
1468
+ context "When acl is present" do
1469
+ setup do
1470
+ @app_spec_string = <<-END
1471
+ version: 0.0
1472
+ os: linux
1473
+ permissions:
1474
+ - object: 'test/'
1475
+ acls: []
1476
+ END
1477
+ app_spec = make_app_spec()
1478
+ @acl = app_spec.permissions[0].acls
1479
+ end
1480
+
1481
+ should "be able to add and clear additional aces" do
1482
+ @acl.add_ace("d:henry:4")
1483
+ @acl.clear_additional
1484
+ end
1485
+
1486
+ should "be able to get an empty acl" do
1487
+ assert_equal [], @acl.get_acl
1488
+ end
1489
+
1490
+ should "be able to get added aces in the acl" do
1491
+ @acl.add_ace("d:henry:4")
1492
+ assert_equal 1, @acl.get_acl.length
1493
+ @acl.clear_additional
1494
+ end
1495
+
1496
+ should "not be able to get a default ace" do
1497
+ assert_equal nil, @acl.get_default_ace
1498
+ end
1499
+
1500
+ should "be able to get an added default ace" do
1501
+ @acl.add_ace("d:henry:4")
1502
+ assert_not_nil @acl.get_default_ace
1503
+ @acl.clear_additional
1504
+ end
1505
+
1506
+ should "not be able to get a default group ace" do
1507
+ assert_equal nil, @acl.get_default_group_ace
1508
+ end
1509
+
1510
+ should "be able to get an added default group ace" do
1511
+ @acl.add_ace("d:g::4")
1512
+ assert_not_nil @acl.get_default_group_ace
1513
+ @acl.clear_additional
1514
+ end
1515
+
1516
+ should "not have a base named ace" do
1517
+ assert !@acl.has_base_named?
1518
+ end
1519
+
1520
+ should "have a base named ace when added" do
1521
+ @acl.add_ace("bob:4")
1522
+ assert @acl.has_base_named?
1523
+ @acl.clear_additional
1524
+ end
1525
+
1526
+ should "not have a base mask ace" do
1527
+ assert !@acl.has_base_mask?
1528
+ end
1529
+
1530
+ should "have a base mask ace when added" do
1531
+ @acl.add_ace("m:4")
1532
+ assert @acl.has_base_mask?
1533
+ @acl.clear_additional
1534
+ end
1535
+
1536
+ should "not have a default ace" do
1537
+ assert !@acl.has_default?
1538
+ end
1539
+
1540
+ should "have a default ace when added" do
1541
+ @acl.add_ace("d:bob:4")
1542
+ assert @acl.has_default?
1543
+ @acl.clear_additional
1544
+ end
1545
+
1546
+ should "not have a default user ace" do
1547
+ assert !@acl.has_default_user?
1548
+ end
1549
+
1550
+ should "have a default user ace when added" do
1551
+ @acl.add_ace("d::4")
1552
+ assert @acl.has_default_user?
1553
+ @acl.clear_additional
1554
+ end
1555
+
1556
+ should "not have a default group ace" do
1557
+ assert !@acl.has_default_group?
1558
+ end
1559
+
1560
+ should "have a default group ace when added" do
1561
+ @acl.add_ace("d:g::4")
1562
+ assert @acl.has_default_group?
1563
+ @acl.clear_additional
1564
+ end
1565
+
1566
+ should "not have a default other ace" do
1567
+ assert !@acl.has_default_other?
1568
+ end
1569
+
1570
+ should "have a default other ace when added" do
1571
+ @acl.add_ace("d:o:4")
1572
+ assert @acl.has_default_other?
1573
+ @acl.clear_additional
1574
+ end
1575
+
1576
+ should "not have a default named ace" do
1577
+ assert !@acl.has_default_named?
1578
+ end
1579
+
1580
+ should "have a default named ace when added" do
1581
+ @acl.add_ace("d:bob:4")
1582
+ assert @acl.has_default_named?
1583
+ @acl.clear_additional
1584
+ end
1585
+
1586
+ should "not have a default mask ace" do
1587
+ assert !@acl.has_default_mask?
1588
+ end
1589
+
1590
+ should "have a default mask ace when added" do
1591
+ @acl.add_ace("d:m:4")
1592
+ assert @acl.has_default_mask?
1593
+ @acl.clear_additional
1594
+ end
1595
+ end
1596
+
1597
+ context "When acl is present with existing aces" do
1598
+ setup do
1599
+ @app_spec_string = <<-END
1600
+ version: 0.0
1601
+ os: linux
1602
+ permissions:
1603
+ - object: 'test/'
1604
+ acls:
1605
+ - 'bob:6'
1606
+ - 'm:6'
1607
+ - 'd:bob:0'
1608
+ - 'd::3'
1609
+ - 'd:g::4'
1610
+ - 'd:o:3'
1611
+ - 'd:m:7'
1612
+ END
1613
+ app_spec = make_app_spec()
1614
+ @acl = app_spec.permissions[0].acls
1615
+ end
1616
+
1617
+ should "be able to get the acl" do
1618
+ assert_equal 7, @acl.get_acl.length
1619
+ end
1620
+
1621
+ should "be able to get default ace" do
1622
+ assert_not_nil @acl.get_default_ace
1623
+ end
1624
+
1625
+ should "be able to get default group ace" do
1626
+ assert_not_nil @acl.get_default_group_ace
1627
+ end
1628
+
1629
+ should "have base named ace" do
1630
+ assert_not_nil @acl.has_base_named?
1631
+ end
1632
+
1633
+ should "have base mask ace" do
1634
+ assert_not_nil @acl.has_base_mask?
1635
+ end
1636
+
1637
+ should "have default ace" do
1638
+ assert_not_nil @acl.has_default?
1639
+ end
1640
+
1641
+ should "have default user ace" do
1642
+ assert_not_nil @acl.has_default_user?
1643
+ end
1644
+
1645
+ should "have default group ace" do
1646
+ assert_not_nil @acl.has_default_group?
1647
+ end
1648
+
1649
+ should "have default other ace" do
1650
+ assert_not_nil @acl.has_default_other?
1651
+ end
1652
+
1653
+ should "have default named ace" do
1654
+ assert_not_nil @acl.has_default_named?
1655
+ end
1656
+
1657
+ should "have default mask ace" do
1658
+ assert_not_nil @acl.has_default_mask?
1659
+ end
1660
+ end
1661
+ end
1662
+
1663
+ context "With a ContextInfo" do
1664
+ should "with a simple range" do
1665
+ info = InstanceAgent::CodeDeployPlugin::ApplicationSpecification::ContextInfo.new({"type"=>"type","range"=>"s3"})
1666
+ assert_equal "s3", info.range.get_range
1667
+ end
1668
+
1669
+ should "with a complex range" do
1670
+ info = InstanceAgent::CodeDeployPlugin::ApplicationSpecification::ContextInfo.new({"type"=>"type","range"=>"s3-s7:c5,c8.c10,c17"})
1671
+ assert_equal "s3-s7:c5,c8.c10,c17", info.range.get_range
1672
+ end
1673
+ end
1674
+
1675
+ context "With a ACEInfo" do
1676
+ should "not raise if made internal with base entries" do
1677
+ assert_nothing_raised do
1678
+ InstanceAgent::CodeDeployPlugin::ApplicationSpecification::AceInfo.new("u::7", true)
1679
+ InstanceAgent::CodeDeployPlugin::ApplicationSpecification::AceInfo.new("g::7", true)
1680
+ InstanceAgent::CodeDeployPlugin::ApplicationSpecification::AceInfo.new("o::7", true)
1681
+ end
1682
+ end
1683
+
1684
+ should "raise when not internal and has base user" do
1685
+ assert_raised_with_message("use mode to set the base acl entry u::7",AppSpecValidationException) do
1686
+ InstanceAgent::CodeDeployPlugin::ApplicationSpecification::AceInfo.new("u::7")
1687
+ end
1688
+ end
1689
+
1690
+ should "raise when not internal and has base group" do
1691
+ assert_raised_with_message("use mode to set the base acl entry g::7",AppSpecValidationException) do
1692
+ InstanceAgent::CodeDeployPlugin::ApplicationSpecification::AceInfo.new("g::7")
1693
+ end
1694
+ end
1695
+
1696
+ should "raise when not internal and has base other" do
1697
+ assert_raised_with_message("use mode to set the base acl entry o:7",AppSpecValidationException) do
1698
+ InstanceAgent::CodeDeployPlugin::ApplicationSpecification::AceInfo.new("o:7")
1699
+ end
1700
+ end
1701
+
1702
+ should "be able to get the ace" do
1703
+ assert_equal("default:user:bob:rwx", InstanceAgent::CodeDeployPlugin::ApplicationSpecification::AceInfo.new("d:u:bob:7").get_ace)
1704
+ assert_equal("mask::---", InstanceAgent::CodeDeployPlugin::ApplicationSpecification::AceInfo.new("m:0").get_ace)
1705
+ end
1706
+ end
1707
+ end
1708
+ end
1709
+ end
1710
+ end