aws-codedeploy-agent 0.0.2 → 0.0.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (91) hide show
  1. data/aws-codedeploy-agent.gemspec +5 -5
  2. data/certs/host-agent-deployment-signer-ca-chain.pem +30 -0
  3. data/conf/codedeployagent.yml +0 -1
  4. data/lib/instance_agent.rb +1 -13
  5. data/lib/instance_agent/agent/base.rb +38 -12
  6. data/lib/instance_agent/agent/plugin.rb +21 -0
  7. data/lib/instance_agent/config.rb +2 -1
  8. data/lib/instance_agent/platform/linux_util.rb +4 -0
  9. data/lib/instance_agent/plugins/codedeploy/application_specification/ace_info.rb +133 -0
  10. data/lib/instance_agent/plugins/codedeploy/application_specification/acl_info.rb +163 -0
  11. data/lib/instance_agent/plugins/codedeploy/application_specification/application_specification.rb +143 -0
  12. data/lib/instance_agent/plugins/codedeploy/application_specification/context_info.rb +23 -0
  13. data/lib/instance_agent/plugins/codedeploy/application_specification/file_info.rb +23 -0
  14. data/lib/instance_agent/plugins/codedeploy/application_specification/linux_permission_info.rb +121 -0
  15. data/lib/instance_agent/plugins/codedeploy/application_specification/mode_info.rb +66 -0
  16. data/lib/instance_agent/plugins/codedeploy/application_specification/range_info.rb +134 -0
  17. data/lib/instance_agent/plugins/codedeploy/application_specification/script_info.rb +27 -0
  18. data/lib/instance_agent/plugins/codedeploy/codedeploy_control.rb +100 -0
  19. data/lib/instance_agent/plugins/codedeploy/command_executor.rb +359 -0
  20. data/lib/instance_agent/plugins/codedeploy/command_poller.rb +178 -0
  21. data/lib/instance_agent/plugins/codedeploy/deployment_specification.rb +161 -0
  22. data/lib/instance_agent/plugins/codedeploy/hook_executor.rb +226 -0
  23. data/lib/instance_agent/plugins/codedeploy/install_instruction.rb +389 -0
  24. data/lib/instance_agent/plugins/codedeploy/installer.rb +147 -0
  25. data/lib/instance_agent/plugins/codedeploy/onpremise_config.rb +42 -0
  26. data/lib/instance_agent/plugins/codedeploy/register_plugin.rb +17 -0
  27. data/lib/instance_agent/runner/child.rb +20 -5
  28. data/lib/instance_agent/runner/master.rb +2 -15
  29. data/lib/instance_metadata.rb +2 -2
  30. data/test/certificate_helper.rb +1 -1
  31. data/test/helpers/instance_agent_helper.rb +1 -0
  32. data/test/instance_agent/agent/base_test.rb +16 -3
  33. data/test/instance_agent/config_test.rb +2 -1
  34. data/test/instance_agent/plugins/codedeploy/application_specification_test.rb +1713 -0
  35. data/test/instance_agent/{codedeploy_plugin → plugins/codedeploy}/codedeploy_control_test.rb +1 -1
  36. data/test/instance_agent/{codedeploy_plugin → plugins/codedeploy}/command_executor_test.rb +32 -9
  37. data/test/instance_agent/{codedeploy_plugin → plugins/codedeploy}/command_poller_test.rb +13 -14
  38. data/test/instance_agent/{codedeploy_plugin → plugins/codedeploy}/deployment_specification_test.rb +98 -25
  39. data/test/instance_agent/{codedeploy_plugin → plugins/codedeploy}/hook_executor_test.rb +83 -15
  40. data/test/instance_agent/plugins/codedeploy/install_instruction_test.rb +568 -0
  41. data/test/instance_agent/{codedeploy_plugin → plugins/codedeploy}/installer_test.rb +12 -9
  42. data/test/instance_agent/plugins/codedeploy/onpremise_config_test.rb +72 -0
  43. data/test/instance_agent/runner/child_test.rb +1 -1
  44. data/vendor/gems/.codedeploy-commands-1.0.0.created.rid +1 -1
  45. data/vendor/gems/codedeploy-commands/lib/aws/plugins/deploy_control_endpoint.rb +4 -0
  46. data/vendor/gems/jmespath-1.0.1/lib/jmespath.rb +41 -0
  47. data/vendor/gems/jmespath-1.0.1/lib/jmespath/caching_parser.rb +30 -0
  48. data/vendor/gems/jmespath-1.0.1/lib/jmespath/errors.rb +17 -0
  49. data/vendor/gems/jmespath-1.0.1/lib/jmespath/expr_node.rb +15 -0
  50. data/vendor/gems/jmespath-1.0.1/lib/jmespath/lexer.rb +116 -0
  51. data/vendor/gems/jmespath-1.0.1/lib/jmespath/parser.rb +347 -0
  52. data/vendor/gems/jmespath-1.0.1/lib/jmespath/runtime.rb +71 -0
  53. data/vendor/gems/jmespath-1.0.1/lib/jmespath/token.rb +41 -0
  54. data/vendor/gems/jmespath-1.0.1/lib/jmespath/token_stream.rb +60 -0
  55. data/vendor/gems/jmespath-1.0.1/lib/jmespath/tree_interpreter.rb +523 -0
  56. data/vendor/gems/jmespath-1.0.1/lib/jmespath/version.rb +3 -0
  57. data/vendor/gems/process_manager/lib/process_manager/master.rb +16 -5
  58. data/vendor/specifications/{aws-sdk-core-2.0.5.gemspec → aws-sdk-core-2.0.42.gemspec} +9 -11
  59. data/vendor/specifications/builder-3.2.2.gemspec +1 -1
  60. data/vendor/specifications/codedeploy-commands-1.0.0.gemspec +7 -6
  61. data/vendor/specifications/gli-2.5.6.gemspec +1 -1
  62. data/vendor/specifications/jmespath-1.0.1.gemspec +29 -0
  63. data/vendor/specifications/little-plugger-1.1.3.gemspec +1 -1
  64. data/vendor/specifications/logging-1.8.1.gemspec +1 -1
  65. data/vendor/specifications/multi_json-1.7.7.gemspec +1 -1
  66. data/vendor/specifications/multi_json-1.8.4.gemspec +1 -1
  67. data/vendor/specifications/multi_xml-0.5.5.gemspec +1 -1
  68. data/vendor/specifications/process_manager-0.0.13.gemspec +1 -1
  69. data/vendor/specifications/simple_pid-0.2.1.gemspec +1 -1
  70. metadata +76 -63
  71. data/lib/instance_agent/codedeploy_plugin/application_specification/ace_info.rb +0 -133
  72. data/lib/instance_agent/codedeploy_plugin/application_specification/acl_info.rb +0 -163
  73. data/lib/instance_agent/codedeploy_plugin/application_specification/application_specification.rb +0 -142
  74. data/lib/instance_agent/codedeploy_plugin/application_specification/context_info.rb +0 -23
  75. data/lib/instance_agent/codedeploy_plugin/application_specification/file_info.rb +0 -23
  76. data/lib/instance_agent/codedeploy_plugin/application_specification/linux_permission_info.rb +0 -121
  77. data/lib/instance_agent/codedeploy_plugin/application_specification/mode_info.rb +0 -66
  78. data/lib/instance_agent/codedeploy_plugin/application_specification/range_info.rb +0 -134
  79. data/lib/instance_agent/codedeploy_plugin/application_specification/script_info.rb +0 -27
  80. data/lib/instance_agent/codedeploy_plugin/codedeploy_control.rb +0 -72
  81. data/lib/instance_agent/codedeploy_plugin/command_executor.rb +0 -357
  82. data/lib/instance_agent/codedeploy_plugin/command_poller.rb +0 -170
  83. data/lib/instance_agent/codedeploy_plugin/deployment_specification.rb +0 -150
  84. data/lib/instance_agent/codedeploy_plugin/hook_executor.rb +0 -206
  85. data/lib/instance_agent/codedeploy_plugin/install_instruction.rb +0 -374
  86. data/lib/instance_agent/codedeploy_plugin/installer.rb +0 -143
  87. data/lib/instance_agent/codedeploy_plugin/request_helper.rb +0 -28
  88. data/test/instance_agent/codedeploy_plugin/application_specification_test.rb +0 -1710
  89. data/test/instance_agent/codedeploy_plugin/install_instruction_test.rb +0 -566
  90. data/test/instance_agent/codedeploy_plugin/request_helper_test.rb +0 -37
  91. data/vendor/specifications/jamespath-0.5.1.gemspec +0 -35
data/lib/instance_agent/codedeploy_plugin/installer.rb DELETED
@@ -1,143 +0,0 @@
1
- require 'instance_agent/codedeploy_plugin/install_instruction'
2
-
3
- module InstanceAgent
4
- module CodeDeployPlugin
5
-
6
- # Manages install and cleanup files. Also generates and executes
7
- # install instructions based on the files section of the
8
- # application specification file.
9
- class Installer
10
-
11
- attr_reader :deployment_archive_dir
12
- attr_reader :deployment_instructions_dir
13
-
14
- def initialize(opts = {})
15
- raise "the deployment_archive_dir option is required" if
16
- opts[:deployment_archive_dir].nil?
17
- raise "the deployment_instructions_dir option is required" if
18
- opts[:deployment_instructions_dir].nil?
19
-
20
- @deployment_archive_dir = opts[:deployment_archive_dir]
21
- @deployment_instructions_dir = opts[:deployment_instructions_dir]
22
- end
23
-
24
- def install(deployment_group_id, application_specification)
25
- cleanup_file = File.join(deployment_instructions_dir, "#{deployment_group_id}-cleanup")
26
-
27
- if File.exists?(cleanup_file)
28
- InstallInstruction.parse_remove_commands(File.read(cleanup_file)).each do |cmd|
29
- cmd.execute
30
- end
31
-
32
- FileUtils.rm(cleanup_file)
33
- end
34
-
35
- instructions = generate_instructions(application_specification)
36
-
37
- install_file = File.join(deployment_instructions_dir, "#{deployment_group_id}-install.json")
38
- File.open(install_file, "w") do |f|
39
- f.write(instructions.to_json)
40
- end
41
-
42
- File.open(cleanup_file, "w") do |f|
43
- instructions.each do |cmd|
44
- cmd.execute(f)
45
- end
46
- end
47
- end
48
-
49
- private
50
- def generate_instructions(application_specification)
51
- InstallInstruction.generate_instructions() do |i|
52
- application_specification.files.each do |fi|
53
-
54
- absolute_source_path = File.join(deployment_archive_dir,
55
- fi.source)
56
-
57
- log(:debug, "generating instructions for copying #{fi.source} to #{fi.destination}")
58
- if File.directory?(absolute_source_path)
59
- fill_in_missing_ancestors(i, fi.destination)
60
- generate_directory_copy(i, absolute_source_path, fi.destination)
61
- else
62
- file_destination = File.join(fi.destination, File.basename(absolute_source_path))
63
- fill_in_missing_ancestors(i, file_destination)
64
- generate_normal_copy(i, absolute_source_path, file_destination)
65
- end
66
- end
67
-
68
- (application_specification.permissions || []).each do |permission|
69
- object = permission.object
70
-
71
- log(:debug, "generating instructions for setting permissions on object #{object}")
72
- log(:debug, "it is an existing directory - #{File.directory?(object)}")
73
- if i.copying_file?(object)
74
- if permission.type.include?("file")
75
- log(:debug, "found matching file #{object} to set permissions on")
76
- permission.validate_file_permission
77
- permission.validate_file_acl(object)
78
- i.set_permissions(object, permission)
79
- end
80
- elsif (i.making_directory?(object) || File.directory?(object))
81
- log(:debug, "found matching directory #{object} to search for objects to set permissions on")
82
- i.find_matches(permission).each do|match|
83
- log(:debug, "found matching object #{match} to set permissions on")
84
- i.set_permissions(match, permission)
85
- end
86
- end
87
- end
88
- end
89
- end
90
-
91
- private
92
- def generate_directory_copy(i, absolute_source_path, destination)
93
- unless File.directory?(destination)
94
- i.mkdir(destination)
95
- end
96
-
97
- (Dir.entries(absolute_source_path) - [".", ".."]).each do |entry|
98
- absolute_entry_path = File.join(absolute_source_path, entry)
99
- entry_destination = File.join(destination, entry)
100
- if File.directory?(absolute_entry_path)
101
- generate_directory_copy(i, absolute_entry_path, entry_destination)
102
- else
103
- generate_normal_copy(i, absolute_entry_path, entry_destination)
104
- end
105
- end
106
- end
107
-
108
- private
109
- def generate_normal_copy(i, absolute_source_path, destination)
110
- raise "File already exists at location #{destination}" if
111
- File.exists?(destination)
112
-
113
- i.copy(absolute_source_path, destination)
114
- end
115
-
116
- private
117
- def fill_in_missing_ancestors(i, destination)
118
- missing_ancestors = []
119
- parent_dir = File.dirname(destination)
120
- while !File.exists?(parent_dir) &&
121
- parent_dir != "." && parent_dir != "/"
122
- missing_ancestors.unshift(parent_dir)
123
- parent_dir = File.dirname(parent_dir)
124
- end
125
-
126
- missing_ancestors.each do |dir|
127
- i.mkdir(dir)
128
- end
129
- end
130
-
131
- private
132
- def description
133
- self.class.to_s
134
- end
135
-
136
- private
137
- def log(severity, message)
138
- raise ArgumentError, "Unknown severity #{severity.inspect}" unless InstanceAgent::Log::SEVERITIES.include?(severity.to_s)
139
- InstanceAgent::Log.send(severity.to_sym, "#{description}: #{message}")
140
- end
141
- end
142
- end
143
- end
data/lib/instance_agent/codedeploy_plugin/request_helper.rb DELETED
@@ -1,28 +0,0 @@
1
- require 'instance_metadata'
2
-
3
- module InstanceAgent
4
- module CodeDeployPlugin
5
- class RequestHelper
6
-
7
- def initialize(options = {})
8
- @deploy_control_client = options[:deploy_control_client]
9
- end
10
-
11
- def verify_clients_configuration
12
- errors = []
13
- errors << "Invalid aws sdk security configuration" unless valid_aws_sdk_security_config?
14
- errors << "Invalid server certificate" unless valid_server_certificate?
15
- errors
16
- end
17
-
18
- def valid_aws_sdk_security_config?
19
- @deploy_control_client.ssl_verify_peer
20
- end
21
-
22
- def valid_server_certificate?
23
- @deploy_control_client.verify_cert_fields
24
- end
25
-
26
- end
27
- end
28
- end
data/test/instance_agent/codedeploy_plugin/application_specification_test.rb DELETED
@@ -1,1710 +0,0 @@
1
- require 'test_helper'
2
- require 'ostruct'
3
- require 'yaml'
4
-
5
- module InstanceAgent
6
- module CodeDeployPlugin
7
- module ApplicationSpecification
8
- class ApplicationSpecificationTest < InstanceAgentTestCase
9
- context 'The Application Specification' do
10
- setup do
11
- @test_revision_id = 'bar'
12
- end
13
-
14
- private
15
- def make_app_spec
16
- ApplicationSpecification.new(YAML.load(@app_spec_string), {:revision_id => @test_revision_id})
17
- end
18
-
19
- context "With missing version" do
20
- setup do
21
- @app_spec_string = <<-END
22
- os: linux
23
- END
24
- end
25
-
26
- should "raise an exception" do
27
- assert_raised_with_message('unsupported version: ',AppSpecValidationException) do
28
- make_app_spec()
29
- end
30
- end
31
- end
32
-
33
- context "With invalid version" do
34
- setup do
35
- @app_spec_string = <<-END
36
- version: invalid
37
- os: linux
38
- END
39
- end
40
-
41
- should "raise an exception" do
42
- assert_raised_with_message('unsupported version: invalid',AppSpecValidationException) do
43
- make_app_spec()
44
- end
45
- end
46
- end
47
-
48
- context "With missing os" do
49
- setup do
50
- @app_spec_string = <<-END
51
- version: 0.0
52
- END
53
- end
54
-
55
- should "raise an exception" do
56
- assert_raised_with_message('unsupported os: ',AppSpecValidationException) do
57
- make_app_spec()
58
- end
59
- end
60
- end
61
-
62
- context "With invalid os" do
63
- setup do
64
- @app_spec_string = <<-END
65
- version: 0.0
66
- os: unsupported
67
- END
68
- end
69
-
70
- should "raise an exception" do
71
- assert_raised_with_message('unsupported os: unsupported',AppSpecValidationException) do
72
- make_app_spec()
73
- end
74
- end
75
- end
76
-
77
- context "With no hooks or files" do
78
- setup do
79
- @app_spec_string = "version: 0.0\nos: linux\n"
80
- end
81
- should "Return an empty hooks hash" do
82
- app_spec = make_app_spec
83
- assert_equal({}, app_spec.hooks)
84
- end
85
- should "Return an empty files array" do
86
- app_spec = make_app_spec
87
- assert_equal([], app_spec.files)
88
- end
89
- end
90
-
91
- context "With a single complete hook" do
92
- setup do
93
- #A single test script with all parameters
94
- @app_spec_string = <<-END
95
- version: 0.0
96
- os: linux
97
- hooks:
98
- test_hook:
99
- - location: test_location_1
100
- runas: foo
101
- timeout: 30
102
- END
103
- end
104
- should "Return a collection containing test script 1" do
105
- app_spec = make_app_spec
106
- assert_not_equal nil, app_spec.hooks
107
- assert_equal ['test_location_1'] , app_spec.hooks["test_hook"].map(&:location)
108
- assert_equal ['foo'] , app_spec.hooks["test_hook"].map(&:runas)
109
- assert_equal [30] , app_spec.hooks["test_hook"].map(&:timeout)
110
- end
111
- end
112
-
113
- context "With two complete hooks" do
114
- setup do
115
- #A pair of test scripts with all parameters
116
- @app_spec_string = <<-END
117
- version: 0.0
118
- os: linux
119
- hooks:
120
- test_hook:
121
- - location: test_location_1
122
- runas: foo
123
- timeout: 30
124
- - location: test_location_2
125
- runas: foo2
126
- timeout: 30
127
- END
128
- end
129
-
130
- should "Return a collection containing test script 1 and test script 2" do
131
- app_spec = make_app_spec
132
- assert_not_equal nil, app_spec.hooks
133
- assert_equal ['test_location_1', 'test_location_2'] , app_spec.hooks["test_hook"].map(&:location)
134
- end
135
- end
136
-
137
- context "With partial hooks (just a runas)" do
138
- setup do
139
- #A test script with just a location
140
- #A test script with location and runas
141
- @app_spec_string = <<-END
142
- version: 0.0
143
- os: linux
144
- hooks:
145
- test_hook:
146
- - location: test_location
147
- - location: test_location_lr
148
- runas: foo3
149
- END
150
- end
151
-
152
- should "Return a collection containing the two scripts in order" do
153
- app_spec = make_app_spec()
154
- assert_not_equal nil, app_spec.hooks
155
- assert_equal [nil, 'foo3'] , app_spec.hooks["test_hook"].map(&:runas)
156
- end
157
- end
158
-
159
- context "With partial hooks (just a timeout)" do
160
- setup do
161
- #A test script with just a location
162
- #A test script with location and timeout
163
- @app_spec_string = <<-END
164
- version: 0.0
165
- os: linux
166
- hooks:
167
- test_hook:
168
- - location: test_location
169
- - location: test_location_lt
170
- timeout: 30
171
- END
172
- end
173
-
174
- should "Return a collection containing the two scripts in order" do
175
- app_spec = make_app_spec()
176
- assert_not_equal nil, app_spec.hooks
177
- assert_equal [3600, 30] , app_spec.hooks["test_hook"].map(&:timeout)
178
- end
179
- end
180
-
181
- context "With missing location data" do
182
- setup do
183
- #A test script without a location
184
- @app_spec_string = <<-END
185
- version: 0.0
186
- os: linux
187
- hooks:
188
- test_hook:
189
- - timeout: 30
190
- END
191
- end
192
-
193
- should "raise an exception" do
194
- assert_raised_with_message('script provided without a location value',AppSpecValidationException) do
195
- make_app_spec()
196
- end
197
- end
198
- end
199
-
200
- context "With non numerical timeout data" do
201
- setup do
202
- #A test script with bad timeout data
203
- @app_spec_string = <<-END
204
- version: 0.0
205
- os: linux
206
- hooks:
207
- test_hook:
208
- - location: test_location
209
- timeout: foo
210
- END
211
- end
212
-
213
- should "raise an exception" do
214
- assert_raised_with_message('Timeout needs to be an integer greater than 0',AppSpecValidationException) do
215
- make_app_spec()
216
- end
217
- end
218
- end
219
-
220
- context "App spec has a file mapping" do
221
- context "file map contains a single file" do
222
- setup do
223
- @app_spec_string = <<-END
224
- version: 0.0
225
- os: linux
226
- files:
227
- - source: test_source
228
- destination: test_destination
229
- END
230
- end
231
-
232
- should "return a hash containing the file mapping objects" do
233
- app_spec = make_app_spec
234
- assert_not_equal nil, app_spec.files
235
- assert_equal ['test_source'] , app_spec.files.map(&:source)
236
- assert_equal ['test_destination'] , app_spec.files.map(&:destination)
237
- end
238
- end
239
-
240
- context "file map contains multiple files" do
241
- setup do
242
- @app_spec_string = <<-END
243
- version: 0.0
244
- os: linux
245
- files:
246
- - source: test_source
247
- destination: test_destination
248
- - source: test_source_2
249
- destination: test_destination_2
250
- END
251
- end
252
-
253
- should "return a hash containing the file mapping objects" do
254
- app_spec = make_app_spec
255
- assert_not_equal nil, app_spec.files
256
- assert_equal ['test_source', 'test_source_2'] , app_spec.files.map(&:source)
257
- assert_equal ['test_destination','test_destination_2'] , app_spec.files.map(&:destination)
258
- end
259
- end
260
-
261
- context "file map is missing a destination" do
262
- setup do
263
- @app_spec_string = <<-END
264
- version: 0.0
265
- os: linux
266
- files:
267
- - source: test_source
268
- END
269
- end
270
-
271
- should "raise and AppSpecValidationException" do
272
- assert_raised_with_message('File needs to have a destination',AppSpecValidationException) do
273
- make_app_spec()
274
- end
275
- end
276
- end
277
-
278
- context "file map is missing a source" do
279
- setup do
280
- @app_spec_string = <<-END
281
- version: 0.0
282
- os: linux
283
- files:
284
- - destination: test_destination
285
- END
286
- end
287
-
288
- should "raise and AppSpecValidationException" do
289
- assert_raised_with_message('File needs to have a source',AppSpecValidationException) do
290
- make_app_spec()
291
- end
292
- end
293
- end
294
- end
295
-
296
- context "With permission without object set" do
297
- setup do
298
- @app_spec_string = <<-END
299
- version: 0.0
300
- os: linux
301
- permissions:
302
- - pattern: test
303
- END
304
- end
305
-
306
- should "raise an exception" do
307
- assert_raised_with_message('permission provided without a object value',AppSpecValidationException) do
308
- make_app_spec()
309
- end
310
- end
311
- end
312
-
313
- context "With permission pattern of **" do
314
- setup do
315
- @app_spec_string = <<-END
316
- version: 0.0
317
- os: linux
318
- permissions:
319
- - object: '/'
320
- pattern: '**'
321
- END
322
- end
323
-
324
- should "match all objects" do
325
- app_spec = make_app_spec()
326
- assert_equal '**', app_spec.permissions[0].pattern
327
- end
328
- end
329
-
330
- context "With multiple permissions" do
331
- setup do
332
- @app_spec_string = <<-END
333
- version: 0.0
334
- os: linux
335
- permissions:
336
- - object: '/'
337
- - object: test
338
- - object: more
339
- END
340
- end
341
-
342
- should "match all objects" do
343
- app_spec = make_app_spec()
344
- assert_equal 3, app_spec.permissions.length
345
- assert_equal '/', app_spec.permissions[0].object
346
- assert_equal "test", app_spec.permissions[1].object
347
- assert_equal "more", app_spec.permissions[2].object
348
- end
349
- end
350
-
351
- context "With permissions with pattern" do
352
- setup do
353
- @app_spec_string = <<-END
354
- version: 0.0
355
- os: linux
356
- permissions:
357
- - object: '/'
358
- pattern: 'glob'
359
- END
360
- end
361
-
362
- should "raise when validated as file permission" do
363
- app_spec = make_app_spec()
364
- assert_raised_with_message('Attempt to use pattern glob when assigning permissions to file /',AppSpecValidationException) do
365
- app_spec.permissions[0].validate_file_permission
366
- end
367
- end
368
- end
369
-
370
- context "With permissions with except" do
371
- setup do
372
- @app_spec_string = <<-END
373
- version: 0.0
374
- os: linux
375
- permissions:
376
- - object: '/'
377
- except:
378
- - 'glob'
379
- END
380
- end
381
-
382
- should "raise when validated as file permission" do
383
- app_spec = make_app_spec()
384
- assert_raised_with_message('Attempt to use except ["glob"] when assigning permissions to file /',AppSpecValidationException) do
385
- app_spec.permissions[0].validate_file_permission
386
- end
387
- end
388
- end
389
-
390
- context "With permissions" do
391
- setup do
392
- @app_spec_string = <<-END
393
- version: 0.0
394
- os: linux
395
- permissions:
396
- - object: '/'
397
- END
398
- end
399
-
400
- should "not raise when validated as file permission" do
401
- app_spec = make_app_spec()
402
- assert_nothing_raised do
403
- app_spec.permissions[0].validate_file_permission
404
- end
405
- end
406
- end
407
-
408
- context "With permissions with pattern without file type" do
409
- setup do
410
- @app_spec_string = <<-END
411
- version: 0.0
412
- os: linux
413
- permissions:
414
- - object: '/'
415
- pattern: 'glob'
416
- type:
417
- - "directory"
418
- END
419
- end
420
-
421
- should "not raise when validated as file permission" do
422
- app_spec = make_app_spec()
423
- assert_nothing_raised do
424
- app_spec.permissions[0].validate_file_permission
425
- end
426
- end
427
- end
428
-
429
- context "With permissions with acl without default ace" do
430
- setup do
431
- @app_spec_string = <<-END
432
- version: 0.0
433
- os: linux
434
- permissions:
435
- - object: '/'
436
- acls:
437
- - 'user:name:rwx'
438
- END
439
- end
440
-
441
- should "be able to validate as a file acl" do
442
- app_spec = make_app_spec()
443
- assert_nothing_raised do
444
- app_spec.permissions[0].validate_file_acl("test")
445
- end
446
- end
447
- end
448
-
449
- context "With permissions with acl with default ace" do
450
- setup do
451
- @app_spec_string = <<-END
452
- version: 0.0
453
- os: linux
454
- permissions:
455
- - object: '/'
456
- acls:
457
- - 'd:user:name:rwx'
458
- END
459
- end
460
-
461
- should "be able to validate as a file acl" do
462
- app_spec = make_app_spec()
463
- assert_raised_with_message('Attempt to set default acl default:user:name:rwx on file test',RuntimeError) do
464
- app_spec.permissions[0].validate_file_acl("test")
465
- end
466
- end
467
- end
468
-
469
- context "With valid permission object" do
470
- setup do
471
- @app_spec_string = <<-END
472
- version: 0.0
473
- os: linux
474
- permissions:
475
- - object: 'test'
476
- pattern: 'prefix*'
477
- except: ['*ReadMe', '*.tmp']
478
- type: ['file']
479
- owner: 'bob'
480
- group: 'dev'
481
- mode: 6763
482
- acls:
483
- - 'u:henry:7'
484
- - 'd:g:manager:rw'
485
- context:
486
- name: 'user_u'
487
- type: 'unconfined_t'
488
- range: 's3-s5:c0.c7,c13'
489
- END
490
- end
491
-
492
- should "match pattern when appropriate" do
493
- app_spec = make_app_spec()
494
- permission = app_spec.permissions[0]
495
-
496
- assert permission.matches_pattern?(File.expand_path("test/prefix")), "Should match test/prefix for pattern"
497
- assert permission.matches_pattern?(File.expand_path("test/prefix_matches")), "Should match test/prefix_matches for pattern"
498
- assert !permission.matches_pattern?(File.expand_path("test/prefix/does_not_match")), "Should not match test/prefix/does_not_match for pattern"
499
- assert !permission.matches_pattern?(File.expand_path("testprefix/")), "Should not match testprefix/ for pattern"
500
- assert !permission.matches_pattern?(File.expand_path("tst/prefix")), "Should not match tst/prefix for pattern"
501
- assert !permission.matches_pattern?(File.expand_path("test/not_prefix")), "Should not match test/not_prefix for pattern"
502
- end
503
-
504
- should "match except when appropriate" do
505
- app_spec = make_app_spec()
506
- permission = app_spec.permissions[0]
507
-
508
- assert permission.matches_except?(File.expand_path("test/this.tmp")), "Should match test/this.tmp for except"
509
- assert permission.matches_except?(File.expand_path("test/this_ReadMe")), "Should match test/this_ReadMe for except"
510
- assert !permission.matches_except?(File.expand_path("test/prefix/does_not_match.tmp")), "Should not match test/prefix/does_not_match.tmp for except"
511
- assert !permission.matches_except?(File.expand_path("testprefix/")), "Should not match testprefix/ for except"
512
- assert !permission.matches_except?(File.expand_path("tst/prefix")), "Should not match tst/prefix for except"
513
- assert !permission.matches_except?(File.expand_path("test/not_match")), "Should not match test/not_match for except"
514
- end
515
-
516
- should "set fields correctly" do
517
- app_spec = make_app_spec()
518
- permission = app_spec.permissions[0]
519
- assert_equal 'test', permission.object
520
- assert_equal 'prefix*', permission.pattern
521
- assert_equal ['*ReadMe', '*.tmp'], permission.except
522
- assert_equal ['file'], permission.type
523
- assert_equal 'bob', permission.owner
524
- assert_equal 'dev', permission.group
525
-
526
- mode = permission.mode
527
- assert_equal '6763', mode.mode
528
- assert_equal '3', mode.world
529
- assert_equal false, mode.world_readable
530
- assert_equal true, mode.world_writable
531
- assert_equal true, mode.world_executable
532
- assert_equal '6', mode.group
533
- assert_equal true, mode.group_readable
534
- assert_equal true, mode.group_writable
535
- assert_equal false, mode.group_executable
536
- assert_equal '7', mode.owner
537
- assert_equal true, mode.owner_readable
538
- assert_equal true, mode.owner_writable
539
- assert_equal true, mode.owner_executable
540
- assert_equal true, mode.setuid
541
- assert_equal true, mode.setgid
542
- assert_equal false, mode.sticky
543
-
544
- acl = permission.acls
545
- assert_equal 2, acl.aces.length
546
- ace = acl.aces[0]
547
- assert_equal false, ace.default
548
- assert_equal 'user', ace.type
549
- assert_equal 'henry', ace.name
550
- assert_equal true, ace.read
551
- assert_equal true, ace.write
552
- assert_equal true, ace.execute
553
-
554
- ace = acl.aces[1]
555
- assert_equal true, ace.default
556
- assert_equal 'group', ace.type
557
- assert_equal 'manager', ace.name
558
- assert_equal true, ace.read
559
- assert_equal true, ace.write
560
- assert_equal false, ace.execute
561
-
562
- context = permission.context
563
- assert_equal 'user_u', context.user
564
- assert_equal nil, context.role
565
- assert_equal 'unconfined_t', context.type
566
-
567
- range = context.range
568
- assert_equal 3, range.low_sensitivity
569
- assert_equal 5, range.high_sensitivity
570
-
571
- categories = range.categories
572
- assert_equal 9, categories.length
573
- [(0..7).to_a,13].flatten!.each do |category|
574
- assert_equal true, categories.include?(category), "Unable to find expected category #{category}"
575
- end
576
- end
577
- end
578
-
579
- context "With permission with acl with ace with too few parts" do
580
- setup do
581
- @app_spec_string = <<-END
582
- version: 0.0
583
- os: linux
584
- permissions:
585
- - object: 'test/'
586
- acls:
587
- - '7'
588
- END
589
- end
590
-
591
- should "raise an exception" do
592
- assert_raised_with_message('invalid acl entry 7',AppSpecValidationException) do
593
- make_app_spec()
594
- end
595
- end
596
- end
597
-
598
- context "With permission with acl with ace with too many parts" do
599
- setup do
600
- @app_spec_string = <<-END
601
- version: 0.0
602
- os: linux
603
- permissions:
604
- - object: 'test/'
605
- acls:
606
- - 'd:u:bob:7:rwx'
607
- END
608
- end
609
-
610
- should "raise an exception" do
611
- assert_raised_with_message('invalid acl entry d:u:bob:7:rwx',AppSpecValidationException) do
612
- make_app_spec()
613
- end
614
- end
615
- end
616
-
617
- context "With permission with acl with ace with invalid first part" do
618
- setup do
619
- @app_spec_string = <<-END
620
- version: 0.0
621
- os: linux
622
- permissions:
623
- - object: 'test/'
624
- acls:
625
- - 'invalid:u:bob:7:rwx'
626
- END
627
- end
628
-
629
- should "raise an exception" do
630
- assert_raised_with_message('invalid acl entry invalid:u:bob:7:rwx',AppSpecValidationException) do
631
- make_app_spec()
632
- end
633
- end
634
- end
635
-
636
- context "With permission with acl with ace with invalid second part" do
637
- setup do
638
- @app_spec_string = <<-END
639
- version: 0.0
640
- os: linux
641
- permissions:
642
- - object: 'test/'
643
- acls:
644
- - 'd:invalid:bob:7:rwx'
645
- END
646
- end
647
-
648
- should "raise an exception" do
649
- assert_raised_with_message('invalid acl entry d:invalid:bob:7:rwx',AppSpecValidationException) do
650
- make_app_spec()
651
- end
652
- end
653
- end
654
-
655
- context "With permission with acl with ace with default as first and second part" do
656
- setup do
657
- @app_spec_string = <<-END
658
- version: 0.0
659
- os: linux
660
- permissions:
661
- - object: 'test/'
662
- acls:
663
- - 'd:d:bob:7:rwx'
664
- END
665
- end
666
-
667
- should "raise an exception" do
668
- assert_raised_with_message('invalid acl entry d:d:bob:7:rwx',AppSpecValidationException) do
669
- make_app_spec()
670
- end
671
- end
672
- end
673
-
674
- context "With permission with acl with ace with mask with name" do
675
- setup do
676
- @app_spec_string = <<-END
677
- version: 0.0
678
- os: linux
679
- permissions:
680
- - object: 'test/'
681
- acls:
682
- - 'mask:name:rwx'
683
- END
684
- end
685
-
686
- should "raise an exception" do
687
- assert_raised_with_message('invalid acl entry mask:name:rwx',AppSpecValidationException) do
688
- make_app_spec()
689
- end
690
- end
691
- end
692
-
693
- context "With permission with acl with ace with other with name" do
694
- setup do
695
- @app_spec_string = <<-END
696
- version: 0.0
697
- os: linux
698
- permissions:
699
- - object: 'test/'
700
- acls:
701
- - 'd:other:name:rwx'
702
- END
703
- end
704
-
705
- should "raise an exception" do
706
- assert_raised_with_message('invalid acl entry d:other:name:rwx',AppSpecValidationException) do
707
- make_app_spec()
708
- end
709
- end
710
- end
711
-
712
- context "With permission with acl with ace with invalid permission character" do
713
- setup do
714
- @app_spec_string = <<-END
715
- version: 0.0
716
- os: linux
717
- permissions:
718
- - object: 'test/'
719
- acls:
720
- - 'user:bob:rwxd'
721
- END
722
- end
723
-
724
- should "raise an exception" do
725
- assert_raised_with_message('unrecognized permission character d in user:bob:rwxd',AppSpecValidationException) do
726
- make_app_spec()
727
- end
728
- end
729
- end
730
-
731
- context "With permission with acl with valid ace with 4 parts" do
732
- setup do
733
- @app_spec_string = <<-END
734
- version: 0.0
735
- os: linux
736
- permissions:
737
- - object: 'test/'
738
- acls:
739
- - 'd:u:bob:rwx'
740
- - 'default:g:dev:rw'
741
- END
742
- end
743
-
744
- should "generate correct fields" do
745
- app_spec = make_app_spec()
746
-
747
- acl = app_spec.permissions[0].acls
748
- assert_equal 2, acl.aces.length
749
-
750
- ace = acl.aces[0]
751
- assert_equal true, ace.default
752
- assert_equal 'user', ace.type
753
- assert_equal 'bob', ace.name
754
- assert_equal true, ace.read
755
- assert_equal true, ace.write
756
- assert_equal true, ace.execute
757
-
758
- ace = acl.aces[1]
759
- assert_equal true, ace.default
760
- assert_equal 'group', ace.type
761
- assert_equal 'dev', ace.name
762
- assert_equal true, ace.read
763
- assert_equal true, ace.write
764
- assert_equal false, ace.execute
765
- end
766
- end
767
-
768
- context "With permission with acl with valid ace with 3 parts" do
769
- setup do
770
- @app_spec_string = <<-END
771
- version: 0.0
772
- os: linux
773
- permissions:
774
- - object: 'test/'
775
- acls:
776
- - 'd:bob:rwx'
777
- - 'default::rw'
778
- - 'm::7'
779
- - 'mask::7'
780
- - 'g:dev:7'
781
- - 'group:dev:7'
782
- - 'u:bob:7'
783
- - 'user:bob:7'
784
- - 'u:mask:7'
785
- - 'u:other:7'
786
- END
787
- end
788
-
789
- should "generate correct fields" do
790
- app_spec = make_app_spec()
791
-
792
- acl = app_spec.permissions[0].acls
793
- assert_equal 10, acl.aces.length
794
-
795
- ace = acl.aces[0]
796
- assert_equal true, ace.default
797
- assert_equal 'user', ace.type
798
- assert_equal 'bob', ace.name
799
- assert_equal true, ace.read
800
- assert_equal true, ace.write
801
- assert_equal true, ace.execute
802
-
803
- ace = acl.aces[1]
804
- assert_equal true, ace.default
805
- assert_equal 'user', ace.type
806
- assert_equal '', ace.name
807
- assert_equal true, ace.read
808
- assert_equal true, ace.write
809
- assert_equal false, ace.execute
810
-
811
- ace = acl.aces[2]
812
- assert_equal false, ace.default
813
- assert_equal 'mask', ace.type
814
- assert_equal '', ace.name
815
- assert_equal true, ace.read
816
- assert_equal true, ace.write
817
- assert_equal true, ace.execute
818
-
819
- ace = acl.aces[3]
820
- assert_equal false, ace.default
821
- assert_equal 'mask', ace.type
822
- assert_equal '', ace.name
823
- assert_equal true, ace.read
824
- assert_equal true, ace.write
825
- assert_equal true, ace.execute
826
-
827
- ace = acl.aces[4]
828
- assert_equal false, ace.default
829
- assert_equal 'group', ace.type
830
- assert_equal 'dev', ace.name
831
- assert_equal true, ace.read
832
- assert_equal true, ace.write
833
- assert_equal true, ace.execute
834
-
835
- ace = acl.aces[5]
836
- assert_equal false, ace.default
837
- assert_equal 'group', ace.type
838
- assert_equal 'dev', ace.name
839
- assert_equal true, ace.read
840
- assert_equal true, ace.write
841
- assert_equal true, ace.execute
842
-
843
- ace = acl.aces[6]
844
- assert_equal false, ace.default
845
- assert_equal 'user', ace.type
846
- assert_equal 'bob', ace.name
847
- assert_equal true, ace.read
848
- assert_equal true, ace.write
849
- assert_equal true, ace.execute
850
-
851
- ace = acl.aces[7]
852
- assert_equal false, ace.default
853
- assert_equal 'user', ace.type
854
- assert_equal 'bob', ace.name
855
- assert_equal true, ace.read
856
- assert_equal true, ace.write
857
- assert_equal true, ace.execute
858
-
859
- ace = acl.aces[8]
860
- assert_equal false, ace.default
861
- assert_equal 'user', ace.type
862
- assert_equal 'mask', ace.name
863
- assert_equal true, ace.read
864
- assert_equal true, ace.write
865
- assert_equal true, ace.execute
866
-
867
- ace = acl.aces[9]
868
- assert_equal false, ace.default
869
- assert_equal 'user', ace.type
870
- assert_equal 'other', ace.name
871
- assert_equal true, ace.read
872
- assert_equal true, ace.write
873
- assert_equal true, ace.execute
874
- end
875
- end
876
-
877
- context "With permission with acl with valid ace with 2 parts" do
878
- setup do
879
- @app_spec_string = <<-END
880
- version: 0.0
881
- os: linux
882
- permissions:
883
- - object: 'test/'
884
- acls:
885
- - 'bob:0'
886
- - 'm:7'
887
- - 'mask:'
888
- END
889
- end
890
-
891
- should "generate correct fields" do
892
- app_spec = make_app_spec()
893
-
894
- acl = app_spec.permissions[0].acls
895
- assert_equal 3, acl.aces.length
896
-
897
- ace = acl.aces[0]
898
- assert_equal false, ace.default
899
- assert_equal 'user', ace.type
900
- assert_equal 'bob', ace.name
901
- assert_equal false, ace.read
902
- assert_equal false, ace.write
903
- assert_equal false, ace.execute
904
-
905
- ace = acl.aces[1]
906
- assert_equal false, ace.default
907
- assert_equal 'mask', ace.type
908
- assert_equal '', ace.name
909
- assert_equal true, ace.read
910
- assert_equal true, ace.write
911
- assert_equal true, ace.execute
912
-
913
- ace = acl.aces[2]
914
- assert_equal false, ace.default
915
- assert_equal 'mask', ace.type
916
- assert_equal '', ace.name
917
- assert_equal false, ace.read
918
- assert_equal false, ace.write
919
- assert_equal false, ace.execute
920
- end
921
- end
922
-
923
- context "With permission with context with invalid sensitivity range" do
924
- setup do
925
- @app_spec_string = <<-END
926
- version: 0.0
927
- os: linux
928
- permissions:
929
- - object: 'test/'
930
- context:
931
- name: 'name'
932
- type: 'type'
933
- range: 's3-s2:c0'
934
- END
935
- end
936
-
937
- should "raise an exception" do
938
- assert_raised_with_message('invalid sensitivity range in s3-s2:c0',AppSpecValidationException) do
939
- make_app_spec()
940
- end
941
- end
942
- end
943
-
944
- context "With permission with context with missing sensitivity range part" do
945
- setup do
946
- @app_spec_string = <<-END
947
- version: 0.0
948
- os: linux
949
- permissions:
950
- - object: 'test/'
951
- context:
952
- name: 'name'
953
- type: 'type'
954
- range: 's3-:c0'
955
- END
956
- end
957
-
958
- should "raise an exception" do
959
- assert_raised_with_message('invalid range part s3-',AppSpecValidationException) do
960
- make_app_spec()
961
- end
962
- end
963
- end
964
-
965
- context "With single sensitivity" do
966
- setup do
967
- @app_spec_string = <<-END
968
- version: 0.0
969
- os: linux
970
- permissions:
971
- - object: 'test/'
972
- context:
973
- type: 'type'
974
- range: 's5'
975
- END
976
- end
977
-
978
- should "generate correct fields" do
979
- app_spec = make_app_spec()
980
-
981
- assert_equal 5, app_spec.permissions[0].context.range.low_sensitivity
982
- assert_equal 5, app_spec.permissions[0].context.range.high_sensitivity
983
- assert_equal nil, app_spec.permissions[0].context.range.categories
984
- end
985
- end
986
-
987
- context "With permission with context with missing sensitivity" do
988
- setup do
989
- @app_spec_string = <<-END
990
- version: 0.0
991
- os: linux
992
- permissions:
993
- - object: 'test/'
994
- context:
995
- name: 'name'
996
- type: 'type'
997
- range: ':c0'
998
- END
999
- end
1000
-
1001
- should "raise an exception" do
1002
- assert_raised_with_message('invalid range part :c0',AppSpecValidationException) do
1003
- make_app_spec()
1004
- end
1005
- end
1006
- end
1007
-
1008
- context "With permission with context with missing sensitivity value" do
1009
- setup do
1010
- @app_spec_string = <<-END
1011
- version: 0.0
1012
- os: linux
1013
- permissions:
1014
- - object: 'test/'
1015
- context:
1016
- name: 'name'
1017
- type: 'type'
1018
- range: 's'
1019
- END
1020
- end
1021
-
1022
- should "raise an exception" do
1023
- assert_raised_with_message('invalid sensitivity s',AppSpecValidationException) do
1024
- make_app_spec()
1025
- end
1026
- end
1027
- end
1028
-
1029
- context "With permission with context with negative sensitivity value" do
1030
- setup do
1031
- @app_spec_string = <<-END
1032
- version: 0.0
1033
- os: linux
1034
- permissions:
1035
- - object: 'test/'
1036
- context:
1037
- name: 'name'
1038
- type: 'type'
1039
- range: 's0-s-1'
1040
- END
1041
- end
1042
-
1043
- should "raise an exception" do
1044
- assert_raised_with_message('invalid sensitivity s-1',AppSpecValidationException) do
1045
- make_app_spec()
1046
- end
1047
- end
1048
- end
1049
-
1050
- context "With permission with context with invalid sensitivity" do
1051
- setup do
1052
- @app_spec_string = <<-END
1053
- version: 0.0
1054
- os: linux
1055
- permissions:
1056
- - object: 'test/'
1057
- context:
1058
- name: 'name'
1059
- type: 'type'
1060
- range: 'sd3'
1061
- END
1062
- end
1063
-
1064
- should "raise an exception" do
1065
- assert_raised_with_message('invalid sensitivity sd3',AppSpecValidationException) do
1066
- make_app_spec()
1067
- end
1068
- end
1069
- end
1070
-
1071
- context "With permission with context with invalid sensitivity 2" do
1072
- setup do
1073
- @app_spec_string = <<-END
1074
- version: 0.0
1075
- os: linux
1076
- permissions:
1077
- - object: 'test/'
1078
- context:
1079
- name: 'name'
1080
- type: 'type'
1081
- range: 'd3'
1082
- END
1083
- end
1084
-
1085
- should "raise an exception" do
1086
- assert_raised_with_message('invalid sensitivity d3',AppSpecValidationException) do
1087
- make_app_spec()
1088
- end
1089
- end
1090
- end
1091
-
1092
- context "With permission with context with invalid category range" do
1093
- setup do
1094
- @app_spec_string = <<-END
1095
- version: 0.0
1096
- os: linux
1097
- permissions:
1098
- - object: 'test/'
1099
- context:
1100
- name: 'name'
1101
- type: 'type'
1102
- range: 's0:c2.c1'
1103
- END
1104
- end
1105
-
1106
- should "raise an exception" do
1107
- assert_raised_with_message('invalid category range c2.c1',AppSpecValidationException) do
1108
- make_app_spec()
1109
- end
1110
- end
1111
- end
1112
-
1113
- context "With permission with context with missing category range part" do
1114
- setup do
1115
- @app_spec_string = <<-END
1116
- version: 0.0
1117
- os: linux
1118
- permissions:
1119
- - object: 'test/'
1120
- context:
1121
- name: 'name'
1122
- type: 'type'
1123
- range: 's0:c2.'
1124
- END
1125
- end
1126
-
1127
- should "raise an exception" do
1128
- assert_raised_with_message('invalid range part c2.',AppSpecValidationException) do
1129
- make_app_spec()
1130
- end
1131
- end
1132
- end
1133
-
1134
- context "With valid category" do
1135
- setup do
1136
- @app_spec_string = <<-END
1137
- version: 0.0
1138
- os: linux
1139
- permissions:
1140
- - object: 'test/'
1141
- context:
1142
- type: 'type'
1143
- range: 's0:c0.c1,c15,c7.c9'
1144
- END
1145
- end
1146
-
1147
- should "generate correct fields" do
1148
- app_spec = make_app_spec()
1149
-
1150
- categories = app_spec.permissions[0].context.range.categories
1151
- assert_equal 6, categories.length
1152
- [(0..1).to_a, (7..9).to_a, 15].flatten!.each do |category|
1153
- assert_equal true, categories.include?(category), "Unable to find expected category #{category}"
1154
- end
1155
- end
1156
- end
1157
-
1158
- context "With permission with context with missing category" do
1159
- setup do
1160
- @app_spec_string = <<-END
1161
- version: 0.0
1162
- os: linux
1163
- permissions:
1164
- - object: 'test/'
1165
- context:
1166
- name: 'name'
1167
- type: 'type'
1168
- range: 's0:'
1169
- END
1170
- end
1171
-
1172
- should "raise an exception" do
1173
- assert_raised_with_message('invalid range part s0:',AppSpecValidationException) do
1174
- make_app_spec()
1175
- end
1176
- end
1177
- end
1178
-
1179
- context "With permission with context with missing category value" do
1180
- setup do
1181
- @app_spec_string = <<-END
1182
- version: 0.0
1183
- os: linux
1184
- permissions:
1185
- - object: 'test/'
1186
- context:
1187
- name: 'name'
1188
- type: 'type'
1189
- range: 's0:c'
1190
- END
1191
- end
1192
-
1193
- should "raise an exception" do
1194
- assert_raised_with_message('invalid category c',AppSpecValidationException) do
1195
- make_app_spec()
1196
- end
1197
- end
1198
- end
1199
-
1200
- context "With permission with context with negative category value" do
1201
- setup do
1202
- @app_spec_string = <<-END
1203
- version: 0.0
1204
- os: linux
1205
- permissions:
1206
- - object: 'test/'
1207
- context:
1208
- name: 'name'
1209
- type: 'type'
1210
- range: 's0:c-1'
1211
- END
1212
- end
1213
-
1214
- should "raise an exception" do
1215
- assert_raised_with_message('invalid category c-1',AppSpecValidationException) do
1216
- make_app_spec()
1217
- end
1218
- end
1219
- end
1220
-
1221
- context "With permission with context with category value above 1023" do
1222
- setup do
1223
- @app_spec_string = <<-END
1224
- version: 0.0
1225
- os: linux
1226
- permissions:
1227
- - object: 'test/'
1228
- context:
1229
- name: 'name'
1230
- type: 'type'
1231
- range: 's0:c1024'
1232
- END
1233
- end
1234
-
1235
- should "raise an exception" do
1236
- assert_raised_with_message('invalid category c1024',AppSpecValidationException) do
1237
- make_app_spec()
1238
- end
1239
- end
1240
- end
1241
-
1242
- context "With permission with context without type" do
1243
- setup do
1244
- @app_spec_string = <<-END
1245
- version: 0.0
1246
- os: linux
1247
- permissions:
1248
- - object: 'test/'
1249
- context:
1250
- name: 'name'
1251
- END
1252
- end
1253
-
1254
- should "raise an exception" do
1255
- assert_raised_with_message("invalid context type required {\"name\"=>\"name\"}",AppSpecValidationException) do
1256
- make_app_spec()
1257
- end
1258
- end
1259
- end
1260
-
1261
- context "With permission with context with invalid category" do
1262
- setup do
1263
- @app_spec_string = <<-END
1264
- version: 0.0
1265
- os: linux
1266
- permissions:
1267
- - object: 'test/'
1268
- context:
1269
- name: 'name'
1270
- type: 'type'
1271
- range: 's0:cd3'
1272
- END
1273
- end
1274
-
1275
- should "raise an exception" do
1276
- assert_raised_with_message('invalid category cd3',AppSpecValidationException) do
1277
- make_app_spec()
1278
- end
1279
- end
1280
- end
1281
-
1282
- context "With permission with context with invalid category 2" do
1283
- setup do
1284
- @app_spec_string = <<-END
1285
- version: 0.0
1286
- os: linux
1287
- permissions:
1288
- - object: 'test/'
1289
- context:
1290
- name: 'name'
1291
- type: 'type'
1292
- range: 's0:d3'
1293
- END
1294
- end
1295
-
1296
- should "raise an exception" do
1297
- assert_raised_with_message('invalid category d3',AppSpecValidationException) do
1298
- make_app_spec()
1299
- end
1300
- end
1301
- end
1302
-
1303
- context "With permission with context with duplicate categories" do
1304
- setup do
1305
- @app_spec_string = <<-END
1306
- version: 0.0
1307
- os: linux
1308
- permissions:
1309
- - object: 'test/'
1310
- context:
1311
- name: 'name'
1312
- type: 'type'
1313
- range: 's0:c0.c2,c1'
1314
- END
1315
- end
1316
-
1317
- should "raise an exception" do
1318
- assert_raised_with_message('duplicate categories',AppSpecValidationException) do
1319
- make_app_spec()
1320
- end
1321
- end
1322
- end
1323
-
1324
- context "With permission with mode with 5 digits" do
1325
- setup do
1326
- @app_spec_string = <<-END
1327
- version: 0.0
1328
- os: linux
1329
- permissions:
1330
- - object: 'test/'
1331
- mode: 12345
1332
- END
1333
- end
1334
-
1335
- should "raise an exception" do
1336
- assert_raised_with_message('permission mode length incorrect: 12345',AppSpecValidationException) do
1337
- make_app_spec()
1338
- end
1339
- end
1340
- end
1341
-
1342
- context "With permission with mode with 2 digits" do
1343
- setup do
1344
- @app_spec_string = <<-END
1345
- version: 0.0
1346
- os: linux
1347
- permissions:
1348
- - object: 'test/'
1349
- mode: 12
1350
- END
1351
- end
1352
-
1353
- should "fill in needed zeros" do
1354
- app_spec = make_app_spec()
1355
-
1356
- mode = app_spec.permissions[0].mode
1357
- assert_equal '012', mode.mode
1358
- assert_equal '2', mode.world
1359
- assert_equal false, mode.world_readable
1360
- assert_equal true, mode.world_writable
1361
- assert_equal false, mode.world_executable
1362
- assert_equal '1', mode.group
1363
- assert_equal false, mode.group_readable
1364
- assert_equal false, mode.group_writable
1365
- assert_equal true, mode.group_executable
1366
- assert_equal '0', mode.owner
1367
- assert_equal false, mode.owner_readable
1368
- assert_equal false, mode.owner_writable
1369
- assert_equal false, mode.owner_executable
1370
- assert_equal false, mode.setuid
1371
- assert_equal false, mode.setgid
1372
- assert_equal false, mode.sticky
1373
- end
1374
- end
1375
-
1376
- context "With permission with mode with invalid char" do
1377
- setup do
1378
- @app_spec_string = <<-END
1379
- version: 0.0
1380
- os: linux
1381
- permissions:
1382
- - object: 'test/'
1383
- mode: 12a
1384
- END
1385
- end
1386
-
1387
- should "raise an exception" do
1388
- assert_raised_with_message('invalid character a in permission mode 12a',AppSpecValidationException) do
1389
- make_app_spec()
1390
- end
1391
- end
1392
- end
1393
-
1394
- context "With permission with valid modes" do
1395
- setup do
1396
- @app_spec_string = <<-END
1397
- version: 0.0
1398
- os: linux
1399
- permissions:
1400
- - object: 'test/'
1401
- mode: 7777
1402
- - object: 'test1/'
1403
- mode: 0000
1404
- - object: 'test2/'
1405
- mode: 777
1406
- END
1407
- end
1408
-
1409
- should "generate correct fields" do
1410
- app_spec = make_app_spec()
1411
-
1412
- mode = app_spec.permissions[0].mode
1413
- assert_equal '7777', mode.mode
1414
- assert_equal '7', mode.world
1415
- assert_equal true, mode.world_readable
1416
- assert_equal true, mode.world_writable
1417
- assert_equal true, mode.world_executable
1418
- assert_equal '7', mode.group
1419
- assert_equal true, mode.group_readable
1420
- assert_equal true, mode.group_writable
1421
- assert_equal true, mode.group_executable
1422
- assert_equal '7', mode.owner
1423
- assert_equal true, mode.owner_readable
1424
- assert_equal true, mode.owner_writable
1425
- assert_equal true, mode.owner_executable
1426
- assert_equal true, mode.setuid
1427
- assert_equal true, mode.setgid
1428
- assert_equal true, mode.sticky
1429
-
1430
- mode = app_spec.permissions[1].mode
1431
- assert_equal '000', mode.mode
1432
- assert_equal '0', mode.world
1433
- assert_equal false, mode.world_readable
1434
- assert_equal false, mode.world_writable
1435
- assert_equal false, mode.world_executable
1436
- assert_equal '0', mode.group
1437
- assert_equal false, mode.group_readable
1438
- assert_equal false, mode.group_writable
1439
- assert_equal false, mode.group_executable
1440
- assert_equal '0', mode.owner
1441
- assert_equal false, mode.owner_readable
1442
- assert_equal false, mode.owner_writable
1443
- assert_equal false, mode.owner_executable
1444
- assert_equal false, mode.setuid
1445
- assert_equal false, mode.setgid
1446
- assert_equal false, mode.sticky
1447
-
1448
- mode = app_spec.permissions[2].mode
1449
- assert_equal '777', mode.mode
1450
- assert_equal '7', mode.world
1451
- assert_equal true, mode.world_readable
1452
- assert_equal true, mode.world_writable
1453
- assert_equal true, mode.world_executable
1454
- assert_equal '7', mode.group
1455
- assert_equal true, mode.group_readable
1456
- assert_equal true, mode.group_writable
1457
- assert_equal true, mode.group_executable
1458
- assert_equal '7', mode.owner
1459
- assert_equal true, mode.owner_readable
1460
- assert_equal true, mode.owner_writable
1461
- assert_equal true, mode.owner_executable
1462
- assert_equal false, mode.setuid
1463
- assert_equal false, mode.setgid
1464
- assert_equal false, mode.sticky
1465
- end
1466
- end
1467
-
1468
- context "When acl is present" do
1469
- setup do
1470
- @app_spec_string = <<-END
1471
- version: 0.0
1472
- os: linux
1473
- permissions:
1474
- - object: 'test/'
1475
- acls: []
1476
- END
1477
- app_spec = make_app_spec()
1478
- @acl = app_spec.permissions[0].acls
1479
- end
1480
-
1481
- should "be able to add and clear additional aces" do
1482
- @acl.add_ace("d:henry:4")
1483
- @acl.clear_additional
1484
- end
1485
-
1486
- should "be able to get an empty acl" do
1487
- assert_equal [], @acl.get_acl
1488
- end
1489
-
1490
- should "be able to get added aces in the acl" do
1491
- @acl.add_ace("d:henry:4")
1492
- assert_equal 1, @acl.get_acl.length
1493
- @acl.clear_additional
1494
- end
1495
-
1496
- should "not be able to get a default ace" do
1497
- assert_equal nil, @acl.get_default_ace
1498
- end
1499
-
1500
- should "be able to get an added default ace" do
1501
- @acl.add_ace("d:henry:4")
1502
- assert_not_nil @acl.get_default_ace
1503
- @acl.clear_additional
1504
- end
1505
-
1506
- should "not be able to get a default group ace" do
1507
- assert_equal nil, @acl.get_default_group_ace
1508
- end
1509
-
1510
- should "be able to get an added default group ace" do
1511
- @acl.add_ace("d:g::4")
1512
- assert_not_nil @acl.get_default_group_ace
1513
- @acl.clear_additional
1514
- end
1515
-
1516
- should "not have a base named ace" do
1517
- assert !@acl.has_base_named?
1518
- end
1519
-
1520
- should "have a base named ace when added" do
1521
- @acl.add_ace("bob:4")
1522
- assert @acl.has_base_named?
1523
- @acl.clear_additional
1524
- end
1525
-
1526
- should "not have a base mask ace" do
1527
- assert !@acl.has_base_mask?
1528
- end
1529
-
1530
- should "have a base mask ace when added" do
1531
- @acl.add_ace("m:4")
1532
- assert @acl.has_base_mask?
1533
- @acl.clear_additional
1534
- end
1535
-
1536
- should "not have a default ace" do
1537
- assert !@acl.has_default?
1538
- end
1539
-
1540
- should "have a default ace when added" do
1541
- @acl.add_ace("d:bob:4")
1542
- assert @acl.has_default?
1543
- @acl.clear_additional
1544
- end
1545
-
1546
- should "not have a default user ace" do
1547
- assert !@acl.has_default_user?
1548
- end
1549
-
1550
- should "have a default user ace when added" do
1551
- @acl.add_ace("d::4")
1552
- assert @acl.has_default_user?
1553
- @acl.clear_additional
1554
- end
1555
-
1556
- should "not have a default group ace" do
1557
- assert !@acl.has_default_group?
1558
- end
1559
-
1560
- should "have a default group ace when added" do
1561
- @acl.add_ace("d:g::4")
1562
- assert @acl.has_default_group?
1563
- @acl.clear_additional
1564
- end
1565
-
1566
- should "not have a default other ace" do
1567
- assert !@acl.has_default_other?
1568
- end
1569
-
1570
- should "have a default other ace when added" do
1571
- @acl.add_ace("d:o:4")
1572
- assert @acl.has_default_other?
1573
- @acl.clear_additional
1574
- end
1575
-
1576
- should "not have a default named ace" do
1577
- assert !@acl.has_default_named?
1578
- end
1579
-
1580
- should "have a default named ace when added" do
1581
- @acl.add_ace("d:bob:4")
1582
- assert @acl.has_default_named?
1583
- @acl.clear_additional
1584
- end
1585
-
1586
- should "not have a default mask ace" do
1587
- assert !@acl.has_default_mask?
1588
- end
1589
-
1590
- should "have a default mask ace when added" do
1591
- @acl.add_ace("d:m:4")
1592
- assert @acl.has_default_mask?
1593
- @acl.clear_additional
1594
- end
1595
- end
1596
-
1597
- context "When acl is present with existing aces" do
1598
- setup do
1599
- @app_spec_string = <<-END
1600
- version: 0.0
1601
- os: linux
1602
- permissions:
1603
- - object: 'test/'
1604
- acls:
1605
- - 'bob:6'
1606
- - 'm:6'
1607
- - 'd:bob:0'
1608
- - 'd::3'
1609
- - 'd:g::4'
1610
- - 'd:o:3'
1611
- - 'd:m:7'
1612
- END
1613
- app_spec = make_app_spec()
1614
- @acl = app_spec.permissions[0].acls
1615
- end
1616
-
1617
- should "be able to get the acl" do
1618
- assert_equal 7, @acl.get_acl.length
1619
- end
1620
-
1621
- should "be able to get default ace" do
1622
- assert_not_nil @acl.get_default_ace
1623
- end
1624
-
1625
- should "be able to get default group ace" do
1626
- assert_not_nil @acl.get_default_group_ace
1627
- end
1628
-
1629
- should "have base named ace" do
1630
- assert_not_nil @acl.has_base_named?
1631
- end
1632
-
1633
- should "have base mask ace" do
1634
- assert_not_nil @acl.has_base_mask?
1635
- end
1636
-
1637
- should "have default ace" do
1638
- assert_not_nil @acl.has_default?
1639
- end
1640
-
1641
- should "have default user ace" do
1642
- assert_not_nil @acl.has_default_user?
1643
- end
1644
-
1645
- should "have default group ace" do
1646
- assert_not_nil @acl.has_default_group?
1647
- end
1648
-
1649
- should "have default other ace" do
1650
- assert_not_nil @acl.has_default_other?
1651
- end
1652
-
1653
- should "have default named ace" do
1654
- assert_not_nil @acl.has_default_named?
1655
- end
1656
-
1657
- should "have default mask ace" do
1658
- assert_not_nil @acl.has_default_mask?
1659
- end
1660
- end
1661
- end
1662
-
1663
- context "With a ContextInfo" do
1664
- should "with a simple range" do
1665
- info = InstanceAgent::CodeDeployPlugin::ApplicationSpecification::ContextInfo.new({"type"=>"type","range"=>"s3"})
1666
- assert_equal "s3", info.range.get_range
1667
- end
1668
-
1669
- should "with a complex range" do
1670
- info = InstanceAgent::CodeDeployPlugin::ApplicationSpecification::ContextInfo.new({"type"=>"type","range"=>"s3-s7:c5,c8.c10,c17"})
1671
- assert_equal "s3-s7:c5,c8.c10,c17", info.range.get_range
1672
- end
1673
- end
1674
-
1675
- context "With a ACEInfo" do
1676
- should "not raise if made internal with base entries" do
1677
- assert_nothing_raised do
1678
- InstanceAgent::CodeDeployPlugin::ApplicationSpecification::AceInfo.new("u::7", true)
1679
- InstanceAgent::CodeDeployPlugin::ApplicationSpecification::AceInfo.new("g::7", true)
1680
- InstanceAgent::CodeDeployPlugin::ApplicationSpecification::AceInfo.new("o::7", true)
1681
- end
1682
- end
1683
-
1684
- should "raise when not internal and has base user" do
1685
- assert_raised_with_message("use mode to set the base acl entry u::7",AppSpecValidationException) do
1686
- InstanceAgent::CodeDeployPlugin::ApplicationSpecification::AceInfo.new("u::7")
1687
- end
1688
- end
1689
-
1690
- should "raise when not internal and has base group" do
1691
- assert_raised_with_message("use mode to set the base acl entry g::7",AppSpecValidationException) do
1692
- InstanceAgent::CodeDeployPlugin::ApplicationSpecification::AceInfo.new("g::7")
1693
- end
1694
- end
1695
-
1696
- should "raise when not internal and has base other" do
1697
- assert_raised_with_message("use mode to set the base acl entry o:7",AppSpecValidationException) do
1698
- InstanceAgent::CodeDeployPlugin::ApplicationSpecification::AceInfo.new("o:7")
1699
- end
1700
- end
1701
-
1702
- should "be able to get the ace" do
1703
- assert_equal("default:user:bob:rwx", InstanceAgent::CodeDeployPlugin::ApplicationSpecification::AceInfo.new("d:u:bob:7").get_ace)
1704
- assert_equal("mask::---", InstanceAgent::CodeDeployPlugin::ApplicationSpecification::AceInfo.new("m:0").get_ace)
1705
- end
1706
- end
1707
- end
1708
- end
1709
- end
1710
- end