chef-dk 0.7.0 → 0.8.0

data/spec/unit/policyfile_lock_serialization_spec.rb

@@ -24,6 +24,9 @@ describe ChefDK::PolicyfileLock, "when reading a Policyfile.lock" do
     {
       "name" => "example",
       "run_list" => [ "recipe[cookbook::recipe_name]" ],
+      "named_run_lists" => {
+        "fast-deploy" => [ "recipe[cookbook::deployit]" ]
+      },
       "cookbook_locks" => {
         # TODO: add some valid locks
       },
@@ -50,6 +53,10 @@ describe ChefDK::PolicyfileLock, "when reading a Policyfile.lock" do
       expect(lockfile.run_list).to eq(["recipe[cookbook::recipe_name]"])
     end
 
+    it "includes the named run lists" do
+      expect(lockfile.named_run_lists).to eq({ "fast-deploy" => [ "recipe[cookbook::deployit]" ] })
+    end
+
     it "includes the cookbook locks" do
       expect(lockfile.cookbook_locks).to eq({})
     end
@@ -100,6 +107,40 @@ describe ChefDK::PolicyfileLock, "when reading a Policyfile.lock" do
       expect { lockfile.build_from_lock_data(bad_run_list) }.to raise_error(ChefDK::InvalidLockfile)
     end
 
+    it "allows the named_run_lists field to be absent" do
+      missing_named_run_lists = valid_lock_data.dup
+      missing_named_run_lists.delete("named_run_lists")
+
+      expect { lockfile.build_from_lock_data(missing_named_run_lists) }.to_not raise_error
+    end
+
+    it "requires the named_run_lists field to be a Hash if present" do
+      bad_named_run_lists = valid_lock_data.dup
+      bad_named_run_lists["named_run_lists"] = false
+
+      expect { lockfile.build_from_lock_data(bad_named_run_lists) }.to raise_error(ChefDK::InvalidLockfile)
+    end
+
+    it "requires the keys in named_run_lists to be strings" do
+      bad_named_run_lists = valid_lock_data.dup
+      bad_named_run_lists["named_run_lists"] = { 42 => [] }
+
+      expect { lockfile.build_from_lock_data(bad_named_run_lists) }.to raise_error(ChefDK::InvalidLockfile)
+    end
+
+    it "requires the values in named_run_lists to be arrays" do
+      bad_named_run_lists = valid_lock_data.dup
+      bad_named_run_lists["named_run_lists"] = { "bad" => 42 }
+
+      expect { lockfile.build_from_lock_data(bad_named_run_lists) }.to raise_error(ChefDK::InvalidLockfile)
+    end
+
+    it "requires the values in named_run_lists to be valid run lists" do
+      bad_named_run_lists = valid_lock_data.dup
+      bad_named_run_lists["named_run_lists"] = { "bad" => [ 42 ] }
+
+      expect { lockfile.build_from_lock_data(bad_named_run_lists) }.to raise_error(ChefDK::InvalidLockfile)
+    end
     it "requires the `cookbook_locks` section be present and its value is a Hash" do
       missing_locks = valid_lock_data.dup
       missing_locks.delete("cookbook_locks")

data/spec/unit/policyfile_services/clean_policy_cookbooks_spec.rb

@@ -0,0 +1,275 @@
+#
+# Copyright:: Copyright (c) 2015 Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'spec_helper'
+require 'chef-dk/policyfile_services/clean_policy_cookbooks'
+
+describe ChefDK::PolicyfileServices::CleanPolicyCookbooks do
+
+  let(:cookbook_artifacts_list) do
+    {
+      "mysql" => {
+        "versions" => [
+          {
+            "identifier" => "6b506252cae939c874bd59b560c339b01c31326b"
+          }
+        ]
+      },
+      "build-essential" => {
+        "versions" => [
+          {
+            "identifier" => "2db3df121028894f45497f847de91b91fbf76824"
+          },
+          {
+            "identifier" => "d8ce58401d154378599b0fead81d2c390615602b"
+          }
+        ]
+      }
+    }
+  end
+
+  let(:cookbook_ids_by_name) do
+    {
+      "mysql" => [ "6b506252cae939c874bd59b560c339b01c31326b" ],
+      "build-essential" => [ "2db3df121028894f45497f847de91b91fbf76824", "d8ce58401d154378599b0fead81d2c390615602b" ]
+    }
+  end
+
+  let(:cookbook_ids_in_sets_by_name) do
+    cookbook_ids_by_name.inject({}) do |map, (name, id_list)|
+      map[name] = Set.new(id_list)
+      map
+    end
+  end
+
+  let(:policies_list) do
+    {
+      "aar" => {
+        "revisions" => {
+          "37f9b658cdd1d9319bac8920581723efcc2014304b5f3827ee0779e10ffbdcc9" => { }
+        }
+      },
+      "jenkins" => {
+        "revisions" => {
+          "613f803bdd035d574df7fa6da525b38df45a74ca82b38b79655efed8a189e073" => { },
+          "6fe753184c8946052d3231bb4212116df28d89a3a5f7ae52832ad408419dd5eb" => { }
+        }
+      }
+    }
+  end
+
+  let(:http_client) { instance_double(ChefDK::AuthenticatedHTTP) }
+
+  let(:ui) { TestHelpers::TestUI.new }
+
+  let(:chef_config) do
+    double("Chef::Config",
+           chef_server_url: "https://localhost:10443",
+           client_key: "/path/to/client/key.pem",
+           node_name: "deuce")
+  end
+
+  subject(:clean_policy_cookbooks_service) do
+    described_class.new(ui: ui, config: chef_config)
+  end
+
+
+  it "configures an HTTP client with the user's credentials" do
+    expect(ChefDK::AuthenticatedHTTP).to receive(:new).with("https://localhost:10443",
+                                                       signing_key_filename: "/path/to/client/key.pem",
+                                                       client_name: "deuce")
+    clean_policy_cookbooks_service.http_client
+  end
+
+  context "when an error occurs fetching cookbook data from the server" do
+
+    let(:response) do
+      Net::HTTPResponse.send(:response_class, "500").new("1.0", "500", "Internal Server Error").tap do |r|
+        r.instance_variable_set(:@body, "oops")
+      end
+    end
+
+    let(:http_exception) do
+      begin
+        response.error!
+      rescue => e
+        e
+      end
+    end
+
+    before do
+      allow(clean_policy_cookbooks_service).to receive(:http_client).and_return(http_client)
+      expect(http_client).to receive(:get).with("/policies").and_return({})
+      expect(http_client).to receive(:get).with("/cookbook_artifacts").and_raise(http_exception)
+    end
+
+    it "raises a standardized nested exception" do
+      expect { clean_policy_cookbooks_service.run }.to raise_error(ChefDK::PolicyCookbookCleanError)
+    end
+
+  end
+
+  context "when the server returns cookbook data successfully" do
+
+    before do
+      allow(clean_policy_cookbooks_service).to receive(:http_client).and_return(http_client)
+
+      allow(http_client).to receive(:get).with("/cookbook_artifacts").and_return(cookbook_artifacts_list)
+      allow(http_client).to receive(:get).with("/policies").and_return(policies_list)
+    end
+
+    context "when the server has no policy cookbooks" do
+
+      let(:cookbook_artifacts_list) { {} }
+      let(:policies_list) { {} }
+
+      it "has an empty list for all cookbooks" do
+        expect(clean_policy_cookbooks_service.all_cookbooks).to eq({})
+      end
+
+      it "has no in-use cookbook artifacts" do
+        expect(clean_policy_cookbooks_service.active_cookbooks).to eq({})
+      end
+
+      it "has no cookbooks to clean" do
+        expect(clean_policy_cookbooks_service.cookbooks_to_clean).to eq({})
+      end
+
+      it "does not clean any cookbooks" do
+        expect(http_client).to_not receive(:delete)
+        clean_policy_cookbooks_service.run
+      end
+    end
+
+    context "when the server has policy cookbooks" do
+
+      let(:policy_aar_37f9b65) do
+        {
+          "cookbook_locks" => {
+            "mysql" => { "identifier" => "6b506252cae939c874bd59b560c339b01c31326b" }
+          }
+        }
+      end
+
+      let(:policy_jenkins_613f803) do
+        {
+          "cookbook_locks" => {
+            "mysql" => { "identifier" => "6b506252cae939c874bd59b560c339b01c31326b" },
+            "build-essential" => { "identifier" => "2db3df121028894f45497f847de91b91fbf76824" }
+          }
+        }
+      end
+
+      let(:policy_jenkins_6fe7531) do
+        {
+          "cookbook_locks" => {
+            "mysql" => { "identifier" => "6b506252cae939c874bd59b560c339b01c31326b" },
+            "build-essential" => { "identifier" => "d8ce58401d154378599b0fead81d2c390615602b" }
+          }
+        }
+      end
+
+      before do
+        allow(http_client).to receive(:get).
+          with("/policies/aar/revisions/37f9b658cdd1d9319bac8920581723efcc2014304b5f3827ee0779e10ffbdcc9").
+          and_return(policy_aar_37f9b65)
+        allow(http_client).to receive(:get).
+          with("/policies/jenkins/revisions/613f803bdd035d574df7fa6da525b38df45a74ca82b38b79655efed8a189e073").
+          and_return(policy_jenkins_613f803)
+        allow(http_client).to receive(:get).
+          with("/policies/jenkins/revisions/6fe753184c8946052d3231bb4212116df28d89a3a5f7ae52832ad408419dd5eb").
+          and_return(policy_jenkins_6fe7531)
+      end
+
+
+      context "and all cookbooks are active" do
+
+        it "lists all the cookbooks" do
+          expect(clean_policy_cookbooks_service.all_cookbooks).to eq(cookbook_ids_by_name)
+        end
+
+        it "lists all active cookbooks" do
+          expect(clean_policy_cookbooks_service.active_cookbooks).to eq(cookbook_ids_in_sets_by_name)
+        end
+
+        it "has no cookbooks to clean" do
+          expect(clean_policy_cookbooks_service.cookbooks_to_clean).to eq({})
+        end
+
+        it "does not clean any cookbooks" do
+          expect(http_client).to_not receive(:delete)
+          clean_policy_cookbooks_service.run
+        end
+      end
+
+      context "and some cookbooks can be GC'd" do
+
+        let(:policy_jenkins_6fe7531) do
+          {
+            "cookbook_locks" => {
+              "mysql" => { "identifier" => "6b506252cae939c874bd59b560c339b01c31326b" },
+              # this is changed to reference the same cookbook as policy_jenkins_613f803
+              "build-essential" => { "identifier" => "2db3df121028894f45497f847de91b91fbf76824" }
+            }
+          }
+        end
+
+        let(:expected_active_cookbooks) do
+          {
+            "mysql" => Set.new([ "6b506252cae939c874bd59b560c339b01c31326b" ]),
+            "build-essential" => Set.new([ "2db3df121028894f45497f847de91b91fbf76824" ])
+          }
+        end
+
+        it "lists all the cookbooks" do
+          expect(clean_policy_cookbooks_service.all_cookbooks).to eq(cookbook_ids_by_name)
+        end
+
+        it "lists all active cookbooks" do
+          expect(clean_policy_cookbooks_service.active_cookbooks).to eq(expected_active_cookbooks)
+        end
+
+        it "lists non-active cookbooks" do
+          expected = { "build-essential" => Set.new([ "d8ce58401d154378599b0fead81d2c390615602b" ]) }
+          expect(clean_policy_cookbooks_service.cookbooks_to_clean).to eq(expected)
+        end
+
+        it "deletes the non-active cookbooks" do
+          expect(http_client).to receive(:delete).with("/cookbook_artifacts/build-essential/d8ce58401d154378599b0fead81d2c390615602b")
+          clean_policy_cookbooks_service.run
+        end
+
+        # Regression test. This was giving us an Argument error for `<Set> - nil`
+        context "when there are no active revisions of a given cookbook" do
+
+          let(:policies_list) { {} }
+
+          it "deletes the non-active cookbooks" do
+            expect(http_client).to receive(:delete).with("/cookbook_artifacts/build-essential/d8ce58401d154378599b0fead81d2c390615602b")
+            expect(http_client).to receive(:delete).with("/cookbook_artifacts/build-essential/2db3df121028894f45497f847de91b91fbf76824")
+            expect(http_client).to receive(:delete).with("/cookbook_artifacts/mysql/6b506252cae939c874bd59b560c339b01c31326b")
+            clean_policy_cookbooks_service.run
+          end
+
+        end
+
+      end
+    end
+  end
+
+end
+

data/spec/unit/policyfile_services/rm_policy_group_spec.rb

@@ -0,0 +1,241 @@
+#
+# Copyright:: Copyright (c) 2015 Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'spec_helper'
+require 'chef-dk/policyfile_services/rm_policy_group'
+
+describe ChefDK::PolicyfileServices::RmPolicyGroup do
+
+  let(:policy_group) { "preprod" }
+
+  let(:http_client) { instance_double(ChefDK::AuthenticatedHTTP) }
+
+  let(:ui) { TestHelpers::TestUI.new }
+
+  let(:non_empty_policy_groups) do
+    {
+      "dev" => {
+        "uri" => "https://chef.example/organizations/testorg/policy_groups/dev",
+        "policies" => {
+          "appserver" => { "revision_id" => "1111111111111111111111111111111111111111111111111111111111111111" },
+          "load-balancer" => { "revision_id" => "5555555555555555555555555555555555555555555555555555555555555555" },
+          "db" => { "revision_id" => "9999999999999999999999999999999999999999999999999999999999999999" }
+        }
+      },
+      "preprod" => {
+        "uri" => "https://chef.example/organizations/testorg/policy_groups/preprod",
+        "policies" => {
+          "appserver" => { "revision_id" => "2222222222222222222222222222222222222222222222222222222222222222" },
+          "load-balancer" => { "revision_id" => "5555555555555555555555555555555555555555555555555555555555555555" },
+          "db" => { "revision_id" => "9999999999999999999999999999999999999999999999999999999999999999" }
+        }
+      }
+    }
+  end
+
+
+  let(:empty_policy_groups) do
+    {
+      "dev" => {
+        "uri" => "https://chef.example/organizations/testorg/policy_groups/dev"
+      },
+      "preprod" => {
+        "uri" => "https://chef.example/organizations/testorg/policy_groups/preprod"
+      }
+    }
+  end
+
+  let(:chef_config) do
+    double("Chef::Config",
+           chef_server_url: "https://localhost:10443",
+           client_key: "/path/to/client/key.pem",
+           node_name: "deuce")
+  end
+
+  subject(:rm_policy_group_service) do
+    described_class.new(policy_group: policy_group, ui: ui, config: chef_config)
+  end
+
+  let(:undo_record) do
+    rm_policy_group_service.undo_record
+  end
+
+  let(:undo_stack) do
+    rm_policy_group_service.undo_stack
+  end
+
+
+  it "configures an HTTP client" do
+    expect(ChefDK::AuthenticatedHTTP).to receive(:new).with("https://localhost:10443",
+                                                       signing_key_filename: "/path/to/client/key.pem",
+                                                       client_name: "deuce")
+    rm_policy_group_service.http_client
+  end
+
+  context "when the server returns an error fetching the policy data" do
+
+    let(:response) do
+      Net::HTTPResponse.send(:response_class, "500").new("1.0", "500", "Internal Server Error").tap do |r|
+        r.instance_variable_set(:@body, "oops")
+      end
+    end
+
+    let(:http_exception) do
+      begin
+        response.error!
+      rescue => e
+        e
+      end
+    end
+
+    before do
+      allow(rm_policy_group_service).to receive(:http_client).and_return(http_client)
+    end
+
+    describe "when getting an error response fetching the policy group" do
+
+      before do
+        expect(http_client).to receive(:get).with("/policy_groups").and_raise(http_exception)
+      end
+
+      it "re-raises the error with a standardized exception class" do
+        expect { rm_policy_group_service.run }.to raise_error(ChefDK::DeletePolicyGroupError)
+      end
+
+    end
+
+    describe "when getting an error fetching policy revisions" do
+
+      before do
+        expect(http_client).to receive(:get).with("/policy_groups").and_return(non_empty_policy_groups)
+        expect(http_client).to receive(:get).
+          with("/policies/appserver/revisions/2222222222222222222222222222222222222222222222222222222222222222").
+          and_raise(http_exception)
+      end
+
+      it "re-raises the error with a standardized exception class" do
+        expect { rm_policy_group_service.run }.to raise_error(ChefDK::DeletePolicyGroupError)
+      end
+
+    end
+
+
+  end
+
+  context "when the given group doesn't exist" do
+
+    let(:policy_group) { "incorrect_policy_group_name" }
+
+    before do
+      allow(rm_policy_group_service).to receive(:http_client).and_return(http_client)
+      expect(http_client).to receive(:get).with("/policy_groups").and_return(non_empty_policy_groups)
+    end
+
+    it "prints a message stating that the group doesn't exist" do
+      expect { rm_policy_group_service.run }.to_not raise_error
+      expect(ui.output).to eq("Policy group 'incorrect_policy_group_name' does not exist on the server\n")
+    end
+
+  end
+
+  context "when the group exists but has no policies assigned to it" do
+
+    before do
+      allow(rm_policy_group_service).to receive(:http_client).and_return(http_client)
+      expect(http_client).to receive(:get).with("/policy_groups").and_return(empty_policy_groups)
+      expect(http_client).to receive(:delete).with("/policy_groups/preprod")
+      expect(undo_stack).to receive(:push).with(undo_record)
+    end
+
+    it "removes the group" do
+      rm_policy_group_service.run
+      expect(ui.output).to include("Removed policy group 'preprod'.")
+    end
+
+    it "stores the group in the restore file" do
+      rm_policy_group_service.run
+      expect(undo_record.description).to eq("delete-policy-group preprod")
+      expect(undo_record.policy_groups).to eq( [ policy_group ] )
+      expect(undo_record.policy_revisions).to be_empty
+    end
+
+  end
+
+  context "when the group exists and has policies assigned to it" do
+
+    let(:policy_appserver_2) do
+      {
+        "name" => "appserver",
+        "revision_id" => "2222222222222222222222222222222222222222222222222222222222222222"
+      }
+    end
+
+    let(:policy_load_balancer_5) do
+      {
+        "name" => "load-balancer",
+        "revision_id" => "5555555555555555555555555555555555555555555555555555555555555555"
+      }
+    end
+
+    let(:policy_db_9) do
+      {
+        "name" => "db",
+        "revision_id" => "9999999999999999999999999999999999999999999999999999999999999999"
+      }
+    end
+
+    before do
+      allow(rm_policy_group_service).to receive(:http_client).and_return(http_client)
+      expect(http_client).to receive(:get).with("/policy_groups").and_return(non_empty_policy_groups)
+      expect(http_client).to receive(:get).
+        with("/policies/appserver/revisions/2222222222222222222222222222222222222222222222222222222222222222").
+        and_return(policy_appserver_2)
+      expect(http_client).to receive(:get).
+        with("/policies/load-balancer/revisions/5555555555555555555555555555555555555555555555555555555555555555").
+        and_return(policy_load_balancer_5)
+      expect(http_client).to receive(:get).
+        with("/policies/db/revisions/9999999999999999999999999999999999999999999999999999999999999999").
+        and_return(policy_db_9)
+
+      expect(http_client).to receive(:delete).with("/policy_groups/preprod")
+      expect(undo_stack).to receive(:push).with(undo_record)
+    end
+
+    it "removes the group" do
+      rm_policy_group_service.run
+      expect(ui.output).to include("Removed policy group 'preprod'.")
+    end
+
+    it "stores the group and policyfile revision contents in the restore file" do
+      rm_policy_group_service.run
+      expect(undo_record.description).to eq("delete-policy-group preprod")
+      expect(undo_record.policy_groups).to eq( [ policy_group ] )
+
+      expected_policy_revision_undo_data =
+        [
+          { policy_name: "appserver", policy_group: "preprod", data: policy_appserver_2},
+          { policy_name: "load-balancer", policy_group: "preprod", data: policy_load_balancer_5},
+          { policy_name: "db", policy_group: "preprod", data: policy_db_9}
+        ]
+
+      expect(undo_record.policy_revisions.map(&:to_h)).to match_array(expected_policy_revision_undo_data)
+    end
+
+  end
+
+end
+