chef 11.12.8 → 11.14.0.alpha.2

data/spec/spec_helper.rb

@@ -82,6 +82,7 @@ require 'spec/support/platform_helpers'
 # Do not change the gsub.
 Dir["spec/support/**/*.rb"].
   reject { |f| f =~ %r{^spec/support/platforms} }.
+  reject { |f| f =~ %r{^spec/support/pedant} }.
   map { |f| f.gsub(%r{.rb$}, '') }.
   map { |f| f.gsub(%r[spec/], '')}.
   each { |f| require f }
@@ -98,6 +99,7 @@ RSpec.configure do |config|
 
   # Tests that randomly fail, but may have value.
   config.filter_run_excluding :volatile => true
+  config.filter_run_excluding :volatile_on_solaris => true if solaris?
 
   # Add jruby filters here
   config.filter_run_excluding :windows_only => true unless windows?

data/spec/support/mock/platform.rb

@@ -8,6 +8,13 @@
 def platform_mock(platform = :unix, &block)
   Chef::Platform.stub(:windows?).and_return(platform == :windows ? true : false)
   ENV['SYSTEMDRIVE'] = (platform == :windows ? 'C:' : nil)
+
+  if platform == :windows
+    Chef::Config.set_defaults_for_windows
+  else
+    Chef::Config.set_defaults_for_nix
+  end
+
   if block_given?
     mock_constants({"RUBY_PLATFORM" => (platform == :windows ? 'i386-mingw32' : 'x86_64-darwin11.2.0'),
                     "File::PATH_SEPARATOR" => (platform == :windows ? ";" : ":"),

data/spec/support/pedant/pedant_config.rb

@@ -0,0 +1,121 @@
+# Copyright: Copyright (c) 2012 Opscode, Inc.
+# License: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This annotated Pedant configuration file details the various
+# configuration settings available to you.  It is separate from the
+# actual Pedant::Config class because not all settings have sane
+# defaults, and not all settings are appropriate in all settings.
+
+################################################################################
+# You MUST specify the address of the server the API requests will be
+# sent to.  Only specify protocol, hostname, and port.
+chef_server 'http://127.0.0.1:8889'
+
+# If you are doing development testing, you can specify the address of
+# the Solr server.  The presence of this parameter will enable tests
+# to force commits to Solr, greatly decreasing the amout of time
+# needed for testing the search endpoint.  This is only an
+# optimization for development!  If you are testing a "live" Chef
+# Server, or otherwise do not have access to the Solr server from your
+# testing location, you should not specify a value for this parameter.
+# The tests will still run, albeit slower, as they will now need to
+# poll for a period to ensure they are querying committed results.
+#search_server "http://localhost:8983"
+
+# Related to the 'search_server' parameter, this specifies the maximum
+# amout of time (in seconds) that search endpoint requests should be
+# retried before giving up.  If not explicitly set, it will default to
+# 65 seconds; only set it if you know that your Solr commit interval
+# differs significantly from this.
+maximum_search_time 0
+
+# OSC sends erchef a host header with a port, so this option needs
+# # to be enabled for Pedant tests to work correctly
+explicit_port_url true
+
+# We're starting to break tests up into groups based on different
+# criteria.  The proper API tests (the results of which are viewable
+# to OPC customers) should be the only ones run by Pedant embedded in
+# OPC installs.  There are other specs that help us keep track of API
+# cruft that we want to come back and fix later; these shouldn't be
+# viewable to customers, but we should be able to run them in
+# development and CI environments.  If this parameter is missing or
+# explicitly `false` only the customer-friendly tests will be run.
+#
+# This is mainly here for documentation purposes, since the
+# command-line `opscode-pedant` utility ultimately determines this
+# value.
+include_internal false
+
+# Test users.  The five users specified below are required; their
+# names (:user, :non_org_user, etc.) are indicative of their role
+# within the tests.  All users must have a ':name' key.  If they have
+# a ':create_me' key, Pedant will create these users for you.  If you
+# are using pre-existing users, you must supply a ':key_file' key,
+# which should be the fully-qualified path /on the machine Pedant is
+# running on/ to a private key for that user.
+key = 'spec/support/pedant/stickywicket.pem'
+superuser_name 'admin'
+superuser_key key
+webui_key key
+
+# Set the platform_class
+platform_class Pedant::OpenSourcePlatform
+
+requestors({
+  :clients => {
+    # The the admin user, for the purposes of getting things rolling
+    :admin => {
+      :name => "pedant_admin_client",
+      :create_me => true,
+      :create_knife => true,
+      :admin => true
+    },
+    :non_admin => {
+      :name => 'pedant_client',
+      :create_me => true,
+      :create_knife => true
+    },
+    :bad => {
+      :name => 'bad_client',
+      :bogus => true
+    }
+  },
+  :users => {
+    :admin => {
+      :name => "admin",
+      :key_file => key,
+      :create_me => false,
+      :create_knife => false,
+      :admin => true
+     },
+    :non_admin => {
+      :name => "pedant_non_admin_user",
+      :create_me => true,
+      :create_knife => true,
+      :admin => false
+    },
+    # A user for Knife tests.  A knife.rb and key files will be set up
+    # for this user
+    :knife_user => {
+      :name => "knifey",
+      :create_me => true,
+      :create_knife => true
+    }
+  }
+})
+
+self[:tags] = [:validation, :authentication, :authorization]
+verify_error_messages false

data/spec/support/pedant/run_pedant.rb

@@ -0,0 +1,63 @@
+#!/usr/bin/env ruby
+require 'bundler'
+require 'bundler/setup'
+require 'chef_zero/server'
+require 'rspec/core'
+require 'chef/chef_fs/chef_fs_data_store'
+require 'chef/chef_fs/config'
+require 'tmpdir'
+require 'fileutils'
+require 'chef/version'
+
+def start_server(chef_repo_path)
+  Dir.mkdir(chef_repo_path) if !File.exists?(chef_repo_path)
+
+  # 11.6 and below had a bug where it couldn't create the repo children automatically
+  if Chef::VERSION.to_f < 11.8
+    %w(clients cookbooks data_bags environments nodes roles users).each do |child|
+      Dir.mkdir("#{chef_repo_path}/#{child}") if !File.exists?("#{chef_repo_path}/#{child}")
+    end
+  end
+
+  # Start the new server
+  Chef::Config.repo_mode = 'everything'
+  Chef::Config.chef_repo_path = chef_repo_path
+  Chef::Config.versioned_cookbooks = true
+  chef_fs = Chef::ChefFS::Config.new.local_fs
+  data_store = Chef::ChefFS::ChefFSDataStore.new(chef_fs)
+  server = ChefZero::Server.new(:port => 8889, :data_store => data_store)#, :log_level => :debug)
+  server.start_background
+  server
+end
+
+tmpdir = Dir.mktmpdir
+begin
+  # Create chef repository
+  chef_repo_path = "#{tmpdir}/repo"
+
+  # Capture setup data into master_chef_repo_path
+  server = start_server(chef_repo_path)
+
+  require 'pedant'
+  require 'pedant/opensource'
+
+  #Pedant::Config.rerun = true
+
+  Pedant.config.suite = 'api'
+  Pedant.config[:config_file] = 'spec/support/pedant/pedant_config.rb'
+  Pedant.setup([
+    '--skip-knife',
+    '--skip-validation',
+    '--skip-authentication',
+    '--skip-authorization',
+    '--skip-omnibus'
+  ])
+
+  result = RSpec::Core::Runner.run(Pedant.config.rspec_args)
+
+  server.stop if server.running?
+ensure
+  FileUtils.remove_entry_secure(tmpdir) if tmpdir
+end
+
+exit(result)

data/spec/support/pedant/stickywicket.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEApNCkX2k+lFGDWRVhX4uClaVQrumG9XXvk6X7M2izrIg7RzMP
+Dk4thhZkpx5gr22By7PZQdMEjWC/Zo8MBjtoJ0GV0jw8npefbU1MGKs2dtpYgo0N
+Fq8fX8MdFPu4h2W3g0dMEdhT8icc2H4EjhZmdeUhUn3RIEt2duCgp3YDYnUUZx3j
+N7MHcTIdzD58ikr6zQrZzHOv+OOI86Xk9EpyEEQizOLoQxkICNrhqN7ElQDuvXaX
+BSBrYDRKH2umBMMcXzvsR/SvkmqxoEESSpIlW8zeKAWQ+znNjDC0tmTg7jZmgSP7
+siKrwo4t4ebjcmjpIoi/JKww/nGN3Uhz1ZOZuwIDAQABAoIBAQCaJQD2s0nyEeKU
+uKhfYe155Cl3zbWJcQnmv4AXbr9MiAVY6+oS6Q8ur1bn7kNjDzoruENjiuZhC7E3
+TGZklb8tp+tluyy+7vQOmBKpp8fClSfewekR5CultqhGbb8B8yIVR+NfdUHd4rLZ
+z9KWyWB+txPZQQ8L80gSmrfmpzs3IuT7oPvmtBU1Wq9QapC4n/rUohHUpUV1du4G
+0wCIF4zQTg6cbYW2YXozwVQvw+P7P3RVEqZt+aZlbVcy0fNr6jNao0hi1KFC9OH2
+VjjU+PioreoA/NU3aZPIUzmJpWtsu31yuOZxXmytAkYooCZgiEQNEHnJlNPv0RmC
+6BPMzVoBAoGBAM7yZoSNJpzdP/q1/4+H3zyy7o4I0VTW9u/GqUzhnbjm5poK30X9
+YXh/7WOVV0OoVqdO6ljRKygP3Oggf41ZEbi1C6bbsO57pksBWgx9bD9V35XscZ0J
+F1ERe//kMHwVQy74R8/cIuRwm75haLSBj5/fwGbLeeVDglJkCVqPjtuBAoGBAMvh
+qsAGG5k9u6voTcXlFwS+B5YjULhK4NSxdJ2BnOxzYzxQ3IYQZMlb2xt8yZYx/ZZK
+wjkr9rcAPEQIQZ2A6NUbGq6qCD7sSmg6UAi0CgiqTokQ/Wtag0UDvFMzwerdg/On
+37uxffpxpte8z1jYi/MxRaoTYueuc1UVnqofVIM7AoGBALZJzwPzUY/bVAADUJmd
+lYZiFsAGBF42/E05MOgH1GaK/ZWy/fkouDLsfK67XaK7JZk6ajLSDLG9R1kxRym6
+y2FoGFtiKPfo8xIenrNhx3gCrG/jVjB9UYyXWiKNXifukr9M8/SkdBfFGWsZYqGd
+fmXVMiVaFoVcce8hLxwWWEABAoGBAKcyhKX/HEj6YFqlIoqkydDAylXs1jicZ27l
+rF2yum8KXZpMMdzbutuKsdAD8Ql0K6NB4a+jByuiTMn5/11cJxUEqkgM9sArZQW+
+tH2+r+/VQpyTS0/rpXVGj/2nl2K1kI2T4R36e/aTl6CanWweAf9JK/lC9rxKyxg+
+p6SaFuObAoGACP6TKCkp2oymXlKgdUUgPrnsaz2VAw8jD5QHtx10U4wty0C8gxsk
+MLe00h09iLPyFmvJpD+MgbxV/r6RrZeVdsKdU/5LG52YgiVSTaizyy+ciEfW7xoQ
+CL5EtZd8Cn5OKinBEzzFpELqunlqepIKCIDOcLKz/cjR+3a+E6Zx5Wo=
+-----END RSA PRIVATE KEY-----

data/spec/support/shared/functional/http.rb

@@ -0,0 +1,242 @@
+#
+# Author:: Lamont Granquist (<lamont@getchef.com>)
+# Copyright:: Copyright (c) 2014 Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+#
+# shared code for Chef::REST and Chef::HTTP::Simple and other Chef::HTTP wrappers
+#
+
+module ChefHTTPShared
+  def nyan_uncompressed_filename
+    File.join(CHEF_SPEC_DATA, 'remote_file', 'nyan_cat.png')
+  end
+
+  def nyan_compressed_filename
+    File.join(CHEF_SPEC_DATA, 'remote_file', 'nyan_cat.png.gz')
+  end
+
+  def binread(file)
+    content = File.open(file, "rb") do |f|
+      f.read
+    end
+    content.force_encoding(Encoding::BINARY) if "".respond_to?(:force_encoding)
+    content
+  end
+
+  def start_tiny_server(server_opts={})
+    nyan_uncompressed_size = File::Stat.new(nyan_uncompressed_filename).size
+    nyan_compressed_size   = File::Stat.new(nyan_compressed_filename).size
+
+    @server = TinyServer::Manager.new(server_opts)
+    @server.start
+    @api = TinyServer::API.instance
+    @api.clear
+
+    #
+    # trivial endpoints
+    #
+
+    # just a normal file
+    # (expected_content should be uncompressed)
+    @api.get("/nyan_cat.png", 200) {
+      File.open(nyan_uncompressed_filename, "rb") do |f|
+        f.read
+      end
+    }
+
+    # this ends in .gz, we do not uncompress it and drop it on the filesystem as a .gz file (the internet often lies)
+    # (expected_content should be compressed)
+    @api.get("/nyan_cat.png.gz", 200, nil, { 'Content-Type' => 'application/gzip', 'Content-Encoding' => 'gzip' } ) {
+      File.open(nyan_compressed_filename, "rb") do |f|
+        f.read
+      end
+    }
+
+    # this is an uncompressed file that was compressed by some mod_gzip-ish webserver thingy, so we will expand it
+    # (expected_content should be uncompressed)
+    @api.get("/nyan_cat_compressed.png", 200, nil, { 'Content-Type' => 'application/gzip', 'Content-Encoding' => 'gzip' } ) {
+      File.open(nyan_compressed_filename, "rb") do |f|
+        f.read
+      end
+    }
+
+    #
+    # endpoints that set Content-Length correctly
+    #
+
+    # (expected_content should be uncompressed)
+    @api.get("/nyan_cat_content_length.png", 200, nil,
+      {
+        'Content-Length'   => nyan_uncompressed_size.to_s,
+      }
+    ) {
+      File.open(nyan_uncompressed_filename, "rb") do |f|
+        f.read
+      end
+    }
+
+    # (expected_content should be uncompressed)
+    @api.get("/nyan_cat_content_length_compressed.png", 200, nil,
+      {
+        'Content-Length'   => nyan_compressed_size.to_s,
+        'Content-Type'     => 'application/gzip',
+        'Content-Encoding' => 'gzip'
+      }
+    ) {
+      File.open(nyan_compressed_filename, "rb") do |f|
+        f.read
+      end
+    }
+
+    #
+    # endpoints that simulate truncated downloads (bad content-length header)
+    #
+
+    # (expected_content should be uncompressed)
+    @api.get("/nyan_cat_truncated.png", 200, nil,
+      {
+        'Content-Length'   => (nyan_uncompressed_size + 1).to_s,
+      }
+    ) {
+      File.open(nyan_uncompressed_filename, "rb") do |f|
+        f.read
+      end
+    }
+
+    # (expected_content should be uncompressed)
+    @api.get("/nyan_cat_truncated_compressed.png", 200, nil,
+      {
+        'Content-Length'   => (nyan_compressed_size + 1).to_s,
+        'Content-Type'     => 'application/gzip',
+        'Content-Encoding' => 'gzip'
+      }
+    ) {
+      File.open(nyan_compressed_filename, "rb") do |f|
+        f.read
+      end
+    }
+
+    #
+    # in the presense of a transfer-encoding header, we must ignore the content-length (this bad content-length should work)
+    #
+
+    # (expected_content should be uncompressed)
+    @api.get("/nyan_cat_transfer_encoding.png", 200, nil,
+      {
+        'Content-Length'    => (nyan_uncompressed_size + 1).to_s,
+        'Transfer-Encoding' => 'anything',
+      }
+    ) {
+      File.open(nyan_uncompressed_filename, "rb") do |f|
+        f.read
+      end
+    }
+
+    #
+    # 403 with a Content-Length
+    #
+    @api.get('/forbidden', 403, 'Forbidden',
+      {
+        'Content-Length' => 'Forbidden'.bytesize.to_s
+      }
+    )
+
+  end
+
+  def stop_tiny_server
+    @server.stop
+    @server = @api = nil
+  end
+
+end
+
+shared_examples_for "downloading all the things" do
+
+  describe "when downloading a simple uncompressed file" do
+    let(:source) { 'http://localhost:9000/nyan_cat.png' }
+    let(:expected_content) { binread(nyan_uncompressed_filename) }
+
+    it_behaves_like "downloads requests correctly"
+  end
+
+  describe "when downloading a compressed file that should be left compressed" do
+    let(:source) { 'http://localhost:9000/nyan_cat.png.gz' }
+    let(:expected_content) { binread(nyan_compressed_filename) }
+
+    # its the callers responsibility to disable_gzip when downloading a .gz url
+    let(:http_client) { http_client_disable_gzip }
+
+    it_behaves_like "downloads requests correctly"
+  end
+
+  describe "when downloading a file that has been compressed by the webserver" do
+    let(:source) { 'http://localhost:9000/nyan_cat_compressed.png' }
+    let(:expected_content) { binread(nyan_uncompressed_filename) }
+
+    it_behaves_like "downloads requests correctly"
+  end
+
+  describe "when downloading an uncompressed file with a correct content_length" do
+    let(:source) { 'http://localhost:9000/nyan_cat_content_length.png' }
+    let(:expected_content) { binread(nyan_uncompressed_filename) }
+
+    it_behaves_like "downloads requests correctly"
+  end
+
+  describe "when downloading a file that has been compressed by the webserver with a correct content_length" do
+    let(:source) { 'http://localhost:9000/nyan_cat_content_length_compressed.png' }
+    let(:expected_content) { binread(nyan_uncompressed_filename) }
+
+    it_behaves_like "downloads requests correctly"
+  end
+
+  describe "when downloading an uncompressed file that is truncated" do
+    let(:source) { 'http://localhost:9000/nyan_cat_truncated.png' }
+    let(:expected_content) { binread(nyan_uncompressed_filename) }
+
+    it_behaves_like "validates content length and throws an exception"
+  end
+
+  describe "when downloading a file that has been compressed by the webserver that is truncated" do
+    let(:source) { 'http://localhost:9000/nyan_cat_truncated_compressed.png' }
+    let(:expected_content) { binread(nyan_uncompressed_filename) }
+
+    it_behaves_like "validates content length and throws an exception"
+  end
+
+  describe "when downloading a file that has transfer encoding set with a bad content length that should be ignored" do
+    let(:source) { 'http://localhost:9000/nyan_cat_transfer_encoding.png' }
+    let(:expected_content) { binread(nyan_uncompressed_filename) }
+
+    it_behaves_like "downloads requests correctly"
+  end
+
+  describe "when downloading an endpoint that 403s" do
+    let(:source) { 'http://localhost:9000/forbidden' }
+
+    it_behaves_like "an endpoint that 403s"
+  end
+
+  describe "when downloading an endpoint that 403s" do
+    let(:source) { 'http://localhost:9000/nyan_cat_content_length_compressed.png' }
+    let(:expected_content) { binread(nyan_uncompressed_filename) }
+    let(:source2) { 'http://localhost:9000/forbidden' }
+
+    it_behaves_like "a 403 after a successful request when reusing the request object"
+  end
+end
+