chef 17.4.38 → 17.7.22

data/spec/unit/resource/inspec_waiver_spec.rb

@@ -0,0 +1,312 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+
+describe Chef::Resource::InspecWaiver do
+  def load_waiver(filename)
+    path = "/var/chef/cache/cookbooks/acme_compliance/compliance/waivers/#{filename}"
+    run_context.waiver_collection << Chef::Compliance::Waiver.from_yaml(events, waiver_yaml, path, "acme_compliance")
+  end
+
+  let(:node) { Chef::Node.new }
+  let(:events) { Chef::EventDispatch::Dispatcher.new }
+  let(:run_context) do
+    Chef::RunContext.new(node, {}, events).tap do |rc|
+    end
+  end
+  let(:collection) { double("resource collection") }
+  let(:waiver_yaml) do
+    <<~EOH
+ssh-01:
+  expiration_date: 2033-07-31
+  run: false
+  justification: "waived, yo"
+    EOH
+  end
+  let(:waiver_json) do
+    <<~EOH
+{ "ssh-01": {
+  "expiration_date": "2033-07-31",
+  "run": false,
+  "justification": "waived, yo"
+  } }
+    EOH
+  end
+  let(:waiver_toml) do
+    <<~EOH
+[ssh-01]
+expiration_date = 2033-07-31T00:00:00.000Z
+run = false
+justification = "waived, yo"
+    EOH
+  end
+  let(:waiver_hash) do
+    { "ssh-01" => {
+      "expiration_date" => "2033-07-31",
+      "run" => false,
+      "justification" => "waived, yo",
+      } }
+  end
+  let(:resource) do
+    Chef::Resource::InspecWaiver.new("ssh-01", run_context)
+  end
+  let(:provider) { resource.provider_for_action(:add) }
+
+  before do
+    allow(run_context).to receive(:resource_collection).and_return(collection)
+  end
+
+  it "sets the default action as :add" do
+    expect(resource.action).to eql([:add])
+  end
+
+  context "with a waiver in a cookbook" do
+    it "enables the waiver by the name of the cookbook" do
+      load_waiver("default.yml")
+      resource.name "acme_compliance"
+      resource.run_action(:add)
+      expect(run_context.waiver_collection.first).to be_enabled
+      expect(resource).not_to be_updated_by_last_action
+    end
+
+    it "enables the waiver with a regular expression for the cookbook" do
+      load_waiver("default.yml")
+      resource.name "acme_comp.*"
+      resource.run_action(:add)
+      expect(run_context.waiver_collection.first).to be_enabled
+      expect(resource).not_to be_updated_by_last_action
+    end
+
+    it "enables the waiver with an explicit name" do
+      load_waiver("default.yml")
+      resource.name "acme_compliance::default"
+      resource.run_action(:add)
+      expect(run_context.waiver_collection.first).to be_enabled
+      expect(resource).not_to be_updated_by_last_action
+    end
+
+    it "fails when the cookbook name is wrong" do
+      load_waiver("default.yml")
+      resource.name "evil_compliance"
+      expect { resource.run_action(:add) }.to raise_error(StandardError)
+    end
+
+    it "enables the waiver when its not named default" do
+      load_waiver("ssh01.yml")
+      resource.name "acme_compliance::ssh01"
+      resource.run_action(:add)
+      expect(run_context.waiver_collection.first).to be_enabled
+      expect(resource).not_to be_updated_by_last_action
+    end
+
+    it "fails when it is not named default and you attempt to enable the default" do
+      load_waiver("ssh01.yml")
+      resource.name "acme_compliance"
+      expect { resource.run_action(:add) }.to raise_error(StandardError)
+    end
+
+    it "succeeds with a regexp that matches the cookbook name" do
+      load_waiver("ssh01.yml")
+      resource.name "acme_comp.*::ssh01"
+      resource.run_action(:add)
+      expect(run_context.waiver_collection.first).to be_enabled
+      expect(resource).not_to be_updated_by_last_action
+    end
+
+    it "succeeds with a regexp that matches the file name" do
+      load_waiver("ssh01.yml")
+      resource.name "acme_compliance::ssh.*"
+      resource.run_action(:add)
+      expect(run_context.waiver_collection.first).to be_enabled
+      expect(resource).not_to be_updated_by_last_action
+    end
+
+    it "succeeds with a regexps for both the file name and cookbook name" do
+      load_waiver("ssh01.yml")
+      resource.name "acme_comp.*::ssh.*"
+      resource.run_action(:add)
+      expect(run_context.waiver_collection.first).to be_enabled
+      expect(resource).not_to be_updated_by_last_action
+    end
+
+    it "fails with regexps that do not match" do
+      load_waiver("ssh01.yml")
+      resource.name "evil_comp.*::etcd.*"
+      expect { resource.run_action(:add) }.to raise_error(StandardError)
+    end
+
+    it "substring matches without regexps should fail when they are at the end" do
+      load_waiver("ssh01.yml")
+      resource.name "acme_complianc::ssh0"
+      expect { resource.run_action(:add) }.to raise_error(StandardError)
+    end
+
+    it "substring matches without regexps should fail when they are at the start" do
+      load_waiver("ssh01.yml")
+      resource.name "cme_compliance::sh01"
+      expect { resource.run_action(:add) }.to raise_error(StandardError)
+    end
+  end
+
+  context "with a waiver in a file" do
+    it "loads a YAML file" do
+      tempfile = Tempfile.new(["spec-compliance-test", ".yaml"])
+      tempfile.write waiver_yaml
+      tempfile.close
+      resource.name tempfile.path
+
+      resource.run_action(:add)
+
+      expect(run_context.waiver_collection.first).to be_enabled
+      expect(run_context.waiver_collection.size).to be 1
+      expect(run_context.waiver_collection.first.cookbook_name).to be nil
+      expect(run_context.waiver_collection.first.path).to be nil
+      expect(run_context.waiver_collection.first.pathname).to be nil
+      expect(resource).not_to be_updated_by_last_action
+    end
+
+    it "loads a YAML file in a source attribute" do
+      tempfile = Tempfile.new(["spec-compliance-test", ".yaml"])
+      tempfile.write waiver_yaml
+      tempfile.close
+      resource.name "my-resource-name"
+      resource.source tempfile.path
+
+      resource.run_action(:add)
+
+      expect(run_context.waiver_collection.first).to be_enabled
+      expect(run_context.waiver_collection.size).to be 1
+      expect(run_context.waiver_collection.first.cookbook_name).to be nil
+      expect(run_context.waiver_collection.first.path).to be nil
+      expect(run_context.waiver_collection.first.pathname).to be nil
+      expect(resource).not_to be_updated_by_last_action
+    end
+
+    it "loads a YML file" do
+      tempfile = Tempfile.new(["spec-compliance-test", ".yml"])
+      tempfile.write waiver_yaml
+      tempfile.close
+      resource.name tempfile.path
+
+      resource.run_action(:add)
+
+      expect(run_context.waiver_collection.first).to be_enabled
+      expect(run_context.waiver_collection.size).to be 1
+      expect(run_context.waiver_collection.first.cookbook_name).to be nil
+      expect(run_context.waiver_collection.first.path).to be nil
+      expect(run_context.waiver_collection.first.pathname).to be nil
+      expect(resource).not_to be_updated_by_last_action
+    end
+
+    it "loads a YML file using the source attribute" do
+      tempfile = Tempfile.new(["spec-compliance-test", ".yml"])
+      tempfile.write waiver_yaml
+      tempfile.close
+      resource.name "my-resource-name"
+      resource.source tempfile.path
+
+      resource.run_action(:add)
+
+      expect(run_context.waiver_collection.first).to be_enabled
+      expect(run_context.waiver_collection.size).to be 1
+      expect(run_context.waiver_collection.first.cookbook_name).to be nil
+      expect(run_context.waiver_collection.first.path).to be nil
+      expect(run_context.waiver_collection.first.pathname).to be nil
+      expect(resource).not_to be_updated_by_last_action
+    end
+
+    it "loads a JSON file" do
+      tempfile = Tempfile.new(["spec-compliance-test", ".json"])
+      tempfile.write waiver_json
+      tempfile.close
+      resource.name tempfile.path
+
+      resource.run_action(:add)
+
+      expect(run_context.waiver_collection.first).to be_enabled
+      expect(run_context.waiver_collection.size).to be 1
+      expect(run_context.waiver_collection.first.cookbook_name).to be nil
+      expect(run_context.waiver_collection.first.path).to be nil
+      expect(run_context.waiver_collection.first.pathname).to be nil
+      expect(resource).not_to be_updated_by_last_action
+    end
+
+    it "loads a JSON file using the source attribute" do
+      tempfile = Tempfile.new(["spec-compliance-test", ".json"])
+      tempfile.write waiver_json
+      tempfile.close
+      resource.name "my-resource-name"
+      resource.source tempfile.path
+
+      resource.run_action(:add)
+
+      expect(run_context.waiver_collection.first).to be_enabled
+      expect(run_context.waiver_collection.size).to be 1
+      expect(run_context.waiver_collection.first.cookbook_name).to be nil
+      expect(run_context.waiver_collection.first.path).to be nil
+      expect(run_context.waiver_collection.first.pathname).to be nil
+      expect(resource).not_to be_updated_by_last_action
+    end
+
+    it "loads a TOML file" do
+      tempfile = Tempfile.new(["spec-compliance-test", ".toml"])
+      tempfile.write waiver_toml
+      tempfile.close
+      resource.name tempfile.path
+
+      resource.run_action(:add)
+
+      expect(run_context.waiver_collection.first).to be_enabled
+      expect(run_context.waiver_collection.size).to be 1
+      expect(run_context.waiver_collection.first.cookbook_name).to be nil
+      expect(run_context.waiver_collection.first.path).to be nil
+      expect(run_context.waiver_collection.first.pathname).to be nil
+      expect(resource).not_to be_updated_by_last_action
+    end
+
+    it "loads a TOML file using the source attribute" do
+      tempfile = Tempfile.new(["spec-compliance-test", ".toml"])
+      tempfile.write waiver_toml
+      tempfile.close
+      resource.name "my-resource-name"
+      resource.source tempfile.path
+
+      resource.run_action(:add)
+
+      expect(run_context.waiver_collection.first).to be_enabled
+      expect(run_context.waiver_collection.size).to be 1
+      expect(run_context.waiver_collection.first.cookbook_name).to be nil
+      expect(run_context.waiver_collection.first.path).to be nil
+      expect(run_context.waiver_collection.first.pathname).to be nil
+      expect(resource).not_to be_updated_by_last_action
+    end
+
+    it "loads a Hash" do
+      resource.source waiver_hash
+
+      resource.run_action(:add)
+
+      expect(run_context.waiver_collection.first).to be_enabled
+      expect(run_context.waiver_collection.size).to be 1
+      expect(run_context.waiver_collection.first.cookbook_name).to be nil
+      expect(run_context.waiver_collection.first.path).to be nil
+      expect(run_context.waiver_collection.first.pathname).to be nil
+      expect(resource).not_to be_updated_by_last_action
+    end
+  end
+end

data/spec/unit/resource/kernel_module_spec.rb

@@ -32,10 +32,11 @@ describe Chef::Resource::KernelModule do
     expect(resource.modname).to eql("foo")
   end
 
-  it "supports :create and :flush actions" do
+  it "supports various actions" do
     expect { resource.action :install }.not_to raise_error
     expect { resource.action :uninstall }.not_to raise_error
     expect { resource.action :blacklist }.not_to raise_error
+    expect { resource.action :enable }.not_to raise_error
     expect { resource.action :disable }.not_to raise_error
     expect { resource.action :load }.not_to raise_error
     expect { resource.action :unload }.not_to raise_error

data/spec/unit/resource/macos_user_defaults_spec.rb

@@ -17,120 +17,60 @@
 
 require "spec_helper"
 
-describe Chef::Resource::MacosUserDefaults do
-
-  let(:resource) { Chef::Resource::MacosUserDefaults.new("foo") }
-  let(:provider) { resource.provider_for_action(:write) }
-
-  it "has a resource name of :macos_userdefaults" do
-    expect(resource.resource_name).to eq(:macos_userdefaults)
-  end
-
-  it "the domain property defaults to NSGlobalDomain" do
-    expect(resource.domain).to eq("NSGlobalDomain")
-  end
-
-  it "the value property coerces keys in hashes to strings so we can compare them with plist data" do
-    resource.value "User": "/Library/Managed Installs/way_fake.log"
-    expect(resource.value).to eq({ "User" => "/Library/Managed Installs/way_fake.log" })
-  end
-
-  it "the host property defaults to nil" do
-    expect(resource.host).to be_nil
-  end
-
-  it "the sudo property defaults to false" do
-    expect(resource.sudo).to be false
-  end
-
-  it "sets the default action as :write" do
-    expect(resource.action).to eq([:write])
-  end
-
-  it "supports :write action" do
-    expect { resource.action :write }.not_to raise_error
-  end
-
-  describe "#defaults_export_cmd" do
-    it "exports NSGlobalDomain if no domain is set" do
-      expect(provider.defaults_export_cmd(resource)).to eq(["/usr/bin/defaults", "export", "NSGlobalDomain", "-"])
+describe Chef::Resource::MacosUserDefaults, :macos_only, requires_root: true do
+  let(:test_value) { "fakest_key_value" }
+  let(:test_key) { "fakest_key" }
+  let(:node) { Chef::Node.new }
+  let(:events) { Chef::EventDispatch::Dispatcher.new }
+  let(:run_context) { Chef::RunContext.new(node, {}, events) }
+  let(:resource) {
+    Chef::Resource::MacosUserDefaults.new("foo", run_context).tap do |r|
+      r.value test_value
+      r.key test_key
     end
+  }
 
-    it "exports a provided domain" do
-      resource.domain "com.tim"
-      expect(provider.defaults_export_cmd(resource)).to eq(["/usr/bin/defaults", "export", "com.tim", "-"])
+  context "has a default value" do
+    it ":macos_userdefaults for resource name" do
+      expect(resource.resource_name).to eq(:macos_userdefaults)
     end
 
-    it "sets -currentHost if host is 'current'" do
-      resource.host "current"
-      expect(provider.defaults_export_cmd(resource)).to eq(["/usr/bin/defaults", "-currentHost", "export", "NSGlobalDomain", "-"])
+    it "NSGlobalDomain for the domain property" do
+      expect(resource.domain).to eq("NSGlobalDomain")
     end
 
-    it "sets -host 'tim-laptop if host is 'tim-laptop'" do
-      resource.host "tim-laptop"
-      expect(provider.defaults_export_cmd(resource)).to eq(["/usr/bin/defaults", "-host", "tim-laptop", "export", "NSGlobalDomain", "-"])
-    end
-  end
-
-  describe "#defaults_modify_cmd" do
-    # avoid needing to set these required values over and over. We'll overwrite them where necessary
-    before do
-      resource.key = "foo"
-      resource.value = "bar"
-    end
-
-    it "writes to NSGlobalDomain if domain isn't specified" do
-      expect(provider.defaults_modify_cmd).to eq(["/usr/bin/defaults", "write", "NSGlobalDomain", "foo", "-string", "bar"])
-    end
-
-    it "uses the domain property if set" do
-      resource.domain = "MyCustomDomain"
-      expect(provider.defaults_modify_cmd).to eq(["/usr/bin/defaults", "write", "MyCustomDomain", "foo", "-string", "bar"])
+    it "nil for the host property" do
+      expect(resource.host).to be_nil
     end
 
-    it "sets host specific values using host property" do
-      resource.host = "tims_laptop"
-      expect(provider.defaults_modify_cmd).to eq(["/usr/bin/defaults", "-host", "tims_laptop", "write", "NSGlobalDomain", "foo", "-string", "bar"])
+    it "nil for the user property" do
+      expect(resource.user).to be_nil
     end
 
-    it "if host is set to :current it passes CurrentHost" do
-      resource.host = :current
-      expect(provider.defaults_modify_cmd).to eq(["/usr/bin/defaults", "-currentHost", "write", "NSGlobalDomain", "foo", "-string", "bar"])
-    end
-
-    it "raises ArgumentError if bool is specified, but the value can't be made into a bool" do
-      resource.type "bool"
-      expect { provider.defaults_modify_cmd }.to raise_error(ArgumentError)
-    end
-
-    it "autodetects array type and passes individual values" do
-      resource.value = %w{one two three}
-      expect(provider.defaults_modify_cmd).to eq(["/usr/bin/defaults", "write", "NSGlobalDomain", "foo", "-array", "one", "two", "three"])
-    end
-
-    it "autodetects string type and passes a single value" do
-      resource.value = "one"
-      expect(provider.defaults_modify_cmd).to eq(["/usr/bin/defaults", "write", "NSGlobalDomain", "foo", "-string", "one"])
+    it ":write for resource action" do
+      expect(resource.action).to eq([:write])
     end
+  end
 
-    it "autodetects integer type and passes a single value" do
-      resource.value = 1
-      expect(provider.defaults_modify_cmd).to eq(["/usr/bin/defaults", "write", "NSGlobalDomain", "foo", "-int", 1])
+  context ":write" do
+    it "is a supported action" do
+      expect { resource.action :write }.not_to raise_error
     end
 
-    it "autodetects boolean type from TrueClass value and passes a 'TRUE' string" do
-      resource.value = true
-      expect(provider.defaults_modify_cmd).to eq(["/usr/bin/defaults", "write", "NSGlobalDomain", "foo", "-bool", "TRUE"])
+    it "successfully updates the preference" do
+      resource.run_action(:write)
+      expect(resource.get_preference resource).eql? test_value
     end
+  end
 
-    it "autodetects boolean type from FalseClass value and passes a 'FALSE' string" do
-      resource.value = false
-      expect(provider.defaults_modify_cmd).to eq(["/usr/bin/defaults", "write", "NSGlobalDomain", "foo", "-bool", "FALSE"])
+  context ":delete" do
+    it "is a supported action" do
+      expect { resource.action :delete }.not_to raise_error
     end
 
-    it "autodetects dict type from Hash value and flattens keys & values" do
-      resource.value = { "foo" => "bar" }
-      expect(provider.defaults_modify_cmd).to eq(["/usr/bin/defaults", "write", "NSGlobalDomain", "foo", "-dict", "foo", "bar"])
+    it "successfully deletes the preference" do
+      resource.run_action(:delete)
+      expect(resource.get_preference resource).to be_nil
     end
   end
 end

data/spec/unit/resource/mount_spec.rb

@@ -59,6 +59,16 @@ describe Chef::Resource::Mount do
     expect(resource.mount_point).to eql("//192.168.11.102/Share/backup")
   end
 
+  it "does not strip slash when mount_point is root directory" do
+    resource.mount_point "/"
+    expect(resource.mount_point).to eql("/")
+  end
+
+  it "does not strip slash when mount_point is root of network mount" do
+    resource.mount_point "127.0.0.1:/"
+    expect(resource.mount_point).to eql("127.0.0.1:/")
+  end
+
   it "raises error when mount_point property is not set" do
     expect { resource.mount_point nil }.to raise_error(Chef::Exceptions::ValidationFailed, "Property mount_point must be one of: String!  You passed nil.")
   end