chef_fixie 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (61) hide show
  1. checksums.yaml +7 -0
  2. data/LICENSE +201 -0
  3. data/README.md +69 -0
  4. data/bin/bundler +16 -0
  5. data/bin/chef-apply +16 -0
  6. data/bin/chef-client +16 -0
  7. data/bin/chef-shell +16 -0
  8. data/bin/chef-solo +16 -0
  9. data/bin/chef-zero +16 -0
  10. data/bin/chef_fixie +5 -0
  11. data/bin/coderay +16 -0
  12. data/bin/edit_json.rb +16 -0
  13. data/bin/erubis +16 -0
  14. data/bin/ffi-yajl-bench +16 -0
  15. data/bin/fixie~ +231 -0
  16. data/bin/htmldiff +16 -0
  17. data/bin/knife +16 -0
  18. data/bin/ldiff +16 -0
  19. data/bin/net-dhcp +16 -0
  20. data/bin/ohai +16 -0
  21. data/bin/prettify_json.rb +16 -0
  22. data/bin/pry +16 -0
  23. data/bin/rackup +16 -0
  24. data/bin/rake +16 -0
  25. data/bin/rdoc +16 -0
  26. data/bin/restclient +16 -0
  27. data/bin/ri +16 -0
  28. data/bin/rspec +16 -0
  29. data/bin/s3sh +16 -0
  30. data/bin/sequel +16 -0
  31. data/bin/serverspec-init +16 -0
  32. data/doc/AccessingSQL.md +36 -0
  33. data/doc/AccessingSQL.md~ +32 -0
  34. data/doc/BulkFixup.md~ +28 -0
  35. data/doc/CommonTasks.md +20 -0
  36. data/doc/CommonTasks.md~ +0 -0
  37. data/doc/GETTING_STARTED.md +228 -0
  38. data/doc/GETTING_STARTED.md~ +6 -0
  39. data/fixie.conf.example +8 -0
  40. data/lib/chef_fixie.rb +27 -0
  41. data/lib/chef_fixie/authz_mapper.rb +143 -0
  42. data/lib/chef_fixie/authz_objects.rb +285 -0
  43. data/lib/chef_fixie/check_org_associations.rb +242 -0
  44. data/lib/chef_fixie/config.rb +139 -0
  45. data/lib/chef_fixie/console.rb +91 -0
  46. data/lib/chef_fixie/context.rb +72 -0
  47. data/lib/chef_fixie/sql.rb +74 -0
  48. data/lib/chef_fixie/sql_objects.rb +497 -0
  49. data/lib/chef_fixie/utility_helpers.rb +59 -0
  50. data/lib/chef_fixie/version.rb +3 -0
  51. data/spec/chef_fixie/acl_spec.rb +83 -0
  52. data/spec/chef_fixie/assoc_invite_spec.rb +47 -0
  53. data/spec/chef_fixie/assoc_invite_spec.rb~ +26 -0
  54. data/spec/chef_fixie/check_org_associations_spec.rb +140 -0
  55. data/spec/chef_fixie/check_org_associations_spec.rb~ +34 -0
  56. data/spec/chef_fixie/groups_spec.rb +34 -0
  57. data/spec/chef_fixie/org_spec.rb +26 -0
  58. data/spec/chef_fixie/org_spec.rb~ +53 -0
  59. data/spec/chef_fixie/orgs_spec.rb +53 -0
  60. data/spec/spec_helper.rb +41 -0
  61. metadata +252 -0
@@ -0,0 +1,59 @@
1
+ # -*- indent-tabs-mode: nil; fill-column: 110 -*-
2
+ #
3
+ # Copyright (c) 2015 Chef Software Inc.
4
+ # License :: Apache License, Version 2.0
5
+ #
6
+ # Licensed under the Apache License, Version 2.0 (the "License");
7
+ # you may not use this file except in compliance with the License.
8
+ # You may obtain a copy of the License at
9
+ #
10
+ # http://www.apache.org/licenses/LICENSE-2.0
11
+ #
12
+ # Unless required by applicable law or agreed to in writing, software
13
+ # distributed under the License is distributed on an "AS IS" BASIS,
14
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+ # See the License for the specific language governing permissions and
16
+ # limitations under the License.
17
+ #
18
+ # Author: Mark Anderson <mark@chef.io>
19
+ #
20
+
21
+ require 'chef_fixie/config'
22
+ require 'chef_fixie/authz_objects'
23
+ require 'chef_fixie/authz_mapper'
24
+
25
+ module ChefFixie
26
+ module UtilityHelpers
27
+ def self.orgs
28
+ @orgs ||= ChefFixie::Sql::Orgs.new
29
+ end
30
+ def self.users
31
+ @users ||= ChefFixie::Sql::Users.new
32
+ end
33
+ def self.assocs
34
+ @assocs ||= ChefFixie::Sql::Associations.new
35
+ end
36
+ def self.invites
37
+ invites ||= ChefFixie::Sql::Invites.new
38
+ end
39
+
40
+ def self.make_user(user)
41
+ if user.is_a?(String)
42
+ return users[user]
43
+ elsif user.is_a?(ChefFixie::Sql::User)
44
+ return user
45
+ else
46
+ raise Exception "Expected a user, got a #{user.class}"
47
+ end
48
+ end
49
+ def self.make_org(org)
50
+ if org.is_a?(String)
51
+ return orgs[org]
52
+ elsif org.is_a?(ChefFixie::Sql::Org)
53
+ return org
54
+ else
55
+ raise Exception "Expected an org, got a #{org.class}"
56
+ end
57
+ end
58
+ end
59
+ end
@@ -0,0 +1,3 @@
1
+ module ChefFixie
2
+ VERSION = "0.1.0"
3
+ end
@@ -0,0 +1,83 @@
1
+
2
+ require 'rspec'
3
+ require "spec_helper"
4
+ require 'chef_fixie'
5
+ require 'chef_fixie/config'
6
+
7
+ RSpec.describe ChefFixie::Sql::Orgs, "ACL access" do
8
+ let (:test_org_name) { "ponyville"}
9
+ let (:orgs) { ChefFixie::Sql::Orgs.new }
10
+ let (:users) { ChefFixie::Sql::Users.new }
11
+ let (:test_org) { orgs[test_org_name] }
12
+
13
+ # TODO this should use a freshly created object and purge it afterwords.
14
+ # But we need to write the create object feature still
15
+
16
+ context "Fetch acl for actor (client)" do
17
+ let (:testclient) { test_org.clients.all.first }
18
+ let (:testuser) { users['spitfire'] }
19
+ let (:pivotal) { users['pivotal'] }
20
+ let (:client_container) { test_org.containers["clients"] }
21
+
22
+ it "We can fetch the acl" do
23
+ acl = testclient.acl
24
+ expect(acl.keys).to include(* %w(create read update delete grant))
25
+ end
26
+
27
+ it "we can add a user to an ace" do
28
+ # This requires either a temp object or good cleanup
29
+ # acl = testclient.acl
30
+ # expect(acl["read"]["actors"].not_to include("wonderbolts")
31
+
32
+ testclient.ace_add(:read, testuser)
33
+
34
+ acl = testclient.acl
35
+ expect(acl["read"]["actors"]).to include([:global, testuser.name])
36
+ end
37
+
38
+ it "we can add then delete a user from an ace" do
39
+ testclient.ace_add(:read, testuser)
40
+ acl = testclient.acl
41
+ expect(acl["read"]["actors"]).to include([:global, testuser.name])
42
+
43
+
44
+ testclient.ace_delete(:read, testuser)
45
+
46
+ acl = testclient.acl
47
+ expect(acl["read"]["actors"]).not_to include([:global, testuser.name])
48
+ end
49
+
50
+ it "we can copy users from another acl" do
51
+ testclient.ace_delete(:all, pivotal)
52
+
53
+ testclient.acl_add_from_object(client_container)
54
+
55
+ acl = testclient.acl
56
+ %w(create read update delete grant).each do |action|
57
+ expect(acl[action]["actors"]).to include([:global, pivotal.name])
58
+ end
59
+ end
60
+
61
+ end
62
+
63
+ context "ACE Membership" do
64
+
65
+ let (:admingroup) { test_org.groups['admins'] }
66
+ let (:testobject) { test_org.groups['admins'] }
67
+ let (:notadmingroup) { test_org.groups['clients'] }
68
+ let (:adminuser) { users['rainbowdash'] }
69
+ let (:notadminuser) { users['mary'] }
70
+ let (:pivotal) { users['pivotal'] }
71
+
72
+ it "Privileged users and groups are part of the read ACE" do
73
+ expect(testobject.ace_member?(:read, admingroup)).to be true
74
+ expect(testobject.ace_member?(:read, pivotal)).to be true
75
+ end
76
+ it "Unprivileged members are not part of read ACE" do
77
+ expect(testobject.member?(notadmingroup)).to be false
78
+ expect(testobject.member?(notadminuser)).to be false
79
+ end
80
+ end
81
+
82
+
83
+ end
@@ -0,0 +1,47 @@
1
+
2
+ require 'rspec'
3
+ require "spec_helper"
4
+ require 'chef_fixie'
5
+ require 'chef_fixie/config'
6
+
7
+ RSpec.describe ChefFixie::Sql::Associations, "Associations tests" do
8
+ let (:test_org_name) { "ponyville" }
9
+ let (:orgs) { ChefFixie::Sql::Orgs.new }
10
+ let (:test_org) { orgs[test_org_name]}
11
+
12
+ let (:users) { ChefFixie::Sql::Users.new }
13
+ let (:assocs) { ChefFixie::Sql::Associations.new }
14
+
15
+
16
+ context "Basic functionality of association spec" do
17
+ let ("test_user_name") { "fluttershy" }
18
+ let ("test_user") { users[test_user_name] }
19
+ it "Can fetch by user id" do
20
+ assocs_by_user = assocs.by_user_id(test_user.id).all
21
+ expect(assocs_by_user).not_to be_nil
22
+ expect(assocs_by_user.count).to eq(1)
23
+ expect(assocs_by_user.first.user_id ).to eq(test_user.id)
24
+ expect(assocs_by_user.first.org_id ).to eq(test_org.id)
25
+ end
26
+ it "Can fetch by org id" do
27
+ assocs_by_org = assocs.by_org_id(test_org.id).all
28
+ expect(assocs_by_org).not_to be_nil
29
+ expect(assocs_by_org.count).to be > 1
30
+ expect(assocs_by_org.first.org_id).to eq(test_org.id)
31
+ end
32
+
33
+ it "Can fetch by both org/user id" do
34
+ assoc_item = assocs.by_org_id_user_id(test_org.id, test_user.id)
35
+ expect(assoc_item).not_to be_nil
36
+ expect(assoc_item.user_id).to eq(test_user.id)
37
+ expect(assoc_item.org_id).to eq(test_org.id)
38
+
39
+ # test user not in org
40
+ expect(assocs.by_org_id_user_id(test_org.id, users['mary'].id)).to be_nil
41
+ end
42
+
43
+
44
+ end
45
+
46
+
47
+ end
@@ -0,0 +1,26 @@
1
+
2
+ require 'rspec'
3
+ require "spec_helper"
4
+ require 'fixie'
5
+ require 'fixie/config'
6
+
7
+ RSpec.describe Fixie::Sql::Orgs, "Organizations access" do
8
+ let (:test_org_name) { "ponyville" }
9
+ let (:orgs) { Fixie::Sql::Orgs.new }
10
+ let (:test_org) { orgs[test_org_name]}
11
+
12
+ context "Basic functionality of org accessor" do
13
+
14
+ it "Org has a name and id" do
15
+ expect(test_org.name).to eq(test_org_name)
16
+ expect(test_org.id).not_to be_nil
17
+ end
18
+
19
+ it "Org has a global admins group" do
20
+ expect(test_org.global_admins.name).to eq(test_org_name + "_global_admins")
21
+ end
22
+
23
+ end
24
+
25
+
26
+ end
@@ -0,0 +1,140 @@
1
+ # -*- indent-tabs-mode: nil; fill-column: 110 -*-
2
+ require 'rspec'
3
+ require "spec_helper"
4
+ require 'chef_fixie'
5
+ require 'chef_fixie/config'
6
+
7
+ RSpec.describe ChefFixie::CheckOrgAssociations, "Association checker" do
8
+ let (:test_org_name) { "ponyville"}
9
+ let (:orgs) { ChefFixie::Sql::Orgs.new }
10
+ let (:test_org) { orgs[test_org_name] }
11
+
12
+ let (:users) { ChefFixie::Sql::Users.new }
13
+ let (:adminuser) { users['rainbowdash'] }
14
+ let (:notorguser) { users['mary'] }
15
+
16
+ # TODO this should use a freshly created object and purge it afterwords.
17
+ # But we need to write the create object feature still
18
+
19
+ context "Individual user check" do
20
+ it "Works on expected sane org/user pair" do
21
+ expect(ChefFixie::CheckOrgAssociations.check_association(test_org, adminuser)).to be true
22
+ expect(ChefFixie::CheckOrgAssociations.check_association(test_org_name, adminuser.name)).to be true
23
+ end
24
+
25
+ end
26
+ context "Individual user check" do
27
+ before :each do
28
+ expect(ChefFixie::CheckOrgAssociations.check_association(test_org, adminuser)).to be true
29
+ end
30
+
31
+ after :each do
32
+ usag = test_org.groups[adminuser.id]
33
+
34
+ usag.group_add(adminuser)
35
+ test_org.groups['users'].group_add(usag)
36
+
37
+ adminuser.ace_add(:read, test_org.global_admins)
38
+
39
+ end
40
+
41
+ it "Detects user not associated" do
42
+ # break it
43
+ expect(ChefFixie::CheckOrgAssociations.check_association(test_org, notorguser)).to be :not_associated
44
+ end
45
+
46
+ # TODO: Write missing USAG test, but can't until we can restore the USAG or use disposable org
47
+
48
+ it "Detects user missing from usag" do
49
+ # break it
50
+ usag = test_org.groups[adminuser.id]
51
+ usag.group_delete(adminuser)
52
+
53
+ expect(ChefFixie::CheckOrgAssociations.check_association(test_org, adminuser)).to be :user_not_in_usag
54
+ end
55
+
56
+ it "Detects usag missing from users group" do
57
+ # break it
58
+ usag = test_org.groups[adminuser.id]
59
+ test_org.groups['users'].group_delete(usag)
60
+
61
+ expect(ChefFixie::CheckOrgAssociations.check_association(test_org, adminuser)).to be :usag_not_in_users
62
+ end
63
+
64
+ it "Detects global admins missing read" do
65
+ # break it
66
+ adminuser.ace_delete(:read, test_org.global_admins)
67
+
68
+ expect(ChefFixie::CheckOrgAssociations.check_association(test_org, adminuser)).to be :global_admins_lacks_read
69
+ end
70
+
71
+ # TODO test zombie invite; need some way to create it.
72
+
73
+ end
74
+
75
+ context "Individual user fixup" do
76
+ before :each do
77
+ expect(ChefFixie::CheckOrgAssociations.check_association(test_org, adminuser)).to be true
78
+ end
79
+
80
+ after :each do
81
+ usag = test_org.groups[adminuser.id]
82
+
83
+ usag.group_add(adminuser)
84
+ test_org.groups['users'].group_add(usag)
85
+
86
+ adminuser.ace_add(:read, test_org.global_admins)
87
+
88
+ end
89
+
90
+ it "Detects user not associated" do
91
+ # break it
92
+ expect(ChefFixie::CheckOrgAssociations.check_association(test_org, notorguser)).to be :not_associated
93
+ end
94
+
95
+ # TODO: Write missing USAG test, but can't until we can restore the USAG or use disposable org
96
+
97
+ it "Fixes user missing from usag" do
98
+ # break it
99
+ usag = test_org.groups[adminuser.id]
100
+ usag.group_delete(adminuser)
101
+
102
+ expect(ChefFixie::CheckOrgAssociations.fix_association(test_org, adminuser)).to be true
103
+ expect(ChefFixie::CheckOrgAssociations.check_association(test_org, adminuser)).to be true
104
+ end
105
+
106
+ it "Fixes usag missing from users group" do
107
+ # break it
108
+ usag = test_org.groups[adminuser.id]
109
+ test_org.groups['users'].group_delete(usag)
110
+
111
+ expect(ChefFixie::CheckOrgAssociations.fix_association(test_org, adminuser)).to be true
112
+ expect(ChefFixie::CheckOrgAssociations.check_association(test_org, adminuser)).to be true
113
+ end
114
+
115
+ it "Fixes global admins missing read" do
116
+ # break it
117
+ adminuser.ace_delete(:read, test_org.global_admins)
118
+
119
+ expect(ChefFixie::CheckOrgAssociations.fix_association(test_org, adminuser)).to be true
120
+ expect(ChefFixie::CheckOrgAssociations.check_association(test_org, adminuser)).to be true
121
+ end
122
+
123
+ # TODO test zombie invite; need some way to create it.
124
+
125
+ end
126
+
127
+
128
+ # TODO Break the org and check it!
129
+ context "Global org check" do
130
+
131
+ it "Works on expected sane org" do
132
+ expect(ChefFixie::CheckOrgAssociations.check_associations("acme")).to be true
133
+ expect(ChefFixie::CheckOrgAssociations.check_associations(orgs["acme"])).to be true
134
+ end
135
+
136
+ end
137
+
138
+
139
+
140
+ end
@@ -0,0 +1,34 @@
1
+
2
+ require 'rspec'
3
+ require "spec_helper"
4
+ require 'fixie'
5
+ require 'fixie/config'
6
+
7
+ RSpec.describe Fixie::Sql::Groups, "Group access" do
8
+ let (:test_org_name) { "ponyville"}
9
+ let (:orgs) { Fixie::Sql::Orgs.new }
10
+ let (:users) { Fixie::Sql::Users.new }
11
+ let (:test_org) { orgs[test_org_name] }
12
+
13
+ # TODO this should use a freshly created object and purge it afterwords.
14
+ # But we need to write the create object feature still
15
+
16
+ context "Groups" do
17
+ let (:testgroup) { test_org.groups['admins'] }
18
+ let (:adminuser) { users['rainbowdash'] }
19
+ let (:notadminuser) { users['mary'] }
20
+
21
+ it "Members are part of the group" do
22
+ expect(testgroup.member?(adminuser)).to be true
23
+ end
24
+ it "Members are not part of the group" do
25
+ expect(testgroup.member?(notadminuser)).to be false
26
+ end
27
+
28
+
29
+ end
30
+
31
+
32
+
33
+
34
+ end
@@ -0,0 +1,34 @@
1
+ # -*- indent-tabs-mode: nil; fill-column: 110 -*-
2
+ require 'rspec'
3
+ require "spec_helper"
4
+ require 'chef_fixie'
5
+ require 'chef_fixie/config'
6
+
7
+ RSpec.describe ChefFixie::Sql::Groups, "Group access" do
8
+ let (:test_org_name) { "ponyville"}
9
+ let (:orgs) { ChefFixie::Sql::Orgs.new }
10
+ let (:users) { ChefFixie::Sql::Users.new }
11
+ let (:test_org) { orgs[test_org_name] }
12
+
13
+ # TODO this should use a freshly created object and purge it afterwords.
14
+ # But we need to write the create object feature still
15
+
16
+ context "Groups" do
17
+ let (:testgroup) { test_org.groups['admins'] }
18
+ let (:adminuser) { users['rainbowdash'] }
19
+ let (:notadminuser) { users['mary'] }
20
+
21
+ it "Members are part of the group" do
22
+ expect(testgroup.member?(adminuser)).to be true
23
+ end
24
+ it "Members are not part of the group" do
25
+ expect(testgroup.member?(notadminuser)).to be false
26
+ end
27
+
28
+
29
+ end
30
+
31
+
32
+
33
+
34
+ end
@@ -0,0 +1,26 @@
1
+
2
+ require 'rspec'
3
+ require "spec_helper"
4
+ require 'chef_fixie'
5
+ require 'chef_fixie/config'
6
+
7
+ RSpec.describe ChefFixie::Sql::Orgs, "Organizations access" do
8
+ let (:test_org_name) { "ponyville" }
9
+ let (:orgs) { ChefFixie::Sql::Orgs.new }
10
+ let (:test_org) { orgs[test_org_name]}
11
+
12
+ context "Basic functionality of org accessor" do
13
+
14
+ it "Org has a name and id" do
15
+ expect(test_org.name).to eq(test_org_name)
16
+ expect(test_org.id).not_to be_nil
17
+ end
18
+
19
+ it "Org has a global admins group" do
20
+ expect(test_org.global_admins.name).to eq(test_org_name + "_global_admins")
21
+ end
22
+
23
+ end
24
+
25
+
26
+ end