chef_fixie 0.3.0 → 1.0.2

data/lib/chef_fixie/sql.rb

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2014-2015 Chef Software Inc. 
+# Copyright (c) 2014-2015 Chef Software Inc.
 # License :: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -16,20 +16,20 @@
 #
 # Author: Mark Anderson <mark@chef.io>
 
-require 'ffi_yajl'
-require 'uuidtools'
-require 'sequel'
+require "ffi_yajl"
+require "uuidtools"
+require "sequel"
 
-require_relative 'config'
+require_relative "config"
 
 Sequel.default_timezone = :utc
 
 module ChefFixie
   module Sql
-    
+
     class InvalidConfig < StandardError
     end
-    
+
     # A connection string passed to Sequel.connect()
     #
     # Examples:
@@ -46,25 +46,25 @@ module ChefFixie
 
     # Returns the connection string or raises an error if you didn't set one.
     def self.connection_string
-      @connection_string ||= ChefFixie.configure {|x| x.sql_database }
+      @connection_string ||= ChefFixie.configure { |x| x.sql_database }
     end
-    
+
     # Returns a Sequel::Data baseobject, which wraps access to the database.
     def self.default_connection
       @database ||= Sequel.connect(connection_string, :max_connections => 2)
       #      @database.loggers << Logger.new($stdout)
     end
-    
+
     # Generate a new UUID. Currently uses the v1 UUID scheme.
     def new_uuid
       UUIDTools::UUID.timestamp_create.hexdigest
     end
-    
+
     # Parse the portion of the object that's stored as a blob o' JSON
     def from_json(serialized_data)
       FFI_Yajl::Parser.parse(serialized_data, :symbolize_keys => true)
     end
-    
+
     # Encode the portion of the object that's stored as a blob o' JSON
     def as_json(data)
       FFI_Yajl::Encoder.encode(data)

data/lib/chef_fixie/sql_objects.rb

@@ -17,12 +17,12 @@
 # Author: Mark Anderson <mark@chef.io>
 #
 
-require 'pp'
-require 'sequel'
+require "pp"
+require "sequel"
 
-require_relative 'config'
-require_relative 'authz_objects'
-require_relative 'authz_mapper'
+require_relative "config"
+require_relative "authz_objects"
+require_relative "authz_mapper"
 
 Sequel.extension :inflector
 
@@ -51,25 +51,28 @@ module ChefFixie
           else
             class_or_name.class.to_s
           end
-        name.split('::')[-1]
+        name.split("::")[-1]
       end
 
       # The class for the table, e.g. Orgs
       def self.table_class(name)
-        name = self.to_name(name)
+        name = to_name(name)
         (base + name.to_s.pluralize.camelize).constantize
       end
+
       # The class for one instance of the object, e.g. Org
       def self.object_class(name)
-        name = self.to_name(name)
+        name = to_name(name)
         (base + name.to_s.singularize.camelize).constantize
       end
+
       def self.singular(name)
-        name = self.to_name(name)
+        name = to_name(name)
         name.to_s.singularize
       end
+
       def self.plural(name)
-        name = self.to_name(name)
+        name = to_name(name)
         name.to_s.pluralize
       end
     end
@@ -79,9 +82,11 @@ module ChefFixie
       def initialize(data)
         @data = data
       end
+
       def data
         @data
       end
+
       def table
         Relationships.table_class(self).new
       end
@@ -90,26 +95,27 @@ module ChefFixie
       def self.ro_access(*args)
         args.each do |field|
           fundef = "def #{field}; @data.#{field}; end"
-          self.class_eval(fundef)
+          class_eval(fundef)
         end
       end
       # TODO figure out model for write access
 
       def self.name_field(field)
         fundef = "def name; @data.#{field}; end"
-        self.class_eval(fundef)
+        class_eval(fundef)
       end
 
       def self.std_timestamp
         [:created_at, :updated_at].each do |i|
-          self.ro_access(i)
+          ro_access(i)
         end
       end
+
       # Pretty much any object with an authz id has these fields
       def self.std_authz
-        self.std_timestamp
+        std_timestamp
         [:authz_id, :last_updated_by].each do |i|
-          self.ro_access(i)
+          ro_access(i)
         end
       end
 
@@ -117,7 +123,7 @@ module ChefFixie
         rows = table.by_id(id)
         raise "id #{id} matches more than one object" if rows.all.count != 1
         rows.inner.delete
-        if self.respond_to?(:authz_delete)
+        if respond_to?(:authz_delete)
           authz_delete
         end
       end
@@ -131,13 +137,14 @@ module ChefFixie
           funname = Relationships.plural(object)
           # defer evaluation of mapper to make sure we have a chance for everyone to initialize
           fundef = "def #{funname}; Relationships.table_class(:#{object}).new.by_org_id(org_id); end"
-          self.class_eval(fundef)
+          class_eval(fundef)
         end
       end
 
       def initialize(data)
         super(data)
       end
+
       def org_id
         data[:id]
       end
@@ -145,16 +152,20 @@ module ChefFixie
       def global_admins
         name = self.name
         global_admins_name = "#{name}_global_admins"
-        ChefFixie::Sql::Groups.new["#{name}_global_admins"]
+        read_access_name = "#{name}_read_access_group"
+        ChefFixie::Sql::Groups.new[global_admins_name] || \
+          ChefFixie::Sql::Groups.new[read_access_name]
       end
 
+      alias read_access_group global_admins
+
       # Iterators for objects in authz; using containers to enumerate things
       # It might be better to metaprogram this up instead,
       #
       # TODO Write some tests to validate that this stuff
       # works, since it depends on a lot of name magic...
 
-      NAME_FIXUP = {"data" => "data_bags", "sandboxes" => nil}
+      NAME_FIXUP = { "data" => "data_bags", "sandboxes" => nil }
       def objects_by_container_type(container)
         name = NAME_FIXUP.has_key?(container) ? NAME_FIXUP[container] : container
         return [] if name.nil?
@@ -172,7 +183,7 @@ module ChefFixie
             yield objects
           end
         end
-        return
+        nil
       end
 
       def each_authz_object
@@ -181,7 +192,7 @@ module ChefFixie
             yield object
           end
         end
-        return
+        nil
       end
 
       scoped_type :container, :group, :client,
@@ -253,7 +264,6 @@ module ChefFixie
     # org_migration_state_id_seq policy_revisions
     # policy_revisions_policy_groups_association sandboxed_checksums
 
-
     class CookbookArtifact < SqlObject
       include AuthzObjectMixin
       def initialize(data)
@@ -338,31 +348,33 @@ module ChefFixie
       def get_table
         :unknown_table
       end
+
       def mk_element(x)
         x
       end
 
       def initialize(tablespec = nil)
         ChefFixie::Sql.default_connection
-        @inner = tablespec || Sequel::Model(self.get_table)
+        @inner = tablespec || Sequel::Model(get_table)
       end
+
       def inner
         # Make sure we have init
         @inner
       end
 
       def filter_core(field, exp)
-        self.class.new(inner.filter(field=>exp))
+        self.class.new(inner.filter(field => exp))
       end
 
-      def all(max_count=:default)
+      def all(max_count = :default)
         if max_count == :default
           max_count = ChefFixie::Sql::SqlTable.max_count_default
         end
         if max_count != :all
-          return :too_many_results if (inner.count > max_count)
+          return :too_many_results if inner.count > max_count
         end
-        elements = inner.all.map {|org| mk_element(org) }
+        elements = inner.all.map { |org| mk_element(org) }
       end
 
       #
@@ -371,7 +383,7 @@ module ChefFixie
       #     https://stackoverflow.com/questions/9658724/ruby-metaprogramming-class-eval/9658775#9658775
       def self.primary(arg)
         name = :"by_#{arg}"
-        self.class_eval("def [](arg); #{name}(arg).all(1).first; end")
+        class_eval("def [](arg); #{name}(arg).all(1).first; end")
 
         listfun = <<EOLF
 def list(max_count=:default)
@@ -383,26 +395,27 @@ def list(max_count=:default)
   end
 end
 EOLF
-        self.class_eval(listfun)
+        class_eval(listfun)
       end
 
       def self.filter_by(*args)
         args.each do |field|
           name = "by_#{field}"
           fundef = "def #{name}(exp); filter_core(:#{field},exp); end"
-          self.class_eval(fundef)
+          class_eval(fundef)
         end
       end
 
       def self.table(name)
         fundef = "def get_table; :#{name}; end"
-        self.class_eval(fundef)
+        class_eval(fundef)
       end
+
       # doesn't work yet
       # element Org in class Orgs will fail because it can't find Org (undefined)
       def self.element(name)
         fundef = "ElementType = name; def mk_element(x); #{name}.new(x); end"
-        self.class_eval(fundef)
+        class_eval(fundef)
       end
     end
 
@@ -414,7 +427,7 @@ EOLF
       primary :name
       filter_by :name, :id, :full_name, :authz_id
 
-      GlobalOrg = "0"*32
+      GlobalOrg = "0" * 32
 
       def self.org_guid_to_name(guid)
         "global" if guid == GlobalOrg
@@ -435,7 +448,7 @@ EOLF
 
       def by_org_id_user_id(org_id, user_id)
         # db table constraint guarantees that this is unique
-        inner.filter(:org_id=>org_id, :user_id=>user_id).all.first
+        inner.filter(:org_id => org_id, :user_id => user_id).all.first
       end
 
     end
@@ -445,7 +458,7 @@ EOLF
 
       def by_org_id_user_id(org_id, user_id)
         # db table constraint guarantees that this is unique
-        inner.filter(:org_id=>org_id, :user_id=>user_id).all.first
+        inner.filter(:org_id => org_id, :user_id => user_id).all.first
       end
     end
     class Users < SqlTable
@@ -547,7 +560,7 @@ EOLF
       filter_by :name, :id, :org_id, :authz_id
     end
 
-    class Roles  < SqlTable
+    class Roles < SqlTable
       table :roles
       element Sql::Role
       register_authz :role, :object
@@ -556,7 +569,5 @@ EOLF
       filter_by :name, :id, :org_id, :authz_id, :last_updated_by
     end
 
-
-
   end
 end

data/lib/chef_fixie/utility_helpers.rb

@@ -18,42 +18,46 @@
 # Author: Mark Anderson <mark@chef.io>
 #
 
-require_relative 'config'
-require_relative 'authz_objects'
-require_relative 'authz_mapper'
+require_relative "config"
+require_relative "authz_objects"
+require_relative "authz_mapper"
 
 module ChefFixie
   module UtilityHelpers
     def self.orgs
       @orgs ||= ChefFixie::Sql::Orgs.new
     end
+
     def self.users
       @users ||= ChefFixie::Sql::Users.new
     end
+
     def self.assocs
       @assocs ||= ChefFixie::Sql::Associations.new
     end
+
     def self.invites
       invites ||= ChefFixie::Sql::Invites.new
     end
 
     def self.make_user(user)
       if user.is_a?(String)
-        return users[user]
+        users[user]
       elsif user.is_a?(ChefFixie::Sql::User)
-        return user
+        user
       else
         raise Exception "Expected a user, got a #{user.class}"
       end
-    end      
+    end
+
     def self.make_org(org)
       if org.is_a?(String)
-        return orgs[org]
+        orgs[org]
       elsif org.is_a?(ChefFixie::Sql::Org)
-        return org
+        org
       else
         raise Exception "Expected an org, got a #{org.class}"
       end
-    end      
+    end
   end
 end

data/lib/chef_fixie/version.rb

@@ -1,3 +1,3 @@
 module ChefFixie
-  VERSION = "0.3.0"
+  VERSION = "1.0.2"
 end

data/spec/chef_fixie/acl_spec.rb

@@ -1,46 +1,45 @@
 
-require 'rspec'
+require "rspec"
 require "spec_helper"
-require 'chef_fixie'
-require 'chef_fixie/config'
+require "chef_fixie"
+require "chef_fixie/config"
 
 RSpec.describe ChefFixie::Sql::Orgs, "ACL access" do
-  let (:test_org_name) { "ponyville"}
+  let (:test_org_name) { "ponyville" }
   let (:orgs) { ChefFixie::Sql::Orgs.new }
   let (:users) { ChefFixie::Sql::Users.new }
   let (:test_org) { orgs[test_org_name] }
 
   # TODO this should use a freshly created object and purge it afterwords.
   # But we need to write the create object feature still
-  
+
   context "Fetch acl for actor (client)" do
     let (:testclient) { test_org.clients.all.first }
-    let (:testuser) { users['spitfire'] }
-    let (:pivotal) { users['pivotal'] }
+    let (:testuser) { users["spitfire"] }
+    let (:pivotal) { users["pivotal"] }
     let (:client_container) { test_org.containers["clients"] }
-    
+
     it "We can fetch the acl" do
       acl = testclient.acl
-      expect(acl.keys).to include(* %w(create read update delete grant))
+      expect(acl.keys).to include(* %w{create read update delete grant})
     end
 
     it "we can add a user to an ace" do
-# This requires either a temp object or good cleanup      
+# This requires either a temp object or good cleanup
 #      acl = testclient.acl
 #      expect(acl["read"]["actors"].not_to include("wonderbolts")
-      
+
       testclient.ace_add(:read, testuser)
 
       acl = testclient.acl
       expect(acl["read"]["actors"]).to include([:global, testuser.name])
     end
-    
+
     it "we can add then delete a user from an ace" do
       testclient.ace_add(:read, testuser)
       acl = testclient.acl
       expect(acl["read"]["actors"]).to include([:global, testuser.name])
 
-      
       testclient.ace_delete(:read, testuser)
 
       acl = testclient.acl
@@ -49,26 +48,26 @@ RSpec.describe ChefFixie::Sql::Orgs, "ACL access" do
 
     it "we can copy users from another acl" do
       testclient.ace_delete(:all, pivotal)
-            
+
       testclient.acl_add_from_object(client_container)
 
       acl = testclient.acl
-      %w(create read update delete grant).each do |action|
+      %w{create read update delete grant}.each do |action|
         expect(acl[action]["actors"]).to include([:global, pivotal.name])
       end
     end
-     
+
   end
 
   context "ACE Membership" do
-    
-    let (:admingroup) { test_org.groups['admins'] }
-    let (:testobject) { test_org.groups['admins'] }
-    let (:notadmingroup) { test_org.groups['clients'] }
-    let (:adminuser) { users['rainbowdash'] }
-    let (:notadminuser) { users['mary'] }
-    let (:pivotal) { users['pivotal'] }
-    
+
+    let (:admingroup) { test_org.groups["admins"] }
+    let (:testobject) { test_org.groups["admins"] }
+    let (:notadmingroup) { test_org.groups["clients"] }
+    let (:adminuser) { users["rainbowdash"] }
+    let (:notadminuser) { users["mary"] }
+    let (:pivotal) { users["pivotal"] }
+
     it "Privileged users and groups are part of the read ACE" do
       expect(testobject.ace_member?(:read, admingroup)).to be true
       expect(testobject.ace_member?(:read, pivotal)).to be true
@@ -79,5 +78,4 @@ RSpec.describe ChefFixie::Sql::Orgs, "ACL access" do
     end
   end
 
-
 end