chef_fixie_shahid 0.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,63 @@
1
+ # -*- indent-tabs-mode: nil; fill-column: 110 -*-
2
+ #
3
+ # Copyright (c) 2015 Chef Software Inc.
4
+ # License :: Apache License, Version 2.0
5
+ #
6
+ # Licensed under the Apache License, Version 2.0 (the "License");
7
+ # you may not use this file except in compliance with the License.
8
+ # You may obtain a copy of the License at
9
+ #
10
+ # http://www.apache.org/licenses/LICENSE-2.0
11
+ #
12
+ # Unless required by applicable law or agreed to in writing, software
13
+ # distributed under the License is distributed on an "AS IS" BASIS,
14
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+ # See the License for the specific language governing permissions and
16
+ # limitations under the License.
17
+ #
18
+ # Author: Mark Anderson <mark@chef.io>
19
+ #
20
+
21
+ require_relative "config"
22
+ require_relative "authz_objects"
23
+ require_relative "authz_mapper"
24
+
25
+ module ChefFixie
26
+ module UtilityHelpers
27
+ def self.orgs
28
+ @orgs ||= ChefFixie::Sql::Orgs.new
29
+ end
30
+
31
+ def self.users
32
+ @users ||= ChefFixie::Sql::Users.new
33
+ end
34
+
35
+ def self.assocs
36
+ @assocs ||= ChefFixie::Sql::Associations.new
37
+ end
38
+
39
+ def self.invites
40
+ invites ||= ChefFixie::Sql::Invites.new
41
+ end
42
+
43
+ def self.make_user(user)
44
+ if user.is_a?(String)
45
+ users[user]
46
+ elsif user.is_a?(ChefFixie::Sql::User)
47
+ user
48
+ else
49
+ raise Exception "Expected a user, got a #{user.class}"
50
+ end
51
+ end
52
+
53
+ def self.make_org(org)
54
+ if org.is_a?(String)
55
+ orgs[org]
56
+ elsif org.is_a?(ChefFixie::Sql::Org)
57
+ org
58
+ else
59
+ raise Exception "Expected an org, got a #{org.class}"
60
+ end
61
+ end
62
+ end
63
+ end
@@ -0,0 +1,3 @@
1
+ module ChefFixie
2
+ VERSION = "0.5.2"
3
+ end
@@ -0,0 +1,81 @@
1
+
2
+ require "rspec"
3
+ require "spec_helper"
4
+ require "chef_fixie"
5
+ require "chef_fixie/config"
6
+
7
+ RSpec.describe ChefFixie::Sql::Orgs, "ACL access" do
8
+ let (:test_org_name) { "ponyville" }
9
+ let (:orgs) { ChefFixie::Sql::Orgs.new }
10
+ let (:users) { ChefFixie::Sql::Users.new }
11
+ let (:test_org) { orgs[test_org_name] }
12
+
13
+ # TODO this should use a freshly created object and purge it afterwords.
14
+ # But we need to write the create object feature still
15
+
16
+ context "Fetch acl for actor (client)" do
17
+ let (:testclient) { test_org.clients.all.first }
18
+ let (:testuser) { users["spitfire"] }
19
+ let (:pivotal) { users["pivotal"] }
20
+ let (:client_container) { test_org.containers["clients"] }
21
+
22
+ it "We can fetch the acl" do
23
+ acl = testclient.acl
24
+ expect(acl.keys).to include(* %w{create read update delete grant})
25
+ end
26
+
27
+ it "we can add a user to an ace" do
28
+ # This requires either a temp object or good cleanup
29
+ # acl = testclient.acl
30
+ # expect(acl["read"]["actors"].not_to include("wonderbolts")
31
+
32
+ testclient.ace_add(:read, testuser)
33
+
34
+ acl = testclient.acl
35
+ expect(acl["read"]["actors"]).to include([:global, testuser.name])
36
+ end
37
+
38
+ it "we can add then delete a user from an ace" do
39
+ testclient.ace_add(:read, testuser)
40
+ acl = testclient.acl
41
+ expect(acl["read"]["actors"]).to include([:global, testuser.name])
42
+
43
+ testclient.ace_delete(:read, testuser)
44
+
45
+ acl = testclient.acl
46
+ expect(acl["read"]["actors"]).not_to include([:global, testuser.name])
47
+ end
48
+
49
+ it "we can copy users from another acl" do
50
+ testclient.ace_delete(:all, pivotal)
51
+
52
+ testclient.acl_add_from_object(client_container)
53
+
54
+ acl = testclient.acl
55
+ %w{create read update delete grant}.each do |action|
56
+ expect(acl[action]["actors"]).to include([:global, pivotal.name])
57
+ end
58
+ end
59
+
60
+ end
61
+
62
+ context "ACE Membership" do
63
+
64
+ let (:admingroup) { test_org.groups["admins"] }
65
+ let (:testobject) { test_org.groups["admins"] }
66
+ let (:notadmingroup) { test_org.groups["clients"] }
67
+ let (:adminuser) { users["rainbowdash"] }
68
+ let (:notadminuser) { users["mary"] }
69
+ let (:pivotal) { users["pivotal"] }
70
+
71
+ it "Privileged users and groups are part of the read ACE" do
72
+ expect(testobject.ace_member?(:read, admingroup)).to be true
73
+ expect(testobject.ace_member?(:read, pivotal)).to be true
74
+ end
75
+ it "Unprivileged members are not part of read ACE" do
76
+ expect(testobject.member?(notadmingroup)).to be false
77
+ expect(testobject.member?(notadminuser)).to be false
78
+ end
79
+ end
80
+
81
+ end
@@ -0,0 +1,44 @@
1
+
2
+ require "rspec"
3
+ require "spec_helper"
4
+ require "chef_fixie"
5
+ require "chef_fixie/config"
6
+
7
+ RSpec.describe ChefFixie::Sql::Associations, "Associations tests" do
8
+ let (:test_org_name) { "ponyville" }
9
+ let (:orgs) { ChefFixie::Sql::Orgs.new }
10
+ let (:test_org) { orgs[test_org_name] }
11
+
12
+ let (:users) { ChefFixie::Sql::Users.new }
13
+ let (:assocs) { ChefFixie::Sql::Associations.new }
14
+
15
+ context "Basic functionality of association spec" do
16
+ let ("test_user_name") { "fluttershy" }
17
+ let ("test_user") { users[test_user_name] }
18
+ it "Can fetch by user id" do
19
+ assocs_by_user = assocs.by_user_id(test_user.id).all
20
+ expect(assocs_by_user).not_to be_nil
21
+ expect(assocs_by_user.count).to eq(1)
22
+ expect(assocs_by_user.first.user_id ).to eq(test_user.id)
23
+ expect(assocs_by_user.first.org_id ).to eq(test_org.id)
24
+ end
25
+ it "Can fetch by org id" do
26
+ assocs_by_org = assocs.by_org_id(test_org.id).all
27
+ expect(assocs_by_org).not_to be_nil
28
+ expect(assocs_by_org.count).to be > 1
29
+ expect(assocs_by_org.first.org_id).to eq(test_org.id)
30
+ end
31
+
32
+ it "Can fetch by both org/user id" do
33
+ assoc_item = assocs.by_org_id_user_id(test_org.id, test_user.id)
34
+ expect(assoc_item).not_to be_nil
35
+ expect(assoc_item.user_id).to eq(test_user.id)
36
+ expect(assoc_item.org_id).to eq(test_org.id)
37
+
38
+ # test user not in org
39
+ expect(assocs.by_org_id_user_id(test_org.id, users["mary"].id)).to be_nil
40
+ end
41
+
42
+ end
43
+
44
+ end
@@ -0,0 +1,137 @@
1
+ # -*- indent-tabs-mode: nil; fill-column: 110 -*-
2
+ require "rspec"
3
+ require "spec_helper"
4
+ require "chef_fixie"
5
+ require "chef_fixie/config"
6
+
7
+ RSpec.describe ChefFixie::CheckOrgAssociations, "Association checker" do
8
+ let (:test_org_name) { "ponyville" }
9
+ let (:orgs) { ChefFixie::Sql::Orgs.new }
10
+ let (:test_org) { orgs[test_org_name] }
11
+
12
+ let (:users) { ChefFixie::Sql::Users.new }
13
+ let (:adminuser) { users["rainbowdash"] }
14
+ let (:notorguser) { users["mary"] }
15
+
16
+ # TODO this should use a freshly created object and purge it afterwords.
17
+ # But we need to write the create object feature still
18
+
19
+ context "Individual user check" do
20
+ it "Works on expected sane org/user pair" do
21
+ expect(ChefFixie::CheckOrgAssociations.check_association(test_org, adminuser)).to be true
22
+ expect(ChefFixie::CheckOrgAssociations.check_association(test_org_name, adminuser.name)).to be true
23
+ end
24
+
25
+ end
26
+ context "Individual user check" do
27
+ before :each do
28
+ expect(ChefFixie::CheckOrgAssociations.check_association(test_org, adminuser)).to be true
29
+ end
30
+
31
+ after :each do
32
+ usag = test_org.groups[adminuser.id]
33
+
34
+ usag.group_add(adminuser)
35
+ test_org.groups["users"].group_add(usag)
36
+
37
+ adminuser.ace_add(:read, test_org.global_admins)
38
+
39
+ end
40
+
41
+ it "Detects user not associated" do
42
+ # break it
43
+ expect(ChefFixie::CheckOrgAssociations.check_association(test_org, notorguser)).to be :not_associated
44
+ end
45
+
46
+ # TODO: Write missing USAG test, but can't until we can restore the USAG or use disposable org
47
+
48
+ it "Detects user missing from usag" do
49
+ # break it
50
+ usag = test_org.groups[adminuser.id]
51
+ usag.group_delete(adminuser)
52
+
53
+ expect(ChefFixie::CheckOrgAssociations.check_association(test_org, adminuser)).to be :user_not_in_usag
54
+ end
55
+
56
+ it "Detects usag missing from users group" do
57
+ # break it
58
+ usag = test_org.groups[adminuser.id]
59
+ test_org.groups["users"].group_delete(usag)
60
+
61
+ expect(ChefFixie::CheckOrgAssociations.check_association(test_org, adminuser)).to be :usag_not_in_users
62
+ end
63
+
64
+ it "Detects global admins missing read" do
65
+ # break it
66
+ adminuser.ace_delete(:read, test_org.global_admins)
67
+
68
+ expect(ChefFixie::CheckOrgAssociations.check_association(test_org, adminuser)).to be :global_admins_lacks_read
69
+ end
70
+
71
+ # TODO test zombie invite; need some way to create it.
72
+
73
+ end
74
+
75
+ context "Individual user fixup" do
76
+ before :each do
77
+ expect(ChefFixie::CheckOrgAssociations.check_association(test_org, adminuser)).to be true
78
+ end
79
+
80
+ after :each do
81
+ usag = test_org.groups[adminuser.id]
82
+
83
+ usag.group_add(adminuser)
84
+ test_org.groups["users"].group_add(usag)
85
+
86
+ adminuser.ace_add(:read, test_org.global_admins)
87
+
88
+ end
89
+
90
+ it "Detects user not associated" do
91
+ # break it
92
+ expect(ChefFixie::CheckOrgAssociations.check_association(test_org, notorguser)).to be :not_associated
93
+ end
94
+
95
+ # TODO: Write missing USAG test, but can't until we can restore the USAG or use disposable org
96
+
97
+ it "Fixes user missing from usag" do
98
+ # break it
99
+ usag = test_org.groups[adminuser.id]
100
+ usag.group_delete(adminuser)
101
+
102
+ expect(ChefFixie::CheckOrgAssociations.fix_association(test_org, adminuser)).to be true
103
+ expect(ChefFixie::CheckOrgAssociations.check_association(test_org, adminuser)).to be true
104
+ end
105
+
106
+ it "Fixes usag missing from users group" do
107
+ # break it
108
+ usag = test_org.groups[adminuser.id]
109
+ test_org.groups["users"].group_delete(usag)
110
+
111
+ expect(ChefFixie::CheckOrgAssociations.fix_association(test_org, adminuser)).to be true
112
+ expect(ChefFixie::CheckOrgAssociations.check_association(test_org, adminuser)).to be true
113
+ end
114
+
115
+ it "Fixes global admins missing read" do
116
+ # break it
117
+ adminuser.ace_delete(:read, test_org.global_admins)
118
+
119
+ expect(ChefFixie::CheckOrgAssociations.fix_association(test_org, adminuser)).to be true
120
+ expect(ChefFixie::CheckOrgAssociations.check_association(test_org, adminuser)).to be true
121
+ end
122
+
123
+ # TODO test zombie invite; need some way to create it.
124
+
125
+ end
126
+
127
+ # TODO Break the org and check it!
128
+ context "Global org check" do
129
+
130
+ it "Works on expected sane org" do
131
+ expect(ChefFixie::CheckOrgAssociations.check_associations("acme")).to be true
132
+ expect(ChefFixie::CheckOrgAssociations.check_associations(orgs["acme"])).to be true
133
+ end
134
+
135
+ end
136
+
137
+ end
@@ -0,0 +1,30 @@
1
+ # -*- indent-tabs-mode: nil; fill-column: 110 -*-
2
+ require "rspec"
3
+ require "spec_helper"
4
+ require "chef_fixie"
5
+ require "chef_fixie/config"
6
+
7
+ RSpec.describe ChefFixie::Sql::Groups, "Group access" do
8
+ let (:test_org_name) { "ponyville" }
9
+ let (:orgs) { ChefFixie::Sql::Orgs.new }
10
+ let (:users) { ChefFixie::Sql::Users.new }
11
+ let (:test_org) { orgs[test_org_name] }
12
+
13
+ # TODO this should use a freshly created object and purge it afterwords.
14
+ # But we need to write the create object feature still
15
+
16
+ context "Groups" do
17
+ let (:testgroup) { test_org.groups["admins"] }
18
+ let (:adminuser) { users["rainbowdash"] }
19
+ let (:notadminuser) { users["mary"] }
20
+
21
+ it "Members are part of the group" do
22
+ expect(testgroup.member?(adminuser)).to be true
23
+ end
24
+ it "Members are not part of the group" do
25
+ expect(testgroup.member?(notadminuser)).to be false
26
+ end
27
+
28
+ end
29
+
30
+ end
@@ -0,0 +1,25 @@
1
+
2
+ require "rspec"
3
+ require "spec_helper"
4
+ require "chef_fixie"
5
+ require "chef_fixie/config"
6
+
7
+ RSpec.describe ChefFixie::Sql::Orgs, "Organizations access" do
8
+ let (:test_org_name) { "ponyville" }
9
+ let (:orgs) { ChefFixie::Sql::Orgs.new }
10
+ let (:test_org) { orgs[test_org_name] }
11
+
12
+ context "Basic functionality of org accessor" do
13
+
14
+ it "Org has a name and id" do
15
+ expect(test_org.name).to eq(test_org_name)
16
+ expect(test_org.id).not_to be_nil
17
+ end
18
+
19
+ it "Org has a global admins group" do
20
+ expect(test_org.global_admins.name).to eq(test_org_name + "_global_admins")
21
+ end
22
+
23
+ end
24
+
25
+ end
@@ -0,0 +1,50 @@
1
+
2
+ require "rspec"
3
+ require "spec_helper"
4
+ require "chef_fixie"
5
+ require "chef_fixie/config"
6
+
7
+ RSpec.describe ChefFixie::Sql::Orgs, "Organizations access" do
8
+ let (:test_org) { "ponyville" }
9
+
10
+ context "Basic access to orgs" do
11
+ let (:orgs) { ChefFixie::Sql::Orgs.new }
12
+ it "We find more than one org" do
13
+ expect(orgs.inner.count).to be > 0
14
+ end
15
+
16
+ it "We can list orgs" do
17
+ # array matcher requires a splat. (I didn't know this )
18
+ expect(orgs.list).to include( * %w{acme ponyville wonderbolts} )
19
+ end
20
+ it "We can list orgs with a limit" do
21
+ # array matcher requires a splat. (I didn't know this )
22
+ expect(orgs.list(1)).to eq(:too_many_results)
23
+ end
24
+
25
+ it "We can find an org" do
26
+ expect(orgs[test_org].name).to eq(test_org)
27
+ end
28
+
29
+ end
30
+
31
+ context "Search accessors work correctly" do
32
+ let (:orgs) { ChefFixie::Sql::Orgs.new }
33
+ let (:the_org) { orgs[test_org] }
34
+
35
+ it "We can find an org by name" do
36
+ expect(orgs.by_name(test_org).all.count).to eq(1)
37
+ expect(orgs.by_name(test_org).all.first.name).to eq(the_org.name)
38
+ end
39
+
40
+ # TODO: Automatically extract this from the filter by field
41
+ %w{name, id, full_name, authz_id}.each do |accessor|
42
+ it "We can access an org by #{accessor}" do
43
+ expect(orgs.by_name(test_org).all.count).to eq(1)
44
+ expect(orgs.by_name(test_org).all.first.name).to eq(the_org.name)
45
+ end
46
+ end
47
+
48
+ end
49
+
50
+ end
@@ -0,0 +1,40 @@
1
+ # This file was generated by the `rspec --init` command. Conventionally, all
2
+ # specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
3
+ # Require this file using `require "spec_helper"` to ensure that it is only
4
+ # loaded once.
5
+ #
6
+ # See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
7
+ require "chef_fixie/config"
8
+
9
+ def load_from_config_example
10
+ # load from config file
11
+ config_file = "fixie.conf.example"
12
+ Kernel.load(config_file)
13
+ end
14
+
15
+ def load_from_opscode
16
+ ChefFixie::Config.instance.load_from_pc
17
+ end
18
+
19
+ RSpec.configure do |config|
20
+ config.run_all_when_everything_filtered = true
21
+ config.filter_run :focus
22
+
23
+ # Run specs in random order to surface order dependencies. If you find an
24
+ # order dependency and want to debug it, you can fix the order by providing
25
+ # the seed, which is printed after each run.
26
+ # --seed 1234
27
+ config.order = "random"
28
+
29
+ # configure specs
30
+
31
+ load_from_opscode
32
+ ChefFixie::Config.instance.merge_opts({})
33
+ puts ChefFixie::Config.instance.to_text
34
+
35
+ # Horrible shameful hack TODO FIXME
36
+ # We can't include a lot of the SQL code until we configure things, because
37
+ # we inherit from Model e.g.
38
+ # class Users < Sequel::Model(:users)
39
+ require "chef_fixie"
40
+ end