cheffish 0.7.1 → 0.8

data/spec/integration/chef_organization_spec.rb

@@ -0,0 +1,244 @@
+require 'support/spec_support'
+require 'chef/resource/chef_organization'
+require 'chef/provider/chef_organization'
+
+describe Chef::Resource::ChefOrganization do
+  extend SpecSupport
+
+  when_the_chef_server 'is in multi-org mode', :osc_compat => false, :single_org => false do
+    context 'and chef_server_url is pointed at the top level' do
+      user 'u', {}
+      user 'u2', {}
+
+      it 'chef_organization "x" creates the organization' do
+        run_recipe do
+          chef_organization 'x'
+        end
+        expect(chef_run).to have_updated('chef_organization[x]', :create)
+        expect(get('/organizations/x')['full_name']).to eq('x')
+      end
+    end
+
+    context 'and chef_server_url is pointed at /organizations/foo' do
+      organization 'foo'
+
+      before :each do
+        Chef::Config.chef_server_url = URI.join(Chef::Config.chef_server_url, '/organizations/foo').to_s
+      end
+
+      context 'and is empty' do
+        user 'u', {}
+        user 'u2', {}
+
+        it 'chef_organization "x" creates the organization' do
+          run_recipe do
+            chef_organization 'x'
+          end
+          expect(chef_run).to have_updated('chef_organization[x]', :create)
+          expect(get('/organizations/x')['full_name']).to eq('x')
+        end
+
+        it 'chef_organization "x" with full_name creates the organization' do
+          run_recipe do
+            chef_organization 'x' do
+              full_name 'Hi'
+            end
+          end
+          expect(chef_run).to have_updated('chef_organization[x]', :create)
+          expect(get('/organizations/x')['full_name']).to eq('Hi')
+        end
+
+        it 'chef_organization "x" and inviting users creates the invites' do
+          run_recipe do
+            chef_organization 'x' do
+              invites 'u', 'u2'
+            end
+          end
+          expect(chef_run).to have_updated('chef_organization[x]', :create)
+          expect(get('/organizations/x/association_requests').map { |u| u['username'] }).to eq(%w(u u2))
+        end
+
+        it 'chef_organization "x" adds members' do
+          run_recipe do
+            chef_organization 'x' do
+              members 'u', 'u2'
+            end
+          end
+          expect(chef_run).to have_updated('chef_organization[x]', :create)
+          expect(get('/organizations/x/users').map { |u| u['user']['username'] }).to eq(%w(u u2))
+        end
+      end
+
+      context 'and already has an organization named x' do
+        user 'u', {}
+        user 'u2', {}
+        user 'u3', {}
+        user 'member', {}
+        user 'member2', {}
+        user 'invited', {}
+        user 'invited2', {}
+        organization 'x', { 'full_name' => 'Lo' } do
+          org_member 'member', 'member2'
+          org_invite 'invited', 'invited2'
+        end
+
+        it 'chef_organization "x" changes nothing' do
+          run_recipe do
+            chef_organization 'x'
+          end
+          expect(chef_run).not_to have_updated('chef_organization[x]', :create)
+          expect(get('/organizations/x')['full_name']).to eq('Lo')
+        end
+
+        it 'chef_organization "x" with "complete true" reverts the full_name' do
+          run_recipe do
+            chef_organization 'x' do
+              complete true
+            end
+          end
+          expect(chef_run).to have_updated('chef_organization[x]', :create)
+          expect(get('/organizations/x')['full_name']).to eq('x')
+        end
+
+        it 'chef_organization "x" with new full_name updates the organization' do
+          run_recipe do
+            chef_organization 'x' do
+              full_name 'Hi'
+            end
+          end
+          expect(chef_run).to have_updated('chef_organization[x]', :create)
+          expect(get('/organizations/x')['full_name']).to eq('Hi')
+        end
+
+        context 'invites and membership tests' do
+          it 'chef_organization "x" and inviting users creates the invites' do
+            run_recipe do
+              chef_organization 'x' do
+                invites 'u', 'u2'
+              end
+            end
+            expect(chef_run).to have_updated('chef_organization[x]', :create)
+            expect(get('/organizations/x/association_requests').map { |u| u['username'] }).to eq(%w(invited invited2 u u2))
+          end
+
+          it 'chef_organization "x" adds members' do
+            run_recipe do
+              chef_organization 'x' do
+                members 'u', 'u2'
+              end
+            end
+            expect(chef_run).to have_updated('chef_organization[x]', :create)
+            expect(get('/organizations/x/users').map { |u| u['user']['username'] }).to eq(%w(member member2 u u2))
+          end
+
+          it 'chef_organization "x" does nothing when inviting already-invited users and members' do
+            run_recipe do
+              chef_organization 'x' do
+                invites 'invited', 'member'
+              end
+            end
+            expect(chef_run).not_to have_updated('chef_organization[x]', :create)
+            expect(get('/organizations/x/association_requests').map { |u| u['username'] }).to eq(%w(invited invited2))
+            expect(get('/organizations/x/users').map { |u| u['user']['username'] }).to eq(%w(member member2))
+          end
+
+          it 'chef_organization "x" does nothing when adding members who are already members' do
+            run_recipe do
+              chef_organization 'x' do
+                members 'member'
+              end
+            end
+            expect(chef_run).not_to have_updated('chef_organization[x]', :create)
+            expect(get('/organizations/x/association_requests').map { |u| u['username'] }).to eq(%w(invited invited2))
+            expect(get('/organizations/x/users').map { |u| u['user']['username'] }).to eq(%w(member member2))
+          end
+
+          it 'chef_organization "x" upgrades invites to members when asked' do
+            run_recipe do
+              chef_organization 'x' do
+                members 'invited'
+              end
+            end
+            expect(chef_run).to have_updated('chef_organization[x]', :create)
+            expect(get('/organizations/x/users').map { |u| u['user']['username'] }).to eq(%w(invited member member2))
+            expect(get('/organizations/x/association_requests').map { |u| u['username'] }).to eq(%w(invited2))
+          end
+
+          it 'chef_organization "x" removes members and invites when asked' do
+            run_recipe do
+              chef_organization 'x' do
+                remove_members 'invited', 'member'
+              end
+            end
+            expect(chef_run).to have_updated('chef_organization[x]', :create)
+            expect(get('/organizations/x/association_requests').map { |u| u['username'] }).to eq(%w(invited2))
+            expect(get('/organizations/x/users').map { |u| u['user']['username'] }).to eq(%w(member2))
+          end
+
+          it 'chef_organization "x" does nothing when asked to remove non-members' do
+            run_recipe do
+              chef_organization 'x' do
+                remove_members 'u', 'u2'
+              end
+            end
+            expect(chef_run).not_to have_updated('chef_organization[x]', :create)
+            expect(get('/organizations/x/association_requests').map { |u| u['username'] }).to eq(%w(invited invited2))
+            expect(get('/organizations/x/users').map { |u| u['user']['username'] }).to eq(%w(member member2))
+          end
+
+          it 'chef_organization "x" with "complete true" reverts the full_name but does not remove invites or members' do
+            run_recipe do
+              chef_organization 'x' do
+                complete true
+              end
+            end
+            expect(chef_run).to have_updated('chef_organization[x]', :create)
+            expect(get('/organizations/x')['full_name']).to eq('x')
+            expect(get('/organizations/x/association_requests').map { |u| u['username'] }).to eq(%w(invited invited2))
+            expect(get('/organizations/x/users').map { |u| u['user']['username'] }).to eq(%w(member member2))
+          end
+
+          it 'chef_organization "x" with members [] and "complete true" removes invites and members' do
+            run_recipe do
+              chef_organization 'x' do
+                members []
+                complete true
+              end
+            end
+            expect(chef_run).to have_updated('chef_organization[x]', :create)
+            expect(get('/organizations/x')['full_name']).to eq('x')
+            expect(get('/organizations/x/association_requests').map { |u| u['username'] }).to eq([])
+            expect(get('/organizations/x/users').map { |u| u['user']['username'] }).to eq([])
+          end
+
+          it 'chef_organization "x" with members [] and "complete true" removes invites but not members' do
+            run_recipe do
+              chef_organization 'x' do
+                invites []
+                complete true
+              end
+            end
+            expect(chef_run).to have_updated('chef_organization[x]', :create)
+            expect(get('/organizations/x')['full_name']).to eq('x')
+            expect(get('/organizations/x/association_requests').map { |u| u['username'] }).to eq([])
+            expect(get('/organizations/x/users').map { |u| u['user']['username'] }).to eq(%w(member member2))
+          end
+
+          it 'chef_organization "x" with invites, members and "complete true" removes all non-specified invites and members' do
+            run_recipe do
+              chef_organization 'x' do
+                invites 'invited', 'u'
+                members 'member', 'u2'
+                complete true
+              end
+            end
+            expect(chef_run).to have_updated('chef_organization[x]', :create)
+            expect(get('/organizations/x')['full_name']).to eq('x')
+            expect(get('/organizations/x/association_requests').map { |u| u['username'] }).to eq(%w(invited u))
+            expect(get('/organizations/x/users').map { |u| u['user']['username'] }).to eq(%w(member u2))
+          end
+        end
+      end
+    end
+  end
+end

data/spec/integration/chef_user_spec.rb

@@ -8,12 +8,44 @@ repo_path = Dir.mktmpdir('chef_repo')
 describe Chef::Resource::ChefUser do
   extend SpecSupport
 
+  with_recipe do
+    private_key "#{repo_path}/blah.pem"
+  end
+
   when_the_chef_server 'is empty' do
-    context 'and we have a private key' do
-      with_recipe do
-        private_key "#{repo_path}/blah.pem"
+    context 'and we run a recipe that creates user "blah"'do
+      with_converge do
+        chef_user 'blah' do
+          source_key_path "#{repo_path}/blah.pem"
+        end
       end
 
+      it 'the user gets created' do
+        expect(chef_run).to have_updated 'chef_user[blah]', :create
+        user = get('/users/blah')
+        expect(user['name']).to eq('blah')
+        key, format = Cheffish::KeyFormatter.decode(user['public_key'])
+        expect(key).to be_public_key_for("#{repo_path}/blah.pem")
+      end
+    end
+
+    context 'and we run a recipe that creates user "blah" with output_key_path' do
+      with_converge do
+        chef_user 'blah' do
+          source_key_path "#{repo_path}/blah.pem"
+          output_key_path "#{repo_path}/blah.pub"
+        end
+      end
+
+      it 'the output public key gets created' do
+        expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
+        expect("#{repo_path}/blah.pub").to be_public_key_for("#{repo_path}/blah.pem")
+      end
+    end
+  end
+
+  when_the_chef_server 'is multitenant', :osc_compat => false, :single_org => false do
+    context 'and chef_server_url is pointed at the top level' do
       context 'and we run a recipe that creates user "blah"'do
         with_converge do
           chef_user 'blah' do
@@ -29,18 +61,28 @@ describe Chef::Resource::ChefUser do
           expect(key).to be_public_key_for("#{repo_path}/blah.pem")
         end
       end
+    end
+
+    context 'and chef_server_url is pointed at /organizations/foo' do
+      organization 'foo'
+
+      before :each do
+        Chef::Config.chef_server_url = URI.join(Chef::Config.chef_server_url, '/organizations/foo').to_s
+      end
 
-      context 'and we run a recipe that creates client "blah" with output_key_path' do
+      context 'and we run a recipe that creates user "blah"'do
         with_converge do
-          chef_client 'blah' do
+          chef_user 'blah' do
             source_key_path "#{repo_path}/blah.pem"
-            output_key_path "#{repo_path}/blah.pub"
           end
         end
 
-        it 'the output public key gets created' do
-          expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
-          expect("#{repo_path}/blah.pub").to be_public_key_for("#{repo_path}/blah.pem")
+        it 'the user gets created' do
+          expect(chef_run).to have_updated 'chef_user[blah]', :create
+          user = get('/users/blah')
+          expect(user['name']).to eq('blah')
+          key, format = Cheffish::KeyFormatter.decode(user['public_key'])
+          expect(key).to be_public_key_for("#{repo_path}/blah.pem")
         end
       end
     end

data/spec/support/repository_support.rb

@@ -0,0 +1,103 @@
+module RepositorySupport
+  def when_the_repository(desc, *tags, &block)
+    context("when the chef repo #{desc}", *tags) do
+      include_context "with a chef repo"
+      extend WhenTheRepositoryClassMethods
+      module_eval(&block)
+    end
+  end
+
+  RSpec.shared_context "with a chef repo" do
+    before :each do
+      raise "Can only create one directory per test" if @repository_dir
+      @repository_dir = Dir.mktmpdir('chef_repo')
+      Chef::Config.chef_repo_path = @repository_dir
+      %w(client cookbook data_bag environment node role user).each do |object_name|
+        Chef::Config.delete("#{object_name}_path".to_sym)
+      end
+    end
+
+    after :each do
+      if @repository_dir
+        begin
+          %w(client cookbook data_bag environment node role user).each do |object_name|
+            Chef::Config.delete("#{object_name}_path".to_sym)
+          end
+          Chef::Config.delete(:chef_repo_path)
+          FileUtils.remove_entry_secure(@repository_dir)
+        ensure
+          @repository_dir = nil
+        end
+      end
+      Dir.chdir(@old_cwd) if @old_cwd
+    end
+
+    def directory(relative_path, &block)
+      old_parent_path = @parent_path
+      @parent_path = path_to(relative_path)
+      FileUtils.mkdir_p(@parent_path)
+      instance_eval(&block) if block
+      @parent_path = old_parent_path
+    end
+
+    def file(relative_path, contents)
+      filename = path_to(relative_path)
+      dir = File.dirname(filename)
+      FileUtils.mkdir_p(dir) unless dir == '.'
+      File.open(filename, 'w') do |file|
+        raw = case contents
+              when Hash
+                JSON.pretty_generate(contents)
+              when Array
+                contents.join("\n")
+              else
+                contents
+              end
+        file.write(raw)
+      end
+    end
+
+    def symlink(relative_path, relative_dest)
+      filename = path_to(relative_path)
+      dir = File.dirname(filename)
+      FileUtils.mkdir_p(dir) unless dir == '.'
+      dest_filename = path_to(relative_dest)
+      File.symlink(dest_filename, filename)
+    end
+
+    def path_to(relative_path)
+      File.expand_path(relative_path, (@parent_path || @repository_dir))
+    end
+
+    def cwd(relative_path)
+      @old_cwd = Dir.pwd
+      Dir.chdir(path_to(relative_path))
+    end
+
+    module WhenTheRepositoryClassMethods
+      def directory(*args, &block)
+        before :each do
+          directory(*args, &block)
+        end
+      end
+
+      def file(*args, &block)
+        before :each do
+          file(*args, &block)
+        end
+      end
+
+      def symlink(*args, &block)
+        before :each do
+          symlink(*args, &block)
+        end
+      end
+
+      def path_to(*args, &block)
+        before :each do
+          file(*args, &block)
+        end
+      end
+    end
+  end
+end

data/spec/support/spec_support.rb

@@ -2,14 +2,26 @@ require 'chef_zero/rspec'
 require 'chef/server_api'
 require 'cheffish'
 require 'cheffish/basic_chef_client'
+require 'chef/provider/chef_acl'
+require 'uri'
+require 'support/repository_support'
 
 module SpecSupport
   include ChefZero::RSpec
 
   def self.extended(klass)
     klass.class_eval do
-      def get(*args)
-        Chef::ServerAPI.new.get(*args)
+      extend RepositorySupport
+
+      def rest
+        Chef::ServerAPI.new
+      end
+
+      def get(path, *args)
+        if path[0] == '/'
+          path = URI.join(rest.url, path)
+        end
+        rest.get(path, *args)
       end
 
       def chef_run
@@ -111,6 +123,47 @@ RSpec::Matchers.define :have_updated do |resource_name, *expected_actions|
   end
 end
 
+RSpec::Matchers.define :update_acls do |acl_paths, expected_acls|
+
+  errors = []
+
+  match do |block|
+    orig_json = {}
+    Array(acl_paths).each do |acl_path|
+      orig_json[acl_path] = get(acl_path)
+    end
+
+    block.call
+
+    orig_json.each_pair do |acl_path, orig|
+      changed = get(acl_path)
+      expected_acls.each do |permission, hash|
+        hash.each do |type, actors|
+          actors.each do |actor|
+            if actor[0] == '-'
+              actor = actor[1..-1]
+              errors << "#{acl_path} expected to remove #{type} #{actor} from #{permission} permissions" if changed[permission][type].include?(actor)
+              orig[permission][type].delete(actor)
+            else
+              errors << "#{acl_path} expected to add #{type} #{actor} to #{permission} permissions" if !changed[permission][type].include?(actor)
+              changed[permission][type].delete(actor)
+            end
+          end
+        end
+      end
+      # After checking everything, see if the remaining acl is the same as before
+      errors << "#{acl_path} updated more than expected!\nActual:\n#{changed}\nExpected:\n#{orig}" if changed != orig
+    end
+    errors.size == 0
+  end
+
+  failure_message do |block|
+    errors.join("\n")
+  end
+
+  supports_block_expectations
+end
+
 RSpec.configure do |config|
   config.filter_run :focus => true
   config.run_all_when_everything_filtered = true

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cheffish
 version: !ruby/object:Gem::Version
-  version: 0.7.1
+  version: '0.8'
 platform: ruby
 authors:
 - John Keiser
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-08-19 00:00:00.000000000 Z
+date: 2014-09-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '11.8'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '11.8'
 - !ruby/object:Gem::Dependency
   name: chef-zero
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '2.2'
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '2.2'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -79,10 +79,14 @@ files:
 - Rakefile
 - lib/chef/provider/chef_acl.rb
 - lib/chef/provider/chef_client.rb
+- lib/chef/provider/chef_container.rb
 - lib/chef/provider/chef_data_bag.rb
 - lib/chef/provider/chef_data_bag_item.rb
 - lib/chef/provider/chef_environment.rb
+- lib/chef/provider/chef_group.rb
+- lib/chef/provider/chef_mirror.rb
 - lib/chef/provider/chef_node.rb
+- lib/chef/provider/chef_organization.rb
 - lib/chef/provider/chef_resolved_cookbooks.rb
 - lib/chef/provider/chef_role.rb
 - lib/chef/provider/chef_user.rb
@@ -90,14 +94,17 @@ files:
 - lib/chef/provider/public_key.rb
 - lib/chef/resource/chef_acl.rb
 - lib/chef/resource/chef_client.rb
+- lib/chef/resource/chef_container.rb
 - lib/chef/resource/chef_data_bag.rb
 - lib/chef/resource/chef_data_bag_item.rb
 - lib/chef/resource/chef_environment.rb
+- lib/chef/resource/chef_group.rb
+- lib/chef/resource/chef_mirror.rb
 - lib/chef/resource/chef_node.rb
+- lib/chef/resource/chef_organization.rb
 - lib/chef/resource/chef_resolved_cookbooks.rb
 - lib/chef/resource/chef_role.rb
 - lib/chef/resource/chef_user.rb
-- lib/chef/resource/in_parallel.rb
 - lib/chef/resource/private_key.rb
 - lib/chef/resource/public_key.rb
 - lib/cheffish.rb
@@ -113,12 +120,19 @@ files:
 - lib/cheffish/version.rb
 - lib/cheffish/with_pattern.rb
 - spec/functional/fingerprint_spec.rb
+- spec/functional/merged_config_spec.rb
+- spec/integration/chef_acl_spec.rb
 - spec/integration/chef_client_spec.rb
+- spec/integration/chef_container_spec.rb
+- spec/integration/chef_group_spec.rb
+- spec/integration/chef_mirror_spec.rb
 - spec/integration/chef_node_spec.rb
+- spec/integration/chef_organization_spec.rb
 - spec/integration/chef_user_spec.rb
 - spec/integration/private_key_spec.rb
 - spec/integration/recipe_dsl_spec.rb
 - spec/support/key_support.rb
+- spec/support/repository_support.rb
 - spec/support/spec_support.rb
 - spec/unit/get_private_key_spec.rb
 homepage: http://wiki.opscode.com/display/chef

data/lib/chef/resource/in_parallel.rb

@@ -1,6 +0,0 @@
-
-
-class Chef::Resource::InParallel < Chef::Resource
-  def initialize(&block)
-  end
-end