cheffish 1.1.2 → 1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (25) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cheffish/chef_run.rb +13 -0
  3. data/lib/cheffish/rspec.rb +8 -0
  4. data/lib/cheffish/rspec/chef_run_support.rb +19 -52
  5. data/lib/cheffish/rspec/matchers.rb +4 -81
  6. data/lib/cheffish/rspec/matchers/be_idempotent.rb +16 -0
  7. data/lib/cheffish/rspec/matchers/emit_no_warnings_or_errors.rb +15 -0
  8. data/lib/cheffish/rspec/matchers/have_updated.rb +37 -0
  9. data/lib/cheffish/rspec/matchers/partially_match.rb +63 -0
  10. data/lib/cheffish/rspec/recipe_run_wrapper.rb +2 -2
  11. data/lib/cheffish/rspec/repository_support.rb +1 -1
  12. data/lib/cheffish/version.rb +1 -1
  13. data/spec/integration/chef_acl_spec.rb +384 -420
  14. data/spec/integration/chef_client_spec.rb +18 -24
  15. data/spec/integration/chef_container_spec.rb +4 -6
  16. data/spec/integration/chef_group_spec.rb +30 -46
  17. data/spec/integration/chef_mirror_spec.rb +60 -89
  18. data/spec/integration/chef_node_spec.rb +96 -124
  19. data/spec/integration/chef_organization_spec.rb +38 -57
  20. data/spec/integration/chef_user_spec.rb +16 -22
  21. data/spec/integration/private_key_spec.rb +120 -168
  22. data/spec/integration/recipe_dsl_spec.rb +4 -6
  23. data/spec/support/spec_support.rb +1 -2
  24. metadata +13 -8
  25. data/lib/cheffish/rspec/chef_run_wrapper.rb +0 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 0667c4e296b1e3be43fefe384509dbc22e10202b
4
- data.tar.gz: 35be2921f6449bc5f84ff3b3a16e11e3b228e465
3
+ metadata.gz: 6069dfb9d003c9835d32584227f0db27ead80ffe
4
+ data.tar.gz: 76efdfb5364249fcb021c569c2ef5c6b07d4c1a6
5
5
  SHA512:
6
- metadata.gz: 3c4f73cd2e4b8619091566b49638bc5db5e8b8e5d4bb85bf6b0230d9ec9dab7d4f5ea9b24284a01c97a46eb0b48fea91c95bd9dee4e86816b08989ad1c7fe135
7
- data.tar.gz: 8b149e416f184c91e452448fde3f0ebd195d8a4c3ae7c11328238915e1c11f41d197a6a59b57b6c3673607aa18d9894442a5ede6c8743bfc7de4c92ead990133
6
+ metadata.gz: efffb6621cd8b3d4993a587bc099949b2bb7e8f19aaf66fb37d18a60c96149bf68d9ba829e7ec4a831ad917497c112403ee4797c1d4db50a8d740ca1ccdafc4b
7
+ data.tar.gz: 1b0e4bbf57b84a4f98eb223f8dd3993a733808a22ccb88bc553ad7e1d780265dc3563c8d71c5242bc9346e6af4bb4e7954bd645831fb102f071e7846f8f5fe3f
data/lib/cheffish/chef_run.rb CHANGED
@@ -62,11 +62,24 @@ module Cheffish
62
62
  def logs
63
63
  @client ? client.chef_config[:log_location].string : nil
64
64
  end
65
+ def logged_warnings
66
+ logs.lines.select { |l| l =~ /^\[[^\]]*\] WARN:/ }.join("\n")
67
+ end
68
+ def logged_errors
69
+ logs.lines.select { |l| l =~ /^\[[^\]]*\] ERROR:/ }.join("\n")
70
+ end
71
+ def logged_info
72
+ logs.lines.select { |l| l =~ /^\[[^\]]*\] INFO:/ }.join("\n")
73
+ end
65
74
 
66
75
  def resources
67
76
  client.resource_collection
68
77
  end
69
78
 
79
+ def compile_recipe(&recipe)
80
+ client.load_block(&recipe)
81
+ end
82
+
70
83
  def converge
71
84
  begin
72
85
  client.converge
data/lib/cheffish/rspec.rb ADDED
@@ -0,0 +1,8 @@
1
+ require 'cheffish/rspec/chef_run_support'
2
+ require 'cheffish/rspec/repository_support'
3
+ require 'cheffish/rspec/matchers'
4
+
5
+ module Cheffish
6
+ module RSpec
7
+ end
8
+ end
data/lib/cheffish/rspec/chef_run_support.rb CHANGED
@@ -2,9 +2,9 @@ require 'chef_zero/rspec'
2
2
  require 'chef/server_api'
3
3
  require 'cheffish/rspec/repository_support'
4
4
  require 'uri'
5
- require 'cheffish/basic_chef_client'
6
- require 'cheffish/rspec/chef_run_wrapper'
5
+ require 'cheffish/chef_run'
7
6
  require 'cheffish/rspec/recipe_run_wrapper'
7
+ require 'cheffish/rspec/matchers'
8
8
 
9
9
  module Cheffish
10
10
  module RSpec
@@ -24,22 +24,10 @@ module Cheffish
24
24
  end
25
25
  end
26
26
 
27
- def with_recipe(&block)
27
+ def with_converge(&recipe)
28
28
  before :each do
29
- load_recipe(&block)
30
- end
31
-
32
- after :each do
33
- if !chef_client.converge_failed? && !chef_client.converged?
34
- raise "Never tried to converge!"
35
- end
36
- end
37
- end
38
-
39
- def with_converge(&block)
40
- before :each do
41
- load_recipe(&block) if block_given?
42
- converge
29
+ r = recipe(&recipe)
30
+ r.converge
43
31
  end
44
32
  end
45
33
 
@@ -60,49 +48,28 @@ module Cheffish
60
48
  end
61
49
 
62
50
  def expect_recipe(&recipe)
63
- expect(recipe(&recipe))
64
- end
65
-
66
- def recipe(&recipe)
67
- RecipeRunWrapper.new(chef_config, &recipe)
68
- end
69
-
70
- def chef_client
71
- @chef_client ||= ChefRunWrapper.new(chef_config)
72
- end
73
-
74
- def chef_run
75
- converge if !chef_client.converged?
76
- event_sink.events
77
- end
78
-
79
- def event_sink
80
- chef_client.event_sink
51
+ r = recipe(&recipe)
52
+ r.converge
53
+ expect(r)
81
54
  end
82
55
 
83
- def basic_chef_client
84
- chef_client.client
56
+ def expect_converge(&recipe)
57
+ r = recipe(&recipe)
58
+ expect { r.converge }
85
59
  end
86
60
 
87
- def load_recipe(&recipe)
88
- chef_client.client.load_block(&recipe)
89
- end
90
-
91
- def run_recipe(&recipe)
92
- load_recipe(&recipe)
93
- converge
61
+ def recipe(&recipe)
62
+ RecipeRunWrapper.new(chef_config, &recipe)
94
63
  end
95
64
 
96
- def reset_chef_client
97
- @event_sink = nil
98
- @basic_chef_client = nil
65
+ def converge(&recipe)
66
+ r = RecipeRunWrapper.new(chef_config, &recipe)
67
+ r.converge
68
+ r
99
69
  end
100
70
 
101
- def converge
102
- if chef_client.converged?
103
- raise "Already converged! Cannot converge twice, that's bad mojo."
104
- end
105
- chef_client.converge
71
+ def chef_client
72
+ @chef_client ||= ChefRun.new(chef_config)
106
73
  end
107
74
  end
108
75
  end
data/lib/cheffish/rspec/matchers.rb CHANGED
@@ -1,81 +1,4 @@
1
- RSpec::Matchers.define :have_updated do |resource_name, *expected_actions|
2
- match do |actual|
3
- actual_actions = actual.select { |event, resource, action| event == :resource_updated && resource.to_s == resource_name }.map { |event, resource, action| action }
4
- expect(actual_actions).to eq(expected_actions)
5
- end
6
- failure_message do |actual|
7
- updates = actual.select { |event, resource, action| event == :resource_updated }.to_a
8
- result = "expected that the chef_run would #{expected_actions.join(',')} #{resource_name}."
9
- if updates.size > 0
10
- result << " Actual updates were #{updates.map { |event, resource, action| "#{resource.to_s} => #{action.inspect}" }.join(', ')}"
11
- else
12
- result << " Nothing was updated."
13
- end
14
- result
15
- end
16
- failure_message_when_negated do |actual|
17
- updates = actual.select { |event, resource, action| event == :resource_updated }.to_a
18
- result = "expected that the chef_run would not #{expected_actions.join(',')} #{resource_name}."
19
- if updates.size > 0
20
- result << " Actual updates were #{updates.map { |event, resource, action| "#{resource.to_s} => #{action.inspect}" }.join(', ')}"
21
- else
22
- result << " Nothing was updated."
23
- end
24
- result
25
- end
26
- end
27
-
28
- RSpec::Matchers.define :be_idempotent do
29
- match do |recipe|
30
- @recipe = recipe
31
- recipe.reset
32
- recipe.converge
33
- recipe.up_to_date?
34
- end
35
-
36
- failure_message {
37
- "#{@recipe} is not idempotent! Converging it a second time caused updates.\n#{@recipe.output_for_failure_message}"
38
- }
39
- end
40
-
41
-
42
- RSpec::Matchers.define :update_acls do |acl_paths, expected_acls|
43
-
44
- errors = []
45
-
46
- match do |block|
47
- orig_json = {}
48
- Array(acl_paths).each do |acl_path|
49
- orig_json[acl_path] = get(acl_path)
50
- end
51
-
52
- block.call
53
-
54
- orig_json.each_pair do |acl_path, orig|
55
- changed = get(acl_path)
56
- expected_acls.each do |permission, hash|
57
- hash.each do |type, actors|
58
- actors.each do |actor|
59
- if actor[0] == '-'
60
- actor = actor[1..-1]
61
- errors << "#{acl_path} expected to remove #{type} #{actor} from #{permission} permissions" if changed[permission][type].include?(actor)
62
- orig[permission][type].delete(actor)
63
- else
64
- errors << "#{acl_path} expected to add #{type} #{actor} to #{permission} permissions" if !changed[permission][type].include?(actor)
65
- changed[permission][type].delete(actor)
66
- end
67
- end
68
- end
69
- end
70
- # After checking everything, see if the remaining acl is the same as before
71
- errors << "#{acl_path} updated more than expected!\nActual:\n#{changed}\nExpected:\n#{orig}" if changed != orig
72
- end
73
- errors.size == 0
74
- end
75
-
76
- failure_message do |block|
77
- errors.join("\n")
78
- end
79
-
80
- supports_block_expectations
81
- end
1
+ require 'cheffish/rspec/matchers/have_updated'
2
+ require 'cheffish/rspec/matchers/be_idempotent'
3
+ require 'cheffish/rspec/matchers/partially_match'
4
+ require 'cheffish/rspec/matchers/emit_no_warnings_or_errors'
data/lib/cheffish/rspec/matchers/be_idempotent.rb ADDED
@@ -0,0 +1,16 @@
1
+ require 'rspec/matchers'
2
+
3
+ RSpec::Matchers.define :be_idempotent do
4
+ match do |recipe|
5
+ @recipe = recipe
6
+ recipe.reset
7
+ recipe.converge
8
+ recipe.up_to_date?
9
+ end
10
+
11
+ failure_message {
12
+ "#{@recipe} is not idempotent! Converging it a second time caused updates.\n#{@recipe.output_for_failure_message}"
13
+ }
14
+
15
+ supports_block_expectations
16
+ end
data/lib/cheffish/rspec/matchers/emit_no_warnings_or_errors.rb ADDED
@@ -0,0 +1,15 @@
1
+ require 'rspec/matchers'
2
+
3
+ RSpec::Matchers.define :emit_no_warnings_or_errors do
4
+ match do |recipe|
5
+ @recipe = recipe
6
+ @warn_err = recipe.logs.lines.select { |l| l =~ /warn|err/i }.join("\n")
7
+ @warn_err.empty?
8
+ end
9
+
10
+ failure_message {
11
+ "#{@recipe} emitted warnings and errors!\n#{@warn_err}"
12
+ }
13
+
14
+ supports_block_expectations
15
+ end
data/lib/cheffish/rspec/matchers/have_updated.rb ADDED
@@ -0,0 +1,37 @@
1
+ require 'rspec/matchers'
2
+
3
+ RSpec::Matchers.define :have_updated do |resource_name, *expected_actions|
4
+ match do |recipe|
5
+ @recipe = recipe
6
+ actual = @recipe.event_sink.events
7
+ actual_actions = actual.select { |event, resource, action| event == :resource_updated && resource.to_s == resource_name }.
8
+ map { |event, resource, action| action }
9
+ expect(actual_actions).to eq(expected_actions)
10
+ end
11
+
12
+ failure_message do
13
+ actual = @recipe.event_sink.events
14
+ updates = actual.select { |event, resource, action| event == :resource_updated }.to_a
15
+ result = "expected that the chef_run would #{expected_actions.join(',')} #{resource_name}."
16
+ if updates.size > 0
17
+ result << " Actual updates were #{updates.map { |event, resource, action| "#{resource.to_s} => #{action.inspect}" }.join(', ')}"
18
+ else
19
+ result << " Nothing was updated."
20
+ end
21
+ result
22
+ end
23
+
24
+ failure_message_when_negated do
25
+ actual = @recipe.event_sink.events
26
+ updates = actual.select { |event, resource, action| event == :resource_updated }.to_a
27
+ result = "expected that the chef_run would not #{expected_actions.join(',')} #{resource_name}."
28
+ if updates.size > 0
29
+ result << " Actual updates were #{updates.map { |event, resource, action| "#{resource.to_s} => #{action.inspect}" }.join(', ')}"
30
+ else
31
+ result << " Nothing was updated."
32
+ end
33
+ result
34
+ end
35
+ end
36
+
37
+ RSpec::Matchers.define_negated_matcher :not_have_updated, :have_updated
data/lib/cheffish/rspec/matchers/partially_match.rb ADDED
@@ -0,0 +1,63 @@
1
+ module Cheffish
2
+ module RSpec
3
+ module Matchers
4
+ class PartiallyMatch
5
+ include ::RSpec::Matchers::Composable
6
+
7
+ def initialize(example, expected)
8
+ @example = example
9
+ @expected = expected
10
+ end
11
+
12
+ def matches?(actual)
13
+ @actual = actual
14
+ partially_matches_values(@expected, actual)
15
+ end
16
+
17
+ def failure_message
18
+ "expected #{@actual} to match #{@expected}"
19
+ end
20
+
21
+ def failure_message_when_negated
22
+ "expected #{@actual} not to match #{@expected}"
23
+ end
24
+
25
+ protected
26
+
27
+ def partially_matches_values(expected, actual)
28
+ if Hash === actual
29
+ return partially_matches_hashes(expected, actual) if Hash === expected || Array === expected
30
+ elsif Array === expected && Enumerable === actual && !(Struct === actual)
31
+ return partially_matches_arrays(expected, actual)
32
+ end
33
+
34
+ return true if actual == expected
35
+
36
+ begin
37
+ expected === actual
38
+ rescue ArgumentError
39
+ # Some objects, like 0-arg lambdas on 1.9+, raise
40
+ # ArgumentError for `expected === actual`.
41
+ false
42
+ end
43
+ end
44
+
45
+ def partially_matches_hashes(expected, actual)
46
+ expected.all? { |key, value| partially_matches_values(value, actual[key]) }
47
+ end
48
+
49
+ def partially_matches_arrays(expected, actual)
50
+ expected.all? { |e| actual.any? { |a| partially_matches_values(e, a) } }
51
+ end
52
+ end
53
+ end
54
+ end
55
+ end
56
+
57
+ module RSpec
58
+ module Matchers
59
+ def partially_match(expected)
60
+ Cheffish::RSpec::Matchers::PartiallyMatch.new(self, expected)
61
+ end
62
+ end
63
+ end
data/lib/cheffish/rspec/recipe_run_wrapper.rb CHANGED
@@ -1,8 +1,8 @@
1
- require 'cheffish/rspec/chef_run_wrapper'
1
+ require 'cheffish/chef_run'
2
2
 
3
3
  module Cheffish
4
4
  module RSpec
5
- class RecipeRunWrapper < ChefRunWrapper
5
+ class RecipeRunWrapper < ChefRun
6
6
  def initialize(chef_config, &recipe)
7
7
  super(chef_config)
8
8
  @recipe = recipe
data/lib/cheffish/rspec/repository_support.rb CHANGED
@@ -9,7 +9,7 @@ module Cheffish
9
9
  end
10
10
  end
11
11
 
12
- RSpec.shared_context "with a chef repo" do
12
+ ::RSpec.shared_context "with a chef repo" do
13
13
  before :each do
14
14
  raise "Can only create one directory per test" if @repository_dir
15
15
  @repository_dir = Dir.mktmpdir('chef_repo')
data/lib/cheffish/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Cheffish
2
- VERSION = '1.1.2'
2
+ VERSION = '1.2'
3
3
  end
data/spec/integration/chef_acl_spec.rb CHANGED
@@ -9,34 +9,31 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
9
9
  describe Chef::Resource::ChefAcl do
10
10
  extend Cheffish::RSpec::ChefRunSupport
11
11
 
12
+ # let(:chef_config) { super().merge(log_level: :debug, stdout: STDOUT, stderr: STDERR, log_location: STDOUT) }
13
+
12
14
  context "Rights attributes" do
13
15
  when_the_chef_server 'has a node named x', :osc_compat => false do
14
16
  node 'x', {}
15
17
 
16
18
  it 'Converging chef_acl "nodes/x" changes nothing' do
17
- expect {
18
- run_recipe do
19
- chef_acl 'nodes/x'
20
- end
21
- }.to update_acls('nodes/x/_acl', {})
19
+ expect_recipe {
20
+ chef_acl 'nodes/x'
21
+ }.to be_up_to_date
22
+ expect(get('nodes/x/_acl')).to partially_match({})
22
23
  end
23
24
 
24
25
  it 'Converging chef_acl "nodes/x" with "complete true" and no rights raises an error' do
25
- expect {
26
- run_recipe do
27
- chef_acl 'nodes/x' do
28
- complete true
29
- end
26
+ expect_converge {
27
+ chef_acl 'nodes/x' do
28
+ complete true
30
29
  end
31
30
  }.to raise_error(RuntimeError)
32
31
  end
33
32
 
34
33
  it 'Removing all :grant rights from a node raises an error' do
35
- expect {
36
- run_recipe do
37
- chef_acl 'nodes/x' do
38
- remove_rights :grant, :users => 'pivotal', :groups => %w(admins users clients)
39
- end
34
+ expect_converge {
35
+ chef_acl 'nodes/x' do
36
+ remove_rights :grant, users: %w(pivotal), groups: %w(admins users clients)
40
37
  end
41
38
  }.to raise_error(RuntimeError)
42
39
  end
@@ -45,61 +42,57 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
45
42
  user 'blarghle', {}
46
43
 
47
44
  it 'Converging chef_acl "nodes/x" with user "blarghle" adds the user' do
48
- expect {
49
- run_recipe do
50
- chef_acl 'nodes/x' do
51
- rights :read, :users => 'blarghle'
52
- end
45
+ expect_recipe {
46
+ chef_acl 'nodes/x' do
47
+ rights :read, users: %w(blarghle)
53
48
  end
54
- }.to update_acls('nodes/x/_acl', 'read' => { 'actors' => %w(blarghle) })
49
+ }.to be_updated
50
+ expect(get('nodes/x/_acl')).to partially_match('read' => { 'actors' => %w(blarghle) })
55
51
  end
56
52
 
57
53
  it 'Converging chef_acl "nodes/x" with "complete true" removes all ACLs except those specified' do
58
- expect {
59
- run_recipe do
60
- chef_acl 'nodes/x' do
61
- rights :grant, :users => 'blarghle'
62
- complete true
63
- end
54
+ expect_recipe {
55
+ chef_acl 'nodes/x' do
56
+ rights :grant, users: %w(blarghle)
57
+ complete true
64
58
  end
65
- }.to update_acls('nodes/x/_acl', {
66
- "create"=>{"actors"=>["-pivotal"], "groups"=>["-admins", "-users", "-clients"]},
67
- "read" =>{"actors"=>["-pivotal"], "groups"=>["-admins", "-users", "-clients"]},
68
- "update"=>{"actors"=>["-pivotal"], "groups"=>["-admins", "-users"]},
69
- "delete"=>{"actors"=>["-pivotal"], "groups"=>["-admins", "-users"]},
70
- "grant" =>{"actors"=>["-pivotal", "blarghle"], "groups"=>["-admins"]}
71
- })
59
+ }.to be_updated
60
+ expect(get('nodes/x/_acl')).to eq(
61
+ "create"=>{"actors"=>[], "groups"=>[]},
62
+ "read" =>{"actors"=>[], "groups"=>[]},
63
+ "update"=>{"actors"=>[], "groups"=>[]},
64
+ "delete"=>{"actors"=>[], "groups"=>[]},
65
+ "grant" =>{"actors"=>["blarghle"], "groups"=>[]}
66
+ )
72
67
  end
73
68
  end
74
69
 
75
70
  it 'Converging chef_acl "nodes/x" with "complete true" removes all ACLs except those specified in :all' do
76
- expect {
77
- run_recipe do
78
- chef_acl 'nodes/x' do
79
- rights :all, :users => 'blarghle'
80
- complete true
81
- end
82
- end
83
- }.to update_acls('nodes/x/_acl', {
84
- "create"=>{"actors"=>["-pivotal", "blarghle"], "groups"=>["-admins", "-users", "-clients"]},
85
- "read" =>{"actors"=>["-pivotal", "blarghle"], "groups"=>["-admins", "-users", "-clients"]},
86
- "update"=>{"actors"=>["-pivotal", "blarghle"], "groups"=>["-admins", "-users"]},
87
- "delete"=>{"actors"=>["-pivotal", "blarghle"], "groups"=>["-admins", "-users"]},
88
- "grant" =>{"actors"=>["-pivotal", "blarghle"], "groups"=>["-admins"]}
89
- })
71
+ expect_recipe {
72
+ chef_acl 'nodes/x' do
73
+ rights :all, users: %w(blarghle)
74
+ complete true
75
+ end
76
+ }.to be_updated
77
+ expect(get('nodes/x/_acl')).to eq(
78
+ "create"=>{"actors"=>["blarghle"], "groups"=>[]},
79
+ "read" =>{"actors"=>["blarghle"], "groups"=>[]},
80
+ "update"=>{"actors"=>["blarghle"], "groups"=>[]},
81
+ "delete"=>{"actors"=>["blarghle"], "groups"=>[]},
82
+ "grant" =>{"actors"=>["blarghle"], "groups"=>[]}
83
+ )
90
84
  end
91
85
 
92
86
  context 'and a client "blarghle"' do
93
87
  user 'blarghle', {}
94
88
 
95
89
  it 'Converging chef_acl "nodes/x" with client "blarghle" adds the client' do
96
- expect {
97
- run_recipe do
98
- chef_acl 'nodes/x' do
99
- rights :read, :clients => 'blarghle'
100
- end
90
+ expect_recipe {
91
+ chef_acl 'nodes/x' do
92
+ rights :read, clients: %w(blarghle)
101
93
  end
102
- }.to update_acls('nodes/x/_acl', 'read' => { 'actors' => %w(blarghle) })
94
+ }.to be_updated
95
+ expect(get('nodes/x/_acl')).to partially_match('read' => { 'actors' => %w(blarghle) })
103
96
  end
104
97
  end
105
98
 
@@ -107,13 +100,12 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
107
100
  group 'blarghle', {}
108
101
 
109
102
  it 'Converging chef_acl "nodes/x" with group "blarghle" adds the group' do
110
- expect {
111
- run_recipe do
112
- chef_acl 'nodes/x' do
113
- rights :read, :groups => 'blarghle'
114
- end
103
+ expect_recipe {
104
+ chef_acl 'nodes/x' do
105
+ rights :read, groups: %w(blarghle)
115
106
  end
116
- }.to update_acls('nodes/x/_acl', 'read' => { 'groups' => %w(blarghle) })
107
+ }.to be_updated
108
+ expect(get('nodes/x/_acl')).to partially_match('read' => { 'groups' => %w(blarghle) })
117
109
  end
118
110
  end
119
111
 
@@ -129,41 +121,38 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
129
121
  group 'g3', {}
130
122
 
131
123
  it 'Converging chef_acl "nodes/x" with multiple groups, users and clients in an acl makes the appropriate changes' do
132
- expect {
133
- run_recipe do
134
- chef_acl 'nodes/x' do
135
- rights :create, :users => [ 'u1', 'u2', 'u3' ], :clients => [ 'c1', 'c2', 'c3' ], :groups => [ 'g1', 'g2', 'g3' ]
136
- end
124
+ expect_recipe {
125
+ chef_acl 'nodes/x' do
126
+ rights :create, users: [ 'u1', 'u2', 'u3' ], clients: [ 'c1', 'c2', 'c3' ], groups: [ 'g1', 'g2', 'g3' ]
137
127
  end
138
- }.to update_acls('nodes/x/_acl',
128
+ }.to be_updated
129
+ expect(get('nodes/x/_acl')).to partially_match(
139
130
  'create' => { 'groups' => %w(g1 g2 g3), 'actors' => %w(u1 u2 u3 c1 c2 c3) }
140
131
  )
141
132
  end
142
133
 
143
134
  it 'Converging chef_acl "nodes/x" with multiple groups, users and clients across multiple "rights" groups makes the appropriate changes' do
144
- expect {
145
- run_recipe do
146
- chef_acl 'nodes/x' do
147
- rights :create, :users => %w(u1), :clients => 'c1', :groups => 'g1'
148
- rights :create, :users => %w(u2 u3), :clients => %w(c2 c3), :groups => 'g2'
149
- rights :read, :users => 'u1'
150
- rights :read, :groups => 'g1'
151
- end
135
+ expect_recipe {
136
+ chef_acl 'nodes/x' do
137
+ rights :create, users: %w(u1), clients: %w(c1), groups: %w(g1)
138
+ rights :create, users: %w(u2 u3), clients: %w(c2 c3), groups: %w(g2)
139
+ rights :read, users: %w(u1)
140
+ rights :read, groups: %w(g1)
152
141
  end
153
- }.to update_acls('nodes/x/_acl',
142
+ }.to be_updated
143
+ expect(get('nodes/x/_acl')).to partially_match(
154
144
  'create' => { 'groups' => %w(g1 g2), 'actors' => %w(u1 u2 u3 c1 c2 c3) },
155
145
  'read' => { 'groups' => %w(g1), 'actors' => %w(u1) }
156
146
  )
157
147
  end
158
148
 
159
149
  it 'Converging chef_acl "nodes/x" with rights [ :read, :create, :update, :delete, :grant ] modifies all rights' do
160
- expect {
161
- run_recipe do
162
- chef_acl 'nodes/x' do
163
- rights [ :create, :read, :update, :delete, :grant ], :users => %w(u1 u2), :clients => 'c1', :groups => 'g1'
164
- end
150
+ expect_recipe {
151
+ chef_acl 'nodes/x' do
152
+ rights [ :create, :read, :update, :delete, :grant ], users: %w(u1 u2), clients: %w(c1), groups: %w(g1)
165
153
  end
166
- }.to update_acls('nodes/x/_acl',
154
+ }.to be_updated
155
+ expect(get('nodes/x/_acl')).to partially_match(
167
156
  'create' => { 'groups' => %w(g1), 'actors' => %w(u1 u2 c1) },
168
157
  'read' => { 'groups' => %w(g1), 'actors' => %w(u1 u2 c1) },
169
158
  'update' => { 'groups' => %w(g1), 'actors' => %w(u1 u2 c1) },
@@ -173,13 +162,12 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
173
162
  end
174
163
 
175
164
  it 'Converging chef_acl "nodes/x" with rights :all modifies all rights' do
176
- expect {
177
- run_recipe do
178
- chef_acl 'nodes/x' do
179
- rights :all, :users => %w(u1 u2), :clients => 'c1', :groups => 'g1'
180
- end
165
+ expect_recipe {
166
+ chef_acl 'nodes/x' do
167
+ rights :all, users: %w(u1 u2), clients: %w(c1), groups: %w(g1)
181
168
  end
182
- }.to update_acls('nodes/x/_acl',
169
+ }.to be_updated
170
+ expect(get('nodes/x/_acl')).to partially_match(
183
171
  'create' => { 'groups' => %w(g1), 'actors' => %w(u1 u2 c1) },
184
172
  'read' => { 'groups' => %w(g1), 'actors' => %w(u1 u2 c1) },
185
173
  'update' => { 'groups' => %w(g1), 'actors' => %w(u1 u2 c1) },
@@ -190,10 +178,8 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
190
178
  end
191
179
 
192
180
  it 'Converging chef_acl "nodes/y" throws a 404' do
193
- expect {
194
- run_recipe do
195
- chef_acl 'nodes/y'
196
- end
181
+ expect_converge {
182
+ chef_acl 'nodes/y'
197
183
  }.to raise_error(Net::HTTPServerException)
198
184
  end
199
185
  end
@@ -205,13 +191,12 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
205
191
  end
206
192
 
207
193
  it 'Converging chef_acl "nodes/x" with that user changes nothing' do
208
- expect {
209
- run_recipe do
210
- chef_acl 'nodes/x' do
211
- rights :read, :users => 'blarghle'
212
- end
194
+ expect_recipe {
195
+ chef_acl 'nodes/x' do
196
+ rights :read, users: %w(blarghle)
213
197
  end
214
- }.to update_acls('nodes/x/_acl', {})
198
+ }.to be_up_to_date
199
+ expect(get('nodes/x/_acl')).to partially_match({})
215
200
  end
216
201
  end
217
202
 
@@ -227,22 +212,23 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
227
212
  end
228
213
 
229
214
  it 'Converging chef_acl "nodes/x" with remove_rights :all removes foo from everything' do
230
- expect {
231
- run_recipe do
232
- chef_acl 'nodes/x' do
233
- remove_rights :all, :users => 'foo'
234
- end
235
- end
236
- }.to update_acls('nodes/x/_acl',
237
- 'create' => { 'actors' => %w(-foo) },
238
- 'read' => { 'actors' => %w(-foo) },
239
- 'update' => { 'actors' => %w(-foo) },
240
- 'delete' => { 'actors' => %w(-foo) },
241
- 'grant' => { 'actors' => %w(-foo) },
215
+ expect_recipe {
216
+ chef_acl 'nodes/x' do
217
+ remove_rights :all, users: %w(foo)
218
+ end
219
+ }.to be_updated
220
+ expect(get('nodes/x/_acl')).to partially_match(
221
+ 'create' => { 'actors' => exclude('foo') },
222
+ 'read' => { 'actors' => exclude('foo') },
223
+ 'update' => { 'actors' => exclude('foo') },
224
+ 'delete' => { 'actors' => exclude('foo') },
225
+ 'grant' => { 'actors' => exclude('foo') },
242
226
  )
243
227
  end
244
228
  end
245
229
 
230
+ ::RSpec::Matchers.define_negated_matcher :exclude, :include
231
+
246
232
  context 'recursive' do
247
233
  when_the_chef_server 'has a nodes container with user blarghle in its acl', :osc_compat => false do
248
234
  user 'blarghle', {}
@@ -253,67 +239,70 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
253
239
 
254
240
  it 'Converging chef_acl "nodes" makes no changes' do
255
241
  expect {
256
- run_recipe do
242
+ expect_recipe {
257
243
  chef_acl 'nodes' do
258
- rights :read, :users => 'blarghle'
244
+ rights :read, users: %w(blarghle)
259
245
  end
260
- end
261
- }.to update_acls([ 'containers/nodes/_acl', 'nodes/x/_acl' ], {})
246
+ }.to be_up_to_date
247
+ }.to not_change { get('containers/nodes/_acl') }.
248
+ and not_change { get('nodes/x/_acl') }
262
249
  end
263
250
 
251
+ RSpec::Matchers.define_negated_matcher :not_change, :change
252
+
264
253
  it 'Converging chef_acl "nodes" with recursive :on_change makes no changes' do
265
254
  expect {
266
- run_recipe do
255
+ expect_recipe {
267
256
  chef_acl 'nodes' do
268
- rights :read, :users => 'blarghle'
257
+ rights :read, users: %w(blarghle)
269
258
  recursive :on_change
270
259
  end
271
- end
272
- }.to update_acls([ 'containers/nodes/_acl', 'nodes/x/_acl' ], {})
260
+ }.to be_up_to_date
261
+ }.to not_change { get('containers/nodes/_acl') }.
262
+ and not_change { get('nodes/x/_acl') }
273
263
  end
274
264
 
275
265
  it 'Converging chef_acl "nodes" with recursive true changes nodes/x\'s acls' do
276
- expect {
277
- run_recipe do
278
- chef_acl 'nodes' do
279
- rights :read, :users => 'blarghle'
280
- recursive true
281
- end
266
+ expect_recipe {
267
+ chef_acl 'nodes' do
268
+ rights :read, users: %w(blarghle)
269
+ recursive true
282
270
  end
283
- }.to update_acls('nodes/x/_acl', 'read' => { 'actors' => %w(blarghle) })
271
+ }.to be_updated
272
+ expect(get('nodes/x/_acl')).to partially_match('read' => { 'actors' => %w(blarghle) })
284
273
  end
285
274
 
286
275
  it 'Converging chef_acl "" with recursive false does not change nodes/x\'s acls' do
287
- expect {
288
- run_recipe do
289
- chef_acl '' do
290
- rights :read, :users => 'blarghle'
291
- recursive false
292
- end
276
+ expect_recipe {
277
+ chef_acl '' do
278
+ rights :read, users: %w(blarghle)
279
+ recursive false
293
280
  end
294
- }.to update_acls([ 'containers/nodes/_acl', 'nodes/x/_acl' ], {})
281
+ }.to be_updated
282
+ expect(get('containers/nodes/_acl')).to partially_match({})
283
+ expect(get('nodes/x/_acl')).to partially_match({})
295
284
  end
296
285
 
297
286
  it 'Converging chef_acl "" with recursive :on_change does not change nodes/x\'s acls' do
298
- expect {
299
- run_recipe do
300
- chef_acl '' do
301
- rights :read, :users => 'blarghle'
302
- recursive :on_change
303
- end
287
+ expect_recipe {
288
+ chef_acl '' do
289
+ rights :read, users: %w(blarghle)
290
+ recursive :on_change
304
291
  end
305
- }.to update_acls([ 'containers/nodes/_acl', 'nodes/x/_acl' ], {})
292
+ }.to be_updated
293
+ expect(get('containers/nodes/_acl')).to partially_match({})
294
+ expect(get('nodes/x/_acl')).to partially_match({})
306
295
  end
307
296
 
308
297
  it 'Converging chef_acl "" with recursive true changes nodes/x\'s acls' do
309
- expect {
310
- run_recipe do
311
- chef_acl '' do
312
- rights :read, :users => 'blarghle'
313
- recursive true
314
- end
298
+ expect_recipe {
299
+ chef_acl '' do
300
+ rights :read, users: %w(blarghle)
301
+ recursive true
315
302
  end
316
- }.to update_acls([ '/organizations/_acl', 'nodes/x/_acl' ], 'read' => { 'actors' => %w(blarghle) })
303
+ }.to be_updated
304
+ expect(get('/organizations/_acl')).to partially_match('read' => { 'actors' => %w(blarghle) })
305
+ expect(get('nodes/x/_acl')).to partially_match('read' => { 'actors' => %w(blarghle) })
317
306
  end
318
307
  end
319
308
  end
@@ -347,207 +336,192 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
347
336
 
348
337
  context 'relative paths' do
349
338
  it "chef_acl 'nodes/x' changes the acls" do
350
- expect {
351
- run_recipe do
352
- chef_acl "nodes/x" do
353
- rights :read, :users => 'u'
354
- end
339
+ expect_recipe {
340
+ chef_acl "nodes/x" do
341
+ rights :read, users: %w(u)
355
342
  end
356
- }.to update_acls("nodes/x/_acl", 'read' => { 'actors' => %w(u) })
343
+ }.to be_updated
344
+ expect(get("nodes/x/_acl")).to partially_match('read' => { 'actors' => %w(u) })
357
345
  end
358
346
 
359
347
  it "chef_acl '*/*' changes the acls" do
360
- expect {
361
- run_recipe do
362
- chef_acl "*/*" do
363
- rights :read, :users => 'u'
364
- end
348
+ expect_recipe {
349
+ chef_acl "*/*" do
350
+ rights :read, users: %w(u)
365
351
  end
366
- }.to update_acls(%w(clients containers cookbooks data environments groups nodes roles).map { |type| "/organizations/foo/#{type}/x/_acl" },
367
- 'read' => { 'actors' => %w(u) })
352
+ }.to be_updated
353
+ %w(clients containers cookbooks data environments groups nodes roles).each do |type|
354
+ expect(get("/organizations/foo/#{type}/x/_acl")).to partially_match(
355
+ 'read' => { 'actors' => %w(u) })
356
+ end
368
357
  end
369
358
  end
370
359
 
371
360
  context 'absolute paths' do
372
361
  %w(clients containers cookbooks data environments groups nodes roles sandboxes).each do |type|
373
362
  it "chef_acl '/organizations/foo/#{type}/x' changes the acl" do
374
- expect {
375
- run_recipe do
376
- chef_acl "/organizations/foo/#{type}/x" do
377
- rights :read, :users => 'u'
378
- end
363
+ expect_recipe {
364
+ chef_acl "/organizations/foo/#{type}/x" do
365
+ rights :read, users: %w(u)
379
366
  end
380
- }.to update_acls("/organizations/foo/#{type}/x/_acl", 'read' => { 'actors' => %w(u) })
367
+ }.to be_updated
368
+ expect(get("/organizations/foo/#{type}/x/_acl")).to partially_match('read' => { 'actors' => %w(u) })
381
369
  end
382
370
  end
383
371
 
384
372
  %w(clients containers cookbooks data environments groups nodes roles sandboxes).each do |type|
385
373
  it "chef_acl '/organizations/foo/#{type}/x' changes the acl" do
386
- expect {
387
- run_recipe do
388
- chef_acl "/organizations/foo/#{type}/x" do
389
- rights :read, :users => 'u'
390
- end
374
+ expect_recipe {
375
+ chef_acl "/organizations/foo/#{type}/x" do
376
+ rights :read, users: %w(u)
391
377
  end
392
- }.to update_acls("/organizations/foo/#{type}/x/_acl", 'read' => { 'actors' => %w(u) })
378
+ }.to be_updated
379
+ expect(get("/organizations/foo/#{type}/x/_acl")).to partially_match('read' => { 'actors' => %w(u) })
393
380
  end
394
381
  end
395
382
 
396
383
  %w(clients containers cookbooks data environments groups nodes roles).each do |type|
397
384
  it "chef_acl '/*/*/#{type}/*' changes the acl" do
398
- expect {
399
- run_recipe do
400
- chef_acl "/*/*/#{type}/*" do
401
- rights :read, :users => 'u'
402
- end
385
+ expect_recipe {
386
+ chef_acl "/*/*/#{type}/*" do
387
+ rights :read, users: %w(u)
403
388
  end
404
- }.to update_acls("/organizations/foo/#{type}/x/_acl", 'read' => { 'actors' => %w(u) })
389
+ }.to be_updated
390
+ expect(get("/organizations/foo/#{type}/x/_acl")).to partially_match('read' => { 'actors' => %w(u) })
405
391
  end
406
392
  end
407
393
 
408
394
  it "chef_acl '/*/*/*/x' changes the acls" do
409
- expect {
410
- run_recipe do
411
- chef_acl "/*/*/*/x" do
412
- rights :read, :users => 'u'
413
- end
395
+ expect_recipe {
396
+ chef_acl "/*/*/*/x" do
397
+ rights :read, users: %w(u)
414
398
  end
415
- }.to update_acls(%w(clients containers cookbooks data environments groups nodes roles sandboxes).map { |type| "/organizations/foo/#{type}/x/_acl" },
416
- 'read' => { 'actors' => %w(u) })
399
+ }.to be_updated
400
+ %w(clients containers cookbooks data environments groups nodes roles sandboxes).each do |type|
401
+ expect(get("/organizations/foo/#{type}/x/_acl")).to partially_match(
402
+ 'read' => { 'actors' => %w(u) })
403
+ end
417
404
  end
418
405
 
419
406
  it "chef_acl '/*/*/*/*' changes the acls" do
420
- expect {
421
- run_recipe do
422
- chef_acl "/*/*/*/*" do
423
- rights :read, :users => 'u'
424
- end
407
+ expect_recipe {
408
+ chef_acl "/*/*/*/*" do
409
+ rights :read, users: %w(u)
425
410
  end
426
- }.to update_acls(%w(clients containers cookbooks data environments groups nodes roles).map { |type| "/organizations/foo/#{type}/x/_acl" },
427
- 'read' => { 'actors' => %w(u) })
411
+ }.to be_updated
412
+ %w(clients containers cookbooks data environments groups nodes roles).each do |type|
413
+ expect(get("/organizations/foo/#{type}/x/_acl")).to partially_match(
414
+ 'read' => { 'actors' => %w(u) })
415
+ end
428
416
  end
429
417
 
430
418
  it 'chef_acl "/organizations/foo/data_bags/x" changes the acl' do
431
- expect {
432
- run_recipe do
433
- chef_acl '/organizations/foo/data_bags/x' do
434
- rights :read, :users => 'u'
435
- end
419
+ expect_recipe {
420
+ chef_acl '/organizations/foo/data_bags/x' do
421
+ rights :read, users: %w(u)
436
422
  end
437
- }.to update_acls('/organizations/foo/data/x/_acl', 'read' => { 'actors' => %w(u) })
423
+ }.to be_updated
424
+ expect(get('/organizations/foo/data/x/_acl')).to partially_match('read' => { 'actors' => %w(u) })
438
425
  end
439
426
 
440
427
  it 'chef_acl "/*/*/data_bags/*" changes the acl' do
441
- expect {
442
- run_recipe do
443
- chef_acl '/*/*/data_bags/*' do
444
- rights :read, :users => 'u'
445
- end
428
+ expect_recipe {
429
+ chef_acl '/*/*/data_bags/*' do
430
+ rights :read, users: %w(u)
446
431
  end
447
- }.to update_acls('/organizations/foo/data/x/_acl', 'read' => { 'actors' => %w(u) })
432
+ }.to be_updated
433
+ expect(get('/organizations/foo/data/x/_acl')).to partially_match('read' => { 'actors' => %w(u) })
448
434
  end
449
435
 
450
436
  it "chef_acl '/organizations/foo/cookbooks/x/1.0.0' raises an error" do
451
- expect {
452
- run_recipe do
453
- chef_acl "/organizations/foo/cookbooks/x/1.0.0" do
454
- rights :read, :users => 'u'
455
- end
437
+ expect_converge {
438
+ chef_acl "/organizations/foo/cookbooks/x/1.0.0" do
439
+ rights :read, users: %w(u)
456
440
  end
457
441
  }.to raise_error(/ACLs cannot be set on children of \/organizations\/foo\/cookbooks\/x/)
458
442
  end
459
443
 
460
444
  it "chef_acl '/organizations/foo/cookbooks/*/*' raises an error" do
461
445
  pending
462
- expect {
463
- run_recipe do
464
- chef_acl "/organizations/foo/cookbooks/*/*" do
465
- rights :read, :users => 'u'
466
- end
446
+ expect_converge {
447
+ chef_acl "/organizations/foo/cookbooks/*/*" do
448
+ rights :read, users: %w(u)
467
449
  end
468
450
  }.to raise_error(/ACLs cannot be set on children of \/organizations\/foo\/cookbooks\/*/)
469
451
  end
470
452
 
471
453
  it 'chef_acl "/organizations/foo/data/x/y" raises an error' do
472
- expect {
473
- run_recipe do
474
- chef_acl '/organizations/foo/data/x/y' do
475
- rights :read, :users => 'u'
476
- end
454
+ expect_converge {
455
+ chef_acl '/organizations/foo/data/x/y' do
456
+ rights :read, users: %w(u)
477
457
  end
478
458
  }.to raise_error(/ACLs cannot be set on children of \/organizations\/foo\/data\/x/)
479
459
  end
480
460
 
481
461
  it 'chef_acl "/organizations/foo/data/*/*" raises an error' do
482
462
  pending
483
- expect {
484
- run_recipe do
485
- chef_acl '/organizations/foo/data/*/*' do
486
- rights :read, :users => 'u'
487
- end
463
+ expect_converge {
464
+ chef_acl '/organizations/foo/data/*/*' do
465
+ rights :read, users: %w(u)
488
466
  end
489
467
  }.to raise_error(/ACLs cannot be set on children of \/organizations\/foo\/data\/*/)
490
468
  end
491
469
 
492
470
  it 'chef_acl "/organizations/foo" changes the acl' do
493
- expect {
494
- run_recipe do
495
- chef_acl '/organizations/foo' do
496
- rights :read, :users => 'u'
497
- end
471
+ expect_recipe {
472
+ chef_acl '/organizations/foo' do
473
+ rights :read, users: %w(u)
498
474
  end
499
- }.to update_acls([ '/organizations/foo/organizations/_acl', '/organizations/foo/nodes/x/_acl' ], 'read' => { 'actors' => %w(u) })
475
+ }.to be_updated
476
+ expect(get('/organizations/foo/organizations/_acl')).to partially_match('read' => { 'actors' => %w(u) })
477
+ expect(get('/organizations/foo/nodes/x/_acl')).to partially_match('read' => { 'actors' => %w(u) })
500
478
  end
501
479
 
502
480
  it 'chef_acl "/organizations/*" changes the acl' do
503
- expect {
504
- run_recipe do
505
- chef_acl '/organizations/*' do
506
- rights :read, :users => 'u'
507
- end
481
+ expect_recipe {
482
+ chef_acl '/organizations/*' do
483
+ rights :read, users: %w(u)
508
484
  end
509
- }.to update_acls([ '/organizations/foo/organizations/_acl', '/organizations/foo/nodes/x/_acl' ], 'read' => { 'actors' => %w(u) })
485
+ }.to be_updated
486
+ expect(get('/organizations/foo/organizations/_acl')).to partially_match('read' => { 'actors' => %w(u) })
487
+ expect(get('/organizations/foo/nodes/x/_acl')).to partially_match('read' => { 'actors' => %w(u) })
510
488
  end
511
489
 
512
490
  it 'chef_acl "/users/x" changes the acl' do
513
- expect {
514
- run_recipe do
515
- chef_acl '/users/x' do
516
- rights :read, :users => 'u'
517
- end
491
+ expect_recipe {
492
+ chef_acl '/users/x' do
493
+ rights :read, users: %w(u)
518
494
  end
519
- }.to update_acls('/users/x/_acl', 'read' => { 'actors' => %w(u) })
495
+ }.to be_updated
496
+ expect(get('/users/x/_acl')).to partially_match('read' => { 'actors' => %w(u) })
520
497
  end
521
498
 
522
499
  it 'chef_acl "/users/*" changes the acl' do
523
- expect {
524
- run_recipe do
525
- chef_acl '/users/*' do
526
- rights :read, :users => 'u'
527
- end
500
+ expect_recipe {
501
+ chef_acl '/users/*' do
502
+ rights :read, users: %w(u)
528
503
  end
529
- }.to update_acls('/users/x/_acl', 'read' => { 'actors' => %w(u) })
504
+ }.to be_updated
505
+ expect(get('/users/x/_acl')).to partially_match('read' => { 'actors' => %w(u) })
530
506
  end
531
507
 
532
508
  it 'chef_acl "/*/x" changes the acl' do
533
- expect {
534
- run_recipe do
535
- chef_acl '/*/x' do
536
- rights :read, :users => 'u'
537
- end
509
+ expect_recipe {
510
+ chef_acl '/*/x' do
511
+ rights :read, users: %w(u)
538
512
  end
539
- }.to update_acls('/users/x/_acl', 'read' => { 'actors' => %w(u) })
513
+ }.to be_updated
514
+ expect(get('/users/x/_acl')).to partially_match('read' => { 'actors' => %w(u) })
540
515
  end
541
516
 
542
517
  it 'chef_acl "/*/*" changes the acl' do
543
- expect {
544
- run_recipe do
545
- chef_acl '/*/*' do
546
- rights :read, :users => 'u'
547
- end
518
+ expect_recipe {
519
+ chef_acl '/*/*' do
520
+ rights :read, users: %w(u)
548
521
  end
549
- }.to update_acls([ '/organizations/foo/organizations/_acl', '/users/x/_acl' ],
550
- 'read' => { 'actors' => %w(u) })
522
+ }.to be_updated
523
+ expect(get('/organizations/foo/organizations/_acl')).to partially_match('read' => { 'actors' => %w(u) })
524
+ expect(get('/users/x/_acl')).to partially_match('read' => { 'actors' => %w(u) })
551
525
  end
552
526
  end
553
527
  end
@@ -558,14 +532,12 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
558
532
  end
559
533
 
560
534
  it "chef_acl '/organizations/foo/nodes/*' changes the acl" do
561
- expect {
562
- run_recipe do
563
- chef_acl "/organizations/foo/nodes/*" do
564
- rights :read, :users => 'u'
565
- end
535
+ expect_recipe {
536
+ chef_acl "/organizations/foo/nodes/*" do
537
+ rights :read, users: %w(u)
566
538
  end
567
- }.to update_acls("/organizations/foo/nodes/x/_acl", 'read' => { 'actors' => %w(u) })
568
- expect {}.not_to update_acls("/organizations/bar/nodes/x/_acl", 'read' => { 'actors' => %w(u) })
539
+ }.to be_updated
540
+ expect(get("/organizations/foo/nodes/x/_acl")).to partially_match('read' => { 'actors' => %w(u) })
569
541
  end
570
542
  end
571
543
 
@@ -575,14 +547,12 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
575
547
  end
576
548
 
577
549
  it "chef_acl '/organizations/foo/nodes/*' changes the acl" do
578
- expect {
579
- run_recipe do
580
- chef_acl "/organizations/foo/nodes/*" do
581
- rights :read, :users => 'u'
582
- end
550
+ expect_recipe {
551
+ chef_acl "/organizations/foo/nodes/*" do
552
+ rights :read, users: %w(u)
583
553
  end
584
- }.to update_acls("/organizations/foo/nodes/x/_acl", 'read' => { 'actors' => %w(u) })
585
- expect {}.not_to update_acls("/organizations/bar/nodes/x/_acl", 'read' => { 'actors' => %w(u) })
554
+ }.to be_updated
555
+ expect(get("/organizations/foo/nodes/x/_acl")).to partially_match('read' => { 'actors' => %w(u) })
586
556
  end
587
557
  end
588
558
  end
@@ -602,89 +572,88 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
602
572
 
603
573
  %w(clients containers cookbooks data environments groups nodes roles sandboxes).each do |type|
604
574
  it "chef_acl #{type}/x' changes the acl" do
605
- expect {
606
- run_recipe do
607
- chef_acl "#{type}/x" do
608
- rights :read, :users => 'u'
609
- end
575
+ expect_recipe {
576
+ chef_acl "#{type}/x" do
577
+ rights :read, users: %w(u)
610
578
  end
611
- }.to update_acls("#{type}/x/_acl", 'read' => { 'actors' => %w(u) })
579
+ }.to be_updated
580
+ expect(get("#{type}/x/_acl")).to partially_match('read' => { 'actors' => %w(u) })
612
581
  end
613
582
  end
614
583
 
615
584
  %w(clients containers cookbooks data environments groups nodes roles).each do |type|
616
585
  it "chef_acl '#{type}/*' changes the acl" do
617
- expect {
618
- run_recipe do
619
- chef_acl "#{type}/*" do
620
- rights :read, :users => 'u'
621
- end
586
+ expect_recipe {
587
+ chef_acl "#{type}/*" do
588
+ rights :read, users: %w(u)
622
589
  end
623
- }.to update_acls("#{type}/x/_acl", 'read' => { 'actors' => %w(u) })
590
+ }.to be_updated
591
+ expect(get("#{type}/x/_acl")).to partially_match('read' => { 'actors' => %w(u) })
624
592
  end
625
593
  end
626
594
 
627
595
  it "chef_acl '*/x' changes the acls" do
628
- expect {
629
- run_recipe do
630
- chef_acl "*/x" do
631
- rights :read, :users => 'u'
632
- end
633
- end
634
- }.to update_acls(%w(clients containers cookbooks data environments groups nodes roles sandboxes).map { |type| "#{type}/x/_acl" },
635
- 'read' => { 'actors' => %w(u) })
596
+ expect_recipe {
597
+ chef_acl "*/x" do
598
+ rights :read, users: %w(u)
599
+ end
600
+ }.to be_updated
601
+ %w(clients containers cookbooks data environments groups nodes roles sandboxes).each do |type|
602
+ expect(get("#{type}/x/_acl")).to partially_match(
603
+ 'read' => { 'actors' => %w(u) })
604
+ end
636
605
  end
637
606
 
638
607
  it "chef_acl '*/*' changes the acls" do
639
- expect {
640
- run_recipe do
641
- chef_acl "*/*" do
642
- rights :read, :users => 'u'
643
- end
644
- end
645
- }.to update_acls(%w(clients containers cookbooks data environments groups nodes roles).map { |type| "#{type}/x/_acl" },
646
- 'read' => { 'actors' => %w(u) })
608
+ expect_recipe {
609
+ chef_acl "*/*" do
610
+ rights :read, users: %w(u)
611
+ end
612
+ }.to be_updated
613
+ %w(clients containers cookbooks data environments groups nodes roles).each do |type|
614
+ expect(get("#{type}/x/_acl")).to partially_match(
615
+ 'read' => { 'actors' => %w(u) })
616
+ end
647
617
  end
648
618
 
649
619
  it "chef_acl 'groups/*' changes the acl" do
650
- expect {
651
- run_recipe do
652
- chef_acl "groups/*" do
653
- rights :read, :users => 'u'
654
- end
655
- end
656
- }.to update_acls(%w(admins billing-admins clients users x).map { |n| "groups/#{n}/_acl" },
657
- 'read' => { 'actors' => %w(u) })
620
+ expect_recipe {
621
+ chef_acl "groups/*" do
622
+ rights :read, users: %w(u)
623
+ end
624
+ }.to be_updated
625
+ %w(admins billing-admins clients users x).each do |n|
626
+ expect(get("groups/#{n}/_acl")).to partially_match(
627
+ 'read' => { 'actors' => %w(u) })
628
+ end
658
629
  end
659
630
 
660
631
  it 'chef_acl "data_bags/x" changes the acl' do
661
- expect {
662
- run_recipe do
663
- chef_acl 'data_bags/x' do
664
- rights :read, :users => 'u'
665
- end
632
+ expect_recipe {
633
+ chef_acl 'data_bags/x' do
634
+ rights :read, users: %w(u)
666
635
  end
667
- }.to update_acls('data/x/_acl', 'read' => { 'actors' => %w(u) })
636
+ }.to be_updated
637
+ expect(get('data/x/_acl')).to partially_match('read' => { 'actors' => %w(u) })
668
638
  end
669
639
 
670
640
  it 'chef_acl "data_bags/*" changes the acl' do
671
- expect {
672
- run_recipe do
673
- chef_acl 'data_bags/*' do
674
- rights :read, :users => 'u'
675
- end
641
+ expect_recipe {
642
+ chef_acl 'data_bags/*' do
643
+ rights :read, users: %w(u)
676
644
  end
677
- }.to update_acls('data/x/_acl', 'read' => { 'actors' => %w(u) })
645
+ }.to be_updated
646
+ expect(get('data/x/_acl')).to partially_match('read' => { 'actors' => %w(u) })
678
647
  end
679
648
 
680
649
  it 'chef_acl "" changes the organization acl' do
681
- expect {
682
- run_recipe do
683
- chef_acl '' do
684
- rights :read, :users => 'u'
685
- end
650
+ expect_recipe {
651
+ chef_acl '' do
652
+ rights :read, users: %w(u)
686
653
  end
687
- }.to update_acls([ '/organizations/_acl', 'nodes/x/_acl' ], 'read' => { 'actors' => %w(u) })
654
+ }.to be_updated
655
+ expect(get('/organizations/_acl')).to partially_match('read' => { 'actors' => %w(u) })
656
+ expect(get('nodes/x/_acl')).to partially_match('read' => { 'actors' => %w(u) })
688
657
  end
689
658
  end
690
659
  end
@@ -707,57 +676,54 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
707
676
 
708
677
  %w(clients containers cookbooks data environments groups nodes roles sandboxes).each do |type|
709
678
  it "chef_acl '/organizations/foo/#{type}' changes the acl" do
710
- expect {
711
- run_recipe do
712
- chef_acl "/organizations/foo/#{type}" do
713
- rights :read, :users => 'u'
714
- end
679
+ expect_recipe {
680
+ chef_acl "/organizations/foo/#{type}" do
681
+ rights :read, users: %w(u)
715
682
  end
716
- }.to update_acls("/organizations/foo/containers/#{type}/_acl", 'read' => { 'actors' => %w(u) })
683
+ }.to be_updated
684
+ expect(get("/organizations/foo/containers/#{type}/_acl")).to partially_match('read' => { 'actors' => %w(u) })
717
685
  end
718
686
  end
719
687
 
720
688
  %w(clients containers cookbooks data environments groups nodes roles).each do |type|
721
689
  it "chef_acl '/*/*/#{type}' changes the acl" do
722
- expect {
723
- run_recipe do
724
- chef_acl "/*/*/#{type}" do
725
- rights :read, :users => 'u'
726
- end
690
+ expect_recipe {
691
+ chef_acl "/*/*/#{type}" do
692
+ rights :read, users: %w(u)
727
693
  end
728
- }.to update_acls("/organizations/foo/containers/#{type}/_acl", 'read' => { 'actors' => %w(u) })
694
+ }.to be_updated
695
+ expect(get("/organizations/foo/containers/#{type}/_acl")).to partially_match('read' => { 'actors' => %w(u) })
729
696
  end
730
697
  end
731
698
 
732
699
  it "chef_acl '/*/*/*' changes the acls" do
733
- expect {
734
- run_recipe do
735
- chef_acl "/*/*/*" do
736
- rights :read, :users => 'u'
737
- end
738
- end
739
- }.to update_acls(%w(clients containers cookbooks data environments groups nodes roles sandboxes).map { |type| "/organizations/foo/containers/#{type}/_acl" },
740
- 'read' => { 'actors' => %w(u) })
700
+ expect_recipe {
701
+ chef_acl "/*/*/*" do
702
+ rights :read, users: %w(u)
703
+ end
704
+ }.to be_updated
705
+ %w(clients containers cookbooks data environments groups nodes roles sandboxes).each do |type|
706
+ expect(get("/organizations/foo/containers/#{type}/_acl")).to partially_match(
707
+ 'read' => { 'actors' => %w(u) })
708
+ end
741
709
  end
742
710
 
743
711
  it 'chef_acl "/organizations/foo/data_bags" changes the acl' do
744
- expect {
745
- run_recipe do
746
- chef_acl '/organizations/foo/data_bags' do
747
- rights :read, :users => 'u'
748
- end
712
+ expect_recipe {
713
+ chef_acl '/organizations/foo/data_bags' do
714
+ rights :read, users: %w(u)
749
715
  end
750
- }.to update_acls('/organizations/foo/containers/data/_acl', 'read' => { 'actors' => %w(u) })
716
+ }.to be_updated
717
+ expect(get('/organizations/foo/containers/data/_acl')).to partially_match('read' => { 'actors' => %w(u) })
751
718
  end
752
719
 
753
720
  it 'chef_acl "/*/*/data_bags" changes the acl' do
754
- expect {
755
- run_recipe do
756
- chef_acl '/*/*/data_bags' do
757
- rights :read, :users => 'u'
758
- end
721
+ expect_recipe {
722
+ chef_acl '/*/*/data_bags' do
723
+ rights :read, users: %w(u)
759
724
  end
760
- }.to update_acls('/organizations/foo/containers/data/_acl', 'read' => { 'actors' => %w(u) })
725
+ }.to be_updated
726
+ expect(get('/organizations/foo/containers/data/_acl')).to partially_match('read' => { 'actors' => %w(u) })
761
727
  end
762
728
  end
763
729
 
@@ -776,25 +742,25 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
776
742
 
777
743
  %w(clients containers cookbooks data environments groups nodes roles sandboxes).each do |type|
778
744
  it "chef_acl #{type}' changes the acl" do
779
- expect {
780
- run_recipe do
781
- chef_acl "#{type}" do
782
- rights :read, :users => 'u'
783
- end
745
+ expect_recipe {
746
+ chef_acl "#{type}" do
747
+ rights :read, users: %w(u)
784
748
  end
785
- }.to update_acls("containers/#{type}/_acl", 'read' => { 'actors' => %w(u) })
749
+ }.to be_updated
750
+ expect(get("containers/#{type}/_acl")).to partially_match('read' => { 'actors' => %w(u) })
786
751
  end
787
752
  end
788
753
 
789
754
  it "chef_acl '*' changes the acls" do
790
- expect {
791
- run_recipe do
792
- chef_acl "*" do
793
- rights :read, :users => 'u'
794
- end
795
- end
796
- }.to update_acls(%w(clients containers cookbooks data environments groups nodes roles sandboxes).map { |type| "containers/#{type}/_acl" },
797
- 'read' => { 'actors' => %w(u) })
755
+ expect_recipe {
756
+ chef_acl "*" do
757
+ rights :read, users: %w(u)
758
+ end
759
+ }.to be_updated
760
+ %w(clients containers cookbooks data environments groups nodes roles sandboxes).each do |type|
761
+ expect(get("containers/#{type}/_acl")).to partially_match(
762
+ 'read' => { 'actors' => %w(u) })
763
+ end
798
764
  end
799
765
  end
800
766
  end
@@ -814,53 +780,54 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
814
780
  end
815
781
 
816
782
  it 'chef_acl with remove_rights "u" removes the user\'s rights' do
817
- expect {
818
- run_recipe do
819
- chef_acl "nodes/x" do
820
- remove_rights :read, :users => 'u'
821
- end
783
+ expect_recipe {
784
+ chef_acl "nodes/x" do
785
+ remove_rights :read, users: %w(u)
822
786
  end
823
- }.to update_acls("nodes/x/_acl", 'read' => { 'actors' => %w(-u) })
787
+ }.to be_updated
788
+ expect(get("nodes/x/_acl")).to partially_match('read' => { 'actors' => exclude('u') })
824
789
  end
825
790
 
826
791
  it 'chef_acl with remove_rights "c" removes the client\'s rights' do
827
- expect {
828
- run_recipe do
829
- chef_acl "nodes/x" do
830
- remove_rights :read, :clients => 'c'
831
- end
792
+ expect_recipe {
793
+ chef_acl "nodes/x" do
794
+ remove_rights :read, clients: %w(c)
832
795
  end
833
- }.to update_acls("nodes/x/_acl", 'read' => { 'actors' => %w(-c) })
796
+ }.to be_updated
797
+ expect(get("nodes/x/_acl")).to partially_match('read' => { 'actors' => exclude('c') })
834
798
  end
835
799
 
836
800
  it 'chef_acl with remove_rights "g" removes the group\'s rights' do
837
- expect {
838
- run_recipe do
839
- chef_acl "nodes/x" do
840
- remove_rights :read, :groups => 'g'
841
- end
801
+ expect_recipe {
802
+ chef_acl "nodes/x" do
803
+ remove_rights :read, groups: %w(g)
842
804
  end
843
- }.to update_acls("nodes/x/_acl", 'read' => { 'groups' => %w(-g) })
805
+ }.to be_updated
806
+ expect(get("nodes/x/_acl")).to partially_match(
807
+ 'read' => { 'groups' => exclude('g') }
808
+ )
844
809
  end
845
810
 
846
811
  it 'chef_acl with remove_rights [ :create, :read ], "u", "c", "g" removes all three' do
847
- expect {
848
- run_recipe do
849
- chef_acl "nodes/x" do
850
- remove_rights [ :create, :read ], :users => 'u', :clients => 'c', :groups => 'g'
851
- end
852
- end
853
- }.to update_acls("nodes/x/_acl", 'create' => { 'actors' => %w(-u -c), 'groups' => %w(-g) }, 'read' => { 'actors' => %w(-u -c), 'groups' => %w(-g) })
812
+ expect_recipe {
813
+ chef_acl "nodes/x" do
814
+ remove_rights [ :create, :read ], users: %w(u), clients: %w(c), groups: %w(g)
815
+ end
816
+ }.to be_updated
817
+ expect(get("nodes/x/_acl")).to partially_match(
818
+ 'create' => { 'actors' => exclude('u').and(exclude('c')), 'groups' => exclude('g') },
819
+ 'read' => { 'actors' => exclude('u').and(exclude('c')), 'groups' => exclude('g') }
820
+ )
854
821
  end
855
822
 
856
823
  it 'chef_acl with remove_rights "u2", "c2", "g2" has no effect' do
857
824
  expect {
858
- run_recipe do
825
+ expect_recipe {
859
826
  chef_acl "nodes/x" do
860
- remove_rights :read, :users => 'u2', :clients => 'c2', :groups => 'g2'
827
+ remove_rights :read, users: %w(u2), clients: %w(c2), groups: %w(g2)
861
828
  end
862
- end
863
- }.to update_acls("nodes/x/_acl", {})
829
+ }.to be_up_to_date
830
+ }.not_to change { get("nodes/x/_acl") }
864
831
  end
865
832
  end
866
833
  end
@@ -870,13 +837,12 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
870
837
  node 'data_bags', {}
871
838
 
872
839
  it 'Converging chef_acl "nodes/data_bags" with user "blarghle" adds the user' do
873
- expect {
874
- run_recipe do
875
- chef_acl 'nodes/data_bags' do
876
- rights :read, :users => 'blarghle'
877
- end
840
+ expect_recipe {
841
+ chef_acl 'nodes/data_bags' do
842
+ rights :read, users: %w(blarghle)
878
843
  end
879
- }.to update_acls('nodes/data_bags/_acl', 'read' => { 'actors' => %w(blarghle) })
844
+ }.to be_updated
845
+ expect(get('nodes/data_bags/_acl')).to partially_match('read' => { 'actors' => %w(blarghle) })
880
846
  end
881
847
  end
882
848
 
@@ -887,13 +853,12 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
887
853
  end
888
854
 
889
855
  it 'Converging chef_acl "/organizations/foo/nodes/data_bags" with user "blarghle" adds the user' do
890
- expect {
891
- run_recipe do
892
- chef_acl '/organizations/foo/nodes/data_bags' do
893
- rights :read, :users => 'blarghle'
894
- end
856
+ expect_recipe {
857
+ chef_acl '/organizations/foo/nodes/data_bags' do
858
+ rights :read, users: %w(blarghle)
895
859
  end
896
- }.to update_acls('/organizations/foo/nodes/data_bags/_acl', 'read' => { 'actors' => %w(blarghle) })
860
+ }.to be_updated
861
+ expect(get('/organizations/foo/nodes/data_bags/_acl')).to partially_match('read' => { 'actors' => %w(blarghle) })
897
862
  end
898
863
  end
899
864
 
@@ -902,13 +867,12 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
902
867
  user 'blarghle', {}
903
868
 
904
869
  it 'Converging chef_acl "/users/data_bags" with user "blarghle" adds the user' do
905
- expect {
906
- run_recipe do
907
- chef_acl '/users/data_bags' do
908
- rights :read, :users => 'blarghle'
909
- end
870
+ expect_recipe {
871
+ chef_acl '/users/data_bags' do
872
+ rights :read, users: %w(blarghle)
910
873
  end
911
- }.to update_acls('/users/data_bags/_acl', 'read' => { 'actors' => %w(blarghle) })
874
+ }.to be_updated
875
+ expect(get('/users/data_bags/_acl')).to partially_match('read' => { 'actors' => %w(blarghle) })
912
876
  end
913
877
  end
914
878
  end