cheffish 1.1.2 → 1.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (25) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cheffish/chef_run.rb +13 -0
  3. data/lib/cheffish/rspec.rb +8 -0
  4. data/lib/cheffish/rspec/chef_run_support.rb +19 -52
  5. data/lib/cheffish/rspec/matchers.rb +4 -81
  6. data/lib/cheffish/rspec/matchers/be_idempotent.rb +16 -0
  7. data/lib/cheffish/rspec/matchers/emit_no_warnings_or_errors.rb +15 -0
  8. data/lib/cheffish/rspec/matchers/have_updated.rb +37 -0
  9. data/lib/cheffish/rspec/matchers/partially_match.rb +63 -0
  10. data/lib/cheffish/rspec/recipe_run_wrapper.rb +2 -2
  11. data/lib/cheffish/rspec/repository_support.rb +1 -1
  12. data/lib/cheffish/version.rb +1 -1
  13. data/spec/integration/chef_acl_spec.rb +384 -420
  14. data/spec/integration/chef_client_spec.rb +18 -24
  15. data/spec/integration/chef_container_spec.rb +4 -6
  16. data/spec/integration/chef_group_spec.rb +30 -46
  17. data/spec/integration/chef_mirror_spec.rb +60 -89
  18. data/spec/integration/chef_node_spec.rb +96 -124
  19. data/spec/integration/chef_organization_spec.rb +38 -57
  20. data/spec/integration/chef_user_spec.rb +16 -22
  21. data/spec/integration/private_key_spec.rb +120 -168
  22. data/spec/integration/recipe_dsl_spec.rb +4 -6
  23. data/spec/support/spec_support.rb +1 -2
  24. metadata +13 -8
  25. data/lib/cheffish/rspec/chef_run_wrapper.rb +0 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 0667c4e296b1e3be43fefe384509dbc22e10202b
4
- data.tar.gz: 35be2921f6449bc5f84ff3b3a16e11e3b228e465
3
+ metadata.gz: 6069dfb9d003c9835d32584227f0db27ead80ffe
4
+ data.tar.gz: 76efdfb5364249fcb021c569c2ef5c6b07d4c1a6
5
5
  SHA512:
6
- metadata.gz: 3c4f73cd2e4b8619091566b49638bc5db5e8b8e5d4bb85bf6b0230d9ec9dab7d4f5ea9b24284a01c97a46eb0b48fea91c95bd9dee4e86816b08989ad1c7fe135
7
- data.tar.gz: 8b149e416f184c91e452448fde3f0ebd195d8a4c3ae7c11328238915e1c11f41d197a6a59b57b6c3673607aa18d9894442a5ede6c8743bfc7de4c92ead990133
6
+ metadata.gz: efffb6621cd8b3d4993a587bc099949b2bb7e8f19aaf66fb37d18a60c96149bf68d9ba829e7ec4a831ad917497c112403ee4797c1d4db50a8d740ca1ccdafc4b
7
+ data.tar.gz: 1b0e4bbf57b84a4f98eb223f8dd3993a733808a22ccb88bc553ad7e1d780265dc3563c8d71c5242bc9346e6af4bb4e7954bd645831fb102f071e7846f8f5fe3f
data/lib/cheffish/chef_run.rb CHANGED
@@ -62,11 +62,24 @@ module Cheffish
62
62
  def logs
63
63
  @client ? client.chef_config[:log_location].string : nil
64
64
  end
65
+ def logged_warnings
66
+ logs.lines.select { |l| l =~ /^\[[^\]]*\] WARN:/ }.join("\n")
67
+ end
68
+ def logged_errors
69
+ logs.lines.select { |l| l =~ /^\[[^\]]*\] ERROR:/ }.join("\n")
70
+ end
71
+ def logged_info
72
+ logs.lines.select { |l| l =~ /^\[[^\]]*\] INFO:/ }.join("\n")
73
+ end
65
74
 
66
75
  def resources
67
76
  client.resource_collection
68
77
  end
69
78
 
79
+ def compile_recipe(&recipe)
80
+ client.load_block(&recipe)
81
+ end
82
+
70
83
  def converge
71
84
  begin
72
85
  client.converge
data/lib/cheffish/rspec.rb ADDED
@@ -0,0 +1,8 @@
1
+ require 'cheffish/rspec/chef_run_support'
2
+ require 'cheffish/rspec/repository_support'
3
+ require 'cheffish/rspec/matchers'
4
+
5
+ module Cheffish
6
+ module RSpec
7
+ end
8
+ end
data/lib/cheffish/rspec/chef_run_support.rb CHANGED
@@ -2,9 +2,9 @@ require 'chef_zero/rspec'
2
2
  require 'chef/server_api'
3
3
  require 'cheffish/rspec/repository_support'
4
4
  require 'uri'
5
- require 'cheffish/basic_chef_client'
6
- require 'cheffish/rspec/chef_run_wrapper'
5
+ require 'cheffish/chef_run'
7
6
  require 'cheffish/rspec/recipe_run_wrapper'
7
+ require 'cheffish/rspec/matchers'
8
8
 
9
9
  module Cheffish
10
10
  module RSpec
@@ -24,22 +24,10 @@ module Cheffish
24
24
  end
25
25
  end
26
26
 
27
- def with_recipe(&block)
27
+ def with_converge(&recipe)
28
28
  before :each do
29
- load_recipe(&block)
30
- end
31
-
32
- after :each do
33
- if !chef_client.converge_failed? && !chef_client.converged?
34
- raise "Never tried to converge!"
35
- end
36
- end
37
- end
38
-
39
- def with_converge(&block)
40
- before :each do
41
- load_recipe(&block) if block_given?
42
- converge
29
+ r = recipe(&recipe)
30
+ r.converge
43
31
  end
44
32
  end
45
33
 
@@ -60,49 +48,28 @@ module Cheffish
60
48
  end
61
49
 
62
50
  def expect_recipe(&recipe)
63
- expect(recipe(&recipe))
64
- end
65
-
66
- def recipe(&recipe)
67
- RecipeRunWrapper.new(chef_config, &recipe)
68
- end
69
-
70
- def chef_client
71
- @chef_client ||= ChefRunWrapper.new(chef_config)
72
- end
73
-
74
- def chef_run
75
- converge if !chef_client.converged?
76
- event_sink.events
77
- end
78
-
79
- def event_sink
80
- chef_client.event_sink
51
+ r = recipe(&recipe)
52
+ r.converge
53
+ expect(r)
81
54
  end
82
55
 
83
- def basic_chef_client
84
- chef_client.client
56
+ def expect_converge(&recipe)
57
+ r = recipe(&recipe)
58
+ expect { r.converge }
85
59
  end
86
60
 
87
- def load_recipe(&recipe)
88
- chef_client.client.load_block(&recipe)
89
- end
90
-
91
- def run_recipe(&recipe)
92
- load_recipe(&recipe)
93
- converge
61
+ def recipe(&recipe)
62
+ RecipeRunWrapper.new(chef_config, &recipe)
94
63
  end
95
64
 
96
- def reset_chef_client
97
- @event_sink = nil
98
- @basic_chef_client = nil
65
+ def converge(&recipe)
66
+ r = RecipeRunWrapper.new(chef_config, &recipe)
67
+ r.converge
68
+ r
99
69
  end
100
70
 
101
- def converge
102
- if chef_client.converged?
103
- raise "Already converged! Cannot converge twice, that's bad mojo."
104
- end
105
- chef_client.converge
71
+ def chef_client
72
+ @chef_client ||= ChefRun.new(chef_config)
106
73
  end
107
74
  end
108
75
  end
data/lib/cheffish/rspec/matchers.rb CHANGED
@@ -1,81 +1,4 @@
1
- RSpec::Matchers.define :have_updated do |resource_name, *expected_actions|
2
- match do |actual|
3
- actual_actions = actual.select { |event, resource, action| event == :resource_updated && resource.to_s == resource_name }.map { |event, resource, action| action }
4
- expect(actual_actions).to eq(expected_actions)
5
- end
6
- failure_message do |actual|
7
- updates = actual.select { |event, resource, action| event == :resource_updated }.to_a
8
- result = "expected that the chef_run would #{expected_actions.join(',')} #{resource_name}."
9
- if updates.size > 0
10
- result << " Actual updates were #{updates.map { |event, resource, action| "#{resource.to_s} => #{action.inspect}" }.join(', ')}"
11
- else
12
- result << " Nothing was updated."
13
- end
14
- result
15
- end
16
- failure_message_when_negated do |actual|
17
- updates = actual.select { |event, resource, action| event == :resource_updated }.to_a
18
- result = "expected that the chef_run would not #{expected_actions.join(',')} #{resource_name}."
19
- if updates.size > 0
20
- result << " Actual updates were #{updates.map { |event, resource, action| "#{resource.to_s} => #{action.inspect}" }.join(', ')}"
21
- else
22
- result << " Nothing was updated."
23
- end
24
- result
25
- end
26
- end
27
-
28
- RSpec::Matchers.define :be_idempotent do
29
- match do |recipe|
30
- @recipe = recipe
31
- recipe.reset
32
- recipe.converge
33
- recipe.up_to_date?
34
- end
35
-
36
- failure_message {
37
- "#{@recipe} is not idempotent! Converging it a second time caused updates.\n#{@recipe.output_for_failure_message}"
38
- }
39
- end
40
-
41
-
42
- RSpec::Matchers.define :update_acls do |acl_paths, expected_acls|
43
-
44
- errors = []
45
-
46
- match do |block|
47
- orig_json = {}
48
- Array(acl_paths).each do |acl_path|
49
- orig_json[acl_path] = get(acl_path)
50
- end
51
-
52
- block.call
53
-
54
- orig_json.each_pair do |acl_path, orig|
55
- changed = get(acl_path)
56
- expected_acls.each do |permission, hash|
57
- hash.each do |type, actors|
58
- actors.each do |actor|
59
- if actor[0] == '-'
60
- actor = actor[1..-1]
61
- errors << "#{acl_path} expected to remove #{type} #{actor} from #{permission} permissions" if changed[permission][type].include?(actor)
62
- orig[permission][type].delete(actor)
63
- else
64
- errors << "#{acl_path} expected to add #{type} #{actor} to #{permission} permissions" if !changed[permission][type].include?(actor)
65
- changed[permission][type].delete(actor)
66
- end
67
- end
68
- end
69
- end
70
- # After checking everything, see if the remaining acl is the same as before
71
- errors << "#{acl_path} updated more than expected!\nActual:\n#{changed}\nExpected:\n#{orig}" if changed != orig
72
- end
73
- errors.size == 0
74
- end
75
-
76
- failure_message do |block|
77
- errors.join("\n")
78
- end
79
-
80
- supports_block_expectations
81
- end
1
+ require 'cheffish/rspec/matchers/have_updated'
2
+ require 'cheffish/rspec/matchers/be_idempotent'
3
+ require 'cheffish/rspec/matchers/partially_match'
4
+ require 'cheffish/rspec/matchers/emit_no_warnings_or_errors'
data/lib/cheffish/rspec/matchers/be_idempotent.rb ADDED
@@ -0,0 +1,16 @@
1
+ require 'rspec/matchers'
2
+
3
+ RSpec::Matchers.define :be_idempotent do
4
+ match do |recipe|
5
+ @recipe = recipe
6
+ recipe.reset
7
+ recipe.converge
8
+ recipe.up_to_date?
9
+ end
10
+
11
+ failure_message {
12
+ "#{@recipe} is not idempotent! Converging it a second time caused updates.\n#{@recipe.output_for_failure_message}"
13
+ }
14
+
15
+ supports_block_expectations
16
+ end
data/lib/cheffish/rspec/matchers/emit_no_warnings_or_errors.rb ADDED
@@ -0,0 +1,15 @@
1
+ require 'rspec/matchers'
2
+
3
+ RSpec::Matchers.define :emit_no_warnings_or_errors do
4
+ match do |recipe|
5
+ @recipe = recipe
6
+ @warn_err = recipe.logs.lines.select { |l| l =~ /warn|err/i }.join("\n")
7
+ @warn_err.empty?
8
+ end
9
+
10
+ failure_message {
11
+ "#{@recipe} emitted warnings and errors!\n#{@warn_err}"
12
+ }
13
+
14
+ supports_block_expectations
15
+ end
data/lib/cheffish/rspec/matchers/have_updated.rb ADDED
@@ -0,0 +1,37 @@
1
+ require 'rspec/matchers'
2
+
3
+ RSpec::Matchers.define :have_updated do |resource_name, *expected_actions|
4
+ match do |recipe|
5
+ @recipe = recipe
6
+ actual = @recipe.event_sink.events
7
+ actual_actions = actual.select { |event, resource, action| event == :resource_updated && resource.to_s == resource_name }.
8
+ map { |event, resource, action| action }
9
+ expect(actual_actions).to eq(expected_actions)
10
+ end
11
+
12
+ failure_message do
13
+ actual = @recipe.event_sink.events
14
+ updates = actual.select { |event, resource, action| event == :resource_updated }.to_a
15
+ result = "expected that the chef_run would #{expected_actions.join(',')} #{resource_name}."
16
+ if updates.size > 0
17
+ result << " Actual updates were #{updates.map { |event, resource, action| "#{resource.to_s} => #{action.inspect}" }.join(', ')}"
18
+ else
19
+ result << " Nothing was updated."
20
+ end
21
+ result
22
+ end
23
+
24
+ failure_message_when_negated do
25
+ actual = @recipe.event_sink.events
26
+ updates = actual.select { |event, resource, action| event == :resource_updated }.to_a
27
+ result = "expected that the chef_run would not #{expected_actions.join(',')} #{resource_name}."
28
+ if updates.size > 0
29
+ result << " Actual updates were #{updates.map { |event, resource, action| "#{resource.to_s} => #{action.inspect}" }.join(', ')}"
30
+ else
31
+ result << " Nothing was updated."
32
+ end
33
+ result
34
+ end
35
+ end
36
+
37
+ RSpec::Matchers.define_negated_matcher :not_have_updated, :have_updated
data/lib/cheffish/rspec/matchers/partially_match.rb ADDED
@@ -0,0 +1,63 @@
1
+ module Cheffish
2
+ module RSpec
3
+ module Matchers
4
+ class PartiallyMatch
5
+ include ::RSpec::Matchers::Composable
6
+
7
+ def initialize(example, expected)
8
+ @example = example
9
+ @expected = expected
10
+ end
11
+
12
+ def matches?(actual)
13
+ @actual = actual
14
+ partially_matches_values(@expected, actual)
15
+ end
16
+
17
+ def failure_message
18
+ "expected #{@actual} to match #{@expected}"
19
+ end
20
+
21
+ def failure_message_when_negated
22
+ "expected #{@actual} not to match #{@expected}"
23
+ end
24
+
25
+ protected
26
+
27
+ def partially_matches_values(expected, actual)
28
+ if Hash === actual
29
+ return partially_matches_hashes(expected, actual) if Hash === expected || Array === expected
30
+ elsif Array === expected && Enumerable === actual && !(Struct === actual)
31
+ return partially_matches_arrays(expected, actual)
32
+ end
33
+
34
+ return true if actual == expected
35
+
36
+ begin
37
+ expected === actual
38
+ rescue ArgumentError
39
+ # Some objects, like 0-arg lambdas on 1.9+, raise
40
+ # ArgumentError for `expected === actual`.
41
+ false
42
+ end
43
+ end
44
+
45
+ def partially_matches_hashes(expected, actual)
46
+ expected.all? { |key, value| partially_matches_values(value, actual[key]) }
47
+ end
48
+
49
+ def partially_matches_arrays(expected, actual)
50
+ expected.all? { |e| actual.any? { |a| partially_matches_values(e, a) } }
51
+ end
52
+ end
53
+ end
54
+ end
55
+ end
56
+
57
+ module RSpec
58
+ module Matchers
59
+ def partially_match(expected)
60
+ Cheffish::RSpec::Matchers::PartiallyMatch.new(self, expected)
61
+ end
62
+ end
63
+ end
data/lib/cheffish/rspec/recipe_run_wrapper.rb CHANGED
@@ -1,8 +1,8 @@
1
- require 'cheffish/rspec/chef_run_wrapper'
1
+ require 'cheffish/chef_run'
2
2
 
3
3
  module Cheffish
4
4
  module RSpec
5
- class RecipeRunWrapper < ChefRunWrapper
5
+ class RecipeRunWrapper < ChefRun
6
6
  def initialize(chef_config, &recipe)
7
7
  super(chef_config)
8
8
  @recipe = recipe
data/lib/cheffish/rspec/repository_support.rb CHANGED
@@ -9,7 +9,7 @@ module Cheffish
9
9
  end
10
10
  end
11
11
 
12
- RSpec.shared_context "with a chef repo" do
12
+ ::RSpec.shared_context "with a chef repo" do
13
13
  before :each do
14
14
  raise "Can only create one directory per test" if @repository_dir
15
15
  @repository_dir = Dir.mktmpdir('chef_repo')
data/lib/cheffish/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Cheffish
2
- VERSION = '1.1.2'
2
+ VERSION = '1.2'
3
3
  end
data/spec/integration/chef_acl_spec.rb CHANGED
@@ -9,34 +9,31 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
9
9
  describe Chef::Resource::ChefAcl do
10
10
  extend Cheffish::RSpec::ChefRunSupport
11
11
 
12
+ # let(:chef_config) { super().merge(log_level: :debug, stdout: STDOUT, stderr: STDERR, log_location: STDOUT) }
13
+
12
14
  context "Rights attributes" do
13
15
  when_the_chef_server 'has a node named x', :osc_compat => false do
14
16
  node 'x', {}
15
17
 
16
18
  it 'Converging chef_acl "nodes/x" changes nothing' do
17
- expect {
18
- run_recipe do
19
- chef_acl 'nodes/x'
20
- end
21
- }.to update_acls('nodes/x/_acl', {})
19
+ expect_recipe {
20
+ chef_acl 'nodes/x'
21
+ }.to be_up_to_date
22
+ expect(get('nodes/x/_acl')).to partially_match({})
22
23
  end
23
24
 
24
25
  it 'Converging chef_acl "nodes/x" with "complete true" and no rights raises an error' do
25
- expect {
26
- run_recipe do
27
- chef_acl 'nodes/x' do
28
- complete true
29
- end
26
+ expect_converge {
27
+ chef_acl 'nodes/x' do
28
+ complete true
30
29
  end
31
30
  }.to raise_error(RuntimeError)
32
31
  end
33
32
 
34
33
  it 'Removing all :grant rights from a node raises an error' do
35
- expect {
36
- run_recipe do
37
- chef_acl 'nodes/x' do
38
- remove_rights :grant, :users => 'pivotal', :groups => %w(admins users clients)
39
- end
34
+ expect_converge {
35
+ chef_acl 'nodes/x' do
36
+ remove_rights :grant, users: %w(pivotal), groups: %w(admins users clients)
40
37
  end
41
38
  }.to raise_error(RuntimeError)
42
39
  end
@@ -45,61 +42,57 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
45
42
  user 'blarghle', {}
46
43
 
47
44
  it 'Converging chef_acl "nodes/x" with user "blarghle" adds the user' do
48
- expect {
49
- run_recipe do
50
- chef_acl 'nodes/x' do
51
- rights :read, :users => 'blarghle'
52
- end
45
+ expect_recipe {
46
+ chef_acl 'nodes/x' do
47
+ rights :read, users: %w(blarghle)
53
48
  end
54
- }.to update_acls('nodes/x/_acl', 'read' => { 'actors' => %w(blarghle) })
49
+ }.to be_updated
50
+ expect(get('nodes/x/_acl')).to partially_match('read' => { 'actors' => %w(blarghle) })
55
51
  end
56
52
 
57
53
  it 'Converging chef_acl "nodes/x" with "complete true" removes all ACLs except those specified' do
58
- expect {
59
- run_recipe do
60
- chef_acl 'nodes/x' do
61
- rights :grant, :users => 'blarghle'
62
- complete true
63
- end
54
+ expect_recipe {
55
+ chef_acl 'nodes/x' do
56
+ rights :grant, users: %w(blarghle)
57
+ complete true
64
58
  end
65
- }.to update_acls('nodes/x/_acl', {
66
- "create"=>{"actors"=>["-pivotal"], "groups"=>["-admins", "-users", "-clients"]},
67
- "read" =>{"actors"=>["-pivotal"], "groups"=>["-admins", "-users", "-clients"]},
68
- "update"=>{"actors"=>["-pivotal"], "groups"=>["-admins", "-users"]},
69
- "delete"=>{"actors"=>["-pivotal"], "groups"=>["-admins", "-users"]},
70
- "grant" =>{"actors"=>["-pivotal", "blarghle"], "groups"=>["-admins"]}
71
- })
59
+ }.to be_updated
60
+ expect(get('nodes/x/_acl')).to eq(
61
+ "create"=>{"actors"=>[], "groups"=>[]},
62
+ "read" =>{"actors"=>[], "groups"=>[]},
63
+ "update"=>{"actors"=>[], "groups"=>[]},
64
+ "delete"=>{"actors"=>[], "groups"=>[]},
65
+ "grant" =>{"actors"=>["blarghle"], "groups"=>[]}
66
+ )
72
67
  end
73
68
  end
74
69
 
75
70
  it 'Converging chef_acl "nodes/x" with "complete true" removes all ACLs except those specified in :all' do
76
- expect {
77
- run_recipe do
78
- chef_acl 'nodes/x' do
79
- rights :all, :users => 'blarghle'
80
- complete true
81
- end
82
- end
83
- }.to update_acls('nodes/x/_acl', {
84
- "create"=>{"actors"=>["-pivotal", "blarghle"], "groups"=>["-admins", "-users", "-clients"]},
85
- "read" =>{"actors"=>["-pivotal", "blarghle"], "groups"=>["-admins", "-users", "-clients"]},
86
- "update"=>{"actors"=>["-pivotal", "blarghle"], "groups"=>["-admins", "-users"]},
87
- "delete"=>{"actors"=>["-pivotal", "blarghle"], "groups"=>["-admins", "-users"]},
88
- "grant" =>{"actors"=>["-pivotal", "blarghle"], "groups"=>["-admins"]}
89
- })
71
+ expect_recipe {
72
+ chef_acl 'nodes/x' do
73
+ rights :all, users: %w(blarghle)
74
+ complete true
75
+ end
76
+ }.to be_updated
77
+ expect(get('nodes/x/_acl')).to eq(
78
+ "create"=>{"actors"=>["blarghle"], "groups"=>[]},
79
+ "read" =>{"actors"=>["blarghle"], "groups"=>[]},
80
+ "update"=>{"actors"=>["blarghle"], "groups"=>[]},
81
+ "delete"=>{"actors"=>["blarghle"], "groups"=>[]},
82
+ "grant" =>{"actors"=>["blarghle"], "groups"=>[]}
83
+ )
90
84
  end
91
85
 
92
86
  context 'and a client "blarghle"' do
93
87
  user 'blarghle', {}
94
88
 
95
89
  it 'Converging chef_acl "nodes/x" with client "blarghle" adds the client' do
96
- expect {
97
- run_recipe do
98
- chef_acl 'nodes/x' do
99
- rights :read, :clients => 'blarghle'
100
- end
90
+ expect_recipe {
91
+ chef_acl 'nodes/x' do
92
+ rights :read, clients: %w(blarghle)
101
93
  end
102
- }.to update_acls('nodes/x/_acl', 'read' => { 'actors' => %w(blarghle) })
94
+ }.to be_updated
95
+ expect(get('nodes/x/_acl')).to partially_match('read' => { 'actors' => %w(blarghle) })
103
96
  end
104
97
  end
105
98
 
@@ -107,13 +100,12 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
107
100
  group 'blarghle', {}
108
101
 
109
102
  it 'Converging chef_acl "nodes/x" with group "blarghle" adds the group' do
110
- expect {
111
- run_recipe do
112
- chef_acl 'nodes/x' do
113
- rights :read, :groups => 'blarghle'
114
- end
103
+ expect_recipe {
104
+ chef_acl 'nodes/x' do
105
+ rights :read, groups: %w(blarghle)
115
106
  end
116
- }.to update_acls('nodes/x/_acl', 'read' => { 'groups' => %w(blarghle) })
107
+ }.to be_updated
108
+ expect(get('nodes/x/_acl')).to partially_match('read' => { 'groups' => %w(blarghle) })
117
109
  end
118
110
  end
119
111
 
@@ -129,41 +121,38 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
129
121
  group 'g3', {}
130
122
 
131
123
  it 'Converging chef_acl "nodes/x" with multiple groups, users and clients in an acl makes the appropriate changes' do
132
- expect {
133
- run_recipe do
134
- chef_acl 'nodes/x' do
135
- rights :create, :users => [ 'u1', 'u2', 'u3' ], :clients => [ 'c1', 'c2', 'c3' ], :groups => [ 'g1', 'g2', 'g3' ]
136
- end
124
+ expect_recipe {
125
+ chef_acl 'nodes/x' do
126
+ rights :create, users: [ 'u1', 'u2', 'u3' ], clients: [ 'c1', 'c2', 'c3' ], groups: [ 'g1', 'g2', 'g3' ]
137
127
  end
138
- }.to update_acls('nodes/x/_acl',
128
+ }.to be_updated
129
+ expect(get('nodes/x/_acl')).to partially_match(
139
130
  'create' => { 'groups' => %w(g1 g2 g3), 'actors' => %w(u1 u2 u3 c1 c2 c3) }
140
131
  )
141
132
  end
142
133
 
143
134
  it 'Converging chef_acl "nodes/x" with multiple groups, users and clients across multiple "rights" groups makes the appropriate changes' do
144
- expect {
145
- run_recipe do
146
- chef_acl 'nodes/x' do
147
- rights :create, :users => %w(u1), :clients => 'c1', :groups => 'g1'
148
- rights :create, :users => %w(u2 u3), :clients => %w(c2 c3), :groups => 'g2'
149
- rights :read, :users => 'u1'
150
- rights :read, :groups => 'g1'
151
- end
135
+ expect_recipe {
136
+ chef_acl 'nodes/x' do
137
+ rights :create, users: %w(u1), clients: %w(c1), groups: %w(g1)
138
+ rights :create, users: %w(u2 u3), clients: %w(c2 c3), groups: %w(g2)
139
+ rights :read, users: %w(u1)
140
+ rights :read, groups: %w(g1)
152
141
  end
153
- }.to update_acls('nodes/x/_acl',
142
+ }.to be_updated
143
+ expect(get('nodes/x/_acl')).to partially_match(
154
144
  'create' => { 'groups' => %w(g1 g2), 'actors' => %w(u1 u2 u3 c1 c2 c3) },
155
145
  'read' => { 'groups' => %w(g1), 'actors' => %w(u1) }
156
146
  )
157
147
  end
158
148
 
159
149
  it 'Converging chef_acl "nodes/x" with rights [ :read, :create, :update, :delete, :grant ] modifies all rights' do
160
- expect {
161
- run_recipe do
162
- chef_acl 'nodes/x' do
163
- rights [ :create, :read, :update, :delete, :grant ], :users => %w(u1 u2), :clients => 'c1', :groups => 'g1'
164
- end
150
+ expect_recipe {
151
+ chef_acl 'nodes/x' do
152
+ rights [ :create, :read, :update, :delete, :grant ], users: %w(u1 u2), clients: %w(c1), groups: %w(g1)
165
153
  end
166
- }.to update_acls('nodes/x/_acl',
154
+ }.to be_updated
155
+ expect(get('nodes/x/_acl')).to partially_match(
167
156
  'create' => { 'groups' => %w(g1), 'actors' => %w(u1 u2 c1) },
168
157
  'read' => { 'groups' => %w(g1), 'actors' => %w(u1 u2 c1) },
169
158
  'update' => { 'groups' => %w(g1), 'actors' => %w(u1 u2 c1) },
@@ -173,13 +162,12 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
173
162
  end
174
163
 
175
164
  it 'Converging chef_acl "nodes/x" with rights :all modifies all rights' do
176
- expect {
177
- run_recipe do
178
- chef_acl 'nodes/x' do
179
- rights :all, :users => %w(u1 u2), :clients => 'c1', :groups => 'g1'
180
- end
165
+ expect_recipe {
166
+ chef_acl 'nodes/x' do
167
+ rights :all, users: %w(u1 u2), clients: %w(c1), groups: %w(g1)
181
168
  end
182
- }.to update_acls('nodes/x/_acl',
169
+ }.to be_updated
170
+ expect(get('nodes/x/_acl')).to partially_match(
183
171
  'create' => { 'groups' => %w(g1), 'actors' => %w(u1 u2 c1) },
184
172
  'read' => { 'groups' => %w(g1), 'actors' => %w(u1 u2 c1) },
185
173
  'update' => { 'groups' => %w(g1), 'actors' => %w(u1 u2 c1) },
@@ -190,10 +178,8 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
190
178
  end
191
179
 
192
180
  it 'Converging chef_acl "nodes/y" throws a 404' do
193
- expect {
194
- run_recipe do
195
- chef_acl 'nodes/y'
196
- end
181
+ expect_converge {
182
+ chef_acl 'nodes/y'
197
183
  }.to raise_error(Net::HTTPServerException)
198
184
  end
199
185
  end
@@ -205,13 +191,12 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
205
191
  end
206
192
 
207
193
  it 'Converging chef_acl "nodes/x" with that user changes nothing' do
208
- expect {
209
- run_recipe do
210
- chef_acl 'nodes/x' do
211
- rights :read, :users => 'blarghle'
212
- end
194
+ expect_recipe {
195
+ chef_acl 'nodes/x' do
196
+ rights :read, users: %w(blarghle)
213
197
  end
214
- }.to update_acls('nodes/x/_acl', {})
198
+ }.to be_up_to_date
199
+ expect(get('nodes/x/_acl')).to partially_match({})
215
200
  end
216
201
  end
217
202
 
@@ -227,22 +212,23 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
227
212
  end
228
213
 
229
214
  it 'Converging chef_acl "nodes/x" with remove_rights :all removes foo from everything' do
230
- expect {
231
- run_recipe do
232
- chef_acl 'nodes/x' do
233
- remove_rights :all, :users => 'foo'
234
- end
235
- end
236
- }.to update_acls('nodes/x/_acl',
237
- 'create' => { 'actors' => %w(-foo) },
238
- 'read' => { 'actors' => %w(-foo) },
239
- 'update' => { 'actors' => %w(-foo) },
240
- 'delete' => { 'actors' => %w(-foo) },
241
- 'grant' => { 'actors' => %w(-foo) },
215
+ expect_recipe {
216
+ chef_acl 'nodes/x' do
217
+ remove_rights :all, users: %w(foo)
218
+ end
219
+ }.to be_updated
220
+ expect(get('nodes/x/_acl')).to partially_match(
221
+ 'create' => { 'actors' => exclude('foo') },
222
+ 'read' => { 'actors' => exclude('foo') },
223
+ 'update' => { 'actors' => exclude('foo') },
224
+ 'delete' => { 'actors' => exclude('foo') },
225
+ 'grant' => { 'actors' => exclude('foo') },
242
226
  )
243
227
  end
244
228
  end
245
229
 
230
+ ::RSpec::Matchers.define_negated_matcher :exclude, :include
231
+
246
232
  context 'recursive' do
247
233
  when_the_chef_server 'has a nodes container with user blarghle in its acl', :osc_compat => false do
248
234
  user 'blarghle', {}
@@ -253,67 +239,70 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
253
239
 
254
240
  it 'Converging chef_acl "nodes" makes no changes' do
255
241
  expect {
256
- run_recipe do
242
+ expect_recipe {
257
243
  chef_acl 'nodes' do
258
- rights :read, :users => 'blarghle'
244
+ rights :read, users: %w(blarghle)
259
245
  end
260
- end
261
- }.to update_acls([ 'containers/nodes/_acl', 'nodes/x/_acl' ], {})
246
+ }.to be_up_to_date
247
+ }.to not_change { get('containers/nodes/_acl') }.
248
+ and not_change { get('nodes/x/_acl') }
262
249
  end
263
250
 
251
+ RSpec::Matchers.define_negated_matcher :not_change, :change
252
+
264
253
  it 'Converging chef_acl "nodes" with recursive :on_change makes no changes' do
265
254
  expect {
266
- run_recipe do
255
+ expect_recipe {
267
256
  chef_acl 'nodes' do
268
- rights :read, :users => 'blarghle'
257
+ rights :read, users: %w(blarghle)
269
258
  recursive :on_change
270
259
  end
271
- end
272
- }.to update_acls([ 'containers/nodes/_acl', 'nodes/x/_acl' ], {})
260
+ }.to be_up_to_date
261
+ }.to not_change { get('containers/nodes/_acl') }.
262
+ and not_change { get('nodes/x/_acl') }
273
263
  end
274
264
 
275
265
  it 'Converging chef_acl "nodes" with recursive true changes nodes/x\'s acls' do
276
- expect {
277
- run_recipe do
278
- chef_acl 'nodes' do
279
- rights :read, :users => 'blarghle'
280
- recursive true
281
- end
266
+ expect_recipe {
267
+ chef_acl 'nodes' do
268
+ rights :read, users: %w(blarghle)
269
+ recursive true
282
270
  end
283
- }.to update_acls('nodes/x/_acl', 'read' => { 'actors' => %w(blarghle) })
271
+ }.to be_updated
272
+ expect(get('nodes/x/_acl')).to partially_match('read' => { 'actors' => %w(blarghle) })
284
273
  end
285
274
 
286
275
  it 'Converging chef_acl "" with recursive false does not change nodes/x\'s acls' do
287
- expect {
288
- run_recipe do
289
- chef_acl '' do
290
- rights :read, :users => 'blarghle'
291
- recursive false
292
- end
276
+ expect_recipe {
277
+ chef_acl '' do
278
+ rights :read, users: %w(blarghle)
279
+ recursive false
293
280
  end
294
- }.to update_acls([ 'containers/nodes/_acl', 'nodes/x/_acl' ], {})
281
+ }.to be_updated
282
+ expect(get('containers/nodes/_acl')).to partially_match({})
283
+ expect(get('nodes/x/_acl')).to partially_match({})
295
284
  end
296
285
 
297
286
  it 'Converging chef_acl "" with recursive :on_change does not change nodes/x\'s acls' do
298
- expect {
299
- run_recipe do
300
- chef_acl '' do
301
- rights :read, :users => 'blarghle'
302
- recursive :on_change
303
- end
287
+ expect_recipe {
288
+ chef_acl '' do
289
+ rights :read, users: %w(blarghle)
290
+ recursive :on_change
304
291
  end
305
- }.to update_acls([ 'containers/nodes/_acl', 'nodes/x/_acl' ], {})
292
+ }.to be_updated
293
+ expect(get('containers/nodes/_acl')).to partially_match({})
294
+ expect(get('nodes/x/_acl')).to partially_match({})
306
295
  end
307
296
 
308
297
  it 'Converging chef_acl "" with recursive true changes nodes/x\'s acls' do
309
- expect {
310
- run_recipe do
311
- chef_acl '' do
312
- rights :read, :users => 'blarghle'
313
- recursive true
314
- end
298
+ expect_recipe {
299
+ chef_acl '' do
300
+ rights :read, users: %w(blarghle)
301
+ recursive true
315
302
  end
316
- }.to update_acls([ '/organizations/_acl', 'nodes/x/_acl' ], 'read' => { 'actors' => %w(blarghle) })
303
+ }.to be_updated
304
+ expect(get('/organizations/_acl')).to partially_match('read' => { 'actors' => %w(blarghle) })
305
+ expect(get('nodes/x/_acl')).to partially_match('read' => { 'actors' => %w(blarghle) })
317
306
  end
318
307
  end
319
308
  end
@@ -347,207 +336,192 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
347
336
 
348
337
  context 'relative paths' do
349
338
  it "chef_acl 'nodes/x' changes the acls" do
350
- expect {
351
- run_recipe do
352
- chef_acl "nodes/x" do
353
- rights :read, :users => 'u'
354
- end
339
+ expect_recipe {
340
+ chef_acl "nodes/x" do
341
+ rights :read, users: %w(u)
355
342
  end
356
- }.to update_acls("nodes/x/_acl", 'read' => { 'actors' => %w(u) })
343
+ }.to be_updated
344
+ expect(get("nodes/x/_acl")).to partially_match('read' => { 'actors' => %w(u) })
357
345
  end
358
346
 
359
347
  it "chef_acl '*/*' changes the acls" do
360
- expect {
361
- run_recipe do
362
- chef_acl "*/*" do
363
- rights :read, :users => 'u'
364
- end
348
+ expect_recipe {
349
+ chef_acl "*/*" do
350
+ rights :read, users: %w(u)
365
351
  end
366
- }.to update_acls(%w(clients containers cookbooks data environments groups nodes roles).map { |type| "/organizations/foo/#{type}/x/_acl" },
367
- 'read' => { 'actors' => %w(u) })
352
+ }.to be_updated
353
+ %w(clients containers cookbooks data environments groups nodes roles).each do |type|
354
+ expect(get("/organizations/foo/#{type}/x/_acl")).to partially_match(
355
+ 'read' => { 'actors' => %w(u) })
356
+ end
368
357
  end
369
358
  end
370
359
 
371
360
  context 'absolute paths' do
372
361
  %w(clients containers cookbooks data environments groups nodes roles sandboxes).each do |type|
373
362
  it "chef_acl '/organizations/foo/#{type}/x' changes the acl" do
374
- expect {
375
- run_recipe do
376
- chef_acl "/organizations/foo/#{type}/x" do
377
- rights :read, :users => 'u'
378
- end
363
+ expect_recipe {
364
+ chef_acl "/organizations/foo/#{type}/x" do
365
+ rights :read, users: %w(u)
379
366
  end
380
- }.to update_acls("/organizations/foo/#{type}/x/_acl", 'read' => { 'actors' => %w(u) })
367
+ }.to be_updated
368
+ expect(get("/organizations/foo/#{type}/x/_acl")).to partially_match('read' => { 'actors' => %w(u) })
381
369
  end
382
370
  end
383
371
 
384
372
  %w(clients containers cookbooks data environments groups nodes roles sandboxes).each do |type|
385
373
  it "chef_acl '/organizations/foo/#{type}/x' changes the acl" do
386
- expect {
387
- run_recipe do
388
- chef_acl "/organizations/foo/#{type}/x" do
389
- rights :read, :users => 'u'
390
- end
374
+ expect_recipe {
375
+ chef_acl "/organizations/foo/#{type}/x" do
376
+ rights :read, users: %w(u)
391
377
  end
392
- }.to update_acls("/organizations/foo/#{type}/x/_acl", 'read' => { 'actors' => %w(u) })
378
+ }.to be_updated
379
+ expect(get("/organizations/foo/#{type}/x/_acl")).to partially_match('read' => { 'actors' => %w(u) })
393
380
  end
394
381
  end
395
382
 
396
383
  %w(clients containers cookbooks data environments groups nodes roles).each do |type|
397
384
  it "chef_acl '/*/*/#{type}/*' changes the acl" do
398
- expect {
399
- run_recipe do
400
- chef_acl "/*/*/#{type}/*" do
401
- rights :read, :users => 'u'
402
- end
385
+ expect_recipe {
386
+ chef_acl "/*/*/#{type}/*" do
387
+ rights :read, users: %w(u)
403
388
  end
404
- }.to update_acls("/organizations/foo/#{type}/x/_acl", 'read' => { 'actors' => %w(u) })
389
+ }.to be_updated
390
+ expect(get("/organizations/foo/#{type}/x/_acl")).to partially_match('read' => { 'actors' => %w(u) })
405
391
  end
406
392
  end
407
393
 
408
394
  it "chef_acl '/*/*/*/x' changes the acls" do
409
- expect {
410
- run_recipe do
411
- chef_acl "/*/*/*/x" do
412
- rights :read, :users => 'u'
413
- end
395
+ expect_recipe {
396
+ chef_acl "/*/*/*/x" do
397
+ rights :read, users: %w(u)
414
398
  end
415
- }.to update_acls(%w(clients containers cookbooks data environments groups nodes roles sandboxes).map { |type| "/organizations/foo/#{type}/x/_acl" },
416
- 'read' => { 'actors' => %w(u) })
399
+ }.to be_updated
400
+ %w(clients containers cookbooks data environments groups nodes roles sandboxes).each do |type|
401
+ expect(get("/organizations/foo/#{type}/x/_acl")).to partially_match(
402
+ 'read' => { 'actors' => %w(u) })
403
+ end
417
404
  end
418
405
 
419
406
  it "chef_acl '/*/*/*/*' changes the acls" do
420
- expect {
421
- run_recipe do
422
- chef_acl "/*/*/*/*" do
423
- rights :read, :users => 'u'
424
- end
407
+ expect_recipe {
408
+ chef_acl "/*/*/*/*" do
409
+ rights :read, users: %w(u)
425
410
  end
426
- }.to update_acls(%w(clients containers cookbooks data environments groups nodes roles).map { |type| "/organizations/foo/#{type}/x/_acl" },
427
- 'read' => { 'actors' => %w(u) })
411
+ }.to be_updated
412
+ %w(clients containers cookbooks data environments groups nodes roles).each do |type|
413
+ expect(get("/organizations/foo/#{type}/x/_acl")).to partially_match(
414
+ 'read' => { 'actors' => %w(u) })
415
+ end
428
416
  end
429
417
 
430
418
  it 'chef_acl "/organizations/foo/data_bags/x" changes the acl' do
431
- expect {
432
- run_recipe do
433
- chef_acl '/organizations/foo/data_bags/x' do
434
- rights :read, :users => 'u'
435
- end
419
+ expect_recipe {
420
+ chef_acl '/organizations/foo/data_bags/x' do
421
+ rights :read, users: %w(u)
436
422
  end
437
- }.to update_acls('/organizations/foo/data/x/_acl', 'read' => { 'actors' => %w(u) })
423
+ }.to be_updated
424
+ expect(get('/organizations/foo/data/x/_acl')).to partially_match('read' => { 'actors' => %w(u) })
438
425
  end
439
426
 
440
427
  it 'chef_acl "/*/*/data_bags/*" changes the acl' do
441
- expect {
442
- run_recipe do
443
- chef_acl '/*/*/data_bags/*' do
444
- rights :read, :users => 'u'
445
- end
428
+ expect_recipe {
429
+ chef_acl '/*/*/data_bags/*' do
430
+ rights :read, users: %w(u)
446
431
  end
447
- }.to update_acls('/organizations/foo/data/x/_acl', 'read' => { 'actors' => %w(u) })
432
+ }.to be_updated
433
+ expect(get('/organizations/foo/data/x/_acl')).to partially_match('read' => { 'actors' => %w(u) })
448
434
  end
449
435
 
450
436
  it "chef_acl '/organizations/foo/cookbooks/x/1.0.0' raises an error" do
451
- expect {
452
- run_recipe do
453
- chef_acl "/organizations/foo/cookbooks/x/1.0.0" do
454
- rights :read, :users => 'u'
455
- end
437
+ expect_converge {
438
+ chef_acl "/organizations/foo/cookbooks/x/1.0.0" do
439
+ rights :read, users: %w(u)
456
440
  end
457
441
  }.to raise_error(/ACLs cannot be set on children of \/organizations\/foo\/cookbooks\/x/)
458
442
  end
459
443
 
460
444
  it "chef_acl '/organizations/foo/cookbooks/*/*' raises an error" do
461
445
  pending
462
- expect {
463
- run_recipe do
464
- chef_acl "/organizations/foo/cookbooks/*/*" do
465
- rights :read, :users => 'u'
466
- end
446
+ expect_converge {
447
+ chef_acl "/organizations/foo/cookbooks/*/*" do
448
+ rights :read, users: %w(u)
467
449
  end
468
450
  }.to raise_error(/ACLs cannot be set on children of \/organizations\/foo\/cookbooks\/*/)
469
451
  end
470
452
 
471
453
  it 'chef_acl "/organizations/foo/data/x/y" raises an error' do
472
- expect {
473
- run_recipe do
474
- chef_acl '/organizations/foo/data/x/y' do
475
- rights :read, :users => 'u'
476
- end
454
+ expect_converge {
455
+ chef_acl '/organizations/foo/data/x/y' do
456
+ rights :read, users: %w(u)
477
457
  end
478
458
  }.to raise_error(/ACLs cannot be set on children of \/organizations\/foo\/data\/x/)
479
459
  end
480
460
 
481
461
  it 'chef_acl "/organizations/foo/data/*/*" raises an error' do
482
462
  pending
483
- expect {
484
- run_recipe do
485
- chef_acl '/organizations/foo/data/*/*' do
486
- rights :read, :users => 'u'
487
- end
463
+ expect_converge {
464
+ chef_acl '/organizations/foo/data/*/*' do
465
+ rights :read, users: %w(u)
488
466
  end
489
467
  }.to raise_error(/ACLs cannot be set on children of \/organizations\/foo\/data\/*/)
490
468
  end
491
469
 
492
470
  it 'chef_acl "/organizations/foo" changes the acl' do
493
- expect {
494
- run_recipe do
495
- chef_acl '/organizations/foo' do
496
- rights :read, :users => 'u'
497
- end
471
+ expect_recipe {
472
+ chef_acl '/organizations/foo' do
473
+ rights :read, users: %w(u)
498
474
  end
499
- }.to update_acls([ '/organizations/foo/organizations/_acl', '/organizations/foo/nodes/x/_acl' ], 'read' => { 'actors' => %w(u) })
475
+ }.to be_updated
476
+ expect(get('/organizations/foo/organizations/_acl')).to partially_match('read' => { 'actors' => %w(u) })
477
+ expect(get('/organizations/foo/nodes/x/_acl')).to partially_match('read' => { 'actors' => %w(u) })
500
478
  end
501
479
 
502
480
  it 'chef_acl "/organizations/*" changes the acl' do
503
- expect {
504
- run_recipe do
505
- chef_acl '/organizations/*' do
506
- rights :read, :users => 'u'
507
- end
481
+ expect_recipe {
482
+ chef_acl '/organizations/*' do
483
+ rights :read, users: %w(u)
508
484
  end
509
- }.to update_acls([ '/organizations/foo/organizations/_acl', '/organizations/foo/nodes/x/_acl' ], 'read' => { 'actors' => %w(u) })
485
+ }.to be_updated
486
+ expect(get('/organizations/foo/organizations/_acl')).to partially_match('read' => { 'actors' => %w(u) })
487
+ expect(get('/organizations/foo/nodes/x/_acl')).to partially_match('read' => { 'actors' => %w(u) })
510
488
  end
511
489
 
512
490
  it 'chef_acl "/users/x" changes the acl' do
513
- expect {
514
- run_recipe do
515
- chef_acl '/users/x' do
516
- rights :read, :users => 'u'
517
- end
491
+ expect_recipe {
492
+ chef_acl '/users/x' do
493
+ rights :read, users: %w(u)
518
494
  end
519
- }.to update_acls('/users/x/_acl', 'read' => { 'actors' => %w(u) })
495
+ }.to be_updated
496
+ expect(get('/users/x/_acl')).to partially_match('read' => { 'actors' => %w(u) })
520
497
  end
521
498
 
522
499
  it 'chef_acl "/users/*" changes the acl' do
523
- expect {
524
- run_recipe do
525
- chef_acl '/users/*' do
526
- rights :read, :users => 'u'
527
- end
500
+ expect_recipe {
501
+ chef_acl '/users/*' do
502
+ rights :read, users: %w(u)
528
503
  end
529
- }.to update_acls('/users/x/_acl', 'read' => { 'actors' => %w(u) })
504
+ }.to be_updated
505
+ expect(get('/users/x/_acl')).to partially_match('read' => { 'actors' => %w(u) })
530
506
  end
531
507
 
532
508
  it 'chef_acl "/*/x" changes the acl' do
533
- expect {
534
- run_recipe do
535
- chef_acl '/*/x' do
536
- rights :read, :users => 'u'
537
- end
509
+ expect_recipe {
510
+ chef_acl '/*/x' do
511
+ rights :read, users: %w(u)
538
512
  end
539
- }.to update_acls('/users/x/_acl', 'read' => { 'actors' => %w(u) })
513
+ }.to be_updated
514
+ expect(get('/users/x/_acl')).to partially_match('read' => { 'actors' => %w(u) })
540
515
  end
541
516
 
542
517
  it 'chef_acl "/*/*" changes the acl' do
543
- expect {
544
- run_recipe do
545
- chef_acl '/*/*' do
546
- rights :read, :users => 'u'
547
- end
518
+ expect_recipe {
519
+ chef_acl '/*/*' do
520
+ rights :read, users: %w(u)
548
521
  end
549
- }.to update_acls([ '/organizations/foo/organizations/_acl', '/users/x/_acl' ],
550
- 'read' => { 'actors' => %w(u) })
522
+ }.to be_updated
523
+ expect(get('/organizations/foo/organizations/_acl')).to partially_match('read' => { 'actors' => %w(u) })
524
+ expect(get('/users/x/_acl')).to partially_match('read' => { 'actors' => %w(u) })
551
525
  end
552
526
  end
553
527
  end
@@ -558,14 +532,12 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
558
532
  end
559
533
 
560
534
  it "chef_acl '/organizations/foo/nodes/*' changes the acl" do
561
- expect {
562
- run_recipe do
563
- chef_acl "/organizations/foo/nodes/*" do
564
- rights :read, :users => 'u'
565
- end
535
+ expect_recipe {
536
+ chef_acl "/organizations/foo/nodes/*" do
537
+ rights :read, users: %w(u)
566
538
  end
567
- }.to update_acls("/organizations/foo/nodes/x/_acl", 'read' => { 'actors' => %w(u) })
568
- expect {}.not_to update_acls("/organizations/bar/nodes/x/_acl", 'read' => { 'actors' => %w(u) })
539
+ }.to be_updated
540
+ expect(get("/organizations/foo/nodes/x/_acl")).to partially_match('read' => { 'actors' => %w(u) })
569
541
  end
570
542
  end
571
543
 
@@ -575,14 +547,12 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
575
547
  end
576
548
 
577
549
  it "chef_acl '/organizations/foo/nodes/*' changes the acl" do
578
- expect {
579
- run_recipe do
580
- chef_acl "/organizations/foo/nodes/*" do
581
- rights :read, :users => 'u'
582
- end
550
+ expect_recipe {
551
+ chef_acl "/organizations/foo/nodes/*" do
552
+ rights :read, users: %w(u)
583
553
  end
584
- }.to update_acls("/organizations/foo/nodes/x/_acl", 'read' => { 'actors' => %w(u) })
585
- expect {}.not_to update_acls("/organizations/bar/nodes/x/_acl", 'read' => { 'actors' => %w(u) })
554
+ }.to be_updated
555
+ expect(get("/organizations/foo/nodes/x/_acl")).to partially_match('read' => { 'actors' => %w(u) })
586
556
  end
587
557
  end
588
558
  end
@@ -602,89 +572,88 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
602
572
 
603
573
  %w(clients containers cookbooks data environments groups nodes roles sandboxes).each do |type|
604
574
  it "chef_acl #{type}/x' changes the acl" do
605
- expect {
606
- run_recipe do
607
- chef_acl "#{type}/x" do
608
- rights :read, :users => 'u'
609
- end
575
+ expect_recipe {
576
+ chef_acl "#{type}/x" do
577
+ rights :read, users: %w(u)
610
578
  end
611
- }.to update_acls("#{type}/x/_acl", 'read' => { 'actors' => %w(u) })
579
+ }.to be_updated
580
+ expect(get("#{type}/x/_acl")).to partially_match('read' => { 'actors' => %w(u) })
612
581
  end
613
582
  end
614
583
 
615
584
  %w(clients containers cookbooks data environments groups nodes roles).each do |type|
616
585
  it "chef_acl '#{type}/*' changes the acl" do
617
- expect {
618
- run_recipe do
619
- chef_acl "#{type}/*" do
620
- rights :read, :users => 'u'
621
- end
586
+ expect_recipe {
587
+ chef_acl "#{type}/*" do
588
+ rights :read, users: %w(u)
622
589
  end
623
- }.to update_acls("#{type}/x/_acl", 'read' => { 'actors' => %w(u) })
590
+ }.to be_updated
591
+ expect(get("#{type}/x/_acl")).to partially_match('read' => { 'actors' => %w(u) })
624
592
  end
625
593
  end
626
594
 
627
595
  it "chef_acl '*/x' changes the acls" do
628
- expect {
629
- run_recipe do
630
- chef_acl "*/x" do
631
- rights :read, :users => 'u'
632
- end
633
- end
634
- }.to update_acls(%w(clients containers cookbooks data environments groups nodes roles sandboxes).map { |type| "#{type}/x/_acl" },
635
- 'read' => { 'actors' => %w(u) })
596
+ expect_recipe {
597
+ chef_acl "*/x" do
598
+ rights :read, users: %w(u)
599
+ end
600
+ }.to be_updated
601
+ %w(clients containers cookbooks data environments groups nodes roles sandboxes).each do |type|
602
+ expect(get("#{type}/x/_acl")).to partially_match(
603
+ 'read' => { 'actors' => %w(u) })
604
+ end
636
605
  end
637
606
 
638
607
  it "chef_acl '*/*' changes the acls" do
639
- expect {
640
- run_recipe do
641
- chef_acl "*/*" do
642
- rights :read, :users => 'u'
643
- end
644
- end
645
- }.to update_acls(%w(clients containers cookbooks data environments groups nodes roles).map { |type| "#{type}/x/_acl" },
646
- 'read' => { 'actors' => %w(u) })
608
+ expect_recipe {
609
+ chef_acl "*/*" do
610
+ rights :read, users: %w(u)
611
+ end
612
+ }.to be_updated
613
+ %w(clients containers cookbooks data environments groups nodes roles).each do |type|
614
+ expect(get("#{type}/x/_acl")).to partially_match(
615
+ 'read' => { 'actors' => %w(u) })
616
+ end
647
617
  end
648
618
 
649
619
  it "chef_acl 'groups/*' changes the acl" do
650
- expect {
651
- run_recipe do
652
- chef_acl "groups/*" do
653
- rights :read, :users => 'u'
654
- end
655
- end
656
- }.to update_acls(%w(admins billing-admins clients users x).map { |n| "groups/#{n}/_acl" },
657
- 'read' => { 'actors' => %w(u) })
620
+ expect_recipe {
621
+ chef_acl "groups/*" do
622
+ rights :read, users: %w(u)
623
+ end
624
+ }.to be_updated
625
+ %w(admins billing-admins clients users x).each do |n|
626
+ expect(get("groups/#{n}/_acl")).to partially_match(
627
+ 'read' => { 'actors' => %w(u) })
628
+ end
658
629
  end
659
630
 
660
631
  it 'chef_acl "data_bags/x" changes the acl' do
661
- expect {
662
- run_recipe do
663
- chef_acl 'data_bags/x' do
664
- rights :read, :users => 'u'
665
- end
632
+ expect_recipe {
633
+ chef_acl 'data_bags/x' do
634
+ rights :read, users: %w(u)
666
635
  end
667
- }.to update_acls('data/x/_acl', 'read' => { 'actors' => %w(u) })
636
+ }.to be_updated
637
+ expect(get('data/x/_acl')).to partially_match('read' => { 'actors' => %w(u) })
668
638
  end
669
639
 
670
640
  it 'chef_acl "data_bags/*" changes the acl' do
671
- expect {
672
- run_recipe do
673
- chef_acl 'data_bags/*' do
674
- rights :read, :users => 'u'
675
- end
641
+ expect_recipe {
642
+ chef_acl 'data_bags/*' do
643
+ rights :read, users: %w(u)
676
644
  end
677
- }.to update_acls('data/x/_acl', 'read' => { 'actors' => %w(u) })
645
+ }.to be_updated
646
+ expect(get('data/x/_acl')).to partially_match('read' => { 'actors' => %w(u) })
678
647
  end
679
648
 
680
649
  it 'chef_acl "" changes the organization acl' do
681
- expect {
682
- run_recipe do
683
- chef_acl '' do
684
- rights :read, :users => 'u'
685
- end
650
+ expect_recipe {
651
+ chef_acl '' do
652
+ rights :read, users: %w(u)
686
653
  end
687
- }.to update_acls([ '/organizations/_acl', 'nodes/x/_acl' ], 'read' => { 'actors' => %w(u) })
654
+ }.to be_updated
655
+ expect(get('/organizations/_acl')).to partially_match('read' => { 'actors' => %w(u) })
656
+ expect(get('nodes/x/_acl')).to partially_match('read' => { 'actors' => %w(u) })
688
657
  end
689
658
  end
690
659
  end
@@ -707,57 +676,54 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
707
676
 
708
677
  %w(clients containers cookbooks data environments groups nodes roles sandboxes).each do |type|
709
678
  it "chef_acl '/organizations/foo/#{type}' changes the acl" do
710
- expect {
711
- run_recipe do
712
- chef_acl "/organizations/foo/#{type}" do
713
- rights :read, :users => 'u'
714
- end
679
+ expect_recipe {
680
+ chef_acl "/organizations/foo/#{type}" do
681
+ rights :read, users: %w(u)
715
682
  end
716
- }.to update_acls("/organizations/foo/containers/#{type}/_acl", 'read' => { 'actors' => %w(u) })
683
+ }.to be_updated
684
+ expect(get("/organizations/foo/containers/#{type}/_acl")).to partially_match('read' => { 'actors' => %w(u) })
717
685
  end
718
686
  end
719
687
 
720
688
  %w(clients containers cookbooks data environments groups nodes roles).each do |type|
721
689
  it "chef_acl '/*/*/#{type}' changes the acl" do
722
- expect {
723
- run_recipe do
724
- chef_acl "/*/*/#{type}" do
725
- rights :read, :users => 'u'
726
- end
690
+ expect_recipe {
691
+ chef_acl "/*/*/#{type}" do
692
+ rights :read, users: %w(u)
727
693
  end
728
- }.to update_acls("/organizations/foo/containers/#{type}/_acl", 'read' => { 'actors' => %w(u) })
694
+ }.to be_updated
695
+ expect(get("/organizations/foo/containers/#{type}/_acl")).to partially_match('read' => { 'actors' => %w(u) })
729
696
  end
730
697
  end
731
698
 
732
699
  it "chef_acl '/*/*/*' changes the acls" do
733
- expect {
734
- run_recipe do
735
- chef_acl "/*/*/*" do
736
- rights :read, :users => 'u'
737
- end
738
- end
739
- }.to update_acls(%w(clients containers cookbooks data environments groups nodes roles sandboxes).map { |type| "/organizations/foo/containers/#{type}/_acl" },
740
- 'read' => { 'actors' => %w(u) })
700
+ expect_recipe {
701
+ chef_acl "/*/*/*" do
702
+ rights :read, users: %w(u)
703
+ end
704
+ }.to be_updated
705
+ %w(clients containers cookbooks data environments groups nodes roles sandboxes).each do |type|
706
+ expect(get("/organizations/foo/containers/#{type}/_acl")).to partially_match(
707
+ 'read' => { 'actors' => %w(u) })
708
+ end
741
709
  end
742
710
 
743
711
  it 'chef_acl "/organizations/foo/data_bags" changes the acl' do
744
- expect {
745
- run_recipe do
746
- chef_acl '/organizations/foo/data_bags' do
747
- rights :read, :users => 'u'
748
- end
712
+ expect_recipe {
713
+ chef_acl '/organizations/foo/data_bags' do
714
+ rights :read, users: %w(u)
749
715
  end
750
- }.to update_acls('/organizations/foo/containers/data/_acl', 'read' => { 'actors' => %w(u) })
716
+ }.to be_updated
717
+ expect(get('/organizations/foo/containers/data/_acl')).to partially_match('read' => { 'actors' => %w(u) })
751
718
  end
752
719
 
753
720
  it 'chef_acl "/*/*/data_bags" changes the acl' do
754
- expect {
755
- run_recipe do
756
- chef_acl '/*/*/data_bags' do
757
- rights :read, :users => 'u'
758
- end
721
+ expect_recipe {
722
+ chef_acl '/*/*/data_bags' do
723
+ rights :read, users: %w(u)
759
724
  end
760
- }.to update_acls('/organizations/foo/containers/data/_acl', 'read' => { 'actors' => %w(u) })
725
+ }.to be_updated
726
+ expect(get('/organizations/foo/containers/data/_acl')).to partially_match('read' => { 'actors' => %w(u) })
761
727
  end
762
728
  end
763
729
 
@@ -776,25 +742,25 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
776
742
 
777
743
  %w(clients containers cookbooks data environments groups nodes roles sandboxes).each do |type|
778
744
  it "chef_acl #{type}' changes the acl" do
779
- expect {
780
- run_recipe do
781
- chef_acl "#{type}" do
782
- rights :read, :users => 'u'
783
- end
745
+ expect_recipe {
746
+ chef_acl "#{type}" do
747
+ rights :read, users: %w(u)
784
748
  end
785
- }.to update_acls("containers/#{type}/_acl", 'read' => { 'actors' => %w(u) })
749
+ }.to be_updated
750
+ expect(get("containers/#{type}/_acl")).to partially_match('read' => { 'actors' => %w(u) })
786
751
  end
787
752
  end
788
753
 
789
754
  it "chef_acl '*' changes the acls" do
790
- expect {
791
- run_recipe do
792
- chef_acl "*" do
793
- rights :read, :users => 'u'
794
- end
795
- end
796
- }.to update_acls(%w(clients containers cookbooks data environments groups nodes roles sandboxes).map { |type| "containers/#{type}/_acl" },
797
- 'read' => { 'actors' => %w(u) })
755
+ expect_recipe {
756
+ chef_acl "*" do
757
+ rights :read, users: %w(u)
758
+ end
759
+ }.to be_updated
760
+ %w(clients containers cookbooks data environments groups nodes roles sandboxes).each do |type|
761
+ expect(get("containers/#{type}/_acl")).to partially_match(
762
+ 'read' => { 'actors' => %w(u) })
763
+ end
798
764
  end
799
765
  end
800
766
  end
@@ -814,53 +780,54 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
814
780
  end
815
781
 
816
782
  it 'chef_acl with remove_rights "u" removes the user\'s rights' do
817
- expect {
818
- run_recipe do
819
- chef_acl "nodes/x" do
820
- remove_rights :read, :users => 'u'
821
- end
783
+ expect_recipe {
784
+ chef_acl "nodes/x" do
785
+ remove_rights :read, users: %w(u)
822
786
  end
823
- }.to update_acls("nodes/x/_acl", 'read' => { 'actors' => %w(-u) })
787
+ }.to be_updated
788
+ expect(get("nodes/x/_acl")).to partially_match('read' => { 'actors' => exclude('u') })
824
789
  end
825
790
 
826
791
  it 'chef_acl with remove_rights "c" removes the client\'s rights' do
827
- expect {
828
- run_recipe do
829
- chef_acl "nodes/x" do
830
- remove_rights :read, :clients => 'c'
831
- end
792
+ expect_recipe {
793
+ chef_acl "nodes/x" do
794
+ remove_rights :read, clients: %w(c)
832
795
  end
833
- }.to update_acls("nodes/x/_acl", 'read' => { 'actors' => %w(-c) })
796
+ }.to be_updated
797
+ expect(get("nodes/x/_acl")).to partially_match('read' => { 'actors' => exclude('c') })
834
798
  end
835
799
 
836
800
  it 'chef_acl with remove_rights "g" removes the group\'s rights' do
837
- expect {
838
- run_recipe do
839
- chef_acl "nodes/x" do
840
- remove_rights :read, :groups => 'g'
841
- end
801
+ expect_recipe {
802
+ chef_acl "nodes/x" do
803
+ remove_rights :read, groups: %w(g)
842
804
  end
843
- }.to update_acls("nodes/x/_acl", 'read' => { 'groups' => %w(-g) })
805
+ }.to be_updated
806
+ expect(get("nodes/x/_acl")).to partially_match(
807
+ 'read' => { 'groups' => exclude('g') }
808
+ )
844
809
  end
845
810
 
846
811
  it 'chef_acl with remove_rights [ :create, :read ], "u", "c", "g" removes all three' do
847
- expect {
848
- run_recipe do
849
- chef_acl "nodes/x" do
850
- remove_rights [ :create, :read ], :users => 'u', :clients => 'c', :groups => 'g'
851
- end
852
- end
853
- }.to update_acls("nodes/x/_acl", 'create' => { 'actors' => %w(-u -c), 'groups' => %w(-g) }, 'read' => { 'actors' => %w(-u -c), 'groups' => %w(-g) })
812
+ expect_recipe {
813
+ chef_acl "nodes/x" do
814
+ remove_rights [ :create, :read ], users: %w(u), clients: %w(c), groups: %w(g)
815
+ end
816
+ }.to be_updated
817
+ expect(get("nodes/x/_acl")).to partially_match(
818
+ 'create' => { 'actors' => exclude('u').and(exclude('c')), 'groups' => exclude('g') },
819
+ 'read' => { 'actors' => exclude('u').and(exclude('c')), 'groups' => exclude('g') }
820
+ )
854
821
  end
855
822
 
856
823
  it 'chef_acl with remove_rights "u2", "c2", "g2" has no effect' do
857
824
  expect {
858
- run_recipe do
825
+ expect_recipe {
859
826
  chef_acl "nodes/x" do
860
- remove_rights :read, :users => 'u2', :clients => 'c2', :groups => 'g2'
827
+ remove_rights :read, users: %w(u2), clients: %w(c2), groups: %w(g2)
861
828
  end
862
- end
863
- }.to update_acls("nodes/x/_acl", {})
829
+ }.to be_up_to_date
830
+ }.not_to change { get("nodes/x/_acl") }
864
831
  end
865
832
  end
866
833
  end
@@ -870,13 +837,12 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
870
837
  node 'data_bags', {}
871
838
 
872
839
  it 'Converging chef_acl "nodes/data_bags" with user "blarghle" adds the user' do
873
- expect {
874
- run_recipe do
875
- chef_acl 'nodes/data_bags' do
876
- rights :read, :users => 'blarghle'
877
- end
840
+ expect_recipe {
841
+ chef_acl 'nodes/data_bags' do
842
+ rights :read, users: %w(blarghle)
878
843
  end
879
- }.to update_acls('nodes/data_bags/_acl', 'read' => { 'actors' => %w(blarghle) })
844
+ }.to be_updated
845
+ expect(get('nodes/data_bags/_acl')).to partially_match('read' => { 'actors' => %w(blarghle) })
880
846
  end
881
847
  end
882
848
 
@@ -887,13 +853,12 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
887
853
  end
888
854
 
889
855
  it 'Converging chef_acl "/organizations/foo/nodes/data_bags" with user "blarghle" adds the user' do
890
- expect {
891
- run_recipe do
892
- chef_acl '/organizations/foo/nodes/data_bags' do
893
- rights :read, :users => 'blarghle'
894
- end
856
+ expect_recipe {
857
+ chef_acl '/organizations/foo/nodes/data_bags' do
858
+ rights :read, users: %w(blarghle)
895
859
  end
896
- }.to update_acls('/organizations/foo/nodes/data_bags/_acl', 'read' => { 'actors' => %w(blarghle) })
860
+ }.to be_updated
861
+ expect(get('/organizations/foo/nodes/data_bags/_acl')).to partially_match('read' => { 'actors' => %w(blarghle) })
897
862
  end
898
863
  end
899
864
 
@@ -902,13 +867,12 @@ if Gem::Version.new(ChefZero::VERSION) >= Gem::Version.new('3.1')
902
867
  user 'blarghle', {}
903
868
 
904
869
  it 'Converging chef_acl "/users/data_bags" with user "blarghle" adds the user' do
905
- expect {
906
- run_recipe do
907
- chef_acl '/users/data_bags' do
908
- rights :read, :users => 'blarghle'
909
- end
870
+ expect_recipe {
871
+ chef_acl '/users/data_bags' do
872
+ rights :read, users: %w(blarghle)
910
873
  end
911
- }.to update_acls('/users/data_bags/_acl', 'read' => { 'actors' => %w(blarghle) })
874
+ }.to be_updated
875
+ expect(get('/users/data_bags/_acl')).to partially_match('read' => { 'actors' => %w(blarghle) })
912
876
  end
913
877
  end
914
878
  end