Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

adding by_user permissions support for windows #1215

Merged
merged 8 commits into from
Oct 26, 2016
Merged

adding by_user permissions support for windows #1215

merged 8 commits into from
Oct 26, 2016

Conversation

jeremymv2
Copy link
Contributor

This is a first stab at adding mvp support for checking read/write/execute file permissions, for a specific user.

  # verifies if a specific user has access to a file
    describe file("C:/users/vagrant/setup.bat") do
      it { should exist }
      it { should_not be_readable.by_user('vagrant-2012-r2\jdoe') }
      it { should be_readable.by_user('vagrant-2012-r2\vagrant') }
      it { should_not be_executable.by_user('vagrant-2012-r2\jdoe') }
      it { should be_executable.by_user('vagrant-2012-r2\vagrant') }
      it { should_not be_writable.by_user('vagrant-2012-r2\jdoe') }
      it { should be_writable.by_user('vagrant-2012-r2\vagrant') }
      it { should be_readable }
      it { should be_writeable }
      it { should be_executable }
    end

The above results in the following when vagrant-2012-r2\jdoe was denied access to the file:

screen shot 2016-10-11 at 9 59 33 pm

I believe it addresses #783

It will fail unit tests since they will have to be refactored. If this passes muster I'll refactor the tests.

Signed-off-by: Jeremy J. Miller jm@chef.io

@jeremymv2
adding by_user permissions support for windows
8ff680e 
Signed-off-by: Jeremy J. Miller <jm@chef.io>
@jeremymv2
Copy link
Contributor Author

@chris-rock @arlimus thoughts?

@jeremymv2
changing module name
700679d 
Signed-off-by: Jeremy J. Miller <jm@chef.io>
chris-rock
chris-rock reviewed Oct 14, 2016
View reviewed changes
lib/resources/file.rb
@file = inspec.backend.file(path)
return skip_resource 'The `file` resource is not supported on your OS yet.' if @perms_provider.nil?
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should not skip the resource if the no perm_provider is available. Most of the file implementation is done in train anyway. I would prefer to move this skip return to the individual functions that cannot be executed aka readable? etc

lib/resources/file.rb
@@ -52,19 +67,19 @@ def contain(*_)
def readable?(by_usergroup, by_specific_user)
return false unless exist?
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the place where we should return the skip the resource

lib/resources/file.rb
end

def file_permission_granted?(access, by_usergroup, by_specific_user)
return nil if @perms_provider.nil?
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should fail here, once we have the skip as the first statement of eg. in readable? this method should never be called if perms_provider is not defined.

lib/resources/file.rb
'w'
when 'execute'
'x'
end
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should return an error if the access_type is unknown

@chris-rock
Copy link
Contributor

Awesome work @jeremymv2 I had some minor comments. Nothing difficult to improve. On top, I would prefer if we could add some integration tests as well in https://github.com/chef/inspec/blob/master/test/integration/default/file_spec.rb#L173-L200

@jeremymv2
implementing changes requested in review
e502bee 
Signed-off-by: Jeremy J. Miller <jm@chef.io>
chris-rock
chris-rock reviewed Oct 20, 2016
View reviewed changes
lib/resources/file.rb
@@ -51,20 +65,23 @@ def contain(*_)

def readable?(by_usergroup, by_specific_user)
return false unless exist?
return skip_resource '`readable?` is not supported on your OS yet.' if @perms_provider.nil?
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@chris-rock
Copy link
Contributor

Awesome work @jeremymv2, lets rebase, fix the tests and I'll merge it. Let me know if I can help with fixing the tests.

@jeremymv2
adding integration test
69fa725 
Signed-off-by: Jeremy J. Miller <jm@chef.io>
@jeremymv2
file/dir permissions for os_prepare file recipe
c9b6902 
Signed-off-by: Jeremy J. Miller <jm@chef.io>
@jeremymv2
putting quotes around path in PS command
ef23346 
Signed-off-by: Jeremy J. Miller <jm@chef.io>
@jeremymv2
refactored file resource unit tests
ff70c06 
Signed-off-by: Jeremy J. Miller <jm@chef.io>
@jeremymv2
Copy link
Contributor Author

@chris-rock unit and integration tests added to the PR.
I heavily refactored the unit tests - let me know what you think.

@jeremymv2
added 'by_user' example to resource
4ffe87a 
Signed-off-by: Jeremy J. Miller <jm@chef.io>
@chris-rock chris-rock merged commit 0a042eb into inspec:master Oct 26, 2016
@chris-rock
Copy link
Contributor

Awesome @jeremymv2

@jeremymv2 jeremymv2 deleted the windows_file_perms branch October 27, 2016 01:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chris-rock chris-rock chris-rock left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@jeremymv2 @chris-rock @adamhjk