Teach Windows directory tests about inheritance

dn365 · Mar 16, 2012 · b66a43e · b66a43e
1 parent 8ec250a
commit b66a43e
Show file tree

Hide file tree

Showing 8 changed files with 142 additions and 92 deletions.
diff --git a/chef/spec/functional/resource/directory_spec.rb b/chef/spec/functional/resource/directory_spec.rb
@@ -23,11 +23,14 @@
 
   let(:directory_base) { "directory_spec" }
 
-  let!(:resource) do
+  def create_resource
     Chef::Resource::Directory.new(path)
   end
 
+  let!(:resource) do
+  	create_resource
+  end
+
   it_behaves_like "a directory resource"
-  it_behaves_like "a securable resource"
 
 end
diff --git a/chef/spec/functional/resource/file_spec.rb b/chef/spec/functional/resource/file_spec.rb
@@ -24,14 +24,17 @@
   let(:file_base) { "file_spec" }
   let(:expected_content) { "Don't fear the ruby." }
 
-  let!(:resource) do
+  def create_resource
     resource = Chef::Resource::File.new(path)
     resource.content(expected_content)
     resource
   end
 
+  let!(:resource) do
+    create_resource
+  end
+
   it_behaves_like "a file resource"
-  it_behaves_like "a securable resource"
 
   context "when the target file does not exist" do
     it "it creates the file when the :touch action is run" do

diff --git a/chef/spec/functional/resource/remote_directory_spec.rb b/chef/spec/functional/resource/remote_directory_spec.rb
@@ -23,7 +23,7 @@
 
   let(:directory_base) { "directory_spec" }
 
-  let!(:resource) do
+  def create_resource
     cookbook_repo = File.expand_path(File.join(CHEF_SPEC_DATA, "cookbooks"))
     Chef::Cookbook::FileVendor.on_create { |manifest| Chef::Cookbook::FileSystemFileVendor.new(manifest, cookbook_repo) }
     node = Chef::Node.new
@@ -36,8 +36,11 @@
     resource
   end
 
+  let!(:resource) do
+    create_resource
+  end
+
   it_behaves_like "a directory resource"
-  it_behaves_like "a securable resource"
 
   context "when creating the remote directory" do
     it "transfers the directory with all contents" do

diff --git a/chef/spec/functional/resource/remote_file_spec.rb b/chef/spec/functional/resource/remote_file_spec.rb
@@ -25,12 +25,15 @@
   let(:source) { 'http://opscode-chef-spec-data.s3.amazonaws.com/integration/remote_file/nyan_cat.png' }
   let(:expected_content) { IO.read(File.join(CHEF_SPEC_DATA, 'remote_file', 'nyan_cat.png')) }
 
-  let!(:resource) do
+  def create_resource
     resource = Chef::Resource::RemoteFile.new(path)
     resource.source(source)
     resource
   end
 
+  let!(:resource) do
+    create_resource
+  end
+
   it_behaves_like "a file resource"
-  it_behaves_like "a securable resource"
 end
diff --git a/chef/spec/functional/resource/template_spec.rb b/chef/spec/functional/resource/template_spec.rb
@@ -31,7 +31,7 @@
     node
   end
 
-  let!(:resource) do
+  def create_resource
     cookbook_repo = File.expand_path(File.join(CHEF_SPEC_DATA, "cookbooks"))
     Chef::Cookbook::FileVendor.on_create { |manifest| Chef::Cookbook::FileSystemFileVendor.new(manifest, cookbook_repo) }
     cookbook_collection = Chef::CookbookCollection.new(Chef::CookbookLoader.new(cookbook_repo))
@@ -42,8 +42,11 @@
     resource
   end
 
+  let!(:resource) do
+    create_resource
+  end
+
   it_behaves_like "a file resource"
-  it_behaves_like "a securable resource"
 
   context "when the target file does not exist" do
     it "creates the template with the rendered content using the variable attribute when the :create action is run" do

diff --git a/chef/spec/support/shared/functional/directory_resource.rb b/chef/spec/support/shared/functional/directory_resource.rb
@@ -55,6 +55,23 @@
       File.should_not exist(path)
     end
   end
+
+  # Set up the context for security tests
+  def allowed_acl(sid, expected_perms)
+    [
+      ACE.access_allowed(sid, expected_perms[:specific]),
+      ACE.access_allowed(sid, expected_perms[:generic], (Chef::Win32::API::Security::INHERIT_ONLY_ACE | Chef::Win32::API::Security::CONTAINER_INHERIT_ACE | Chef::Win32::API::Security::OBJECT_INHERIT_ACE))
+    ]
+  end
+
+  def denied_acl(sid, expected_perms)
+    [
+      ACE.access_denied(sid, expected_perms[:specific]),
+      ACE.access_denied(sid, expected_perms[:generic], (Chef::Win32::API::Security::INHERIT_ONLY_ACE | Chef::Win32::API::Security::CONTAINER_INHERIT_ACE | Chef::Win32::API::Security::OBJECT_INHERIT_ACE))
+    ]
+  end
+
+  it_behaves_like "a securable resource"
 end
 
 shared_context Chef::Resource::Directory do

diff --git a/chef/spec/support/shared/functional/file_resource.rb b/chef/spec/support/shared/functional/file_resource.rb
@@ -109,6 +109,17 @@
       File.should_not exist(path)
     end
   end
+
+  # Set up the context for security tests
+  def allowed_acl(sid, expected_perms)
+    [ ACE.access_allowed(sid, expected_perms[:specific]) ]
+  end
+
+  def denied_acl(sid, expected_perms)
+    [ ACE.access_denied(sid, expected_perms[:specific]) ]
+  end
+
+  it_behaves_like "a securable resource"
 end
 
 shared_context Chef::Resource::File  do