#
# Author:: Adam Jacob (<adam@opscode.com>)
# Copyright:: Copyright (c) 2008 Opscode, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
require 'spec_helper'
EtcPwnamIsh = Struct.new(:name, :passwd, :uid, :gid, :gecos, :dir, :shell, :change, :uclass, :expire)
EtcGrnamIsh = Struct.new(:name, :passwd, :gid, :mem)
describe Chef::Provider::User do
before(:each) do
@node = Chef::Node.new
@events = Chef::EventDispatch::Dispatcher.new
@run_context = Chef::RunContext.new(@node, {}, @events)
@new_resource = Chef::Resource::User.new("adam")
@new_resource.comment "Adam Jacob"
@new_resource.uid 1000
@new_resource.gid 1000
@new_resource.home "/home/adam"
@new_resource.shell "/usr/bin/zsh"
@current_resource = Chef::Resource::User.new("adam")
@current_resource.comment "Adam Jacob"
@current_resource.uid 1000
@current_resource.gid 1000
@current_resource.home "/home/adam"
@current_resource.shell "/usr/bin/zsh"
@provider = Chef::Provider::User.new(@new_resource, @run_context)
@provider.current_resource = @current_resource
end
describe "when first created" do
it "assume the user exists by default" do
expect(@provider.user_exists).to eql(true)
end
it "does not know the locked state" do
expect(@provider.locked).to eql(nil)
end
end
describe "executing load_current_resource" do
before(:each) do
@node = Chef::Node.new
#@new_resource = double("Chef::Resource::User",
# :null_object => true,
# :username => "adam",
# :comment => "Adam Jacob",
# :uid => 1000,
# :gid => 1000,
# :home => "/home/adam",
# :shell => "/usr/bin/zsh",
# :password => nil,
# :updated => nil
#)
allow(Chef::Resource::User).to receive(:new).and_return(@current_resource)
@pw_user = EtcPwnamIsh.new
@pw_user.name = "adam"
@pw_user.gid = 1000
@pw_user.uid = 1000
@pw_user.gecos = "Adam Jacob"
@pw_user.dir = "/home/adam"
@pw_user.shell = "/usr/bin/zsh"
@pw_user.passwd = "*"
allow(Etc).to receive(:getpwnam).and_return(@pw_user)
end
it "should create a current resource with the same name as the new resource" do
@provider.load_current_resource
expect(@provider.current_resource.name).to eq('adam')
end
it "should set the username of the current resource to the username of the new resource" do
@provider.load_current_resource
expect(@current_resource.username).to eq(@new_resource.username)
end
it "should change the encoding of gecos to the encoding of the new resource", :ruby_gte_19_only do
@pw_user.gecos.force_encoding('ASCII-8BIT')
@provider.load_current_resource
expect(@provider.current_resource.comment.encoding).to eq(@new_resource.comment.encoding)
end
it "should look up the user in /etc/passwd with getpwnam" do
expect(Etc).to receive(:getpwnam).with(@new_resource.username).and_return(@pw_user)
@provider.load_current_resource
end
it "should set user_exists to false if the user is not found with getpwnam" do
expect(Etc).to receive(:getpwnam).and_raise(ArgumentError)
@provider.load_current_resource
expect(@provider.user_exists).to eql(false)
end
# The mapping between the Chef::Resource::User and Getpwnam struct
user_attrib_map = {
:uid => :uid,
:gid => :gid,
:comment => :gecos,
:home => :dir,
:shell => :shell
}
user_attrib_map.each do |user_attrib, getpwnam_attrib|
it "should set the current resources #{user_attrib} based on getpwnam #{getpwnam_attrib}" do
expect(@current_resource).to receive(user_attrib).with(@pw_user.send(getpwnam_attrib))
@provider.load_current_resource
end
end
it "should attempt to convert the group gid if one has been supplied" do
expect(@provider).to receive(:convert_group_name)
@provider.load_current_resource
end
it "shouldn't try and convert the group gid if none has been supplied" do
allow(@new_resource).to receive(:gid).and_return(nil)
expect(@provider).not_to receive(:convert_group_name)
@provider.load_current_resource
end
it "should return the current resource" do
expect(@provider.load_current_resource).to eql(@current_resource)
end
describe "and running assertions" do
def self.shadow_lib_unavail?
begin
require 'rubygems'
require 'shadow'
rescue LoadError => e
pending "ruby-shadow gem not installed for dynamic load test"
true
else
false
end
end
before (:each) do
user = @pw_user.dup
user.name = "root"
user.passwd = "x"
@new_resource.password "some new password"
allow(Etc).to receive(:getpwnam).and_return(user)
end
unless shadow_lib_unavail?
context "and we have the ruby-shadow gem" do
pending "and we are not root (rerun this again as root)", :requires_unprivileged_user => true
context "and we are root", :requires_root => true do
it "should pass assertions when ruby-shadow can be loaded" do
@provider.action = 'create'
original_method = @provider.method(:require)
expect(@provider).to receive(:require) { |*args| original_method.call(*args) }
passwd_info = Struct::PasswdEntry.new(:sp_namp => "adm ", :sp_pwdp => "$1$T0N0Q.lc$nyG6pFI3Dpqa5cxUz/57j0", :sp_lstchg => 14861, :sp_min => 0, :sp_max => 99999,
:sp_warn => 7, :sp_inact => -1, :sp_expire => -1, :sp_flag => -1)
expect(Shadow::Passwd).to receive(:getspnam).with("adam").and_return(passwd_info)
@provider.load_current_resource
@provider.define_resource_requirements
@provider.process_resource_requirements
end
end
end
end
it "should fail assertions when ruby-shadow cannot be loaded" do
expect(@provider).to receive(:require).with("shadow") { raise LoadError }
@provider.load_current_resource
@provider.define_resource_requirements
expect {@provider.process_resource_requirements}.to raise_error Chef::Exceptions::MissingLibrary
end
end
end
describe "compare_user" do
let(:mapping) {
{
'username' => ["adam", "Adam"],
'comment' => ["Adam Jacob", "adam jacob"],
'uid' => [1000, 1001],
'gid' => [1000, 1001],
'home' => ["/home/adam", "/Users/adam"],
'shell'=> ["/usr/bin/zsh", "/bin/bash"],
'password'=> ["abcd","12345"]
}
}
%w{uid gid comment home shell password}.each do |attribute|
it "should return true if #{attribute} doesn't match" do
@new_resource.send(attribute, mapping[attribute][0])
@current_resource.send(attribute, mapping[attribute][1])
expect(@provider.compare_user).to eql(true)
end
end
%w{uid gid}.each do |attribute|
it "should return false if string #{attribute} matches fixnum" do
@new_resource.send(attribute, "100")
@current_resource.send(attribute, 100)
expect(@provider.compare_user).to eql(false)
end
end
it "should return false if the objects are identical" do
expect(@provider.compare_user).to eql(false)
end
end
describe "action_create" do
before(:each) do
allow(@provider).to receive(:load_current_resource)
# @current_resource = double("Chef::Resource::User",
# :null_object => true,
# :username => "adam",
# :comment => "Adam Jacob",
# :uid => 1000,
# :gid => 1000,
# :home => "/home/adam",
# :shell => "/usr/bin/zsh",
# :password => nil,
# :updated => nil
# )
# @provider = Chef::Provider::User.new(@node, @new_resource)
# @provider.current_resource = @current_resource
# @provider.user_exists = false
# @provider.stub(:create_user).and_return(true)
# @provider.stub(:manage_user).and_return(true)
end
it "should call create_user if the user does not exist" do
@provider.user_exists = false
expect(@provider).to receive(:create_user).and_return(true)
@provider.action_create
@provider.set_updated_status
expect(@new_resource).to be_updated
end
it "should call manage_user if the user exists and has mismatched attributes" do
@provider.user_exists = true
allow(@provider).to receive(:compare_user).and_return(true)
expect(@provider).to receive(:manage_user).and_return(true)
@provider.action_create
end
it "should set the new_resources updated flag when it creates the user if we call manage_user" do
@provider.user_exists = true
allow(@provider).to receive(:compare_user).and_return(true)
allow(@provider).to receive(:manage_user).and_return(true)
@provider.action_create
@provider.set_updated_status
expect(@new_resource).to be_updated
end
end
describe "action_remove" do
before(:each) do
allow(@provider).to receive(:load_current_resource)
end
it "should not call remove_user if the user does not exist" do
@provider.user_exists = false
expect(@provider).not_to receive(:remove_user)
@provider.action_remove
end
it "should call remove_user if the user exists" do
@provider.user_exists = true
expect(@provider).to receive(:remove_user)
@provider.action_remove
end
it "should set the new_resources updated flag to true if the user is removed" do
@provider.user_exists = true
expect(@provider).to receive(:remove_user)
@provider.action_remove
@provider.set_updated_status
expect(@new_resource).to be_updated
end
end
describe "action_manage" do
before(:each) do
allow(@provider).to receive(:load_current_resource)
# @node = Chef::Node.new
# @new_resource = double("Chef::Resource::User",
# :null_object => true
# )
# @current_resource = double("Chef::Resource::User",
# :null_object => true
# )
# @provider = Chef::Provider::User.new(@node, @new_resource)
# @provider.current_resource = @current_resource
# @provider.user_exists = true
# @provider.stub(:manage_user).and_return(true)
end
it "should run manage_user if the user exists and has mismatched attributes" do
expect(@provider).to receive(:compare_user).and_return(true)
expect(@provider).to receive(:manage_user).and_return(true)
@provider.action_manage
end
it "should set the new resources updated flag to true if manage_user is called" do
allow(@provider).to receive(:compare_user).and_return(true)
allow(@provider).to receive(:manage_user).and_return(true)
@provider.action_manage
@provider.set_updated_status
expect(@new_resource).to be_updated
end
it "should not run manage_user if the user does not exist" do
@provider.user_exists = false
expect(@provider).not_to receive(:manage_user)
@provider.action_manage
end
it "should not run manage_user if the user exists but has no differing attributes" do
expect(@provider).to receive(:compare_user).and_return(false)
expect(@provider).not_to receive(:manage_user)
@provider.action_manage
end
end
describe "action_modify" do
before(:each) do
allow(@provider).to receive(:load_current_resource)
# @node = Chef::Node.new
# @new_resource = double("Chef::Resource::User",
# :null_object => true
# )
# @current_resource = double("Chef::Resource::User",
# :null_object => true
# )
# @provider = Chef::Provider::User.new(@node, @new_resource)
# @provider.current_resource = @current_resource
# @provider.user_exists = true
# @provider.stub(:manage_user).and_return(true)
end
it "should run manage_user if the user exists and has mismatched attributes" do
expect(@provider).to receive(:compare_user).and_return(true)
expect(@provider).to receive(:manage_user).and_return(true)
@provider.action_modify
end
it "should set the new resources updated flag to true if manage_user is called" do
allow(@provider).to receive(:compare_user).and_return(true)
allow(@provider).to receive(:manage_user).and_return(true)
@provider.action_modify
@provider.set_updated_status
expect(@new_resource).to be_updated
end
it "should not run manage_user if the user exists but has no differing attributes" do
expect(@provider).to receive(:compare_user).and_return(false)
expect(@provider).not_to receive(:manage_user)
@provider.action_modify
end
it "should raise a Chef::Exceptions::User if the user doesn't exist" do
@provider.user_exists = false
expect { @provider.action = :modify; @provider.run_action }.to raise_error(Chef::Exceptions::User)
end
end
describe "action_lock" do
before(:each) do
allow(@provider).to receive(:load_current_resource)
end
it "should lock the user if it exists and is unlocked" do
allow(@provider).to receive(:check_lock).and_return(false)
expect(@provider).to receive(:lock_user).and_return(true)
@provider.action_lock
end
it "should set the new resources updated flag to true if lock_user is called" do
allow(@provider).to receive(:check_lock).and_return(false)
expect(@provider).to receive(:lock_user)
@provider.action_lock
@provider.set_updated_status
expect(@new_resource).to be_updated
end
it "should raise a Chef::Exceptions::User if we try and lock a user that does not exist" do
@provider.user_exists = false
@provider.action = :lock
expect { @provider.run_action }.to raise_error(Chef::Exceptions::User)
end
end
describe "action_unlock" do
before(:each) do
allow(@provider).to receive(:load_current_resource)
# @node = Chef::Node.new
# @new_resource = double("Chef::Resource::User",
# :null_object => true
# )
# @current_resource = double("Chef::Resource::User",
# :null_object => true
# )
# @provider = Chef::Provider::User.new(@node, @new_resource)
# @provider.current_resource = @current_resource
# @provider.user_exists = true
# @provider.stub(:check_lock).and_return(true)
# @provider.stub(:unlock_user).and_return(true)
end
it "should unlock the user if it exists and is locked" do
allow(@provider).to receive(:check_lock).and_return(true)
expect(@provider).to receive(:unlock_user).and_return(true)
@provider.action_unlock
@provider.set_updated_status
expect(@new_resource).to be_updated
end
it "should raise a Chef::Exceptions::User if we try and unlock a user that does not exist" do
@provider.user_exists = false
@provider.action = :unlock
expect { @provider.run_action }.to raise_error(Chef::Exceptions::User)
end
end
describe "convert_group_name" do
before do
@new_resource.gid('999')
@group = EtcGrnamIsh.new('wheel', '*', 999, [])
end
it "should lookup the group name locally" do
expect(Etc).to receive(:getgrnam).with("999").and_return(@group)
expect(@provider.convert_group_name).to eq(999)
end
it "should raise an error if we can't translate the group name during resource assertions" do
expect(Etc).to receive(:getgrnam).and_raise(ArgumentError)
@provider.define_resource_requirements
@provider.convert_group_name
expect { @provider.process_resource_requirements }.to raise_error(Chef::Exceptions::User)
end
it "should set the new resources gid to the integerized version if available" do
expect(Etc).to receive(:getgrnam).with("999").and_return(@group)
@provider.convert_group_name
expect(@new_resource.gid).to eq(999)
end
end
end