Derive default config permissions from attributes

Use the same attributes to provide defaults for consul_definition and consul_watch as are used for consul_config. Consolidated each test suite as a recipe in the consul_spec cookbook to reduce the boilerplate this would have added to kitchen.yml.
sous-chefs · Jun 12, 2016 · d40c677 · d40c677
1 parent 450c0cc
commit d40c677
Show file tree

Hide file tree

Showing 9 changed files with 83 additions and 16 deletions.
diff --git a/.kitchen.yml b/.kitchen.yml
@@ -37,7 +37,7 @@ platforms:
 suites:
   - name: default
     run_list:
-      - recipe[consul::default]
+      - recipe[consul_spec::default]
     attributes:
       consul:
         config: &default-config
@@ -49,7 +49,7 @@ suites:
           encrypt: CGXC2NsXW4AvuB4h5ODYzQ==
   - name: git
     run_list:
-      - recipe[consul::default]
+      - recipe[consul_spec::default]
     attributes:
       consul:
         config: *default-config
@@ -59,7 +59,7 @@ suites:
       - windows-2012r2
   - name: webui
     run_list:
-      - recipe[consul::default]
+      - recipe[consul_spec::default]
     attributes:
       consul:
         config:
@@ -70,8 +70,6 @@ suites:
           encrypt: CGXC2NsXW4AvuB4h5ODYzQ==
   - name: acl
     run_list:
-      - recipe[consul::default]
-      - recipe[consul::client_gem]
       - recipe[consul_spec::acl]
     attributes:
       consul:

diff --git a/libraries/consul_definition.rb b/libraries/consul_definition.rb
@@ -21,11 +21,11 @@ class ConsulDefinition < Chef::Resource
 
       # @!attribute user
       # @return [String]
-      attribute(:user, kind_of: String, default: 'consul')
+      attribute(:user, kind_of: String, default: lazy { node['consul']['config']['owner'] })
 
       # @!attribute group
       # @return [String]
-      attribute(:group, kind_of: String, default: 'consul')
+      attribute(:group, kind_of: String, default: lazy { node['consul']['config']['group'] })
 
       # @!attribute type
       # @return [String]
@@ -49,6 +49,9 @@ def to_json
               owner new_resource.user
               group new_resource.group
               mode '0755'
+              # Prevent clobbering permissions on the directory since the intent
+              # in this context is to set the permissions of the definition file
+              not_if { Dir.exist? self.path }
             end
           end
 

diff --git a/libraries/consul_watch.rb b/libraries/consul_watch.rb
@@ -21,11 +21,11 @@ class ConsulWatch < Chef::Resource
 
       # @!attribute user
       # @return [String]
-      attribute(:user, kind_of: String, default: 'consul')
+      attribute(:user, kind_of: String, default: lazy { node['consul']['config']['owner'] })
 
       # @!attribute group
       # @return [String]
-      attribute(:group, kind_of: String, default: 'consul')
+      attribute(:group, kind_of: String, default: lazy { node['consul']['config']['group'] })
 
       # @!attribute type
       # @return [String]

diff --git a/test/cookbooks/consul_spec/recipes/acl.rb b/test/cookbooks/consul_spec/recipes/acl.rb
@@ -1,3 +1,6 @@
+include_recipe 'consul_spec::default'
+include_recipe 'consul::client_gem'
+
 package 'curl'
 
 consul_acl 'anonymous' do

diff --git a/test/cookbooks/consul_spec/recipes/consul_definition.rb b/test/cookbooks/consul_spec/recipes/consul_definition.rb
@@ -0,0 +1,21 @@
+
+# The ruby interpreter is guaranteed to exist since it's currently running.
+file "/consul_definition_check.rb" do
+  content (<<-EOF).gsub(/^ */, '')
+    #!#{RbConfig.ruby}
+    exit 0
+  EOF
+  unless node.platform?('windows')
+    owner 'root'
+    mode '0755'
+  end
+end
+
+consul_definition 'consul_definition_check' do
+  type 'check'
+  parameters(id: "consul_definition_check",
+             script: '/consul_definition_check.rb',
+             interval: '10s',
+             timeout: '10s')
+  notifies :reload, 'consul_service[consul]', :delayed
+end
diff --git a/test/cookbooks/consul_spec/recipes/consul_watch.rb b/test/cookbooks/consul_spec/recipes/consul_watch.rb
@@ -0,0 +1,18 @@
+
+# The ruby interpreter is guaranteed to exist since it's currently running.
+file "/consul_watch_handler.rb" do
+  content (<<-EOF).gsub(/^ */, '')
+    #!#{RbConfig.ruby}
+    exit 0
+  EOF
+  unless node.platform?('windows')
+    owner 'root'
+    mode '0755'
+  end
+end
+
+consul_watch 'consul_watch_check' do
+  type 'event'
+  parameters(handler: "/consul_watch_handler.rb")
+  notifies :reload, 'consul_service[consul]', :delayed
+end
diff --git a/test/integration/default/serverspec/default_spec.rb b/test/integration/default/serverspec/default_spec.rb
@@ -88,4 +88,20 @@
       EOT
     end
   end
-end
+end
+
+describe file("#{confd_dir}/consul_definition_check.json") do
+  it { should be_file }
+  it { should be_owned_by     'root' }
+  it { should be_grouped_into 'consul' }
+
+  it { should be_mode 640 }
+end
+
+describe file("#{confd_dir}/consul_watch_check.json") do
+  it { should be_file }
+  it { should be_owned_by     'root' }
+  it { should be_grouped_into 'consul' }
+
+  it { should be_mode 640 }
+end
diff --git a/test/spec/libraries/consul_definition_spec.rb b/test/spec/libraries/consul_definition_spec.rb
@@ -8,7 +8,11 @@
     default_attributes['consul'] = {
       'service' => {
         'config_dir' => '/etc/consul/conf.d'
-        }
+        },
+      'config' => {
+        'owner' => 'root',
+        'group' => 'consul'
+       }
       }
   end
 
@@ -23,7 +27,7 @@
     it { is_expected.to create_directory('/etc/consul/conf.d') }
     it do
       is_expected.to create_file('/etc/consul/conf.d/redis.json')
-      .with(user: 'consul', group: 'consul', mode: '0640')
+      .with(user: 'root', group: 'consul', mode: '0640')
       .with(content: JSON.pretty_generate(
         service: {
           tags: ['master'],
@@ -47,7 +51,7 @@
     it { is_expected.to create_directory('/etc/consul/conf.d') }
     it do
       is_expected.to create_file('/etc/consul/conf.d/redis.json')
-      .with(user: 'consul', group: 'consul', mode: '0640')
+      .with(user: 'root', group: 'consul', mode: '0640')
       .with(content: JSON.pretty_generate(
         service: {
           name: 'myredis',
@@ -71,7 +75,7 @@
     it { is_expected.to create_directory('/etc/consul/conf.d') }
     it do
       is_expected.to create_file('/etc/consul/conf.d/web-api.json')
-      .with(user: 'consul', group: 'consul', mode: '0640')
+      .with(user: 'root', group: 'consul', mode: '0640')
       .with(content: JSON.pretty_generate(
         check: {
           http: 'http://localhost:5000/health',

diff --git a/test/spec/libraries/consul_watch_spec.rb b/test/spec/libraries/consul_watch_spec.rb
@@ -8,7 +8,11 @@
     default_attributes['consul'] = {
       'service' => {
         'config_dir' => '/etc/consul/conf.d'
-        }
+        },
+      'config' => {
+        'owner' => 'root',
+        'group' => 'consul'
+       }
       }
   end
 
@@ -23,7 +27,7 @@
     it { is_expected.to create_directory('/etc/consul/conf.d') }
     it do
       is_expected.to create_file('/etc/consul/conf.d/foo.json')
-      .with(user: 'consul', group: 'consul', mode: '0640')
+      .with(user: 'root', group: 'consul', mode: '0640')
       .with(content: JSON.pretty_generate(
         {
           watches: [