(PUP-1133) Reset permission on Windows test files

- Previously some security tests manipulated file permissions in a way that made it impossible for the top-level spec temp file cleanup to be performed. This patch resets the files after runs.
kotter · Dec 20, 2013 · 776767c · 776767c
1 parent ba09bfe
commit 776767c
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 0 deletions.
diff --git a/spec/integration/type/file_spec.rb b/spec/integration/type/file_spec.rb
@@ -1179,6 +1179,19 @@ def expects_at_least_one_inherited_system_ace_grants_full_access(path)
             catalog.add_resource @directory
           end
 
+          def grant_everyone_full_access(path)
+            sd = Puppet::Util::Windows::Security.get_security_descriptor(path)
+            sd.dacl.allow(
+              'S-1-1-0', #everyone
+              Windows::File::FILE_ALL_ACCESS,
+              Windows::File::OBJECT_INHERIT_ACE | Windows::File::CONTAINER_INHERIT_ACE)
+            Puppet::Util::Windows::Security.set_security_descriptor(path, sd)
+          end
+
+          after :each do
+            grant_everyone_full_access(dir)
+          end
+
           describe "when source permissions are ignored" do
             before :each do
               @directory[:source_permissions] = :ignore

diff --git a/spec/integration/util/windows/security_spec.rb b/spec/integration/util/windows/security_spec.rb
@@ -43,6 +43,14 @@ def set_group_depending_on_current_user(path)
     end
   end
 
+  def grant_everyone_full_access(path)
+    sd = winsec.get_security_descriptor(path)
+    everyone = 'S-1-1-0'
+    inherit = WindowsSecurityTester::OBJECT_INHERIT_ACE | WindowsSecurityTester::CONTAINER_INHERIT_ACE
+    sd.dacl.allow(everyone, Windows::File::FILE_ALL_ACCESS, inherit)
+    winsec.set_security_descriptor(path, sd)
+  end
+
   shared_examples_for "only child owner" do
     it "should allow child owner" do
       winsec.set_owner(sids[:guest], parent)
@@ -616,6 +624,11 @@ def set_group_depending_on_current_user(path)
       path
     end
 
+    after :each do
+      # allow temp files to be cleaned up
+      grant_everyone_full_access(parent)
+    end
+
     it_behaves_like "a securable object" do
       def check_access(mode, path)
         if (mode & WindowsSecurityTester::S_IRUSR).nonzero?
@@ -682,6 +695,11 @@ def check_delete(path)
       path
     end
 
+    after :each do
+      # allow temp files to be cleaned up
+      grant_everyone_full_access(parent)
+    end
+
     it_behaves_like "a securable object" do
       def check_access(mode, path)
         if (mode & WindowsSecurityTester::S_IRUSR).nonzero?