diff --git a/cheffish.gemspec b/cheffish.gemspec index 2f7a63c..e011618 100644 --- a/cheffish.gemspec +++ b/cheffish.gemspec @@ -12,7 +12,7 @@ Gem::Specification.new do |s| s.email = 'jkeiser@chef.io' s.homepage = 'http://github.com/chef/cheffish' - s.add_dependency 'chef-zero', '~> 4.2' + s.add_dependency 'chef-zero', '~> 4.3' s.add_development_dependency 'chef', '~> 12.2' s.add_development_dependency 'rake' diff --git a/lib/chef/provider/chef_acl.rb b/lib/chef/provider/chef_acl.rb index d3c23cf..4451a3b 100644 --- a/lib/chef/provider/chef_acl.rb +++ b/lib/chef/provider/chef_acl.rb @@ -50,7 +50,7 @@ def create_acl(path) # Compare the desired and current json for the ACL, and update if different. modify = {} desired_acl(acl).each do |permission, desired_json| - differences = json_differences(current_json[permission], desired_json) + differences = json_differences(sort_values(current_json[permission]), sort_values(desired_json)) if differences.size > 0 # Verify we aren't trying to destroy grant permissions @@ -144,6 +144,13 @@ def desired_acl(acl_path) result end + def sort_values(json) + json.each do |key, value| + json[key] = value.sort if value.is_a?(Array) + end + json + end + def add_rights(acl_path, json) if new_resource.rights new_resource.rights.each do |rights| diff --git a/spec/integration/chef_acl_spec.rb b/spec/integration/chef_acl_spec.rb index 0490f53..d6c0308 100644 --- a/spec/integration/chef_acl_spec.rb +++ b/spec/integration/chef_acl_spec.rb @@ -120,6 +120,19 @@ group 'g2', {} group 'g3', {} + it 'Converging chef_acls should ignore order of the values in the acls' do + expect_recipe { + chef_acl 'nodes/x' do + rights :create, users: [ 'u1', 'u2', 'u3' ], clients: [ 'c1', 'c2', 'c3' ], groups: [ 'g1', 'g2', 'g3' ] + end + }.to be_updated + expect_recipe { + chef_acl 'nodes/x' do + rights :create, users: [ 'u2', 'u3', 'u1' ], clients: [ 'c3', 'c2', 'c1' ], groups: [ 'g1', 'g2', 'g3' ] + end + }.to be_up_to_date + end + it 'Converging chef_acl "nodes/x" with multiple groups, users and clients in an acl makes the appropriate changes' do expect_recipe { chef_acl 'nodes/x' do