Enhancement section custom resource (#344)

* Custom Resource of iis_section
Signed-off-by: Justin Schuhmann <jmschu02@gmail.com>

* Section custom resource
Signed-off-by: Justin Schuhmann <jmschu02@gmail.com>

Author: EasyAsABC123

.kitchen.appveyor.yml

@@ -21,6 +21,9 @@ suites:
   - name: app
     run_list:
       - recipe[test::app]
+  - name: section
+    run_list:
+      - recipe[test::section]
   - name: site
     run_list:
       - recipe[test::site]
@@ -29,4 +32,4 @@ suites:
       - recipe[test::pool]
   - name: vdir
     run_list:
-      - recipe[test::vdir]
+      - recipe[test::vdir]

.kitchen.yml

@@ -26,6 +26,9 @@ suites:
   - name: app
     run_list:
       - recipe[test::app]
+  - name: section
+    run_list:
+      - recipe[test::section]
   - name: site
     run_list:
       - recipe[test::site]

.rubocop.yml

@@ -6,6 +6,7 @@ Style/PredicateName:
   Exclude:
     - 'test/integration/app/libraries/*'
     - 'test/integration/pool/libraries/*'
+    - 'test/integration/section/libraries/*'
     - 'test/integration/vdir/libraries/*'
 
 Style/GuardClause:

README.md

@@ -466,7 +466,10 @@ This is valuable to allow the `web.config` of an individual application/website
 #### Attribute Parameters
 
 - `section`: The name of the section to lock.
+- `site`: The name of the site you want to lock or unlock a section for.
+- `application_path`: The path to the application you want to lock or unlock a section for.
 - `returns`: The result of the `shell_out` command.
+- 
 
 #### Examples
 
@@ -502,6 +505,25 @@ iis_section 'unlocked web.config globally for Basic auth' do
 end
 ```
 
+```ruby
+# Sets the static content section for default web site and root to unlocked
+iis_section 'unlock staticContent of default web site' do
+  section 'system.webServer/staticContent'
+  site 'Default Web Site'
+  action :unlock
+end
+```
+
+```ruby
+# Sets the static content section for test_app under default website and root to be unlocked
+iis_section 'unlock staticContent of default web site' do
+  section 'system.webServer/staticContent'
+  site 'Default Web Site'
+  application_path '/test_app'
+  action :unlock
+end
+```
+
 ### iis_module
 
 Manages modules globally or on a per site basis.

libraries/helper.rb

@@ -2,10 +2,7 @@
 # Cookbook:: iis
 # Library:: helper
 #
-# Author:: Julian C. Dunn <jdunn@chef.io>
-# Author:: Justin Schuhmann <jmschu02@gmail.com>
-#
-# Copyright:: 2013-2016, Chef Software, Inc.
+# Copyright:: 2013-2017, Chef Software, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

libraries/section_helper.rb

@@ -0,0 +1,68 @@
+#
+# Cookbook:: iis
+# Library:: helper
+#
+# Copyright:: 2013-2017, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+module Opscode
+  module IIS
+    # Contains functions that are used throughout this cookbook
+    module SectionHelper
+      require 'rexml/document'
+      include REXML
+
+      def lock(node, section, location, returns)
+        cmd_list_section node, :lock, section, location, returns
+      end
+
+      def unlock(node, section, location, returns)
+        cmd_list_section node, :unlock, section, location, returns
+      end
+
+      def cmd_section(node, check, section, location, returns)
+        cmd = "#{appcmd(node)} set config \"MACHINE/WEBROOT/APPHOST/#{location}\""
+        cmd << " -section:\"#{section}\" -overrideMode:#{check}"
+        cmd << ' -commit:apphost'
+        Chef::Log.debug(cmd)
+        shell_out!(cmd, returns: returns)
+
+        return unless location
+        cmd = "#{appcmd(node)} set config \"MACHINE/WEBROOT/APPHOST/#{location}\""
+        cmd << " -section:\"#{section}\" -overrideMode:#{check}"
+        Chef::Log.debug(cmd)
+        shell_out!(cmd, returns: returns)
+      end
+
+      def cmd_list_section(node, action, section, location, returns)
+        command_path = 'MACHINE/WEBROOT/APPHOST'
+        command_path << "/#{location}" if location
+        cmd = "#{appcmd(node)} list config \"#{command_path}}\""
+        cmd << " -section:#{section} -commit:apphost /config:* /xml"
+        result = shell_out cmd
+        if result.stderr.empty?
+          xml = result.stdout
+          doc = Document.new xml
+          check = action == :lock ? 'Deny' : 'Allow'
+          unless value(doc.root, 'CONFIG/@overrideMode') == check
+            cmd_section node, check, section, location, returns
+          end
+        else
+          Chef::Log.info(result.stderr)
+        end
+      end
+    end
+  end
+end

providers/section.rb

@@ -1,9 +1,8 @@
 #
-# Author:: Justin Schuhmann
 # Cookbook:: iis
-# Resource:: lock
+# Resource:: section
 #
-# Copyright:: 2016, Justin Schuhmann
+# Copyright:: 2016-2017, Chef Software, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -18,10 +17,57 @@
 # limitations under the License.
 #
 
-actions :lock, :unlock
-default_action :lock
+require 'rexml/document'
 
-attribute :section, kind_of: String
-attribute :returns, kind_of: [Integer, Array], default: 0
+include REXML
+include Opscode::IIS::Helper
+include Opscode::IIS::SectionHelper
+include Opscode::IIS::Processors
 
-attr_accessor :exists
+property :section, String, name_property: true
+property :site, String
+property :application_path, String
+property :returns, [Integer, Array], default: 0
+property :locked, String
+
+default_action :unlock
+
+load_current_value do |desired|
+  section desired.section
+  site desired.site
+  application_path desired.application_path
+  command_path = 'MACHINE/WEBROOT/APPHOST'
+  command_path << "/#{site}" if site
+  command_path << application_path.to_s if application_path
+  cmd = "#{appcmd(node)} list config \"#{command_path}\""
+  cmd << " -section:\"#{section}\" /commit:apphost /config:* /xml"
+  Chef::Log.debug(cmd)
+  cmd = shell_out(cmd)
+  if cmd.stderr.empty?
+    xml = cmd.stdout
+    doc = Document.new(xml)
+    locked value doc.root, 'CONFIG/@overrideMode'
+  else
+    Chef::Log.info(cmd.stderr)
+  end
+end
+
+action :lock do
+  if current_resource.locked != 'Deny'
+    converge_by "Locking the section - \"#{new_resource}\"" do
+      lock node, new_resource.section, "#{new_resource.site}#{new_resource.application_path}", new_resource.returns
+    end
+  else
+    Chef::Log.debug("#{new_resource} already locked - nothing to do")
+  end
+end
+
+action :unlock do
+  if current_resource.locked != 'Allow'
+    converge_by "Unlocking the section - \"#{new_resource}\"" do
+      unlock node, new_resource.section, "#{new_resource.site}#{new_resource.application_path}", new_resource.returns
+    end
+  else
+    Chef::Log.debug("#{new_resource} already unlocked - nothing to do")
+  end
+end

resources/section.rb

@@ -0,0 +1,25 @@
+#
+# Cookbook:: test
+# Recipe:: site
+#
+# copyright: 2017, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+include_recipe 'iis'
+
+iis_section 'unlock staticContent of default web site' do
+  section 'system.webServer/staticContent'
+  site 'Default Web Site'
+  action :unlock
+end

test/cookbooks/test/recipes/section.rb

@@ -0,0 +1,3 @@
+# `iis_section` InSpec Profile
+
+This will allow the testing of `iis_section` until it can be added into inspec.

test/integration/section/README.md

@@ -0,0 +1,17 @@
+# encoding: utf-8
+# copyright: 2017, Chef Software, Inc.
+# license: All rights reserved
+
+title 'iis_section section'
+
+describe service('W3SVC') do
+  it { should be_installed }
+  it { should be_running }
+  its ('startmode') { should eq 'Auto' }
+end
+
+describe iis_section('system.webServer/staticContent', 'Default Web Site') do
+  it { should exist }
+  it { should have_override_mode('Allow') }
+  it { should have_override_mode_effective('Allow') }
+end

test/integration/section/controls/section_spec.rb

@@ -0,0 +1,6 @@
+name: section
+title: iis_section InSpec Profile
+copyright: 2017, Chef Software, Inc.
+license: All Rights Reserved
+summary: An InSpec Compliance Profile for iis_section
+version: 0.1.0