diff options
author | danielsdeleo <dan@getchef.com> | 2014-12-15 10:41:16 -0800 |
---|---|---|
committer | danielsdeleo <dan@getchef.com> | 2014-12-15 10:41:16 -0800 |
commit | 27dfd3f3d65c560b2c53b2e15f144cdb774f087e (patch) | |
tree | 47c56265aa31b97010c71a3d7143ebb5d4a674a0 | |
parent | a39c59dcb83fe85b2177d7501050c95109276ad3 (diff) | |
parent | 49689f6ba30eec7d3b325e4add31332e31ed0816 (diff) | |
download | chef-27dfd3f3d65c560b2c53b2e15f144cdb774f087e.tar.gz |
Merge branch 'knife-ssl-error-messaging'
-rw-r--r-- | lib/chef/knife.rb | 7 | ||||
-rw-r--r-- | spec/unit/knife_spec.rb | 158 |
2 files changed, 101 insertions, 64 deletions
diff --git a/lib/chef/knife.rb b/lib/chef/knife.rb index 3f234d7ce3..51ccb99955 100644 --- a/lib/chef/knife.rb +++ b/lib/chef/knife.rb @@ -428,6 +428,13 @@ class Chef raise # make sure exit passes through. when Net::HTTPServerException, Net::HTTPFatalError humanize_http_exception(e) + when OpenSSL::SSL::SSLError + ui.error "Could not establish a secure connection to the server." + ui.info "Use `knife ssl check` to troubleshoot your SSL configuration." + ui.info "If your Chef Server uses a self-signed certificate, you can use" + ui.info "`knife ssl fetch` to make knife trust the server's certificates." + ui.info "" + ui.info "Original Exception: #{e.class.name}: #{e.message}" when Errno::ECONNREFUSED, Timeout::Error, Errno::ETIMEDOUT, SocketError ui.error "Network Error: #{e.message}" ui.info "Check your knife configuration and network settings" diff --git a/spec/unit/knife_spec.rb b/spec/unit/knife_spec.rb index 8f652e58c7..2ccf8493ad 100644 --- a/spec/unit/knife_spec.rb +++ b/spec/unit/knife_spec.rb @@ -25,6 +25,11 @@ require 'spec_helper' require 'uri' describe Chef::Knife do + + let(:stderr) { StringIO.new } + + let(:knife) { Chef::Knife.new } + before(:each) do Chef::Log.logger = Logger.new(StringIO.new) @@ -32,16 +37,14 @@ describe Chef::Knife do # Prevent gratuitous code reloading: allow(Chef::Knife).to receive(:load_commands) - @knife = Chef::Knife.new - allow(@knife.ui).to receive(:puts) - allow(@knife.ui).to receive(:print) + allow(knife.ui).to receive(:puts) + allow(knife.ui).to receive(:print) allow(Chef::Log).to receive(:init) allow(Chef::Log).to receive(:level) [:debug, :info, :warn, :error, :crit].each do |level_sym| allow(Chef::Log).to receive(level_sym) end allow(Chef::Knife).to receive(:puts) - @stderr = StringIO.new end after(:each) do @@ -217,7 +220,10 @@ describe Chef::Knife do end it "exits if no subcommand matches the CLI args" do - allow(Chef::Knife.ui).to receive(:stderr).and_return(@stderr) + stdout = StringIO.new + + allow(Chef::Knife.ui).to receive(:stderr).and_return(stderr) + allow(Chef::Knife.ui).to receive(:stdout).and_return(stdout) expect(Chef::Knife.ui).to receive(:fatal) expect {Chef::Knife.run(%w{fuuu uuuu fuuuu})}.to raise_error(SystemExit) { |e| expect(e.status).not_to eq(0) } end @@ -269,157 +275,181 @@ describe Chef::Knife do let(:fake_config) { "/does/not/exist/knife.rb" } before do - @knife.config[:verbosity] = 1 - @knife.config[:config_file] = fake_config + knife.config[:verbosity] = 1 + knife.config[:config_file] = fake_config config_loader = double("Chef::WorkstationConfigLoader", :load => true, :no_config_found? => false, :chef_config_dir => "/etc/chef", :config_location => fake_config) allow(config_loader).to receive(:explicit_config_file=).with(fake_config).and_return(fake_config) allow(Chef::WorkstationConfigLoader).to receive(:new).and_return(config_loader) end it "prints the path to the configuration file used" do - @stdout, @stderr, @stdin = StringIO.new, StringIO.new, StringIO.new - @knife.ui = Chef::Knife::UI.new(@stdout, @stderr, @stdin, {}) + stdout, stderr, stdin = StringIO.new, StringIO.new, StringIO.new + knife.ui = Chef::Knife::UI.new(stdout, stderr, stdin, {}) expect(Chef::Log).to receive(:info).with("Using configuration from #{fake_config}") - @knife.configure_chef + knife.configure_chef end end end end describe "when first created" do + + let(:knife) { KnifeSpecs::TestYourself.new(%w{with some args -s scrogramming}) } + before do unless KnifeSpecs.const_defined?(:TestYourself) Kernel.load(File.join(CHEF_SPEC_DATA, 'knife_subcommand', 'test_yourself.rb')) end - @knife = KnifeSpecs::TestYourself.new(%w{with some args -s scrogramming}) end it "it parses the options passed to it" do - expect(@knife.config[:scro]).to eq('scrogramming') + expect(knife.config[:scro]).to eq('scrogramming') end it "extracts its command specific args from the full arg list" do - expect(@knife.name_args).to eq(%w{with some args}) + expect(knife.name_args).to eq(%w{with some args}) end it "does not have lazy dependencies loaded" do - expect(@knife.class.test_deps_loaded).not_to be_truthy + expect(knife.class.test_deps_loaded).not_to be_truthy end end describe "when formatting exceptions" do + + let(:stdout) { StringIO.new } + let(:stderr) { StringIO.new } + let(:stdin) { StringIO.new } + + let(:ui) { Chef::Knife::UI.new(stdout, stderr, stdin, {}) } + before do - @stdout, @stderr, @stdin = StringIO.new, StringIO.new, StringIO.new - @knife.ui = Chef::Knife::UI.new(@stdout, @stderr, @stdin, {}) - expect(@knife).to receive(:exit).with(100) + knife.ui = ui + expect(knife).to receive(:exit).with(100) end it "formats 401s nicely" do response = Net::HTTPUnauthorized.new("1.1", "401", "Unauthorized") response.instance_variable_set(:@read, true) # I hate you, net/http. allow(response).to receive(:body).and_return(Chef::JSONCompat.to_json(:error => "y u no syncronize your clock?")) - allow(@knife).to receive(:run).and_raise(Net::HTTPServerException.new("401 Unauthorized", response)) - @knife.run_with_pretty_exceptions - expect(@stderr.string).to match(/ERROR: Failed to authenticate to/) - expect(@stderr.string).to match(/Response: y u no syncronize your clock\?/) + allow(knife).to receive(:run).and_raise(Net::HTTPServerException.new("401 Unauthorized", response)) + knife.run_with_pretty_exceptions + expect(stderr.string).to match(/ERROR: Failed to authenticate to/) + expect(stderr.string).to match(/Response: y u no syncronize your clock\?/) end it "formats 403s nicely" do response = Net::HTTPForbidden.new("1.1", "403", "Forbidden") response.instance_variable_set(:@read, true) # I hate you, net/http. allow(response).to receive(:body).and_return(Chef::JSONCompat.to_json(:error => "y u no administrator")) - allow(@knife).to receive(:run).and_raise(Net::HTTPServerException.new("403 Forbidden", response)) - allow(@knife).to receive(:username).and_return("sadpanda") - @knife.run_with_pretty_exceptions - expect(@stderr.string).to match(%r[ERROR: You authenticated successfully to http.+ as sadpanda but you are not authorized for this action]) - expect(@stderr.string).to match(%r[Response: y u no administrator]) + allow(knife).to receive(:run).and_raise(Net::HTTPServerException.new("403 Forbidden", response)) + allow(knife).to receive(:username).and_return("sadpanda") + knife.run_with_pretty_exceptions + expect(stderr.string).to match(%r[ERROR: You authenticated successfully to http.+ as sadpanda but you are not authorized for this action]) + expect(stderr.string).to match(%r[Response: y u no administrator]) end it "formats 400s nicely" do response = Net::HTTPBadRequest.new("1.1", "400", "Bad Request") response.instance_variable_set(:@read, true) # I hate you, net/http. allow(response).to receive(:body).and_return(Chef::JSONCompat.to_json(:error => "y u search wrong")) - allow(@knife).to receive(:run).and_raise(Net::HTTPServerException.new("400 Bad Request", response)) - @knife.run_with_pretty_exceptions - expect(@stderr.string).to match(%r[ERROR: The data in your request was invalid]) - expect(@stderr.string).to match(%r[Response: y u search wrong]) + allow(knife).to receive(:run).and_raise(Net::HTTPServerException.new("400 Bad Request", response)) + knife.run_with_pretty_exceptions + expect(stderr.string).to match(%r[ERROR: The data in your request was invalid]) + expect(stderr.string).to match(%r[Response: y u search wrong]) end it "formats 404s nicely" do response = Net::HTTPNotFound.new("1.1", "404", "Not Found") response.instance_variable_set(:@read, true) # I hate you, net/http. allow(response).to receive(:body).and_return(Chef::JSONCompat.to_json(:error => "nothing to see here")) - allow(@knife).to receive(:run).and_raise(Net::HTTPServerException.new("404 Not Found", response)) - @knife.run_with_pretty_exceptions - expect(@stderr.string).to match(%r[ERROR: The object you are looking for could not be found]) - expect(@stderr.string).to match(%r[Response: nothing to see here]) + allow(knife).to receive(:run).and_raise(Net::HTTPServerException.new("404 Not Found", response)) + knife.run_with_pretty_exceptions + expect(stderr.string).to match(%r[ERROR: The object you are looking for could not be found]) + expect(stderr.string).to match(%r[Response: nothing to see here]) end it "formats 500s nicely" do response = Net::HTTPInternalServerError.new("1.1", "500", "Internal Server Error") response.instance_variable_set(:@read, true) # I hate you, net/http. allow(response).to receive(:body).and_return(Chef::JSONCompat.to_json(:error => "sad trombone")) - allow(@knife).to receive(:run).and_raise(Net::HTTPFatalError.new("500 Internal Server Error", response)) - @knife.run_with_pretty_exceptions - expect(@stderr.string).to match(%r[ERROR: internal server error]) - expect(@stderr.string).to match(%r[Response: sad trombone]) + allow(knife).to receive(:run).and_raise(Net::HTTPFatalError.new("500 Internal Server Error", response)) + knife.run_with_pretty_exceptions + expect(stderr.string).to match(%r[ERROR: internal server error]) + expect(stderr.string).to match(%r[Response: sad trombone]) end it "formats 502s nicely" do response = Net::HTTPBadGateway.new("1.1", "502", "Bad Gateway") response.instance_variable_set(:@read, true) # I hate you, net/http. allow(response).to receive(:body).and_return(Chef::JSONCompat.to_json(:error => "sadder trombone")) - allow(@knife).to receive(:run).and_raise(Net::HTTPFatalError.new("502 Bad Gateway", response)) - @knife.run_with_pretty_exceptions - expect(@stderr.string).to match(%r[ERROR: bad gateway]) - expect(@stderr.string).to match(%r[Response: sadder trombone]) + allow(knife).to receive(:run).and_raise(Net::HTTPFatalError.new("502 Bad Gateway", response)) + knife.run_with_pretty_exceptions + expect(stderr.string).to match(%r[ERROR: bad gateway]) + expect(stderr.string).to match(%r[Response: sadder trombone]) end it "formats 503s nicely" do response = Net::HTTPServiceUnavailable.new("1.1", "503", "Service Unavailable") response.instance_variable_set(:@read, true) # I hate you, net/http. allow(response).to receive(:body).and_return(Chef::JSONCompat.to_json(:error => "saddest trombone")) - allow(@knife).to receive(:run).and_raise(Net::HTTPFatalError.new("503 Service Unavailable", response)) - @knife.run_with_pretty_exceptions - expect(@stderr.string).to match(%r[ERROR: Service temporarily unavailable]) - expect(@stderr.string).to match(%r[Response: saddest trombone]) + allow(knife).to receive(:run).and_raise(Net::HTTPFatalError.new("503 Service Unavailable", response)) + knife.run_with_pretty_exceptions + expect(stderr.string).to match(%r[ERROR: Service temporarily unavailable]) + expect(stderr.string).to match(%r[Response: saddest trombone]) end it "formats other HTTP errors nicely" do response = Net::HTTPPaymentRequired.new("1.1", "402", "Payment Required") response.instance_variable_set(:@read, true) # I hate you, net/http. allow(response).to receive(:body).and_return(Chef::JSONCompat.to_json(:error => "nobugfixtillyoubuy")) - allow(@knife).to receive(:run).and_raise(Net::HTTPServerException.new("402 Payment Required", response)) - @knife.run_with_pretty_exceptions - expect(@stderr.string).to match(%r[ERROR: Payment Required]) - expect(@stderr.string).to match(%r[Response: nobugfixtillyoubuy]) + allow(knife).to receive(:run).and_raise(Net::HTTPServerException.new("402 Payment Required", response)) + knife.run_with_pretty_exceptions + expect(stderr.string).to match(%r[ERROR: Payment Required]) + expect(stderr.string).to match(%r[Response: nobugfixtillyoubuy]) end it "formats NameError and NoMethodError nicely" do - allow(@knife).to receive(:run).and_raise(NameError.new("Undefined constant FUUU")) - @knife.run_with_pretty_exceptions - expect(@stderr.string).to match(%r[ERROR: knife encountered an unexpected error]) - expect(@stderr.string).to match(%r[This may be a bug in the 'knife' knife command or plugin]) - expect(@stderr.string).to match(%r[Exception: NameError: Undefined constant FUUU]) + allow(knife).to receive(:run).and_raise(NameError.new("Undefined constant FUUU")) + knife.run_with_pretty_exceptions + expect(stderr.string).to match(%r[ERROR: knife encountered an unexpected error]) + expect(stderr.string).to match(%r[This may be a bug in the 'knife' knife command or plugin]) + expect(stderr.string).to match(%r[Exception: NameError: Undefined constant FUUU]) end it "formats missing private key errors nicely" do - allow(@knife).to receive(:run).and_raise(Chef::Exceptions::PrivateKeyMissing.new('key not there')) - allow(@knife).to receive(:api_key).and_return("/home/root/.chef/no-key-here.pem") - @knife.run_with_pretty_exceptions - expect(@stderr.string).to match(%r[ERROR: Your private key could not be loaded from /home/root/.chef/no-key-here.pem]) - expect(@stderr.string).to match(%r[Check your configuration file and ensure that your private key is readable]) + allow(knife).to receive(:run).and_raise(Chef::Exceptions::PrivateKeyMissing.new('key not there')) + allow(knife).to receive(:api_key).and_return("/home/root/.chef/no-key-here.pem") + knife.run_with_pretty_exceptions + expect(stderr.string).to match(%r[ERROR: Your private key could not be loaded from /home/root/.chef/no-key-here.pem]) + expect(stderr.string).to match(%r[Check your configuration file and ensure that your private key is readable]) end it "formats connection refused errors nicely" do - allow(@knife).to receive(:run).and_raise(Errno::ECONNREFUSED.new('y u no shut up')) - @knife.run_with_pretty_exceptions + allow(knife).to receive(:run).and_raise(Errno::ECONNREFUSED.new('y u no shut up')) + knife.run_with_pretty_exceptions # Errno::ECONNREFUSED message differs by platform # *nix = Errno::ECONNREFUSED: Connection refused # win32: Errno::ECONNREFUSED: No connection could be made because the target machine actively refused it. - expect(@stderr.string).to match(%r[ERROR: Network Error: .* - y u no shut up]) - expect(@stderr.string).to match(%r[Check your knife configuration and network settings]) + expect(stderr.string).to match(%r[ERROR: Network Error: .* - y u no shut up]) + expect(stderr.string).to match(%r[Check your knife configuration and network settings]) end + + it "formats SSL errors nicely and suggests to use `knife ssl check` and `knife ssl fetch`" do + error = OpenSSL::SSL::SSLError.new("SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed") + allow(knife).to receive(:run).and_raise(error) + + knife.run_with_pretty_exceptions + + expected_message=<<-MSG +ERROR: Could not establish a secure connection to the server. +Use `knife ssl check` to troubleshoot your SSL configuration. +If your Chef Server uses a self-signed certificate, you can use +`knife ssl fetch` to make knife trust the server's certificates. +MSG + expect(stderr.string).to include(expected_message) + end + end end |