Don't allow creation of data bags named node, role, client or environment.

Signed-off-by: Sandra Tiffin <sandi.tiffin@gmail.com>

2 files changed, 12 insertions, 0 deletions

diff --git a/lib/chef/data_bag.rb b/lib/chef/data_bag.rb
index 15531d7304..82eb03fbd7 100644
--- a/lib/chef/data_bag.rb
+++ b/lib/chef/data_bag.rb
@@ -33,6 +33,7 @@ class Chef
     include Chef::Mixin::ParamsValidate
 
     VALID_NAME = /^[\.\-[:alnum:]_]+$/
+    RESERVED_NAMES = /node|role|environment|client/
 
     attr_accessor :chef_server_rest
 
@@ -40,6 +41,9 @@ class Chef
       unless name =~ VALID_NAME
         raise Exceptions::InvalidDataBagName, "DataBags must have a name matching #{VALID_NAME.inspect}, you gave #{name.inspect}"
       end
+      if name =~ RESERVED_NAMES
+        raise Exceptions::InvalidDataBagName, "DataBags may not have a name matching #{RESERVED_NAMES.inspect}, you gave #{name.inspect}"
+      end
     end
 
     # Create a new Chef::DataBag
diff --git a/spec/unit/knife/data_bag_create_spec.rb b/spec/unit/knife/data_bag_create_spec.rb
index b7d185a58c..b295f0d715 100644
--- a/spec/unit/knife/data_bag_create_spec.rb
+++ b/spec/unit/knife/data_bag_create_spec.rb
@@ -72,6 +72,14 @@ describe Chef::Knife::DataBagCreate do
       expect { knife.run }.to exit_with_code(1)
     end
 
+    it "won't create a data bag with a reserved name for search" do
+      ['node', 'role', 'client', 'environment'].each do |name|
+        knife.name_args = [name]
+        expect(Chef::DataBag).to receive(:validate_name!).with(knife.name_args[0]).and_raise(Chef::Exceptions::InvalidDataBagName)
+        expect { knife.run }.to exit_with_code(1)
+      end
+    end
+
     context "when given one argument" do
       before do
         knife.name_args = [bag_name]