diff options
| author | Tyler Cloke <tylercloke@gmail.com> | 2015-04-30 17:51:07 -0700 |
|---|---|---|
| committer | Tyler Cloke <tylercloke@gmail.com> | 2015-04-30 17:51:07 -0700 |
| commit | b060c84ea46d12a44d26f20eee640b03e9af969e (patch) | |
| tree | 0c5b045d398f3cf593f38069e074222a27cdfcde | |
| parent | 2887bd9512be87eef15e4d669f45f310f12ab74f (diff) | |
| parent | 69647cefc41058e4d653e113b47107b9eb926430 (diff) | |
| download | chef-b060c84ea46d12a44d26f20eee640b03e9af969e.tar.gz | |
Merge pull request #3311 from chef/tc/key-edit
Implemented `knife user key edit` and `knife client key edit`
| -rw-r--r-- | RELEASE_NOTES.md | 8 | ||||
| -rw-r--r-- | lib/chef/key.rb | 30 | ||||
| -rw-r--r-- | lib/chef/knife/client_key_delete.rb | 2 | ||||
| -rw-r--r-- | lib/chef/knife/client_key_edit.rb | 80 | ||||
| -rw-r--r-- | lib/chef/knife/client_key_show.rb | 76 | ||||
| -rw-r--r-- | lib/chef/knife/key_edit.rb | 114 | ||||
| -rw-r--r-- | lib/chef/knife/key_edit_base.rb | 55 | ||||
| -rw-r--r-- | lib/chef/knife/key_show.rb | 53 | ||||
| -rw-r--r-- | lib/chef/knife/user_key_delete.rb | 2 | ||||
| -rw-r--r-- | lib/chef/knife/user_key_edit.rb | 80 | ||||
| -rw-r--r-- | lib/chef/knife/user_key_show.rb | 76 | ||||
| -rw-r--r-- | spec/support/key_helpers.rb | 31 | ||||
| -rw-r--r-- | spec/unit/key_spec.rb | 37 | ||||
| -rw-r--r-- | spec/unit/knife/key_delete_spec.rb | 23 | ||||
| -rw-r--r-- | spec/unit/knife/key_edit_spec.rb | 267 | ||||
| -rw-r--r-- | spec/unit/knife/key_show_spec.rb | 126 |
16 files changed, 1030 insertions, 30 deletions
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index b05498e36d..4520a37d44 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -1,2 +1,10 @@ # Chef Client Release Notes <unreleased>: +## Knife Key Management Commands for Users and Clients + +`knife user` and `knife client` now have a suite of subcommands that live under +the `key` subcommand. These subcommands allow you to list, show, create, delete +and edit keys for a given user or client. They can be used to implement +key rotation with multiple expiring keys for a single actor or just +for basic key management. See `knife user key` and `knife client key` +for a full list of subcommands and their usage. diff --git a/lib/chef/key.rb b/lib/chef/key.rb index 1ba0ab49c9..be4be7f230 100644 --- a/lib/chef/key.rb +++ b/lib/chef/key.rb @@ -99,6 +99,10 @@ class Chef @public_key = nil end + def delete_create_key + @create_key = nil + end + def create_key(arg=nil) raise Chef::Exceptions::InvalidKeyAttribute, "you cannot set create_key to true if the public_key field exists" if arg == true && !@public_key.nil? set_or_return(:create_key, arg, @@ -159,12 +163,22 @@ class Chef self.class.generate_fingerprint(@public_key) end - def update - if @name.nil? - raise Chef::Exceptions::MissingKeyAttribute, "the name field must be populated when update is called" + # set @name and pass put_name if you wish to update the name of an existing key put_name to @name + def update(put_name=nil) + if @name.nil? && put_name.nil? + raise Chef::Exceptions::MissingKeyAttribute, "the name field must be populated or you must pass a name to update when update is called" end - new_key = chef_rest.put_rest("#{api_base}/#{@actor}/keys/#{@name}", to_hash) + # If no name was passed, fall back to using @name in the PUT URL, otherwise + # use the put_name passed. This will update the a key by the name put_name + # to @name. + put_name = @name if put_name.nil? + + new_key = chef_rest.put_rest("#{api_base}/#{@actor}/keys/#{put_name}", to_hash) + # if the server returned a public_key, remove the create_key field, as we now have a key + if new_key["public_key"] + self.delete_create_key + end Chef::Key.from_hash(self.to_hash.merge(new_key)) end @@ -190,8 +204,10 @@ class Chef def self.from_hash(key_hash) if key_hash.has_key?("user") key = Chef::Key.new(key_hash["user"], "user") - else + elsif key_hash.has_key?("client") key = Chef::Key.new(key_hash["client"], "client") + else + raise Chef::Exceptions::MissingKeyAttribute, "The hash passed to from_hash does not contain the key 'user' or 'client'. Please pass a hash that defines one of those keys." end key.name key_hash['name'] if key_hash.key?('name') key.public_key key_hash['public_key'] if key_hash.key?('public_key') @@ -221,12 +237,12 @@ class Chef def self.load_by_user(actor, key_name) response = Chef::REST.new(Chef::Config[:chef_server_root]).get_rest("users/#{actor}/keys/#{key_name}") - Chef::Key.from_hash(response) + Chef::Key.from_hash(response.merge({"user" => actor})) end def self.load_by_client(actor, key_name) response = Chef::REST.new(Chef::Config[:chef_server_url]).get_rest("clients/#{actor}/keys/#{key_name}") - Chef::Key.from_hash(response) + Chef::Key.from_hash(response.merge({"client" => actor})) end def self.generate_fingerprint(public_key) diff --git a/lib/chef/knife/client_key_delete.rb b/lib/chef/knife/client_key_delete.rb index 91c088a1d1..8ecdfe1ec8 100644 --- a/lib/chef/knife/client_key_delete.rb +++ b/lib/chef/knife/client_key_delete.rb @@ -27,7 +27,7 @@ class Chef # # @attr_reader [String] actor the name of the client that this key is for class ClientKeyDelete < Knife - banner "knife client key delete CLIENT KEYNAME" + banner "knife client key delete CLIENT KEYNAME (options)" attr_reader :actor diff --git a/lib/chef/knife/client_key_edit.rb b/lib/chef/knife/client_key_edit.rb new file mode 100644 index 0000000000..1de45f4ca2 --- /dev/null +++ b/lib/chef/knife/client_key_edit.rb @@ -0,0 +1,80 @@ +# +# Author:: Tyler Cloke (tyler@chef.io) +# Copyright:: Copyright (c) 2015 Chef Software, Inc +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'chef/knife' +require 'chef/knife/key_edit_base' + +class Chef + class Knife + # Implements knife client key edit using Chef::Knife::KeyEdit + # as a service class. + # + # @author Tyler Cloke + # + # @attr_reader [String] actor the name of the client that this key is for + class ClientKeyEdit < Knife + include Chef::Knife::KeyEditBase + + banner 'knife client key edit CLIENT KEYNAME (options)' + + attr_reader :actor + + def initialize(argv=[]) + super(argv) + @service_object = nil + end + + def run + apply_params!(@name_args) + service_object.run + end + + def actor_field_name + 'client' + end + + def service_object + @service_object ||= Chef::Knife::KeyEdit.new(@name, @actor, actor_field_name, ui, config) + end + + def actor_missing_error + 'You must specify a client name' + end + + def keyname_missing_error + 'You must specify a key name' + end + + def apply_params!(params) + @actor = params[0] + if @actor.nil? + show_usage + ui.fatal(actor_missing_error) + exit 1 + end + @name = params[1] + if @name.nil? + show_usage + ui.fatal(keyname_missing_error) + exit 1 + end + end + end + end +end + diff --git a/lib/chef/knife/client_key_show.rb b/lib/chef/knife/client_key_show.rb new file mode 100644 index 0000000000..c39a279000 --- /dev/null +++ b/lib/chef/knife/client_key_show.rb @@ -0,0 +1,76 @@ +# +# Author:: Tyler Cloke (tyler@chef.io) +# Copyright:: Copyright (c) 2015 Chef Software, Inc +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'chef/knife' + +class Chef + class Knife + # Implements knife client key show using Chef::Knife::KeyShow + # as a service class. + # + # @author Tyler Cloke + # + # @attr_reader [String] actor the name of the client that this key is for + class ClientKeyShow < Knife + banner "knife client key show CLIENT KEYNAME (options)" + + attr_reader :actor + + def initialize(argv=[]) + super(argv) + @service_object = nil + end + + def run + apply_params!(@name_args) + service_object.run + end + + def load_method + :load_by_client + end + + def actor_missing_error + 'You must specify a client name' + end + + def keyname_missing_error + 'You must specify a key name' + end + + def service_object + @service_object ||= Chef::Knife::KeyShow.new(@name, @actor, load_method, ui) + end + + def apply_params!(params) + @actor = params[0] + if @actor.nil? + show_usage + ui.fatal(actor_missing_error) + exit 1 + end + @name = params[1] + if @name.nil? + show_usage + ui.fatal(keyname_missing_error) + exit 1 + end + end + end + end +end diff --git a/lib/chef/knife/key_edit.rb b/lib/chef/knife/key_edit.rb new file mode 100644 index 0000000000..48ae344e6e --- /dev/null +++ b/lib/chef/knife/key_edit.rb @@ -0,0 +1,114 @@ +# +# Author:: Tyler Cloke (<tyler@chef.io>) +# Copyright:: Copyright (c) 2015 Chef Software, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'chef/key' +require 'chef/json_compat' +require 'chef/exceptions' + +class Chef + class Knife + # Service class for UserKeyEdit and ClientKeyEdit, + # Implements common functionality of knife [user | org client] key edit. + # + # @author Tyler Cloke + # + # @attr_accessor [Hash] cli input, see UserKeyEdit and ClientKeyEdit for what could populate it + class KeyEdit + + attr_accessor :config + + def initialize(original_name, actor, actor_field_name, ui, config) + @original_name = original_name + @actor = actor + @actor_field_name = actor_field_name + @ui = ui + @config = config + end + + def public_key_and_create_key_error_msg +<<EOS +You passed both --public-key and --create-key. Only pass one, or the other, or neither. +Do not pass either if you do not want to change the public_key field of your key. +Pass --public-key if you want to update the public_key field of your key from a specific public key. +Pass --create-key if you want the server to generate a new key and use that to update the public_key field of your key. +EOS + end + + def edit_data(key) + @ui.edit_data(key) + end + + def display_info(input) + @ui.info(input) + end + + def display_private_key(private_key) + @ui.msg(private_key) + end + + def output_private_key_to_file(private_key) + File.open(@config[:file], "w") do |f| + f.print(private_key) + end + end + + def update_key_from_hash(output) + Chef::Key.from_hash(output).update(@original_name) + end + + def run + key = Chef::Key.new(@actor, @actor_field_name) + if @config[:public_key] && @config[:create_key] + raise Chef::Exceptions::KeyCommandInputError, public_key_and_create_key_error_msg + end + + if @config[:create_key] + key.create_key(true) + end + + if @config[:public_key] + key.public_key(File.read(File.expand_path(@config[:public_key]))) + end + + if @config[:key_name] + key.name(@config[:key_name]) + else + key.name(@original_name) + end + + if @config[:expiration_date] + key.expiration_date(@config[:expiration_date]) + end + + output = edit_data(key) + key = update_key_from_hash(output) + + to_display = "Updated key: #{key.name}" + to_display << " (formally #{@original_name})" if key.name != @original_name + display_info(to_display) + if key.private_key + if @config[:file] + output_private_key_to_file(key.private_key) + else + display_private_key(key.private_key) + end + end + end + end + end +end diff --git a/lib/chef/knife/key_edit_base.rb b/lib/chef/knife/key_edit_base.rb new file mode 100644 index 0000000000..bb5a951a5b --- /dev/null +++ b/lib/chef/knife/key_edit_base.rb @@ -0,0 +1,55 @@ +# +# Author:: Tyler Cloke (<tyler@chef.io>) +# Copyright:: Copyright (c) 2015 Chef Software, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +class Chef + class Knife + # Extendable module that class_eval's common options into UserKeyEdit and ClientKeyEdit + # + # @author Tyler Cloke + module KeyEditBase + def self.included(includer) + includer.class_eval do + option :public_key, + :short => "-p FILENAME", + :long => "--public-key FILENAME", + :description => "Replace the public_key field from a file on disk. If not passed, the public_key field will not change." + + option :create_key, + :short => "-c", + :long => "--create-key", + :description => "Replace the public_key field with a key generated by the server. The private key will be returned." + + option :file, + :short => "-f FILE", + :long => "--file FILE", + :description => "Write the private key to a file, if you requested the server to create one via --create-key." + + option :key_name, + :short => "-k NAME", + :long => "--key-name NAME", + :description => "The new name for your key. Pass if you wish to update the name field of your key." + + option :expiration_date, + :short => "-e DATE", + :long => "--expiration-date DATE", + :description => "Updates the expiration_date field of your key if passed. Pass in ISO 8601 fomatted string: YYYY-MM-DDTHH:MM:SSZ e.g. 2013-12-24T21:00:00Z or infinity. UTC timezone assumed." + end + end + end + end +end diff --git a/lib/chef/knife/key_show.rb b/lib/chef/knife/key_show.rb new file mode 100644 index 0000000000..522f7a1a77 --- /dev/null +++ b/lib/chef/knife/key_show.rb @@ -0,0 +1,53 @@ +# +# Author:: Tyler Cloke (<tyler@chef.io>) +# Copyright:: Copyright (c) 2015 Chef Software, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'chef/key' +require 'chef/json_compat' +require 'chef/exceptions' + +class Chef + class Knife + # Service class for UserKeyShow and ClientKeyShow, used to show keys. + # Implements common functionality of knife [user | org client] key show. + # + # @author Tyler Cloke + # + # @attr_accessor [Hash] cli input, see UserKeyShow and ClientKeyShow for what could populate it + class KeyShow + + attr_accessor :config + + def initialize(name, actor, load_method, ui) + @name = name + @actor = actor + @load_method = load_method + @ui = ui + end + + def display_output(key) + @ui.output(@ui.format_for_display(key)) + end + + def run + key = Chef::Key.send(@load_method, @actor, @name) + key.public_key(key.public_key.strip) + display_output(key) + end + end + end +end diff --git a/lib/chef/knife/user_key_delete.rb b/lib/chef/knife/user_key_delete.rb index 0bde52509f..6db1c9f552 100644 --- a/lib/chef/knife/user_key_delete.rb +++ b/lib/chef/knife/user_key_delete.rb @@ -27,7 +27,7 @@ class Chef # # @attr_reader [String] actor the name of the client that this key is for class UserKeyDelete < Knife - banner "knife user key delete USER KEYNAME" + banner "knife user key delete USER KEYNAME (options)" attr_reader :actor diff --git a/lib/chef/knife/user_key_edit.rb b/lib/chef/knife/user_key_edit.rb new file mode 100644 index 0000000000..0c35332523 --- /dev/null +++ b/lib/chef/knife/user_key_edit.rb @@ -0,0 +1,80 @@ +# +# Author:: Tyler Cloke (tyler@chef.io) +# Copyright:: Copyright (c) 2015 Chef Software, Inc +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'chef/knife' +require 'chef/knife/key_edit_base' + +class Chef + class Knife + # Implements knife user key edit using Chef::Knife::KeyEdit + # as a service class. + # + # @author Tyler Cloke + # + # @attr_reader [String] actor the name of the user that this key is for + class UserKeyEdit < Knife + include Chef::Knife::KeyEditBase + + banner 'knife user key edit USER KEYNAME (options)' + + attr_reader :actor + + def initialize(argv=[]) + super(argv) + @service_object = nil + end + + def run + apply_params!(@name_args) + service_object.run + end + + def actor_field_name + 'user' + end + + def service_object + @service_object ||= Chef::Knife::KeyEdit.new(@name, @actor, actor_field_name, ui, config) + end + + def actor_missing_error + 'You must specify a user name' + end + + def keyname_missing_error + 'You must specify a key name' + end + + def apply_params!(params) + @actor = params[0] + if @actor.nil? + show_usage + ui.fatal(actor_missing_error) + exit 1 + end + @name = params[1] + if @name.nil? + show_usage + ui.fatal(keyname_missing_error) + exit 1 + end + end + end + end +end + diff --git a/lib/chef/knife/user_key_show.rb b/lib/chef/knife/user_key_show.rb new file mode 100644 index 0000000000..b8453dd28e --- /dev/null +++ b/lib/chef/knife/user_key_show.rb @@ -0,0 +1,76 @@ +# +# Author:: Tyler Cloke (tyler@chef.io) +# Copyright:: Copyright (c) 2015 Chef Software, Inc +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'chef/knife' + +class Chef + class Knife + # Implements knife user key show using Chef::Knife::KeyShow + # as a service class. + # + # @author Tyler Cloke + # + # @attr_reader [String] actor the name of the client that this key is for + class UserKeyShow < Knife + banner "knife user key show USER KEYNAME (options)" + + attr_reader :actor + + def initialize(argv=[]) + super(argv) + @service_object = nil + end + + def run + apply_params!(@name_args) + service_object.run + end + + def load_method + :load_by_user + end + + def actor_missing_error + 'You must specify a user name' + end + + def keyname_missing_error + 'You must specify a key name' + end + + def service_object + @service_object ||= Chef::Knife::KeyShow.new(@name, @actor, load_method, ui) + end + + def apply_params!(params) + @actor = params[0] + if @actor.nil? + show_usage + ui.fatal(actor_missing_error) + exit 1 + end + @name = params[1] + if @name.nil? + show_usage + ui.fatal(keyname_missing_error) + exit 1 + end + end + end + end +end diff --git a/spec/support/key_helpers.rb b/spec/support/key_helpers.rb index 4cb2b305a5..076f709380 100644 --- a/spec/support/key_helpers.rb +++ b/spec/support/key_helpers.rb @@ -71,3 +71,34 @@ shared_examples_for "a knife key command" do end end end # a knife key command + +shared_examples_for "a knife key command with a keyname as the second arg" do + let(:stderr) { StringIO.new } + let(:command) do + c = described_class.new([]) + c.ui.config[:disable_editing] = true + allow(c.ui).to receive(:stderr).and_return(stderr) + allow(c.ui).to receive(:stdout).and_return(stderr) + allow(c).to receive(:show_usage) + c + end + + context "before apply_params! is called" do + context "when apply_params! is called with invalid args (missing keyname)" do + let(:params) { ["charmander"] } + it "shows the usage" do + expect(command).to receive(:show_usage) + expect { command.apply_params!(params) }.to exit_with_code(1) + end + + it "outputs the proper error" do + expect { command.apply_params!(params) }.to exit_with_code(1) + expect(stderr.string).to include(command.keyname_missing_error) + end + + it "exits 1" do + expect { command.apply_params!(params) }.to exit_with_code(1) + end + end + end # before apply_params! is called +end diff --git a/spec/unit/key_spec.rb b/spec/unit/key_spec.rb index 8ef7d24f21..94ebbf6ae8 100644 --- a/spec/unit/key_spec.rb +++ b/spec/unit/key_spec.rb @@ -499,7 +499,7 @@ EOS describe "update" do shared_examples_for "update key" do - context "when name is missing" do + context "when name is missing and no argument was passed to update" do it "should raise an MissingKeyAttribute" do expect { key.update }.to raise_error(Chef::Exceptions::MissingKeyAttribute) end @@ -516,11 +516,45 @@ EOS key.update end end + + context "when @name is not nil and a arg is passed to update" do + before do + key.name "new_name" + end + + it "passes @name in the body and the arg in the PUT URL" do + expect(rest).to receive(:put_rest).with(update_name_url, key.to_hash).and_return({}) + key.update("old_name") + end + end + + context "when the server returns a public_key and create_key is true" do + before do + key.name "key_name" + key.create_key true + allow(rest).to receive(:put_rest).with(url, key.to_hash).and_return({ + "key" => "key_name", + "public_key" => public_key_string + }) + + end + + it "returns a key with public_key populated" do + new_key = key.update + expect(new_key.public_key).to eq(public_key_string) + end + + it "returns a key without create_key set" do + new_key = key.update + expect(new_key.create_key).to be_nil + end + end end context "when updating a user key" do it_should_behave_like "update key" do let(:url) { "users/#{key.actor}/keys/#{key.name}" } + let(:update_name_url) { "users/#{key.actor}/keys/old_name" } let(:key) { user_key } end end @@ -528,6 +562,7 @@ EOS context "when updating a client key" do it_should_behave_like "update key" do let(:url) { "clients/#{client_key.actor}/keys/#{key.name}" } + let(:update_name_url) { "clients/#{client_key.actor}/keys/old_name" } let(:key) { client_key } end end diff --git a/spec/unit/knife/key_delete_spec.rb b/spec/unit/knife/key_delete_spec.rb index 788d125b02..1d4b9f825f 100644 --- a/spec/unit/knife/key_delete_spec.rb +++ b/spec/unit/knife/key_delete_spec.rb @@ -36,25 +36,6 @@ describe "key delete commands that inherit knife" do c end - context "before apply_params! is called" do - context "when apply_params! is called with invalid args (missing keyname)" do - let(:params) { ["charmander"] } - it "shows the usage" do - expect(command).to receive(:show_usage) - expect { command.apply_params!(params) }.to exit_with_code(1) - end - - it "outputs the proper error" do - expect { command.apply_params!(params) }.to exit_with_code(1) - expect(stderr.string).to include(command.keyname_missing_error) - end - - it "exits 1" do - expect { command.apply_params!(params) }.to exit_with_code(1) - end - end - end # before apply_params! is called - context "after apply_params! is called with valid args" do let(:params) { ["charmander", "charmander-key"] } before do @@ -75,6 +56,7 @@ describe "key delete commands that inherit knife" do describe Chef::Knife::UserKeyDelete do it_should_behave_like "a key delete command" # defined in key_helpers.rb + it_should_behave_like "a knife key command with a keyname as the second arg" it_should_behave_like "a knife key command" do let(:service_object) { instance_double(Chef::Knife::KeyDelete) } let(:params) { ["charmander", "charmander-key"] } @@ -84,6 +66,7 @@ describe "key delete commands that inherit knife" do describe Chef::Knife::ClientKeyDelete do it_should_behave_like "a key delete command" # defined in key_helpers.rb + it_should_behave_like "a knife key command with a keyname as the second arg" it_should_behave_like "a knife key command" do let(:service_object) { instance_double(Chef::Knife::KeyDelete) } let(:params) { ["charmander", "charmander-key"] } @@ -98,7 +81,7 @@ describe Chef::Knife::KeyDelete do shared_examples_for "key delete run command" do let(:key_delete_object) { - described_class.new(keyname, actor, actor_field_name, ui,) + described_class.new(keyname, actor, actor_field_name, ui) } before do diff --git a/spec/unit/knife/key_edit_spec.rb b/spec/unit/knife/key_edit_spec.rb new file mode 100644 index 0000000000..538b91de2d --- /dev/null +++ b/spec/unit/knife/key_edit_spec.rb @@ -0,0 +1,267 @@ +# +# Author:: Tyler Cloke (<tyler@chef.io>) +# Copyright:: Copyright (c) 2015 Chef Software, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'spec_helper' +require 'chef/knife/user_key_edit' +require 'chef/knife/client_key_edit' +require 'chef/knife/key_edit' +require 'chef/key' + +describe "key edit commands that inherit knife" do + shared_examples_for "a key edit command" do + let(:stderr) { StringIO.new } + let(:params) { [] } + let(:service_object) { instance_double(Chef::Knife::KeyEdit) } + let(:command) do + c = described_class.new([]) + c.ui.config[:disable_editing] = true + allow(c.ui).to receive(:stderr).and_return(stderr) + allow(c.ui).to receive(:stdout).and_return(stderr) + allow(c).to receive(:show_usage) + c + end + + context "after apply_params! is called with valid args" do + let(:params) { ["charmander", "charmander-key"] } + before do + command.apply_params!(params) + end + + context "when the service object is called" do + it "creates a new instance of Chef::Knife::KeyEdit with the correct args" do + expect(Chef::Knife::KeyEdit).to receive(:new). + with("charmander-key", "charmander", command.actor_field_name, command.ui, command.config). + and_return(service_object) + command.service_object + end + end # when the service object is called + end # after apply_params! is called with valid args + end # a key edit command + + describe Chef::Knife::UserKeyEdit do + it_should_behave_like "a key edit command" + # defined in key_helpers.rb + it_should_behave_like "a knife key command with a keyname as the second arg" + it_should_behave_like "a knife key command" do + let(:service_object) { instance_double(Chef::Knife::KeyEdit) } + let(:params) { ["charmander", "charmander-key"] } + end + end + + describe Chef::Knife::ClientKeyEdit do + it_should_behave_like "a key edit command" + # defined in key_helpers.rb + it_should_behave_like "a knife key command with a keyname as the second arg" + it_should_behave_like "a knife key command" do + let(:service_object) { instance_double(Chef::Knife::KeyEdit) } + let(:params) { ["charmander", "charmander-key"] } + end + end +end + +describe Chef::Knife::KeyEdit do + let(:public_key) { + "-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvPo+oNPB7uuNkws0fC02 +KxSwdyqPLu0fhI1pOweNKAZeEIiEz2PkybathHWy8snSXGNxsITkf3eyvIIKa8OZ +WrlqpI3yv/5DOP8HTMCxnFuMJQtDwMcevlqebX4bCxcByuBpNYDcAHjjfLGSfMjn +E5lZpgYWwnpic4kSjYcL9ORK9nYvlWV9P/kCYmRhIjB4AhtpWRiOfY/TKi3P2LxT +IjSmiN/ihHtlhV/VSnBJ5PzT/lRknlrJ4kACoz7Pq9jv+aAx5ft/xE9yDa2DYs0q +Tfuc9dUYsFjptWYrV6pfEQ+bgo1OGBXORBFcFL+2D7u9JYquKrMgosznHoEkQNLo +0wIDAQAB +-----END PUBLIC KEY-----" + } + let(:config) { Hash.new } + let(:actor) { "charmander" } + let(:keyname) { "charmander-key" } + let(:ui) { instance_double("Chef::Knife::UI") } + + shared_examples_for "key edit run command" do + let(:key_edit_object) { + described_class.new(keyname, actor, actor_field_name, ui, config) + } + + context "when the command is run" do + let(:expected_hash) { + { + actor_field_name => "charmander" + } + } + let(:new_keyname) { "charizard-key" } + + before do + allow(File).to receive(:read).and_return(public_key) + allow(File).to receive(:expand_path) + + allow(key_edit_object).to receive(:output_private_key_to_file) + allow(key_edit_object).to receive(:display_private_key) + allow(key_edit_object).to receive(:edit_data).and_return(expected_hash) + allow(key_edit_object).to receive(:display_info) + end + + + context "when public_key and create_key are passed" do + before do + key_edit_object.config[:public_key] = "public_key_path" + key_edit_object.config[:create_key] = true + end + + it "raises a Chef::Exceptions::KeyCommandInputError with the proper error message" do + expect{ key_edit_object.run }.to raise_error(Chef::Exceptions::KeyCommandInputError, key_edit_object.public_key_and_create_key_error_msg) + end + end + + context "when key_name is passed" do + let(:expected_hash) { + { + actor_field_name => "charmander", + "name" => new_keyname + } + } + before do + key_edit_object.config[:key_name] = new_keyname + allow_any_instance_of(Chef::Key).to receive(:update) + end + + it "update_key_from_hash gets passed a hash with new key name" do + expect(key_edit_object).to receive(:update_key_from_hash).with(expected_hash).and_return(Chef::Key.from_hash(expected_hash)) + key_edit_object.run + end + + it "Chef::Key.update is passed a string containing the original keyname" do + expect_any_instance_of(Chef::Key).to receive(:update).with(/#{keyname}/).and_return(Chef::Key.from_hash(expected_hash)) + key_edit_object.run + end + + it "Chef::Key.update is not passed a string containing the new keyname" do + expect_any_instance_of(Chef::Key).not_to receive(:update).with(/#{new_keyname}/) + allow_any_instance_of(Chef::Key).to receive(:update).and_return(Chef::Key.from_hash(expected_hash)) + key_edit_object.run + end + end + + context "when public_key, key_name, and expiration_date are passed" do + let(:expected_hash) { + { + actor_field_name => "charmander", + "public_key" => public_key, + "name" => new_keyname, + "expiration_date" => "infinity" + } + } + before do + key_edit_object.config[:public_key] = "this-public-key" + key_edit_object.config[:key_name] = new_keyname + key_edit_object.config[:expiration_date] = "infinity" + allow(key_edit_object).to receive(:update_key_from_hash).and_return(Chef::Key.from_hash(expected_hash)) + end + + it "passes the right hash to update_key_from_hash" do + expect(key_edit_object).to receive(:update_key_from_hash).with(expected_hash) + key_edit_object.run + end + end + + context "when create_key is passed" do + let(:expected_hash) { + { + actor_field_name => "charmander", + "create_key" => true + } + } + + before do + key_edit_object.config[:create_key] = true + allow(key_edit_object).to receive(:update_key_from_hash).and_return(Chef::Key.from_hash(expected_hash)) + end + + it "passes the right hash to update_key_from_hash" do + expect(key_edit_object).to receive(:update_key_from_hash).with(expected_hash) + key_edit_object.run + end + end + + context "when public_key is passed" do + let(:expected_hash) { + { + actor_field_name => "charmander", + "public_key" => public_key + } + } + before do + allow(key_edit_object).to receive(:update_key_from_hash).and_return(Chef::Key.from_hash(expected_hash)) + key_edit_object.config[:public_key] = "public_key_path" + end + + it "calls File.expand_path with the public_key input" do + expect(File).to receive(:expand_path).with("public_key_path") + key_edit_object.run + end + end # when public_key is passed + + context "when the server returns a private key" do + let(:expected_hash) { + { + actor_field_name => "charmander", + "public_key" => public_key, + "private_key" => "super_private" + } + } + + before do + allow(key_edit_object).to receive(:update_key_from_hash).and_return(Chef::Key.from_hash(expected_hash)) + key_edit_object.config[:public_key] = "public_key_path" + end + + context "when file is not passed" do + it "calls display_private_key with the private_key" do + expect(key_edit_object).to receive(:display_private_key).with("super_private") + key_edit_object.run + end + end + + context "when file is passed" do + before do + key_edit_object.config[:file] = "/fake/file" + end + + it "calls output_private_key_to_file with the private_key" do + expect(key_edit_object).to receive(:output_private_key_to_file).with("super_private") + key_edit_object.run + end + end + end # when the server returns a private key + + end # when the command is run + + + + end # key edit run command + + context "when actor_field_name is 'user'" do + it_should_behave_like "key edit run command" do + let(:actor_field_name) { "user" } + end + end + + context "when actor_field_name is 'client'" do + it_should_behave_like "key edit run command" do + let(:actor_field_name) { "client" } + end + end +end diff --git a/spec/unit/knife/key_show_spec.rb b/spec/unit/knife/key_show_spec.rb new file mode 100644 index 0000000000..5a0d839e4f --- /dev/null +++ b/spec/unit/knife/key_show_spec.rb @@ -0,0 +1,126 @@ +# +# Author:: Tyler Cloke (<tyler@chef.io>) +# Copyright:: Copyright (c) 2015 Chef Software, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'spec_helper' +require 'chef/knife/user_key_show' +require 'chef/knife/client_key_show' +require 'chef/knife/key_show' +require 'chef/key' + +describe "key show commands that inherit knife" do + shared_examples_for "a key show command" do + let(:stderr) { StringIO.new } + let(:params) { [] } + let(:service_object) { instance_double(Chef::Knife::KeyShow) } + let(:command) do + c = described_class.new([]) + c.ui.config[:disable_editing] = true + allow(c.ui).to receive(:stderr).and_return(stderr) + allow(c.ui).to receive(:stdout).and_return(stderr) + allow(c).to receive(:show_usage) + c + end + + context "after apply_params! is called with valid args" do + let(:params) { ["charmander", "charmander-key"] } + before do + command.apply_params!(params) + end + + context "when the service object is called" do + it "creates a new instance of Chef::Knife::KeyShow with the correct args" do + expect(Chef::Knife::KeyShow).to receive(:new). + with("charmander-key", "charmander", command.load_method, command.ui). + and_return(service_object) + command.service_object + end + end # when the service object is called + end # after apply_params! is called with valid args + end # a key show command + + describe Chef::Knife::UserKeyShow do + it_should_behave_like "a key show command" + # defined in key_helpers.rb + it_should_behave_like "a knife key command with a keyname as the second arg" + it_should_behave_like "a knife key command" do + let(:service_object) { instance_double(Chef::Knife::KeyShow) } + let(:params) { ["charmander", "charmander-key"] } + end + end + + describe Chef::Knife::ClientKeyShow do + it_should_behave_like "a key show command" + # defined in key_helpers.rb + it_should_behave_like "a knife key command with a keyname as the second arg" + it_should_behave_like "a knife key command" do + let(:service_object) { instance_double(Chef::Knife::KeyShow) } + let(:params) { ["charmander", "charmander-key"] } + end + end +end + +describe Chef::Knife::KeyShow do + let(:actor) { "charmander" } + let(:keyname) { "charmander" } + let(:ui) { instance_double("Chef::Knife::UI") } + let(:expected_hash) { + { + actor_field_name => "charmander", + "name" => "charmander-key", + "public_key" => "some-public-key", + "expiration_date" => "infinity" + } + } + + shared_examples_for "key show run command" do + let(:key_show_object) { + described_class.new(keyname, actor, load_method, ui) + } + + before do + allow(key_show_object).to receive(:display_output) + allow(Chef::Key).to receive(load_method).and_return(Chef::Key.from_hash(expected_hash)) + end + + context "when the command is run" do + it "loads the key using the proper method and args" do + expect(Chef::Key).to receive(load_method).with(actor, keyname) + key_show_object.run + end + + it "displays the key" do + expect(key_show_object).to receive(:display_output) + key_show_object.run + end + end + end + + context "when load_method is :load_by_user" do + it_should_behave_like "key show run command" do + let(:load_method) { :load_by_user } + let(:actor_field_name) { 'user' } + end + end + + context "when load_method is :load_by_client" do + it_should_behave_like "key show run command" do + let(:load_method) { :load_by_client } + let(:actor_field_name) { 'user' } + end + end +end |