Refactoring the common tests out into their own spec. Removing double coverage from the create tests

3 files changed, 145 insertions, 132 deletions

diff --git a/lib/chef/knife/data_bag_common.rb b/lib/chef/knife/data_bag_common.rb
index 916989cbb4..4d4f270139 100644
--- a/lib/chef/knife/data_bag_common.rb
+++ b/lib/chef/knife/data_bag_common.rb
@@ -97,7 +97,7 @@ class Chef
         knife_config[:secret_file] || Chef::Config[:secret_file]
       end
 
-      # TODO duplicated from data_query.rb
+      # TODO duplicated from data_query.rb, also needs test coverage when it is extracted
       # Tries to autodetect if the item's raw hash appears to be encrypted.
       def encrypted?(raw_data)
         data = raw_data.reject { |k, _| k == "id" } # Remove the "id" key.
diff --git a/spec/unit/knife/data_bag_common_spec.rb b/spec/unit/knife/data_bag_common_spec.rb
new file mode 100644
index 0000000000..67c63a8239
--- /dev/null
+++ b/spec/unit/knife/data_bag_common_spec.rb
@@ -0,0 +1,139 @@
+#
+# Author:: Tyler Ball (<tball@opscode.com>)
+# Copyright:: Copyright (c) 2009-2014 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'spec_helper'
+require 'chef/knife'
+require 'chef/config'
+require 'tempfile'
+
+class ExampleDataBag < Chef::Knife
+  include Chef::Knife::DataBagSecretOptions
+
+  #banner "you must provide a banner"
+  #category "data bag"
+end
+
+describe Chef::Knife::DataBagSecretOptions do
+  let(:example_db) do
+    k = ExampleDataBag.new
+    allow(k.ui).to receive(:stdout).and_return(stdout)
+    k
+  end
+
+  let(:stdout) { StringIO.new }
+
+  let(:secret) { "abc123SECRET" }
+  let(:secret_file) do
+    sfile = Tempfile.new("encrypted_data_bag_secret")
+    sfile.puts(secret)
+    sfile.flush
+  end
+
+  after do
+    Chef::Config.reset
+  end
+
+  describe "#validate_secrets" do
+
+    it "throws an error when provided with both --secret and --secret-file on the CL" do
+      expect(example_db).to receive(:config).exactly(2).times.and_return({ :secret_file => secret_file.path, :secret => secret })
+      expect(example_db).to receive(:exit).with(1)
+      expect(example_db.ui).to receive(:fatal).with("Please specify only one of --secret, --secret-file")
+
+      example_db.validate_secrets
+    end
+
+    it "throws an error when provided with `secret` and `secret_file` in knife.rb" do
+      Chef::Config[:knife][:secret_file] = secret_file.path
+      Chef::Config[:knife][:secret] = secret
+      expect(example_db).to receive(:exit).with(1)
+      expect(example_db.ui).to receive(:fatal).with("Please specify only one of 'secret' or 'secret_file' in your config")
+
+      example_db.validate_secrets
+    end
+
+  end
+
+  describe "#read_secret" do
+
+    it "returns the secret first" do
+      expect(example_db).to receive(:config).exactly(2).times.and_return({ :secret_file => secret_file.path, :secret => secret })
+      expect(example_db.read_secret).to eq(secret)
+    end
+
+    it "returns the secret_file only if secret does not exist" do
+      expect(example_db).to receive(:config).exactly(3).times.and_return({ :secret_file => secret_file.path })
+      expect(Chef::EncryptedDataBagItem).to receive(:load_secret).with(secret_file.path).and_return("secret file contents")
+      expect(example_db.read_secret).to eq("secret file contents")
+    end
+
+    it "returns the secret from the knife.rb config" do
+      expect(example_db).to receive(:config).exactly(2).times.and_return({})
+      Chef::Config[:knife][:secret_file] = secret_file.path
+      Chef::Config[:knife][:secret] = secret
+      expect(example_db.read_secret).to eq(secret)
+    end
+
+    it "returns the secret_file from the knife.rb config only if the secret does not exist" do
+      expect(example_db).to receive(:config).exactly(2).times.and_return({})
+      Chef::Config[:knife][:secret_file] = secret_file.path
+      expect(Chef::EncryptedDataBagItem).to receive(:load_secret).with(secret_file.path).and_return("secret file contents")
+      expect(example_db.read_secret).to eq("secret file contents")
+    end
+
+  end
+
+  describe "#encryption_secret_provided?" do
+
+    it "returns true if the secret is passed on the CL" do
+      expect(example_db).to receive(:config).exactly(3).times.and_return({ :secret => secret })
+      expect(example_db.encryption_secret_provided?).to eq(true)
+    end
+
+    it "returns true if the secret_file is passed on the CL" do
+      expect(example_db).to receive(:config).exactly(3).times.and_return({ :secret_file => secret_file.path })
+      expect(example_db.encryption_secret_provided?).to eq(true)
+    end
+
+    it "returns true if --encrypt is passed on the CL and :secret is in knife.rb" do
+      expect(example_db).to receive(:config).exactly(4).times.and_return({ :encrypt => true })
+      Chef::Config[:knife][:secret] = secret
+      expect(example_db.encryption_secret_provided?).to eq(true)
+    end
+
+    it "returns true if --encrypt is passed on the CL and :secret_file is in knife.rb" do
+      expect(example_db).to receive(:config).exactly(4).times.and_return({ :encrypt => true })
+      Chef::Config[:knife][:secret_file] = secret_file.path
+      expect(example_db.encryption_secret_provided?).to eq(true)
+    end
+
+    it "throws an error if --encrypt is passed and there is not :secret or :secret_file in the knife.rb" do
+      expect(example_db).to receive(:config).exactly(4).times.and_return({ :encrypt => true })
+      expect(example_db).to receive(:exit).with(1)
+      expect(example_db.ui).to receive(:fatal).with("No secret or secret_file specified in config, unable to encrypt item.")
+      example_db.encryption_secret_provided?
+    end
+
+    it "returns false if no secret is passed" do
+      expect(example_db).to receive(:config).exactly(4).times.and_return({})
+      expect(example_db.encryption_secret_provided?).to eq(false)
+    end
+
+  end
+
+end
diff --git a/spec/unit/knife/data_bag_create_spec.rb b/spec/unit/knife/data_bag_create_spec.rb
index 62a2dd8644..d99575fa82 100644
--- a/spec/unit/knife/data_bag_create_spec.rb
+++ b/spec/unit/knife/data_bag_create_spec.rb
@@ -48,11 +48,6 @@ describe Chef::Knife::DataBagCreate do
   let(:item_name) { "ME" }
 
   let(:secret) { "abc123SECRET" }
-  let(:secret_file) do
-    sfile = Tempfile.new("encrypted_data_bag_secret")
-    sfile.puts(secret)
-    sfile.flush
-  end
 
   let(:raw_hash)  {{ "login_name" => "alphaomega", "id" => item_name }}
 
@@ -83,7 +78,7 @@ describe Chef::Knife::DataBagCreate do
     end
   end
 
-  shared_examples_for "a data bag item" do
+  context "no secret is specified for encryption" do
     let(:item) do
       item = Chef::DataBagItem.from_hash(raw_hash)
       item.data_bag(bag_name)
@@ -96,6 +91,7 @@ describe Chef::Knife::DataBagCreate do
 
     it "creates a data bag item" do
       expect(knife).to receive(:create_object).and_yield(raw_hash)
+      expect(knife).to receive(:encryption_secret_provided?).and_return(false)
       expect(rest).to receive(:post_rest).with("data", {'name' => bag_name}).ordered
       expect(rest).to receive(:post_rest).with("data/#{bag_name}", item).ordered
 
@@ -103,7 +99,7 @@ describe Chef::Knife::DataBagCreate do
     end
   end
 
-  shared_examples_for "an encrypted data bag item" do
+  context "a secret is specified for encryption" do
     let(:encoded_data) { Chef::EncryptedDataBagItem.encrypt_data_bag_item(raw_hash, secret) }
 
     let(:item) do
@@ -114,6 +110,8 @@ describe Chef::Knife::DataBagCreate do
 
     it "creates an encrypted data bag item" do
       expect(knife).to receive(:create_object).and_yield(raw_hash)
+      expect(knife).to receive(:encryption_secret_provided?).and_return(true)
+      expect(knife).to receive(:read_secret).and_return(secret)
       expect(Chef::EncryptedDataBagItem)
         .to receive(:encrypt_data_bag_item)
         .with(raw_hash, secret)
@@ -125,128 +123,4 @@ describe Chef::Knife::DataBagCreate do
     end
   end
 
-  context "when given two arguments" do
-    include_examples "a data bag item"
-  end
-
-  context "when provided --secret and --secret-file" do
-
-    let(:config) {{ :secret_file => secret_file.path, :secret => secret }}
-
-    it "throws an error" do
-      expect(knife).to receive(:create_object).and_yield(raw_hash)
-      expect(knife).to receive(:exit).with(1)
-      expect(knife.ui).to receive(:fatal).with("Please specify only one of --secret, --secret-file")
-
-      knife.run
-    end
-
-  end
-
-  context "when provided with `secret` and `secret_file` in knife.rb" do
-    before do
-      Chef::Config[:knife][:secret] = secret
-      Chef::Config[:knife][:secret_file] = secret_file.path
-    end
-
-    it "throws an error" do
-      expect(knife).to receive(:create_object).and_yield(raw_hash)
-      expect(knife).to receive(:exit).with(1)
-      expect(knife.ui).to receive(:fatal).with("Please specify only one of 'secret' or 'secret_file' in your config")
-
-      knife.run
-    end
-
-  end
-
-  context "when --encrypt is provided without a secret" do
-    let(:config) {{ :encrypt => true }}
-
-    it "throws an error" do
-      expect(knife).to receive(:create_object).and_yield(raw_hash)
-      expect(knife).to receive(:exit).with(1)
-      expect(knife.ui).to receive(:fatal).with("No secret or secret_file specified in config, unable to encrypt item.")
-
-      knife.run
-    end
-  end
-
-  context "with secret in knife.rb" do
-    before do
-      Chef::Config[:knife][:secret] = config_secret
-    end
-
-    include_examples "a data bag item" do
-      let(:config_secret) { secret }
-    end
-
-    context "with --encrypt" do
-      include_examples "an encrypted data bag item" do
-        let(:config) {{ :encrypt => true }}
-        let(:config_secret) { secret }
-      end
-    end
-
-    context "with --secret" do
-      include_examples "an encrypted data bag item" do
-        let(:config) {{ :secret => secret }}
-        let(:config_secret) { "TERCES321cba" }
-      end
-    end
-
-    context "with --secret-file" do
-      include_examples "an encrypted data bag item" do
-        let(:config) {{ :secret_file => secret_file.path }}
-        let(:config_secret) { "TERCES321cba" }
-      end
-    end
-  end
-
-  context "with secret_file in knife.rb" do
-    before do
-      Chef::Config[:knife][:secret_file] = config_secret_file
-    end
-
-    include_examples "a data bag item" do
-      let(:config_secret_file) { secret_file.path }
-    end
-
-    context "with --encrypt" do
-      include_examples "an encrypted data bag item" do
-        let(:config) {{ :encrypt => true }}
-        let(:config_secret_file) { secret_file.path }
-      end
-    end
-
-    context "with --secret" do
-      include_examples "an encrypted data bag item" do
-        let(:config) {{ :secret => secret }}
-        let(:config_secret_file) { "/etc/chef/encrypted_data_bag_secret" }
-      end
-    end
-
-    context "with --secret-file" do
-      include_examples "an encrypted data bag item" do
-        let(:config) {{ :secret_file => secret_file.path }}
-        let(:config_secret_file) { "/etc/chef/encrypted_data_bag_secret" }
-      end
-    end
-  end
-
-  context "no secret in knife.rb" do
-
-    include_examples "a data bag item"
-
-    context "with --secret" do
-      include_examples "an encrypted data bag item" do
-        let(:config) {{ :secret => secret }}
-      end
-    end
-
-    context "with --secret-file" do
-      include_examples "an encrypted data bag item" do
-        let(:config) {{ :secret_file => secret_file.path }}
-      end
-    end
-  end
 end