summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTim Smith <tsmith@chef.io>2019-04-17 11:35:49 -0700
committerGitHub <noreply@github.com>2019-04-17 11:35:49 -0700
commit5f97ba11186b0632378a33259155188b6e902613 (patch)
treea1a18f081edaf69a7c1971c87a87d518dd347ae3
parentcec85f352ad95930daad53b8dda6032d6ce7b537 (diff)
parentce52c853611eb6c6572a367c9a425b7426a2b977 (diff)
downloadchef-5f97ba11186b0632378a33259155188b6e902613.tar.gz
Merge pull request #8384 from chef/btm/8077-backport
Backport #8077 to Chef 14
-rw-r--r--lib/chef/knife/data_bag_edit.rb2
-rw-r--r--spec/integration/knife/data_bag_create_spec.rb95
-rw-r--r--spec/integration/knife/data_bag_edit_spec.rb104
-rw-r--r--spec/integration/knife/data_bag_show_spec.rb71
-rw-r--r--spec/unit/knife/data_bag_edit_spec.rb3
5 files changed, 244 insertions, 31 deletions
diff --git a/lib/chef/knife/data_bag_edit.rb b/lib/chef/knife/data_bag_edit.rb
index 5d76762058..6c7f73ad6c 100644
--- a/lib/chef/knife/data_bag_edit.rb
+++ b/lib/chef/knife/data_bag_edit.rb
@@ -43,7 +43,7 @@ class Chef
exit(1)
end
else
- return item, false
+ return item.raw_data, false
end
end
diff --git a/spec/integration/knife/data_bag_create_spec.rb b/spec/integration/knife/data_bag_create_spec.rb
index 5ee7a2f00d..e60f3c06fd 100644
--- a/spec/integration/knife/data_bag_create_spec.rb
+++ b/spec/integration/knife/data_bag_create_spec.rb
@@ -27,29 +27,98 @@ describe "knife data bag create", :workstation do
let(:err) { "Created data_bag[foo]\n" }
let(:out) { "Created data_bag_item[bar]\n" }
let(:exists) { "Data bag foo already exists\n" }
+ let(:secret) { "abc" }
when_the_chef_server "is empty" do
- it "creates a new data bag" do
- knife("data bag create foo").should_succeed stderr: err
+ context "with encryption key" do
+ it "creates a new data bag and item" do
+ pretty_json = Chef::JSONCompat.to_json_pretty({ id: "bar", test: "pass" })
+ allow(Chef::JSONCompat).to receive(:to_json_pretty).and_return(pretty_json)
+ knife("data bag create foo bar --secret #{secret}").should_succeed stdout: out, stderr: err
+ expect(knife("data bag show foo bar --secret #{secret}").stderr).to eq("Encrypted data bag detected, decrypting with provided secret.\n")
+ expect(knife("data bag show foo bar --secret #{secret}").stdout).to eq("id: bar\ntest: pass\n")
+ end
+
+ it "creates a new data bag and an empty item" do
+ knife("data bag create foo bar --secret #{secret}").should_succeed stdout: out, stderr: err
+ expect(knife("data bag show foo bar --secret #{secret}").stderr).to eq("WARNING: Unencrypted data bag detected, ignoring any provided secret options.\n")
+ expect(knife("data bag show foo bar --secret #{secret}").stdout).to eq("id: bar\n")
+ end
end
- it "creates a new data bag and item" do
- knife("data bag create foo bar").should_succeed stdout: out, stderr: err
+ context "without encryption key" do
+ it "creates a new data bag" do
+ knife("data bag create foo").should_succeed stderr: err
+ expect(knife("data bag show foo").stderr).to eq("")
+ end
+
+ it "creates a new data bag and item" do
+ knife("data bag create foo bar").should_succeed stdout: out, stderr: err
+ expect(knife("data bag show foo").stdout).to eq("bar\n")
+ end
end
+ end
- it "adds a new item to an existing bag" do
- knife("data bag create foo").should_succeed stderr: err
- knife("data bag create foo bar").should_succeed stdout: out, stderr: exists
+ when_the_chef_server "has some data bags" do
+ before do
+ data_bag "foo", {}
+ data_bag "bag", { "box" => {} }
end
- it "refuses to add an existing data bag" do
- knife("data bag create foo").should_succeed stderr: err
- knife("data bag create foo").should_succeed stderr: exists
+ context "with encryption key" do
+ it "creates a new data bag and item" do
+ pretty_json = Chef::JSONCompat.to_json_pretty({ id: "bar", test: "pass" })
+ allow(Chef::JSONCompat).to receive(:to_json_pretty).and_return(pretty_json)
+ knife("data bag create rocket bar --secret #{secret}").should_succeed stdout: out, stderr: <<~EOM
+ Created data_bag[rocket]
+ EOM
+ expect(knife("data bag show rocket bar --secret #{secret}").stderr).to eq("Encrypted data bag detected, decrypting with provided secret.\n")
+ expect(knife("data bag show rocket bar --secret #{secret}").stdout).to eq("id: bar\ntest: pass\n")
+ end
+
+ it "creates a new data bag and an empty item" do
+ knife("data bag create rocket bar --secret #{secret}").should_succeed stdout: out, stderr: <<~EOM
+ Created data_bag[rocket]
+ EOM
+ expect(knife("data bag show rocket bar --secret #{secret}").stderr).to eq("WARNING: Unencrypted data bag detected, ignoring any provided secret options.\n")
+ expect(knife("data bag show rocket bar --secret #{secret}").stdout).to eq("id: bar\n")
+ end
+
+ it "adds a new item to an existing bag" do
+ knife("data bag create foo bar --secret #{secret}").should_succeed stdout: out, stderr: exists
+ expect(knife("data bag show foo bar --secret #{secret}").stderr).to eq("WARNING: Unencrypted data bag detected, ignoring any provided secret options.\n")
+ expect(knife("data bag show foo bar --secret #{secret}").stdout).to eq("id: bar\n")
+ end
+
+ it "fails to add an existing item" do
+ expect { knife("data bag create bag box --secret #{secret}") }.to raise_error(Net::HTTPClientException)
+ end
end
- it "fails to add an existing item" do
- knife("data bag create foo bar").should_succeed stdout: out, stderr: err
- expect { knife("data bag create foo bar") }.to raise_error(Net::HTTPClientException)
+ context "without encryption key" do
+ it "creates a new data bag" do
+ knife("data bag create rocket").should_succeed stderr: <<~EOM
+ Created data_bag[rocket]
+ EOM
+ end
+
+ it "creates a new data bag and item" do
+ knife("data bag create rocket bar").should_succeed stdout: out, stderr: <<~EOM
+ Created data_bag[rocket]
+ EOM
+ end
+
+ it "adds a new item to an existing bag" do
+ knife("data bag create foo bar").should_succeed stdout: out, stderr: exists
+ end
+
+ it "refuses to create an existing data bag" do
+ knife("data bag create foo").should_succeed stderr: exists
+ end
+
+ it "fails to add an existing item" do
+ expect { knife("data bag create bag box") }.to raise_error(Net::HTTPClientException)
+ end
end
end
end
diff --git a/spec/integration/knife/data_bag_edit_spec.rb b/spec/integration/knife/data_bag_edit_spec.rb
new file mode 100644
index 0000000000..cb3e84b9c6
--- /dev/null
+++ b/spec/integration/knife/data_bag_edit_spec.rb
@@ -0,0 +1,104 @@
+#
+# Copyright:: Copyright 2013-2016, Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "support/shared/integration/integration_helper"
+require "support/shared/context/config"
+require "chef/knife/data_bag_edit"
+
+describe "knife data bag edit", :workstation do
+ include IntegrationSupport
+ include KnifeSupport
+
+ include_context "default config options"
+
+ let(:out) { "Saved data_bag_item[box]\n" }
+ let(:err) { "Saving data bag unencrypted. To encrypt it, provide an appropriate secret.\n" }
+ let(:secret) { "abc" }
+ let(:encrypt) { "Encrypted data bag detected, decrypting with provided secret.\n" }
+
+ when_the_chef_server "is empty" do
+ context "with encryption key" do
+ it "fails to edit an item" do
+ expect { knife("data bag edit bag box --secret #{secret}") }.to raise_error(Net::HTTPClientException)
+ end
+ end
+
+ context "without encryption key" do
+ it "fails to edit an item" do
+ expect { knife("data bag edit bag box") }.to raise_error(Net::HTTPClientException)
+ end
+ end
+ end
+
+ when_the_chef_server "has some data bags" do
+ before do
+ data_bag "foo", {}
+ data_bag "bag", { "box" => {} }
+ data_bag "rocket", { "falcon9" => { heavy: "true" }, "atlas" => {}, "ariane" => {} }
+ data_bag "encrypt", { "box" => { id: "box", foo: { "encrypted_data": "J8N0pJ+LFDQF3XvhzWgkSBOuZZn8Og==\n", "iv": "4S1sb4zLnMt71SXV\n", "auth_tag": "4ChINhxz4WmqOizvZNoPPg==\n", "version": 3, "cipher": "aes-256-gcm" } } }
+ end
+
+ context "with encryption key" do
+ it "fails to edit a non-existing item" do
+ expect { knife("data bag edit foo box --secret #{secret}") }.to raise_error(Net::HTTPClientException)
+ end
+
+ it "edits an encrypted data bag item" do
+ pretty_json = Chef::JSONCompat.to_json_pretty({ id: "box", foo: "bar" })
+ allow(Chef::JSONCompat).to receive(:to_json_pretty).and_return(pretty_json)
+ knife("data bag edit encrypt box --secret #{secret}")
+ knife("data bag show encrypt box --secret #{secret}").should_succeed stderr: encrypt, stdout: <<~EOM
+ foo: bar
+ id: box
+ EOM
+ end
+
+ it "encrypts an unencrypted data bag item" do
+ knife("data bag edit rocket falcon9 --secret #{secret}")
+ knife("data bag show rocket falcon9 --secret #{secret}").should_succeed stderr: encrypt, stdout: <<~EOM
+ heavy: true
+ id: falcon9
+ EOM
+ end
+ end
+
+ context "without encryption key" do
+ it "fails to edit a non-existing item" do
+ expect { knife("data bag edit foo box") }.to raise_error(Net::HTTPClientException)
+ end
+ it "edits an empty data bag item" do
+ pretty_json = Chef::JSONCompat.to_json_pretty({ id: "box", ab: "abc" })
+ allow(Chef::JSONCompat).to receive(:to_json_pretty).and_return(pretty_json)
+ knife("data bag edit bag box").should_succeed stderr: err, stdout: out
+ knife("data bag show bag box").should_succeed <<~EOM
+ ab: abc
+ id: box
+ EOM
+ end
+ it "edits a non-empty data bag item" do
+ pretty_json = Chef::JSONCompat.to_json_pretty({ id: "falcon9", heavy: false })
+ allow(Chef::JSONCompat).to receive(:to_json_pretty).and_return(pretty_json)
+ knife("data bag edit rocket falcon9").should_succeed stderr: err, stdout: <<~EOM
+ Saved data_bag_item[falcon9]
+ EOM
+ knife("data bag show rocket falcon9").should_succeed <<~EOM
+ heavy: false
+ id: falcon9
+ EOM
+ end
+ end
+ end
+end
diff --git a/spec/integration/knife/data_bag_show_spec.rb b/spec/integration/knife/data_bag_show_spec.rb
index 5fefec5266..42553dc478 100644
--- a/spec/integration/knife/data_bag_show_spec.rb
+++ b/spec/integration/knife/data_bag_show_spec.rb
@@ -24,30 +24,71 @@ describe "knife data bag show", :workstation do
include_context "default config options"
- when_the_chef_server "has some data bags" do
+ when_the_chef_server "is empty" do
+ it "raises error if try to retrieve it" do
+ expect { knife("data bag show bag") }.to raise_error(Net::HTTPServerException)
+ end
+ end
+
+ when_the_chef_server "contains data bags" do
+ let(:right_secret) { "abc" }
+ let(:wrong_secret) { "ab" }
+ let(:err) { "Encrypted data bag detected, decrypting with provided secret.\n" }
before do
data_bag "x", {}
data_bag "canteloupe", {}
data_bag "rocket", { "falcon9" => { heavy: "true" }, "atlas" => {}, "ariane" => {} }
+ data_bag "encrypt", { "box" => { id: "box", foo: { "encrypted_data": "J8N0pJ+LFDQF3XvhzWgkSBOuZZn8Og==\n", "iv": "4S1sb4zLnMt71SXV\n", "auth_tag": "4ChINhxz4WmqOizvZNoPPg==\n", "version": 3, "cipher": "aes-256-gcm" } } }
end
- it "with an empty data bag" do
- knife("data bag show canteloupe").should_succeed "\n"
- end
+ context "with encrypted data" do
+ context "provided secret key" do
+ it "shows data if secret key is correct" do
+ knife("data bag show encrypt box --secret #{right_secret}").should_succeed stderr: err, stdout: <<~EOM
+ foo: bar
+ id: box
+ EOM
+ end
- it "with a bag with some items" do
- knife("data bag show rocket").should_succeed <<~EOM
- ariane
- atlas
- falcon9
-EOM
+ it "raises error if secret key is incorrect" do
+ expect { knife("data bag show encrypt box --secret #{wrong_secret}") }.to raise_error(Chef::EncryptedDataBagItem::DecryptionFailure)
+ end
+ end
+
+ context "not provided secret key" do
+ it "shows encrypted data with a warning" do
+ expect(knife("data bag show encrypt box").stderr).to eq("WARNING: Encrypted data bag detected, but no secret provided for decoding. Displaying encrypted data.\n")
+ end
+ end
end
- it "with a single item" do
- knife("data bag show rocket falcon9").should_succeed <<~EOM
- heavy: true
- id: falcon9
-EOM
+ context "with unencrypted data" do
+ context "provided secret key" do
+ it "shows unencrypted data with a warning" do
+ expect(knife("data bag show rocket falcon9 --secret #{right_secret}").stderr).to eq("WARNING: Unencrypted data bag detected, ignoring any provided secret options.\n")
+ end
+ end
+
+ context "not provided secret key" do
+ it "shows null with an empty data bag" do
+ knife("data bag show canteloupe").should_succeed "\n"
+ end
+
+ it "show list of items in a bag" do
+ knife("data bag show rocket").should_succeed <<~EOM
+ ariane
+ atlas
+ falcon9
+ EOM
+ end
+
+ it "show data of the item" do
+ knife("data bag show rocket falcon9").should_succeed <<~EOM
+ heavy: true
+ id: falcon9
+ EOM
+ end
+ end
end
end
end
diff --git a/spec/unit/knife/data_bag_edit_spec.rb b/spec/unit/knife/data_bag_edit_spec.rb
index ff131a7d91..4d7ce68aa2 100644
--- a/spec/unit/knife/data_bag_edit_spec.rb
+++ b/spec/unit/knife/data_bag_edit_spec.rb
@@ -49,8 +49,7 @@ describe Chef::Knife::DataBagEdit do
let(:is_encrypted?) { false }
let(:transmitted_hash) { raw_edited_hash }
- let(:data_to_edit) { db }
-
+ let(:data_to_edit) { db.raw_data }
shared_examples_for "editing a data bag" do
it "correctly edits then uploads the data bag" do
expect(Chef::DataBagItem).to receive(:load).with(bag_name, item_name).and_return(db)