Merge pull request #3271 from chef/tc/create-key

Implement `knife user key create` and `knife client key create`

10 files changed, 634 insertions, 8 deletions

diff --git a/lib/chef/config.rb b/lib/chef/config.rb
index 25557b077f..d2d3c736c2 100644
--- a/lib/chef/config.rb
+++ b/lib/chef/config.rb
@@ -319,7 +319,19 @@ class Chef
       default :host, 'localhost'
       default :port, 8889.upto(9999) # Will try ports from 8889-9999 until one works
     end
+
     default :chef_server_url,   "https://localhost:443"
+    default(:chef_server_root) do
+      # if the chef_server_url is a path to an organization, aka
+      # 'some_url.../organizations/*' then remove the '/organization/*' by default
+      if self.configuration[:chef_server_url] =~ /\/organizations\/\S*$/
+        self.configuration[:chef_server_url].split('/')[0..-3].join('/')
+      elsif self.configuration[:chef_server_url] # default to whatever chef_server_url is
+        self.configuration[:chef_server_url]
+      else
+        "https://localhost:443"
+      end
+    end
 
     default :rest_timeout, 300
     default :yum_timeout, 900
diff --git a/lib/chef/exceptions.rb b/lib/chef/exceptions.rb
index cfedbfd0d9..da562e70f4 100644
--- a/lib/chef/exceptions.rb
+++ b/lib/chef/exceptions.rb
@@ -70,6 +70,7 @@ class Chef
     class InvalidPrivateKey < ArgumentError; end
     class ConfigurationError < ArgumentError; end
     class MissingKeyAttribute < ArgumentError; end
+    class KeyCommandInputError < ArgumentError; end
     class InvalidKeyArgument < ArgumentError; end
     class InvalidKeyAttribute < ArgumentError; end
     class RedirectLimitExceeded < RuntimeError; end
diff --git a/lib/chef/key.rb b/lib/chef/key.rb
index 1828713386..1ba0ab49c9 100644
--- a/lib/chef/key.rb
+++ b/lib/chef/key.rb
@@ -147,7 +147,11 @@ class Chef
       payload['public_key'] = @public_key unless @public_key.nil?
       payload['create_key'] = @create_key if @create_key
       payload['expiration_date'] = @expiration_date unless @expiration_date.nil?
-      new_key = chef_rest.post_rest("#{api_base}/#{@actor}/keys", payload)
+      result = chef_rest.post_rest("#{api_base}/#{@actor}/keys", payload)
+      # append the private key to the current key if the server returned one,
+      # since the POST endpoint just returns uri and private_key if needed.
+      new_key = self.to_hash
+      new_key["private_key"] = result["private_key"] if result["private_key"]
       Chef::Key.from_hash(new_key)
     end
 
diff --git a/lib/chef/knife/client_key_create.rb b/lib/chef/knife/client_key_create.rb
new file mode 100644
index 0000000000..3b7e97eb24
--- /dev/null
+++ b/lib/chef/knife/client_key_create.rb
@@ -0,0 +1,67 @@
+#
+# Author:: Tyler Cloke (tyler@chef.io)
+# Copyright:: Copyright (c) 2015 Chef Software, Inc
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/knife'
+require 'chef/knife/key_create_base'
+
+class Chef
+  class Knife
+    # Implements knife user key create using Chef::Knife::KeyCreate
+    # as a service class.
+    #
+    # @author Tyler Cloke
+    #
+    # @attr_reader [String] actor the name of the client that this key is for
+    class ClientKeyCreate < Knife
+      include Chef::Knife::KeyCreateBase
+
+      attr_reader :actor
+
+      def initialize(argv=[])
+        super(argv)
+        @service_object = nil
+      end
+
+      def run
+        apply_params!(@name_args)
+        service_object.run
+      end
+
+      def actor_field_name
+        'client'
+      end
+
+      def service_object
+        @service_object ||= Chef::Knife::KeyCreate.new(@actor, actor_field_name, ui, config)
+      end
+
+      def actor_missing_error
+        'You must specify a client name'
+      end
+
+      def apply_params!(params)
+        @actor = params[0]
+        if @actor.nil?
+          show_usage
+          ui.fatal(actor_missing_error)
+          exit 1
+        end
+      end
+    end
+  end
+end
diff --git a/lib/chef/knife/key_create.rb b/lib/chef/knife/key_create.rb
new file mode 100644
index 0000000000..5ee36e9793
--- /dev/null
+++ b/lib/chef/knife/key_create.rb
@@ -0,0 +1,108 @@
+#
+# Author:: Tyler Cloke (<tyler@chef.io>)
+# Copyright:: Copyright (c) 2015 Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/key'
+require 'chef/json_compat'
+require 'chef/exceptions'
+
+class Chef
+  class Knife
+    # Service class for UserKeyCreate and ClientKeyCreate,
+    # Implements common functionality of knife [user | org client] key create.
+    #
+    # @author Tyler Cloke
+    #
+    # @attr_accessor [Hash] cli input, see UserKeyCreate and ClientKeyCreate for what could populate it
+    class KeyCreate
+
+      attr_accessor :config
+
+      def initialize(actor, actor_field_name, ui, config)
+        @actor = actor
+        @actor_field_name = actor_field_name
+        @ui = ui
+        @config = config
+      end
+
+      def public_key_or_key_name_error_msg
+<<EOS
+You must pass either --public-key or --key-name, or both.
+If you only pass --public-key, a key name will be generated from the fingerprint of your key.
+If you only pass --key-name, a key pair will be generated by the server.
+EOS
+      end
+
+      def edit_data(key)
+        @ui.edit_data(key)
+      end
+
+      def display_info(input)
+        @ui.info(input)
+      end
+
+      def display_private_key(private_key)
+        @ui.msg(private_key)
+      end
+
+      def output_private_key_to_file(private_key)
+        File.open(@config[:file], "w") do |f|
+          f.print(private_key)
+        end
+      end
+
+      def create_key_from_hash(output)
+        Chef::Key.from_hash(output).create
+      end
+
+      def run
+        key = Chef::Key.new(@actor, @actor_field_name)
+        if !@config[:public_key] && !@config[:key_name]
+          raise Chef::Exceptions::KeyCommandInputError, public_key_or_key_name_error_msg
+        elsif !@config[:public_key]
+          key.create_key(true)
+        end
+
+        if @config[:public_key]
+          key.public_key(File.read(File.expand_path(@config[:public_key])))
+        end
+
+        if @config[:key_name]
+          key.name(@config[:key_name])
+        end
+
+        if @config[:expiration_date]
+          key.expiration_date(@config[:expiration_date])
+        else
+          key.expiration_date("infinity")
+        end
+
+        output = edit_data(key)
+        key = create_key_from_hash(output)
+
+        display_info("Created key: #{key.name}")
+        if key.private_key
+          if @config[:file]
+            output_private_key_to_file(key.private_key)
+          else
+            display_private_key(key.private_key)
+          end
+        end
+      end
+    end
+  end
+end
diff --git a/lib/chef/knife/key_create_base.rb b/lib/chef/knife/key_create_base.rb
new file mode 100644
index 0000000000..da31f70d1d
--- /dev/null
+++ b/lib/chef/knife/key_create_base.rb
@@ -0,0 +1,50 @@
+#
+# Author:: Tyler Cloke (<tyler@chef.io>)
+# Copyright:: Copyright (c) 2015 Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+class Chef
+  class Knife
+    # Extendable module that class_eval's common options into UserKeyCreate and ClientKeyCreate
+    #
+    # @author Tyler Cloke
+    module KeyCreateBase
+      def self.included(includer)
+        includer.class_eval do
+          option :public_key,
+                 :short => "-p FILENAME",
+                 :long => "--public-key FILENAME",
+                 :description => "Public key for newly created key. If not passed, the server will create a key pair for you, but you must pass --key-name NAME in that case."
+
+          option :file,
+                 :short => "-f FILE",
+                 :long  => "--file FILE",
+                 :description => "Write the private key to a file, if you requested the server to create one."
+
+          option :key_name,
+                 :short => "-k NAME",
+                 :long  => "--key-name NAME",
+                 :description => "The name for your key. If you do not pass a name, you must pass --public-key, and the name will default to the fingerprint of the public key passed."
+
+          option :expiration_date,
+                 :short => "-e DATE",
+                 :long  => "--expiration-date DATE",
+                 :description => "Optionally pass the expiration date for the key in ISO 8601 fomatted string: YYYY-MM-DDTHH:MM:SSZ e.g. 2013-12-24T21:00:00Z. Defaults to infinity if not passed. UTC timezone assumed."
+        end
+      end
+    end
+  end
+end
diff --git a/lib/chef/knife/user_key_create.rb b/lib/chef/knife/user_key_create.rb
new file mode 100644
index 0000000000..5ed699ff5b
--- /dev/null
+++ b/lib/chef/knife/user_key_create.rb
@@ -0,0 +1,69 @@
+#
+# Author:: Tyler Cloke (tyler@chef.io)
+# Copyright:: Copyright (c) 2015 Chef Software, Inc
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/knife'
+require 'chef/knife/key_create_base'
+
+class Chef
+  class Knife
+    # Implements knife user key create using Chef::Knife::KeyCreate
+    # as a service class.
+    #
+    # @author Tyler Cloke
+    #
+    # @attr_reader [String] actor the name of the user that this key is for
+    class UserKeyCreate < Knife
+      include Chef::Knife::KeyCreateBase
+
+      banner 'knife user key create USER (options)'
+
+      attr_reader :actor
+
+      def initialize(argv=[])
+        super(argv)
+        @service_object = nil
+      end
+
+      def run
+        apply_params!(@name_args)
+        service_object.run
+      end
+
+      def actor_field_name
+        'user'
+      end
+
+      def service_object
+        @service_object ||= Chef::Knife::KeyCreate.new(@actor, actor_field_name, ui, config)
+      end
+
+      def actor_missing_error
+        'You must specify a user name'
+      end
+
+      def apply_params!(params)
+        @actor = params[0]
+        if @actor.nil?
+          show_usage
+          ui.fatal(actor_missing_error)
+          exit 1
+        end
+      end
+    end
+  end
+end
diff --git a/spec/unit/config_spec.rb b/spec/unit/config_spec.rb
index 6ea67246b5..d5d05dcfc8 100644
--- a/spec/unit/config_spec.rb
+++ b/spec/unit/config_spec.rb
@@ -51,7 +51,6 @@ describe Chef::Config do
         expect(Chef::Config.chef_server_url).to eq("https://junglist.gen.nz")
       end
     end
-
   end
 
   describe "when configuring formatters" do
@@ -175,6 +174,50 @@ describe Chef::Config do
           allow(Chef::Config).to receive(:path_accessible?).and_return(false)
         end
 
+        describe "Chef::Config[:chef_server_root]" do
+          context "when chef_server_url isn't set manually" do
+            it "returns the default of 'https://localhost:443'" do
+              expect(Chef::Config[:chef_server_root]).to eq("https://localhost:443")
+            end
+          end
+
+          context "when chef_server_url matches '../organizations/*' without a trailing slash" do
+            before do
+              Chef::Config[:chef_server_url] = "https://example.com/organizations/myorg"
+            end
+            it "returns the full URL without /organizations/*" do
+              expect(Chef::Config[:chef_server_root]).to eq("https://example.com")
+            end
+          end
+
+          context "when chef_server_url matches '../organizations/*' with a trailing slash" do
+            before do
+              Chef::Config[:chef_server_url] = "https://example.com/organizations/myorg/"
+            end
+            it "returns the full URL without /organizations/*" do
+              expect(Chef::Config[:chef_server_root]).to eq("https://example.com")
+            end
+          end
+
+          context "when chef_server_url matches '..organizations..' but not '../organizations/*'" do
+            before do
+              Chef::Config[:chef_server_url] = "https://organizations.com/organizations"
+            end
+            it "returns the full URL without any modifications" do
+              expect(Chef::Config[:chef_server_root]).to eq(Chef::Config[:chef_server_url])
+            end
+          end
+
+          context "when chef_server_url is a standard URL without the string organization(s)" do
+            before do
+              Chef::Config[:chef_server_url] = "https://example.com/some_other_string"
+            end
+            it "returns the full URL without any modifications" do
+              expect(Chef::Config[:chef_server_root]).to eq(Chef::Config[:chef_server_url])
+            end
+          end
+        end
+
         describe "Chef::Config[:cache_path]" do
           context "when /var/chef exists and is accessible" do
             it "defaults to /var/chef" do
diff --git a/spec/unit/key_spec.rb b/spec/unit/key_spec.rb
index 9f37b8aa12..8ef7d24f21 100644
--- a/spec/unit/key_spec.rb
+++ b/spec/unit/key_spec.rb
@@ -435,17 +435,37 @@ EOS
           end
 
           context "when create_key is true and public_key is nil" do
+
             before do
               key.delete_public_key
               key.create_key true
+              $expected_output = {
+                actor_type => "foobar",
+                "name" => key.name,
+                "create_key" => true,
+                "expiration_date" => key.expiration_date
+              }
+              $expected_input = {
+                "name" => key.name,
+                "create_key" => true,
+                "expiration_date" => key.expiration_date
+              }
             end
+
             it "should create a new key via the API" do
-              expect(rest).to receive(:post_rest).with(url,
-                                                       {"name" => key.name,
-                                                        "create_key" => true,
-                                                        "expiration_date" => key.expiration_date}).and_return({})
+              expect(rest).to receive(:post_rest).with(url, $expected_input).and_return({})
               key.create
             end
+
+            context "when the server returns the private_key via key.create" do
+              before do
+                allow(rest).to receive(:post_rest).with(url, $expected_input).and_return({"private_key" => "this_private_key"})
+              end
+
+              it "key.create returns the original key plus the private_key" do
+                expect(key.create.to_hash).to eq($expected_output.merge({"private_key" => "this_private_key"}))
+              end
+            end
           end
 
           context "when create_key is false and public_key is nil" do
@@ -464,6 +484,7 @@ EOS
         it_should_behave_like "create key" do
           let(:url) { "users/#{key.actor}/keys" }
           let(:key) { user_key }
+          let(:actor_type) { "user" }
         end
       end
 
@@ -471,6 +492,7 @@ EOS
         it_should_behave_like "create key" do
           let(:url) { "clients/#{client_key.actor}/keys" }
           let(:key) { client_key }
+          let(:actor_type) { "client" }
         end
       end
     end # create
@@ -496,14 +518,14 @@ EOS
         end
       end
 
-      context "when creating a user key" do
+      context "when updating a user key" do
         it_should_behave_like "update key" do
           let(:url) { "users/#{key.actor}/keys/#{key.name}" }
           let(:key) { user_key }
         end
       end
 
-      context "when creating a client key" do
+      context "when updating a client key" do
         it_should_behave_like "update key" do
           let(:url) { "clients/#{client_key.actor}/keys/#{key.name}" }
           let(:key) { client_key }
diff --git a/spec/unit/knife/key_create_spec.rb b/spec/unit/knife/key_create_spec.rb
new file mode 100644
index 0000000000..1bdd0f3ba1
--- /dev/null
+++ b/spec/unit/knife/key_create_spec.rb
@@ -0,0 +1,250 @@
+#
+# Author:: Tyler Cloke (<tyler@chef.io>)
+# Copyright:: Copyright (c) 2015 Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'spec_helper'
+require 'chef/knife/user_key_create'
+require 'chef/knife/client_key_create'
+require 'chef/knife/key_create'
+require 'chef/key'
+
+describe "key create commands that inherit knife" do
+
+  let(:stderr) { StringIO.new }
+  let(:params) { [] }
+  let(:service_object) { instance_double(Chef::Knife::KeyCreate) }
+
+  shared_examples_for "a key create command" do
+    let(:command) do
+      c = described_class.new([])
+      c.ui.config[:disable_editing] = true
+      allow(c.ui).to receive(:stderr).and_return(stderr)
+      allow(c.ui).to receive(:stdout).and_return(stderr)
+      allow(c).to receive(:show_usage)
+      c
+    end
+
+    context "before apply_params! is called" do
+      context "when apply_params! is called with invalid args" do
+        it "shows the usage" do
+          expect(command).to receive(:show_usage)
+          expect { command.apply_params!(params) }.to exit_with_code(1)
+        end
+
+        it "outputs the proper error" do
+          expect { command.apply_params!(params) }.to exit_with_code(1)
+          expect(stderr.string).to include(command.actor_missing_error)
+        end
+
+        it "exits 1" do
+          expect { command.apply_params!(params) }.to exit_with_code(1)
+        end
+      end
+    end # before apply_params! is called
+
+    context "after apply_params! is called with valid args" do
+      let(:params) { ["charmander"] }
+      before do
+        command.apply_params!(params)
+      end
+
+      it "properly defines the actor" do
+        expect(command.actor).to eq("charmander")
+      end
+
+      context "when the service object is called" do
+        it "creates a new instance of Chef::Knife::KeyCreate with the correct args" do
+          expect(Chef::Knife::KeyCreate).to receive(:new).
+            with("charmander", command.actor_field_name, command.ui, command.config).
+            and_return(service_object)
+          command.service_object
+        end
+      end # when the service object is called
+    end # after apply_params! is called with valid args
+    context "when the command is run" do
+      before do
+        allow(command).to receive(:service_object).and_return(service_object)
+        allow(command).to receive(:name_args).and_return(["charmander"])
+      end
+
+      context "when the command is successful" do
+        before do
+          expect(service_object).to receive(:run)
+        end
+      end
+    end
+  end # a key create command
+
+  describe Chef::Knife::UserKeyCreate do
+    it_should_behave_like "a key create command"
+  end
+
+  describe Chef::Knife::ClientKeyCreate do
+    it_should_behave_like "a key create command"
+  end
+end
+
+describe Chef::Knife::KeyCreate do
+  let(:public_key) {
+    "-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvPo+oNPB7uuNkws0fC02
+KxSwdyqPLu0fhI1pOweNKAZeEIiEz2PkybathHWy8snSXGNxsITkf3eyvIIKa8OZ
+WrlqpI3yv/5DOP8HTMCxnFuMJQtDwMcevlqebX4bCxcByuBpNYDcAHjjfLGSfMjn
+E5lZpgYWwnpic4kSjYcL9ORK9nYvlWV9P/kCYmRhIjB4AhtpWRiOfY/TKi3P2LxT
+IjSmiN/ihHtlhV/VSnBJ5PzT/lRknlrJ4kACoz7Pq9jv+aAx5ft/xE9yDa2DYs0q
+Tfuc9dUYsFjptWYrV6pfEQ+bgo1OGBXORBFcFL+2D7u9JYquKrMgosznHoEkQNLo
+0wIDAQAB
+-----END PUBLIC KEY-----"
+  }
+  let(:config) { Hash.new }
+  let(:actor) { "charmander" }
+  let(:ui) { instance_double("Chef::Knife::UI") }
+
+  shared_examples_for "key create run command" do
+    let(:key_create_object) {
+      described_class.new(actor, actor_field_name, ui, config)
+    }
+
+    context "when public_key and key_name weren't passed" do
+      it "raises a Chef::Exceptions::KeyCommandInputError with the proper error message" do
+        expect{ key_create_object.run }.to raise_error(Chef::Exceptions::KeyCommandInputError, key_create_object.public_key_or_key_name_error_msg)
+      end
+    end
+
+    context "when the command is run" do
+      let(:expected_hash) {
+        {
+          actor_field_name => "charmander"
+        }
+      }
+
+      before do
+        allow(File).to receive(:read).and_return(public_key)
+        allow(File).to receive(:expand_path)
+
+        allow(key_create_object).to receive(:output_private_key_to_file)
+        allow(key_create_object).to receive(:display_private_key)
+        allow(key_create_object).to receive(:edit_data).and_return(expected_hash)
+        allow(key_create_object).to receive(:create_key_from_hash).and_return(Chef::Key.from_hash(expected_hash))
+        allow(key_create_object).to receive(:display_info)
+      end
+
+      context "when a valid hash is passed" do
+        let(:key_name) { "charmander-key" }
+        let(:valid_expiration_date) { "2020-12-24T21:00:00Z" }
+        let(:expected_hash) {
+          {
+            actor_field_name => "charmander",
+            "public_key" => public_key,
+            "expiration_date" => valid_expiration_date,
+            "key_name" => key_name
+          }
+        }
+        before do
+          key_create_object.config[:public_key] = "public_key_path"
+          key_create_object.config[:expiration_Date] = valid_expiration_date,
+          key_create_object.config[:key_name] = key_name
+        end
+
+        it "creates the proper hash" do
+          expect(key_create_object).to receive(:create_key_from_hash).with(expected_hash)
+          key_create_object.run
+        end
+      end
+
+      context "when public_key is passed" do
+        let(:expected_hash) {
+          {
+            actor_field_name => "charmander",
+            "public_key" => public_key
+          }
+        }
+        before do
+          key_create_object.config[:public_key] = "public_key_path"
+        end
+
+        it "calls File.expand_path with the public_key input" do
+          expect(File).to receive(:expand_path).with("public_key_path")
+          key_create_object.run
+        end
+      end # when public_key is passed
+
+      context "when public_key isn't passed and key_name is" do
+        let(:expected_hash) {
+          {
+            actor_field_name => "charmander",
+            "name" => "charmander-key",
+            "create_key" => true
+          }
+        }
+        before do
+          key_create_object.config[:key_name] = "charmander-key"
+        end
+
+        it "should set create_key to true" do
+          expect(key_create_object).to receive(:create_key_from_hash).with(expected_hash)
+          key_create_object.run
+        end
+      end
+
+      context "when the server returns a private key" do
+        let(:expected_hash) {
+          {
+            actor_field_name => "charmander",
+            "public_key" => public_key,
+            "private_key" => "super_private"
+          }
+        }
+
+        before do
+          key_create_object.config[:public_key] = "public_key_path"
+        end
+
+        context "when file is not passed" do
+          it "calls display_private_key with the private_key" do
+            expect(key_create_object).to receive(:display_private_key).with("super_private")
+            key_create_object.run
+          end
+        end
+
+        context "when file is passed" do
+          before do
+            key_create_object.config[:file] = "/fake/file"
+          end
+
+          it "calls output_private_key_to_file with the private_key" do
+            expect(key_create_object).to receive(:output_private_key_to_file).with("super_private")
+            key_create_object.run
+          end
+        end
+      end # when the server returns a private key
+    end # when the command is run
+  end #key create run command"
+
+  context "when actor_field_name is 'user'" do
+    it_should_behave_like "key create run command" do
+      let(:actor_field_name) { "user" }
+    end
+  end
+
+  context "when actor_field_name is 'client'" do
+    it_should_behave_like "key create run command" do
+      let(:actor_field_name) { "client" }
+    end
+  end
+end
+