summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarc A. Paradise <marc.paradise@gmail.com>2021-08-27 14:45:03 -0400
committerMarc A. Paradise <marc.paradise@gmail.com>2021-08-27 16:09:27 -0400
commitc4d953da87c39f0e5c235ce0579f04ba576d320b (patch)
treea19ba3d4e680db4b20433030fa73bbf18d3989a2
parent377ba8443e42dcb002158bb489cb504dc67efc18 (diff)
downloadchef-mp/11701.tar.gz
Updates based on code review commentsmp/11701
Signed-off-by: Marc A. Paradise <marc.paradise@gmail.com>
-rw-r--r--spec/unit/secret_fetcher/hashi_vault_spec.rb32
1 files changed, 11 insertions, 21 deletions
diff --git a/spec/unit/secret_fetcher/hashi_vault_spec.rb b/spec/unit/secret_fetcher/hashi_vault_spec.rb
index 02299474cf..db93a051e4 100644
--- a/spec/unit/secret_fetcher/hashi_vault_spec.rb
+++ b/spec/unit/secret_fetcher/hashi_vault_spec.rb
@@ -23,34 +23,24 @@ require "chef/secret_fetcher/hashi_vault"
describe Chef::SecretFetcher::HashiVault do
let(:node) { {} }
let(:run_context) { double("run_context", node: node) }
- let(:fetcher_config) { {} }
- let(:fetcher) {
- Chef::SecretFetcher::HashiVault.new( fetcher_config, run_context )
- }
context "when validating HashiVault provided configuration" do
- context "and role_name is not provided" do
- let(:fetcher_config) { { vault_addr: "vault.example.com" } }
- it "raises ConfigurationInvalid" do
- expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
- end
+ it "raises ConfigurationInvalid when the role_name is not provided" do
+ fetcher = Chef::SecretFetcher::HashiVault.new( { vault_addr: "vault.example.com" }, run_context)
+ expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
end
- context "and vault_addr is not provided" do
- let(:fetcher_config) { { role_name: "example-role" } }
- it "raises ConfigurationInvalid" do
- expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
- end
+
+ it "raises ConfigurationInvalid when the vault_addr is not provided" do
+ fetcher = Chef::SecretFetcher::HashiVault.new( { role_name: "vault.example.com" }, run_context)
+ expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
end
- end
- context "when all required config is provided" do
- let(:fetcher_config) { { vault_addr: "vault.example.com", role_name: "example-role" } }
- it "obtains a token via AWS IAM auth" do
- auth_stub = double("vault auth", aws_iam: nil)
+ it "obtains a token via AWS IAM auth to allow the gem to do its own validations when all required config is provided" do
+ fetcher = Chef::SecretFetcher::HashiVault.new( { vault_addr: "vault.example.com", role_name: "example-role" }, run_context)
+ auth_stub =
allow(Aws::InstanceProfileCredentials).to receive(:new).and_return double("credentials")
- allow(Vault).to receive(:auth).and_return(auth_stub)
+ allow(Vault).to receive(:auth).and_return(instance_double(Vault::Authenticate, aws_iam: nil))
fetcher.validate!
-
end
end
end