diff options
author | Marc A. Paradise <marc.paradise@gmail.com> | 2021-08-27 14:45:03 -0400 |
---|---|---|
committer | Marc A. Paradise <marc.paradise@gmail.com> | 2021-08-27 16:09:27 -0400 |
commit | c4d953da87c39f0e5c235ce0579f04ba576d320b (patch) | |
tree | a19ba3d4e680db4b20433030fa73bbf18d3989a2 | |
parent | 377ba8443e42dcb002158bb489cb504dc67efc18 (diff) | |
download | chef-mp/11701.tar.gz |
Updates based on code review commentsmp/11701
Signed-off-by: Marc A. Paradise <marc.paradise@gmail.com>
-rw-r--r-- | spec/unit/secret_fetcher/hashi_vault_spec.rb | 32 |
1 files changed, 11 insertions, 21 deletions
diff --git a/spec/unit/secret_fetcher/hashi_vault_spec.rb b/spec/unit/secret_fetcher/hashi_vault_spec.rb index 02299474cf..db93a051e4 100644 --- a/spec/unit/secret_fetcher/hashi_vault_spec.rb +++ b/spec/unit/secret_fetcher/hashi_vault_spec.rb @@ -23,34 +23,24 @@ require "chef/secret_fetcher/hashi_vault" describe Chef::SecretFetcher::HashiVault do let(:node) { {} } let(:run_context) { double("run_context", node: node) } - let(:fetcher_config) { {} } - let(:fetcher) { - Chef::SecretFetcher::HashiVault.new( fetcher_config, run_context ) - } context "when validating HashiVault provided configuration" do - context "and role_name is not provided" do - let(:fetcher_config) { { vault_addr: "vault.example.com" } } - it "raises ConfigurationInvalid" do - expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid) - end + it "raises ConfigurationInvalid when the role_name is not provided" do + fetcher = Chef::SecretFetcher::HashiVault.new( { vault_addr: "vault.example.com" }, run_context) + expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid) end - context "and vault_addr is not provided" do - let(:fetcher_config) { { role_name: "example-role" } } - it "raises ConfigurationInvalid" do - expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid) - end + + it "raises ConfigurationInvalid when the vault_addr is not provided" do + fetcher = Chef::SecretFetcher::HashiVault.new( { role_name: "vault.example.com" }, run_context) + expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid) end - end - context "when all required config is provided" do - let(:fetcher_config) { { vault_addr: "vault.example.com", role_name: "example-role" } } - it "obtains a token via AWS IAM auth" do - auth_stub = double("vault auth", aws_iam: nil) + it "obtains a token via AWS IAM auth to allow the gem to do its own validations when all required config is provided" do + fetcher = Chef::SecretFetcher::HashiVault.new( { vault_addr: "vault.example.com", role_name: "example-role" }, run_context) + auth_stub = allow(Aws::InstanceProfileCredentials).to receive(:new).and_return double("credentials") - allow(Vault).to receive(:auth).and_return(auth_stub) + allow(Vault).to receive(:auth).and_return(instance_double(Vault::Authenticate, aws_iam: nil)) fetcher.validate! - end end end |