Fix logic and spec out new knife data bag create behaviors.

author: Claire McQuin <claire@getchef.com> 2014-08-22 16:21:49 -0700
committer: tyler-ball <tyleraball@gmail.com> 2014-09-29 08:31:08 -0700
commit: 40c2f92437579044284f9b4cc433ccf4f1d9d391 (patch)
tree: 80b4f50c909e2e540a489e6799f83ff7f3ab659e
parent: 900bc7d32c824eeb31d489914ff70b740cb720ab (diff)
download: chef-40c2f92437579044284f9b4cc433ccf4f1d9d391.tar.gz
2 files changed, 81 insertions, 42 deletions
diff --git a/lib/chef/knife/data_bag_create.rb b/lib/chef/knife/data_bag_create.rb
index e0c7f089b6..afd5832ead 100644
--- a/lib/chef/knife/data_bag_create.rb
+++ b/lib/chef/knife/data_bag_create.rb
@@ -49,10 +49,14 @@ class Chef
         :default => false
 
       def read_secret
-        if secret = config[:secret] || knife_config[:secret] || Chef::Config[:secret]
+        if config[:secret]
+          config[:secret]
+        elsif config[:secret_file]
+          Chef::EncryptedDataBagItem.load_secret(config[:secret_file])
+        elsif secret = knife_config[:secret] || Chef::Config[:secret]
           secret
         else
-          secret_file = config[:secret_file] || knife_config[:secret_file] || Chef::Config[:secret_file]
+          secret_file = knife_config[:secret_file] || Chef::Config[:secret_file]
           Chef::EncryptedDataBagItem.load_secret(secret_file)
         end
       end
@@ -77,7 +81,7 @@ class Chef
         end
 
         return true if config[:secret] || config[:secret_file]
-        if config[:encrypted]
+        if config[:encrypt]
           unless has_secret? || has_secret_file?
             ui.fatal("No secret or secret_file specified in config, unable to encrypt item.")
             exit(1)
diff --git a/spec/unit/knife/data_bag_create_spec.rb b/spec/unit/knife/data_bag_create_spec.rb
index f008b790b3..c3bcf0416f 100644
--- a/spec/unit/knife/data_bag_create_spec.rb
+++ b/spec/unit/knife/data_bag_create_spec.rb
@@ -47,8 +47,21 @@ describe Chef::Knife::DataBagCreate do
   let(:bag_name) { "sudoing_admins" }
   let(:item_name) { "ME" }
 
+  let(:secret) { "abc123SECRET" }
+  let(:secret_file) do
+    sfile = Tempfile.new("encrypted_data_bag_secret")
+    sfile.puts(secret)
+    sfile.flush
+  end
+
+  let(:raw_hash)  {{ "login_name" => "alphaomega", "id" => item_name }}
+
+  let(:config) { {} }
+
   before do
     Chef::Config[:node_name] = "webmonkey.example.com"
+    knife.name_args = [bag_name, item_name]
+    allow(knife).to receive(:config).and_return(config)
   end
 
   it "tries to create a data bag with an invalid name when given one argument" do
@@ -77,8 +90,6 @@ describe Chef::Knife::DataBagCreate do
       item
     end
 
-    let(:raw_hash)  {{ "login_name" => "alphaomega", "id" => item_name }}
-
     before do
       knife.name_args = [bag_name, item_name]
     end
@@ -92,21 +103,8 @@ describe Chef::Knife::DataBagCreate do
     end
   end
 
-  context "when given two arguments" do
-    include_examples "a data bag item"
-  end
-
-  describe "encrypted data bag items" do
-    let(:secret) { "abc123SECRET" }
-    let(:secret_file) do
-      sfile = Tempfile.new("encrypted_data_bag_secret")
-      sfile.puts(secret)
-      sfile.flush
-    end
-
-
-    let(:raw_data) {{ "login_name" => "alphaomega", "id" => item_name }}
-    let(:encoded_data) { Chef::EncryptedDataBagItem.encrypt_data_bag_item(raw_data, secret) }
+  shared_examples_for "an encrypted data bag item" do
+    let(:encoded_data) { Chef::EncryptedDataBagItem.encrypt_data_bag_item(raw_hash, secret) }
 
     let(:item) do
       item = Chef::DataBagItem.from_hash(encoded_data)
@@ -114,44 +112,81 @@ describe Chef::Knife::DataBagCreate do
       item
     end
 
+    it "creates an encrypted data bag item" do
+      expect(knife).to receive(:create_object).and_yield(raw_hash)
+      expect(Chef::EncryptedDataBagItem)
+        .to receive(:encrypt_data_bag_item)
+        .with(raw_hash, secret)
+        .and_return(encoded_data)
+      expect(rest).to receive(:post_rest).with("data", {"name" => bag_name}).ordered
+      expect(rest).to receive(:post_rest).with("data/#{bag_name}", item).ordered
+
+      knife.run
+    end
+  end
+
+  context "when given two arguments" do
+    include_examples "a data bag item"
+  end
+
+  context "with secret in knife.rb" do
     before do
-      knife.name_args = [bag_name, item_name]
-      allow(knife).to receive(:config).and_return(config)
+      Chef::Config[:knife][:secret] = config_secret
+    end
+
+    include_examples "a data bag item" do
+      let(:config_secret) { secret }
     end
 
-    shared_examples_for "an encrypted data bag item" do
-      it "creates an encrypted data bag item" do
-        expect(knife).to receive(:create_object).and_yield(raw_data)
-        expect(Chef::EncryptedDataBagItem)
-          .to receive(:encrypt_data_bag_item)
-          .with(raw_data, secret)
-          .and_return(encoded_data)
-        expect(rest).to receive(:post_rest).with("data", {"name" => bag_name}).ordered
-        expect(rest).to receive(:post_rest).with("data/#{bag_name}", item).ordered
+    context "with --encrypt" do
+      include_examples "an encrypted data bag item" do
+        let(:config) {{ :encrypt => true }}
+        let(:config_secret) { secret }
+      end
+    end
 
-        knife.run
+    context "with --secret" do
+      include_examples "an encrypted data bag item" do
+        let(:config) {{ :secret => secret }}
+        let(:config_secret) { "TERCES321cba" }
       end
     end
 
-    context "via --secret" do
+    context "with --secret-file" do
       include_examples "an encrypted data bag item" do
-        let(:config) { {:secret => secret} }
+        let(:config) {{ :secret_file => secret_file.path }}
+        let(:config_secret) { "TERCES321cba" }
       end
     end
+  end
+
+  context "with secret_file in knife.rb" do
+    before do
+      Chef::Config[:knife][:secret_file] = config_secret_file
+    end
+
+    include_examples "a data bag item" do
+      let(:config_secret_file) { secret_file.path }
+    end
 
-    context "via --secret-file" do
+    context "with --encrypt" do
       include_examples "an encrypted data bag item" do
-        let(:config) { {:secret_file => secret_file} }
+        let(:config) {{ :encrypt => true }}
+        let(:config_secret_file) { secret_file.path }
       end
     end
 
-    context "via --secret and --secret-file" do
-      let(:config) { {:secret => secret, :secret_file => secret_file} }
+    context "with --secret" do
+      include_examples "an encrypted data bag item" do
+        let(:config) {{ :secret => secret }}
+        let(:config_secret_file) { "/etc/chef/encrypted_data_bag_secret" }
+      end
+    end
 
-      it "fails to create an encrypted data bag item" do
-        expect(knife).to receive(:create_object).and_yield(raw_data)
-        expect(knife).to receive(:exit).with(1)
-        knife.run
+    context "with --secret-file" do
+      include_examples "an encrypted data bag item" do
+        let(:config) {{ :secret_file => secret_file.path }}
+        let(:config_secret_file) { "/etc/chef/encrypted_data_bag_secret" }
       end
     end
   end
author	Claire McQuin <claire@getchef.com>	2014-08-22 16:21:49 -0700
committer	tyler-ball <tyleraball@gmail.com>	2014-09-29 08:31:08 -0700
commit	40c2f92437579044284f9b4cc433ccf4f1d9d391 (patch)
tree	80b4f50c909e2e540a489e6799f83ff7f3ab659e
parent	900bc7d32c824eeb31d489914ff70b740cb720ab (diff)
download	chef-40c2f92437579044284f9b4cc433ccf4f1d9d391.tar.gz