diff options
author | Claire McQuin <claire@getchef.com> | 2014-08-22 16:21:49 -0700 |
---|---|---|
committer | tyler-ball <tyleraball@gmail.com> | 2014-09-29 08:31:08 -0700 |
commit | 40c2f92437579044284f9b4cc433ccf4f1d9d391 (patch) | |
tree | 80b4f50c909e2e540a489e6799f83ff7f3ab659e | |
parent | 900bc7d32c824eeb31d489914ff70b740cb720ab (diff) | |
download | chef-40c2f92437579044284f9b4cc433ccf4f1d9d391.tar.gz |
Fix logic and spec out new knife data bag create behaviors.
-rw-r--r-- | lib/chef/knife/data_bag_create.rb | 10 | ||||
-rw-r--r-- | spec/unit/knife/data_bag_create_spec.rb | 113 |
2 files changed, 81 insertions, 42 deletions
diff --git a/lib/chef/knife/data_bag_create.rb b/lib/chef/knife/data_bag_create.rb index e0c7f089b6..afd5832ead 100644 --- a/lib/chef/knife/data_bag_create.rb +++ b/lib/chef/knife/data_bag_create.rb @@ -49,10 +49,14 @@ class Chef :default => false def read_secret - if secret = config[:secret] || knife_config[:secret] || Chef::Config[:secret] + if config[:secret] + config[:secret] + elsif config[:secret_file] + Chef::EncryptedDataBagItem.load_secret(config[:secret_file]) + elsif secret = knife_config[:secret] || Chef::Config[:secret] secret else - secret_file = config[:secret_file] || knife_config[:secret_file] || Chef::Config[:secret_file] + secret_file = knife_config[:secret_file] || Chef::Config[:secret_file] Chef::EncryptedDataBagItem.load_secret(secret_file) end end @@ -77,7 +81,7 @@ class Chef end return true if config[:secret] || config[:secret_file] - if config[:encrypted] + if config[:encrypt] unless has_secret? || has_secret_file? ui.fatal("No secret or secret_file specified in config, unable to encrypt item.") exit(1) diff --git a/spec/unit/knife/data_bag_create_spec.rb b/spec/unit/knife/data_bag_create_spec.rb index f008b790b3..c3bcf0416f 100644 --- a/spec/unit/knife/data_bag_create_spec.rb +++ b/spec/unit/knife/data_bag_create_spec.rb @@ -47,8 +47,21 @@ describe Chef::Knife::DataBagCreate do let(:bag_name) { "sudoing_admins" } let(:item_name) { "ME" } + let(:secret) { "abc123SECRET" } + let(:secret_file) do + sfile = Tempfile.new("encrypted_data_bag_secret") + sfile.puts(secret) + sfile.flush + end + + let(:raw_hash) {{ "login_name" => "alphaomega", "id" => item_name }} + + let(:config) { {} } + before do Chef::Config[:node_name] = "webmonkey.example.com" + knife.name_args = [bag_name, item_name] + allow(knife).to receive(:config).and_return(config) end it "tries to create a data bag with an invalid name when given one argument" do @@ -77,8 +90,6 @@ describe Chef::Knife::DataBagCreate do item end - let(:raw_hash) {{ "login_name" => "alphaomega", "id" => item_name }} - before do knife.name_args = [bag_name, item_name] end @@ -92,21 +103,8 @@ describe Chef::Knife::DataBagCreate do end end - context "when given two arguments" do - include_examples "a data bag item" - end - - describe "encrypted data bag items" do - let(:secret) { "abc123SECRET" } - let(:secret_file) do - sfile = Tempfile.new("encrypted_data_bag_secret") - sfile.puts(secret) - sfile.flush - end - - - let(:raw_data) {{ "login_name" => "alphaomega", "id" => item_name }} - let(:encoded_data) { Chef::EncryptedDataBagItem.encrypt_data_bag_item(raw_data, secret) } + shared_examples_for "an encrypted data bag item" do + let(:encoded_data) { Chef::EncryptedDataBagItem.encrypt_data_bag_item(raw_hash, secret) } let(:item) do item = Chef::DataBagItem.from_hash(encoded_data) @@ -114,44 +112,81 @@ describe Chef::Knife::DataBagCreate do item end + it "creates an encrypted data bag item" do + expect(knife).to receive(:create_object).and_yield(raw_hash) + expect(Chef::EncryptedDataBagItem) + .to receive(:encrypt_data_bag_item) + .with(raw_hash, secret) + .and_return(encoded_data) + expect(rest).to receive(:post_rest).with("data", {"name" => bag_name}).ordered + expect(rest).to receive(:post_rest).with("data/#{bag_name}", item).ordered + + knife.run + end + end + + context "when given two arguments" do + include_examples "a data bag item" + end + + context "with secret in knife.rb" do before do - knife.name_args = [bag_name, item_name] - allow(knife).to receive(:config).and_return(config) + Chef::Config[:knife][:secret] = config_secret + end + + include_examples "a data bag item" do + let(:config_secret) { secret } end - shared_examples_for "an encrypted data bag item" do - it "creates an encrypted data bag item" do - expect(knife).to receive(:create_object).and_yield(raw_data) - expect(Chef::EncryptedDataBagItem) - .to receive(:encrypt_data_bag_item) - .with(raw_data, secret) - .and_return(encoded_data) - expect(rest).to receive(:post_rest).with("data", {"name" => bag_name}).ordered - expect(rest).to receive(:post_rest).with("data/#{bag_name}", item).ordered + context "with --encrypt" do + include_examples "an encrypted data bag item" do + let(:config) {{ :encrypt => true }} + let(:config_secret) { secret } + end + end - knife.run + context "with --secret" do + include_examples "an encrypted data bag item" do + let(:config) {{ :secret => secret }} + let(:config_secret) { "TERCES321cba" } end end - context "via --secret" do + context "with --secret-file" do include_examples "an encrypted data bag item" do - let(:config) { {:secret => secret} } + let(:config) {{ :secret_file => secret_file.path }} + let(:config_secret) { "TERCES321cba" } end end + end + + context "with secret_file in knife.rb" do + before do + Chef::Config[:knife][:secret_file] = config_secret_file + end + + include_examples "a data bag item" do + let(:config_secret_file) { secret_file.path } + end - context "via --secret-file" do + context "with --encrypt" do include_examples "an encrypted data bag item" do - let(:config) { {:secret_file => secret_file} } + let(:config) {{ :encrypt => true }} + let(:config_secret_file) { secret_file.path } end end - context "via --secret and --secret-file" do - let(:config) { {:secret => secret, :secret_file => secret_file} } + context "with --secret" do + include_examples "an encrypted data bag item" do + let(:config) {{ :secret => secret }} + let(:config_secret_file) { "/etc/chef/encrypted_data_bag_secret" } + end + end - it "fails to create an encrypted data bag item" do - expect(knife).to receive(:create_object).and_yield(raw_data) - expect(knife).to receive(:exit).with(1) - knife.run + context "with --secret-file" do + include_examples "an encrypted data bag item" do + let(:config) {{ :secret_file => secret_file.path }} + let(:config_secret_file) { "/etc/chef/encrypted_data_bag_secret" } end end end |