diff options
author | tyler-ball <tyleraball@gmail.com> | 2014-09-08 17:29:44 -0700 |
---|---|---|
committer | tyler-ball <tyleraball@gmail.com> | 2014-09-29 08:31:08 -0700 |
commit | a2a3f6774535319532cb268038644358d6f66051 (patch) | |
tree | 82c0bcf0e3b5343a9339b925c7f524a750586b1e | |
parent | 61c92270be36ad93eef8e769bbbed37a97f43fb1 (diff) | |
download | chef-a2a3f6774535319532cb268038644358d6f66051.tar.gz |
Refactoring the common tests out into their own spec. Removing double coverage from the create tests
-rw-r--r-- | lib/chef/knife/data_bag_common.rb | 2 | ||||
-rw-r--r-- | spec/unit/knife/data_bag_common_spec.rb | 139 | ||||
-rw-r--r-- | spec/unit/knife/data_bag_create_spec.rb | 136 |
3 files changed, 145 insertions, 132 deletions
diff --git a/lib/chef/knife/data_bag_common.rb b/lib/chef/knife/data_bag_common.rb index 916989cbb4..4d4f270139 100644 --- a/lib/chef/knife/data_bag_common.rb +++ b/lib/chef/knife/data_bag_common.rb @@ -97,7 +97,7 @@ class Chef knife_config[:secret_file] || Chef::Config[:secret_file] end - # TODO duplicated from data_query.rb + # TODO duplicated from data_query.rb, also needs test coverage when it is extracted # Tries to autodetect if the item's raw hash appears to be encrypted. def encrypted?(raw_data) data = raw_data.reject { |k, _| k == "id" } # Remove the "id" key. diff --git a/spec/unit/knife/data_bag_common_spec.rb b/spec/unit/knife/data_bag_common_spec.rb new file mode 100644 index 0000000000..67c63a8239 --- /dev/null +++ b/spec/unit/knife/data_bag_common_spec.rb @@ -0,0 +1,139 @@ +# +# Author:: Tyler Ball (<tball@opscode.com>) +# Copyright:: Copyright (c) 2009-2014 Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'spec_helper' +require 'chef/knife' +require 'chef/config' +require 'tempfile' + +class ExampleDataBag < Chef::Knife + include Chef::Knife::DataBagSecretOptions + + #banner "you must provide a banner" + #category "data bag" +end + +describe Chef::Knife::DataBagSecretOptions do + let(:example_db) do + k = ExampleDataBag.new + allow(k.ui).to receive(:stdout).and_return(stdout) + k + end + + let(:stdout) { StringIO.new } + + let(:secret) { "abc123SECRET" } + let(:secret_file) do + sfile = Tempfile.new("encrypted_data_bag_secret") + sfile.puts(secret) + sfile.flush + end + + after do + Chef::Config.reset + end + + describe "#validate_secrets" do + + it "throws an error when provided with both --secret and --secret-file on the CL" do + expect(example_db).to receive(:config).exactly(2).times.and_return({ :secret_file => secret_file.path, :secret => secret }) + expect(example_db).to receive(:exit).with(1) + expect(example_db.ui).to receive(:fatal).with("Please specify only one of --secret, --secret-file") + + example_db.validate_secrets + end + + it "throws an error when provided with `secret` and `secret_file` in knife.rb" do + Chef::Config[:knife][:secret_file] = secret_file.path + Chef::Config[:knife][:secret] = secret + expect(example_db).to receive(:exit).with(1) + expect(example_db.ui).to receive(:fatal).with("Please specify only one of 'secret' or 'secret_file' in your config") + + example_db.validate_secrets + end + + end + + describe "#read_secret" do + + it "returns the secret first" do + expect(example_db).to receive(:config).exactly(2).times.and_return({ :secret_file => secret_file.path, :secret => secret }) + expect(example_db.read_secret).to eq(secret) + end + + it "returns the secret_file only if secret does not exist" do + expect(example_db).to receive(:config).exactly(3).times.and_return({ :secret_file => secret_file.path }) + expect(Chef::EncryptedDataBagItem).to receive(:load_secret).with(secret_file.path).and_return("secret file contents") + expect(example_db.read_secret).to eq("secret file contents") + end + + it "returns the secret from the knife.rb config" do + expect(example_db).to receive(:config).exactly(2).times.and_return({}) + Chef::Config[:knife][:secret_file] = secret_file.path + Chef::Config[:knife][:secret] = secret + expect(example_db.read_secret).to eq(secret) + end + + it "returns the secret_file from the knife.rb config only if the secret does not exist" do + expect(example_db).to receive(:config).exactly(2).times.and_return({}) + Chef::Config[:knife][:secret_file] = secret_file.path + expect(Chef::EncryptedDataBagItem).to receive(:load_secret).with(secret_file.path).and_return("secret file contents") + expect(example_db.read_secret).to eq("secret file contents") + end + + end + + describe "#encryption_secret_provided?" do + + it "returns true if the secret is passed on the CL" do + expect(example_db).to receive(:config).exactly(3).times.and_return({ :secret => secret }) + expect(example_db.encryption_secret_provided?).to eq(true) + end + + it "returns true if the secret_file is passed on the CL" do + expect(example_db).to receive(:config).exactly(3).times.and_return({ :secret_file => secret_file.path }) + expect(example_db.encryption_secret_provided?).to eq(true) + end + + it "returns true if --encrypt is passed on the CL and :secret is in knife.rb" do + expect(example_db).to receive(:config).exactly(4).times.and_return({ :encrypt => true }) + Chef::Config[:knife][:secret] = secret + expect(example_db.encryption_secret_provided?).to eq(true) + end + + it "returns true if --encrypt is passed on the CL and :secret_file is in knife.rb" do + expect(example_db).to receive(:config).exactly(4).times.and_return({ :encrypt => true }) + Chef::Config[:knife][:secret_file] = secret_file.path + expect(example_db.encryption_secret_provided?).to eq(true) + end + + it "throws an error if --encrypt is passed and there is not :secret or :secret_file in the knife.rb" do + expect(example_db).to receive(:config).exactly(4).times.and_return({ :encrypt => true }) + expect(example_db).to receive(:exit).with(1) + expect(example_db.ui).to receive(:fatal).with("No secret or secret_file specified in config, unable to encrypt item.") + example_db.encryption_secret_provided? + end + + it "returns false if no secret is passed" do + expect(example_db).to receive(:config).exactly(4).times.and_return({}) + expect(example_db.encryption_secret_provided?).to eq(false) + end + + end + +end diff --git a/spec/unit/knife/data_bag_create_spec.rb b/spec/unit/knife/data_bag_create_spec.rb index 62a2dd8644..d99575fa82 100644 --- a/spec/unit/knife/data_bag_create_spec.rb +++ b/spec/unit/knife/data_bag_create_spec.rb @@ -48,11 +48,6 @@ describe Chef::Knife::DataBagCreate do let(:item_name) { "ME" } let(:secret) { "abc123SECRET" } - let(:secret_file) do - sfile = Tempfile.new("encrypted_data_bag_secret") - sfile.puts(secret) - sfile.flush - end let(:raw_hash) {{ "login_name" => "alphaomega", "id" => item_name }} @@ -83,7 +78,7 @@ describe Chef::Knife::DataBagCreate do end end - shared_examples_for "a data bag item" do + context "no secret is specified for encryption" do let(:item) do item = Chef::DataBagItem.from_hash(raw_hash) item.data_bag(bag_name) @@ -96,6 +91,7 @@ describe Chef::Knife::DataBagCreate do it "creates a data bag item" do expect(knife).to receive(:create_object).and_yield(raw_hash) + expect(knife).to receive(:encryption_secret_provided?).and_return(false) expect(rest).to receive(:post_rest).with("data", {'name' => bag_name}).ordered expect(rest).to receive(:post_rest).with("data/#{bag_name}", item).ordered @@ -103,7 +99,7 @@ describe Chef::Knife::DataBagCreate do end end - shared_examples_for "an encrypted data bag item" do + context "a secret is specified for encryption" do let(:encoded_data) { Chef::EncryptedDataBagItem.encrypt_data_bag_item(raw_hash, secret) } let(:item) do @@ -114,6 +110,8 @@ describe Chef::Knife::DataBagCreate do it "creates an encrypted data bag item" do expect(knife).to receive(:create_object).and_yield(raw_hash) + expect(knife).to receive(:encryption_secret_provided?).and_return(true) + expect(knife).to receive(:read_secret).and_return(secret) expect(Chef::EncryptedDataBagItem) .to receive(:encrypt_data_bag_item) .with(raw_hash, secret) @@ -125,128 +123,4 @@ describe Chef::Knife::DataBagCreate do end end - context "when given two arguments" do - include_examples "a data bag item" - end - - context "when provided --secret and --secret-file" do - - let(:config) {{ :secret_file => secret_file.path, :secret => secret }} - - it "throws an error" do - expect(knife).to receive(:create_object).and_yield(raw_hash) - expect(knife).to receive(:exit).with(1) - expect(knife.ui).to receive(:fatal).with("Please specify only one of --secret, --secret-file") - - knife.run - end - - end - - context "when provided with `secret` and `secret_file` in knife.rb" do - before do - Chef::Config[:knife][:secret] = secret - Chef::Config[:knife][:secret_file] = secret_file.path - end - - it "throws an error" do - expect(knife).to receive(:create_object).and_yield(raw_hash) - expect(knife).to receive(:exit).with(1) - expect(knife.ui).to receive(:fatal).with("Please specify only one of 'secret' or 'secret_file' in your config") - - knife.run - end - - end - - context "when --encrypt is provided without a secret" do - let(:config) {{ :encrypt => true }} - - it "throws an error" do - expect(knife).to receive(:create_object).and_yield(raw_hash) - expect(knife).to receive(:exit).with(1) - expect(knife.ui).to receive(:fatal).with("No secret or secret_file specified in config, unable to encrypt item.") - - knife.run - end - end - - context "with secret in knife.rb" do - before do - Chef::Config[:knife][:secret] = config_secret - end - - include_examples "a data bag item" do - let(:config_secret) { secret } - end - - context "with --encrypt" do - include_examples "an encrypted data bag item" do - let(:config) {{ :encrypt => true }} - let(:config_secret) { secret } - end - end - - context "with --secret" do - include_examples "an encrypted data bag item" do - let(:config) {{ :secret => secret }} - let(:config_secret) { "TERCES321cba" } - end - end - - context "with --secret-file" do - include_examples "an encrypted data bag item" do - let(:config) {{ :secret_file => secret_file.path }} - let(:config_secret) { "TERCES321cba" } - end - end - end - - context "with secret_file in knife.rb" do - before do - Chef::Config[:knife][:secret_file] = config_secret_file - end - - include_examples "a data bag item" do - let(:config_secret_file) { secret_file.path } - end - - context "with --encrypt" do - include_examples "an encrypted data bag item" do - let(:config) {{ :encrypt => true }} - let(:config_secret_file) { secret_file.path } - end - end - - context "with --secret" do - include_examples "an encrypted data bag item" do - let(:config) {{ :secret => secret }} - let(:config_secret_file) { "/etc/chef/encrypted_data_bag_secret" } - end - end - - context "with --secret-file" do - include_examples "an encrypted data bag item" do - let(:config) {{ :secret_file => secret_file.path }} - let(:config_secret_file) { "/etc/chef/encrypted_data_bag_secret" } - end - end - end - - context "no secret in knife.rb" do - - include_examples "a data bag item" - - context "with --secret" do - include_examples "an encrypted data bag item" do - let(:config) {{ :secret => secret }} - end - end - - context "with --secret-file" do - include_examples "an encrypted data bag item" do - let(:config) {{ :secret_file => secret_file.path }} - end - end - end end |