Move old Chef::*User and related commands to Chef::Osc*User for backwards compat.

14 files changed, 1184 insertions, 0 deletions

diff --git a/lib/chef/knife/osc_user_create.rb b/lib/chef/knife/osc_user_create.rb
new file mode 100644
index 0000000000..d13a3a3615
--- /dev/null
+++ b/lib/chef/knife/osc_user_create.rb
@@ -0,0 +1,98 @@
+#
+# Author:: Steven Danna (<steve@opscode.com>)
+# Copyright:: Copyright (c) 2012 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/knife'
+
+# DEPRECATION NOTE
+# This code only remains to support users still operating with
+# Open Source Chef Server 11 and should be removed once support
+# for OSC 11 ends. New development should occur in the Chef Server 12
+# version of this file.
+class Chef
+  class Knife
+    class OscUserCreate < Knife
+
+      deps do
+        require 'chef/osc_user'
+        require 'chef/json_compat'
+      end
+
+      option :file,
+        :short => "-f FILE",
+        :long  => "--file FILE",
+        :description => "Write the private key to a file"
+
+      option :admin,
+        :short => "-a",
+        :long  => "--admin",
+        :description => "Create the user as an admin",
+        :boolean => true
+
+      option :user_password,
+        :short => "-p PASSWORD",
+        :long => "--password PASSWORD",
+        :description => "Password for newly created user",
+        :default => ""
+
+      option :user_key,
+        :long => "--user-key FILENAME",
+        :description => "Public key for newly created user.  By default a key will be created for you."
+
+      banner "knife osc_user create USER (options)"
+
+      def run
+        @user_name = @name_args[0]
+
+        if @user_name.nil?
+          show_usage
+          ui.fatal("You must specify a user name")
+          exit 1
+        end
+
+        if config[:user_password].length == 0
+          show_usage
+          ui.fatal("You must specify a non-blank password")
+          exit 1
+        end
+
+        user = Chef::OscUser.new
+        user.name(@user_name)
+        user.admin(config[:admin])
+        user.password config[:user_password]
+
+        if config[:user_key]
+          user.public_key File.read(File.expand_path(config[:user_key]))
+        end
+
+        output = edit_data(user)
+        user = Chef::OscUser.from_hash(output).create
+
+        ui.info("Created #{user}")
+        if user.private_key
+          if config[:file]
+            File.open(config[:file], "w") do |f|
+              f.print(user.private_key)
+            end
+          else
+            ui.msg user.private_key
+          end
+        end
+      end
+    end
+  end
+end
\ No newline at end of file
diff --git a/lib/chef/knife/osc_user_delete.rb b/lib/chef/knife/osc_user_delete.rb
new file mode 100644
index 0000000000..baadeec9ef
--- /dev/null
+++ b/lib/chef/knife/osc_user_delete.rb
@@ -0,0 +1,52 @@
+#
+# Author:: Steven Danna (<steve@opscode.com>)
+# Copyright:: Copyright (c) 2012 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/knife'
+
+# DEPRECATION NOTE
+# This code only remains to support users still	operating with
+# Open Source Chef Server 11 and should	  be removed once support
+# for OSC 11 ends. New development should occur in the Chef Server 12
+# version of this file.
+
+class Chef
+  class Knife
+    class OscUserDelete < Knife
+
+      deps do
+        require 'chef/osc_user'
+        require 'chef/json_compat'
+      end
+
+      banner "knife osc_user delete USER (options)"
+
+      def run
+        @user_name = @name_args[0]
+
+        if @user_name.nil?
+          show_usage
+          ui.fatal("You must specify a user name")
+          exit 1
+        end
+
+        delete_object(Chef::OscUser, @user_name)
+      end
+
+    end
+  end
+end
\ No newline at end of file
diff --git a/lib/chef/knife/osc_user_edit.rb b/lib/chef/knife/osc_user_edit.rb
new file mode 100644
index 0000000000..d8afb13859
--- /dev/null
+++ b/lib/chef/knife/osc_user_edit.rb
@@ -0,0 +1,59 @@
+#
+# Author:: Steven Danna (<steve@opscode.com>)
+# Copyright:: Copyright (c) 2012 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/knife'
+
+# DEPRECATION NOTE
+# This code only remains to support users still	operating with
+# Open Source Chef Server 11 and should	  be removed once support
+# for OSC 11 ends. New development should occur in the Chef Server 12
+# version of this file.
+
+class Chef
+  class Knife
+    class OscUserEdit < Knife
+
+      deps do
+        require 'chef/osc_user'
+        require 'chef/json_compat'
+      end
+
+      banner "knife osc_user edit USER (options)"
+
+      def run
+        @user_name = @name_args[0]
+
+        if @user_name.nil?
+          show_usage
+          ui.fatal("You must specify a user name")
+          exit 1
+        end
+
+        original_user = Chef::OscUser.load(@user_name).to_hash
+        edited_user = edit_data(original_user)
+        if original_user != edited_user
+          user = Chef::OscUser.from_hash(edited_user)
+          user.update
+          ui.msg("Saved #{user}.")
+        else
+          ui.msg("User unchaged, not saving.")
+        end
+      end
+    end
+  end
+end
\ No newline at end of file
diff --git a/lib/chef/knife/osc_user_list.rb b/lib/chef/knife/osc_user_list.rb
new file mode 100644
index 0000000000..10666b2c19
--- /dev/null
+++ b/lib/chef/knife/osc_user_list.rb
@@ -0,0 +1,48 @@
+#
+# Author:: Steven Danna (<steve@opscode.com>)
+# Copyright:: Copyright (c) 2012 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/knife'
+
+# DEPRECATION NOTE
+# This code only remains to support users still	operating with
+# Open Source Chef Server 11 and should	  be removed once support
+# for OSC 11 ends. New development should occur in the Chef Server 12
+# version of this file.
+
+class Chef
+  class Knife
+    class OscUserList < Knife
+
+      deps do
+        require 'chef/osc_user'
+        require 'chef/json_compat'
+      end
+
+      banner "knife osc_user list (options)"
+
+      option :with_uri,
+        :short => "-w",
+        :long => "--with-uri",
+        :description => "Show corresponding URIs"
+
+      def run
+        output(format_list_for_display(Chef::OscUser.list))
+      end
+    end
+  end
+end
\ No newline at end of file
diff --git a/lib/chef/knife/osc_user_reregister.rb b/lib/chef/knife/osc_user_reregister.rb
new file mode 100644
index 0000000000..d940820546
--- /dev/null
+++ b/lib/chef/knife/osc_user_reregister.rb
@@ -0,0 +1,65 @@
+#
+# Author:: Steven Danna (<steve@opscode.com>)
+# Copyright:: Copyright (c) 2012 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/knife'
+
+# DEPRECATION NOTE
+# This code only remains to support users still	operating with
+# Open Source Chef Server 11 and should	  be removed once support
+# for OSC 11 ends. New development should occur in the Chef Server 12
+# version of this file.
+
+class Chef
+  class Knife
+    class OscUserReregister < Knife
+
+      deps do
+        require 'chef/osc_user'
+        require 'chef/json_compat'
+      end
+
+      banner "knife osc_user reregister USER (options)"
+
+      option :file,
+        :short => "-f FILE",
+        :long  => "--file FILE",
+        :description => "Write the private key to a file"
+
+      def run
+        @user_name = @name_args[0]
+
+        if @user_name.nil?
+          show_usage
+          ui.fatal("You must specify a user name")
+          exit 1
+        end
+
+        user = Chef::OscUser.load(@user_name).reregister
+        Chef::Log.debug("Updated user data: #{user.inspect}")
+        key = user.private_key
+        if config[:file]
+          File.open(config[:file], "w") do |f|
+            f.print(key)
+          end
+        else
+          ui.msg key
+        end
+      end
+    end
+  end
+end
\ No newline at end of file
diff --git a/lib/chef/knife/osc_user_show.rb b/lib/chef/knife/osc_user_show.rb
new file mode 100644
index 0000000000..a383a764b2
--- /dev/null
+++ b/lib/chef/knife/osc_user_show.rb
@@ -0,0 +1,55 @@
+#
+# Author:: Steven Danna (<steve@opscode.com>)
+# Copyright:: Copyright (c) 2009 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/knife'
+
+# DEPRECATION NOTE
+# This code only remains to support users still	operating with
+# Open Source Chef Server 11 and should	  be removed once support
+# for OSC 11 ends. New development should occur in the Chef Server 12
+# version of this file.
+
+class Chef
+  class Knife
+    class OscUserShow < Knife
+
+      include Knife::Core::MultiAttributeReturnOption
+
+      deps do
+        require 'chef/osc_user'
+        require 'chef/json_compat'
+      end
+
+      banner "knife osc_user show USER (options)"
+
+      def run
+        @user_name = @name_args[0]
+
+        if @user_name.nil?
+          show_usage
+          ui.fatal("You must specify a user name")
+          exit 1
+        end
+
+        user = Chef::OscUser.load(@user_name)
+        output(format_for_display(user))
+      end
+
+    end
+  end
+end
\ No newline at end of file
diff --git a/lib/chef/osc_user.rb b/lib/chef/osc_user.rb
new file mode 100644
index 0000000000..d2e329c944
--- /dev/null
+++ b/lib/chef/osc_user.rb
@@ -0,0 +1,194 @@
+#
+# Author:: Steven Danna (steve@opscode.com)
+# Copyright:: Copyright 2012 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require 'chef/config'
+require 'chef/mixin/params_validate'
+require 'chef/mixin/from_file'
+require 'chef/mash'
+require 'chef/json_compat'
+require 'chef/search/query'
+
+# TODO
+# DEPRECATION NOTE
+# This class was previously Chef::User. It is the code to support the User object
+# corrosponding to the Open Source Chef Server 11 and only still exists to support
+# users still on OSC 11. 
+#
+# Chef::User now supports Chef Server 12.
+#
+# New development should occur in Chef::User.
+# This file and corrosponding osc_user knife files
+# should be removed once client support for Open Source Chef Server 11 expires.
+class Chef
+  class OscUser
+
+    include Chef::Mixin::FromFile
+    include Chef::Mixin::ParamsValidate
+
+    def initialize
+      @name = ''
+      @public_key = nil
+      @private_key = nil
+      @password = nil
+      @admin = false
+    end
+
+    def name(arg=nil)
+      set_or_return(:name, arg,
+                    :regex => /^[a-z0-9\-_]+$/)
+    end
+
+    def admin(arg=nil)
+      set_or_return(:admin,
+                    arg, :kind_of => [TrueClass, FalseClass])
+    end
+
+    def public_key(arg=nil)
+      set_or_return(:public_key,
+                    arg, :kind_of => String)
+    end
+
+    def private_key(arg=nil)
+      set_or_return(:private_key,
+                    arg, :kind_of => String)
+    end
+
+    def password(arg=nil)
+      set_or_return(:password,
+                    arg, :kind_of => String)
+    end
+
+    def to_hash
+      result = {
+        "name" => @name,
+        "public_key" => @public_key,
+        "admin" => @admin
+      }
+      result["private_key"] = @private_key if @private_key
+      result["password"] = @password if @password
+      result
+    end
+
+    def to_json(*a)
+      Chef::JSONCompat.to_json(to_hash, *a)
+    end
+
+    def destroy
+      Chef::REST.new(Chef::Config[:chef_server_url]).delete_rest("users/#{@name}")
+    end
+
+    def create
+      payload = {:name => self.name, :admin => self.admin, :password => self.password }
+      payload[:public_key] = public_key if public_key
+      new_user =Chef::REST.new(Chef::Config[:chef_server_url]).post_rest("users", payload)
+      Chef::OscUser.from_hash(self.to_hash.merge(new_user))
+    end
+
+    def update(new_key=false)
+      payload = {:name => name, :admin => admin}
+      payload[:private_key] = new_key if new_key
+      payload[:password] = password if password
+      updated_user = Chef::REST.new(Chef::Config[:chef_server_url]).put_rest("users/#{name}", payload)
+      Chef::OscUser.from_hash(self.to_hash.merge(updated_user))
+    end
+
+    def save(new_key=false)
+      begin
+        create
+      rescue Net::HTTPServerException => e
+        if e.response.code == "409"
+          update(new_key)
+        else
+          raise e
+        end
+      end
+    end
+
+    def reregister
+      r = Chef::REST.new(Chef::Config[:chef_server_url])
+      reregistered_self = r.put_rest("users/#{name}", { :name => name, :admin => admin, :private_key => true })
+      private_key(reregistered_self["private_key"])
+      self
+    end
+
+    def to_s
+      "user[#{@name}]"
+    end
+
+    def inspect
+      "Chef::OscUser name:'#{name}' admin:'#{admin.inspect}'" +
+      "public_key:'#{public_key}' private_key:#{private_key}"
+    end
+
+    # Class Methods
+
+    def self.from_hash(user_hash)
+      user = Chef::OscUser.new
+      user.name user_hash['name']
+      user.private_key user_hash['private_key'] if user_hash.key?('private_key')
+      user.password user_hash['password'] if user_hash.key?('password')
+      user.public_key user_hash['public_key']
+      user.admin user_hash['admin']
+      user
+    end
+
+    def self.from_json(json)
+      Chef::OscUser.from_hash(Chef::JSONCompat.from_json(json))
+    end
+
+    class << self
+      alias_method :json_create, :from_json
+    end
+
+    def self.list(inflate=false)
+      response = Chef::REST.new(Chef::Config[:chef_server_url]).get_rest('users')
+      users = if response.is_a?(Array)
+        transform_ohc_list_response(response) # OHC/OPC
+      else
+        response # OSC
+      end
+      if inflate
+        users.inject({}) do |user_map, (name, _url)|
+          user_map[name] = Chef::OscUser.load(name)
+          user_map
+        end
+      else
+        users
+      end
+    end
+
+    def self.load(name)
+      response = Chef::REST.new(Chef::Config[:chef_server_url]).get_rest("users/#{name}")
+      Chef::OscUser.from_hash(response)
+    end
+
+    # Gross.  Transforms an API response in the form of:
+    # [ { "user" => { "username" => USERNAME }}, ...]
+    # into the form
+    # { "USERNAME" => "URI" }
+    def self.transform_ohc_list_response(response)
+      new_response = Hash.new
+      response.each do |u|
+        name = u['user']['username']
+        new_response[name] = Chef::Config[:chef_server_url] + "/users/#{name}"
+      end
+      new_response
+    end
+
+    private_class_method :transform_ohc_list_response
+  end
+end
diff --git a/spec/unit/knife/osc_user_create_spec.rb b/spec/unit/knife/osc_user_create_spec.rb
new file mode 100644
index 0000000000..4de4d1fa00
--- /dev/null
+++ b/spec/unit/knife/osc_user_create_spec.rb
@@ -0,0 +1,94 @@
+#
+# Author:: Steven Danna (<steve@opscode.com>)
+# Copyright:: Copyright (c) 2012 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'spec_helper'
+
+Chef::Knife::OscUserCreate.load_deps
+
+# DEPRECATION NOTE
+# This code only remains to support users still	operating with
+# Open Source Chef Server 11 and should	  be removed once support
+# for OSC 11 ends. New development should occur in the Chef Server 12
+# version of this file.
+
+describe Chef::Knife::OscUserCreate do
+  before(:each) do
+    @knife = Chef::Knife::OscUserCreate.new
+
+    @stdout = StringIO.new
+    @stderr = StringIO.new
+    allow(@knife.ui).to receive(:stdout).and_return(@stdout)
+    allow(@knife.ui).to receive(:stderr).and_return(@stderr)
+
+    @knife.name_args = [ 'a_user' ]
+    @knife.config[:user_password] = "foobar"
+    @user = Chef::OscUser.new
+    @user.name "a_user"
+    @user_with_private_key = Chef::OscUser.new
+    @user_with_private_key.name "a_user"
+    @user_with_private_key.private_key 'private_key'
+    allow(@user).to receive(:create).and_return(@user_with_private_key)
+    allow(Chef::OscUser).to receive(:new).and_return(@user)
+    allow(Chef::OscUser).to receive(:from_hash).and_return(@user)
+    allow(@knife).to receive(:edit_data).and_return(@user.to_hash)
+  end
+
+  it "creates a new user" do
+    expect(Chef::OscUser).to receive(:new).and_return(@user)
+    expect(@user).to receive(:create)
+    @knife.run
+    expect(@stderr.string).to match /created user.+a_user/i
+  end
+
+  it "sets the password" do
+    @knife.config[:user_password] = "a_password"
+    expect(@user).to receive(:password).with("a_password")
+    @knife.run
+  end
+
+  it "exits with an error if password is blank" do
+    @knife.config[:user_password] = ''
+    expect { @knife.run }.to raise_error SystemExit
+    expect(@stderr.string).to match /You must specify a non-blank password/
+  end
+
+  it "sets the user name" do
+    expect(@user).to receive(:name).with("a_user")
+    @knife.run
+  end
+
+  it "sets the public key if given" do
+    @knife.config[:user_key] = "/a/filename"
+    allow(File).to receive(:read).with(File.expand_path("/a/filename")).and_return("a_key")
+    expect(@user).to receive(:public_key).with("a_key")
+    @knife.run
+  end
+
+  it "allows you to edit the data" do
+    expect(@knife).to receive(:edit_data).with(@user)
+    @knife.run
+  end
+
+  it "writes the private key to a file when --file is specified" do
+    @knife.config[:file] = "/tmp/a_file"
+    filehandle = double("filehandle")
+    expect(filehandle).to receive(:print).with('private_key')
+    expect(File).to receive(:open).with("/tmp/a_file", "w").and_yield(filehandle)
+    @knife.run
+  end
+end
\ No newline at end of file
diff --git a/spec/unit/knife/osc_user_delete_spec.rb b/spec/unit/knife/osc_user_delete_spec.rb
new file mode 100644
index 0000000000..7b351579a4
--- /dev/null
+++ b/spec/unit/knife/osc_user_delete_spec.rb
@@ -0,0 +1,45 @@
+#
+# Author:: Steven Danna (<steve@opscode.com>)
+# Copyright:: Copyright (c) 2012 Opscode, Inc
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'spec_helper'
+
+# DEPRECATION NOTE
+# This code only remains to support users still	operating with
+# Open Source Chef Server 11 and should	  be removed once support
+# for OSC 11 ends. New development should occur in the Chef Server 12
+# version of this file.
+
+describe Chef::Knife::OscUserDelete do
+  before(:each) do
+    Chef::Knife::OscUserDelete.load_deps
+    @knife = Chef::Knife::OscUserDelete.new
+    @knife.name_args = [ 'my_user' ]
+  end
+
+  it 'deletes the user' do
+    expect(@knife).to receive(:delete_object).with(Chef::OscUser, 'my_user')
+    @knife.run
+  end
+
+  it 'prints usage and exits when a user name is not provided' do
+    @knife.name_args = []
+    expect(@knife).to receive(:show_usage)
+    expect(@knife.ui).to receive(:fatal)
+    expect { @knife.run }.to raise_error(SystemExit)
+  end
+end
\ No newline at end of file
diff --git a/spec/unit/knife/osc_user_edit_spec.rb b/spec/unit/knife/osc_user_edit_spec.rb
new file mode 100644
index 0000000000..457f310603
--- /dev/null
+++ b/spec/unit/knife/osc_user_edit_spec.rb
@@ -0,0 +1,53 @@
+#
+# Author:: Steven Danna (<steve@opscode.com>)
+# Copyright:: Copyright (c) 2012 Opscode, Inc
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'spec_helper'
+
+# DEPRECATION NOTE
+# This code only remains to support users still	operating with
+# Open Source Chef Server 11 and should	  be removed once support
+# for OSC 11 ends. New development should occur in the Chef Server 12
+# version of this file.
+
+describe Chef::Knife::OscUserEdit do
+  before(:each) do
+    @stderr = StringIO.new
+    @stdout = StringIO.new
+
+    Chef::Knife::OscUserEdit.load_deps
+    @knife = Chef::Knife::OscUserEdit.new
+    allow(@knife.ui).to receive(:stderr).and_return(@stderr)
+    allow(@knife.ui).to receive(:stdout).and_return(@stdout)
+    @knife.name_args = [ 'my_user' ]
+    @knife.config[:disable_editing] = true
+  end
+
+  it 'loads and edits the user' do
+    data = { :name => "my_user" }
+    allow(Chef::OscUser).to receive(:load).with("my_user").and_return(data)
+    expect(@knife).to receive(:edit_data).with(data).and_return(data)
+    @knife.run
+  end
+
+  it 'prints usage and exits when a user name is not provided' do
+    @knife.name_args = []
+    expect(@knife).to receive(:show_usage)
+    expect(@knife.ui).to receive(:fatal)
+    expect { @knife.run }.to raise_error(SystemExit)
+  end
+end
diff --git a/spec/unit/knife/osc_user_list_spec.rb b/spec/unit/knife/osc_user_list_spec.rb
new file mode 100644
index 0000000000..001b6099cf
--- /dev/null
+++ b/spec/unit/knife/osc_user_list_spec.rb
@@ -0,0 +1,38 @@
+#
+# Author:: Steven Danna
+# Copyright:: Copyright (c) 2012 Opscode, Inc
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'spec_helper'
+
+# DEPRECATION NOTE
+# This code only remains to support users still	operating with
+# Open Source Chef Server 11 and should	  be removed once support
+# for OSC 11 ends. New development should occur in the Chef Server 12
+# version of this file.
+
+describe Chef::Knife::OscUserList do
+  before(:each) do
+    Chef::Knife::OscUserList.load_deps
+    @knife = Chef::Knife::OscUserList.new
+  end
+
+  it 'lists the users' do
+    expect(Chef::OscUser).to receive(:list)
+    expect(@knife).to receive(:format_list_for_display)
+    @knife.run
+  end
+end
diff --git a/spec/unit/knife/osc_user_reregister_spec.rb b/spec/unit/knife/osc_user_reregister_spec.rb
new file mode 100644
index 0000000000..13cb3000dc
--- /dev/null
+++ b/spec/unit/knife/osc_user_reregister_spec.rb
@@ -0,0 +1,59 @@
+#
+# Author:: Steven Danna (<steve@opscode.com>)
+# Copyright:: Copyright (c) 2012 Opscode, Inc
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'spec_helper'
+
+# DEPRECATION NOTE
+# This code only remains to support users still	operating with
+# Open Source Chef Server 11 and should	  be removed once support
+# for OSC 11 ends. New development should occur in the Chef Server 12
+# version of this file.
+
+describe Chef::Knife::OscUserReregister do
+  before(:each) do
+    Chef::Knife::OscUserReregister.load_deps
+    @knife = Chef::Knife::OscUserReregister.new
+    @knife.name_args = [ 'a_user' ]
+    @user_mock = double('user_mock', :private_key => "private_key")
+    allow(Chef::OscUser).to receive(:load).and_return(@user_mock)
+    @stdout = StringIO.new
+    allow(@knife.ui).to receive(:stdout).and_return(@stdout)
+  end
+
+  it 'prints usage and exits when a user name is not provided' do
+    @knife.name_args = []
+    expect(@knife).to receive(:show_usage)
+    expect(@knife.ui).to receive(:fatal)
+    expect { @knife.run }.to raise_error(SystemExit)
+  end
+
+  it 'reregisters the user and prints the key' do
+    expect(@user_mock).to receive(:reregister).and_return(@user_mock)
+    @knife.run
+    expect(@stdout.string).to match( /private_key/ )
+  end
+
+  it 'writes the private key to a file when --file is specified' do
+    expect(@user_mock).to receive(:reregister).and_return(@user_mock)
+    @knife.config[:file] = '/tmp/a_file'
+    filehandle = StringIO.new
+    expect(File).to receive(:open).with('/tmp/a_file', 'w').and_yield(filehandle)
+    @knife.run
+    expect(filehandle.string).to eq("private_key")
+  end
+end
diff --git a/spec/unit/knife/osc_user_show_spec.rb b/spec/unit/knife/osc_user_show_spec.rb
new file mode 100644
index 0000000000..4a5d23d99a
--- /dev/null
+++ b/spec/unit/knife/osc_user_show_spec.rb
@@ -0,0 +1,47 @@
+#
+# Author:: Steven Danna (<steve@opscode.com>)
+# Copyright:: Copyright (c) 2012 Opscode, Inc
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'spec_helper'
+
+# DEPRECATION NOTE
+# This code only remains to support users still	operating with
+# Open Source Chef Server 11 and should	  be removed once support
+# for OSC 11 ends. New development should occur in the Chef Server 12
+# version of this file.
+
+describe Chef::Knife::OscUserShow do
+  before(:each) do
+    Chef::Knife::OscUserShow.load_deps
+    @knife = Chef::Knife::OscUserShow.new
+    @knife.name_args = [ 'my_user' ]
+    @user_mock = double('user_mock')
+  end
+
+  it 'loads and displays the user' do
+    expect(Chef::OscUser).to receive(:load).with('my_user').and_return(@user_mock)
+    expect(@knife).to receive(:format_for_display).with(@user_mock)
+    @knife.run
+  end
+
+  it 'prints usage and exits when a user name is not provided' do
+    @knife.name_args = []
+    expect(@knife).to receive(:show_usage)
+    expect(@knife.ui).to receive(:fatal)
+    expect { @knife.run }.to raise_error(SystemExit)
+  end
+end
diff --git a/spec/unit/osc_user_spec.rb b/spec/unit/osc_user_spec.rb
new file mode 100644
index 0000000000..26cbccdf56
--- /dev/null
+++ b/spec/unit/osc_user_spec.rb
@@ -0,0 +1,277 @@
+#
+# Author:: Steven Danna (steve@opscode.com)
+# Copyright:: Copyright (c) 2012 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# DEPRECATION NOTE
+# This code only remains to support users still	operating with
+# Open Source Chef Server 11 and should	  be removed once support
+# for OSC 11 ends. New development should occur in the Chef Server 12
+# version of this file.
+
+require 'spec_helper'
+
+require 'chef/osc_user'
+require 'tempfile'
+
+describe Chef::OscUser do
+  before(:each) do
+    @user = Chef::OscUser.new
+  end
+
+  describe "initialize" do
+    it "should be a Chef::OscUser" do
+      expect(@user).to be_a_kind_of(Chef::OscUser)
+    end
+  end
+
+  describe "name" do
+    it "should let you set the name to a string" do
+      expect(@user.name("ops_master")).to eq("ops_master")
+    end
+
+    it "should return the current name" do
+      @user.name "ops_master"
+      expect(@user.name).to eq("ops_master")
+    end
+
+    # It is not feasible to check all invalid characters.  Here are a few
+    # that we probably care about.
+    it "should not accept invalid characters" do
+      # capital letters
+      expect { @user.name "Bar" }.to raise_error(ArgumentError)
+      # slashes
+      expect { @user.name "foo/bar" }.to raise_error(ArgumentError)
+      # ?
+      expect { @user.name "foo?" }.to raise_error(ArgumentError)
+      # &
+      expect { @user.name "foo&" }.to raise_error(ArgumentError)
+    end
+
+
+    it "should not accept spaces" do
+      expect { @user.name "ops master" }.to raise_error(ArgumentError)
+    end
+
+    it "should throw an ArgumentError if you feed it anything but a string" do
+      expect { @user.name Hash.new }.to raise_error(ArgumentError)
+    end
+  end
+
+  describe "admin" do
+    it "should let you set the admin bit" do
+      expect(@user.admin(true)).to eq(true)
+    end
+
+    it "should return the current admin value" do
+      @user.admin true
+      expect(@user.admin).to eq(true)
+    end
+
+    it "should default to false" do
+      expect(@user.admin).to eq(false)
+    end
+
+    it "should throw an ArgumentError if you feed it anything but true or false" do
+      expect { @user.name Hash.new }.to raise_error(ArgumentError)
+    end
+  end
+
+  describe "public_key" do
+    it "should let you set the public key" do
+      expect(@user.public_key("super public")).to eq("super public")
+    end
+
+    it "should return the current public key" do
+      @user.public_key("super public")
+      expect(@user.public_key).to eq("super public")
+    end
+
+    it "should throw an ArgumentError if you feed it something lame" do
+      expect { @user.public_key Hash.new }.to raise_error(ArgumentError)
+    end
+  end
+
+  describe "private_key" do
+    it "should let you set the private key" do
+      expect(@user.private_key("super private")).to eq("super private")
+    end
+
+    it "should return the private key" do
+      @user.private_key("super private")
+      expect(@user.private_key).to eq("super private")
+    end
+
+    it "should throw an ArgumentError if you feed it something lame" do
+      expect { @user.private_key Hash.new }.to raise_error(ArgumentError)
+    end
+  end
+
+  describe "when serializing to JSON" do
+    before(:each) do
+      @user.name("black")
+      @user.public_key("crowes")
+      @json = @user.to_json
+    end
+
+    it "serializes as a JSON object" do
+      expect(@json).to match(/^\{.+\}$/)
+    end
+
+    it "includes the name value" do
+      expect(@json).to include(%q{"name":"black"})
+    end
+
+    it "includes the public key value" do
+      expect(@json).to include(%{"public_key":"crowes"})
+    end
+
+    it "includes the 'admin' flag" do
+      expect(@json).to include(%q{"admin":false})
+    end
+
+    it "includes the private key when present" do
+      @user.private_key("monkeypants")
+      expect(@user.to_json).to include(%q{"private_key":"monkeypants"})
+    end
+
+    it "does not include the private key if not present" do
+      expect(@json).not_to include("private_key")
+    end
+
+    it "includes the password if present" do
+      @user.password "password"
+      expect(@user.to_json).to include(%q{"password":"password"})
+    end
+
+    it "does not include the password if not present" do
+      expect(@json).not_to include("password")
+    end
+
+    include_examples "to_json equalivent to Chef::JSONCompat.to_json" do
+      let(:jsonable) { @user }
+    end
+  end
+
+  describe "when deserializing from JSON" do
+    before(:each) do
+      user = { "name" => "mr_spinks",
+        "public_key" => "turtles",
+        "private_key" => "pandas",
+        "password" => "password",
+        "admin" => true }
+      @user = Chef::OscUser.from_json(Chef::JSONCompat.to_json(user))
+    end
+
+    it "should deserialize to a Chef::OscUser object" do
+      expect(@user).to be_a_kind_of(Chef::OscUser)
+    end
+
+    it "preserves the name" do
+      expect(@user.name).to eq("mr_spinks")
+    end
+
+    it "preserves the public key" do
+      expect(@user.public_key).to eq("turtles")
+    end
+
+    it "preserves the admin status" do
+      expect(@user.admin).to be_truthy
+    end
+
+    it "includes the private key if present" do
+      expect(@user.private_key).to eq("pandas")
+    end
+
+    it "includes the password if present" do
+      expect(@user.password).to eq("password")
+    end
+
+  end
+
+  describe "API Interactions" do
+    before (:each) do
+      @user = Chef::OscUser.new
+      @user.name "foobar"
+      @http_client = double("Chef::REST mock")
+      allow(Chef::REST).to receive(:new).and_return(@http_client)
+    end
+
+    describe "list" do
+      before(:each) do
+        Chef::Config[:chef_server_url] = "http://www.example.com"
+        @osc_response = { "admin" => "http://www.example.com/users/admin"}
+        @ohc_response = [ { "user" => { "username" => "admin" }} ]
+        allow(Chef::OscUser).to receive(:load).with("admin").and_return(@user)
+        @osc_inflated_response = { "admin" => @user }
+      end
+
+      it "lists all clients on an OSC server" do
+        allow(@http_client).to receive(:get_rest).with("users").and_return(@osc_response)
+        expect(Chef::OscUser.list).to eq(@osc_response)
+      end
+
+      it "inflate all clients on an OSC server" do
+        allow(@http_client).to receive(:get_rest).with("users").and_return(@osc_response)
+        expect(Chef::OscUser.list(true)).to eq(@osc_inflated_response)
+      end
+
+      it "lists all clients on an OHC/OPC server" do
+        allow(@http_client).to receive(:get_rest).with("users").and_return(@ohc_response)
+        # We expect that Chef::OscUser.list will give a consistent response
+        # so OHC API responses should be transformed to OSC-style output.
+        expect(Chef::OscUser.list).to eq(@osc_response)
+      end
+
+      it "inflate all clients on an OHC/OPC server" do
+        allow(@http_client).to receive(:get_rest).with("users").and_return(@ohc_response)
+        expect(Chef::OscUser.list(true)).to eq(@osc_inflated_response)
+      end
+    end
+
+    describe "create" do
+      it "creates a new user via the API" do
+        @user.password "password"
+        expect(@http_client).to receive(:post_rest).with("users", {:name => "foobar", :admin => false, :password => "password"}).and_return({})
+        @user.create
+      end
+    end
+
+    describe "read" do
+      it "loads a named user from the API" do
+        expect(@http_client).to receive(:get_rest).with("users/foobar").and_return({"name" => "foobar", "admin" => true, "public_key" => "pubkey"})
+        user = Chef::OscUser.load("foobar")
+        expect(user.name).to eq("foobar")
+        expect(user.admin).to eq(true)
+        expect(user.public_key).to eq("pubkey")
+      end
+    end
+
+    describe "update" do
+      it "updates an existing user on via the API" do
+        expect(@http_client).to receive(:put_rest).with("users/foobar", {:name => "foobar", :admin => false}).and_return({})
+        @user.update
+      end
+    end
+
+    describe "destroy" do
+      it "deletes the specified user via the API" do
+        expect(@http_client).to receive(:delete_rest).with("users/foobar")
+        @user.destroy
+      end
+    end
+  end
+end
\ No newline at end of file