summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTyler Cloke <tylercloke@gmail.com>2015-04-30 17:51:07 -0700
committerTyler Cloke <tylercloke@gmail.com>2015-04-30 17:51:07 -0700
commitb060c84ea46d12a44d26f20eee640b03e9af969e (patch)
tree0c5b045d398f3cf593f38069e074222a27cdfcde
parent2887bd9512be87eef15e4d669f45f310f12ab74f (diff)
parent69647cefc41058e4d653e113b47107b9eb926430 (diff)
downloadchef-b060c84ea46d12a44d26f20eee640b03e9af969e.tar.gz
Merge pull request #3311 from chef/tc/key-edit
Implemented `knife user key edit` and `knife client key edit`
-rw-r--r--RELEASE_NOTES.md8
-rw-r--r--lib/chef/key.rb30
-rw-r--r--lib/chef/knife/client_key_delete.rb2
-rw-r--r--lib/chef/knife/client_key_edit.rb80
-rw-r--r--lib/chef/knife/client_key_show.rb76
-rw-r--r--lib/chef/knife/key_edit.rb114
-rw-r--r--lib/chef/knife/key_edit_base.rb55
-rw-r--r--lib/chef/knife/key_show.rb53
-rw-r--r--lib/chef/knife/user_key_delete.rb2
-rw-r--r--lib/chef/knife/user_key_edit.rb80
-rw-r--r--lib/chef/knife/user_key_show.rb76
-rw-r--r--spec/support/key_helpers.rb31
-rw-r--r--spec/unit/key_spec.rb37
-rw-r--r--spec/unit/knife/key_delete_spec.rb23
-rw-r--r--spec/unit/knife/key_edit_spec.rb267
-rw-r--r--spec/unit/knife/key_show_spec.rb126
16 files changed, 1030 insertions, 30 deletions
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
index b05498e36d..4520a37d44 100644
--- a/RELEASE_NOTES.md
+++ b/RELEASE_NOTES.md
@@ -1,2 +1,10 @@
# Chef Client Release Notes <unreleased>:
+## Knife Key Management Commands for Users and Clients
+
+`knife user` and `knife client` now have a suite of subcommands that live under
+the `key` subcommand. These subcommands allow you to list, show, create, delete
+and edit keys for a given user or client. They can be used to implement
+key rotation with multiple expiring keys for a single actor or just
+for basic key management. See `knife user key` and `knife client key`
+for a full list of subcommands and their usage.
diff --git a/lib/chef/key.rb b/lib/chef/key.rb
index 1ba0ab49c9..be4be7f230 100644
--- a/lib/chef/key.rb
+++ b/lib/chef/key.rb
@@ -99,6 +99,10 @@ class Chef
@public_key = nil
end
+ def delete_create_key
+ @create_key = nil
+ end
+
def create_key(arg=nil)
raise Chef::Exceptions::InvalidKeyAttribute, "you cannot set create_key to true if the public_key field exists" if arg == true && !@public_key.nil?
set_or_return(:create_key, arg,
@@ -159,12 +163,22 @@ class Chef
self.class.generate_fingerprint(@public_key)
end
- def update
- if @name.nil?
- raise Chef::Exceptions::MissingKeyAttribute, "the name field must be populated when update is called"
+ # set @name and pass put_name if you wish to update the name of an existing key put_name to @name
+ def update(put_name=nil)
+ if @name.nil? && put_name.nil?
+ raise Chef::Exceptions::MissingKeyAttribute, "the name field must be populated or you must pass a name to update when update is called"
end
- new_key = chef_rest.put_rest("#{api_base}/#{@actor}/keys/#{@name}", to_hash)
+ # If no name was passed, fall back to using @name in the PUT URL, otherwise
+ # use the put_name passed. This will update the a key by the name put_name
+ # to @name.
+ put_name = @name if put_name.nil?
+
+ new_key = chef_rest.put_rest("#{api_base}/#{@actor}/keys/#{put_name}", to_hash)
+ # if the server returned a public_key, remove the create_key field, as we now have a key
+ if new_key["public_key"]
+ self.delete_create_key
+ end
Chef::Key.from_hash(self.to_hash.merge(new_key))
end
@@ -190,8 +204,10 @@ class Chef
def self.from_hash(key_hash)
if key_hash.has_key?("user")
key = Chef::Key.new(key_hash["user"], "user")
- else
+ elsif key_hash.has_key?("client")
key = Chef::Key.new(key_hash["client"], "client")
+ else
+ raise Chef::Exceptions::MissingKeyAttribute, "The hash passed to from_hash does not contain the key 'user' or 'client'. Please pass a hash that defines one of those keys."
end
key.name key_hash['name'] if key_hash.key?('name')
key.public_key key_hash['public_key'] if key_hash.key?('public_key')
@@ -221,12 +237,12 @@ class Chef
def self.load_by_user(actor, key_name)
response = Chef::REST.new(Chef::Config[:chef_server_root]).get_rest("users/#{actor}/keys/#{key_name}")
- Chef::Key.from_hash(response)
+ Chef::Key.from_hash(response.merge({"user" => actor}))
end
def self.load_by_client(actor, key_name)
response = Chef::REST.new(Chef::Config[:chef_server_url]).get_rest("clients/#{actor}/keys/#{key_name}")
- Chef::Key.from_hash(response)
+ Chef::Key.from_hash(response.merge({"client" => actor}))
end
def self.generate_fingerprint(public_key)
diff --git a/lib/chef/knife/client_key_delete.rb b/lib/chef/knife/client_key_delete.rb
index 91c088a1d1..8ecdfe1ec8 100644
--- a/lib/chef/knife/client_key_delete.rb
+++ b/lib/chef/knife/client_key_delete.rb
@@ -27,7 +27,7 @@ class Chef
#
# @attr_reader [String] actor the name of the client that this key is for
class ClientKeyDelete < Knife
- banner "knife client key delete CLIENT KEYNAME"
+ banner "knife client key delete CLIENT KEYNAME (options)"
attr_reader :actor
diff --git a/lib/chef/knife/client_key_edit.rb b/lib/chef/knife/client_key_edit.rb
new file mode 100644
index 0000000000..1de45f4ca2
--- /dev/null
+++ b/lib/chef/knife/client_key_edit.rb
@@ -0,0 +1,80 @@
+#
+# Author:: Tyler Cloke (tyler@chef.io)
+# Copyright:: Copyright (c) 2015 Chef Software, Inc
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/knife'
+require 'chef/knife/key_edit_base'
+
+class Chef
+ class Knife
+ # Implements knife client key edit using Chef::Knife::KeyEdit
+ # as a service class.
+ #
+ # @author Tyler Cloke
+ #
+ # @attr_reader [String] actor the name of the client that this key is for
+ class ClientKeyEdit < Knife
+ include Chef::Knife::KeyEditBase
+
+ banner 'knife client key edit CLIENT KEYNAME (options)'
+
+ attr_reader :actor
+
+ def initialize(argv=[])
+ super(argv)
+ @service_object = nil
+ end
+
+ def run
+ apply_params!(@name_args)
+ service_object.run
+ end
+
+ def actor_field_name
+ 'client'
+ end
+
+ def service_object
+ @service_object ||= Chef::Knife::KeyEdit.new(@name, @actor, actor_field_name, ui, config)
+ end
+
+ def actor_missing_error
+ 'You must specify a client name'
+ end
+
+ def keyname_missing_error
+ 'You must specify a key name'
+ end
+
+ def apply_params!(params)
+ @actor = params[0]
+ if @actor.nil?
+ show_usage
+ ui.fatal(actor_missing_error)
+ exit 1
+ end
+ @name = params[1]
+ if @name.nil?
+ show_usage
+ ui.fatal(keyname_missing_error)
+ exit 1
+ end
+ end
+ end
+ end
+end
+
diff --git a/lib/chef/knife/client_key_show.rb b/lib/chef/knife/client_key_show.rb
new file mode 100644
index 0000000000..c39a279000
--- /dev/null
+++ b/lib/chef/knife/client_key_show.rb
@@ -0,0 +1,76 @@
+#
+# Author:: Tyler Cloke (tyler@chef.io)
+# Copyright:: Copyright (c) 2015 Chef Software, Inc
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/knife'
+
+class Chef
+ class Knife
+ # Implements knife client key show using Chef::Knife::KeyShow
+ # as a service class.
+ #
+ # @author Tyler Cloke
+ #
+ # @attr_reader [String] actor the name of the client that this key is for
+ class ClientKeyShow < Knife
+ banner "knife client key show CLIENT KEYNAME (options)"
+
+ attr_reader :actor
+
+ def initialize(argv=[])
+ super(argv)
+ @service_object = nil
+ end
+
+ def run
+ apply_params!(@name_args)
+ service_object.run
+ end
+
+ def load_method
+ :load_by_client
+ end
+
+ def actor_missing_error
+ 'You must specify a client name'
+ end
+
+ def keyname_missing_error
+ 'You must specify a key name'
+ end
+
+ def service_object
+ @service_object ||= Chef::Knife::KeyShow.new(@name, @actor, load_method, ui)
+ end
+
+ def apply_params!(params)
+ @actor = params[0]
+ if @actor.nil?
+ show_usage
+ ui.fatal(actor_missing_error)
+ exit 1
+ end
+ @name = params[1]
+ if @name.nil?
+ show_usage
+ ui.fatal(keyname_missing_error)
+ exit 1
+ end
+ end
+ end
+ end
+end
diff --git a/lib/chef/knife/key_edit.rb b/lib/chef/knife/key_edit.rb
new file mode 100644
index 0000000000..48ae344e6e
--- /dev/null
+++ b/lib/chef/knife/key_edit.rb
@@ -0,0 +1,114 @@
+#
+# Author:: Tyler Cloke (<tyler@chef.io>)
+# Copyright:: Copyright (c) 2015 Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/key'
+require 'chef/json_compat'
+require 'chef/exceptions'
+
+class Chef
+ class Knife
+ # Service class for UserKeyEdit and ClientKeyEdit,
+ # Implements common functionality of knife [user | org client] key edit.
+ #
+ # @author Tyler Cloke
+ #
+ # @attr_accessor [Hash] cli input, see UserKeyEdit and ClientKeyEdit for what could populate it
+ class KeyEdit
+
+ attr_accessor :config
+
+ def initialize(original_name, actor, actor_field_name, ui, config)
+ @original_name = original_name
+ @actor = actor
+ @actor_field_name = actor_field_name
+ @ui = ui
+ @config = config
+ end
+
+ def public_key_and_create_key_error_msg
+<<EOS
+You passed both --public-key and --create-key. Only pass one, or the other, or neither.
+Do not pass either if you do not want to change the public_key field of your key.
+Pass --public-key if you want to update the public_key field of your key from a specific public key.
+Pass --create-key if you want the server to generate a new key and use that to update the public_key field of your key.
+EOS
+ end
+
+ def edit_data(key)
+ @ui.edit_data(key)
+ end
+
+ def display_info(input)
+ @ui.info(input)
+ end
+
+ def display_private_key(private_key)
+ @ui.msg(private_key)
+ end
+
+ def output_private_key_to_file(private_key)
+ File.open(@config[:file], "w") do |f|
+ f.print(private_key)
+ end
+ end
+
+ def update_key_from_hash(output)
+ Chef::Key.from_hash(output).update(@original_name)
+ end
+
+ def run
+ key = Chef::Key.new(@actor, @actor_field_name)
+ if @config[:public_key] && @config[:create_key]
+ raise Chef::Exceptions::KeyCommandInputError, public_key_and_create_key_error_msg
+ end
+
+ if @config[:create_key]
+ key.create_key(true)
+ end
+
+ if @config[:public_key]
+ key.public_key(File.read(File.expand_path(@config[:public_key])))
+ end
+
+ if @config[:key_name]
+ key.name(@config[:key_name])
+ else
+ key.name(@original_name)
+ end
+
+ if @config[:expiration_date]
+ key.expiration_date(@config[:expiration_date])
+ end
+
+ output = edit_data(key)
+ key = update_key_from_hash(output)
+
+ to_display = "Updated key: #{key.name}"
+ to_display << " (formally #{@original_name})" if key.name != @original_name
+ display_info(to_display)
+ if key.private_key
+ if @config[:file]
+ output_private_key_to_file(key.private_key)
+ else
+ display_private_key(key.private_key)
+ end
+ end
+ end
+ end
+ end
+end
diff --git a/lib/chef/knife/key_edit_base.rb b/lib/chef/knife/key_edit_base.rb
new file mode 100644
index 0000000000..bb5a951a5b
--- /dev/null
+++ b/lib/chef/knife/key_edit_base.rb
@@ -0,0 +1,55 @@
+#
+# Author:: Tyler Cloke (<tyler@chef.io>)
+# Copyright:: Copyright (c) 2015 Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+class Chef
+ class Knife
+ # Extendable module that class_eval's common options into UserKeyEdit and ClientKeyEdit
+ #
+ # @author Tyler Cloke
+ module KeyEditBase
+ def self.included(includer)
+ includer.class_eval do
+ option :public_key,
+ :short => "-p FILENAME",
+ :long => "--public-key FILENAME",
+ :description => "Replace the public_key field from a file on disk. If not passed, the public_key field will not change."
+
+ option :create_key,
+ :short => "-c",
+ :long => "--create-key",
+ :description => "Replace the public_key field with a key generated by the server. The private key will be returned."
+
+ option :file,
+ :short => "-f FILE",
+ :long => "--file FILE",
+ :description => "Write the private key to a file, if you requested the server to create one via --create-key."
+
+ option :key_name,
+ :short => "-k NAME",
+ :long => "--key-name NAME",
+ :description => "The new name for your key. Pass if you wish to update the name field of your key."
+
+ option :expiration_date,
+ :short => "-e DATE",
+ :long => "--expiration-date DATE",
+ :description => "Updates the expiration_date field of your key if passed. Pass in ISO 8601 fomatted string: YYYY-MM-DDTHH:MM:SSZ e.g. 2013-12-24T21:00:00Z or infinity. UTC timezone assumed."
+ end
+ end
+ end
+ end
+end
diff --git a/lib/chef/knife/key_show.rb b/lib/chef/knife/key_show.rb
new file mode 100644
index 0000000000..522f7a1a77
--- /dev/null
+++ b/lib/chef/knife/key_show.rb
@@ -0,0 +1,53 @@
+#
+# Author:: Tyler Cloke (<tyler@chef.io>)
+# Copyright:: Copyright (c) 2015 Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/key'
+require 'chef/json_compat'
+require 'chef/exceptions'
+
+class Chef
+ class Knife
+ # Service class for UserKeyShow and ClientKeyShow, used to show keys.
+ # Implements common functionality of knife [user | org client] key show.
+ #
+ # @author Tyler Cloke
+ #
+ # @attr_accessor [Hash] cli input, see UserKeyShow and ClientKeyShow for what could populate it
+ class KeyShow
+
+ attr_accessor :config
+
+ def initialize(name, actor, load_method, ui)
+ @name = name
+ @actor = actor
+ @load_method = load_method
+ @ui = ui
+ end
+
+ def display_output(key)
+ @ui.output(@ui.format_for_display(key))
+ end
+
+ def run
+ key = Chef::Key.send(@load_method, @actor, @name)
+ key.public_key(key.public_key.strip)
+ display_output(key)
+ end
+ end
+ end
+end
diff --git a/lib/chef/knife/user_key_delete.rb b/lib/chef/knife/user_key_delete.rb
index 0bde52509f..6db1c9f552 100644
--- a/lib/chef/knife/user_key_delete.rb
+++ b/lib/chef/knife/user_key_delete.rb
@@ -27,7 +27,7 @@ class Chef
#
# @attr_reader [String] actor the name of the client that this key is for
class UserKeyDelete < Knife
- banner "knife user key delete USER KEYNAME"
+ banner "knife user key delete USER KEYNAME (options)"
attr_reader :actor
diff --git a/lib/chef/knife/user_key_edit.rb b/lib/chef/knife/user_key_edit.rb
new file mode 100644
index 0000000000..0c35332523
--- /dev/null
+++ b/lib/chef/knife/user_key_edit.rb
@@ -0,0 +1,80 @@
+#
+# Author:: Tyler Cloke (tyler@chef.io)
+# Copyright:: Copyright (c) 2015 Chef Software, Inc
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/knife'
+require 'chef/knife/key_edit_base'
+
+class Chef
+ class Knife
+ # Implements knife user key edit using Chef::Knife::KeyEdit
+ # as a service class.
+ #
+ # @author Tyler Cloke
+ #
+ # @attr_reader [String] actor the name of the user that this key is for
+ class UserKeyEdit < Knife
+ include Chef::Knife::KeyEditBase
+
+ banner 'knife user key edit USER KEYNAME (options)'
+
+ attr_reader :actor
+
+ def initialize(argv=[])
+ super(argv)
+ @service_object = nil
+ end
+
+ def run
+ apply_params!(@name_args)
+ service_object.run
+ end
+
+ def actor_field_name
+ 'user'
+ end
+
+ def service_object
+ @service_object ||= Chef::Knife::KeyEdit.new(@name, @actor, actor_field_name, ui, config)
+ end
+
+ def actor_missing_error
+ 'You must specify a user name'
+ end
+
+ def keyname_missing_error
+ 'You must specify a key name'
+ end
+
+ def apply_params!(params)
+ @actor = params[0]
+ if @actor.nil?
+ show_usage
+ ui.fatal(actor_missing_error)
+ exit 1
+ end
+ @name = params[1]
+ if @name.nil?
+ show_usage
+ ui.fatal(keyname_missing_error)
+ exit 1
+ end
+ end
+ end
+ end
+end
+
diff --git a/lib/chef/knife/user_key_show.rb b/lib/chef/knife/user_key_show.rb
new file mode 100644
index 0000000000..b8453dd28e
--- /dev/null
+++ b/lib/chef/knife/user_key_show.rb
@@ -0,0 +1,76 @@
+#
+# Author:: Tyler Cloke (tyler@chef.io)
+# Copyright:: Copyright (c) 2015 Chef Software, Inc
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/knife'
+
+class Chef
+ class Knife
+ # Implements knife user key show using Chef::Knife::KeyShow
+ # as a service class.
+ #
+ # @author Tyler Cloke
+ #
+ # @attr_reader [String] actor the name of the client that this key is for
+ class UserKeyShow < Knife
+ banner "knife user key show USER KEYNAME (options)"
+
+ attr_reader :actor
+
+ def initialize(argv=[])
+ super(argv)
+ @service_object = nil
+ end
+
+ def run
+ apply_params!(@name_args)
+ service_object.run
+ end
+
+ def load_method
+ :load_by_user
+ end
+
+ def actor_missing_error
+ 'You must specify a user name'
+ end
+
+ def keyname_missing_error
+ 'You must specify a key name'
+ end
+
+ def service_object
+ @service_object ||= Chef::Knife::KeyShow.new(@name, @actor, load_method, ui)
+ end
+
+ def apply_params!(params)
+ @actor = params[0]
+ if @actor.nil?
+ show_usage
+ ui.fatal(actor_missing_error)
+ exit 1
+ end
+ @name = params[1]
+ if @name.nil?
+ show_usage
+ ui.fatal(keyname_missing_error)
+ exit 1
+ end
+ end
+ end
+ end
+end
diff --git a/spec/support/key_helpers.rb b/spec/support/key_helpers.rb
index 4cb2b305a5..076f709380 100644
--- a/spec/support/key_helpers.rb
+++ b/spec/support/key_helpers.rb
@@ -71,3 +71,34 @@ shared_examples_for "a knife key command" do
end
end
end # a knife key command
+
+shared_examples_for "a knife key command with a keyname as the second arg" do
+ let(:stderr) { StringIO.new }
+ let(:command) do
+ c = described_class.new([])
+ c.ui.config[:disable_editing] = true
+ allow(c.ui).to receive(:stderr).and_return(stderr)
+ allow(c.ui).to receive(:stdout).and_return(stderr)
+ allow(c).to receive(:show_usage)
+ c
+ end
+
+ context "before apply_params! is called" do
+ context "when apply_params! is called with invalid args (missing keyname)" do
+ let(:params) { ["charmander"] }
+ it "shows the usage" do
+ expect(command).to receive(:show_usage)
+ expect { command.apply_params!(params) }.to exit_with_code(1)
+ end
+
+ it "outputs the proper error" do
+ expect { command.apply_params!(params) }.to exit_with_code(1)
+ expect(stderr.string).to include(command.keyname_missing_error)
+ end
+
+ it "exits 1" do
+ expect { command.apply_params!(params) }.to exit_with_code(1)
+ end
+ end
+ end # before apply_params! is called
+end
diff --git a/spec/unit/key_spec.rb b/spec/unit/key_spec.rb
index 8ef7d24f21..94ebbf6ae8 100644
--- a/spec/unit/key_spec.rb
+++ b/spec/unit/key_spec.rb
@@ -499,7 +499,7 @@ EOS
describe "update" do
shared_examples_for "update key" do
- context "when name is missing" do
+ context "when name is missing and no argument was passed to update" do
it "should raise an MissingKeyAttribute" do
expect { key.update }.to raise_error(Chef::Exceptions::MissingKeyAttribute)
end
@@ -516,11 +516,45 @@ EOS
key.update
end
end
+
+ context "when @name is not nil and a arg is passed to update" do
+ before do
+ key.name "new_name"
+ end
+
+ it "passes @name in the body and the arg in the PUT URL" do
+ expect(rest).to receive(:put_rest).with(update_name_url, key.to_hash).and_return({})
+ key.update("old_name")
+ end
+ end
+
+ context "when the server returns a public_key and create_key is true" do
+ before do
+ key.name "key_name"
+ key.create_key true
+ allow(rest).to receive(:put_rest).with(url, key.to_hash).and_return({
+ "key" => "key_name",
+ "public_key" => public_key_string
+ })
+
+ end
+
+ it "returns a key with public_key populated" do
+ new_key = key.update
+ expect(new_key.public_key).to eq(public_key_string)
+ end
+
+ it "returns a key without create_key set" do
+ new_key = key.update
+ expect(new_key.create_key).to be_nil
+ end
+ end
end
context "when updating a user key" do
it_should_behave_like "update key" do
let(:url) { "users/#{key.actor}/keys/#{key.name}" }
+ let(:update_name_url) { "users/#{key.actor}/keys/old_name" }
let(:key) { user_key }
end
end
@@ -528,6 +562,7 @@ EOS
context "when updating a client key" do
it_should_behave_like "update key" do
let(:url) { "clients/#{client_key.actor}/keys/#{key.name}" }
+ let(:update_name_url) { "clients/#{client_key.actor}/keys/old_name" }
let(:key) { client_key }
end
end
diff --git a/spec/unit/knife/key_delete_spec.rb b/spec/unit/knife/key_delete_spec.rb
index 788d125b02..1d4b9f825f 100644
--- a/spec/unit/knife/key_delete_spec.rb
+++ b/spec/unit/knife/key_delete_spec.rb
@@ -36,25 +36,6 @@ describe "key delete commands that inherit knife" do
c
end
- context "before apply_params! is called" do
- context "when apply_params! is called with invalid args (missing keyname)" do
- let(:params) { ["charmander"] }
- it "shows the usage" do
- expect(command).to receive(:show_usage)
- expect { command.apply_params!(params) }.to exit_with_code(1)
- end
-
- it "outputs the proper error" do
- expect { command.apply_params!(params) }.to exit_with_code(1)
- expect(stderr.string).to include(command.keyname_missing_error)
- end
-
- it "exits 1" do
- expect { command.apply_params!(params) }.to exit_with_code(1)
- end
- end
- end # before apply_params! is called
-
context "after apply_params! is called with valid args" do
let(:params) { ["charmander", "charmander-key"] }
before do
@@ -75,6 +56,7 @@ describe "key delete commands that inherit knife" do
describe Chef::Knife::UserKeyDelete do
it_should_behave_like "a key delete command"
# defined in key_helpers.rb
+ it_should_behave_like "a knife key command with a keyname as the second arg"
it_should_behave_like "a knife key command" do
let(:service_object) { instance_double(Chef::Knife::KeyDelete) }
let(:params) { ["charmander", "charmander-key"] }
@@ -84,6 +66,7 @@ describe "key delete commands that inherit knife" do
describe Chef::Knife::ClientKeyDelete do
it_should_behave_like "a key delete command"
# defined in key_helpers.rb
+ it_should_behave_like "a knife key command with a keyname as the second arg"
it_should_behave_like "a knife key command" do
let(:service_object) { instance_double(Chef::Knife::KeyDelete) }
let(:params) { ["charmander", "charmander-key"] }
@@ -98,7 +81,7 @@ describe Chef::Knife::KeyDelete do
shared_examples_for "key delete run command" do
let(:key_delete_object) {
- described_class.new(keyname, actor, actor_field_name, ui,)
+ described_class.new(keyname, actor, actor_field_name, ui)
}
before do
diff --git a/spec/unit/knife/key_edit_spec.rb b/spec/unit/knife/key_edit_spec.rb
new file mode 100644
index 0000000000..538b91de2d
--- /dev/null
+++ b/spec/unit/knife/key_edit_spec.rb
@@ -0,0 +1,267 @@
+#
+# Author:: Tyler Cloke (<tyler@chef.io>)
+# Copyright:: Copyright (c) 2015 Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'spec_helper'
+require 'chef/knife/user_key_edit'
+require 'chef/knife/client_key_edit'
+require 'chef/knife/key_edit'
+require 'chef/key'
+
+describe "key edit commands that inherit knife" do
+ shared_examples_for "a key edit command" do
+ let(:stderr) { StringIO.new }
+ let(:params) { [] }
+ let(:service_object) { instance_double(Chef::Knife::KeyEdit) }
+ let(:command) do
+ c = described_class.new([])
+ c.ui.config[:disable_editing] = true
+ allow(c.ui).to receive(:stderr).and_return(stderr)
+ allow(c.ui).to receive(:stdout).and_return(stderr)
+ allow(c).to receive(:show_usage)
+ c
+ end
+
+ context "after apply_params! is called with valid args" do
+ let(:params) { ["charmander", "charmander-key"] }
+ before do
+ command.apply_params!(params)
+ end
+
+ context "when the service object is called" do
+ it "creates a new instance of Chef::Knife::KeyEdit with the correct args" do
+ expect(Chef::Knife::KeyEdit).to receive(:new).
+ with("charmander-key", "charmander", command.actor_field_name, command.ui, command.config).
+ and_return(service_object)
+ command.service_object
+ end
+ end # when the service object is called
+ end # after apply_params! is called with valid args
+ end # a key edit command
+
+ describe Chef::Knife::UserKeyEdit do
+ it_should_behave_like "a key edit command"
+ # defined in key_helpers.rb
+ it_should_behave_like "a knife key command with a keyname as the second arg"
+ it_should_behave_like "a knife key command" do
+ let(:service_object) { instance_double(Chef::Knife::KeyEdit) }
+ let(:params) { ["charmander", "charmander-key"] }
+ end
+ end
+
+ describe Chef::Knife::ClientKeyEdit do
+ it_should_behave_like "a key edit command"
+ # defined in key_helpers.rb
+ it_should_behave_like "a knife key command with a keyname as the second arg"
+ it_should_behave_like "a knife key command" do
+ let(:service_object) { instance_double(Chef::Knife::KeyEdit) }
+ let(:params) { ["charmander", "charmander-key"] }
+ end
+ end
+end
+
+describe Chef::Knife::KeyEdit do
+ let(:public_key) {
+ "-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvPo+oNPB7uuNkws0fC02
+KxSwdyqPLu0fhI1pOweNKAZeEIiEz2PkybathHWy8snSXGNxsITkf3eyvIIKa8OZ
+WrlqpI3yv/5DOP8HTMCxnFuMJQtDwMcevlqebX4bCxcByuBpNYDcAHjjfLGSfMjn
+E5lZpgYWwnpic4kSjYcL9ORK9nYvlWV9P/kCYmRhIjB4AhtpWRiOfY/TKi3P2LxT
+IjSmiN/ihHtlhV/VSnBJ5PzT/lRknlrJ4kACoz7Pq9jv+aAx5ft/xE9yDa2DYs0q
+Tfuc9dUYsFjptWYrV6pfEQ+bgo1OGBXORBFcFL+2D7u9JYquKrMgosznHoEkQNLo
+0wIDAQAB
+-----END PUBLIC KEY-----"
+ }
+ let(:config) { Hash.new }
+ let(:actor) { "charmander" }
+ let(:keyname) { "charmander-key" }
+ let(:ui) { instance_double("Chef::Knife::UI") }
+
+ shared_examples_for "key edit run command" do
+ let(:key_edit_object) {
+ described_class.new(keyname, actor, actor_field_name, ui, config)
+ }
+
+ context "when the command is run" do
+ let(:expected_hash) {
+ {
+ actor_field_name => "charmander"
+ }
+ }
+ let(:new_keyname) { "charizard-key" }
+
+ before do
+ allow(File).to receive(:read).and_return(public_key)
+ allow(File).to receive(:expand_path)
+
+ allow(key_edit_object).to receive(:output_private_key_to_file)
+ allow(key_edit_object).to receive(:display_private_key)
+ allow(key_edit_object).to receive(:edit_data).and_return(expected_hash)
+ allow(key_edit_object).to receive(:display_info)
+ end
+
+
+ context "when public_key and create_key are passed" do
+ before do
+ key_edit_object.config[:public_key] = "public_key_path"
+ key_edit_object.config[:create_key] = true
+ end
+
+ it "raises a Chef::Exceptions::KeyCommandInputError with the proper error message" do
+ expect{ key_edit_object.run }.to raise_error(Chef::Exceptions::KeyCommandInputError, key_edit_object.public_key_and_create_key_error_msg)
+ end
+ end
+
+ context "when key_name is passed" do
+ let(:expected_hash) {
+ {
+ actor_field_name => "charmander",
+ "name" => new_keyname
+ }
+ }
+ before do
+ key_edit_object.config[:key_name] = new_keyname
+ allow_any_instance_of(Chef::Key).to receive(:update)
+ end
+
+ it "update_key_from_hash gets passed a hash with new key name" do
+ expect(key_edit_object).to receive(:update_key_from_hash).with(expected_hash).and_return(Chef::Key.from_hash(expected_hash))
+ key_edit_object.run
+ end
+
+ it "Chef::Key.update is passed a string containing the original keyname" do
+ expect_any_instance_of(Chef::Key).to receive(:update).with(/#{keyname}/).and_return(Chef::Key.from_hash(expected_hash))
+ key_edit_object.run
+ end
+
+ it "Chef::Key.update is not passed a string containing the new keyname" do
+ expect_any_instance_of(Chef::Key).not_to receive(:update).with(/#{new_keyname}/)
+ allow_any_instance_of(Chef::Key).to receive(:update).and_return(Chef::Key.from_hash(expected_hash))
+ key_edit_object.run
+ end
+ end
+
+ context "when public_key, key_name, and expiration_date are passed" do
+ let(:expected_hash) {
+ {
+ actor_field_name => "charmander",
+ "public_key" => public_key,
+ "name" => new_keyname,
+ "expiration_date" => "infinity"
+ }
+ }
+ before do
+ key_edit_object.config[:public_key] = "this-public-key"
+ key_edit_object.config[:key_name] = new_keyname
+ key_edit_object.config[:expiration_date] = "infinity"
+ allow(key_edit_object).to receive(:update_key_from_hash).and_return(Chef::Key.from_hash(expected_hash))
+ end
+
+ it "passes the right hash to update_key_from_hash" do
+ expect(key_edit_object).to receive(:update_key_from_hash).with(expected_hash)
+ key_edit_object.run
+ end
+ end
+
+ context "when create_key is passed" do
+ let(:expected_hash) {
+ {
+ actor_field_name => "charmander",
+ "create_key" => true
+ }
+ }
+
+ before do
+ key_edit_object.config[:create_key] = true
+ allow(key_edit_object).to receive(:update_key_from_hash).and_return(Chef::Key.from_hash(expected_hash))
+ end
+
+ it "passes the right hash to update_key_from_hash" do
+ expect(key_edit_object).to receive(:update_key_from_hash).with(expected_hash)
+ key_edit_object.run
+ end
+ end
+
+ context "when public_key is passed" do
+ let(:expected_hash) {
+ {
+ actor_field_name => "charmander",
+ "public_key" => public_key
+ }
+ }
+ before do
+ allow(key_edit_object).to receive(:update_key_from_hash).and_return(Chef::Key.from_hash(expected_hash))
+ key_edit_object.config[:public_key] = "public_key_path"
+ end
+
+ it "calls File.expand_path with the public_key input" do
+ expect(File).to receive(:expand_path).with("public_key_path")
+ key_edit_object.run
+ end
+ end # when public_key is passed
+
+ context "when the server returns a private key" do
+ let(:expected_hash) {
+ {
+ actor_field_name => "charmander",
+ "public_key" => public_key,
+ "private_key" => "super_private"
+ }
+ }
+
+ before do
+ allow(key_edit_object).to receive(:update_key_from_hash).and_return(Chef::Key.from_hash(expected_hash))
+ key_edit_object.config[:public_key] = "public_key_path"
+ end
+
+ context "when file is not passed" do
+ it "calls display_private_key with the private_key" do
+ expect(key_edit_object).to receive(:display_private_key).with("super_private")
+ key_edit_object.run
+ end
+ end
+
+ context "when file is passed" do
+ before do
+ key_edit_object.config[:file] = "/fake/file"
+ end
+
+ it "calls output_private_key_to_file with the private_key" do
+ expect(key_edit_object).to receive(:output_private_key_to_file).with("super_private")
+ key_edit_object.run
+ end
+ end
+ end # when the server returns a private key
+
+ end # when the command is run
+
+
+
+ end # key edit run command
+
+ context "when actor_field_name is 'user'" do
+ it_should_behave_like "key edit run command" do
+ let(:actor_field_name) { "user" }
+ end
+ end
+
+ context "when actor_field_name is 'client'" do
+ it_should_behave_like "key edit run command" do
+ let(:actor_field_name) { "client" }
+ end
+ end
+end
diff --git a/spec/unit/knife/key_show_spec.rb b/spec/unit/knife/key_show_spec.rb
new file mode 100644
index 0000000000..5a0d839e4f
--- /dev/null
+++ b/spec/unit/knife/key_show_spec.rb
@@ -0,0 +1,126 @@
+#
+# Author:: Tyler Cloke (<tyler@chef.io>)
+# Copyright:: Copyright (c) 2015 Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'spec_helper'
+require 'chef/knife/user_key_show'
+require 'chef/knife/client_key_show'
+require 'chef/knife/key_show'
+require 'chef/key'
+
+describe "key show commands that inherit knife" do
+ shared_examples_for "a key show command" do
+ let(:stderr) { StringIO.new }
+ let(:params) { [] }
+ let(:service_object) { instance_double(Chef::Knife::KeyShow) }
+ let(:command) do
+ c = described_class.new([])
+ c.ui.config[:disable_editing] = true
+ allow(c.ui).to receive(:stderr).and_return(stderr)
+ allow(c.ui).to receive(:stdout).and_return(stderr)
+ allow(c).to receive(:show_usage)
+ c
+ end
+
+ context "after apply_params! is called with valid args" do
+ let(:params) { ["charmander", "charmander-key"] }
+ before do
+ command.apply_params!(params)
+ end
+
+ context "when the service object is called" do
+ it "creates a new instance of Chef::Knife::KeyShow with the correct args" do
+ expect(Chef::Knife::KeyShow).to receive(:new).
+ with("charmander-key", "charmander", command.load_method, command.ui).
+ and_return(service_object)
+ command.service_object
+ end
+ end # when the service object is called
+ end # after apply_params! is called with valid args
+ end # a key show command
+
+ describe Chef::Knife::UserKeyShow do
+ it_should_behave_like "a key show command"
+ # defined in key_helpers.rb
+ it_should_behave_like "a knife key command with a keyname as the second arg"
+ it_should_behave_like "a knife key command" do
+ let(:service_object) { instance_double(Chef::Knife::KeyShow) }
+ let(:params) { ["charmander", "charmander-key"] }
+ end
+ end
+
+ describe Chef::Knife::ClientKeyShow do
+ it_should_behave_like "a key show command"
+ # defined in key_helpers.rb
+ it_should_behave_like "a knife key command with a keyname as the second arg"
+ it_should_behave_like "a knife key command" do
+ let(:service_object) { instance_double(Chef::Knife::KeyShow) }
+ let(:params) { ["charmander", "charmander-key"] }
+ end
+ end
+end
+
+describe Chef::Knife::KeyShow do
+ let(:actor) { "charmander" }
+ let(:keyname) { "charmander" }
+ let(:ui) { instance_double("Chef::Knife::UI") }
+ let(:expected_hash) {
+ {
+ actor_field_name => "charmander",
+ "name" => "charmander-key",
+ "public_key" => "some-public-key",
+ "expiration_date" => "infinity"
+ }
+ }
+
+ shared_examples_for "key show run command" do
+ let(:key_show_object) {
+ described_class.new(keyname, actor, load_method, ui)
+ }
+
+ before do
+ allow(key_show_object).to receive(:display_output)
+ allow(Chef::Key).to receive(load_method).and_return(Chef::Key.from_hash(expected_hash))
+ end
+
+ context "when the command is run" do
+ it "loads the key using the proper method and args" do
+ expect(Chef::Key).to receive(load_method).with(actor, keyname)
+ key_show_object.run
+ end
+
+ it "displays the key" do
+ expect(key_show_object).to receive(:display_output)
+ key_show_object.run
+ end
+ end
+ end
+
+ context "when load_method is :load_by_user" do
+ it_should_behave_like "key show run command" do
+ let(:load_method) { :load_by_user }
+ let(:actor_field_name) { 'user' }
+ end
+ end
+
+ context "when load_method is :load_by_client" do
+ it_should_behave_like "key show run command" do
+ let(:load_method) { :load_by_client }
+ let(:actor_field_name) { 'user' }
+ end
+ end
+end