summaryrefslogtreecommitdiff
path: root/spec/unit/api_client
diff options
context:
space:
mode:
authorClaire McQuin <claire@getchef.com>2014-08-13 16:17:08 -0700
committerClaire McQuin <claire@getchef.com>2014-08-14 14:09:55 -0700
commit84d3eaf6275a73eb968288b5157a0ba6ef628108 (patch)
tree50b49f2ef30581aa2dd08557e49576756e179635 /spec/unit/api_client
parent1f9abbee4878234e3c21f5e120fd9e1670238f94 (diff)
downloadchef-84d3eaf6275a73eb968288b5157a0ba6ef628108.tar.gz
Enable client-side key generation by default (resolves https://github.com/opscode/chef/issues/1711)
Diffstat (limited to 'spec/unit/api_client')
-rw-r--r--spec/unit/api_client/registration_spec.rb157
1 files changed, 83 insertions, 74 deletions
diff --git a/spec/unit/api_client/registration_spec.rb b/spec/unit/api_client/registration_spec.rb
index 15a9c30482..d752429676 100644
--- a/spec/unit/api_client/registration_spec.rb
+++ b/spec/unit/api_client/registration_spec.rb
@@ -38,11 +38,11 @@ describe Chef::ApiClient::Registration do
let(:http_mock) { double("Chef::REST mock") }
let(:expected_post_data) do
- { :name => client_name, :admin => false }
+ { :name => client_name, :admin => false, :public_key => generated_public_key.to_pem }
end
let(:expected_put_data) do
- { :name => client_name, :admin => false, :private_key => true }
+ { :name => client_name, :admin => false, :public_key => generated_public_key.to_pem }
end
let(:server_v10_response) do
@@ -61,9 +61,31 @@ describe Chef::ApiClient::Registration do
let(:response_409) { Net::HTTPConflict.new("1.1", "409", "Conflict") }
let(:exception_409) { Net::HTTPServerException.new("409 conflict", response_409) }
+ let(:generated_private_key_pem) { IO.read(File.expand_path('ssl/private_key.pem', CHEF_SPEC_DATA)) }
+ let(:generated_private_key) { OpenSSL::PKey::RSA.new(generated_private_key_pem) }
+ let(:generated_public_key) { generated_private_key.public_key }
+
+
+ let(:create_with_pkey_response) do
+ {
+ "uri" => "",
+ "public_key" => generated_public_key.to_pem
+ }
+ end
+
+ let(:update_with_pkey_response) do
+ {"name"=>client_name,
+ "admin"=>false,
+ "public_key"=> generated_public_key,
+ "validator"=>false,
+ "private_key"=>false,
+ "clientname"=>client_name}
+ end
+
before do
Chef::Config[:validation_client_name] = "test-validator"
Chef::Config[:validation_key] = File.expand_path('ssl/private_key.pem', CHEF_SPEC_DATA)
+ OpenSSL::PKey::RSA.stub(:generate).with(2048).and_return(generated_private_key)
end
after do
@@ -81,74 +103,6 @@ describe Chef::ApiClient::Registration do
registration.stub(:http_api).and_return(http_mock)
end
- it "creates a new ApiClient on the server using the validator identity" do
- http_mock.should_receive(:post).
- with("clients", expected_post_data).
- and_return(server_v10_response)
- registration.create_or_update.should == server_v10_response
- registration.private_key.should == "--begin rsa key etc--"
- end
-
- context "and the client already exists on a Chef 10 server" do
- it "requests a new key from the server and saves it" do
- http_mock.should_receive(:post).with("clients", expected_post_data).
- and_raise(exception_409)
- http_mock.should_receive(:put).
- with("clients/#{client_name}", expected_put_data).
- and_return(server_v10_response)
- registration.create_or_update.should == server_v10_response
- registration.private_key.should == "--begin rsa key etc--"
- end
- end
-
- context "and the client already exists on a Chef 11 server" do
- it "requests a new key from the server and saves it" do
- http_mock.should_receive(:post).and_raise(exception_409)
- http_mock.should_receive(:put).
- with("clients/#{client_name}", expected_put_data).
- and_return(server_v11_response)
- registration.create_or_update.should == server_v11_response
- registration.private_key.should == "--begin rsa key etc--"
- end
- end
- end
-
- context "when local key generation is enabled", :nofocus do
- let(:generated_private_key_pem) { IO.read(File.expand_path('ssl/private_key.pem', CHEF_SPEC_DATA)) }
- let(:generated_private_key) { OpenSSL::PKey::RSA.new(generated_private_key_pem) }
- let(:generated_public_key) { generated_private_key.public_key }
-
- let(:expected_post_data) do
- { :name => client_name, :admin => false, :public_key => generated_public_key.to_pem }
- end
-
- let(:expected_put_data) do
- { :name => client_name, :admin => false, :public_key => generated_public_key.to_pem }
- end
-
- let(:create_with_pkey_response) do
- {
- "uri" => "",
- "public_key" => generated_public_key.to_pem
- }
- end
-
- let(:update_with_pkey_response) do
- {"name"=>client_name,
- "admin"=>false,
- "public_key"=> generated_public_key,
- "validator"=>false,
- "private_key"=>false,
- "clientname"=>client_name}
- end
-
-
- before do
- registration.stub(:http_api).and_return(http_mock)
- Chef::Config.local_key_generation = true
- OpenSSL::PKey::RSA.should_receive(:generate).with(2048).and_return(generated_private_key)
- end
-
it "posts a locally generated public key to the server to create a client" do
http_mock.should_receive(:post).
with("clients", expected_post_data).
@@ -176,6 +130,63 @@ describe Chef::ApiClient::Registration do
IO.read(key_location).should == generated_private_key_pem
end
+ context "and the client already exists on a Chef 11 server" do
+ it "requests a new key from the server and saves it" do
+ http_mock.should_receive(:post).and_raise(exception_409)
+ http_mock.should_receive(:put).
+ with("clients/#{client_name}", expected_put_data).
+ and_return(update_with_pkey_response)
+ registration.create_or_update.should == update_with_pkey_response
+ registration.private_key.should == generated_private_key_pem
+ end
+ end
+
+ context "when local key generation is disabled" do
+
+ let(:expected_post_data) do
+ { :name => client_name, :admin => false }
+ end
+
+ let(:expected_put_data) do
+ { :name => client_name, :admin => false, :private_key => true }
+ end
+
+ before do
+ Chef::Config[:local_key_generation] = false
+ OpenSSL::PKey::RSA.should_not_receive(:generate)
+ end
+
+ it "creates a new ApiClient on the server using the validator identity" do
+ http_mock.should_receive(:post).
+ with("clients", expected_post_data).
+ and_return(server_v10_response)
+ registration.create_or_update.should == server_v10_response
+ registration.private_key.should == "--begin rsa key etc--"
+ end
+
+ context "and the client already exists on a Chef 11 server" do
+ it "requests a new key from the server and saves it" do
+ http_mock.should_receive(:post).and_raise(exception_409)
+ http_mock.should_receive(:put).
+ with("clients/#{client_name}", expected_put_data).
+ and_return(server_v11_response)
+ registration.create_or_update.should == server_v11_response
+ registration.private_key.should == "--begin rsa key etc--"
+ end
+ end
+
+ context "and the client already exists on a Chef 10 server" do
+ it "requests a new key from the server and saves it" do
+ http_mock.should_receive(:post).with("clients", expected_post_data).
+ and_raise(exception_409)
+ http_mock.should_receive(:put).
+ with("clients/#{client_name}", expected_put_data).
+ and_return(server_v10_response)
+ registration.create_or_update.should == server_v10_response
+ registration.private_key.should == "--begin rsa key etc--"
+ end
+ end
+ end
end
describe "when writing the private key to disk" do
@@ -209,7 +220,7 @@ describe Chef::ApiClient::Registration do
it "creates the client on the server and writes the key" do
http_mock.should_receive(:post).ordered.and_return(server_v10_response)
registration.run
- IO.read(key_location).should == "--begin rsa key etc--"
+ IO.read(key_location).should == generated_private_key_pem
end
it "retries up to 5 times" do
@@ -224,7 +235,7 @@ describe Chef::ApiClient::Registration do
http_mock.should_receive(:post).ordered.and_return(server_v10_response)
registration.run
- IO.read(key_location).should == "--begin rsa key etc--"
+ IO.read(key_location).should == generated_private_key_pem
end
it "gives up retrying after the max attempts" do
@@ -239,5 +250,3 @@ describe Chef::ApiClient::Registration do
end
end
-
-