diff options
author | Seth Chisamore <schisamo@opscode.com> | 2013-03-17 20:57:01 -0400 |
---|---|---|
committer | Bryan McLellan <btm@opscode.com> | 2013-04-11 14:25:45 -0700 |
commit | 90b6eae3a843a8e2fdec0cd396128f7441ba45e4 (patch) | |
tree | 1ddbda733210253d1314eae308120c0b41a1c065 /spec/unit/encrypted_data_bag_item_spec.rb | |
parent | 889672bb715fcd2195d1f73a4c601ebd342738df (diff) | |
download | chef-90b6eae3a843a8e2fdec0cd396128f7441ba45e4.tar.gz |
modern RSpec update for encrypted_data_bag_item_spec
* prefer `subject` and `let` blocks to instance variables and before
blocks
* `eq` instead of `==`
* remove the 'shoulds' from example descriptions
Diffstat (limited to 'spec/unit/encrypted_data_bag_item_spec.rb')
-rw-r--r-- | spec/unit/encrypted_data_bag_item_spec.rb | 181 |
1 files changed, 93 insertions, 88 deletions
diff --git a/spec/unit/encrypted_data_bag_item_spec.rb b/spec/unit/encrypted_data_bag_item_spec.rb index 30f13c3f1d..a44f9a17db 100644 --- a/spec/unit/encrypted_data_bag_item_spec.rb +++ b/spec/unit/encrypted_data_bag_item_spec.rb @@ -34,205 +34,210 @@ end describe Chef::EncryptedDataBagItem::Encryptor do + subject(:encryptor) { described_class.new(plaintext_data, key) } + let(:plaintext_data) { {"foo" => "bar"} } + let(:key) { "passwd" } + describe "generating a random IV" do it "generates a new IV for each encryption pass" do - encryptor1 = Chef::EncryptedDataBagItem::Encryptor.new({"foo" => "bar"}, "passwd") - encryptor2 = Chef::EncryptedDataBagItem::Encryptor.new({"foo" => "bar"}, "passwd") + encryptor2 = Chef::EncryptedDataBagItem::Encryptor.new(plaintext_data, key) # No API in ruby OpenSSL to get the iv it used for the encryption back # out. Instead we test if the encrypted data is the same. If it *is* the # same, we assume the IV was the same each time. - encryptor1.encrypted_data.should_not == encryptor2.encrypted_data + encryptor.encrypted_data.should_not eq encryptor2.encrypted_data end end describe "when encrypting a non-hash non-array value" do + let(:plaintext_data) { 5 } it "serializes the value in a de-serializable way" do - encryptor = Chef::EncryptedDataBagItem::Encryptor.new(5, "passwd") - Chef::JSONCompat.from_json(encryptor.serialized_data)["json_wrapper"].should == 5 + Chef::JSONCompat.from_json(subject.serialized_data)["json_wrapper"].should eq 5 end end describe "wrapping secret values in an envelope" do it "wraps the encrypted data in an envelope with the iv and version" do - encryptor = Chef::EncryptedDataBagItem::Encryptor.new({"foo" => "bar"}, "passwd") final_data = encryptor.for_encrypted_item - final_data["encrypted_data"].should == encryptor.encrypted_data - final_data["iv"].should == Base64.encode64(encryptor.iv) - final_data["version"].should == 1 - final_data["cipher"].should == "aes-256-cbc" + final_data["encrypted_data"].should eq encryptor.encrypted_data + final_data["iv"].should eq Base64.encode64(encryptor.iv) + final_data["version"].should eq 1 + final_data["cipher"].should eq"aes-256-cbc" end - end end describe Chef::EncryptedDataBagItem::Decryptor do - context "when decrypting a version 1 (JSON+aes-256-cbc+random iv) encrypted value" do - before do - @encryptor = Chef::EncryptedDataBagItem::Encryptor.new({"foo" => "bar"}, "passwd") - @encrypted_value = @encryptor.for_encrypted_item - @decryptor = Chef::EncryptedDataBagItem::Decryptor.for(@encrypted_value, "passwd") - end + subject(:decryptor) { described_class.for(encrypted_value, decryption_key) } + let(:plaintext_data) { {"foo" => "bar"} } + let(:encryption_key) { "passwd" } + let(:decryption_key) { encryption_key } + let(:encrypted_value) do + Chef::EncryptedDataBagItem::Encryptor.new(plaintext_data, encryption_key).for_encrypted_item + end + context "when decrypting a version 1 (JSON+aes-256-cbc+random iv) encrypted value" do it "selects the correct strategy for version 1" do - @decryptor.should be_a_kind_of Chef::EncryptedDataBagItem::Decryptor::Version1Decryptor + decryptor.should be_a_kind_of Chef::EncryptedDataBagItem::Decryptor::Version1Decryptor end it "decrypts the encrypted value" do - @decryptor.decrypted_data.should == {"json_wrapper" => {"foo" => "bar"}}.to_json + decryptor.decrypted_data.should eq({"json_wrapper" => plaintext_data}.to_json) end it "unwraps the encrypted data and returns it" do - @decryptor.for_decrypted_item.should == {"foo" => "bar"} + decryptor.for_decrypted_item.should eq plaintext_data end context "and the provided key is incorrect" do - before do - @decryptor = Chef::EncryptedDataBagItem::Decryptor.for(@encrypted_value, "wrong-passwd") - end + let(:decryption_key) { "wrong-passwd" } it "raises a sensible error" do - lambda { @decryptor.for_decrypted_item }.should raise_error(Chef::EncryptedDataBagItem::DecryptionFailure) + lambda { decryptor.for_decrypted_item }.should raise_error(Chef::EncryptedDataBagItem::DecryptionFailure) end end context "and the cipher is not supported" do - before do - @encrypted_value["cipher"] = "aes-256-foo" + let(:encrypted_value) do + ev = Chef::EncryptedDataBagItem::Encryptor.new(plaintext_data, encryption_key).for_encrypted_item + ev["cipher"] = "aes-256-foo" + ev end it "raises a sensible error" do - lambda { @decryptor.for_decrypted_item }.should raise_error(Chef::EncryptedDataBagItem::UnsupportedCipher) + lambda { decryptor.for_decrypted_item }.should raise_error(Chef::EncryptedDataBagItem::UnsupportedCipher) end end end context "when decrypting a version 0 (YAML+aes-256-cbc+no iv) encrypted value" do - before do - @encrypted_value = Version1Encryptor.encrypt_value({"foo" => "bar"}, "passwd") - - @decryptor = Chef::EncryptedDataBagItem::Decryptor.for(@encrypted_value, "passwd") + let(:encrypted_value) do + Version1Encryptor.encrypt_value(plaintext_data, encryption_key) end it "selects the correct strategy for version 0" do - @decryptor.should be_a_kind_of(Chef::EncryptedDataBagItem::Decryptor::Version0Decryptor) + decryptor.should be_a_kind_of(Chef::EncryptedDataBagItem::Decryptor::Version0Decryptor) end it "decrypts the encrypted value" do - @decryptor.for_decrypted_item.should == {"foo" => "bar"} + decryptor.for_decrypted_item.should eq plaintext_data end end end describe Chef::EncryptedDataBagItem do - before(:each) do - @secret = "abc123SECRET" - @plain_data = { + subject { described_class } + let(:encrypted_data_bag_item) do + subject.new(encoded_data, secret) + end + let(:plaintext_data) do + { "id" => "item_name", "greeting" => "hello", "nested" => { "a1" => [1, 2, 3], "a2" => { "b1" => true }} } - @enc_data = Chef::EncryptedDataBagItem.encrypt_data_bag_item(@plain_data, - @secret) end - + let(:secret) { "abc123SECRET" } + let(:encoded_data) { subject.encrypt_data_bag_item(plaintext_data, secret) } describe "encrypting" do - it "should not encrypt the 'id' key" do - @enc_data["id"].should == "item_name" + it "doesn't encrypt the 'id' key" do + encoded_data["id"].should eq "item_name" end - it "should encrypt non-collection objects" do - @enc_data["greeting"]["version"].should == 1 - @enc_data["greeting"].should have_key("iv") + it "encrypts non-collection objects" do + encoded_data["greeting"]["version"].should eq 1 + encoded_data["greeting"].should have_key("iv") - iv = @enc_data["greeting"]["iv"] - encryptor = Chef::EncryptedDataBagItem::Encryptor.new("hello", @secret, iv) + iv = encoded_data["greeting"]["iv"] + encryptor = Chef::EncryptedDataBagItem::Encryptor.new("hello", secret, iv) - @enc_data["greeting"]["encrypted_data"].should == encryptor.for_encrypted_item["encrypted_data"] + encoded_data["greeting"]["encrypted_data"].should eq(encryptor.for_encrypted_item["encrypted_data"]) end - it "should encrypt nested values" do - @enc_data["nested"]["version"].should == 1 - @enc_data["nested"].should have_key("iv") + it "encrypts nested values" do + encoded_data["nested"]["version"].should eq 1 + encoded_data["nested"].should have_key("iv") - iv = @enc_data["nested"]["iv"] - encryptor = Chef::EncryptedDataBagItem::Encryptor.new(@plain_data["nested"], @secret, iv) + iv = encoded_data["nested"]["iv"] + encryptor = Chef::EncryptedDataBagItem::Encryptor.new(plaintext_data["nested"], secret, iv) - @enc_data["nested"]["encrypted_data"].should == encryptor.for_encrypted_item["encrypted_data"] + encoded_data["nested"]["encrypted_data"].should eq(encryptor.for_encrypted_item["encrypted_data"]) end end describe "decrypting" do - before(:each) do - @enc_data = Chef::EncryptedDataBagItem.encrypt_data_bag_item(@plain_data, - @secret) - @eh = Chef::EncryptedDataBagItem.new(@enc_data, @secret) - end it "doesn't try to decrypt 'id'" do - @eh["id"].should == @plain_data["id"] + encrypted_data_bag_item["id"].should eq(plaintext_data["id"]) end it "decrypts 'greeting'" do - @eh["greeting"].should == @plain_data["greeting"] + encrypted_data_bag_item["greeting"].should eq(plaintext_data["greeting"]) end it "decrypts 'nested'" do - @eh["nested"].should == @plain_data["nested"] + encrypted_data_bag_item["nested"].should eq(plaintext_data["nested"]) end it "decrypts everyting via to_hash" do - @eh.to_hash.should == @plain_data + encrypted_data_bag_item.to_hash.should eq(plaintext_data) end it "handles missing keys gracefully" do - @eh["no-such-key"].should be_nil + encrypted_data_bag_item["no-such-key"].should be_nil end end describe "loading" do it "should defer to Chef::DataBagItem.load" do - Chef::DataBagItem.stub(:load).with(:the_bag, "my_codes").and_return(@enc_data) - edbi = Chef::EncryptedDataBagItem.load(:the_bag, "my_codes", @secret) - edbi["greeting"].should == @plain_data["greeting"] + Chef::DataBagItem.stub(:load).with(:the_bag, "my_codes").and_return(encoded_data) + edbi = Chef::EncryptedDataBagItem.load(:the_bag, "my_codes", secret) + edbi["greeting"].should eq(plaintext_data["greeting"]) end end - describe "load_secret" do - it "should read from the default path" do - default_path = "/etc/chef/encrypted_data_bag_secret" - ::File.stub(:exists?).with(default_path).and_return(true) - IO.stub(:read).with(default_path).and_return("opensesame") - Chef::EncryptedDataBagItem.load_secret().should == "opensesame" + describe ".load_secret" do + subject(:loaded_secret) { Chef::EncryptedDataBagItem.load_secret(path) } + let(:path) { "/var/mysecret" } + let(:secret) { "opensesame" } + let(:stubbed_path) { path } + before do + ::File.stub(:exist?).with(stubbed_path).and_return(true) + IO.stub(:read).with(stubbed_path).and_return(secret) + Kernel.stub(:open).with(path).and_return(StringIO.new(secret)) end - it "should read from Chef::Config[:encrypted_data_bag_secret]" do - path = "/var/mysecret" - Chef::Config[:encrypted_data_bag_secret] = path - ::File.stub(:exists?).with(path).and_return(true) - IO.stub(:read).with(path).and_return("opensesame") - Chef::EncryptedDataBagItem.load_secret().should == "opensesame" + it "reads from a specified path" do + loaded_secret.should eq secret end - it "should read from a specified path" do - path = "/var/mysecret" - ::File.stub(:exists?).with(path).and_return(true) - IO.stub(:read).with(path).and_return("opensesame") - Chef::EncryptedDataBagItem.load_secret(path).should == "opensesame" + context "path argument is nil" do + let(:path) { nil } + let(:stubbed_path) { "/etc/chef/encrypted_data_bag_secret" } + + it "reads from the default path" do + loaded_secret.should eq secret + end + + it "reads from Chef::Config[:encrypted_data_bag_secret]" do + Chef::Config[:encrypted_data_bag_secret] = stubbed_path + loaded_secret.should eq secret + end end - it "should read from a URL" do - path = "http://www.opscode.com/" - fake_file = StringIO.new("opensesame") - Kernel.stub(:open).with(path).and_return(fake_file) - Chef::EncryptedDataBagItem.load_secret(path).should == "opensesame" + context "path argument is a URL" do + let(:path) { "http://www.opscode.com/" } + + it "reads the URL" do + loaded_secret.should eq secret + end end end end |