diff options
author | danielsdeleo <dan@opscode.com> | 2012-11-14 16:06:32 -0800 |
---|---|---|
committer | danielsdeleo <dan@opscode.com> | 2012-11-14 16:11:06 -0800 |
commit | 3af82bf027f1252209469ee8218cfc947a31e5ca (patch) | |
tree | 65d2e07c9cf26536a424b9f71e3dd4537cd40c43 /spec/unit/knife/data_bag_create_spec.rb | |
parent | 1b2fba939425b0a158ec341ed76f977d1aef8489 (diff) | |
download | chef-3af82bf027f1252209469ee8218cfc947a31e5ca.tar.gz |
[CHEF-3392] JSON serialize encrypted data bags, use random IV
* Use JSON instead of YAML to serialize encrypted data bag values before
encrypting.
* Use a random IV for each encrypted value for resilience against some
types of crypto attacks. Fixes CHEF-3480.
Diffstat (limited to 'spec/unit/knife/data_bag_create_spec.rb')
-rw-r--r-- | spec/unit/knife/data_bag_create_spec.rb | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/spec/unit/knife/data_bag_create_spec.rb b/spec/unit/knife/data_bag_create_spec.rb index 7d9433984f..0ac9b6f033 100644 --- a/spec/unit/knife/data_bag_create_spec.rb +++ b/spec/unit/knife/data_bag_create_spec.rb @@ -75,6 +75,11 @@ describe Chef::Knife::DataBagCreate do @knife.should_receive(:create_object).and_yield(@plain_data) data_bag_item = Chef::DataBagItem.from_hash(@enc_data) data_bag_item.data_bag("sudoing_admins") + + # Random IV is used each time the data bag item is encrypted, so values + # will not be equal if we re-encrypt. + Chef::EncryptedDataBagItem.should_receive(:encrypt_data_bag_item).and_return(@enc_data) + @rest.should_receive(:post_rest).with("data", {'name' => 'sudoing_admins'}).ordered @rest.should_receive(:post_rest).with("data/sudoing_admins", data_bag_item).ordered |