diff options
author | tyler-ball <tyleraball@gmail.com> | 2014-09-09 16:05:38 -0700 |
---|---|---|
committer | tyler-ball <tyleraball@gmail.com> | 2014-09-29 08:31:08 -0700 |
commit | efcaafeaae481a7b49e5e9b44b79218cee20385d (patch) | |
tree | bf49e142299f6d780d4bb81f951f4487eafbd758 /spec/unit/knife/data_bag_edit_spec.rb | |
parent | a2a3f6774535319532cb268038644358d6f66051 (diff) | |
download | chef-efcaafeaae481a7b49e5e9b44b79218cee20385d.tar.gz |
Finishing specs for create and edit. During edit functional testing I discovered some large refactors needed.
Diffstat (limited to 'spec/unit/knife/data_bag_edit_spec.rb')
-rw-r--r-- | spec/unit/knife/data_bag_edit_spec.rb | 107 |
1 files changed, 60 insertions, 47 deletions
diff --git a/spec/unit/knife/data_bag_edit_spec.rb b/spec/unit/knife/data_bag_edit_spec.rb index ba931c1883..6a7c8b33b2 100644 --- a/spec/unit/knife/data_bag_edit_spec.rb +++ b/spec/unit/knife/data_bag_edit_spec.rb @@ -21,73 +21,86 @@ require 'tempfile' describe Chef::Knife::DataBagEdit do before do - @plain_data = {"login_name" => "alphaomega", "id" => "item_name"} - @edited_data = { - "login_name" => "rho", "id" => "item_name", - "new_key" => "new_value" } + Chef::Config[:node_name] = "webmonkey.example.com" + knife.name_args = [bag_name, item_name] + allow(knife).to receive(:config).and_return(config) + end - Chef::Config[:node_name] = "webmonkey.example.com" + let(:knife) do + k = Chef::Knife::DataBagEdit.new + allow(k).to receive(:rest).and_return(rest) + allow(k).to receive(:stdout).and_return(stdout) + k + end - @knife = Chef::Knife::DataBagEdit.new - @rest = double('chef-rest-mock') - @knife.stub(:rest).and_return(@rest) + let(:plain_hash) { {"login_name" => "alphaomega", "id" => "item_name"} } + let(:plain_db) {Chef::DataBagItem.from_hash(plain_hash)} + let(:edited_hash) { {"login_name" => "rho", "id" => "item_name", "new_key" => "new_value"} } + let(:edited_db) {Chef::DataBagItem.from_hash(edited_hash)} - @stdout = StringIO.new - @knife.stub(:stdout).and_return(@stdout) - @log = Chef::Log - @knife.name_args = ['bag_name', 'item_name'] - end + let(:rest) { double("ChefSpecs::ChefRest") } + let(:stdout) { StringIO.new } + + let(:bag_name) { "sudoing_admins" } + let(:item_name) { "ME" } + + let(:secret) { "abc123SECRET" } + + let(:raw_hash) {{ "login_name" => "alphaomega", "id" => item_name }} + + let(:config) { {} } it "requires data bag and item arguments" do - @knife.name_args = [] - lambda { @knife.run }.should raise_error(SystemExit) - @stdout.string.should match(/^You must supply the data bag and an item to edit/) + knife.name_args = [] + expect(stdout).to receive(:puts).twice.with(anything) + expect {knife.run}.to exit_with_code(1) end it "saves edits on a data bag item" do - Chef::DataBagItem.stub(:load).with('bag_name', 'item_name').and_return(@plain_data) - @knife.should_receive(:edit_data).with(@plain_data).and_return(@edited_data) - @rest.should_receive(:put_rest).with("data/bag_name/item_name", @edited_data).ordered - @knife.run + expect(Chef::DataBagItem).to receive(:load).with(bag_name, item_name).and_return(plain_db) + expect(knife).to receive(:encrypted?) { false } + expect(knife).to receive(:edit_data).with(plain_db).and_return(edited_db.raw_data) + expect(rest).to receive(:put_rest).with("data/#{bag_name}/#{item_name}", edited_db.raw_data).ordered + knife.run end describe "encrypted data bag items" do + let(:enc_plain_hash) { Chef::EncryptedDataBagItem.encrypt_data_bag_item(plain_hash, secret) } + let(:data_bag_with_encoded_hash) { Chef::DataBagItem.from_hash(enc_plain_hash) } + let(:enc_edited_hash) { Chef::EncryptedDataBagItem.encrypt_data_bag_item(edited_hash, secret) } + before(:each) do - @secret = "abc123SECRET" - @enc_data = Chef::EncryptedDataBagItem.encrypt_data_bag_item(@plain_data, - @secret) - @enc_edited_data = Chef::EncryptedDataBagItem.encrypt_data_bag_item(@edited_data, - @secret) - Chef::DataBagItem.stub(:load).with('bag_name', 'item_name').and_return(@enc_data) - - # Random IV is used each time the data bag item is encrypted, so values - # will not be equal if we encrypt same value twice. - Chef::EncryptedDataBagItem.should_receive(:encrypt_data_bag_item).and_return(@enc_edited_data) - - @secret_file = Tempfile.new("encrypted_data_bag_secret_file_test") - @secret_file.puts(@secret) - @secret_file.flush + allow(knife).to receive(:encrypted?) { true } + allow(knife).to receive(:encryption_secret_provided?) { true } + allow(knife).to receive(:read_secret).and_return(secret) end - after do - @secret_file.close - @secret_file.unlink + it "decrypts an encrypted data bag, edits it and rencrypts it" do + expect(Chef::DataBagItem).to receive(:load).with(bag_name, item_name).and_return(data_bag_with_encoded_hash) + expect(knife).to receive(:edit_data).with(plain_hash).and_return(edited_hash) + expect(Chef::EncryptedDataBagItem).to receive(:encrypt_data_bag_item).with(edited_hash, secret).and_return(enc_edited_hash) + expect(rest).to receive(:put_rest).with("data/#{bag_name}/#{item_name}", enc_edited_hash).ordered + + knife.run end - it "decrypts and encrypts via --secret and --encrypted" do - @knife.stub(:config).and_return({:secret => @secret, :encrypted => true}) - @knife.should_receive(:edit_data).with(@plain_data).and_return(@edited_data) - @rest.should_receive(:put_rest).with("data/bag_name/item_name", @enc_edited_data).ordered + it "edits an unencrypted data bag and encrypts it" do + expect(knife).to receive(:encrypted?) { false } + expect(Chef::DataBagItem).to receive(:load).with(bag_name, item_name).and_return(plain_db) + expect(knife).to receive(:edit_data).with(plain_db).and_return(edited_hash) + expect(Chef::EncryptedDataBagItem).to receive(:encrypt_data_bag_item).with(edited_hash, secret).and_return(enc_edited_hash) + expect(rest).to receive(:put_rest).with("data/#{bag_name}/#{item_name}", enc_edited_hash).ordered - @knife.run + knife.run end - it "decrypts and encrypts via --secret_file and --encrypted" do - @knife.stub(:config).and_return({:secret_file => @secret_file.path, :encrypted => true}) - @knife.should_receive(:edit_data).with(@plain_data).and_return(@edited_data) - @rest.should_receive(:put_rest).with("data/bag_name/item_name", @enc_edited_data).ordered + it "fails to edit an encrypted data bag if the secret is missing" do + allow(knife).to receive(:encryption_secret_provided?) { false } + expect(Chef::DataBagItem).to receive(:load).with(bag_name, item_name).and_return(data_bag_with_encoded_hash) - @knife.run + expect(knife.ui).to receive(:fatal).with("You cannot edit an encrypted data bag without providing the secret.") + expect {knife.run}.to exit_with_code(1) end + end end |