diff options
author | Jay Mundrawala <jdmundrawala@gmail.com> | 2016-02-03 08:53:02 -0800 |
---|---|---|
committer | Jay Mundrawala <jdmundrawala@gmail.com> | 2016-02-03 08:53:02 -0800 |
commit | 09227432c7a8afeac633023abbeec2e9c14cbd1b (patch) | |
tree | 811fc939d4ccdaf66b0bf6bf7cdef10bb0172191 /spec/unit | |
parent | ab63cd4be967b5d01f6ec856244e4b9af4e896d9 (diff) | |
parent | d1f9d3fe01da4620c983ee9b74cbd973abbff418 (diff) | |
download | chef-09227432c7a8afeac633023abbeec2e9c14cbd1b.tar.gz |
Merge pull request #4481 from chef/jdm/fips-58
Allow use of command line fips switch for knife
Diffstat (limited to 'spec/unit')
-rw-r--r-- | spec/unit/application/knife_spec.rb | 52 | ||||
-rw-r--r-- | spec/unit/application_spec.rb | 2 | ||||
-rw-r--r-- | spec/unit/knife/bootstrap_spec.rb | 37 | ||||
-rw-r--r-- | spec/unit/knife/core/bootstrap_context_spec.rb | 6 |
4 files changed, 95 insertions, 2 deletions
diff --git a/spec/unit/application/knife_spec.rb b/spec/unit/application/knife_spec.rb index 14b02a1d09..416dba4233 100644 --- a/spec/unit/application/knife_spec.rb +++ b/spec/unit/application/knife_spec.rb @@ -82,6 +82,58 @@ describe Chef::Application::Knife do end end + context "when given fips flags" do + context "when Chef::Config[:fips]=false" do + before do + # This is required because the chef-fips pipeline does + # has a default value of true for fips + Chef::Config[:fips] = false + end + + it "does not initialize fips mode when no flags are passed" do + with_argv(*%w{noop knife command}) do + expect(@knife).to receive(:exit).with(0) + expect(Chef::Config).not_to receive(:enable_fips_mode) + @knife.run + expect(Chef::Config[:fips]).to eq(false) + end + end + + it "overwrites the Chef::Config value when passed --fips" do + with_argv(*%w{noop knife command --fips}) do + expect(@knife).to receive(:exit).with(0) + expect(Chef::Config).to receive(:enable_fips_mode) + @knife.run + expect(Chef::Config[:fips]).to eq(true) + end + end + end + + context "when Chef::Config[:fips]=true" do + before do + Chef::Config[:fips] = true + end + + it "initializes fips mode when passed --fips" do + with_argv(*%w{noop knife command --fips}) do + expect(@knife).to receive(:exit).with(0) + expect(Chef::Config).to receive(:enable_fips_mode) + @knife.run + expect(Chef::Config[:fips]).to eq(true) + end + end + + it "overwrites the Chef::Config value when passed --no-fips" do + with_argv(*%w{noop knife command --no-fips}) do + expect(@knife).to receive(:exit).with(0) + expect(Chef::Config).not_to receive(:enable_fips_mode) + @knife.run + expect(Chef::Config[:fips]).to eq(false) + end + end + end + end + describe "when given a path to the client key" do it "expands a relative path relative to the CWD" do relative_path = ".chef/client.pem" diff --git a/spec/unit/application_spec.rb b/spec/unit/application_spec.rb index 6f9719ebd6..1b91aafe8d 100644 --- a/spec/unit/application_spec.rb +++ b/spec/unit/application_spec.rb @@ -148,7 +148,7 @@ describe Chef::Application do end it "sets openssl in fips mode" do - expect(OpenSSL).to receive(:'fips_mode=').with(true) + expect(Chef::Config).to receive(:enable_fips_mode) @app.configure_chef end end diff --git a/spec/unit/knife/bootstrap_spec.rb b/spec/unit/knife/bootstrap_spec.rb index 5556cfab97..e6a78df8ba 100644 --- a/spec/unit/knife/bootstrap_spec.rb +++ b/spec/unit/knife/bootstrap_spec.rb @@ -422,6 +422,42 @@ describe Chef::Knife::Bootstrap do end end + context "when doing fips things" do + let(:template_file) { File.expand_path(File.join(CHEF_SPEC_DATA, "bootstrap", "no_proxy.erb")) } + let(:trusted_certs_dir) { Chef::Util::PathHelper.cleanpath(File.join(File.dirname(__FILE__), "../../data/trusted_certs")) } + + before do + Chef::Config[:knife][:bootstrap_template] = template_file + end + + let(:rendered_template) do + knife.render_template + end + + context "when knife is in fips mode" do + before do + Chef::Config[:fips] = true + end + + it "renders 'fips true'" do + Chef::Config[:fips] = true + expect(rendered_template).to match("fips") + end + end + + context "when knife is not in fips mode" do + before do + # This is required because the chef-fips pipeline does + # has a default value of true for fips + Chef::Config[:fips] = false + end + + it "does not render anything about fips" do + expect(rendered_template).not_to match("fips") + end + end + end + describe "handling policyfile options" do context "when only policy_name is given" do @@ -735,5 +771,4 @@ describe Chef::Knife::Bootstrap do describe "specifying ssl verification" do end - end diff --git a/spec/unit/knife/core/bootstrap_context_spec.rb b/spec/unit/knife/core/bootstrap_context_spec.rb index 1acb1661de..16c0867610 100644 --- a/spec/unit/knife/core/bootstrap_context_spec.rb +++ b/spec/unit/knife/core/bootstrap_context_spec.rb @@ -20,6 +20,12 @@ require "spec_helper" require "chef/knife/core/bootstrap_context" describe Chef::Knife::Core::BootstrapContext do + before do + # This is required because the chef-fips pipeline does + # has a default value of true for fips + Chef::Config[:fips] = false + end + let(:config) { {:foo => :bar, :color => true} } let(:run_list) { Chef::RunList.new("recipe[tmux]", "role[base]") } let(:chef_config) do |