Merge pull request #1895 from opscode/mcquin/CHEF-5282

Add --ssl-verify-mode and --[no-]verify-api-cert options.

2 files changed, 96 insertions, 0 deletions

diff --git a/spec/unit/knife/bootstrap_spec.rb b/spec/unit/knife/bootstrap_spec.rb
index f28879fb4e..78be9632f6 100644
--- a/spec/unit/knife/bootstrap_spec.rb
+++ b/spec/unit/knife/bootstrap_spec.rb
@@ -246,6 +246,46 @@ describe Chef::Knife::Bootstrap do
         rendered_template.should match(%r{.*no_proxy\s*"api.opscode.com,172.16.10.\*".*})
       end
     end
+
+    context "via --ssl-verify-mode none" do
+      let(:options) { ["--node-ssl-verify-mode", "none"] }
+
+      it "renders the client.rb with ssl_verify_mode set to :verify_none" do
+        rendered_template.should match(/ssl_verify_mode :verify_none/)
+      end
+    end
+
+    context "via --node-ssl-verify-mode peer" do
+      let(:options) { ["--node-ssl-verify-mode", "peer"] }
+
+      it "renders the client.rb with ssl_verify_mode set to :verify_peer" do
+        rendered_template.should match(/ssl_verify_mode :verify_peer/)
+      end
+    end
+
+    context "via --node-ssl-verify-mode all" do
+      let(:options) { ["--node-ssl-verify-mode", "all"] }
+
+      it "raises error" do
+        lambda{ rendered_template }.should raise_error
+      end
+    end
+
+    context "via --node-verify-api-cert" do
+      let(:options) { ["--node-verify-api-cert"] }
+
+      it "renders the client.rb with verify_api_cert set to true" do
+        rendered_template.should match(/verify_api_cert true/)
+      end
+    end
+
+    context "via --no-node-verify-api-cert" do
+      let(:options) { ["--no-node-verify-api-cert"] }
+
+      it "renders the client.rb with verify_api_cert set to false" do
+        rendered_template.should match(/verify_api_cert false/)
+      end
+    end
   end
 
   describe "specifying the encrypted data bag secret key" do
@@ -483,6 +523,9 @@ describe Chef::Knife::Bootstrap do
       knife_ssh.should_receive(:run).and_raise(Net::SSH::AuthenticationFailed)
       lambda { knife.run }.should raise_error(Net::SSH::AuthenticationFailed)
     end
+  end
+
+  describe "specifying ssl verification" do
 
   end
 
diff --git a/spec/unit/knife/core/bootstrap_context_spec.rb b/spec/unit/knife/core/bootstrap_context_spec.rb
index c5ad531a27..064f8c5621 100644
--- a/spec/unit/knife/core/bootstrap_context_spec.rb
+++ b/spec/unit/knife/core/bootstrap_context_spec.rb
@@ -168,4 +168,57 @@ EXPECTED
       bootstrap_context.latest_current_chef_version_string.should eq("-v #{Chef::VERSION.to_i}")
     end
   end
+
+  describe "ssl_verify_mode" do
+    it "isn't set in the config_content by default" do
+      bootstrap_context.config_content.should_not include("ssl_verify_mode")
+    end
+
+    describe "when configured in config" do
+      let(:chef_config) do
+        {
+          :knife => {:ssl_verify_mode => :verify_peer}
+        }
+      end
+
+      it "uses the config value" do
+        bootstrap_context.config_content.should include("ssl_verify_mode :verify_peer")
+      end
+
+      describe "when configured via CLI" do
+        let(:config) {{:node_ssl_verify_mode => "none"}}
+
+        it "uses CLI value" do
+          bootstrap_context.config_content.should include("ssl_verify_mode :verify_none")
+        end
+      end
+    end
+  end
+
+  describe "verify_api_cert" do
+    it "isn't set in the config_content by default" do
+      bootstrap_context.config_content.should_not include("verify_api_cert")
+    end
+
+    describe "when configured in config" do
+      let(:chef_config) do
+        {
+          :knife => {:verify_api_cert => :false}
+        }
+      end
+
+      it "uses the config value" do
+        bootstrap_context.config_content.should include("verify_api_cert false")
+      end
+
+      describe "when configured via CLI" do
+        let(:config) {{:node_verify_api_cert => true}}
+
+        it "uses CLI value" do
+          bootstrap_context.config_content.should include("verify_api_cert true")
+        end
+      end
+    end
+  end
+
 end