diff options
| author | Marc A. Paradise <marc.paradise@gmail.com> | 2021-07-22 16:32:14 -0400 |
|---|---|---|
| committer | Marc A. Paradise <marc.paradise@gmail.com> | 2021-07-26 17:26:37 -0400 |
| commit | 8c1c3f4767368e629268b89bf5b71a827bd12b5d (patch) | |
| tree | 7c0ef4ef3d64e306882a72f57091660ae3addc02 /spec | |
| parent | 80111b12e3ec63147be8108b9b2167c4ff7ecd9b (diff) | |
| download | chef-8c1c3f4767368e629268b89bf5b71a827bd12b5d.tar.gz | |
Provide run context to secret fetchers
This will allow them to use node attributes for configuration, such
as ohai data for determining region.
Signed-off-by: Marc A. Paradise <marc.paradise@gmail.com>
Diffstat (limited to 'spec')
| -rw-r--r-- | spec/unit/dsl/secret_spec.rb | 10 | ||||
| -rw-r--r-- | spec/unit/secret_fetcher/azure_key_vault_spec.rb | 2 | ||||
| -rw-r--r-- | spec/unit/secret_fetcher_spec.rb | 18 |
3 files changed, 18 insertions, 12 deletions
diff --git a/spec/unit/dsl/secret_spec.rb b/spec/unit/dsl/secret_spec.rb index ee25c511ee..96a915c43d 100644 --- a/spec/unit/dsl/secret_spec.rb +++ b/spec/unit/dsl/secret_spec.rb @@ -21,6 +21,12 @@ require "chef/dsl/secret" require "chef/secret_fetcher/base" class SecretDSLTester include Chef::DSL::Secret + # Because DSL is invoked in the context of a recipe, + # we expect run_context to always be available when SecretFetcher::Base + # requests it - making it safe to mock here + def run_context + nil + end end class SecretFetcherImpl < Chef::SecretFetcher::Base @@ -36,8 +42,8 @@ describe Chef::DSL::Secret do end it "uses SecretFetcher.for_service to find the fetcher" do - substitute_fetcher = SecretFetcherImpl.new({}) - expect(Chef::SecretFetcher).to receive(:for_service).with(:example, {}).and_return(substitute_fetcher) + substitute_fetcher = SecretFetcherImpl.new({}, nil) + expect(Chef::SecretFetcher).to receive(:for_service).with(:example, {}, nil).and_return(substitute_fetcher) expect(substitute_fetcher).to receive(:fetch).with("key1", nil) dsl.secret(name: "key1", service: :example, config: {}) end diff --git a/spec/unit/secret_fetcher/azure_key_vault_spec.rb b/spec/unit/secret_fetcher/azure_key_vault_spec.rb index cf8c5733c9..d41973992b 100644 --- a/spec/unit/secret_fetcher/azure_key_vault_spec.rb +++ b/spec/unit/secret_fetcher/azure_key_vault_spec.rb @@ -23,7 +23,7 @@ require "chef/secret_fetcher/azure_key_vault" describe Chef::SecretFetcher::AzureKeyVault do let(:config) { { vault: "myvault" } } - let(:fetcher) { Chef::SecretFetcher::AzureKeyVault.new(config) } + let(:fetcher) { Chef::SecretFetcher::AzureKeyVault.new(config, nil) } context "when validating configuration and configuration is missing :vault" do context "and configuration does not have a 'vault'" do diff --git a/spec/unit/secret_fetcher_spec.rb b/spec/unit/secret_fetcher_spec.rb index 545176f65a..f6fe2a90b5 100644 --- a/spec/unit/secret_fetcher_spec.rb +++ b/spec/unit/secret_fetcher_spec.rb @@ -28,7 +28,7 @@ class SecretFetcherImpl < Chef::SecretFetcher::Base end describe Chef::SecretFetcher do - let(:fetcher_impl) { SecretFetcherImpl.new({}) } + let(:fetcher_impl) { SecretFetcherImpl.new({}, nil) } before do allow(Chef::SecretFetcher::Example).to receive(:new).and_return fetcher_impl @@ -36,38 +36,38 @@ describe Chef::SecretFetcher do context ".for_service" do it "resolves the example fetcher without error" do - Chef::SecretFetcher.for_service(:example, {}) + Chef::SecretFetcher.for_service(:example, {}, nil) end it "resolves the Azure Key Vault fetcher without error" do - Chef::SecretFetcher.for_service(:azure_key_vault, vault: "invalid") + Chef::SecretFetcher.for_service(:azure_key_vault, { vault: "invalid" }, nil) end it "resolves the AWS fetcher without error" do - Chef::SecretFetcher.for_service(:aws_secrets_manager, region: "invalid") + Chef::SecretFetcher.for_service(:aws_secrets_manager, { region: "invalid" }, nil) end it "raises Chef::Exceptions::Secret::MissingFetcher when service is blank" do - expect { Chef::SecretFetcher.for_service(nil, {}) }.to raise_error(Chef::Exceptions::Secret::MissingFetcher) + expect { Chef::SecretFetcher.for_service(nil, {}, nil) }.to raise_error(Chef::Exceptions::Secret::MissingFetcher) end it "raises Chef::Exceptions::Secret::MissingFetcher when service is nil" do - expect { Chef::SecretFetcher.for_service("", {}) }.to raise_error(Chef::Exceptions::Secret::MissingFetcher) + expect { Chef::SecretFetcher.for_service("", {}, nil) }.to raise_error(Chef::Exceptions::Secret::MissingFetcher) end it "raises Chef::Exceptions::Secret::InvalidFetcher for an unknown fetcher" do - expect { Chef::SecretFetcher.for_service(:bad_example, {}) }.to raise_error(Chef::Exceptions::Secret::InvalidFetcherService) + expect { Chef::SecretFetcher.for_service(:bad_example, {}, nil) }.to raise_error(Chef::Exceptions::Secret::InvalidFetcherService) end it "ensures fetcher configuration is valid by invoking validate!" do expect(fetcher_impl).to receive(:validate!) - Chef::SecretFetcher.for_service(:example, {}) + Chef::SecretFetcher.for_service(:example, {}, nil) end end context "#fetch" do let(:fetcher) { - Chef::SecretFetcher.for_service(:example, { "key1" => "value1" }) + Chef::SecretFetcher.for_service(:example, { "key1" => "value1" }, nil) } it "fetches from the underlying service when secret name is provided " do |