diff options
Diffstat (limited to 'spec/unit/knife/data_bag_secret_options_spec.rb')
| -rw-r--r-- | spec/unit/knife/data_bag_secret_options_spec.rb | 138 |
1 files changed, 138 insertions, 0 deletions
diff --git a/spec/unit/knife/data_bag_secret_options_spec.rb b/spec/unit/knife/data_bag_secret_options_spec.rb new file mode 100644 index 0000000000..98e876a5db --- /dev/null +++ b/spec/unit/knife/data_bag_secret_options_spec.rb @@ -0,0 +1,138 @@ +# +# Author:: Tyler Ball (<tball@opscode.com>) +# Copyright:: Copyright (c) 2009-2014 Opscode, Inc. +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require 'spec_helper' +require 'chef/knife' +require 'chef/config' +require 'tempfile' + +class ExampleDataBagCommand < Chef::Knife + include Chef::Knife::DataBagSecretOptions +end + +describe Chef::Knife::DataBagSecretOptions do + let(:example_db) do + k = ExampleDataBagCommand.new + allow(k.ui).to receive(:stdout).and_return(stdout) + k + end + + let(:stdout) { StringIO.new } + + let(:secret) { "abc123SECRET" } + let(:secret_file) do + sfile = Tempfile.new("encrypted_data_bag_secret") + sfile.puts(secret) + sfile.flush + sfile + end + + after do + secret_file.close + secret_file.unlink + end + + describe "#validate_secrets" do + + it "throws an error when provided with both --secret and --secret-file on the CL" do + expect(example_db).to receive(:config).exactly(2).times.and_return({ :secret_file => secret_file.path, :secret => secret }) + expect(example_db).to receive(:exit).with(1) + expect(example_db.ui).to receive(:fatal).with("Please specify only one of --secret, --secret-file") + + example_db.validate_secrets + end + + it "throws an error when provided with `secret` and `secret_file` in knife.rb" do + Chef::Config[:knife][:secret_file] = secret_file.path + Chef::Config[:knife][:secret] = secret + expect(example_db).to receive(:exit).with(1) + expect(example_db.ui).to receive(:fatal).with("Please specify only one of 'secret' or 'secret_file' in your config") + + example_db.validate_secrets + end + + end + + describe "#read_secret" do + + it "returns the secret first" do + expect(example_db).to receive(:config).exactly(2).times.and_return({ :secret_file => secret_file.path, :secret => secret }) + expect(example_db.read_secret).to eq(secret) + end + + it "returns the secret_file only if secret does not exist" do + expect(example_db).to receive(:config).exactly(3).times.and_return({ :secret_file => secret_file.path }) + expect(Chef::EncryptedDataBagItem).to receive(:load_secret).with(secret_file.path).and_return("secret file contents") + expect(example_db.read_secret).to eq("secret file contents") + end + + it "returns the secret from the knife.rb config" do + expect(example_db).to receive(:config).exactly(2).times.and_return({}) + Chef::Config[:knife][:secret_file] = secret_file.path + Chef::Config[:knife][:secret] = secret + expect(example_db.read_secret).to eq(secret) + end + + it "returns the secret_file from the knife.rb config only if the secret does not exist" do + expect(example_db).to receive(:config).exactly(2).times.and_return({}) + Chef::Config[:knife][:secret_file] = secret_file.path + expect(Chef::EncryptedDataBagItem).to receive(:load_secret).with(secret_file.path).and_return("secret file contents") + expect(example_db.read_secret).to eq("secret file contents") + end + + end + + describe "#encryption_secret_provided?" do + + it "returns true if the secret is passed on the CL" do + expect(example_db).to receive(:config).exactly(3).times.and_return({ :secret => secret }) + expect(example_db.encryption_secret_provided?).to eq(true) + end + + it "returns true if the secret_file is passed on the CL" do + expect(example_db).to receive(:config).exactly(3).times.and_return({ :secret_file => secret_file.path }) + expect(example_db.encryption_secret_provided?).to eq(true) + end + + it "returns true if --encrypt is passed on the CL and :secret is in knife.rb" do + expect(example_db).to receive(:config).exactly(4).times.and_return({ :encrypt => true }) + Chef::Config[:knife][:secret] = secret + expect(example_db.encryption_secret_provided?).to eq(true) + end + + it "returns true if --encrypt is passed on the CL and :secret_file is in knife.rb" do + expect(example_db).to receive(:config).exactly(4).times.and_return({ :encrypt => true }) + Chef::Config[:knife][:secret_file] = secret_file.path + expect(example_db.encryption_secret_provided?).to eq(true) + end + + it "throws an error if --encrypt is passed and there is not :secret or :secret_file in the knife.rb" do + expect(example_db).to receive(:config).exactly(4).times.and_return({ :encrypt => true }) + expect(example_db).to receive(:exit).with(1) + expect(example_db.ui).to receive(:fatal).with("No secret or secret_file specified in config, unable to encrypt item.") + example_db.encryption_secret_provided? + end + + it "returns false if no secret is passed" do + expect(example_db).to receive(:config).exactly(4).times.and_return({}) + expect(example_db.encryption_secret_provided?).to eq(false) + end + + end + +end |