1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
#
# Author:: Seth Falcon (<seth@opscode.com>)
# Copyright:: Copyright 2010-2011 Opscode, Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
require 'spec_helper'
require 'chef/encrypted_data_bag_item'
describe Chef::EncryptedDataBagItem do
before(:each) do
@secret = "abc123SECRET"
@plain_data = {
"id" => "item_name",
"greeting" => "hello",
"nested" => { "a1" => [1, 2, 3], "a2" => { "b1" => true }}
}
@enc_data = Chef::EncryptedDataBagItem.encrypt_data_bag_item(@plain_data,
@secret)
end
describe "encrypting" do
it "should not encrypt the 'id' key" do
@enc_data["id"].should == "item_name"
end
it "should encrypt 'greeting'" do
@enc_data["greeting"].should_not == @plain_data["greeting"]
end
it "should encrypt 'nested'" do
nested = @enc_data["nested"]
nested.class.should == String
nested.should_not == @plain_data["nested"]
end
it "from_plain_hash" do
eh1 = Chef::EncryptedDataBagItem.from_plain_hash(@plain_data, @secret)
eh1.class.should == Chef::EncryptedDataBagItem
end
end
describe "decrypting" do
before(:each) do
@enc_data = Chef::EncryptedDataBagItem.encrypt_data_bag_item(@plain_data,
@secret)
@eh = Chef::EncryptedDataBagItem.new(@enc_data, @secret)
end
it "doesn't try to decrypt 'id'" do
@eh["id"].should == @plain_data["id"]
end
it "decrypts 'greeting'" do
@eh["greeting"].should == @plain_data["greeting"]
end
it "decrypts 'nested'" do
@eh["nested"].should == @plain_data["nested"]
end
it "decrypts everyting via to_hash" do
@eh.to_hash.should == @plain_data
end
it "handles missing keys gracefully" do
@eh["no-such-key"].should be_nil
end
end
describe "loading" do
it "should defer to Chef::DataBagItem.load" do
Chef::DataBagItem.stub(:load).with(:the_bag, "my_codes").and_return(@enc_data)
edbi = Chef::EncryptedDataBagItem.load(:the_bag, "my_codes", @secret)
edbi["greeting"].should == @plain_data["greeting"]
end
end
describe "load_secret" do
it "should read from the default path" do
default_path = "/etc/chef/encrypted_data_bag_secret"
::File.stub(:exists?).with(default_path).and_return(true)
IO.stub(:read).with(default_path).and_return("opensesame")
Chef::EncryptedDataBagItem.load_secret().should == "opensesame"
end
it "should read from Chef::Config[:encrypted_data_bag_secret]" do
path = "/var/mysecret"
Chef::Config[:encrypted_data_bag_secret] = path
::File.stub(:exists?).with(path).and_return(true)
IO.stub(:read).with(path).and_return("opensesame")
Chef::EncryptedDataBagItem.load_secret().should == "opensesame"
end
it "should read from a specified path" do
path = "/var/mysecret"
::File.stub(:exists?).with(path).and_return(true)
IO.stub(:read).with(path).and_return("opensesame")
Chef::EncryptedDataBagItem.load_secret(path).should == "opensesame"
end
it "should read from a URL" do
path = "http://www.opscode.com/"
fake_file = StringIO.new("opensesame")
Kernel.stub(:open).with(path).and_return(fake_file)
Chef::EncryptedDataBagItem.load_secret(path).should == "opensesame"
end
end
end
|
