chef-vault-testfixtures 0.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 40a722deedcbf099b45c88908a5a220547084dc6
+  data.tar.gz: aa04d1e8e99a94b72ee12fba6e3541b81f3cc21b
+SHA512:
+  metadata.gz: 33644416bda7fda97172ba9e79216d0ba7c2f930cbcf3ed1ee3b75dcf2938bb753ad49ef75089ae3dd7a18bda7064f9e14051c695f66135b24edc89e0e7e4552
+  data.tar.gz: a81fc11dac06193f59aee78a88f9ea2ae1ae9eb7ecdf0f4d03c0da0d76a03bf94f19bf2910e79421f1f4e82bfb4c1d140668d2f71bad0072dbdaaae75b21c941

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--require spec_helper

data/.rubocop.yml

@@ -0,0 +1,14 @@
+AllCops:
+  Exclude:
+    - '**/Gemfile'
+    - '**/*.gemspec'
+
+Style/RegexpLiteral:
+  Exclude:
+    - '**/Guardfile'
+
+Style/Documentation:
+  Exclude:
+    - 'spec/**/*.rb'
+    - lib/chef-vault/test_fixtures/version.rb
+    - lib/hoe/markdown.rb

data/.yardopts

@@ -0,0 +1,4 @@
+-
+README.rdoc
+History.rdoc
+lib/**/*.rb

data/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org/'
+
+gemspec

data/Guardfile

@@ -0,0 +1,16 @@
+# prevent dropping into pry when nothing is happening
+interactor :off
+
+guard :rubocop, all_on_start: true, cli: ['-D'] do
+  watch(%r{bin/.+$})
+  watch(%r{.+\.rb$})
+  watch(%r{(?:.+/)?\.rubocop\.yml$}) { |m| File.dirname(m[0]) }
+  watch('Gemfile')
+  watch('Rakefile')
+end
+
+guard :rspec, all_on_start: true, cmd: 'bundle exec rescue rspec' do
+  watch(%r{^spec/(.+)_spec\.rb$})
+  watch(%r{^lib/(.+)\.rb$})           { |m| "spec/lib/#{m[1]}_spec.rb" }
+  watch(%r{^spec/spec_helper.*\.rb$}) { 'spec' }
+end

data/History.md

@@ -0,0 +1,10 @@
+# Changelog for chef-vault-testfixtures
+
+## 0.1.1
+
+* fix disconnect between docs and code for shared context method
+* remove Hoe test plugin so we don't double up on test runs
+
+## 0.1.0
+
+* initial version

data/Manifest.txt

@@ -0,0 +1,16 @@
+.rspec
+.rubocop.yml
+.yardopts
+Gemfile
+Guardfile
+History.md
+Manifest.txt
+README.md
+Rakefile
+chef-vault-testfixtures.gemspec
+lib/chef-vault/test_fixtures.rb
+lib/hoe/markdown.rb
+spec/lib/chef-vault/test_fixtures_spec.rb
+spec/spec_helper.rb
+spec/support/chef-vault/test_fixtures/bar.rb
+spec/support/chef-vault/test_fixtures/foo.rb

data/README.md

@@ -0,0 +1,207 @@
+# chef-vault-testfixtures
+
+* home :: https://github.com/Nordstrom/chef-vault-testfixtures
+* license :: [Apache2](http://www.apache.org/licenses/LICENSE-2.0)
+
+## DESCRIPTION
+
+chef-vault-testfixtures provides an RSpec shared context that
+dynamically stubs access to chef-vault encrypted data bags.
+
+chef-vault is a gem to manage distribution and control of keys to
+decrypt Chef encrypted data bags.
+
+When testing a cookbook that uses chef-vault, encryption is generally
+out of scope, which results in a large amount of stubs or mocks so that you get back fixture data without performing decryption.
+
+This gem makes testing Chef cookbooks easier using ChefSpec by
+dynamically stubbing attempts to access vault data to return invalid
+(i.e. not real passwords for any of your environments) that are properly
+formatted (e.g. a vault item containing an RSA key really contains one)
+
+The intended use case is that for each group of distinct secrets
+(e.g. an application stack, or a development team) you create one or
+more plugins.  The plugins contain data that is specific to your
+application.
+
+Since plugins can be whitelisted or blacklisted when the shared
+context is created, this makes it easy to only include the appropriate
+secrets in a given cookbook's tests.
+
+Attempts to access secrets that would not be available to a node
+during a real chef-client run will not be mocked, which will cause
+the double to raise an 'unexpected message received' error.
+
+## SYNOPSIS
+
+In the file `spec/support/chef-vault/test_fixtures/foo.rb`:
+
+    class ChefVault
+      class TestFixtures
+        class Foo
+          def bar
+            { 'baz' => 2 }
+          end
+        end
+      end
+    end
+
+In your cookbook Gemfile:
+
+    gem 'chef-vault-testfixtures', '~> 0.1'
+
+In your cookbook `spec/spec_helper.rb`:
+
+    require 'chef-vault/test_fixtures'
+
+In a cookbook example:
+
+    RSpec.describe 'my_cookbook::default' do
+      include ChefVault::TestFixtures.rspec_shared_context
+
+      let(:chef_run) { ChefSpec::SoloRunner.new.converge(described_recipe) }
+
+      it 'should converge' do
+        expect(chef_run).to include_recipe(described_recipe)
+      end
+    end
+
+The recipe that the example tests:
+
+    chef_gem 'chef-vault' do
+      compile_time true if respond_to?(:compile_time)
+    end
+    require 'chef-vault'
+    item = ChefVault::Item.load('foo', 'bar')
+    file '/tmp/foo' do
+      contents item['password']
+    end
+
+The call to `ChefVault::Item.load` will be stubbed so that you don't
+need pre-encrypted data or private keys to run your specs.
+
+## PLUGINS
+
+This gem uses [little-plugger](https://rubygems.org/gems/little-plugger)
+to make adding vault fixtures easy.  Each data bag needs a plugin
+named using [little-pluggers's rules](https://github.com/TwP/little-plugger/blob/master/lib/little-plugger.rb#L13-24).
+
+The plugin must define a class inside the naming hierarchy
+`ChefVault::TestFixtures::`.  The class name should be the filename
+converted to CamelCase (e.g. `foo_bar.rb` = `FooBar`)
+
+Inside of the plugin, define a class method for each vault item you
+want to stub.  The method must return a Hash, which contains the
+vault data.
+
+For example, if you wanted to stub the data bag item foo/bar, you would
+create the class `ChefVault::TestFixtures::Foo` and inside define a class method `bar`.
+
+### ALIASING VAULT ITEMS
+
+If you want your vault to return the same data for two different
+vault items, just alias the method:
+
+    class ChefVault
+      class TestFixtures
+        class MyApp
+          def test
+            { 'baz' => 1 }
+          end
+
+          alias_method :prod, :test
+        end
+      end
+    end
+
+Now you will get the same value for:
+
+    ChefVault::Item.load('my_app', 'test')['baz']
+
+as you do from
+
+    ChefVault::Item.load('my_app', 'prod')['baz']
+
+This can be useful when your vaults use `node.chef_environment`
+(or a derivative thereof) for the item name.
+
+## FINDING VAULTS
+
+LittlePlugger loads any files in any installed gem that match
+the pathspec `lib/chef-vault/test_fixtures/*.rb`.  Plugin classes
+that are loaded using 'require' are also available as vaults.
+
+You can bundle one or more plugins as a gem that you can distribute
+publicly or privately, or you can distribute them baked into your cookbook.
+
+For example, in a cookbook create the file `spec/support/chef-vault/test_fixtures/foo.rb`
+with the same contents as above.  LittlePlugger will not find
+this automatically because it's not part of an installed gem, but
+by requiring it from your `spec/spec_helper.rb`:
+
+    require 'support/chef-vault/test_fixtures/foo'
+
+It will be available when `ChefVault::TestFixtures.rspec_shared_context` is called.
+
+Note that LittlePlugger excludes any plugins that have a class name
+all in capitals (because it assumes those are constants).  A plugin
+for database secrets should be named `Db` instead of `DB`.  However,
+this is only of interest to plugin authors.  When selecting the plugins
+to load, the names are always lowercase symbols.
+
+## LISTING VAULTS
+
+To get a list of the stubbed vaults, call
+
+    ChefVault::TestFixtures.load_plugins
+    list = ChefVault::TestFixtures.plugins.keys
+
+The return from `::plugins` is a hash of plugin names (as symbols)
+to the class or module that provide them.
+
+The plugin name is always a lowercase symbol.
+
+## RESTRICTING WHICH VAULTS ARE USED
+
+Thanks to Little Plugger, you can change what plugins (vaults) will
+be loaded the first time that `#rspec_shared_context` is called.
+
+To only load certain plugins, call
+
+    ChefVault::TestFixtures.plugin :pluginone, :plugintwo
+
+before calling `ChefVault::TestFixtures.rspec_shared_context`.
+
+To prevent certain plugins from being loaded, call
+
+    ChefVault::TestFixtures.disregard_plugin :pluginthree
+
+before calling `ChefVault::TestFixtures.rspec_shared_context`.
+
+Note that the context is memoized on first call, so calling `::plugin` or `::disregard_plugin` after calling `::rspec_shared_context` will not change what vaults are available.
+
+## COMPANION COOKBOOK FOR TEST KITCHEN
+
+A [companion cookbook](https://supermarket.chef.io/cookbooks/chef_vault_testfixtures)
+is also available that uses the same data to populate vaults during
+Test Kitchen integration runs.
+
+## AUTHOR
+
+James FitzGibbon - james.i.fitzgibbon@nordstrom.com - @jf647
+
+## LICENSE
+
+Copyright 2015 Nordstrom, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/Rakefile

@@ -0,0 +1,90 @@
+require 'chef-vault/test_fixtures'
+
+begin
+  require 'hoe'
+  require 'hoe/markdown'
+  Hoe.plugin :gemspec
+  Hoe.plugin :markdown
+  Hoe.plugins.delete :test
+  Hoe.spec 'chef-vault-testfixtures' do |s|
+    s.version = ChefVault::TestFixtures::VERSION
+    developer 'James FitzGibbon', 'james.i.fitzgibbon@nordstrom.com'
+    license 'apache2'
+    extra_deps << ['rspec', '~> 3.1']
+    extra_deps << ['chef-vault', '~> 2.5']
+    extra_deps << ['little-plugger', '~> 1.1']
+    extra_deps << ['chef', '>= 11.14']
+    extra_dev_deps << ['hoe', '~> 3.13']
+    extra_dev_deps << ['hoe-gemspec', '~> 1.0']
+    extra_dev_deps << ['rake', '~> 10.3']
+    extra_dev_deps << ['rspec', '~> 3.1']
+    extra_dev_deps << ['guard', '~> 2.12']
+    extra_dev_deps << ['guard-rspec', '~> 4.2']
+    extra_dev_deps << ['guard-rake', '~> 0.0']
+    extra_dev_deps << ['guard-rubocop', '~> 1.2']
+    extra_dev_deps << ['rubocop', '~> 0.29']
+    extra_dev_deps << ['simplecov', '~> 0.9']
+    extra_dev_deps << ['simplecov-console', '~> 0.2']
+    extra_dev_deps << ['pry-byebug', '~> 3.0']
+    extra_dev_deps << ['pry-rescue', '~> 1.3']
+    extra_dev_deps << ['pry-stack_explorer', '~> 0.4']
+    extra_dev_deps << ['yard', '~> 0.8']
+  end
+  # re-generate our gemspec before packaging
+  task package: 'gem:spec'
+rescue LoadError
+  puts 'hoe not available; disabling tasks'
+end
+
+# Style Tests
+begin
+  require 'rubocop/rake_task'
+  RuboCop::RakeTask.new do |t|
+    t.formatters = ['progress']
+    t.options = ['-D']
+    t.patterns = %w(
+      bin/*
+      lib/**/*.rb
+      spec/**/*.rb
+      ./Rakefile
+    )
+  end
+  desc 'Run Style Tests'
+  task style: [:rubocop]
+rescue LoadError
+  puts 'rubocop not available; disabling tasks'
+end
+
+# Unit Tests
+begin
+  require 'rspec/core/rake_task'
+  RSpec::Core::RakeTask.new
+
+  # Coverage
+  desc 'Generate unit test coverage report'
+  task :coverage do
+    ENV['COVERAGE'] = 'true'
+    Rake::Task[:test].invoke
+  end
+
+  # test is an alias for spec
+  desc 'runs unit tests'
+  task test: :spec
+
+  # default is to test everything
+  desc 'runs all tests'
+  task default: :test
+rescue LoadError
+  puts 'rspec not available; disabling tasks'
+end
+
+# Documentation
+begin
+  require 'yard'
+  require 'yard/rake/yardoc_task'
+  YARD::Rake::YardocTask.new(:doc) do |t|
+    t.stats_options = ['--list-undoc']
+  end
+rescue LoadError
+  puts 'yard not available; disabling tasks'
+end

data/chef-vault-testfixtures.gemspec

@@ -0,0 +1,87 @@
+# -*- encoding: utf-8 -*-
+# stub: chef-vault-testfixtures 0.1.1.20150223230658 ruby lib
+
+Gem::Specification.new do |s|
+  s.name = "chef-vault-testfixtures"
+  s.version = "0.1.1.20150223230658"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.require_paths = ["lib"]
+  s.authors = ["James FitzGibbon"]
+  s.date = "2015-02-24"
+  s.description = "chef-vault-testfixtures provides an RSpec shared context that\ndynamically stubs access to chef-vault encrypted data bags.\n\nchef-vault is a gem to manage distribution and control of keys to\ndecrypt Chef encrypted data bags.\n\nWhen testing a cookbook that uses chef-vault, encryption is generally\nout of scope, which results in a large amount of stubs or mocks so that you get back fixture data without performing decryption.\n\nThis gem makes testing Chef cookbooks easier using ChefSpec by\ndynamically stubbing attempts to access vault data to return invalid\n(i.e. not real passwords for any of your environments) that are properly\nformatted (e.g. a vault item containing an RSA key really contains one)\n\nThe intended use case is that for each group of distinct secrets\n(e.g. an application stack, or a development team) you create one or\nmore plugins.  The plugins contain data that is specific to your\napplication.\n\nSince plugins can be whitelisted or blacklisted when the shared\ncontext is created, this makes it easy to only include the appropriate\nsecrets in a given cookbook's tests.\n\nAttempts to access secrets that would not be available to a node\nduring a real chef-client run will not be mocked, which will cause\nthe double to raise an 'unexpected message received' error."
+  s.email = ["james.i.fitzgibbon@nordstrom.com"]
+  s.extra_rdoc_files = ["History.md", "Manifest.txt", "README.md"]
+  s.files = [".rspec", ".rubocop.yml", ".yardopts", "Gemfile", "Guardfile", "History.md", "Manifest.txt", "README.md", "Rakefile", "chef-vault-testfixtures.gemspec", "lib/chef-vault/test_fixtures.rb", "lib/hoe/markdown.rb", "spec/lib/chef-vault/test_fixtures_spec.rb", "spec/spec_helper.rb", "spec/support/chef-vault/test_fixtures/bar.rb", "spec/support/chef-vault/test_fixtures/foo.rb"]
+  s.homepage = "https://github.com/Nordstrom/chef-vault-testfixtures"
+  s.licenses = ["apache2"]
+  s.rdoc_options = ["--main", "README.md"]
+  s.rubygems_version = "2.4.4"
+  s.summary = "chef-vault-testfixtures provides an RSpec shared context that dynamically stubs access to chef-vault encrypted data bags"
+
+  if s.respond_to? :specification_version then
+    s.specification_version = 4
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<rspec>, ["~> 3.1"])
+      s.add_runtime_dependency(%q<chef-vault>, ["~> 2.5"])
+      s.add_runtime_dependency(%q<little-plugger>, ["~> 1.1"])
+      s.add_runtime_dependency(%q<chef>, [">= 11.14"])
+      s.add_development_dependency(%q<rdoc>, ["~> 4.0"])
+      s.add_development_dependency(%q<hoe>, ["~> 3.13"])
+      s.add_development_dependency(%q<hoe-gemspec>, ["~> 1.0"])
+      s.add_development_dependency(%q<rake>, ["~> 10.3"])
+      s.add_development_dependency(%q<guard>, ["~> 2.12"])
+      s.add_development_dependency(%q<guard-rspec>, ["~> 4.2"])
+      s.add_development_dependency(%q<guard-rake>, ["~> 0.0"])
+      s.add_development_dependency(%q<guard-rubocop>, ["~> 1.2"])
+      s.add_development_dependency(%q<rubocop>, ["~> 0.29"])
+      s.add_development_dependency(%q<simplecov>, ["~> 0.9"])
+      s.add_development_dependency(%q<simplecov-console>, ["~> 0.2"])
+      s.add_development_dependency(%q<pry-byebug>, ["~> 3.0"])
+      s.add_development_dependency(%q<pry-rescue>, ["~> 1.3"])
+      s.add_development_dependency(%q<pry-stack_explorer>, ["~> 0.4"])
+      s.add_development_dependency(%q<yard>, ["~> 0.8"])
+    else
+      s.add_dependency(%q<rspec>, ["~> 3.1"])
+      s.add_dependency(%q<chef-vault>, ["~> 2.5"])
+      s.add_dependency(%q<little-plugger>, ["~> 1.1"])
+      s.add_dependency(%q<chef>, [">= 11.14"])
+      s.add_dependency(%q<rdoc>, ["~> 4.0"])
+      s.add_dependency(%q<hoe>, ["~> 3.13"])
+      s.add_dependency(%q<hoe-gemspec>, ["~> 1.0"])
+      s.add_dependency(%q<rake>, ["~> 10.3"])
+      s.add_dependency(%q<guard>, ["~> 2.12"])
+      s.add_dependency(%q<guard-rspec>, ["~> 4.2"])
+      s.add_dependency(%q<guard-rake>, ["~> 0.0"])
+      s.add_dependency(%q<guard-rubocop>, ["~> 1.2"])
+      s.add_dependency(%q<rubocop>, ["~> 0.29"])
+      s.add_dependency(%q<simplecov>, ["~> 0.9"])
+      s.add_dependency(%q<simplecov-console>, ["~> 0.2"])
+      s.add_dependency(%q<pry-byebug>, ["~> 3.0"])
+      s.add_dependency(%q<pry-rescue>, ["~> 1.3"])
+      s.add_dependency(%q<pry-stack_explorer>, ["~> 0.4"])
+      s.add_dependency(%q<yard>, ["~> 0.8"])
+    end
+  else
+    s.add_dependency(%q<rspec>, ["~> 3.1"])
+    s.add_dependency(%q<chef-vault>, ["~> 2.5"])
+    s.add_dependency(%q<little-plugger>, ["~> 1.1"])
+    s.add_dependency(%q<chef>, [">= 11.14"])
+    s.add_dependency(%q<rdoc>, ["~> 4.0"])
+    s.add_dependency(%q<hoe>, ["~> 3.13"])
+    s.add_dependency(%q<hoe-gemspec>, ["~> 1.0"])
+    s.add_dependency(%q<rake>, ["~> 10.3"])
+    s.add_dependency(%q<guard>, ["~> 2.12"])
+    s.add_dependency(%q<guard-rspec>, ["~> 4.2"])
+    s.add_dependency(%q<guard-rake>, ["~> 0.0"])
+    s.add_dependency(%q<guard-rubocop>, ["~> 1.2"])
+    s.add_dependency(%q<rubocop>, ["~> 0.29"])
+    s.add_dependency(%q<simplecov>, ["~> 0.9"])
+    s.add_dependency(%q<simplecov-console>, ["~> 0.2"])
+    s.add_dependency(%q<pry-byebug>, ["~> 3.0"])
+    s.add_dependency(%q<pry-rescue>, ["~> 1.3"])
+    s.add_dependency(%q<pry-stack_explorer>, ["~> 0.4"])
+    s.add_dependency(%q<yard>, ["~> 0.8"])
+  end
+end

data/lib/chef-vault/test_fixtures.rb

@@ -0,0 +1,66 @@
+require 'rspec'
+require 'rspec/core/shared_context'
+require 'chef-vault'
+require 'little-plugger'
+
+class ChefVault
+  # dynamic RSpec contexts for cookbooks that use chef-vault
+  class TestFixtures
+    VERSION = '0.1.1'
+
+    extend LittlePlugger path: 'chef-vault/test_fixtures',
+                         module: ChefVault::TestFixtures
+
+    # dynamically creates a memoized RSpec shared context
+    # that when included into an example group will stub
+    # ChefVault::Item for each of the defined vaults. The
+    # context is memoized and only created once
+    # @return [Module] the RSpec shared context
+    class << self
+      # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
+      def rspec_shared_context
+        @context ||= begin
+          load_plugins
+          Module.new do
+            extend RSpec::Core::SharedContext
+
+            before do
+              ChefVault::TestFixtures.plugins.each do |vault, klass|
+                stub_vault(vault, klass)
+              end
+            end
+
+            private
+
+            def stub_vault(vaultname, pluginclass)
+              plugin = pluginclass.new
+              # stub a vault item for each method defined by the plugin
+              pluginclass.instance_methods(false).each do |item|
+                fakevault = make_fakevault(vaultname, item)
+                # stub lookup of each of the vault item keys
+                plugin.send(item).each do |k, v|
+                  allow(fakevault).to receive(:[]).with(k).and_return(v)
+                end
+                # stub chef-vault to return the fake vault
+                allow(ChefVault::Item).to(
+                  receive(:load)
+                  .with(vaultname.to_s, item.to_s)
+                  .and_return(fakevault)
+                )
+              end
+            end
+
+            def make_fakevault(vault, item)
+              fakevault = double "vault item #{vault}/#{item}"
+              allow(fakevault).to receive(:[]=).with(String, Object)
+              allow(fakevault).to receive(:clients).with(String)
+              allow(fakevault).to receive(:save)
+              fakevault
+            end
+          end
+        end
+      end
+      # rubocop:enable Metrics/AbcSize, Metrics/MethodLength
+    end
+  end
+end

data/lib/hoe/markdown.rb

@@ -0,0 +1,12 @@
+class Hoe
+  module Markdown
+    def initialize_markdown
+      self.readme_file = readme_file.sub(/\.txt$/, '.md')
+      self.history_file = history_file.sub(/\.txt$/, '.md')
+    end
+
+    def define_markdown_tasks
+      # do nothing
+    end
+  end
+end

data/spec/lib/chef-vault/test_fixtures_spec.rb

@@ -0,0 +1,113 @@
+require 'chef-vault/test_fixtures'
+
+# sample plugins
+require 'support/chef-vault/test_fixtures/foo.rb'
+require 'support/chef-vault/test_fixtures/bar.rb'
+
+# LittlePlugger doesn't expect to have its inclusion/exclusion
+# lists reset in a single process, so we have to monkeypatch
+# in some testing functionality
+module LittlePlugger
+  module ClassMethods
+    def clear_plugins
+      @plugin_names = []
+      @disregard_plugin = []
+      @loaded = {}
+    end
+  end
+end
+
+# same with ChefVault::TestFixtures
+class ChefVault
+  class TestFixtures
+    class << self
+      def clear_context
+        @context = nil
+      end
+    end
+  end
+end
+
+RSpec.describe ChefVault::TestFixtures do
+  include ChefVault::TestFixtures.rspec_shared_context
+
+  before do
+    ChefVault::TestFixtures.clear_plugins
+    ChefVault::TestFixtures.clear_context
+  end
+
+  describe 'Generic functionality' do
+    it 'should be able to load plugins' do
+      expect(ChefVault::TestFixtures.plugins).to be_a(Hash)
+    end
+
+    it 'should load the expected vaults' do
+      expect(ChefVault::TestFixtures.plugins.keys).to(
+        contain_exactly(:foo, :bar)
+      )
+    end
+
+    it 'can create an RSpec shared context' do
+      sc = ChefVault::TestFixtures.rspec_shared_context
+      expect(sc).to be_a(Module)
+      expect(sc).to be_a(RSpec::Core::SharedContext)
+    end
+
+    it 'should only create one shared context' do
+      mod1 = ChefVault::TestFixtures.rspec_shared_context
+      mod2 = ChefVault::TestFixtures.rspec_shared_context
+      expect(mod2).to be(mod1)
+    end
+
+    it 'allows for the plugin list to be make explicit' do
+      ChefVault::TestFixtures.plugin :foo
+      expect(ChefVault::TestFixtures.plugins).to include(:foo)
+      expect(ChefVault::TestFixtures.plugins).not_to include(:bar)
+    end
+
+    it 'allows for plugins to be blacklisted' do
+      ChefVault::TestFixtures.disregard_plugin :foo
+      expect(ChefVault::TestFixtures.plugins).not_to include(:foo)
+      expect(ChefVault::TestFixtures.plugins).to include(:bar)
+    end
+  end
+
+  describe 'Stub a Vault' do
+    it 'it should stub the foo/bar vault item' do
+      ChefVault::TestFixtures.plugins
+      baz = ChefVault::Item.load('foo', 'bar')['baz']
+      expect(baz).to eq(2)
+    end
+
+    it 'it should stub the bar/foo vault item' do
+      ChefVault::TestFixtures.plugins
+      baz = ChefVault::Item.load('bar', 'foo')['baz']
+      expect(baz).to eq(1)
+    end
+
+    it 'should allow access to the aliased bar/gzonk vault item' do
+      ChefVault::TestFixtures.plugins
+      item1 = ChefVault::Item.load('bar', 'foo')
+      item2 = ChefVault::Item.load('bar', 'gzonk')
+      expect(item1['baz']).to eq(item2['baz'])
+    end
+
+    it 'should allow and ignore an attempt to change a vault' do
+      ChefVault::TestFixtures.plugins
+      item = ChefVault::Item.load('bar', 'foo')
+      item['foo'] = 'foo'
+    end
+
+    it 'should allow and ignore an attempt to set the clients' do
+      ChefVault::TestFixtures.plugins
+      item = ChefVault::Item.load('bar', 'foo')
+      item.clients('*:*')
+    end
+
+    it 'should allow and ignore an attempt to save' do
+      ChefVault::TestFixtures.plugins
+      item = ChefVault::Item.load('bar', 'foo')
+      item.save
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,23 @@
+if ENV['COVERAGE']
+  require 'simplecov'
+  require 'simplecov-console'
+  SimpleCov.formatters = [
+    SimpleCov::Formatter::HTMLFormatter,
+    SimpleCov::Formatter::Console
+  ]
+  SimpleCov.start
+end
+
+RSpec.configure do |config|
+  config.expect_with :rspec do |expectations|
+    expectations.include_chain_clauses_in_custom_matcher_descriptions = true
+  end
+
+  config.mock_with :rspec do |mocks|
+    mocks.verify_partial_doubles = true
+  end
+
+  config.disable_monkey_patching!
+  config.order = :random
+  Kernel.srand config.seed
+end

data/spec/support/chef-vault/test_fixtures/bar.rb

@@ -0,0 +1,11 @@
+class ChefVault
+  class TestFixtures
+    class Bar
+      def foo
+        { 'baz' => 1 }
+      end
+
+      alias_method :gzonk, :foo
+    end
+  end
+end

data/spec/support/chef-vault/test_fixtures/foo.rb

@@ -0,0 +1,9 @@
+class ChefVault
+  class TestFixtures
+    class Foo
+      def bar
+        { 'baz' => 2 }
+      end
+    end
+  end
+end

metadata

@@ -0,0 +1,358 @@
+--- !ruby/object:Gem::Specification
+name: chef-vault-testfixtures
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+platform: ruby
+authors:
+- James FitzGibbon
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-02-24 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+- !ruby/object:Gem::Dependency
+  name: chef-vault
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.5'
+- !ruby/object:Gem::Dependency
+  name: little-plugger
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: chef
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '11.14'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '11.14'
+- !ruby/object:Gem::Dependency
+  name: rdoc
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: hoe
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.13'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.13'
+- !ruby/object:Gem::Dependency
+  name: hoe-gemspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.3'
+- !ruby/object:Gem::Dependency
+  name: guard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.12'
+- !ruby/object:Gem::Dependency
+  name: guard-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.2'
+- !ruby/object:Gem::Dependency
+  name: guard-rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.0'
+- !ruby/object:Gem::Dependency
+  name: guard-rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.29'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.29'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+- !ruby/object:Gem::Dependency
+  name: simplecov-console
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+- !ruby/object:Gem::Dependency
+  name: pry-byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: pry-rescue
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: pry-stack_explorer
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+description: |-
+  chef-vault-testfixtures provides an RSpec shared context that
+  dynamically stubs access to chef-vault encrypted data bags.
+
+  chef-vault is a gem to manage distribution and control of keys to
+  decrypt Chef encrypted data bags.
+
+  When testing a cookbook that uses chef-vault, encryption is generally
+  out of scope, which results in a large amount of stubs or mocks so that you get back fixture data without performing decryption.
+
+  This gem makes testing Chef cookbooks easier using ChefSpec by
+  dynamically stubbing attempts to access vault data to return invalid
+  (i.e. not real passwords for any of your environments) that are properly
+  formatted (e.g. a vault item containing an RSA key really contains one)
+
+  The intended use case is that for each group of distinct secrets
+  (e.g. an application stack, or a development team) you create one or
+  more plugins.  The plugins contain data that is specific to your
+  application.
+
+  Since plugins can be whitelisted or blacklisted when the shared
+  context is created, this makes it easy to only include the appropriate
+  secrets in a given cookbook's tests.
+
+  Attempts to access secrets that would not be available to a node
+  during a real chef-client run will not be mocked, which will cause
+  the double to raise an 'unexpected message received' error.
+email:
+- james.i.fitzgibbon@nordstrom.com
+executables: []
+extensions: []
+extra_rdoc_files:
+- History.md
+- Manifest.txt
+- README.md
+files:
+- ".rspec"
+- ".rubocop.yml"
+- ".yardopts"
+- Gemfile
+- Guardfile
+- History.md
+- Manifest.txt
+- README.md
+- Rakefile
+- chef-vault-testfixtures.gemspec
+- lib/chef-vault/test_fixtures.rb
+- lib/hoe/markdown.rb
+- spec/lib/chef-vault/test_fixtures_spec.rb
+- spec/spec_helper.rb
+- spec/support/chef-vault/test_fixtures/bar.rb
+- spec/support/chef-vault/test_fixtures/foo.rb
+homepage: https://github.com/Nordstrom/chef-vault-testfixtures
+licenses:
+- apache2
+metadata: {}
+post_install_message: 
+rdoc_options:
+- "--main"
+- README.md
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.4
+signing_key: 
+specification_version: 4
+summary: chef-vault-testfixtures provides an RSpec shared context that dynamically
+  stubs access to chef-vault encrypted data bags
+test_files: []