RubyGems - chef-vault-testfixtures - Versions diffs - 0.4.1 → 0.5.0 - Mend

chef-vault-testfixtures 0.4.1 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml +4 -4
data/.rubocop.yml +4 -0
data/Guardfile +1 -0
data/History.md +4 -0
data/README.md +82 -3
data/Rakefile +3 -0
data/chef-vault-testfixtures.gemspec +13 -4
data/lib/chef-vault/test_fixtures.rb +86 -17
data/spec/lib/chef-vault/test_fixtures_spec.rb +13 -30
data/spec/spec_helper.rb +11 -0
metadata +45 -3

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2c1145329f986e4edbf1b757f7e2b7d09b87c8b0
-  data.tar.gz: 6e474ea233078ca1fc0811b83fdcf3ddf333f471
+  metadata.gz: 644e9c5bbb5372faf29af5d11bc7d7580d07fdca
+  data.tar.gz: 42a949fc8bea10c3a4f3d6b63f2a4d811110a7ce
 SHA512:
-  metadata.gz: a1f71a70286b72a489a2759ca0bdc77de747434c5bb4990c8f28991af3b9a2e7fbf785bf52718824c5bf1269a4a752dc781e73111aabed4624e9d3f8d3b8016a
-  data.tar.gz: d83dc649270a02559a29083467f1198fbcc55fab393b112b9b3de69de6e2ff4ef28af8cf3ce15d018f48fc8ebcc366dd72c0f52794ca15eb27e7e6d9c142804e
+  metadata.gz: 5e2eb02210c2483adb5a57e12f0ba1e879eb9fc1aa6f89fd2771e165081dae3b50adc2ac5244b81c848ac7244a5b085deb96a50a505e7384117410ac9015ff91
+  data.tar.gz: 0d9d7006e1a92c22993a1b130e275f24521399de3ab84728403a2a12e000929c53a0a6bef3811f17ccbc98ecc27dddec89e19178eb89642cb78f5ac3d71b6fef

data/.rubocop.yml CHANGED

@@ -2,6 +2,7 @@ AllCops:
   Exclude:
     - '**/Gemfile'
     - '**/*.gemspec'
+    - 'pkg/**/*'
 Style/RegexpLiteral:
   Exclude:
@@ -12,3 +13,6 @@ Style/Documentation:
     - 'spec/**/*.rb'
     - lib/chef-vault/test_fixtures/version.rb
     - lib/hoe/markdown.rb
+Metrics/CyclomaticComplexity:
+  Max: 7

data/Guardfile CHANGED

@@ -10,6 +10,7 @@ guard :rubocop, all_on_start: true, cli: ['-D'] do
 end
 guard :rspec, all_on_start: true, cmd: 'bundle exec rspec' do
+  watch(%r{^spec/recipes/.+_spec\.rb$})
   watch(%r{^spec/(.+)_spec\.rb$})
   watch(%r{^lib/(.+)\.rb$})           { |m| "spec/lib/#{m[1]}_spec.rb" }
   watch(%r{^spec/spec_helper.*\.rb$}) { 'spec' }

data/History.md CHANGED

@@ -1,5 +1,9 @@
 # Changelog for chef-vault-testfixtures
+## 0.5.0
+* breaking change: by default, only stub calls to `ChefVault::Item.load(bag, item)` and `Chef::DataBag.load(bag).key?(item_keys)`.  This allows people who are using the JSON files in test/integration/data_bags to stub unencrypted data bag to do so.  See the README for details of how to continue to stub `ChefVault::DataBagItem.load(bag, item)` and return a fake hash.  Reported by [Dru Goradia](https://github.com/dgoradia-atlas))
 ## 0.4.1
 * fix bug where only the last item for a given vault was stubbed

data/README.md CHANGED

@@ -79,9 +79,88 @@ encrypted data, then checking for the existence of the `_keys` data bag
 item to go along with the normal item.  The [sensu cookbook](https://github.com/sensu/sensu-chef/blob/35ee3aa6fa4ad578cdf751fe6822e3d2b3890d94/libraries/sensu_helpers.rb#L39-55) is a good example
 of this:
-The helper also stubs these methods, so that the probe mechanism should
-consider the data bag to be a vault and call ChefVault::Item.load, which
-is stubbed as described above.
+```
+raw_hash = Chef::DataBagItem.load(data_bag_name, item)
+encrypted = raw_hash.detect do |key, value|
+  if value.is_a?(Hash)
+    value.has_key?("encrypted_data")
+  end
+end
+if encrypted
+  if Chef::DataBag.load(data_bag_name).key? "#{item}_keys"
+    chef_vault_item(data_bag_name, item)
+  else
+    secret = Chef::EncryptedDataBagItem.load_secret
+    Chef::EncryptedDataBagItem.new(raw_hash, secret)
+  end
+else
+  raw_hash
+end
+```
+chef-vault-testfixtures also stubs `Chef::DataBag` so that for every JSON
+file in your test directory, it will think that there is a side-along
+item suffixed with `_keys`.  This satisfies the probes that the chef-vault
+cookbook helper uses.  To address the check for the `encrypted_data` key
+that the sensu cookbook uses, pass a true value to `rspec_shared_context`:
+```
+RSpec.describe 'my_cookbook::default' do
+  include ChefVault::TestFixtures.rspec_shared_context(true)
+end
+```
+Now, when your recipe calls `Chef::DataBagItem.load`, it will
+get back a hash with the same keys as the JSON file, but values which are
+hashes of the form:
+```
+{
+  encrypted_data => '...'
+}
+```
+This is not a valid data bag obviously, but it will satisfy the probe
+and cause code like that in the sensu cookbook to call `ChefVault::Item.load`,
+which is stubbed to return valid data.
+## STUBBING UNENCRYPTED DATA BAGS
+This technique is not a part of this gem, but was brought to my attention
+in an issue.  Credit to Dru Goradia for the approach.  This will let you
+populate an unencrypted data bag from the same JSON files:
+In `spec/spec_helper.rb`:
+```
+require 'chef-vault/test_fixtures'
+require 'json'
+def parse_data_bag (path)
+  data_bags_path = File.expand_path(File.join(File.dirname(__FILE__), '../test/integration/data_bags'))
+  return JSON.parse(File.read("#{data_bags_path}/#{path}"))
+end
+```
+In your test:
+```
+describe 'my_cookbook::default' do
+  include ChefVault::TestFixtures.rspec_shared_context
+  let(:chef_run) do
+    ChefSpec::ServerRunner.new() do |node, server|
+      server.create_data_bag('foo', {
+        'bar' => parse_data_bag('foo/bar.json')
+      })
+    end.converge(described_recipe)
+  end
+  it 'should converge' do
+    expect(chef_run).to include_recipe(described_recipe)
+  end
+end
+```
 ## DEPENDENCIES

data/Rakefile CHANGED

@@ -12,6 +12,7 @@ begin
     license 'apache2'
     extra_deps << ['rspec', '~> 3.1']
     extra_deps << ['chef-vault', '~> 2.5']
+    extra_deps << ['hashie', '~> 2.1']
     extra_dev_deps << ['chef', '~> 12.0']
     extra_dev_deps << ['hoe', '~> 3.13']
     extra_dev_deps << ['hoe-gemspec', '~> 1.0']
@@ -21,6 +22,8 @@ begin
     extra_dev_deps << ['guard-rspec', '~> 4.2']
     extra_dev_deps << ['guard-rake', '~> 0.0']
     extra_dev_deps << ['guard-rubocop', '~> 1.2']
+    extra_dev_deps << ['chefspec', '~> 4.2']
+    extra_dev_deps << ['berkshelf', '~> 3.2']
     extra_dev_deps << ['rubocop', '~> 0.29']
     extra_dev_deps << ['simplecov', '~> 0.9']
     extra_dev_deps << ['simplecov-console', '~> 0.2']

data/chef-vault-testfixtures.gemspec CHANGED

@@ -1,14 +1,14 @@
 # -*- encoding: utf-8 -*-
-# stub: chef-vault-testfixtures 0.4.1.20150424142230 ruby lib
+# stub: chef-vault-testfixtures 0.4.2.20150505160823 ruby lib
 Gem::Specification.new do |s|
   s.name = "chef-vault-testfixtures"
-  s.version = "0.4.1.20150424142230"
+  s.version = "0.4.2.20150505160823"
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.require_paths = ["lib"]
   s.authors = ["James FitzGibbon"]
-  s.date = "2015-04-24"
+  s.date = "2015-05-05"
   s.description = "chef-vault-testfixtures provides an RSpec shared context that\nstubs access to chef-vault encrypted data bags using the same\nfallback mechanism as the `chef_vault_item` helper from the\n[chef-vault cookbook](https://supermarket.chef.io/cookbooks/chef-vault)"
   s.email = ["james.i.fitzgibbon@nordstrom.com"]
   s.extra_rdoc_files = ["History.md", "Manifest.txt", "README.md"]
@@ -16,7 +16,7 @@ Gem::Specification.new do |s|
   s.homepage = "https://github.com/Nordstrom/chef-vault-testfixtures"
   s.licenses = ["apache2"]
   s.rdoc_options = ["--main", "README.md"]
-  s.rubygems_version = "2.4.6"
+  s.rubygems_version = "2.4.4"
   s.summary = "chef-vault-testfixtures provides an RSpec shared context that stubs access to chef-vault encrypted data bags using the same fallback mechanism as the `chef_vault_item` helper from the [chef-vault cookbook](https://supermarket.chef.io/cookbooks/chef-vault)"
   if s.respond_to? :specification_version then
@@ -25,6 +25,7 @@ Gem::Specification.new do |s|
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
       s.add_runtime_dependency(%q<rspec>, ["~> 3.1"])
       s.add_runtime_dependency(%q<chef-vault>, ["~> 2.5"])
+      s.add_runtime_dependency(%q<hashie>, ["~> 2.1"])
       s.add_development_dependency(%q<rdoc>, ["~> 4.0"])
       s.add_development_dependency(%q<chef>, ["~> 12.0"])
       s.add_development_dependency(%q<hoe>, ["~> 3.13"])
@@ -34,6 +35,8 @@ Gem::Specification.new do |s|
       s.add_development_dependency(%q<guard-rspec>, ["~> 4.2"])
       s.add_development_dependency(%q<guard-rake>, ["~> 0.0"])
       s.add_development_dependency(%q<guard-rubocop>, ["~> 1.2"])
+      s.add_development_dependency(%q<chefspec>, ["~> 4.2"])
+      s.add_development_dependency(%q<berkshelf>, ["~> 3.2"])
       s.add_development_dependency(%q<rubocop>, ["~> 0.29"])
       s.add_development_dependency(%q<simplecov>, ["~> 0.9"])
       s.add_development_dependency(%q<simplecov-console>, ["~> 0.2"])
@@ -41,6 +44,7 @@ Gem::Specification.new do |s|
     else
       s.add_dependency(%q<rspec>, ["~> 3.1"])
       s.add_dependency(%q<chef-vault>, ["~> 2.5"])
+      s.add_dependency(%q<hashie>, ["~> 2.1"])
       s.add_dependency(%q<rdoc>, ["~> 4.0"])
       s.add_dependency(%q<chef>, ["~> 12.0"])
       s.add_dependency(%q<hoe>, ["~> 3.13"])
@@ -50,6 +54,8 @@ Gem::Specification.new do |s|
       s.add_dependency(%q<guard-rspec>, ["~> 4.2"])
       s.add_dependency(%q<guard-rake>, ["~> 0.0"])
       s.add_dependency(%q<guard-rubocop>, ["~> 1.2"])
+      s.add_dependency(%q<chefspec>, ["~> 4.2"])
+      s.add_dependency(%q<berkshelf>, ["~> 3.2"])
       s.add_dependency(%q<rubocop>, ["~> 0.29"])
       s.add_dependency(%q<simplecov>, ["~> 0.9"])
       s.add_dependency(%q<simplecov-console>, ["~> 0.2"])
@@ -58,6 +64,7 @@ Gem::Specification.new do |s|
   else
     s.add_dependency(%q<rspec>, ["~> 3.1"])
     s.add_dependency(%q<chef-vault>, ["~> 2.5"])
+    s.add_dependency(%q<hashie>, ["~> 2.1"])
     s.add_dependency(%q<rdoc>, ["~> 4.0"])
     s.add_dependency(%q<chef>, ["~> 12.0"])
     s.add_dependency(%q<hoe>, ["~> 3.13"])
@@ -67,6 +74,8 @@ Gem::Specification.new do |s|
     s.add_dependency(%q<guard-rspec>, ["~> 4.2"])
     s.add_dependency(%q<guard-rake>, ["~> 0.0"])
     s.add_dependency(%q<guard-rubocop>, ["~> 1.2"])
+    s.add_dependency(%q<chefspec>, ["~> 4.2"])
+    s.add_dependency(%q<berkshelf>, ["~> 3.2"])
     s.add_dependency(%q<rubocop>, ["~> 0.29"])
     s.add_dependency(%q<simplecov>, ["~> 0.9"])
     s.add_dependency(%q<simplecov-console>, ["~> 0.2"])

data/lib/chef-vault/test_fixtures.rb CHANGED

@@ -1,14 +1,17 @@
 require 'pathname'
 require 'json'
+require 'hashie/extensions/method_access'
 require 'rspec'
 require 'rspec/core/shared_context'
 require 'chef-vault'
+# chef-vault helps manage encrypted data bags using a node's public key
 class ChefVault
   # dynamic RSpec contexts for cookbooks that use chef-vault
   class TestFixtures
-    VERSION = '0.4.1'
+    # the version of the gem
+    VERSION = '0.5.0'
     # dynamically creates a memoized RSpec shared context
     # that when included into an example group will stub
@@ -17,42 +20,75 @@ class ChefVault
     # @return [Module] the RSpec shared context
     class << self
       # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
-      def rspec_shared_context
+      # created a shared RSpec context that stubs calls to ChefVault::Item.load
+      # @param stub_encrypted_data [Boolean] whether to also stub calls to
+      #   Chef::DataBagItem.load
+      # @return [Module] a shared context to include in your example groups
+      def rspec_shared_context(stub_encrypted_data = false)
         @context ||= begin
           Module.new do
             extend RSpec::Core::SharedContext
-            before { find_vaults }
+            before { find_vaults(stub_encrypted_data) }
             private
-            def find_vaults
+            # finds all the directories in test/integration/data_bags, stubbing
+            # each as a vault
+            # @param stub_encrypted_data [Boolean] whether to also stub calls to
+            #   Chef::DataBagItem.load
+            # return [void]
+            # @api private
+            def find_vaults(stub_encrypted_data)
               dbdir = Pathname.new('test') + 'integration' + 'data_bags'
               dbdir.each_child do |vault|
                 next unless vault.directory?
-                stub_vault(vault)
+                stub_vault(stub_encrypted_data, vault)
               end
             end
-            def stub_vault(vault)
+            # stubs a vault with the contents of JSON files in a directory.
+            # Finds all files in the vault path ending in .json and stubs
+            # each as a vault item.
+            # @param stub_encrypted_data [Boolean] whether to also stub calls to
+            #   Chef::DataBagItem.load
+            # @param vault [Pathname] the path to the directory that will be
+            #   stubbed as a vault
+            # @return [void]
+            # @api private
+            def stub_vault(stub_encrypted_data, vault)
               db = {}
               vault.each_child do |e|
                 next unless e.file?
                 m = e.basename.to_s.downcase.match(/(.+)\.json/i)
-                stub_vault_item(vault.basename.to_s, m[1], e.read, db) if m
+                next unless m
+                content = JSON.parse(e.read)
+                vaultname = vault.basename.to_s
+                stub_vault_item(vaultname, m[1], content, db)
+                if stub_encrypted_data
+                  stub_vault_item_encrypted_data(vaultname, m[1], content)
+                end
               end
             end
-            def stub_vault_item(vault, item, json, db)
-              content = JSON.parse(json)
+            # stubs a vault item with the contents of a parsed JSON string.
+            # If the class-level setting `encrypted_data_stub` is true, then
+            # Chef::DataBagItem.load
+            # @param vault [String] the name of the vault data bag
+            # @param item [String] the name of the vault item
+            # @param content [String] the JSON-encoded contents to populate the
+            #   fake vault with
+            # @param db [Hash] the fake data bag item that contains the item
+            # @return [void]
+            # @api private
+            def stub_vault_item(vault, item, content, db)
               db["#{item}_keys"] = true
-              dbi = {}
               vi = make_fakevault(vault, item)
-              # stub lookup of each of the vault item keys
+              # stub vault lookup of each of the vault item keys
               content.each do |k, v|
                 next if 'id' == k
-                dbi[k] = { 'encrypted_data' => '...' }
                 allow(vi).to receive(:[]).with(k).and_return(v)
               end
@@ -64,11 +100,6 @@ class ChefVault
                   .with(dbname, item)
                   .and_return(vi)
                 )
-                allow(Chef::DataBagItem).to(
-                  receive(:load)
-                  .with(dbname, item)
-                  .and_return(dbi)
-                )
                 allow(Chef::DataBag).to(
                   receive(:load)
                   .with(dbname)
@@ -77,6 +108,39 @@ class ChefVault
               end
             end
+            # stubs Chef::DataBagItem.load to return a fake hash in which
+            # each key of the content returns a hash with single
+            # `encrypted_data` key, which fools some attempts to determine
+            # whether a data bag is a vault
+            # @param vault [String] the name of the vault data bag
+            # @param item [String] the name of the vault item
+            # @param content [String] the JSON-encoded contents to populate the
+            #   fake vault with
+            # @return [void]
+            # @api private
+            def stub_vault_item_encrypted_data(vault, item, content)
+              # stub data bag lookup of each of the vault item keys
+              dbi = ChefVault::TestFixtureDataBagItem.new
+              dbi['raw_data'] = content
+              content.each_key do |k|
+                next if 'id' == k
+                dbi[k] = { 'encrypted_data' => '...' }
+              end
+              [vault, vault.to_sym].each do |dbname|
+                allow(Chef::DataBagItem).to(
+                  receive(:load)
+                  .with(dbname, item)
+                  .and_return(dbi)
+                )
+              end
+            end
+            # returns an RSpec double that acts like a vault item
+            # @param vault [String] the name of the vault data bag
+            # @param item [String] the name of the vault item
+            # @return [RSpec::Mocks::Double] the vault double
+            # @api private
             def make_fakevault(vault, item)
               fakevault = double "vault item #{vault}/#{item}"
               allow(fakevault).to receive(:[]=).with(String, Object)
@@ -90,4 +154,9 @@ class ChefVault
       # rubocop:enable Metrics/AbcSize, Metrics/MethodLength
     end
   end
+  # a hash with method access to stand in for a Chef::DataBagItem
+  class TestFixtureDataBagItem < Hash
+    include Hashie::Extensions::MethodAccess
+  end
 end

data/spec/lib/chef-vault/test_fixtures_spec.rb CHANGED

@@ -1,28 +1,10 @@
 require 'chef-vault/test_fixtures'
-# same with ChefVault::TestFixtures
-class ChefVault
-  class TestFixtures
-    class << self
-      def clear_context
-        @context = nil
-      end
-    end
-  end
-end
 RSpec.describe ChefVault::TestFixtures do
-  include ChefVault::TestFixtures.rspec_shared_context
-  before do
+  describe 'without the encrypted_data stub' do
     ChefVault::TestFixtures.clear_context
-  end
-  after do
-    ChefVault::TestFixtures.clear_context
-  end
+    include ChefVault::TestFixtures.rspec_shared_context(false)
-  describe 'Generic functionality' do
     it 'can create an RSpec shared context' do
       sc = ChefVault::TestFixtures.rspec_shared_context
       expect(sc).to be_a(Module)
@@ -34,9 +16,7 @@ RSpec.describe ChefVault::TestFixtures do
       mod2 = ChefVault::TestFixtures.rspec_shared_context
       expect(mod2).to be(mod1)
     end
-  end
-  describe 'stub ChefVault::Item.load' do
     it 'should stub the foo/bar vault item' do
       baz = ChefVault::Item.load('foo', 'bar')['baz']
       expect(baz).to eq(2)
@@ -78,9 +58,19 @@ RSpec.describe ChefVault::TestFixtures do
       item = ChefVault::Item.load('bar', 'foo')
       item.save
     end
+    it 'should stub the _keys data bag item' do
+      db = Chef::DataBag.load('foo')
+      expect(db.key?('bar_keys')).to be_truthy
+    end
   end
+end
+RSpec.describe ChefVault::TestFixtures do
+  describe 'with the encrypted_data stub' do
+    ChefVault::TestFixtures.clear_context
+    include ChefVault::TestFixtures.rspec_shared_context(true)
-  describe 'stub Chef::DataBagItem.load' do
     it 'should present the foo/bar data bag item as encrypted' do
       dbi = Chef::DataBagItem.load('foo', 'bar')
       encrypted = dbi.detect do |_, v|\
@@ -89,11 +79,4 @@ RSpec.describe ChefVault::TestFixtures do
       expect(encrypted).to be_truthy
     end
   end
-  describe 'stub Chef::DataBag.load' do
-    it 'should fake the foo/bar_keys data bag item' do
-      db = Chef::DataBag.load('foo')
-      expect(db.key?('bar_keys')).to be_truthy
-    end
-  end
 end

data/spec/spec_helper.rb CHANGED

@@ -21,3 +21,14 @@ RSpec.configure do |config|
   config.order = :random
   Kernel.srand config.seed
 end
+# a helper to clear the context between examples
+class ChefVault
+  class TestFixtures
+    class << self
+      def clear_context
+        @context = nil
+      end
+    end
+  end
+end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chef-vault-testfixtures
 version: !ruby/object:Gem::Version
-  version: 0.4.1
+  version: 0.5.0
 platform: ruby
 authors:
 - James FitzGibbon
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-04-24 00:00:00.000000000 Z
+date: 2015-05-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -38,6 +38,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.5'
+- !ruby/object:Gem::Dependency
+  name: hashie
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
 - !ruby/object:Gem::Dependency
   name: rdoc
   requirement: !ruby/object:Gem::Requirement
@@ -164,6 +178,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: chefspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.2'
+- !ruby/object:Gem::Dependency
+  name: berkshelf
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
@@ -270,7 +312,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.4.6
+rubygems_version: 2.4.4
 signing_key:
 specification_version: 4
 summary: chef-vault-testfixtures provides an RSpec shared context that stubs access