chef-vault 2.9.2 → 3.0.0.rc1

data/spec/chef-vault/item_spec.rb

@@ -1,67 +1,12 @@
 require "openssl"
-require "rspec/core/shared_context"
-
-# it turns out that simulating a node that doesn't have a public
-# key is not a simple thing
-module BorkedNodeWithoutPublicKey
-  extend RSpec::Core::SharedContext
-
-  before do
-    # a node 'foo' with a public key
-    node_foo = double("chef node foo")
-    allow(node_foo).to receive(:name).and_return("foo")
-    client_foo = double("chef apiclient foo")
-    allow(client_foo).to receive(:name).and_return("foo")
-    privkey = OpenSSL::PKey::RSA.new(1024)
-    pubkey = privkey.public_key
-    allow(client_foo).to receive(:public_key).and_return(pubkey.to_pem)
-    # a node 'bar' without a public key
-    node_bar = double("chef node bar")
-    allow(node_bar).to receive(:name).and_return("bar")
-    # fake out searches to return both of our nodes
-    query_result = double("chef search results")
-    allow(query_result)
-      .to receive(:search)
-      .with(Symbol, String)
-      .and_yield(node_foo).and_yield(node_bar)
-    allow(Chef::Search::Query)
-      .to receive(:new)
-      .and_return(query_result)
-    # create a new vault item
-    @vaultitem = ChefVault::Item.new("foo", "bar")
-    @vaultitem["foo"] = "bar"
-    # make the vault item return the apiclient for foo but raise for bar
-    allow(@vaultitem).to receive(:load_client).with("foo")
-      .and_return(client_foo)
-    allow(@vaultitem).to receive(:load_client).with("bar")
-      .and_raise(ChefVault::Exceptions::ClientNotFound)
-    # make the vault item fall back to 'load-admin-as-client' behaviour
-    http_response = double("http not found")
-    allow(http_response).to receive(:code).and_return("404")
-    http_not_found = Net::HTTPServerException.new("not found", http_response)
-    allow(ChefVault::ChefPatch::User)
-      .to receive(:load)
-      .with("foo")
-      .and_return(client_foo)
-    allow(ChefVault::ChefPatch::User)
-      .to receive(:load)
-      .with("bar")
-      .and_raise(http_not_found)
-  end
-end
 
 RSpec.describe ChefVault::Item do
-  before do
-    @orig_stdout = $stdout
-    $stdout = File.open(File::NULL, "w")
-  end
+  subject(:item) { ChefVault::Item.new("foo", "bar") }
 
-  after do
-    $stdout = @orig_stdout
+  before do
+    item["foo"] = "bar"
   end
 
-  subject(:item) { ChefVault::Item.new("foo", "bar") }
-
   describe "vault probe predicates" do
     before do
       # a normal data bag item
@@ -214,8 +159,7 @@ RSpec.describe ChefVault::Item do
     context 'when item["id"] is bar.bar' do
       let(:item) { ChefVault::Item.new("foo", "bar.bar") }
       it "raises an error on save with an invalid item['id']" do
-        expect { item.save }.to raise_error
-
+        expect { item.save }.to raise_error(RuntimeError)
       end
     end
 
@@ -245,10 +189,10 @@ RSpec.describe ChefVault::Item do
       allow(Chef::Search::Query).to receive(:new).and_return(query)
       allow(query).to receive(:search).and_yield(node)
 
-      client = double("client",
-                     name: "testclient",
-                     public_key: OpenSSL::PKey::RSA.new(1024).public_key)
-      allow(ChefVault::ChefPatch::ApiClient).to receive(:load).and_return(client)
+      client_key = double("client_key",
+                          name: "testnode",
+                          public_key: OpenSSL::PKey::RSA.new(1024).public_key)
+      allow(item).to receive(:load_actor).with("testnode", "clients").and_return(client_key)
 
       expect(item).not_to receive(:save)
       expect(keys).to receive(:save)
@@ -257,38 +201,148 @@ RSpec.describe ChefVault::Item do
   end
 
   describe "#clients" do
-    include BorkedNodeWithoutPublicKey
+    context "when search returns a node with a valid client backing it and one without a valid client" do
+      let(:node_with_valid_client) { double("chef node valid") }
+      let(:node_without_valid_client) { double("chef node no valid client") }
+      let(:query_result) { double("chef search results") }
+      let(:client_key) { double("chef key") }
+
+      before do
+        # node with valid client proper loads client key
+        allow(node_with_valid_client).to receive(:name).and_return("foo")
+        allow(item).to receive(:load_actor).with("foo", "clients").and_return(client_key)
+        privkey = OpenSSL::PKey::RSA.new(1024)
+        pubkey = privkey.public_key
+        allow(client_key).to receive(:key).and_return(pubkey.to_pem)
+        allow(client_key).to receive(:name).and_return("foo")
+        allow(client_key).to receive(:type).and_return("clients")
+
+        # node without client throws relevant error on key load
+        allow(node_without_valid_client).to receive(:name).and_return("bar")
+        allow(item).to receive(:load_actor).with("bar", "clients").and_raise(ChefVault::Exceptions::ClientNotFound)
+
+        allow(query_result)
+          .to receive(:search)
+          .with(Symbol, String)
+          .and_yield(node_with_valid_client).and_yield(node_without_valid_client)
+        allow(Chef::Search::Query)
+          .to receive(:new)
+          .and_return(query_result)
+      end
+
+      it "should not blow up when search returns a node without a public key" do
+        # try to set clients when we know a node is missing a public key
+        # this should not die as of v2.4.1
+        expect { item.clients("*:*") }.not_to raise_error
+      end
 
-    it "should not blow up when search returns a node without a public key" do
-      # try to set clients when we know a node is missing a public key
-      # this should not die as of v2.4.1
-      expect { @vaultitem.clients("*:*") }.not_to raise_error
+      it "should emit a warning if search returns a node without a public key" do
+        # it should however emit a warning that you have a borked node
+        expect(ChefVault::Log).to receive(:warn).with(/node 'bar' has no private key; skipping/)
+        item.clients("*:*")
+      end
     end
 
-    it "should emit a warning if search returns a node without a public key" do
-      # it should however emit a warning that you have a borked node
-      expect { @vaultitem.clients("*:*") }
-        .to output(/node 'bar' has no private key; skipping/).to_stdout
+    context "when a Chef::ApiClient is passed" do
+      let(:client) { Chef::ApiClient.new }
+      let(:client_name) { "foo" }
+      let(:client_key) { double("chef key") }
+
+      before do
+        client.name client_name
+        privkey = OpenSSL::PKey::RSA.new(1024)
+        pubkey = privkey.public_key
+        allow(item).to receive(:load_actor).with(client_name, "clients").and_return(client_key)
+        allow(client_key).to receive(:key).and_return(pubkey.to_pem)
+        allow(client_key).to receive(:name).and_return(client_name)
+        allow(client_key).to receive(:type).and_return("clients")
+      end
+
+      context "when no action is passed" do
+        it "default to add and properly add the client" do
+          item.clients(client)
+          expect(item.get_clients).to include(client_name)
+        end
+
+        it "does not perform a query" do
+          expect(Chef::Search::Query).not_to receive(:new)
+          item.clients(client)
+        end
+      end
+
+      context "when the delete action is passed on an existing client" do
+        before do
+          # add the client
+          item.clients(client)
+        end
+
+        it "properly deletes the client" do
+          item.clients(client, :delete)
+          expect(item.get_clients).to_not include(client_name)
+        end
+
+        it "does not perform a query" do
+          expect(Chef::Search::Query).not_to receive(:new)
+          item.clients(client, :delete)
+        end
+      end
     end
 
-    it "should accept a client object and not perform a search" do
-      client = Chef::ApiClient.new
-      client.name "foo"
-      privkey = OpenSSL::PKey::RSA.new(1024)
-      pubkey = privkey.public_key
-      client.public_key(pubkey.to_pem)
-      expect(Chef::Search::Query).not_to receive(:new)
-      expect(ChefVault::ChefPatch::User).not_to receive(:load)
-      @vaultitem.clients(client)
-      expect(@vaultitem.clients).to include("foo")
+    context "when an Array with named clients is passed" do
+      let(:client) { Chef::ApiClient.new }
+      let(:clients) { Array.new }
+      let(:client_name) { "foo" }
+      let(:client_key) { double("chef key") }
+
+      before do
+        clients << client_name
+        client.name client_name
+        privkey = OpenSSL::PKey::RSA.new(1024)
+        pubkey = privkey.public_key
+        allow(item).to receive(:load_actor).with(client_name, "clients").and_return(client_key)
+        allow(client_key).to receive(:key).and_return(pubkey.to_pem)
+        allow(client_key).to receive(:name).and_return(client_name)
+        allow(client_key).to receive(:type).and_return("clients")
+      end
+
+      context "when no action is passed" do
+        it "default to add and properly add the client" do
+          item.clients(clients)
+          expect(item.get_clients).to include(client_name)
+        end
+
+        it "does not perform a query" do
+          expect(Chef::Search::Query).not_to receive(:new)
+          item.clients(clients)
+        end
+      end
+
+      context "when the delete action is passed on an existing client" do
+        before do
+          # add the client
+          item.clients(clients)
+        end
+
+        it "properly deletes the client" do
+          item.clients(clients, :delete)
+          expect(item.get_clients).to_not include(client_name)
+        end
+
+        it "does not perform a query" do
+          expect(Chef::Search::Query).not_to receive(:new)
+          item.clients(clients, :delete)
+        end
+      end
     end
   end
 
   describe "#admins" do
-    include BorkedNodeWithoutPublicKey
+    before do
+      allow(item).to receive(:load_actor).with("foo", "admins").and_raise(ChefVault::Exceptions::AdminNotFound)
+    end
 
     it "should blow up if you try to use a node without a public key as an admin" do
-      expect { @vaultitem.admins("foo,bar") }
+      expect { item.admins("foo,bar") }
         .to raise_error(ChefVault::Exceptions::AdminNotFound)
     end
   end

data/spec/chef-vault/user_spec.rb

@@ -6,12 +6,6 @@ RSpec.describe ChefVault::User do
     allow(ChefVault::Item).to receive(:load).with("foo", "bar") { item }
     allow(item).to receive(:[]).with("id") { "bar" }
     allow(item).to receive(:[]).with("password") { "baz" }
-    @orig_stdout = $stdout
-    $stdout = File.open(File::NULL, "w")
-  end
-
-  after do
-    $stdout = @orig_stdout
   end
 
   describe "#new" do
@@ -30,9 +24,8 @@ RSpec.describe ChefVault::User do
 
   describe "decrypt_password" do
     it "echoes warning" do
-      expect { user.decrypt_password }
-        .to output("WARNING: This method is deprecated, please switch to item['value'] calls\n")
-        .to_stdout
+      expect(ChefVault::Log).to receive(:warn).with("This method is deprecated, please switch to item['value'] calls")
+      user.decrypt_password
     end
 
     it "returns items password" do

data/spec/spec_helper.rb

@@ -39,6 +39,7 @@ RSpec.configure do |config|
     # a real object. This is generally recommended, and will default to
     # `true` in RSpec 4.
     mocks.verify_partial_doubles = true
+    mocks.allow_message_expectations_on_nil = true
   end
 
   # The settings below are suggested to provide a good initial experience

metadata

@@ -1,15 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chef-vault
 version: !ruby/object:Gem::Version
-  version: 2.9.2
+  version: 3.0.0.rc1
 platform: ruby
 authors:
-- Kevin Moser
-- James FitzGibbon
+- Thom May
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-06-21 00:00:00.000000000 Z
+date: 2016-10-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -17,28 +16,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.4'
+        version: '11.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.4'
+        version: '11.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.2'
+        version: '3.4'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.2'
+        version: '3.4'
+- !ruby/object:Gem::Dependency
+  name: mutant-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: aruba
   requirement: !ruby/object:Gem::Requirement
@@ -82,36 +95,22 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0.2'
 - !ruby/object:Gem::Dependency
-  name: rubocop
+  name: chef
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.30'
-  type: :development
+        version: '12'
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.30'
-- !ruby/object:Gem::Dependency
-  name: chef
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.10.10
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.10.10
+        version: '12'
 description: Data encryption support for Chef using data bags
 email:
-- techcheftm@nordstrom.com
+- thom@chef.io
 executables:
 - chef-vault
 extensions: []
@@ -122,7 +121,6 @@ files:
 - ".rubocop.yml"
 - ".simplecov"
 - ".travis.yml"
-- CONTRIBUTING.md
 - Changelog.md
 - DEMO.md
 - Gemfile
@@ -152,28 +150,22 @@ files:
 - features/vault_update.feature
 - features/verify_id_matches.feature
 - features/wrong_private_key.feature
+- hooks/pre-commit
 - lib/chef-vault.rb
+- lib/chef-vault/actor.rb
 - lib/chef-vault/certificate.rb
-- lib/chef-vault/chef_patch/api_client.rb
-- lib/chef-vault/chef_patch/user.rb
+- lib/chef-vault/chef_api.rb
 - lib/chef-vault/exceptions.rb
 - lib/chef-vault/item.rb
 - lib/chef-vault/item_keys.rb
 - lib/chef-vault/mixins.rb
 - lib/chef-vault/user.rb
 - lib/chef-vault/version.rb
-- lib/chef/knife/decrypt.rb
-- lib/chef/knife/encrypt_create.rb
-- lib/chef/knife/encrypt_delete.rb
-- lib/chef/knife/encrypt_remove.rb
-- lib/chef/knife/encrypt_rotate_keys.rb
-- lib/chef/knife/encrypt_update.rb
-- lib/chef/knife/mixin/compat.rb
 - lib/chef/knife/mixin/helper.rb
 - lib/chef/knife/vault_admins.rb
 - lib/chef/knife/vault_base.rb
+- lib/chef/knife/vault_clients.rb
 - lib/chef/knife/vault_create.rb
-- lib/chef/knife/vault_decrypt.rb
 - lib/chef/knife/vault_delete.rb
 - lib/chef/knife/vault_download.rb
 - lib/chef/knife/vault_edit.rb
@@ -186,7 +178,9 @@ files:
 - lib/chef/knife/vault_rotate_keys.rb
 - lib/chef/knife/vault_show.rb
 - lib/chef/knife/vault_update.rb
+- spec/chef-vault/actor_spec.rb
 - spec/chef-vault/certificate_spec.rb
+- spec/chef-vault/chef_api_spec.rb
 - spec/chef-vault/item_keys_spec.rb
 - spec/chef-vault/item_spec.rb
 - spec/chef-vault/user_spec.rb
@@ -205,15 +199,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.2.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.11
+rubygems_version: 2.5.1
 signing_key: 
 specification_version: 4
 summary: Data encryption support for Chef using data bags