chef-vault 3.3.0 → 4.1.11
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/Gemfile +32 -6
- data/bin/chef-vault +5 -5
- data/chef-vault.gemspec +7 -26
- data/lib/chef/knife/mixin/helper.rb +29 -1
- data/lib/chef/knife/vault_admins.rb +5 -1
- data/lib/chef/knife/vault_base.rb +23 -13
- data/lib/chef/knife/vault_create.rb +26 -23
- data/lib/chef/knife/vault_delete.rb +4 -2
- data/lib/chef/knife/vault_download.rb +2 -2
- data/lib/chef/knife/vault_edit.rb +4 -4
- data/lib/chef/knife/vault_isvault.rb +4 -4
- data/lib/chef/knife/vault_itemtype.rb +4 -4
- data/lib/chef/knife/vault_list.rb +5 -5
- data/lib/chef/knife/vault_refresh.rb +7 -7
- data/lib/chef/knife/vault_remove.rb +19 -16
- data/lib/chef/knife/vault_rotate_all_keys.rb +5 -4
- data/lib/chef/knife/vault_rotate_keys.rb +3 -3
- data/lib/chef/knife/vault_show.rb +8 -10
- data/lib/chef/knife/vault_update.rb +38 -24
- data/lib/chef-vault/actor.rb +9 -7
- data/lib/chef-vault/chef_api.rb +4 -4
- data/lib/chef-vault/exceptions.rb +3 -0
- data/lib/chef-vault/item.rb +57 -21
- data/lib/chef-vault/item_keys.rb +35 -9
- data/lib/chef-vault/mixins.rb +2 -2
- data/lib/chef-vault/version.rb +1 -1
- data/lib/chef-vault.rb +8 -8
- metadata +8 -135
- data/.github/CODEOWNERS +0 -2
- data/.gitignore +0 -33
- data/.rspec +0 -2
- data/.rubocop.yml +0 -6
- data/.simplecov +0 -6
- data/.travis.yml +0 -19
- data/Changelog.md +0 -134
- data/DEMO.md +0 -60
- data/KNIFE_EXAMPLES.md +0 -256
- data/README.md +0 -333
- data/Rakefile +0 -50
- data/THEORY.md +0 -363
- data/UPGRADE.md +0 -55
- data/appveyor.yml +0 -32
- data/features/clean.feature +0 -23
- data/features/clean_on_refresh.feature +0 -27
- data/features/clean_unknown_clients.feature +0 -45
- data/features/detect_and_warn_v1_vault.feature +0 -14
- data/features/isvault.feature +0 -29
- data/features/itemtype.feature +0 -24
- data/features/step_definitions/chef-databag.rb +0 -9
- data/features/step_definitions/chef-repo.rb +0 -72
- data/features/step_definitions/chef-vault.rb +0 -151
- data/features/step_definitions/chef_databagitem.rb +0 -9
- data/features/support/env.rb +0 -14
- data/features/vault_create.feature +0 -63
- data/features/vault_list.feature +0 -31
- data/features/vault_show.feature +0 -45
- data/features/vault_show_vaultname.feature +0 -21
- data/features/vault_update.feature +0 -18
- data/features/verify_id_matches.feature +0 -10
- data/features/wrong_private_key.feature +0 -13
- data/hooks/pre-commit +0 -43
- data/spec/chef-vault/actor_spec.rb +0 -247
- data/spec/chef-vault/certificate_spec.rb +0 -37
- data/spec/chef-vault/chef_api_spec.rb +0 -39
- data/spec/chef-vault/item_keys_spec.rb +0 -263
- data/spec/chef-vault/item_spec.rb +0 -360
- data/spec/chef-vault/user_spec.rb +0 -36
- data/spec/chef-vault_spec.rb +0 -65
- data/spec/spec_helper.rb +0 -91
- data/tasks/github_changelog_generator.rb +0 -30
@@ -1,360 +0,0 @@
|
|
1
|
-
require "openssl"
|
2
|
-
|
3
|
-
RSpec.describe ChefVault::Item do
|
4
|
-
subject(:item) { ChefVault::Item.new("foo", "bar") }
|
5
|
-
|
6
|
-
before do
|
7
|
-
item["foo"] = "bar"
|
8
|
-
http_response = double("http_response")
|
9
|
-
allow(http_response).to receive(:code).and_return("404")
|
10
|
-
non_existing = Net::HTTPServerException.new("http error message", http_response)
|
11
|
-
|
12
|
-
allow(Chef::DataBagItem).to receive(:load).with(anything, /_key_/).and_raise(non_existing)
|
13
|
-
end
|
14
|
-
|
15
|
-
describe "vault probe predicates" do
|
16
|
-
before do
|
17
|
-
# a normal data bag item
|
18
|
-
@db = { "foo" => "..." }
|
19
|
-
@dbi = Chef::DataBagItem.new
|
20
|
-
@dbi.data_bag("normal")
|
21
|
-
@dbi.raw_data = { "id" => "foo", "foo" => "bar" }
|
22
|
-
allow(@db).to receive(:load).with("foo").and_return(@dbi)
|
23
|
-
allow(Chef::DataBag).to receive(:load).with("normal").and_return(@db)
|
24
|
-
allow(Chef::DataBagItem).to receive(:load).with("normal", "foo").and_return(@dbi)
|
25
|
-
|
26
|
-
# an encrypted data bag item (non-vault)
|
27
|
-
@encdb = { "foo" => "..." }
|
28
|
-
@encdbi = Chef::DataBagItem.new
|
29
|
-
@encdbi.data_bag("encrypted")
|
30
|
-
@encdbi.raw_data = {
|
31
|
-
"id" => "foo",
|
32
|
-
"foo" => { "encrypted_data" => "..." },
|
33
|
-
}
|
34
|
-
allow(@encdb).to receive(:load).with("foo").and_return(@encdbi)
|
35
|
-
allow(Chef::DataBag).to receive(:load).with("encrypted").and_return(@encdb)
|
36
|
-
allow(Chef::DataBagItem).to receive(:load).with("encrypted", "foo").and_return(@encdbi)
|
37
|
-
|
38
|
-
# two items that make up a vault
|
39
|
-
@vaultdb = { "foo" => "...", "foo_keys" => "..." }
|
40
|
-
@vaultdbi = Chef::DataBagItem.new
|
41
|
-
@vaultdbi.data_bag("vault")
|
42
|
-
@vaultdbi.raw_data = {
|
43
|
-
"id" => "foo",
|
44
|
-
"foo" => { "encrypted_data" => "..." },
|
45
|
-
}
|
46
|
-
allow(@vaultdb).to receive(:load).with("foo").and_return(@vaultdbi)
|
47
|
-
@vaultdbki = Chef::DataBagItem.new
|
48
|
-
@vaultdbki.data_bag("vault")
|
49
|
-
@vaultdbki.raw_data = { "id" => "foo_keys" }
|
50
|
-
allow(@vaultdb).to receive(:load).with("foo_keys").and_return(@vaultdbki)
|
51
|
-
allow(Chef::DataBag).to receive(:load).with("vault").and_return(@vaultdb)
|
52
|
-
allow(Chef::DataBagItem).to receive(:load).with("vault", "foo").and_return(@vaultdbi)
|
53
|
-
end
|
54
|
-
|
55
|
-
describe "::vault?" do
|
56
|
-
it "should detect a vault item" do
|
57
|
-
expect(ChefVault::Item.vault?("vault", "foo")).to be_truthy
|
58
|
-
end
|
59
|
-
|
60
|
-
it "should detect non-vault items" do
|
61
|
-
expect(ChefVault::Item.vault?("normal", "foo")).not_to be_truthy
|
62
|
-
expect(ChefVault::Item.vault?("encrypted", "foo")).not_to be_truthy
|
63
|
-
end
|
64
|
-
end
|
65
|
-
|
66
|
-
describe "::data_bag_item_type" do
|
67
|
-
it "should detect a vault item" do
|
68
|
-
expect(ChefVault::Item.data_bag_item_type("vault", "foo")).to eq(:vault)
|
69
|
-
end
|
70
|
-
|
71
|
-
it "should detect an encrypted data bag item" do
|
72
|
-
expect(ChefVault::Item.data_bag_item_type("encrypted", "foo")).to eq(:encrypted)
|
73
|
-
end
|
74
|
-
|
75
|
-
it "should detect a normal data bag item" do
|
76
|
-
expect(ChefVault::Item.data_bag_item_type("normal", "foo")).to eq(:normal)
|
77
|
-
end
|
78
|
-
end
|
79
|
-
end
|
80
|
-
|
81
|
-
describe "::new" do
|
82
|
-
it "item[keys] is an instance of ChefVault::ItemKeys" do
|
83
|
-
expect(item.keys).to be_an_instance_of(ChefVault::ItemKeys)
|
84
|
-
end
|
85
|
-
|
86
|
-
it "the item's 'vault' parameter is assigned to data_bag" do
|
87
|
-
expect(item.data_bag).to eq "foo"
|
88
|
-
end
|
89
|
-
|
90
|
-
it "the vault item name is assiged to the data bag ['id']" do
|
91
|
-
expect(item["id"]).to eq "bar"
|
92
|
-
end
|
93
|
-
|
94
|
-
it "creates a corresponding 'keys' data bag with an '_keys' id" do
|
95
|
-
expect(item.keys["id"]).to eq "bar_keys"
|
96
|
-
end
|
97
|
-
|
98
|
-
it "sets the item keys data bag to 'foo'" do
|
99
|
-
expect(item.keys.data_bag).to eq "foo"
|
100
|
-
end
|
101
|
-
|
102
|
-
it "defaults the node name" do
|
103
|
-
item = ChefVault::Item.new("foo", "bar")
|
104
|
-
expect(item.node_name).to eq(Chef::Config[:node_name])
|
105
|
-
end
|
106
|
-
|
107
|
-
it "defaults the client key path" do
|
108
|
-
item = ChefVault::Item.new("foo", "bar")
|
109
|
-
expect(item.client_key_path).to eq(Chef::Config[:client_key])
|
110
|
-
end
|
111
|
-
|
112
|
-
it "allows for a node name override" do
|
113
|
-
item = ChefVault::Item.new("foo", "bar", node_name: "baz")
|
114
|
-
expect(item.node_name).to eq("baz")
|
115
|
-
end
|
116
|
-
|
117
|
-
it "allows for a client key path override" do
|
118
|
-
item = ChefVault::Item.new("foo", "bar", client_key_path: "/foo/client.pem")
|
119
|
-
expect(item.client_key_path).to eq("/foo/client.pem")
|
120
|
-
end
|
121
|
-
|
122
|
-
it "allows for both node name and client key overrides" do
|
123
|
-
item = ChefVault::Item.new(
|
124
|
-
"foo", "bar",
|
125
|
-
node_name: "baz",
|
126
|
-
client_key_path: "/foo/client.pem"
|
127
|
-
)
|
128
|
-
expect(item.node_name).to eq("baz")
|
129
|
-
expect(item.client_key_path).to eq("/foo/client.pem")
|
130
|
-
end
|
131
|
-
end
|
132
|
-
|
133
|
-
describe "::load" do
|
134
|
-
it "allows for both node name and client key overrides" do
|
135
|
-
keys_db = Chef::DataBagItem.new
|
136
|
-
keys_db.raw_data = {
|
137
|
-
"id" => "bar_keys",
|
138
|
-
"baz" => "...",
|
139
|
-
}
|
140
|
-
allow(ChefVault::ItemKeys)
|
141
|
-
.to receive(:load)
|
142
|
-
.and_return(keys_db)
|
143
|
-
fh = double "private key handle"
|
144
|
-
allow(fh).to receive(:read).and_return("...")
|
145
|
-
allow(File).to receive(:open).and_return(fh)
|
146
|
-
privkey = double "private key contents"
|
147
|
-
allow(privkey).to receive(:private_decrypt).and_return("sekrit")
|
148
|
-
allow(OpenSSL::PKey::RSA).to receive(:new).and_return(privkey)
|
149
|
-
allow(Chef::EncryptedDataBagItem).to receive(:load).and_return(
|
150
|
-
"id" => "bar",
|
151
|
-
"password" => "12345"
|
152
|
-
)
|
153
|
-
item = ChefVault::Item.load(
|
154
|
-
"foo", "bar",
|
155
|
-
node_name: "baz",
|
156
|
-
client_key_path: "/foo/client.pem"
|
157
|
-
)
|
158
|
-
expect(item.node_name).to eq("baz")
|
159
|
-
expect(item.client_key_path).to eq("/foo/client.pem")
|
160
|
-
end
|
161
|
-
end
|
162
|
-
|
163
|
-
describe "#save" do
|
164
|
-
context 'when item["id"] is bar.bar' do
|
165
|
-
let(:item) { ChefVault::Item.new("foo", "bar.bar") }
|
166
|
-
it "raises an error on save with an invalid item['id']" do
|
167
|
-
expect { item.save }.to raise_error(RuntimeError)
|
168
|
-
end
|
169
|
-
end
|
170
|
-
|
171
|
-
it "validates that the id of the vault matches the id of the keys data bag" do
|
172
|
-
item = ChefVault::Item.new("foo", "bar")
|
173
|
-
item["id"] = "baz"
|
174
|
-
item.keys["clients"] = %w{admin}
|
175
|
-
expect { item.save }.to raise_error(ChefVault::Exceptions::IdMismatch)
|
176
|
-
end
|
177
|
-
end
|
178
|
-
|
179
|
-
describe "#refresh" do
|
180
|
-
let(:node) { { "name" => "testnode" } }
|
181
|
-
|
182
|
-
it "saves only the keys" do
|
183
|
-
keys = double("keys",
|
184
|
-
search_query: "*:*",
|
185
|
-
add: nil,
|
186
|
-
admins: [],
|
187
|
-
clients: ["testnode"])
|
188
|
-
allow(keys).to receive(:[]).with("id").and_return("bar_keys")
|
189
|
-
allow(ChefVault::ItemKeys).to receive(:new).and_return(keys)
|
190
|
-
|
191
|
-
item = ChefVault::Item.new("foo", "bar")
|
192
|
-
|
193
|
-
query = double("query")
|
194
|
-
allow(Chef::Search::Query).to receive(:new).and_return(query)
|
195
|
-
allow(query).to receive(:search).and_yield(node)
|
196
|
-
|
197
|
-
client_key = double("client_key",
|
198
|
-
name: "testnode",
|
199
|
-
public_key: OpenSSL::PKey::RSA.new(1024).public_key)
|
200
|
-
allow(item).to receive(:load_actor).with("testnode", "clients").and_return(client_key)
|
201
|
-
|
202
|
-
expect(item).not_to receive(:save)
|
203
|
-
expect(keys).to receive(:save)
|
204
|
-
item.refresh
|
205
|
-
end
|
206
|
-
end
|
207
|
-
|
208
|
-
describe "#clients" do
|
209
|
-
context "when search returns a node with a valid client backing it and one without a valid client" do
|
210
|
-
let(:node_with_valid_client) { { "name" => "foo" } }
|
211
|
-
let(:node_without_valid_client) { { "name" => "bar" } }
|
212
|
-
let(:query_result) { double("chef search results") }
|
213
|
-
let(:client_key) { double("chef key") }
|
214
|
-
|
215
|
-
before do
|
216
|
-
# node with valid client proper loads client key
|
217
|
-
allow(item).to receive(:load_actor).with("foo", "clients").and_return(client_key)
|
218
|
-
privkey = OpenSSL::PKey::RSA.new(1024)
|
219
|
-
pubkey = privkey.public_key
|
220
|
-
allow(client_key).to receive(:key).and_return(pubkey.to_pem)
|
221
|
-
allow(client_key).to receive(:name).and_return("foo")
|
222
|
-
allow(client_key).to receive(:type).and_return("clients")
|
223
|
-
|
224
|
-
# node without client throws relevant error on key load
|
225
|
-
allow(item).to receive(:load_actor).with("bar", "clients").and_raise(ChefVault::Exceptions::ClientNotFound)
|
226
|
-
|
227
|
-
allow(query_result)
|
228
|
-
.to receive(:search)
|
229
|
-
.with(Symbol, String, Hash)
|
230
|
-
.and_yield(node_with_valid_client).and_yield(node_without_valid_client)
|
231
|
-
allow(Chef::Search::Query)
|
232
|
-
.to receive(:new)
|
233
|
-
.and_return(query_result)
|
234
|
-
end
|
235
|
-
|
236
|
-
it "should not blow up when search returns a node without a public key" do
|
237
|
-
# try to set clients when we know a node is missing a public key
|
238
|
-
# this should not die as of v2.4.1
|
239
|
-
expect { item.clients("*:*") }.not_to raise_error
|
240
|
-
end
|
241
|
-
|
242
|
-
it "should emit a warning if search returns a node without a public key" do
|
243
|
-
# it should however emit a warning that you have a borked node
|
244
|
-
expect(ChefVault::Log).to receive(:warn).with(/node 'bar' has no private key; skipping/)
|
245
|
-
item.clients("*:*")
|
246
|
-
end
|
247
|
-
end
|
248
|
-
|
249
|
-
context "when a Chef::ApiClient is passed" do
|
250
|
-
let(:client) { Chef::ApiClient.new }
|
251
|
-
let(:client_name) { "foo" }
|
252
|
-
let(:client_key) { double("chef key") }
|
253
|
-
|
254
|
-
before do
|
255
|
-
client.name client_name
|
256
|
-
privkey = OpenSSL::PKey::RSA.new(1024)
|
257
|
-
pubkey = privkey.public_key
|
258
|
-
allow(item).to receive(:load_actor).with(client_name, "clients").and_return(client_key)
|
259
|
-
allow(client_key).to receive(:key).and_return(pubkey.to_pem)
|
260
|
-
allow(client_key).to receive(:name).and_return(client_name)
|
261
|
-
allow(client_key).to receive(:type).and_return("clients")
|
262
|
-
end
|
263
|
-
|
264
|
-
context "when no action is passed" do
|
265
|
-
it "default to add and properly add the client" do
|
266
|
-
item.clients(client)
|
267
|
-
expect(item.get_clients).to include(client_name)
|
268
|
-
end
|
269
|
-
|
270
|
-
it "does not perform a query" do
|
271
|
-
expect(Chef::Search::Query).not_to receive(:new)
|
272
|
-
item.clients(client)
|
273
|
-
end
|
274
|
-
end
|
275
|
-
|
276
|
-
context "when the delete action is passed on an existing client" do
|
277
|
-
before do
|
278
|
-
# add the client
|
279
|
-
item.clients(client)
|
280
|
-
end
|
281
|
-
|
282
|
-
it "properly deletes the client" do
|
283
|
-
item.clients(client, :delete)
|
284
|
-
expect(item.get_clients).to_not include(client_name)
|
285
|
-
end
|
286
|
-
|
287
|
-
it "does not perform a query" do
|
288
|
-
expect(Chef::Search::Query).not_to receive(:new)
|
289
|
-
item.clients(client, :delete)
|
290
|
-
end
|
291
|
-
end
|
292
|
-
end
|
293
|
-
|
294
|
-
context "when an Array with named clients is passed" do
|
295
|
-
let(:client) { Chef::ApiClient.new }
|
296
|
-
let(:clients) { Array.new }
|
297
|
-
let(:client_name) { "foo" }
|
298
|
-
let(:client_key) { double("chef key") }
|
299
|
-
|
300
|
-
before do
|
301
|
-
clients << client_name
|
302
|
-
client.name client_name
|
303
|
-
privkey = OpenSSL::PKey::RSA.new(1024)
|
304
|
-
pubkey = privkey.public_key
|
305
|
-
allow(item).to receive(:load_actor).with(client_name, "clients").and_return(client_key)
|
306
|
-
allow(client_key).to receive(:key).and_return(pubkey.to_pem)
|
307
|
-
allow(client_key).to receive(:name).and_return(client_name)
|
308
|
-
allow(client_key).to receive(:type).and_return("clients")
|
309
|
-
end
|
310
|
-
|
311
|
-
context "when no action is passed" do
|
312
|
-
it "defaults to add and properly adds the client" do
|
313
|
-
item.clients(clients)
|
314
|
-
expect(item.get_clients).to include(client_name)
|
315
|
-
end
|
316
|
-
|
317
|
-
it "does not perform a query" do
|
318
|
-
expect(Chef::Search::Query).not_to receive(:new)
|
319
|
-
item.clients(clients)
|
320
|
-
end
|
321
|
-
end
|
322
|
-
|
323
|
-
context "when the delete action is passed on an existing client" do
|
324
|
-
before do
|
325
|
-
# add the client
|
326
|
-
item.clients(clients)
|
327
|
-
end
|
328
|
-
|
329
|
-
it "properly deletes the client" do
|
330
|
-
item.clients(clients, :delete)
|
331
|
-
expect(item.get_clients).to_not include(client_name)
|
332
|
-
end
|
333
|
-
|
334
|
-
it "does not perform a query" do
|
335
|
-
expect(Chef::Search::Query).not_to receive(:new)
|
336
|
-
item.clients(clients, :delete)
|
337
|
-
end
|
338
|
-
end
|
339
|
-
end
|
340
|
-
end
|
341
|
-
|
342
|
-
describe "#admins" do
|
343
|
-
before do
|
344
|
-
allow(item).to receive(:load_actor).with("foo", "admins").and_raise(ChefVault::Exceptions::AdminNotFound)
|
345
|
-
end
|
346
|
-
|
347
|
-
it "should blow up if you try to use a node without a public key as an admin" do
|
348
|
-
expect { item.admins("foo,bar") }
|
349
|
-
.to raise_error(ChefVault::Exceptions::AdminNotFound)
|
350
|
-
end
|
351
|
-
end
|
352
|
-
|
353
|
-
describe "#raw_keys" do
|
354
|
-
it "should return the keys of the underlying data bag item" do
|
355
|
-
item = ChefVault::Item.new("foo", "bar")
|
356
|
-
item["foo"] = "bar"
|
357
|
-
expect(item.raw_keys).to eq(%w{id foo})
|
358
|
-
end
|
359
|
-
end
|
360
|
-
end
|
@@ -1,36 +0,0 @@
|
|
1
|
-
RSpec.describe ChefVault::User do
|
2
|
-
let(:item) { double(ChefVault::Item) }
|
3
|
-
let(:user) { ChefVault::User.new("foo", "bar") }
|
4
|
-
|
5
|
-
before do
|
6
|
-
allow(ChefVault::Item).to receive(:load).with("foo", "bar") { item }
|
7
|
-
allow(item).to receive(:[]).with("id") { "bar" }
|
8
|
-
allow(item).to receive(:[]).with("password") { "baz" }
|
9
|
-
end
|
10
|
-
|
11
|
-
describe "#new" do
|
12
|
-
it "loads item" do
|
13
|
-
expect(ChefVault::Item).to receive(:load).with("foo", "bar")
|
14
|
-
|
15
|
-
ChefVault::User.new("foo", "bar")
|
16
|
-
end
|
17
|
-
end
|
18
|
-
|
19
|
-
describe "#[]" do
|
20
|
-
it "returns the value of the 'id' parameter" do
|
21
|
-
expect(user["id"]).to eq "bar"
|
22
|
-
end
|
23
|
-
end
|
24
|
-
|
25
|
-
describe "decrypt_password" do
|
26
|
-
it "echoes warning" do
|
27
|
-
expect(ChefVault::Log).to receive(:warn).with("This method is deprecated, please switch to item['value'] calls")
|
28
|
-
user.decrypt_password
|
29
|
-
end
|
30
|
-
|
31
|
-
it "returns items password" do
|
32
|
-
expect(item).to receive(:[]).with("password")
|
33
|
-
expect(user.decrypt_password).to eq "baz"
|
34
|
-
end
|
35
|
-
end
|
36
|
-
end
|
data/spec/chef-vault_spec.rb
DELETED
@@ -1,65 +0,0 @@
|
|
1
|
-
#
|
2
|
-
# Helper for configuring the Chef Zero server
|
3
|
-
# (inspired by ChefSpec)
|
4
|
-
#
|
5
|
-
def chef_zero
|
6
|
-
require "socket"
|
7
|
-
require "tmpdir"
|
8
|
-
require "fileutils"
|
9
|
-
require "chef_zero/server"
|
10
|
-
# Find a free TCP port
|
11
|
-
server = TCPServer.new("127.0.0.1", 0)
|
12
|
-
port = server.addr[1].to_i
|
13
|
-
server.close
|
14
|
-
# Define a Chef Zero Server
|
15
|
-
server = ChefZero::Server.new(port: port)
|
16
|
-
# Write the private key
|
17
|
-
tmp = Dir.mktmpdir
|
18
|
-
key = File.join(tmp, "client.pem")
|
19
|
-
File.write(key, ChefZero::PRIVATE_KEY)
|
20
|
-
# Configure the server
|
21
|
-
Chef::Config[:client_key] = key
|
22
|
-
Chef::Config[:client_name] = "chefvault"
|
23
|
-
Chef::Config[:node_name] = "chefvault"
|
24
|
-
Chef::Config[:chef_server_url] = server.url
|
25
|
-
# Exit handlers
|
26
|
-
at_exit { FileUtils.rm_rf(tmp) }
|
27
|
-
at_exit { server.stop if server.running? }
|
28
|
-
server
|
29
|
-
end
|
30
|
-
|
31
|
-
RSpec.describe ChefVault do
|
32
|
-
let(:vault) { ChefVault.new("foo") }
|
33
|
-
|
34
|
-
describe "#new" do
|
35
|
-
context "with only a vault parameter specified" do
|
36
|
-
|
37
|
-
it "assigns 'foo' to the vault accessor" do
|
38
|
-
expect(vault.vault).to eq "foo"
|
39
|
-
end
|
40
|
-
end
|
41
|
-
end
|
42
|
-
|
43
|
-
context "with a vault and config file parameter specified" do
|
44
|
-
before do
|
45
|
-
allow(IO).to receive(:read).with("knife.rb").and_return("node_name 'myserver'")
|
46
|
-
end
|
47
|
-
|
48
|
-
let(:vault) { ChefVault.new("foo", "knife.rb") }
|
49
|
-
|
50
|
-
it "assigns 'foo' to the vault accessor" do
|
51
|
-
expect(vault.vault).to eq "foo"
|
52
|
-
end
|
53
|
-
|
54
|
-
it "loads the Chef config values" do
|
55
|
-
expect(ChefVault).to receive(:load_config).with("knife.rb")
|
56
|
-
vault
|
57
|
-
end
|
58
|
-
end
|
59
|
-
|
60
|
-
describe "#version" do
|
61
|
-
it "the version method equals VERSION" do
|
62
|
-
expect(vault.version).to eq(ChefVault::VERSION)
|
63
|
-
end
|
64
|
-
end
|
65
|
-
end
|
data/spec/spec_helper.rb
DELETED
@@ -1,91 +0,0 @@
|
|
1
|
-
require "simplecov" if ENV["COVERAGE"]
|
2
|
-
require_relative "../lib/chef-vault"
|
3
|
-
|
4
|
-
# This file was generated by the `rspec --init` command. Conventionally, all
|
5
|
-
# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
|
6
|
-
# The generated `.rspec` file contains `--require spec_helper` which will cause this
|
7
|
-
# file to always be loaded, without a need to explicitly require it in any files.
|
8
|
-
#
|
9
|
-
# Given that it is always loaded, you are encouraged to keep this file as
|
10
|
-
# light-weight as possible. Requiring heavyweight dependencies from this file
|
11
|
-
# will add to the boot time of your test suite on EVERY test run, even for an
|
12
|
-
# individual file that may not need all of that loaded. Instead, consider making
|
13
|
-
# a separate helper file that requires the additional dependencies and performs
|
14
|
-
# the additional setup, and require it from the spec files that actually need it.
|
15
|
-
#
|
16
|
-
# The `.rspec` file also contains a few flags that are not defaults but that
|
17
|
-
# users commonly want.
|
18
|
-
#
|
19
|
-
# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
|
20
|
-
RSpec.configure do |config|
|
21
|
-
# rspec-expectations config goes here. You can use an alternate
|
22
|
-
# assertion/expectation library such as wrong or the stdlib/minitest
|
23
|
-
# assertions if you prefer.
|
24
|
-
config.expect_with :rspec do |expectations|
|
25
|
-
# This option will default to `true` in RSpec 4. It makes the `description`
|
26
|
-
# and `failure_message` of custom matchers include text for helper methods
|
27
|
-
# defined using `chain`, e.g.:
|
28
|
-
# be_bigger_than(2).and_smaller_than(4).description
|
29
|
-
# # => "be bigger than 2 and smaller than 4"
|
30
|
-
# ...rather than:
|
31
|
-
# # => "be bigger than 2"
|
32
|
-
expectations.include_chain_clauses_in_custom_matcher_descriptions = true
|
33
|
-
end
|
34
|
-
|
35
|
-
# rspec-mocks config goes here. You can use an alternate test double
|
36
|
-
# library (such as bogus or mocha) by changing the `mock_with` option here.
|
37
|
-
config.mock_with :rspec do |mocks|
|
38
|
-
# Prevents you from mocking or stubbing a method that does not exist on
|
39
|
-
# a real object. This is generally recommended, and will default to
|
40
|
-
# `true` in RSpec 4.
|
41
|
-
mocks.verify_partial_doubles = true
|
42
|
-
mocks.allow_message_expectations_on_nil = true
|
43
|
-
end
|
44
|
-
|
45
|
-
# The settings below are suggested to provide a good initial experience
|
46
|
-
# with RSpec, but feel free to customize to your heart's content.
|
47
|
-
# These two settings work together to allow you to limit a spec run
|
48
|
-
# to individual examples or groups you care about by tagging them with
|
49
|
-
# `:focus` metadata. When nothing is tagged with `:focus`, all examples
|
50
|
-
# get run.
|
51
|
-
config.filter_run :focus
|
52
|
-
config.run_all_when_everything_filtered = true
|
53
|
-
|
54
|
-
# Limits the available syntax to the non-monkey patched syntax that is recommended.
|
55
|
-
# For more details, see:
|
56
|
-
# - http://myronmars.to/n/dev-blog/2012/06/rspecs-new-expectation-syntax
|
57
|
-
# - http://teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
|
58
|
-
# - http://myronmars.to/n/dev-blog/2014/05/notable-changes-in-rspec-3#new__config_option_to_disable_rspeccore_monkey_patching
|
59
|
-
config.disable_monkey_patching!
|
60
|
-
|
61
|
-
# This setting enables warnings. It's recommended, but in some cases may
|
62
|
-
# be too noisy due to issues in dependencies.
|
63
|
-
# config.warnings = true
|
64
|
-
|
65
|
-
# Many RSpec users commonly either run the entire suite or an individual
|
66
|
-
# file, and it's useful to allow more verbose output when running an
|
67
|
-
# individual spec file.
|
68
|
-
if config.files_to_run.one?
|
69
|
-
# Use the documentation formatter for detailed output,
|
70
|
-
# unless a formatter has already been configured
|
71
|
-
# (e.g. via a command-line flag).
|
72
|
-
config.default_formatter = "doc"
|
73
|
-
end
|
74
|
-
|
75
|
-
# Print the 10 slowest examples and example groups at the
|
76
|
-
# end of the spec run, to help surface which specs are running
|
77
|
-
# particularly slow.
|
78
|
-
config.profile_examples = 10
|
79
|
-
|
80
|
-
# Run specs in random order to surface order dependencies. If you find an
|
81
|
-
# order dependency and want to debug it, you can fix the order by providing
|
82
|
-
# the seed, which is printed after each run.
|
83
|
-
# --seed 1234
|
84
|
-
config.order = :random
|
85
|
-
|
86
|
-
# Seed global randomization in this process using the `--seed` CLI option.
|
87
|
-
# Setting this allows you to use `--seed` to deterministically reproduce
|
88
|
-
# test failures related to randomization by passing the same `--seed` value
|
89
|
-
# as the one that triggered the failure.
|
90
|
-
Kernel.srand config.seed
|
91
|
-
end
|
@@ -1,30 +0,0 @@
|
|
1
|
-
#
|
2
|
-
# Copyright:: Copyright (c) 2016 Chef Software Inc.
|
3
|
-
# License:: Apache License, Version 2.0
|
4
|
-
#
|
5
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
-
# you may not use this file except in compliance with the License.
|
7
|
-
# You may obtain a copy of the License at
|
8
|
-
#
|
9
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
10
|
-
#
|
11
|
-
# Unless required by applicable law or agreed to in writing, software
|
12
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
-
# See the License for the specific language governing permissions and
|
15
|
-
# limitations under the License.
|
16
|
-
#
|
17
|
-
|
18
|
-
require "chef-vault/version"
|
19
|
-
|
20
|
-
begin
|
21
|
-
require "github_changelog_generator/task"
|
22
|
-
|
23
|
-
GitHubChangelogGenerator::RakeTask.new :changelog do |config|
|
24
|
-
config.future_release = "v#{ChefVault::VERSION}"
|
25
|
-
config.max_issues = 0
|
26
|
-
config.add_issues_wo_labels = false
|
27
|
-
end
|
28
|
-
rescue LoadError
|
29
|
-
puts "github_changelog_generator is not available. gem install github_changelog_generator to generate changelogs"
|
30
|
-
end
|