chef-vault 3.4.0.pre.pre419 → 3.4.0.pre.pre420

data/features/step_definitions/chef_databagitem.rb

@@ -1,9 +0,0 @@
-Given(/^I create a data bag item '(.+)\/(.+)' containing the JSON '(.+)'$/) do |databag, _, json|
-  write_file "item.json", json
-  run_simple "knife data bag from file #{databag} item.json -z -c knife.rb", false
-end
-
-Given(/^I create an encrypted data bag item '(.+)\/(.+)' containing the JSON '(.+)' with the secret '(.+)'$/) do |databag, _, json, secret|
-  write_file "item.json", json
-  run_simple "knife data bag from file #{databag} item.json -s #{secret} -z -c knife.rb", false
-end

data/features/support/env.rb

@@ -1,14 +0,0 @@
-if ENV["COVERAGE"]
-  require "simplecov"
-end
-
-require "aruba/cucumber"
-
-# Travis runs tests in a limited environment which takes a long time to invoke
-# the knife command.  Up the timeout when we're in a travis build based on the
-# environment variable set in .travis.yml
-#if ENV['TRAVIS_BUILD']
-Before do
-  @aruba_timeout_seconds = 15
-end
-#end

data/features/vault_create.feature

@@ -1,63 +0,0 @@
-Feature: knife vault create
-  'knife vault create' creates two Chef data bag items: an
-  encrypted data bag item encrypted with a randomized shared
-  secret, and a side-along data bag item suffixed with _keys
-  that contains an set of asymmetrically encrypted copies of
-  the shared secret using the public keys of a set of admins
-  and/or clients
-
-  Scenario: create vault with all known clients
-    Given a local mode chef repo with nodes 'one,two,three'
-    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three'
-    Then the vault item 'test/item' should be encrypted for 'one,two,three'
-    And 'one,two,three' should be a client for the vault item 'test/item'
-
-  Scenario: create vault with all unknown clients
-    Given a local mode chef repo with nodes 'two,three'
-    And I delete clients 'two,three' from the Chef server
-    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'two,three'
-    Then the vault item 'test/item' should not be encrypted for 'one,two,three'
-    And the output should contain "node 'two' has no private key; skipping"
-    And the output should contain "node 'three' has no private key; skipping"
-    And 'two,three' should not be a client for the vault item 'test/item'
-
-  Scenario: create vault with mix of known and unknown clients
-    Given a local mode chef repo with nodes 'one,two,three'
-    And I delete client 'three' from the Chef server
-    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three'
-    Then the vault item 'test/item' should be encrypted for 'one,two'
-    And the output should contain "node 'three' has no private key; skipping"
-    And 'one,two' should be a client for the vault item 'test/item'
-    And 'three' should not be a client for the vault item 'test/item'
-
-  Scenario: create vault with mix of known and unknown nodes
-    Given a local mode chef repo with nodes 'one,two'
-    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three'
-    Then the vault item 'test/item' should be encrypted for 'one,two'
-    And 'one,two' should be a client for the vault item 'test/item'
-    And 'three' should not be a client for the vault item 'test/item'
-
-  Scenario: create vault with several admins
-    Given a local mode chef repo with nodes 'one,two' with admins 'alice,bob'
-    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' with 'alice' as admin
-    Then the vault item 'test/item' should be encrypted for 'one,two'
-    And 'one,two' should be a client for the vault item 'test/item'
-    And 'three' should not be a client for the vault item 'test/item'
-    And 'alice' should be an admin for the vault item 'test/item'
-    And 'bob' should not be an admin for the vault item 'test/item'
-
-  Scenario: create vault with several admins in sparse mode
-    Given a local mode chef repo with nodes 'one,two' with admins 'alice,bob'
-    And I create a vault item 'test/item' with keys in sparse mode containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' with 'alice' as admin
-    Then the vault item 'test/item' should be encrypted for 'one,two' with keys in sparse mode
-    And the vault item 'test/item' should not be encrypted for 'three' with keys in sparse mode
-    And 'one,two' should be a client for the vault item 'test/item'
-    And 'three' should not be a client for the vault item 'test/item'
-    And 'alice' should be an admin for the vault item 'test/item'
-    And 'bob' should not be an admin for the vault item 'test/item'
-
-  Scenario: create vault with an unknown admin
-    Given a local mode chef repo with nodes 'one,two'
-    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' with 'alice' as admin
-    Then the exit status should not be 0
-    And the output should contain "FATAL: Could not find default key for alice in users or clients!"

data/features/vault_list.feature

@@ -1,31 +0,0 @@
-Feature: list data bags that are vaults
-  knife vault list should list all data bags that appear to
-  be vaults.  This is not an exact science; we assume that
-  any data bag containing an even number of items and for
-  which all items are pairs of thing/thing_keys is a vault
-
-  Scenario: List bags that are vaults
-    Given a local mode chef repo with nodes 'one,two,three'
-    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three'
-    And I list the vaults
-    Then the output should match /(?m:^test$)/
-
-  Scenario: List bags that are vaults with keys in sparse mode
-    Given a local mode chef repo with nodes 'one,two,three'
-    And I create a vault item 'test/item' with keys in sparse mode containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three'
-    And I list the vaults
-    Then the output should match /(?m:^test$)/
-
-  Scenario: Skip data bags that are not vaults
-    Given a local mode chef repo with nodes 'one,two,three'
-    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three'
-    And I create a data bag 'lessthantwokeys' containing the JSON '{"id": "item", "foo": "bar"}'
-    And I create a data bag 'oddnumberofkeys' containing the JSON '{"id": "item", "one": 1, "two": 2, "three":3}'
-    And I create a data bag 'unbalanced' containing the JSON '{"id": "item", "one": 1, "one_keys": 1, "two_keys": 1, "three_keys": 1}'
-    And I create a data bag 'mismatched' containing the JSON '{"id": "item", "one": 1, "one_keys": 1, "two_keys": 1, "three": 1}'
-    And I list the vaults
-    Then the output should match /(?m:^test$)/
-    And the output should not match /(?m:^lessthantwokeys$)/
-    And the output should not match /(?m:^oddnumberofkeys$)/
-    And the output should not match /(?m:^unbalanced$)/
-    And the output should not match /(?m:^mismatched$)/

data/features/vault_show.feature

@@ -1,45 +0,0 @@
-Feature: knife vault show
-  'knife vault show' displays the contents of a Chef encrypted
-  data bag by fetching the asymmetrically encrypted shared
-  secret and decrypting it using the private key of the user
-  or node
-
-  Scenario: successful decrypt as admin
-    Given a local mode chef repo with nodes 'one,two,three' with admins 'alice,bob'
-    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' with 'alice' as admin
-    Then the vault item 'test/item' should be encrypted for 'one,two,three,alice'
-    And 'one,two,three' should be a client for the vault item 'test/item'
-    And 'alice' should be an admin for the vault item 'test/item'
-    And 'bob' should not be an admin for the vault item 'test/item'
-    And I can decrypt the vault item 'test/item' as 'alice'
-    And the output should match /^foo: bar$/
-
-  Scenario: successful decrypt as node
-    Given a local mode chef repo with nodes 'one,two,three' with admins 'alice,bob'
-    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' with 'alice' as admin
-    Then the vault item 'test/item' should be encrypted for 'one,two,three,alice'
-    And 'one,two,three' should be a client for the vault item 'test/item'
-    And 'alice' should be an admin for the vault item 'test/item'
-    And 'bob' should not be an admin for the vault item 'test/item'
-    And I can decrypt the vault item 'test/item' as 'two'
-    And the output should match /^foo: bar$/
-
-  Scenario: failed decrypt as admin
-    Given a local mode chef repo with nodes 'one,two,three' with admins 'alice,bob'
-    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' with 'alice' as admin
-    Then the vault item 'test/item' should be encrypted for 'one,two,three,alice'
-    And 'one,two,three' should be a client for the vault item 'test/item'
-    And 'alice' should be an admin for the vault item 'test/item'
-    And 'bob' should not be an admin for the vault item 'test/item'
-    And I can't decrypt the vault item 'test/item' as 'bob'
-    And the output should contain "test/item is not encrypted with your public key"
-
-  Scenario: failed decrypt as node
-    Given a local mode chef repo with nodes 'one,two,three' with admins 'alice,bob'
-    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two' with 'alice' as admin
-    Then the vault item 'test/item' should be encrypted for 'one,two,alice'
-    And 'one,two' should be a client for the vault item 'test/item'
-    And 'alice' should be an admin for the vault item 'test/item'
-    And 'bob' should not be an admin for the vault item 'test/item'
-    And I can't decrypt the vault item 'test/item' as 'three'
-    And the output should contain "test/item is not encrypted with your public key"

data/features/vault_show_vaultname.feature

@@ -1,21 +0,0 @@
-Feature: knife vault show [VAULTNAME]
-  'knife vault show [VAULTNAME]' displays the keys of a vault
-  (i.e. the items that are not suffixed with _keys)
-
-  Scenario: show keys of a vault
-    Given a local mode chef repo with nodes 'one,two,three'
-    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three'
-    And I create a vault item 'test/item2' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three'
-    Then the vault item 'test/item' should be encrypted for 'one,two,three'
-    And 'one,two,three' should be a client for the vault item 'test/item'
-    And I show the keys of the vault 'test'
-    Then the output should match /(?m:^item$)/
-    And the output should match /(?m:^item2$)/
-    And the output should not match /(?m:^item_keys$)/
-    And the output should not match /(?m:^item2_keys$)/
-
-  Scenario: show keys of a data bag that is not a vault
-    Given a local mode chef repo with nodes 'one,two,three'
-    And I create a data bag 'notavault' containing the JSON '{"id": "item", "foo": "bar"}'
-    And I show the keys of the vault 'notavault'
-    Then the output should match /data bag notavault is not a chef-vault/

data/features/vault_update.feature

@@ -1,18 +0,0 @@
-Feature: knife vault update
-  'knife vault update' is used to add clients, or administrators
-  and to re-run the search query and update the vault's item values.
-
-  Scenario: add admin to a vault
-    Given a local mode chef repo with nodes 'one,two,three' with admins 'alice,bob'
-    When I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' with 'alice' as admin
-    Then the vault item 'test/item' should be encrypted for 'one,two,three'
-      And 'one,two,three' should be a client for the vault item 'test/item'
-      And 'alice' should be an admin for the vault item 'test/item'
-      And I can decrypt the vault item 'test/item' as 'alice'
-      But I can't decrypt the vault item 'test/item' as 'bob'
-      And I can save the JSON object of the encrypted data bag for the vault item 'test/item'
-    When I add 'bob' as an admin for the vault item 'test/item'
-    Then 'alice,bob' should be an admin for the vault item 'test/item'
-      And I can decrypt the vault item 'test/item' as 'alice'
-      And I can decrypt the vault item 'test/item' as 'bob'
-      And the data bag of the vault item 'test/item' has not been re-encrypted

data/features/verify_id_matches.feature

@@ -1,10 +0,0 @@
-Feature: knife vault create with mismatched ID
-  'knife vault create' creates a vault.  A JSON file can be passed
-  on the command line.  If the vault ID specified on the command line
-  does not match the value of the 'id' key in the JSON file, knife
-  should throw an error
-
-  Scenario: create vault from JSON file with mismatched ID
-    Given a local mode chef repo with nodes 'one,two,three'
-    And I create a vault item 'test/item' containing the JSON '{"id": "eyetem"}' encrypted for 'one,two,three'
-    Then the output should match /id mismatch - input JSON has id 'eyetem' but vault item has id 'item'/

data/features/wrong_private_key.feature

@@ -1,13 +0,0 @@
-Feature: Wrong private key during decrypt
-  https://github.com/Nordstrom/chef-vault/issues/43
-  If a vault is encrypted for a node and then the node's private
-  key is regenerated, the error that comes back from chef-vault
-  should be informative, not a lower-level error from OpenSSL
-  like 'OpenSSL::PKey::RSAError: padding check failed'
-
-  Scenario: Regenerate node key and attempt decrypt
-    Given a local mode chef repo with nodes 'one,two'
-    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two'
-    And I regenerate the client key for the node 'one'
-    And I try to decrypt the vault item 'test/item' as 'one'
-    Then the output should match /is encrypted for you, but your private key failed to decrypt the contents/

data/hooks/pre-commit

@@ -1,43 +0,0 @@
-#!/usr/bin/env ruby
-output = `bundle exec chefstyle -a`
-if !$?.success?
-  puts "pre-commit hook: Tried to run `bundle exec chefstyle -a` to autocleanup errors, but it failed with output:"
-  puts output
-end
-
-detected  = /(\d+) offenses detected/.match(output)
-corrected = /(\d+) offenses corrected/.match(output)
-
-# no errors detected by chefstyle
-exit 0 if detected.nil?
-
-# chefstyle found errors
-if !detected.nil?
-  # get the first result from the capture group that isn't the whole capture
-  num_detected = detected.to_a[1].to_i
-  num_corrected = if corrected.nil?
-                    0
-                  else
-                    corrected.to_a[1].to_i
-                  end
-  if num_detected == num_corrected
-    puts <<EOF
-pre-commit hook: Ran `bundle exec chefstyle -a` to autocleanup errors if any existed and
-#{num_detected} were detected, but all were cleaned up. `git add` all files that were
-autoupdated and try commiting again. New git status:
-
-EOF
-    puts `git status`
-  else
-    puts <<EOF
-pre-commit hook: Ran `bundle exec chefstyle -a` to autocleanup errors if any existed and
-#{num_detected} were detected, but #{num_detected - num_corrected} could not be cleaned up
-automatically. Run:
-
-bundle exec chefstyle -a
-
-to see remaining errors to clean up by hand, add all updated files, and try commiting again.
-EOF
-  end
-  exit 1
-end

data/spec/chef-vault/actor_spec.rb

@@ -1,247 +0,0 @@
-require "spec_helper"
-
-RSpec.describe ChefVault::Actor do
-  let(:actor_name) { "actor" }
-  let(:public_key_string) do
-    "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyMXT9IOV9pkQsxsnhSx8\n8RX6GW3caxkjcXFfHg6E7zUVBFAsfw4B1D+eHAks3qrDB7UrUxsmCBXwU4dQHaQy\ngAn5Sv0Jc4CejDNL2EeCBLZ4TF05odHmuzyDdPkSZP6utpR7+uF7SgVQedFGySIB\nih86aM+HynhkJqgJYhoxkrdo/JcWjpk7YEmWb6p4esnvPWOpbcjIoFs4OjavWBOF\niTfpkS0SkygpLi/iQu9RQfd4hDMWCc6yh3Th/1nVMUd+xQCdUK5wxluAWSv8U0zu\nhiIlZNazpCGHp+3QdP3f6rebmQA8pRM8qT5SlOvCYPk79j+IMUVSYrR4/DTZ+VM+\naQIDAQAB\n-----END PUBLIC KEY-----\n"
-  end
-
-  let(:key_response) do
-    {
-      "name" => "default",
-      "public_key" => "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyMXT9IOV9pkQsxsnhSx8\n8RX6GW3caxkjcXFfHg6E7zUVBFAsfw4B1D+eHAks3qrDB7UrUxsmCBXwU4dQHaQy\ngAn5Sv0Jc4CejDNL2EeCBLZ4TF05odHmuzyDdPkSZP6utpR7+uF7SgVQedFGySIB\nih86aM+HynhkJqgJYhoxkrdo/JcWjpk7YEmWb6p4esnvPWOpbcjIoFs4OjavWBOF\niTfpkS0SkygpLi/iQu9RQfd4hDMWCc6yh3Th/1nVMUd+xQCdUK5wxluAWSv8U0zu\nhiIlZNazpCGHp+3QdP3f6rebmQA8pRM8qT5SlOvCYPk79j+IMUVSYrR4/DTZ+VM+\naQIDAQAB\n-----END PUBLIC KEY-----\n",
-      "expiration_date" => "infinity",
-    }
-  end
-
-  let(:http_response_code) do
-    "404"
-  end
-
-  let(:http_error) do
-    http_response = double("http error")
-    allow(http_response).to receive(:code).and_return(http_response_code)
-    Net::HTTPServerException.new("http error message", http_response)
-  end
-
-  let(:api) { double("api") }
-
-  subject(:chef_key) { described_class.new(actor_type, actor_name) }
-
-  describe "#new" do
-    context "when something besides 'clients' or 'users' is passed" do
-      let(:actor_type) { "charmander" }
-      it "throws an error" do
-        expect { described_class.new("charmander", actor_name) }.to raise_error(RuntimeError)
-      end
-    end
-
-    context "when 'clients' is passed" do
-      it "requests a client key" do
-        expect_any_instance_of(described_class).to receive(:get_client_key)
-        described_class.new("clients", actor_name).key
-      end
-    end
-
-    context "when 'admins' is passed" do
-      it "requests a admin key" do
-        expect_any_instance_of(described_class).to receive(:get_admin_key)
-        described_class.new("admins", actor_name).key
-      end
-    end
-  end
-
-  shared_examples_for "get_key_handling" do
-    context "when the default key exists for the requested client" do
-      it "sets up a valid key" do
-        expect(chef_key).to receive(:get_key).with(request_actor_type).and_return(public_key_string)
-        expect(chef_key.send(method)).to eq(public_key_string)
-      end
-    end
-
-    context "when get_key returns an http error" do
-      before do
-        allow(chef_key).to receive(:get_key).with(request_actor_type).and_raise(http_error)
-      end
-
-      context "when the error code is not 404 or 403" do
-        let(:http_response_code) { "500" }
-
-        it "raises the original error" do
-          expect { chef_key.send(method) }.to raise_error(http_error)
-        end
-      end
-
-      context "when the error code is 403" do
-        let(:http_response_code) { "403" }
-
-        it "prints information for the user to resolve the issue and raises the original error" do
-          expect(chef_key).to receive(:print_forbidden_error)
-          expect { chef_key.send(method) }.to raise_error(http_error)
-        end
-      end
-    end
-  end
-
-  describe "#get_client_key" do
-    let(:request_actor_type) { "clients" }
-    let(:actor_type) { "clients" }
-    let(:method) { :get_client_key }
-
-    it_should_behave_like "get_key_handling"
-
-    context "when get_key returns an http error" do
-      before do
-        allow(chef_key).to receive(:get_key).with(actor_type).and_raise(http_error)
-      end
-
-      context "when the error code is 404" do
-        let(:http_response_code) { "404" }
-
-        it "raises ChefVault::Exceptions::ClientNotFound" do
-          expect { chef_key.get_client_key }.to raise_error(ChefVault::Exceptions::ClientNotFound)
-        end
-      end
-    end
-  end # get_client_key
-
-  describe "#get_admin_key" do
-    let(:request_actor_type) { "users" }
-    let(:actor_type) { "admins" }
-    let(:method) { :get_admin_key }
-
-    it_should_behave_like "get_key_handling"
-
-    context "when the first get_key for users returns an http error" do
-      before do
-        allow(chef_key).to receive(:get_key).with(request_actor_type).and_raise(http_error)
-      end
-
-      context "when the error code from the users get is a 404" do
-        let(:http_response_code) { "404" }
-
-        context "when the second get_key for clients returns an http error" do
-
-          let(:http_error_2) do
-            http_response = double("http error")
-            allow(http_response).to receive(:code).and_return(http_response_code_2)
-            Net::HTTPServerException.new("http error message", http_response)
-          end
-
-          before do
-            allow(chef_key).to receive(:get_key).with("clients").and_raise(http_error_2)
-          end
-
-          context "when it is a 404" do
-            let(:http_response_code_2) { "404" }
-
-            it "rasies ChefVault::Exceptions::AdminNotFound" do
-              expect { chef_key.get_admin_key }.to raise_error(ChefVault::Exceptions::AdminNotFound)
-            end
-          end
-
-          context "when it is a 403" do
-            let(:http_response_code_2) { "403" }
-
-            it "raises the original error" do
-              expect { chef_key.get_admin_key }.to raise_error(http_error_2)
-            end
-          end
-
-          context "when it is not a 404" do
-            let(:http_response_code_2) { "500" }
-
-            it "raises the original error" do
-              expect { chef_key.get_admin_key }.to raise_error(http_error_2)
-            end
-          end
-        end # when the second get_key for clients returns an http error
-
-        context "when the second get_key for clients exists with the same name as the admin requested" do
-          it "strangely returns the client key as an admin key" do
-            expect(chef_key).to receive(:get_key).with(request_actor_type).and_return(public_key_string)
-            expect(chef_key.send(method)).to eq(public_key_string)
-          end
-        end
-      end # when the first get_key for users returns an http erro
-    end
-  end # get_admin_key
-
-  describe "#get_key" do
-
-    shared_examples_for "a properly retrieved and error handled key fetch" do
-      # mock out the API
-      before do
-        allow(chef_key).to receive(:api).and_return(api)
-        [:rest_v0, :rest_v1, :org_scoped_rest_v0, :org_scoped_rest_v1].each do |method|
-          allow(api).to receive(method)
-        end
-      end
-
-      context "when keys/default returns 200 for org scoped endpoint" do
-        before do
-          allow(api.org_scoped_rest_v1).to receive(:get).with("#{request_actor_type}/#{actor_name}/keys/default").and_return(key_response)
-        end
-
-        it "returns the public_key" do
-          expect(chef_key.get_key(request_actor_type)).to eql(public_key_string)
-        end
-
-        it "hits the proper endpoint" do
-          expect(api.org_scoped_rest_v1).to receive(:get).with("#{request_actor_type}/#{actor_name}/keys/default")
-          chef_key.get_key(request_actor_type)
-        end
-      end
-
-      context "when a 500 is returned" do
-        let(:http_response_code) { "500" }
-        before do
-          allow(api.org_scoped_rest_v1).to receive(:get).with("#{request_actor_type}/#{actor_name}/keys/default").and_raise(http_error)
-        end
-
-        it "raises the http error" do
-          expect { chef_key.get_key(request_actor_type) }.to raise_error(http_error)
-        end
-      end
-
-      context "when keys/default returns 404" do
-        let(:http_response_code) { "404" }
-        let(:chef_object) { double("chef object") }
-
-        before do
-          allow(api.org_scoped_rest_v1).to receive(:get).with("#{request_actor_type}/#{actor_name}/keys/default").and_raise(http_error)
-          allow(chef_object_type).to receive(:load).with(actor_name).and_return(chef_object)
-          allow(chef_object).to receive(:public_key).and_return(public_key_string)
-        end
-
-        it "tries to load the object via Chef::<object>_v1" do
-          expect(chef_object_type).to receive(:load).with(actor_name)
-          chef_key.get_key(request_actor_type)
-        end
-
-        context "when the Chef::<object>_v1 object loads properly" do
-          it "returns the public key" do
-            expect(chef_key.get_key(request_actor_type)).to eql(public_key_string)
-          end
-        end
-      end
-    end # shared_examples_for
-
-    context "when a client is passed" do
-      let(:request_actor_type) { "clients" }
-      let(:actor_type) { "clients" }
-      let(:chef_object_type) { Chef::ApiClient }
-
-      it_behaves_like "a properly retrieved and error handled key fetch"
-    end
-
-    context "when an admin is passed" do
-      let(:request_actor_type) { "users" }
-      let(:actor_type) { "admins" }
-      let(:chef_object_type) { Chef::User }
-
-      it_behaves_like "a properly retrieved and error handled key fetch"
-    end
-
-  end
-end