chef-vault 3.0.0.rc1 → 3.0.0.rc2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 013e6523217845790623a20fd102c256e77b89fd
-  data.tar.gz: 0813f2bc7c28752f527da0e3b20bb8f22199debf
+  metadata.gz: a6dd267f10f94be45c16f2a088e476226b4b0cf5
+  data.tar.gz: 27fc5a1ee95c7be2ad1af5f967d4bbda96427b6a
 SHA512:
-  metadata.gz: 85295a103f851bbeed80e9c60eb167081576f9701d3bc05ff84d960c387f44c38dba856d329d572c8c7abf5a08a94f2d718eeec4c930a3e5ee8d396578f85a2b
-  data.tar.gz: c3b14961386e91c2aa572311f9da1c83ccf07f8e43fd74cfd16fed72c338c74950af5fd0b6e6f8077aa602ebbe31ae4338909547c05b27031032d6be9bebac4b
+  metadata.gz: 9397b282b2497e73b1fef2cb86f09f84df98bc9333513cd4648767436e15138f9c9cee187c56854ee3e2197a61ee992e6cdd4f502145b89d194eb428c0ccb07c
+  data.tar.gz: 6a978b6a18e4a1a4b4eb8e3ddd3ce48318126e3f152dd5080ee20e19993afece13540df9b33b9a64b6873b483876c9041653ba91739a64ca3d0bc94b632a4dfd

data/.gitignore

@@ -29,3 +29,5 @@ Gemfile.lock
 
 # unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
 .rvmrc
+
+.chef

data/Gemfile

@@ -2,6 +2,7 @@ source "https://rubygems.org/"
 
 group :development do
   gem "chefstyle", git: "https://github.com/chef/chefstyle.git"
+  gem "chef-zero"
 end
 
 group :changelog do

data/lib/chef-vault/item.rb

@@ -1,5 +1,6 @@
 # Author:: Kevin Moser <kevin.moser@nordstrom.com>
 # Copyright:: Copyright 2013-15, Nordstrom, Inc.
+# Copyright:: Copyright 2015-16, Chef Software, Inc.
 # License:: Apache License, Version 2.0
 
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -67,6 +68,7 @@ class ChefVault
       }.merge(opts)
       @node_name = opts[:node_name]
       @client_key_path = opts[:client_key_path]
+      @current_query = search
     end
 
     # private
@@ -75,39 +77,42 @@ class ChefVault
       @secret = secret
     end
 
-    def clients(search_or_client, action = :add)
-      if search_or_client.is_a?(Chef::ApiClient)
+    def clients(search_or_client = search_results, action = :add)
+      # for backwards compatibility, if we're handed a string
+      # do a search using that string and recurse
+      if search_or_client.is_a?(String)
+        clients(search_results(search_or_client), action)
+      elsif search_or_client.is_a?(Chef::ApiClient)
         handle_client_action(search_or_client, action)
-      elsif search_or_client.is_a?(Array)
+      else
         search_or_client.each do |name|
-          client = load_actor(name, "clients")
-          handle_client_action(client, action)
+          begin
+            client = load_actor(name, "clients")
+            handle_client_action(client, action)
+          rescue ChefVault::Exceptions::ClientNotFound
+            ChefVault::Log.warn "node '#{name}' has no private key; skipping"
+          end
         end
-      else
+      end
+    end
+
+    def search_results(statement = search)
+      @search_results = nil if statement != @current_query
+      @current_query = statement
+      @search_results ||= begin
         results_returned = false
+        results = []
         query = Chef::Search::Query.new
-        query.search(:node, search_or_client) do |node|
+        query.search(:node, statement, filter_result: { name: ["name"] }, rows: 100000) do |node|
           results_returned = true
-          case action
-          when :add
-            begin
-              client_key = load_actor(node.name, "clients")
-              add_client(client_key)
-            rescue ChefVault::Exceptions::ClientNotFound
-              ChefVault::Log.warn "node '#{node.name}' has no private key; skipping"
-            end
-          when :delete
-            delete_client_or_node(node)
-          else
-            raise ChefVault::Exceptions::KeysActionNotValid,
-                  "#{action} is not a valid action"
-          end
+          results << node["name"]
         end
 
         unless results_returned
           ChefVault::Log.warn "No clients were returned from search, you may not have "\
-                       "got what you expected!!"
+            "got what you expected!!"
         end
+        results
       end
     end
 
@@ -172,9 +177,7 @@ class ChefVault
         # admins, just clients which are nodes
         remove_unknown_nodes if clean_unknown_clients
         # re-encrypt the new shared secret for all remaining clients
-        get_clients.each do |client|
-          clients("name:#{client}")
-        end
+        clients(get_clients)
       end
 
       unless get_admins.empty?
@@ -211,7 +214,7 @@ class ChefVault
       encrypt! unless @encrypted
 
       # Now save the encrypted data
-      if Chef::Config[:solo]
+      if Chef::Config[:solo_legacy_mode]
         save_solo(item_id)
       else
         begin
@@ -257,7 +260,7 @@ class ChefVault
     def destroy
       keys.destroy
 
-      if Chef::Config[:solo]
+      if Chef::Config[:solo_legacy_mode]
         data_bag_path = File.join(Chef::Config[:data_bag_path],
                                   data_bag)
         data_bag_item_path = File.join(data_bag_path, @raw_data["id"])
@@ -362,7 +365,7 @@ class ChefVault
       remove_unknown_nodes if clean_unknown_clients
 
       # re-process the search query to add new clients
-      clients(search)
+      clients
 
       # save the updated keys only
       save_keys(@raw_data["id"])
@@ -413,14 +416,10 @@ class ChefVault
     # @param nodename [String] the name of the node
     # @return [Boolean] whether the node exists or not
     def node_exists?(nodename)
-      # the node does not exist if a search for the node with that
-      # name returns no results
-      query = Chef::Search::Query.new
-      numresults = query.search(:node, "name:#{nodename}")[2]
-      return false unless numresults > 0
-      # if the node search does return results, predicate node
-      # existence on the existence of a like-named client
-      client_exists?(nodename)
+      # if we don't have a client it really doesn't matter if we have a node.
+      if client_exists?(nodename)
+        search_results.include?(nodename)
+      end
     end
 
     # checks if a client exists on the Chef server.  If we get back
@@ -429,13 +428,11 @@ class ChefVault
     # @param clientname [String] the name of the client
     # @return [Boolean] whether the client exists or not
     def client_exists?(clientname)
-      begin
-        Chef::ApiClient.load(clientname)
-      rescue Net::HTTPServerException => http_error
-        return false if http_error.response.code == "404"
-        raise http_error
-      end
+      Chef::ApiClient.load(clientname)
       true
+    rescue Net::HTTPServerException => http_error
+      return false if http_error.response.code == "404"
+      raise http_error
     end
 
     # adds or deletes an API client from the vault item keys
@@ -448,7 +445,7 @@ class ChefVault
         client = load_actor(api_client.name, "clients")
         add_client(client)
       when :delete
-        delete_client_or_node(api_client)
+        delete_client_or_node(api_client.name)
       end
     end
 
@@ -460,10 +457,10 @@ class ChefVault
     end
 
     # removes a client to the vault item keys
-    # @param client_or_node [Chef::ApiClient, Chef::Node] the API client or node to remove
+    # @param client_or_node [String] the name of the API client or node to remove
     # @return [void]
-    def delete_client_or_node(client_or_node)
-      client = load_actor(client_or_node.name, "clients")
+    def delete_client_or_node(name)
+      client = load_actor(name, "clients")
       keys.delete(client)
     end
   end

data/lib/chef-vault/item_keys.rb

@@ -28,9 +28,33 @@ class ChefVault
       @raw_data["admins"] = []
       @raw_data["clients"] = []
       @raw_data["search_query"] = []
+      @raw_data["mode"] = "default"
+      @cache = {} # write-back cache for keys
+    end
+
+    def [](key)
+      # return options immediately
+      return @raw_data[key] if %w{id admins clients search_query mode}.include?(key)
+      # check if the key is in the write-back cache
+      ckey = @cache[key]
+      return ckey unless ckey.nil?
+      # check if the key is saved in sparse mode
+      skey = sparse_key(sparse_id(key))
+      if skey
+        skey[key]
+      else
+        # fallback to raw data
+        @raw_data[key]
+      end
     end
 
     def include?(key)
+      # check if the key is in the write-back cache
+      ckey = @cache[key]
+      return (ckey ? true : false) unless ckey.nil?
+      # check if the key is saved in sparse mode
+      return true unless sparse_key(sparse_id(key)).nil?
+      # fallback to non-sparse mode if sparse key is not found
       @raw_data.keys.include?(key)
     end
 
@@ -40,16 +64,24 @@ class ChefVault
         raise ChefVault::Exceptions::V1Format,
               "cannot manage a v1 vault.  See UPGRADE.md for help"
       end
-      self[chef_key.name] = ChefVault::ItemKeys.encode_key(chef_key.key, data_bag_shared_secret)
+      @cache[chef_key.name] = ChefVault::ItemKeys.encode_key(chef_key.key, data_bag_shared_secret)
       @raw_data[type] << chef_key.name unless @raw_data[type].include?(chef_key.name)
       @raw_data[type]
     end
 
     def delete(chef_key)
-      raw_data.delete(chef_key.name)
+      @cache[chef_key.name] = false
       raw_data[chef_key.type].delete(chef_key.name)
     end
 
+    def mode(mode = nil)
+      if mode
+        @raw_data["mode"] = mode
+      else
+        @raw_data["mode"]
+      end
+    end
+
     def search_query(search_query = nil)
       if search_query
         @raw_data["search_query"] = search_query
@@ -67,9 +99,8 @@ class ChefVault
     end
 
     def save(item_id = @raw_data["id"])
-      if Chef::Config[:solo]
-        save_solo(item_id)
-      else
+      # create data bag if not running in solo mode
+      unless Chef::Config[:solo_legacy_mode]
         begin
           Chef::DataBag.load(data_bag)
         rescue Net::HTTPServerException => http_error
@@ -79,13 +110,57 @@ class ChefVault
             chef_data_bag.create
           end
         end
+      end
 
+      # write cached keys to data
+      @cache.each do |key, val|
+        # delete across all modes on key deletion
+        if val == false
+          # sparse mode key deletion
+          if Chef::Config[:solo_legacy_mode]
+            delete_solo(sparse_id(key))
+          else
+            begin
+              Chef::DataBagItem.from_hash("data_bag" => data_bag,
+                                          "id" => sparse_id(key))
+                               .destroy(data_bag, sparse_id(key))
+            rescue Net::HTTPServerException => http_error
+              raise http_error unless http_error.response.code == "404"
+            end
+          end
+          # default mode key deletion
+          @raw_data.delete(key)
+        else
+          if @raw_data["mode"] == "sparse"
+            # sparse mode key creation
+            skey = Chef::DataBagItem.from_hash(
+              "data_bag" => data_bag,
+              "id" => sparse_id(key),
+              key => val
+            )
+            if Chef::Config[:solo_legacy_mode]
+              save_solo(skey.id, skey.raw_data)
+            else
+              skey.save
+            end
+          else
+            # default mode key creation
+            @raw_data[key] = val
+          end
+        end
+      end
+      # save raw data
+      if Chef::Config[:solo_legacy_mode]
+        save_solo(item_id)
+      else
         super
       end
+      # clear write-back cache
+      @cache = {}
     end
 
     def destroy
-      if Chef::Config[:solo]
+      if Chef::Config[:solo_legacy_mode]
         data_bag_path = File.join(Chef::Config[:data_bag_path],
                                   data_bag)
         data_bag_item_path = File.join(data_bag_path, @raw_data["id"])
@@ -129,6 +204,22 @@ class ChefVault
 
     # @private
 
+    def sparse_id(key, item_id = @raw_data["id"])
+      "#{item_id}_key_#{key}"
+    end
+
+    def sparse_key(sid)
+      if Chef::Config[:solo_legacy_mode]
+        load_solo(sid)
+      else
+        begin
+          Chef::DataBagItem.load(@data_bag, sid)
+        rescue Net::HTTPServerException => http_error
+          nil if http_error.response.code == "404"
+        end
+      end
+    end
+
     def self.encode_key(key_string, data_bag_shared_secret)
       public_key = OpenSSL::PKey::RSA.new(key_string)
       Base64.encode64(public_key.public_encrypt(data_bag_shared_secret))

data/lib/chef-vault/mixins.rb

@@ -22,7 +22,7 @@ class ChefVault
       [data_bag_path, data_bag_item_path]
     end
 
-    def save_solo(item_id = @raw_data["id"])
+    def save_solo(item_id = @raw_data["id"], raw_data = @raw_data)
       data_bag_path, data_bag_item_path = find_solo_path(item_id)
 
       FileUtils.mkdir(data_bag_path) unless File.exist?(data_bag_path)
@@ -32,5 +32,15 @@ class ChefVault
 
       raw_data
     end
+
+    def delete_solo(item_id = @raw_data["id"])
+      _data_bag_path, data_bag_item_path = find_solo_path(item_id)
+      FileUtils.rm(data_bag_item_path) if File.exist?(data_bag_item_path)
+    end
+
+    def load_solo(item_id = @raw_data["id"])
+      _data_bag_path, data_bag_item_path = find_solo_path(item_id)
+      JSON.parse(File.read(data_bag_item_path)) if File.exist?(data_bag_item_path)
+    end
   end
 end

data/lib/chef-vault/version.rb

@@ -15,6 +15,6 @@
 # limitations under the License.
 
 class ChefVault
-  VERSION = "3.0.0.rc1"
+  VERSION = "3.0.0.rc2"
   MAJOR, MINOR, TINY = VERSION.split(".")
 end

data/lib/chef/knife/mixin/helper.rb

@@ -18,9 +18,9 @@ class ChefVault
     module Helper
       def set_mode(mode)
         if mode == "client"
-          Chef::Config[:solo] = false
+          Chef::Config[:solo_legacy_mode] = false
         else
-          Chef::Config[:solo] = true
+          Chef::Config[:solo_legacy_mode] = true
         end
       end
 

data/lib/chef/knife/vault_create.rb

@@ -88,7 +88,7 @@ class Chef
             end
 
             vault_item.search(search) if search
-            vault_item.clients(search) if search
+            vault_item.clients if search
             vault_item.clients(clients) if clients
             vault_item.admins(admins) if admins
 

data/lib/chef/knife/vault_update.rb

@@ -79,7 +79,7 @@ class Chef
             end
 
             vault_item.search(search) if search
-            vault_item.clients(search) if search
+            vault_item.clients if search
             vault_item.clients(clients) if clients
             vault_item.admins(admins) if admins
 

data/spec/chef-vault/item_keys_spec.rb

@@ -2,6 +2,9 @@ RSpec.describe ChefVault::ItemKeys do
   describe "#new" do
     let(:keys) { ChefVault::ItemKeys.new("foo", "bar") }
     let(:shared_secret) { "super_secret" }
+    let(:public_key_string) do
+      "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyMXT9IOV9pkQsxsnhSx8\n8RX6GW3caxkjcXFfHg6E7zUVBFAsfw4B1D+eHAks3qrDB7UrUxsmCBXwU4dQHaQy\ngAn5Sv0Jc4CejDNL2EeCBLZ4TF05odHmuzyDdPkSZP6utpR7+uF7SgVQedFGySIB\nih86aM+HynhkJqgJYhoxkrdo/JcWjpk7YEmWb6p4esnvPWOpbcjIoFs4OjavWBOF\niTfpkS0SkygpLi/iQu9RQfd4hDMWCc6yh3Th/1nVMUd+xQCdUK5wxluAWSv8U0zu\nhiIlZNazpCGHp+3QdP3f6rebmQA8pRM8qT5SlOvCYPk79j+IMUVSYrR4/DTZ+VM+\naQIDAQAB\n-----END PUBLIC KEY-----\n"
+    end
 
     it "'foo' is assigned to @data_bag" do
       expect(keys.data_bag).to eq "foo"
@@ -19,10 +22,7 @@ RSpec.describe ChefVault::ItemKeys do
       expect(keys["admins"]).to eq []
     end
 
-    describe "key mgmt operations" do
-      let(:public_key_string) do
-        "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyMXT9IOV9pkQsxsnhSx8\n8RX6GW3caxkjcXFfHg6E7zUVBFAsfw4B1D+eHAks3qrDB7UrUxsmCBXwU4dQHaQy\ngAn5Sv0Jc4CejDNL2EeCBLZ4TF05odHmuzyDdPkSZP6utpR7+uF7SgVQedFGySIB\nih86aM+HynhkJqgJYhoxkrdo/JcWjpk7YEmWb6p4esnvPWOpbcjIoFs4OjavWBOF\niTfpkS0SkygpLi/iQu9RQfd4hDMWCc6yh3Th/1nVMUd+xQCdUK5wxluAWSv8U0zu\nhiIlZNazpCGHp+3QdP3f6rebmQA8pRM8qT5SlOvCYPk79j+IMUVSYrR4/DTZ+VM+\naQIDAQAB\n-----END PUBLIC KEY-----\n"
-      end
+    shared_context "key mgmt operations" do
 
       shared_examples_for "proper key management" do
         let(:chef_key) { ChefVault::Actor.new(type, name) }
@@ -41,6 +41,7 @@ RSpec.describe ChefVault::ItemKeys do
             keys.add(chef_key, shared_secret)
             expect(keys[name]).to eq("encrypted_result")
             expect(keys[type].include?(name)).to eq(true)
+            expect(keys.include?(name)).to eq(true)
           end
         end
 
@@ -53,6 +54,7 @@ RSpec.describe ChefVault::ItemKeys do
             keys.delete(chef_key)
             expect(keys.has_key?(chef_key.name)).to eq(false)
             expect(keys[type].include?(name)).to eq(false)
+            expect(keys.include?(name)).to eq(false)
           end
         end
       end
@@ -70,7 +72,52 @@ RSpec.describe ChefVault::ItemKeys do
       end
     end
 
+    context "when running with chef-zero" do
+      let(:server) { chef_zero }
+      before { server.start_background }
+      after  { server.stop }
+
+      include_context "key mgmt operations"
+
+      describe "#save" do
+        let(:client_name) { "client_name" }
+        let(:chef_key)    { ChefVault::Actor.new("clients", client_name) }
+
+        before do
+          allow(chef_key).to receive(:key) { public_key_string }
+        end
+
+        it "should save the key data" do
+          keys.add(chef_key, shared_secret)
+          keys.save("bar")
+          expect(Chef::DataBagItem.load("foo", "bar").to_hash).to include("id" => "bar")
+          expect(keys[client_name]).not_to be_empty
+          keys.delete(chef_key)
+          keys.save("bar")
+          expect(keys[client_name]).to be_nil
+        end
+
+        it "should save the key data in sparse mode" do
+          keys.add(chef_key, shared_secret)
+          keys.mode("sparse")
+          keys.save("bar")
+          expect(Chef::DataBagItem.load("foo", "bar").to_hash).to include("id" => "bar")
+          expect(Chef::DataBagItem.load("foo", "bar_key_client_name").to_hash).to include("id" => "bar_key_client_name")
+          expect(keys[client_name]).not_to be_empty
+          keys.delete(chef_key)
+          keys.save("bar")
+          expect(keys[client_name]).to be_nil
+          keys.mode("default")
+        end
+      end
+    end
+
     context "when running with chef-solo" do
+      before { Chef::Config[:solo_legacy_mode] = true  }
+      after  { Chef::Config[:solo_legacy_mode] = false }
+
+      include_context "key mgmt operations"
+
       describe "#find_solo_path" do
         context "when data_bag_path is an array" do
           before do
@@ -103,16 +150,36 @@ RSpec.describe ChefVault::ItemKeys do
       end
 
       describe "#save" do
+        let(:client_name)   { "client_name" }
+        let(:chef_key)      { ChefVault::Actor.new("clients", client_name) }
         let(:data_bag_path) { Dir.mktmpdir("vault_item_keys") }
+
         before do
-          Chef::Config[:solo] = true
           Chef::Config[:data_bag_path] = data_bag_path
+          allow(chef_key).to receive(:key) { public_key_string }
         end
 
         it "should save the key data" do
-          expect(File).to receive(:exist?).with(File.join(data_bag_path, "foo")).and_call_original
+          keys.add(chef_key, shared_secret)
+          keys.save("bar")
+          expect(File.read(File.join(data_bag_path, "foo", "bar.json"))).to match(/"id":.*"bar"/)
+          expect(keys[client_name]).not_to be_empty
+          keys.delete(chef_key)
+          keys.save("bar")
+          expect(keys[client_name]).to be_nil
+        end
+
+        it "should save the key data in sparse mode" do
+          keys.add(chef_key, shared_secret)
+          keys.mode("sparse")
           keys.save("bar")
           expect(File.read(File.join(data_bag_path, "foo", "bar.json"))).to match(/"id":.*"bar"/)
+          expect(File.read(File.join(data_bag_path, "foo", "bar_key_client_name.json"))).to match(/"id":.*"bar_key_client_name"/)
+          expect(keys[client_name]).not_to be_empty
+          keys.delete(chef_key)
+          keys.save("bar")
+          expect(keys[client_name]).to be_nil
+          keys.mode("default")
         end
       end
     end

data/spec/chef-vault/item_spec.rb

@@ -172,6 +172,7 @@ RSpec.describe ChefVault::Item do
   end
 
   describe "#refresh" do
+    let(:node) { { "name" => "testnode" } }
 
     it "saves only the keys" do
       keys = double("keys",
@@ -184,7 +185,6 @@ RSpec.describe ChefVault::Item do
 
       item = ChefVault::Item.new("foo", "bar")
 
-      node  = double("node", name: "testnode")
       query = double("query")
       allow(Chef::Search::Query).to receive(:new).and_return(query)
       allow(query).to receive(:search).and_yield(node)
@@ -202,14 +202,13 @@ RSpec.describe ChefVault::Item do
 
   describe "#clients" do
     context "when search returns a node with a valid client backing it and one without a valid client" do
-      let(:node_with_valid_client) { double("chef node valid") }
-      let(:node_without_valid_client) { double("chef node no valid client") }
+      let(:node_with_valid_client) { { "name" => "foo" } }
+      let(:node_without_valid_client) { { "name" => "bar" } }
       let(:query_result) { double("chef search results") }
       let(:client_key) { double("chef key") }
 
       before do
         # node with valid client proper loads client key
-        allow(node_with_valid_client).to receive(:name).and_return("foo")
         allow(item).to receive(:load_actor).with("foo", "clients").and_return(client_key)
         privkey = OpenSSL::PKey::RSA.new(1024)
         pubkey = privkey.public_key
@@ -218,12 +217,11 @@ RSpec.describe ChefVault::Item do
         allow(client_key).to receive(:type).and_return("clients")
 
         # node without client throws relevant error on key load
-        allow(node_without_valid_client).to receive(:name).and_return("bar")
         allow(item).to receive(:load_actor).with("bar", "clients").and_raise(ChefVault::Exceptions::ClientNotFound)
 
         allow(query_result)
           .to receive(:search)
-          .with(Symbol, String)
+          .with(Symbol, String, Hash)
           .and_yield(node_with_valid_client).and_yield(node_without_valid_client)
         allow(Chef::Search::Query)
           .to receive(:new)
@@ -306,7 +304,7 @@ RSpec.describe ChefVault::Item do
       end
 
       context "when no action is passed" do
-        it "default to add and properly add the client" do
+        it "defaults to add and properly adds the client" do
           item.clients(clients)
           expect(item.get_clients).to include(client_name)
         end

data/spec/chef-vault_spec.rb

@@ -1,3 +1,33 @@
+#
+# Helper for configuring the Chef Zero server
+# (inspired by ChefSpec)
+#
+def chef_zero
+  require "socket"
+  require "tmpdir"
+  require "fileutils"
+  require "chef_zero/server"
+  # Find a free TCP port
+  server = TCPServer.new("127.0.0.1", 0)
+  port = server.addr[1].to_i
+  server.close
+  # Define a Chef Zero Server
+  server = ChefZero::Server.new(port: port)
+  # Write the private key
+  tmp = Dir.mktmpdir
+  key = File.join(tmp, "client.pem")
+  File.write(key, ChefZero::PRIVATE_KEY)
+  # Configure the server
+  Chef::Config[:client_key]      = key
+  Chef::Config[:client_name]     = "chefvault"
+  Chef::Config[:node_name]       = "chefvault"
+  Chef::Config[:chef_server_url] = server.url
+  # Exit handlers
+  at_exit { FileUtils.rm_rf(tmp) }
+  at_exit { server.stop if server.running? }
+  server
+end
+
 RSpec.describe ChefVault do
   let(:vault) { ChefVault.new("foo") }
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chef-vault
 version: !ruby/object:Gem::Version
-  version: 3.0.0.rc1
+  version: 3.0.0.rc2
 platform: ruby
 authors:
 - Thom May
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-10-21 00:00:00.000000000 Z
+date: 2016-12-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake