chef 10.16.6 → 10.18.0.rc.1

data/spec/functional/knife/ssh_spec.rb

@@ -23,6 +23,7 @@ describe Chef::Knife::Ssh do
 
   before(:all) do
     @original_config = Chef::Config.hash_dup
+    @original_knife_config = Chef::Config[:knife].dup
     Chef::Knife::Ssh.load_deps
     @server = TinyServer::Manager.new
     @server.start
@@ -30,6 +31,7 @@ describe Chef::Knife::Ssh do
 
   after(:all) do
     Chef::Config.configuration = @original_config
+    Chef::Config[:knife] = @original_knife_config
     @server.stop
   end
 
@@ -89,6 +91,19 @@ describe Chef::Knife::Ssh do
     end
   end
 
+  describe "port" do
+    context "when -p 31337 is provided" do
+      before do
+        setup_knife(['-p 31337', '*:*', 'uptime'])
+      end
+
+      it "uses the ssh_port" do
+        @knife.run
+        @knife.config[:ssh_port].should == "31337"
+      end
+    end
+  end
+
   describe "user" do
     context "when knife[:ssh_user] is set" do
       before do
@@ -192,9 +207,52 @@ describe Chef::Knife::Ssh do
     end
   end
 
+  describe "gateway" do
+    context "when knife[:ssh_gateway] is set" do
+      before do
+        setup_knife(['*:*', 'uptime'])
+        Chef::Config[:knife][:ssh_gateway] = "user@ec2.public_hostname"
+      end
+
+      it "uses the ssh_gateway" do
+        @knife.session.should_receive(:via).with("ec2.public_hostname", "user", {})
+        @knife.run
+        @knife.config[:ssh_gateway].should == "user@ec2.public_hostname"
+      end
+    end
+
+    context "when -G user@ec2.public_hostname is provided" do
+      before do
+        setup_knife(['-G user@ec2.public_hostname', '*:*', 'uptime'])
+        Chef::Config[:knife][:ssh_gateway] = nil
+      end
+
+      it "uses the ssh_gateway" do
+        @knife.session.should_receive(:via).with("ec2.public_hostname", "user", {})
+        @knife.run
+        @knife.config[:ssh_gateway].should == "user@ec2.public_hostname"
+      end
+    end
+
+    context "when the gateway requires a password" do
+      before do
+        setup_knife(['-G user@ec2.public_hostname', '*:*', 'uptime'])
+        Chef::Config[:knife][:ssh_gateway] = nil
+        @knife.session.stub(:via) do |host, user, options|
+          raise Net::SSH::AuthenticationFailed unless options[:password]
+        end
+      end
+
+      it "should prompt the user for a password" do
+        @knife.ui.should_receive(:ask).with("Enter the password for user@ec2.public_hostname: ").and_return("password")
+        @knife.run
+      end
+    end
+  end
+
   def setup_knife(params=[])
     @knife = Chef::Knife::Ssh.new(params)
-    @knife.stub!(:ssh_command).and_return { [] }
+    @knife.stub!(:ssh_command).and_return { 0 }
     @api = TinyServer::API.instance
     @api.clear
 

data/spec/stress/win32/security_spec.rb

@@ -56,11 +56,11 @@ describe 'Chef::ReservedNames::Win32::Security', :windows_only do
   end
 
   it "should not leak when creating a new ACL and setting it on a file" do
-    securable_object = Security::SecurableObject.new(@monkeyfoo)
+    securable_object = Chef::ReservedNames::Win32::Security::SecurableObject.new(@monkeyfoo)
     lambda {
-      securable_object.dacl = Security::ACL.create([
-        Chef::ReservedNames::Win32::Security::ACE.access_allowed(Security::SID.Everyone, Chef::ReservedNames::Win32::API::Security::GENERIC_READ),
-        Chef::ReservedNames::Win32::Security::ACE.access_denied(Security::SID.from_account("Users"), Chef::ReservedNames::Win32::API::Security::GENERIC_ALL)
+      securable_object.dacl = Chef::ReservedNames::Win32::Security::ACL.create([
+        Chef::ReservedNames::Win32::Security::ACE.access_allowed(Chef::ReservedNames::Win32::Security::SID.Everyone, Chef::ReservedNames::Win32::API::Security::GENERIC_READ),
+        Chef::ReservedNames::Win32::Security::ACE.access_denied(Chef::ReservedNames::Win32::Security::SID.from_account("Users"), Chef::ReservedNames::Win32::API::Security::GENERIC_ALL)
       ])
       GC.start
     }.should_not leak_memory(:warmup => 50, :iterations => 100)

data/spec/support/matchers/leak.rb

@@ -60,7 +60,7 @@ module Matchers
     def profiler
       @profiler ||= begin
         if Chef::Platform.windows?
-          require File.join(File.dirname(__FILE__), '..', 'prof', 'win32')
+          require File.join(File.dirname(__FILE__), '..', 'platforms', 'prof', 'win32')
           RSpec::Prof::Win32::Profiler.new
         else
           require File.join(File.dirname(__FILE__), '..', 'prof', 'gc')

data/spec/unit/api_client_spec.rb

@@ -151,33 +151,106 @@ describe Chef::ApiClient do
     end
   end
 
-  describe "deserialize" do
+  describe "when deserializing from JSON" do
     before(:each) do
-      @client.name("black")
-      @client.public_key("crowes")
-      @client.private_key("monkeypants")
-      @client.admin(true)
-      @deserial = Chef::JSONCompat.from_json(@client.to_json)
+      client = {
+      "name" => "black",
+      "public_key" => "crowes",
+      "private_key" => "monkeypants",
+      "admin" => true,
+      "json_class" => "Chef::ApiClient"
+      }
+      @client = Chef::JSONCompat.from_json(client.to_json)
     end
 
     it "should deserialize to a Chef::ApiClient object" do
-      @deserial.should be_a_kind_of(Chef::ApiClient)
+      @client.should be_a_kind_of(Chef::ApiClient)
     end
 
-    %w{
-      name
-      public_key
-      admin
-    }.each do |t| 
-      it "should match '#{t}'" do
-        @deserial.send(t.to_sym).should == @client.send(t.to_sym)
-      end
+    it "preserves the name" do
+      @client.name.should == "black"
     end
 
-    it "should not include the private key" do
-      @deserial.private_key.should == nil
+    it "preserves the public key" do
+      @client.public_key.should == "crowes"
+    end
+
+    it "preserves the admin status" do
+      @client.admin.should be_true
+    end
+
+    it "includes the private key if present" do
+      @client.private_key.should == "monkeypants"
+    end
+
+  end
+
+  describe "when requesting a new key" do
+    before do
+      @http_client = mock("Chef::REST mock")
+      Chef::REST.stub!(:new).and_return(@http_client)
+    end
+
+    context "and the client does not exist on the server" do
+      before do
+        @a_404_response = Net::HTTPNotFound.new("404 not found and such", nil, nil)
+        @a_404_exception = Net::HTTPServerException.new("404 not found exception", @a_404_response)
+
+        @http_client.should_receive(:get_rest).with("clients/lost-my-key").and_raise(@a_404_exception)
+      end
+
+      it "raises a 404 error" do
+        lambda { Chef::ApiClient.reregister("lost-my-key") }.should raise_error(Net::HTTPServerException)
+      end
     end
 
+    context "and the client exists" do
+      before do
+        @api_client_without_key = Chef::ApiClient.new
+        @api_client_without_key.name("lost-my-key")
+        @http_client.should_receive(:get_rest).with("clients/lost-my-key").and_return(@api_client_without_key)
+      end
+
+
+      context "and the client exists on a Chef 11-like server" do
+        before do
+          @api_client_with_key = Chef::ApiClient.new
+          @api_client_with_key.name("lost-my-key")
+          @api_client_with_key.private_key("the new private key")
+          @http_client.should_receive(:put_rest).
+            with("clients/lost-my-key", :name => "lost-my-key", :admin => false, :private_key => true).
+            and_return(@api_client_with_key)
+        end
+
+        it "returns an ApiClient with a private key" do
+          response = Chef::ApiClient.reregister("lost-my-key")
+          # no sane == method for ApiClient :'(
+          response.should == @api_client_without_key
+          response.private_key.should == "the new private key"
+          response.name.should == "lost-my-key"
+          response.admin.should be_false
+        end
+      end
+
+      context "and the client exists on a Chef 10-like server" do
+        before do
+          @api_client_with_key = {"name" => "lost-my-key", "private_key" => "the new private key"}
+          @http_client.should_receive(:put_rest).
+            with("clients/lost-my-key", :name => "lost-my-key", :admin => false, :private_key => true).
+            and_return(@api_client_with_key)
+        end
+
+        it "returns an ApiClient with a private key" do
+          response = Chef::ApiClient.reregister("lost-my-key")
+          # no sane == method for ApiClient :'(
+          response.should == @api_client_without_key
+          response.private_key.should == "the new private key"
+          response.name.should == "lost-my-key"
+          response.admin.should be_false
+        end
+      end
+
+    end
   end
 end
 

data/spec/unit/cookbook/chefignore_spec.rb

@@ -23,7 +23,7 @@ describe Chef::Cookbook::Chefignore do
   end
 
   it "loads the globs in the chefignore file" do
-    @chefignore.ignores.should =~ %w[recipes/ignoreme.rb]
+    @chefignore.ignores.should =~ %w[recipes/ignoreme.rb ignored]
   end
 
   it "removes items from an array that match the ignores" do
@@ -32,6 +32,7 @@ describe Chef::Cookbook::Chefignore do
   end
 
   it "determines if a file is ignored" do
+    @chefignore.ignored?('ignored').should be_true
     @chefignore.ignored?('recipes/ignoreme.rb').should be_true
     @chefignore.ignored?('recipes/dontignoreme.rb').should be_false
   end

data/spec/unit/encrypted_data_bag_item_spec.rb

@@ -19,6 +19,152 @@
 require 'spec_helper'
 require 'chef/encrypted_data_bag_item'
 
+module Version0Encryptor
+  def self.encrypt_value(plaintext_data, key)
+    data = plaintext_data.to_yaml
+
+    cipher = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
+    cipher.encrypt
+    cipher.pkcs5_keyivgen(key)
+    encrypted_bytes = cipher.update(data)
+    encrypted_bytes << cipher.final
+    Base64.encode64(encrypted_bytes)
+  end
+end
+
+# Encryption/serialization code from Chef 11.
+class Version1Encryptor
+  ALGORITHM = "aes-256-cbc"
+
+  attr_reader :key
+  attr_reader :plaintext_data
+
+  # Create a new Encryptor for +data+, which will be encrypted with the given
+  # +key+.
+  #
+  # === Arguments:
+  # * data: An object of any type that can be serialized to json
+  # * key: A String representing the desired passphrase
+  # * iv: The optional +iv+ parameter is intended for testing use only. When
+  # *not* supplied, Encryptor will use OpenSSL to generate a secure random
+  # IV, which is what you want.
+  def initialize(plaintext_data, key, iv=nil)
+    @plaintext_data = plaintext_data
+    @key = key
+    @iv = iv && Base64.decode64(iv)
+  end
+
+  # Returns a wrapped and encrypted version of +plaintext_data+ suitable for
+  # using as the value in an encrypted data bag item.
+  def for_encrypted_item
+    {
+      "encrypted_data" => encrypted_data,
+      "iv" => Base64.encode64(iv),
+      "version" => 1,
+      "cipher" => ALGORITHM
+    }
+  end
+
+  # Generates or returns the IV.
+  def iv
+    # Generated IV comes from OpenSSL::Cipher::Cipher#random_iv
+    # This gets generated when +openssl_encryptor+ gets created.
+    openssl_encryptor if @iv.nil?
+    @iv
+  end
+
+  # Generates (and memoizes) an OpenSSL::Cipher::Cipher object and configures
+  # it for the specified iv and encryption key.
+  def openssl_encryptor
+    @openssl_encryptor ||= begin
+      encryptor = OpenSSL::Cipher::Cipher.new(ALGORITHM)
+      encryptor.encrypt
+      @iv ||= encryptor.random_iv
+      encryptor.iv = @iv
+      encryptor.key = Digest::SHA256.digest(key)
+      encryptor
+    end
+  end
+
+  # Encrypts and Base64 encodes +serialized_data+
+  def encrypted_data
+    @encrypted_data ||= begin
+      enc_data = openssl_encryptor.update(serialized_data)
+      enc_data << openssl_encryptor.final
+      Base64.encode64(enc_data)
+    end
+  end
+
+  # Wraps the data in a single key Hash (JSON Object) and converts to JSON.
+  # The wrapper is required because we accept values (such as Integers or
+  # Strings) that do not produce valid JSON when serialized without the
+  # wrapper.
+  def serialized_data
+    Chef::JSONCompat.to_json(:json_wrapper => plaintext_data)
+  end
+end
+
+
+describe Chef::EncryptedDataBagItem::Decryptor do
+  context "when decrypting a version 1 (JSON+aes-256-cbc+random iv) encrypted value" do
+    before do
+      @encryptor = Version1Encryptor.new({"foo" => "bar"}, "passwd")
+      @encrypted_value = @encryptor.for_encrypted_item
+
+      @decryptor = Chef::EncryptedDataBagItem::Decryptor.for(@encrypted_value, "passwd")
+    end
+
+    it "selects the correct strategy for version 1" do
+      @decryptor.should be_a_kind_of Chef::EncryptedDataBagItem::Decryptor::Version1Decryptor
+    end
+
+    it "decrypts the encrypted value" do
+      @decryptor.decrypted_data.should == {"json_wrapper" => {"foo" => "bar"}}.to_json
+    end
+
+    it "unwraps the encrypted data and returns it" do
+      @decryptor.for_decrypted_item.should == {"foo" => "bar"}
+    end
+
+    context "and the provided key is incorrect" do
+      before do
+        @decryptor = Chef::EncryptedDataBagItem::Decryptor.for(@encrypted_value, "wrong-passwd")
+      end
+
+      it "raises a sensible error" do
+        lambda { @decryptor.for_decrypted_item }.should raise_error(Chef::EncryptedDataBagItem::DecryptionFailure)
+      end
+    end
+
+    context "and the cipher is not supported" do
+      before do
+        @encrypted_value["cipher"] = "aes-256-foo"
+      end
+
+      it "raises a sensible error" do
+        lambda { @decryptor.for_decrypted_item }.should raise_error(Chef::EncryptedDataBagItem::UnsupportedCipher)
+      end
+    end
+
+  end
+
+  context "when decrypting a version 0 (YAML+aes-256-cbc+no iv) encrypted value" do
+    before do
+      @encrypted_value = Version0Encryptor.encrypt_value({"foo" => "bar"}, "passwd")
+
+      @decryptor = Chef::EncryptedDataBagItem::Decryptor.for(@encrypted_value, "passwd")
+    end
+
+    it "selects the correct strategy for version 0" do
+      @decryptor.should be_a_kind_of(Chef::EncryptedDataBagItem::Decryptor::Version0Decryptor)
+    end
+
+    it "decrypts the encrypted value" do
+      @decryptor.for_decrypted_item.should == {"foo" => "bar"}
+    end
+  end
+end
+
 describe Chef::EncryptedDataBagItem do
   before(:each) do
     @secret = "abc123SECRET"
@@ -33,6 +179,10 @@ describe Chef::EncryptedDataBagItem do
 
   describe "encrypting" do
 
+    it "uses version 0 encryption/serialization" do
+      @enc_data["greeting"].should == Version0Encryptor.encrypt_value(@plain_data["greeting"], @secret)
+    end
+
     it "should not encrypt the 'id' key" do
       @enc_data["id"].should == "item_name"
     end
@@ -53,12 +203,7 @@ describe Chef::EncryptedDataBagItem do
     end
   end
 
-  describe "decrypting" do
-    before(:each) do
-      @enc_data = Chef::EncryptedDataBagItem.encrypt_data_bag_item(@plain_data,
-                                                                   @secret)
-      @eh = Chef::EncryptedDataBagItem.new(@enc_data, @secret)
-    end
+  shared_examples_for "a decrypted data bag item" do
 
     it "doesn't try to decrypt 'id'" do
       @eh["id"].should == @plain_data["id"]
@@ -81,6 +226,32 @@ describe Chef::EncryptedDataBagItem do
     end
   end
 
+  describe "decrypting" do
+    before(:each) do
+      @enc_data = Chef::EncryptedDataBagItem.encrypt_data_bag_item(@plain_data,
+                                                                   @secret)
+      @eh = Chef::EncryptedDataBagItem.new(@enc_data, @secret)
+    end
+
+    it_behaves_like "a decrypted data bag item"
+  end
+
+  describe "when decrypting a version 1 (Chef 11.x) data bag item" do
+    before do
+      @enc_data = @plain_data.inject({}) do |encrypted, (key, value)|
+        if key == "id"
+          encrypted["id"] = value
+        else
+          encrypted[key] = Version1Encryptor.new(value, @secret).for_encrypted_item
+        end
+        encrypted
+      end
+      @eh = Chef::EncryptedDataBagItem.new(@enc_data, @secret)
+    end
+
+    it_behaves_like "a decrypted data bag item"
+  end
+
   describe "loading" do
     it "should defer to Chef::DataBagItem.load" do
       Chef::DataBagItem.stub(:load).with(:the_bag, "my_codes").and_return(@enc_data)

data/spec/unit/formatters/error_inspectors/resource_failure_inspector_spec.rb

@@ -112,6 +112,7 @@ describe Chef::Formatters::ErrorInspectors::ResourceFailureInspector do
         # fake code to run through #recipe_snippet
         source_file = [ "if true", "var = non_existant", "end" ]
         IO.stub!(:readlines).and_return(source_file)
+        File.stub!(:exists?).and_return(true)
       end
 
       it "parses a Windows path" do
@@ -127,6 +128,25 @@ describe Chef::Formatters::ErrorInspectors::ResourceFailureInspector do
         @inspector = Chef::Formatters::ErrorInspectors::ResourceFailureInspector.new(@resource, :create, @exception)
         @inspector.recipe_snippet.should match(/^# In \/home\/btm/)
       end
+      
+      context "when the recipe file does not exist" do
+        before do
+          File.stub!(:exists?).and_return(false)
+          IO.stub!(:readlines).and_raise(Errno::ENOENT)
+        end
+
+        it "does not try to parse a recipe in chef-shell/irb (CHEF-3411)" do
+          @resource.source_line = "(irb#1):1:in `irb_binding'"
+          @inspector = Chef::Formatters::ErrorInspectors::ResourceFailureInspector.new(@resource, :create, @exception)
+          @inspector.recipe_snippet.should be_nil
+        end
+  
+        it "does not raise an exception trying to load a non-existant file (CHEF-3411)" do
+          @resource.source_line = "/somewhere/in/space"
+          @inspector = Chef::Formatters::ErrorInspectors::ResourceFailureInspector.new(@resource, :create, @exception)
+          lambda { @inspector.recipe_snippet }.should_not raise_error
+        end
+      end
     end
 
     describe "when examining a resource that confuses the parser" do

data/spec/unit/knife/bootstrap_spec.rb

@@ -132,36 +132,77 @@ describe Chef::Knife::Bootstrap do
     @knife.name_args.first.should == "barf"
   end
 
-  describe "when configuring the underlying knife ssh command" do
-    before do
-      @knife.name_args = ["foo.example.com"]
-      @knife.config[:ssh_user]      = "rooty"
-      @knife.config[:ssh_password]  = "open_sesame"
-      Chef::Config[:knife][:ssh_port] = "4001"
-      @knife.config[:identity_file] = "~/.ssh/me.rsa"
-      @knife.stub!(:read_template).and_return("")
-      @knife_ssh = @knife.knife_ssh
-    end
-
-    it "configures the hostname" do
-      @knife_ssh.name_args.first.should == "foo.example.com"
+  describe "when configuring the underlying knife ssh command"
+    context "from the command line" do
+      before do
+        @knife.name_args = ["foo.example.com"]
+        @knife.config[:ssh_user]      = "rooty"
+        @knife.config[:ssh_port]      = "4001"
+        @knife.config[:ssh_password]  = "open_sesame"
+        Chef::Config[:knife][:ssh_user] = nil
+        Chef::Config[:knife][:ssh_port] = nil
+        @knife.config[:identity_file] = "~/.ssh/me.rsa"
+        @knife.stub!(:read_template).and_return("")
+        @knife_ssh = @knife.knife_ssh
+      end
+  
+      it "configures the hostname" do
+        @knife_ssh.name_args.first.should == "foo.example.com"
+      end
+  
+      it "configures the ssh user" do
+        @knife_ssh.config[:ssh_user].should == 'rooty'
+      end
+  
+      it "configures the ssh password" do
+        @knife_ssh.config[:ssh_password].should == 'open_sesame'
+      end
+  
+      it "configures the ssh port" do
+        @knife_ssh.config[:ssh_port].should == '4001'
+      end
+  
+      it "configures the ssh identity file" do
+        @knife_ssh.config[:identity_file].should == '~/.ssh/me.rsa'
+      end
     end
 
-    it "configures the ssh user" do
-      @knife_ssh.config[:ssh_user].should == 'rooty'
-    end
-
-    it "configures the ssh password" do
-      @knife_ssh.config[:ssh_password].should == 'open_sesame'
-    end
-
-    it "configures the ssh port" do
-      @knife_ssh.config[:ssh_port].should == '4001'
-    end
-
-    it "configures the ssh identity file" do
-      @knife_ssh.config[:identity_file].should == '~/.ssh/me.rsa'
-    end
+    context "from the knife config file" do
+      before do
+        @knife.name_args = ["config.example.com"]
+        @knife.config[:ssh_user] = nil
+        @knife.config[:ssh_port] = nil
+        @knife.config[:ssh_gateway] = nil
+        @knife.config[:identity_file] = nil
+        @knife.config[:host_key_verify] = nil
+        Chef::Config[:knife][:ssh_user] = "curiosity"
+        Chef::Config[:knife][:ssh_port] = "2430"
+        Chef::Config[:knife][:identity_file] = "~/.ssh/you.rsa"
+        Chef::Config[:knife][:ssh_gateway] = "towel.blinkenlights.nl"
+        Chef::Config[:knife][:host_key_verify] = true
+        @knife.stub!(:read_template).and_return("")
+        @knife_ssh = @knife.knife_ssh
+      end
+  
+      it "configures the ssh user" do
+        @knife_ssh.config[:ssh_user].should == 'curiosity'
+      end
+  
+      it "configures the ssh port" do
+        @knife_ssh.config[:ssh_port].should == '2430'
+      end
+  
+      it "configures the ssh identity file" do
+        @knife_ssh.config[:identity_file].should == '~/.ssh/you.rsa'
+      end
+  
+      it "configures the ssh gateway" do
+        @knife_ssh.config[:ssh_gateway].should == 'towel.blinkenlights.nl'
+      end
+
+      it "configures the host key verify mode" do
+        @knife_ssh.config[:host_key_verify].should == true
+      end
   end
 
   describe "when falling back to password auth when host key auth fails" do

data/spec/unit/knife/client_reregister_spec.rb

@@ -22,40 +22,41 @@ describe Chef::Knife::ClientReregister do
   before(:each) do
     @knife = Chef::Knife::ClientReregister.new
     @knife.name_args = [ 'adam' ]
-    @client_mock = mock('client_mock')
-    @client_mock.stub!(:save).and_return({ 'private_key' => 'foo_key' })
-    Chef::ApiClient.stub!(:load).and_return(@client_mock)
+    @client_mock = mock('client_mock', :private_key => "foo_key")
     @stdout = StringIO.new
     @knife.ui.stub!(:stdout).and_return(@stdout)
   end
 
-  describe 'run' do
-    it 'should load and save the client' do
-      Chef::ApiClient.should_receive(:load).with('adam').and_return(@client_mock)
-      @client_mock.should_receive(:save).with(true).and_return({'private_key' => 'foo_key'})
-      @knife.run
-    end
-
-    it 'should output the private key' do
-      @knife.run
-      @stdout.string.should match /foo_key/
+  context "when no client name is given on the command line" do
+    before do
+      @knife.name_args = []
     end
 
     it 'should print usage and exit when a client name is not provided' do
-      @knife.name_args = []
       @knife.should_receive(:show_usage)
       @knife.ui.should_receive(:fatal)
       lambda { @knife.run }.should raise_error(SystemExit)
     end
+  end
+
+  context 'when not configured for file output' do
+    it 'reregisters the client and prints the key' do
+      Chef::ApiClient.should_receive(:reregister).with('adam').and_return(@client_mock)
+      @knife.run
+      @stdout.string.should match( /foo_key/ )
+    end
+  end
 
-    describe 'with -f or --file' do
-      it 'should write the private key to a file' do
-        @knife.config[:file] = '/tmp/monkeypants'
-        filehandle = mock('Filehandle')
-        filehandle.should_receive(:print).with('foo_key')
-        File.should_receive(:open).with('/tmp/monkeypants', 'w').and_yield(filehandle)
-        @knife.run
-      end
+  context 'when configured for file output' do
+    it 'should write the private key to a file' do
+      Chef::ApiClient.should_receive(:reregister).with('adam').and_return(@client_mock)
+
+      @knife.config[:file] = '/tmp/monkeypants'
+      filehandle = StringIO.new
+      File.should_receive(:open).with('/tmp/monkeypants', 'w').and_yield(filehandle)
+      @knife.run
+      filehandle.string.should == "foo_key"
     end
   end
+
 end