chef 11.12.0.alpha.1 → 11.12.0.rc.1

data/spec/unit/knife/core/bootstrap_context_spec.rb

@@ -41,13 +41,19 @@ describe Chef::Knife::Core::BootstrapContext do
     bootstrap_context.start_chef.should eq "chef-client -j /etc/chef/first-boot.json -E _default"
   end
 
+  describe "when in verbosity mode" do
+    let(:config) { {:verbosity => 2} }
+    it "adds '-l debug' when verbosity is >= 2" do
+      bootstrap_context.start_chef.should eq "chef-client -j /etc/chef/first-boot.json -l debug -E _default"
+    end
+  end
+
   it "reads the validation key" do
     bootstrap_context.validation_key.should eq IO.read(File.join(CHEF_SPEC_DATA, 'ssl', 'private_key.pem'))
   end
 
   it "generates the config file data" do
     expected=<<-EXPECTED
-log_level        :auto
 log_location     STDOUT
 chef_server_url  "http://chef.example.com:4444"
 validation_client_name "chef-validator-testing"
@@ -56,6 +62,10 @@ EXPECTED
     bootstrap_context.config_content.should eq expected
   end
 
+  it "does not set a default log_level" do
+    expect(bootstrap_context.config_content).not_to match(/log_level/)
+  end
+
   describe "alternate chef-client path" do
     let(:chef_config){ {:chef_client_path => '/usr/local/bin/chef-client'} }
     it "runs chef-client from another path when specified" do

data/spec/unit/knife/core/ui_spec.rb

@@ -406,61 +406,132 @@ EOM
   end
 
   describe "confirm" do
-    before(:each) do
-      @question = "monkeys rule"
-      @stdout = StringIO.new
-      @ui.stub(:stdout).and_return(@stdout)
-      @ui.stdin.stub(:readline).and_return("y")
+    let(:stdout) {StringIO.new}
+    let(:output) {stdout.string}
+
+    let(:question) { "monkeys rule" }
+    let(:answer) { 'y' }
+
+    let(:default_choice) { nil }
+    let(:append_instructions) { true }
+
+    def run_confirm
+      @ui.stub(:stdout).and_return(stdout)
+      @ui.stdin.stub(:readline).and_return(answer)
+      @ui.confirm(question, append_instructions, default_choice)
     end
 
-    it "should return true if you answer Y" do
-      @ui.stdin.stub(:readline).and_return("Y")
-      @ui.confirm(@question).should == true
+    def run_confirm_without_exit
+      @ui.stub(:stdout).and_return(stdout)
+      @ui.stdin.stub(:readline).and_return(answer)
+      @ui.confirm_without_exit(question, append_instructions, default_choice)
     end
 
-    it "should return true if you answer y" do
-      @ui.stdin.stub(:readline).and_return("y")
-      @ui.confirm(@question).should == true
+    shared_examples_for "confirm with positive answer" do
+      it "confirm should return true" do
+        run_confirm.should be_true
+      end
+
+      it "confirm_without_exit should return true" do
+        run_confirm_without_exit.should be_true
+      end
     end
 
-    it "should exit 3 if you answer N" do
-      @ui.stdin.stub(:readline).and_return("N")
-      lambda {
-        @ui.confirm(@question)
-      }.should raise_error(SystemExit) { |e| e.status.should == 3 }
+    shared_examples_for "confirm with negative answer" do
+      it "confirm should exit 3" do
+        lambda {
+          run_confirm
+        }.should raise_error(SystemExit) { |e| e.status.should == 3 }
+      end
+
+      it "confirm_without_exit should return false" do
+        run_confirm_without_exit.should be_false
+      end
     end
 
-    it "should exit 3 if you answer n" do
-      @ui.stdin.stub(:readline).and_return("n")
-      lambda {
-        @ui.confirm(@question)
-      }.should raise_error(SystemExit) { |e| e.status.should == 3 }
+    describe "with default choice set to true" do
+      let(:default_choice) { true }
+
+      it "should show 'Y/n' in the instructions" do
+        run_confirm
+        output.should include("Y/n")
+      end
+
+      describe "with empty answer" do
+        let(:answer) { "" }
+
+        it_behaves_like "confirm with positive answer"
+      end
+
+      describe "with answer N " do
+        let(:answer) { "N" }
+
+        it_behaves_like "confirm with negative answer"
+      end
     end
 
-    describe "with --y or --yes passed" do
-      it "should return true" do
-        @ui.config[:yes] = true
-        @ui.confirm(@question).should == true
+    describe "with default choice set to false" do
+      let(:default_choice) { false }
+
+      it "should show 'y/N' in the instructions" do
+        run_confirm
+        output.should include("y/N")
+      end
+
+      describe "with empty answer" do
+        let(:answer) { "" }
+
+        it_behaves_like "confirm with negative answer"
+      end
+
+      describe "with answer N " do
+        let(:answer) { "Y" }
+
+        it_behaves_like "confirm with positive answer"
       end
     end
 
-    describe "when asking for free-form user input" do
-      it "asks a question and returns the answer provided by the user" do
-        out = StringIO.new
-        @ui.stub(:stdout).and_return(out)
-        @ui.stub(:stdin).and_return(StringIO.new("http://mychefserver.example.com\n"))
-        @ui.ask_question("your chef server URL?").should == "http://mychefserver.example.com"
-        out.string.should == "your chef server URL?"
+    ["Y", "y"].each do |answer|
+      describe "with answer #{answer}" do
+        let(:answer) { answer }
+
+        it_behaves_like "confirm with positive answer"
       end
+    end
 
-      it "suggests a default setting and returns the default when the user's response only contains whitespace" do
-        out = StringIO.new
-        @ui.stub(:stdout).and_return(out)
-        @ui.stub(:stdin).and_return(StringIO.new(" \n"))
-        @ui.ask_question("your chef server URL? ", :default => 'http://localhost:4000').should == "http://localhost:4000"
-        out.string.should == "your chef server URL? [http://localhost:4000] "
+    ["N", "n"].each do |answer|
+      describe "with answer #{answer}" do
+        let(:answer) { answer }
+
+        it_behaves_like "confirm with negative answer"
       end
     end
 
+    describe "with --y or --yes passed" do
+      it "should return true" do
+        @ui.config[:yes] = true
+        run_confirm.should be_true
+        output.should eq("")
+      end
+    end
+  end
+
+  describe "when asking for free-form user input" do
+    it "asks a question and returns the answer provided by the user" do
+      out = StringIO.new
+      @ui.stub(:stdout).and_return(out)
+      @ui.stub(:stdin).and_return(StringIO.new("http://mychefserver.example.com\n"))
+      @ui.ask_question("your chef server URL?").should == "http://mychefserver.example.com"
+      out.string.should == "your chef server URL?"
+    end
+
+    it "suggests a default setting and returns the default when the user's response only contains whitespace" do
+      out = StringIO.new
+      @ui.stub(:stdout).and_return(out)
+      @ui.stub(:stdin).and_return(StringIO.new(" \n"))
+      @ui.ask_question("your chef server URL? ", :default => 'http://localhost:4000').should == "http://localhost:4000"
+      out.string.should == "your chef server URL? [http://localhost:4000] "
+    end
   end
+
 end

data/spec/unit/knife/node_run_list_add_spec.rb

@@ -65,6 +65,29 @@ describe Chef::Knife::NodeRunListAdd do
       end
     end
 
+    describe "with -b or --before specified" do
+      it "should add to the run list before the specified entry" do
+        @node.run_list << "role[acorns]"
+        @node.run_list << "role[barn]"
+        @knife.config[:before] = "role[acorns]"
+        @knife.run
+        @node.run_list[0].should == "role[monkey]"
+        @node.run_list[1].should == "role[acorns]"
+        @node.run_list[2].should == "role[barn]"
+      end
+    end
+
+    describe "with both --after and --before specified" do
+      it "exits with an error" do
+        @node.run_list << "role[acorns]"
+        @node.run_list << "role[barn]"
+        @knife.config[:before] = "role[acorns]"
+        @knife.config[:after]  = "role[acorns]"
+        @knife.ui.should_receive(:fatal)
+        lambda { @knife.run }.should raise_error(SystemExit)
+      end
+    end
+
     describe "with more than one role or recipe" do
       it "should add to the run list all the entries" do
         @knife.name_args = [ "adam", "role[monkey],role[duck]" ]
@@ -98,7 +121,7 @@ describe Chef::Knife::NodeRunListAdd do
       end
     end
 
-    describe "with more than one role or recipe as different arguments and list separated by comas" do
+    describe "with more than one role or recipe as different arguments and list separated by commas" do
       it "should add to the run list all the entries" do
         @knife.name_args = [ "adam", "role[monkey]", "role[duck],recipe[bird::fly]" ]
         @node.run_list << "role[acorns]"

data/spec/unit/knife/ssh_spec.rb

@@ -54,7 +54,7 @@ describe Chef::Knife::Ssh do
           @knife.config[:attribute] = "ipaddress"
           @knife.config[:override_attribute] = "ipaddress"
           configure_query([@node_foo, @node_bar])
-          @knife.should_receive(:session_from_list).with(['10.0.0.1', '10.0.0.2'])
+          @knife.should_receive(:session_from_list).with([['10.0.0.1', nil], ['10.0.0.2', nil]])
           @knife.configure_session
         end
 
@@ -62,14 +62,17 @@ describe Chef::Knife::Ssh do
           @knife.config[:attribute] = "config_file" # this value will be the config file
           @knife.config[:override_attribute] = "ipaddress" # this is the value of the command line via #configure_attribute
           configure_query([@node_foo, @node_bar])
-          @knife.should_receive(:session_from_list).with(['10.0.0.1', '10.0.0.2'])
+          @knife.should_receive(:session_from_list).with([['10.0.0.1', nil], ['10.0.0.2', nil]])
           @knife.configure_session
         end
       end
 
       it "searchs for and returns an array of fqdns" do
         configure_query([@node_foo, @node_bar])
-        @knife.should_receive(:session_from_list).with(['foo.example.org', 'bar.example.org'])
+        @knife.should_receive(:session_from_list).with([
+          ['foo.example.org', nil],
+          ['bar.example.org', nil]
+        ])
         @knife.configure_session
       end
 
@@ -83,7 +86,10 @@ describe Chef::Knife::Ssh do
 
         it "returns an array of cloud public hostnames" do
           configure_query([@node_foo, @node_bar])
-          @knife.should_receive(:session_from_list).with(['ec2-10-0-0-1.compute-1.amazonaws.com', 'ec2-10-0-0-2.compute-1.amazonaws.com'])
+          @knife.should_receive(:session_from_list).with([
+            ['ec2-10-0-0-1.compute-1.amazonaws.com', nil],
+            ['ec2-10-0-0-2.compute-1.amazonaws.com', nil]
+          ])
           @knife.configure_session
         end
 
@@ -179,12 +185,17 @@ describe Chef::Knife::Ssh do
     end
 
     it "uses the port from an ssh config file" do
-      @knife.session_from_list(['the.b.org'])
+      @knife.session_from_list([['the.b.org', nil]])
       @knife.session.servers[0].port.should == 23
     end
 
+    it "uses the port from a cloud attr" do
+      @knife.session_from_list([['the.b.org', 123]])
+      @knife.session.servers[0].port.should == 123
+    end
+
     it "uses the user from an ssh config file" do
-      @knife.session_from_list(['the.b.org'])
+      @knife.session_from_list([['the.b.org', 123]])
       @knife.session.servers[0].user.should == "locutus"
     end
   end

data/spec/unit/knife/ssl_check_spec.rb

@@ -0,0 +1,187 @@
+#
+# Author:: Daniel DeLeo (<dan@getchef.com>)
+# Copyright:: Copyright (c) 2014 Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+require 'stringio'
+
+describe Chef::Knife::SslCheck do
+
+  let(:name_args) { [] }
+  let(:stdout_io) { StringIO.new }
+  let(:stderr_io) { StringIO.new }
+
+  def stderr
+    stderr_io.string
+  end
+
+  def stdout
+    stdout_io.string
+  end
+
+  subject(:ssl_check) do
+    s = Chef::Knife::SslCheck.new
+    s.ui.stub(:stdout).and_return(stdout_io)
+    s.ui.stub(:stderr).and_return(stderr_io)
+    s.name_args = name_args
+    s
+  end
+
+  before do
+    Chef::Config.chef_server_url = "https://example.com:8443/chef-server"
+  end
+
+  context "when no arguments are given" do
+    it "uses the chef_server_url as the host to check" do
+      expect(ssl_check.host).to eq("example.com")
+      expect(ssl_check.port).to eq(8443)
+    end
+  end
+
+  context "when a specific URI is given" do
+    let(:name_args) { %w{https://example.test:10443/foo} }
+
+    it "checks the SSL configuration against the given host" do
+      expect(ssl_check.host).to eq("example.test")
+      expect(ssl_check.port).to eq(10443)
+    end
+  end
+
+  context "when an invalid URI is given" do
+
+    let(:name_args) { %w{foo.test} }
+
+    it "prints an error and exits" do
+      expect { ssl_check.run }.to raise_error(SystemExit)
+      expected_stdout=<<-E
+USAGE: knife ssl check [URL] (options)
+E
+      expected_stderr=<<-E
+ERROR: Given URI: `foo.test' is invalid
+E
+      expect(stdout_io.string).to eq(expected_stdout)
+      expect(stderr_io.string).to eq(expected_stderr)
+    end
+
+    context "and its malformed enough to make URI.parse barf" do
+
+      let(:name_args) { %w{ftp://lkj\\blah:example.com/blah} }
+
+      it "prints an error and exits" do
+        expect { ssl_check.run }.to raise_error(SystemExit)
+        expected_stdout=<<-E
+USAGE: knife ssl check [URL] (options)
+E
+        expected_stderr=<<-E
+ERROR: Given URI: `#{name_args[0]}' is invalid
+E
+        expect(stdout_io.string).to eq(expected_stdout)
+        expect(stderr_io.string).to eq(expected_stderr)
+      end
+    end
+  end
+
+  describe "verifying the remote certificate" do
+    let(:name_args) { %w{https://foo.example.com:8443} }
+
+    let(:tcp_socket) { double(TCPSocket) }
+    let(:ssl_socket) { double(OpenSSL::SSL::SSLSocket) }
+
+    before do
+      TCPSocket.should_receive(:new).with("foo.example.com", 8443).and_return(tcp_socket)
+      OpenSSL::SSL::SSLSocket.should_receive(:new).with(tcp_socket, ssl_check.verify_peer_ssl_context).and_return(ssl_socket)
+    end
+
+    def run
+      ssl_check.run
+    rescue Exception
+      #puts "OUT: #{stdout_io.string}"
+      #puts "ERR: #{stderr_io.string}"
+      raise
+    end
+
+    context "when the remote host's certificate is valid" do
+
+      before do
+        ssl_socket.should_receive(:connect) # no error
+        ssl_socket.should_receive(:post_connection_check).with("foo.example.com") # no error
+      end
+
+      it "prints a success message" do
+        ssl_check.run
+        expect(stdout_io.string).to include("Successfully verified certificates from `foo.example.com'")
+      end
+    end
+
+    describe "and the certificate is not valid" do
+
+      let(:tcp_socket_for_debug) { double(TCPSocket) }
+      let(:ssl_socket_for_debug) { double(OpenSSL::SSL::SSLSocket) }
+
+      let(:self_signed_crt_path) { File.join(CHEF_SPEC_DATA, "trusted_certs", "example.crt") }
+      let(:self_signed_crt) { OpenSSL::X509::Certificate.new(File.read(self_signed_crt_path)) }
+
+      before do
+        trap(:INT, "DEFAULT")
+
+        TCPSocket.should_receive(:new).
+          with("foo.example.com", 8443).
+          and_return(tcp_socket_for_debug)
+        OpenSSL::SSL::SSLSocket.should_receive(:new).
+          with(tcp_socket_for_debug, ssl_check.noverify_peer_ssl_context).
+          and_return(ssl_socket_for_debug)
+      end
+
+      context "when the certificate's CN does not match the hostname" do
+        before do
+          ssl_socket.should_receive(:connect) # no error
+          ssl_socket.should_receive(:post_connection_check).
+            with("foo.example.com").
+            and_raise(OpenSSL::SSL::SSLError)
+          ssl_socket_for_debug.should_receive(:connect)
+          ssl_socket_for_debug.should_receive(:peer_cert).and_return(self_signed_crt)
+        end
+
+        it "shows the CN used by the certificate and prints an error" do
+          expect { run }.to raise_error(SystemExit)
+          expect(stderr).to include("The SSL cert is signed by a trusted authority but is not valid for the given hostname")
+          expect(stderr).to include("You are attempting to connect to:   'foo.example.com'")
+          expect(stderr).to include("The server's certificate belongs to 'example.local'")
+        end
+
+      end
+
+      context "when the cert is not signed by any trusted authority" do
+        before do
+          ssl_socket.should_receive(:connect).
+            and_raise(OpenSSL::SSL::SSLError)
+          ssl_socket_for_debug.should_receive(:connect)
+          ssl_socket_for_debug.should_receive(:peer_cert).and_return(self_signed_crt)
+        end
+
+        it "shows the CN used by the certificate and prints an error" do
+          expect { run }.to raise_error(SystemExit)
+          expect(stderr).to include("The SSL certificate of foo.example.com could not be verified")
+        end
+
+      end
+    end
+
+  end
+
+end
+