chef 17.3.48 → 17.4.25

data/spec/unit/secret_fetcher/aws_secrets_manager_spec.rb

@@ -0,0 +1,70 @@
+#
+# Author:: Marc Paradise <marc@chef.io>
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+
+require_relative "../../spec_helper"
+require "chef/secret_fetcher/aws_secrets_manager"
+
+describe Chef::SecretFetcher::AWSSecretsManager do
+  let(:node) { {} }
+  let(:aws_global_config) { {} }
+  let(:fetcher_config) { {} }
+  let(:run_context) { double("run_context", node: node) }
+  let(:fetcher) {
+    Chef::SecretFetcher::AWSSecretsManager.new( fetcher_config, run_context )
+  }
+
+  before do
+    allow(Aws).to receive(:config).and_return(aws_global_config)
+  end
+
+  context "when region is provided" do
+    let(:fetcher_config) { { region: "region-from-caller" } }
+    it "uses the provided region" do
+      fetcher.validate!
+      expect(fetcher.config[:region]).to eq "region-from-caller"
+    end
+  end
+
+  context "when region is not provided" do
+    context "and no region exists in AWS config or node attributes" do
+      it "raises a ConfigurationInvalid error" do
+        expect { fetcher.validate! }.to raise_error Chef::Exceptions::Secret::ConfigurationInvalid
+      end
+    end
+
+    context "and region exists in AWS config and node attributes" do
+      let(:aws_global_config)  { { region: "region-from-aws-global-config" } }
+      let(:node) { { "ec2" => { "region" => "region-from-ohai-data" } } }
+      it "uses the region from AWS config" do
+        fetcher.validate!
+        expect(fetcher.config[:region]).to eq "region-from-aws-global-config"
+      end
+    end
+
+    context "and region exists only in node attributes" do
+      let(:node) { { "ec2" => { "region" => "region-from-ohai-data" } } }
+      it "uses the region from AWS config" do
+        fetcher.validate!
+        expect(fetcher.config[:region]).to eq "region-from-ohai-data"
+      end
+
+    end
+
+  end
+end

data/spec/unit/secret_fetcher/azure_key_vault_spec.rb

@@ -22,20 +22,11 @@ require "chef/secret_fetcher"
 require "chef/secret_fetcher/azure_key_vault"
 
 describe Chef::SecretFetcher::AzureKeyVault do
-  let(:config) { { vault: "myvault" } }
-  let(:fetcher) { Chef::SecretFetcher::AzureKeyVault.new(config) }
-
-  context "when validating configuration and configuration is missing :vault" do
-    context "and configuration does not have a 'vault'" do
-      let(:config) { {} }
-      it "raises a MissingVaultError error on validate!" do
-        expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::MissingVaultName)
-      end
-    end
-  end
+  let(:config) { { vault: "my_vault" } }
+  let(:fetcher) { Chef::SecretFetcher::AzureKeyVault.new(config, nil) }
 
   context "when performing a fetch" do
-    let(:body) { "" }
+    let(:body) { '{ "value" : "my secret value" }' }
     let(:response_mock) { double("response", body: body) }
     let(:http_mock) { double("http", :get => response_mock, :use_ssl= => nil) }
 
@@ -44,20 +35,36 @@ describe Chef::SecretFetcher::AzureKeyVault do
       allow(Net::HTTP).to receive(:new).and_return(http_mock)
     end
 
-    context "and a valid response is received" do
+    context "and vault name is only provided in the secret name" do
       let(:body) { '{ "value" : "my secret value" }' }
-      it "returns the expected response" do
-        expect(fetcher.fetch("value")).to eq "my secret value"
+      let(:config) { {} }
+      it "fetches the value" do
+        expect(fetcher.fetch("my_vault/value")).to eq "my secret value"
       end
     end
 
+    context "and vault name is not provided in the secret name" do
+      context "and vault name is not provided in config" do
+        let(:config) { {} }
+        it "raises a ConfigurationInvalid exception" do
+          expect { fetcher.fetch("value") }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
+        end
+      end
+
+      context "and vault name is provided in config" do
+        let(:config) { { vault: "my_vault" } }
+        it "fetches the value" do
+          expect(fetcher.fetch("value")).to eq "my secret value"
+        end
+      end
+    end
     context "and an error response is received in the body" do
+      let(:config) { { vault: "my_vault" } }
       let(:body) { '{ "error" : { "code" : 404, "message" : "secret not found" } }' }
       it "raises FetchFailed" do
         expect { fetcher.fetch("value") }.to raise_error(Chef::Exceptions::Secret::FetchFailed)
       end
     end
-
   end
 end
 

data/spec/unit/secret_fetcher_spec.rb

@@ -28,7 +28,7 @@ class SecretFetcherImpl < Chef::SecretFetcher::Base
 end
 
 describe Chef::SecretFetcher do
-  let(:fetcher_impl) { SecretFetcherImpl.new({}) }
+  let(:fetcher_impl) { SecretFetcherImpl.new({}, nil) }
 
   before do
     allow(Chef::SecretFetcher::Example).to receive(:new).and_return fetcher_impl
@@ -36,38 +36,38 @@ describe Chef::SecretFetcher do
 
   context ".for_service" do
     it "resolves the example fetcher without error" do
-      Chef::SecretFetcher.for_service(:example, {})
+      Chef::SecretFetcher.for_service(:example, {}, nil)
     end
 
     it "resolves the Azure Key Vault fetcher without error" do
-      Chef::SecretFetcher.for_service(:azure_key_vault, vault: "invalid")
+      Chef::SecretFetcher.for_service(:azure_key_vault, { vault: "invalid" }, nil)
     end
 
     it "resolves the AWS fetcher without error" do
-      Chef::SecretFetcher.for_service(:aws_secrets_manager, region: "invalid")
+      Chef::SecretFetcher.for_service(:aws_secrets_manager, { region: "invalid" }, nil)
     end
 
     it "raises Chef::Exceptions::Secret::MissingFetcher when service is blank" do
-      expect { Chef::SecretFetcher.for_service(nil, {}) }.to raise_error(Chef::Exceptions::Secret::MissingFetcher)
+      expect { Chef::SecretFetcher.for_service(nil, {}, nil) }.to raise_error(Chef::Exceptions::Secret::MissingFetcher)
     end
 
     it "raises Chef::Exceptions::Secret::MissingFetcher when service is nil" do
-      expect { Chef::SecretFetcher.for_service("", {}) }.to raise_error(Chef::Exceptions::Secret::MissingFetcher)
+      expect { Chef::SecretFetcher.for_service("", {}, nil) }.to raise_error(Chef::Exceptions::Secret::MissingFetcher)
     end
 
     it "raises Chef::Exceptions::Secret::InvalidFetcher for an unknown fetcher" do
-      expect { Chef::SecretFetcher.for_service(:bad_example, {}) }.to raise_error(Chef::Exceptions::Secret::InvalidFetcherService)
+      expect { Chef::SecretFetcher.for_service(:bad_example, {}, nil) }.to raise_error(Chef::Exceptions::Secret::InvalidFetcherService)
     end
 
     it "ensures fetcher configuration is valid by invoking validate!" do
       expect(fetcher_impl).to receive(:validate!)
-      Chef::SecretFetcher.for_service(:example, {})
+      Chef::SecretFetcher.for_service(:example, {}, nil)
     end
   end
 
   context "#fetch" do
     let(:fetcher) {
-      Chef::SecretFetcher.for_service(:example, { "key1" => "value1" })
+      Chef::SecretFetcher.for_service(:example, { "key1" => "value1" }, nil)
     }
 
     it "fetches from the underlying service when secret name is provided " do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chef
 version: !ruby/object:Gem::Version
-  version: 17.3.48
+  version: 17.4.25
 platform: ruby
 authors:
 - Adam Jacob
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-07-21 00:00:00.000000000 Z
+date: 2021-08-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-config
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 17.3.48
+        version: 17.4.25
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 17.3.48
+        version: 17.4.25
 - !ruby/object:Gem::Dependency
   name: chef-utils
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 17.3.48
+        version: 17.4.25
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 17.3.48
+        version: 17.4.25
 - !ruby/object:Gem::Dependency
   name: train-core
   requirement: !ruby/object:Gem::Requirement
@@ -2260,6 +2260,7 @@ files:
 - spec/unit/runner_spec.rb
 - spec/unit/scan_access_control_spec.rb
 - spec/unit/search/query_spec.rb
+- spec/unit/secret_fetcher/aws_secrets_manager_spec.rb
 - spec/unit/secret_fetcher/azure_key_vault_spec.rb
 - spec/unit/secret_fetcher_spec.rb
 - spec/unit/server_api_spec.rb