chef 17.8.25-universal-mingw32 → 17.9.18-universal-mingw32

Sign up to get free protection for your applications and to get access to all the features.
@@ -65,6 +65,52 @@ describe Chef::SecretFetcher::HashiVault do
65
65
  fetcher.validate!
66
66
  end
67
67
  end
68
+
69
+ context "and using auth_method: :approle" do
70
+ it "raises ConfigurationInvalid message when :approle_name or :approle_id are not specified" do
71
+ fetcher = Chef::SecretFetcher::HashiVault.new( { auth_method: :approle, vault_addr: "https://vault.example.com:8200" }, run_context)
72
+ expect { fetcher.validate! }.to raise_error(Chef::Exceptions::Secret::ConfigurationInvalid)
73
+ end
74
+
75
+ it "authenticates using the approle_id and approle_secret_id during validation when all configuration is correct" do
76
+ fetcher = Chef::SecretFetcher::HashiVault.new({
77
+ auth_method: :approle,
78
+ approle_id: "idguid",
79
+ approle_secret_id: "secretguid",
80
+ vault_addr: "https://vault.example.com:8200" },
81
+ run_context)
82
+ auth = instance_double(Vault::Authenticate)
83
+ allow(auth).to receive(:approle)
84
+ allow(Vault).to receive(:auth).and_return(auth)
85
+ expect(auth).to receive(:approle).with("idguid", "secretguid")
86
+ fetcher.validate!
87
+ end
88
+
89
+ it "looks up the :role_id and :secret_id when all configuration is correct" do
90
+ fetcher = Chef::SecretFetcher::HashiVault.new({
91
+ auth_method: :approle,
92
+ approle_name: "myapprole",
93
+ token: "t.1234abcd",
94
+ vault_addr: "https://vault.example.com:8200" },
95
+ run_context)
96
+ approle = instance_double(Vault::AppRole)
97
+ auth = instance_double(Vault::Authenticate)
98
+ allow(Vault).to receive(:approle).and_return(approle)
99
+ allow(approle).to receive(:role_id).with("myapprole").and_return("idguid")
100
+ allow(approle).to receive(:create_secret_id).with("myapprole").and_return(Vault::Secret.new({
101
+ data: {
102
+ secret_id: "secretguid",
103
+ secret_id_accessor: "accessor_guid",
104
+ secret_id_ttl: 0,
105
+ },
106
+ lease_duration: 0,
107
+ lease_id: "",
108
+ }))
109
+ allow(Vault).to receive(:auth).and_return(auth)
110
+ expect(auth).to receive(:approle).with("idguid", "secretguid")
111
+ fetcher.validate!
112
+ end
113
+ end
68
114
  end
69
115
 
70
116
  context "when fetching a secret from Hashi Vault" do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: chef
3
3
  version: !ruby/object:Gem::Version
4
- version: 17.8.25
4
+ version: 17.9.18
5
5
  platform: universal-mingw32
6
6
  authors:
7
7
  - Adam Jacob
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-12-01 00:00:00.000000000 Z
11
+ date: 2021-12-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: chef-config
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 17.8.25
19
+ version: 17.9.18
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 17.8.25
26
+ version: 17.9.18
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: chef-utils
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - '='
32
32
  - !ruby/object:Gem::Version
33
- version: 17.8.25
33
+ version: 17.9.18
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - '='
39
39
  - !ruby/object:Gem::Version
40
- version: 17.8.25
40
+ version: 17.9.18
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: train-core
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -1648,7 +1648,6 @@ files:
1648
1648
  - lib/chef/provider/group/groupmod.rb
1649
1649
  - lib/chef/provider/group/pw.rb
1650
1650
  - lib/chef/provider/group/solaris.rb
1651
- - lib/chef/provider/group/suse.rb
1652
1651
  - lib/chef/provider/group/usermod.rb
1653
1652
  - lib/chef/provider/group/windows.rb
1654
1653
  - lib/chef/provider/http_request.rb
@@ -2820,7 +2819,6 @@ files:
2820
2819
  - spec/unit/provider/group/groupmod_spec.rb
2821
2820
  - spec/unit/provider/group/pw_spec.rb
2822
2821
  - spec/unit/provider/group/solaris_spec.rb
2823
- - spec/unit/provider/group/suse_spec.rb
2824
2822
  - spec/unit/provider/group/usermod_spec.rb
2825
2823
  - spec/unit/provider/group/windows_spec.rb
2826
2824
  - spec/unit/provider/group_spec.rb
@@ -1,82 +0,0 @@
1
- #
2
- # Author:: AJ Christensen (<aj@chef.io>)
3
- # Copyright:: Copyright (c) Chef Software Inc.
4
- # License:: Apache License, Version 2.0
5
- #
6
- # Licensed under the Apache License, Version 2.0 (the "License");
7
- # you may not use this file except in compliance with the License.
8
- # You may obtain a copy of the License at
9
- #
10
- # http://www.apache.org/licenses/LICENSE-2.0
11
- #
12
- # Unless required by applicable law or agreed to in writing, software
13
- # distributed under the License is distributed on an "AS IS" BASIS,
14
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
- # See the License for the specific language governing permissions and
16
- # limitations under the License.
17
- #
18
-
19
- require_relative "groupadd"
20
- require "etc" unless defined?(Etc)
21
-
22
- class Chef
23
- class Provider
24
- class Group
25
- class Suse < Chef::Provider::Group::Groupadd
26
- provides :group, platform: "suse", platform_version: "< 12.0"
27
-
28
- def load_current_resource
29
- super
30
- end
31
-
32
- def define_resource_requirements
33
- super
34
- requirements.assert(:all_actions) do |a|
35
- a.assertion { ::File.exist?("/usr/sbin/groupmod") }
36
- a.failure_message Chef::Exceptions::Group, "Could not find binary /usr/sbin/groupmod for #{new_resource.name}"
37
- # No whyrun alternative: this component should be available in the base install of any given system that uses it
38
- end
39
-
40
- requirements.assert(:create, :manage, :modify) do |a|
41
- a.assertion do
42
-
43
- to_add(new_resource.members).all? { |member| Etc.getpwnam(member) }
44
- rescue
45
- false
46
-
47
- end
48
- a.failure_message Chef::Exceptions::Group, "Could not add users #{to_add(new_resource.members).join(", ")} to #{new_resource.group_name}: one of these users does not exist"
49
- a.whyrun "Could not find one of these users: #{to_add(new_resource.members).join(", ")}. Assuming it will be created by a prior step"
50
- end
51
- end
52
-
53
- def set_members(members)
54
- to_remove(members).each do |member|
55
- remove_member(member)
56
- end
57
-
58
- to_add(members).each do |member|
59
- add_member(member)
60
- end
61
- end
62
-
63
- def to_add(members)
64
- members - current_resource.members
65
- end
66
-
67
- def add_member(member)
68
- shell_out!("groupmod", "-A", member, new_resource.group_name)
69
- end
70
-
71
- def to_remove(members)
72
- current_resource.members - members
73
- end
74
-
75
- def remove_member(member)
76
- shell_out!("groupmod", "-R", member, new_resource.group_name)
77
- end
78
-
79
- end
80
- end
81
- end
82
- end
@@ -1,90 +0,0 @@
1
- #
2
- # Author:: Tom Duffield (<tom@chef.io>)
3
- # Copyright:: Copyright (c) Chef Software Inc.
4
- # License:: Apache License, Version 2.0
5
- #
6
- # Licensed under the Apache License, Version 2.0 (the "License");
7
- # you may not use this file except in compliance with the License.
8
- # You may obtain a copy of the License at
9
- #
10
- #      http://www.apache.org/licenses/LICENSE-2.0
11
- #
12
- # Unless required by applicable law or agreed to in writing, software
13
- # distributed under the License is distributed on an "AS IS" BASIS,
14
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
- # See the License for the specific language governing permissions and
16
- # limitations under the License.
17
- #
18
-
19
- require "spec_helper"
20
-
21
- describe Chef::Provider::Group::Suse do
22
- let(:node) { Chef::Node.new }
23
- let(:events) { Chef::EventDispatch::Dispatcher.new }
24
- let(:run_context) { Chef::RunContext.new(node, {}, events) }
25
- let(:new_members) { %w{root new_user} }
26
- let(:new_resource) do
27
- Chef::Resource::Group.new("new_group").tap do |r|
28
- r.gid 50
29
- r.members new_members
30
- r.system false
31
- r.non_unique false
32
- end
33
- end
34
- let(:current_resource) do
35
- Chef::Resource::Group.new("new_group").tap do |r|
36
- r.gid 50
37
- r.members %w{root}
38
- r.system false
39
- r.non_unique false
40
- end
41
- end
42
- let(:provider) do
43
- described_class.new(new_resource, run_context).tap do |p|
44
- p.current_resource = current_resource
45
- end
46
- end
47
-
48
- describe "when determining the current group state" do
49
- before(:each) do
50
- allow(File).to receive(:exist?).and_return(true)
51
- provider.action = :create
52
- provider.define_resource_requirements
53
- end
54
-
55
- # Checking for required binaries is already done in the spec
56
- # for Chef::Provider::Group - no need to repeat it here. We'll
57
- # include only what's specific to this provider.
58
- it "should raise an error if the required binary /usr/sbin/groupmod doesn't exist" do
59
- expect(File).to receive(:exist?).with("/usr/sbin/groupmod").and_return(false)
60
- expect { provider.process_resource_requirements }.to raise_error(Chef::Exceptions::Group)
61
- end
62
-
63
- it "should raise error if one of the member users does not exist" do
64
- expect(Etc).to receive(:getpwnam).with("new_user").and_raise ArgumentError
65
- expect { provider.process_resource_requirements }.to raise_error(Chef::Exceptions::Group)
66
- end
67
- end
68
-
69
- describe "#set_members" do
70
- it "should add missing members and remove deleted members" do
71
- expect(provider).not_to receive(:remove_member)
72
- expect(provider).to receive(:add_member).with("new_user")
73
- provider.set_members(new_members)
74
- end
75
- end
76
-
77
- describe "#add_member" do
78
- it "should call out to groupmod to add user" do
79
- expect(provider).to receive(:shell_out_compacted!).with("groupmod", "-A", "new_user", "new_group")
80
- provider.add_member("new_user")
81
- end
82
- end
83
-
84
- describe "#remove_member" do
85
- it "should call out to groupmod to remove user" do
86
- expect(provider).to receive(:shell_out_compacted!).with("groupmod", "-R", "new_user", "new_group")
87
- provider.remove_member("new_user")
88
- end
89
- end
90
- end