cheffish 0.1

data/lib/cheffish/version.rb

@@ -0,0 +1,4 @@
+module Cheffish
+  VERSION = '0.1'
+end
+

data/spec/integration/chef_client_spec.rb

@@ -0,0 +1,48 @@
+require 'support/spec_support'
+require 'support/key_support'
+require 'chef/resource/chef_client'
+require 'chef/provider/chef_client'
+
+repo_path = Dir.mktmpdir('chef_repo')
+
+describe Chef::Resource::ChefClient do
+  extend SpecSupport
+
+  when_the_chef_server 'is empty' do
+    context 'and we have a private key' do
+      with_recipe do
+        private_key "#{repo_path}/blah.pem"
+      end
+
+      context 'and we run a recipe that creates client "blah"' do
+        with_recipe do
+          chef_client 'blah' do
+            source_key_path "#{repo_path}/blah.pem"
+          end
+        end
+
+        it 'the client gets created' do
+          chef_run.should have_updated 'chef_client[blah]', :create
+          client = get('/clients/blah')
+          client['name'].should == 'blah'
+          key, format = Cheffish::KeyFormatter.decode(client['public_key'])
+          key.should be_public_key_for("#{repo_path}/blah.pem")
+        end
+      end
+
+      context 'and we run a recipe that creates client "blah" with output_key_path' do
+        with_recipe do
+          chef_client 'blah' do
+            source_key_path "#{repo_path}/blah.pem"
+            output_key_path "#{repo_path}/blah.pub"
+          end
+        end
+
+        it 'the output public key gets created' do
+          IO.read("#{repo_path}/blah.pub").should start_with('ssh-rsa ')
+          "#{repo_path}/blah.pub".should be_public_key_for("#{repo_path}/blah.pem")
+        end
+      end
+    end
+  end
+end

data/spec/integration/chef_node_spec.rb

@@ -0,0 +1,75 @@
+require 'support/spec_support'
+require 'chef/resource/chef_node'
+require 'chef/provider/chef_node'
+
+describe Chef::Resource::ChefNode do
+  extend SpecSupport
+
+  when_the_chef_server 'is empty' do
+    context 'and we run a recipe that creates node "blah"' do
+      with_recipe do
+        chef_node 'blah'
+      end
+
+      it 'the node gets created' do
+        chef_run.should have_updated 'chef_node[blah]', :create
+        get('/nodes/blah')['name'].should == 'blah'
+      end
+    end
+
+    # TODO why-run mode
+
+    context 'and another chef server is running on port 8899' do
+      before :each do
+        @server = ChefZero::Server.new(:port => 8899)
+        @server.start_background
+      end
+
+      after :each do
+        @server.stop
+      end
+
+      context 'and a recipe is run that creates node "blah" on the second chef server using with_chef_server' do
+
+        with_recipe do
+          with_chef_server 'http://127.0.0.1:8899'
+          chef_node 'blah'
+        end
+
+        it 'the node is created on the second chef server but not the first' do
+          chef_run.should have_updated 'chef_node[blah]', :create
+          lambda { get('/nodes/blah') }.should raise_error(Net::HTTPServerException)
+          get('http://127.0.0.1:8899/nodes/blah')['name'].should == 'blah'
+        end
+      end
+
+      context 'and a recipe is run that creates node "blah" on the second chef server using chef_server' do
+
+        with_recipe do
+          chef_node 'blah' do
+            chef_server({ :chef_server_url => 'http://127.0.0.1:8899' })
+          end
+        end
+
+        it 'the node is created on the second chef server but not the first' do
+          chef_run.should have_updated 'chef_node[blah]', :create
+          lambda { get('/nodes/blah') }.should raise_error(Net::HTTPServerException)
+          get('http://127.0.0.1:8899/nodes/blah')['name'].should == 'blah'
+        end
+      end
+
+    end
+  end
+
+  when_the_chef_server 'has a node named "blah"' do
+    node 'blah', {}
+
+    with_recipe do
+      chef_node 'blah'
+    end
+
+    it 'the node "blah" does not get created or updated' do
+      chef_run.should_not have_updated 'chef_node[blah]', :create
+    end
+  end
+end

data/spec/integration/chef_user_spec.rb

@@ -0,0 +1,48 @@
+require 'support/spec_support'
+require 'support/key_support'
+require 'chef/resource/chef_user'
+require 'chef/provider/chef_user'
+
+repo_path = Dir.mktmpdir('chef_repo')
+
+describe Chef::Resource::ChefUser do
+  extend SpecSupport
+
+  when_the_chef_server 'is empty' do
+    context 'and we have a private key' do
+      with_recipe do
+        private_key "#{repo_path}/blah.pem"
+      end
+
+      context 'and we run a recipe that creates user "blah"'do
+        with_recipe do
+          chef_user 'blah' do
+            source_key_path "#{repo_path}/blah.pem"
+          end
+        end
+
+        it 'the user gets created' do
+          chef_run.should have_updated 'chef_user[blah]', :create
+          user = get('/users/blah')
+          user['name'].should == 'blah'
+          key, format = Cheffish::KeyFormatter.decode(user['public_key'])
+          key.should be_public_key_for("#{repo_path}/blah.pem")
+        end
+      end
+
+      context 'and we run a recipe that creates client "blah" with output_key_path' do
+        with_recipe do
+          chef_client 'blah' do
+            source_key_path "#{repo_path}/blah.pem"
+            output_key_path "#{repo_path}/blah.pub"
+          end
+        end
+
+        it 'the output public key gets created' do
+          IO.read("#{repo_path}/blah.pub").should start_with('ssh-rsa ')
+          "#{repo_path}/blah.pub".should be_public_key_for("#{repo_path}/blah.pem")
+        end
+      end
+    end
+  end
+end

data/spec/integration/private_key_spec.rb

@@ -0,0 +1,356 @@
+require 'support/spec_support'
+require 'chef/resource/private_key'
+require 'chef/provider/private_key'
+require 'chef/resource/public_key'
+require 'chef/provider/public_key'
+require 'support/key_support'
+
+repo_path = Dir.mktmpdir('chef_repo')
+
+describe Chef::Resource::PrivateKey do
+  extend SpecSupport
+
+  before :each do
+    FileUtils.remove_entry_secure(repo_path)
+    Dir.mkdir(repo_path)
+  end
+
+  context 'with a recipe with a private_key' do
+    with_recipe do
+      private_key "#{repo_path}/blah"
+    end
+
+    it 'the private_key is created in pem format' do
+      chef_run.should have_updated "private_key[#{repo_path}/blah]", :create
+      IO.read("#{repo_path}/blah").should start_with('-----BEGIN')
+      OpenSSL::PKey.read(IO.read("#{repo_path}/blah")).kind_of?(OpenSSL::PKey::RSA).should be_true
+    end
+
+    context 'and a private_key that copies it in der format' do
+      with_recipe do
+        private_key "#{repo_path}/blah.der" do
+          source_key_path "#{repo_path}/blah"
+          format :der
+        end
+      end
+
+      it 'the private_key is copied in der format and is identical' do
+        chef_run.should have_updated "private_key[#{repo_path}/blah.der]", :create
+        key_str = IO.read("#{repo_path}/blah.der")
+        key_str.should_not start_with('-----BEGIN')
+        key_str.should_not start_with('ssh-')
+        "#{repo_path}/blah.der".should match_private_key("#{repo_path}/blah")
+      end
+    end
+
+    it 'a private_key that copies it from in-memory as a string succeeds' do
+      run_recipe do
+        private_key "#{repo_path}/blah.der" do
+          source_key IO.read("#{repo_path}/blah")
+          format :der
+        end
+      end
+
+      chef_run.should have_updated "private_key[#{repo_path}/blah.der]", :create
+      key_str = IO.read("#{repo_path}/blah.der")
+      key_str.should_not start_with('-----BEGIN')
+      key_str.should_not start_with('ssh-')
+      "#{repo_path}/blah.der".should match_private_key("#{repo_path}/blah")
+    end
+
+    it 'a private_key that copies it from in-memory as a key succeeds' do
+      key = OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))
+      run_recipe do
+        private_key "#{repo_path}/blah.der" do
+          source_key key
+          format :der
+        end
+      end
+
+      chef_run.should have_updated "private_key[#{repo_path}/blah.der]", :create
+      key_str = IO.read("#{repo_path}/blah.der")
+      key_str.should_not start_with('-----BEGIN')
+      key_str.should_not start_with('ssh-')
+      "#{repo_path}/blah.der".should match_private_key("#{repo_path}/blah")
+    end
+
+    context 'and a public_key' do
+      with_recipe do
+        public_key "#{repo_path}/blah.pub" do
+          source_key_path "#{repo_path}/blah"
+        end
+      end
+
+      it 'the public_key is created' do
+        chef_run.should have_updated "private_key[#{repo_path}/blah]", :create
+        chef_run.should have_updated "public_key[#{repo_path}/blah.pub]", :create
+        IO.read("#{repo_path}/blah.pub").should start_with('ssh-rsa ')
+        "#{repo_path}/blah.pub".should be_public_key_for "#{repo_path}/blah"
+      end
+
+      context 'and another public_key based off the first public_key' do
+        with_recipe do
+          public_key "#{repo_path}/blah.pub2" do
+            source_key_path "#{repo_path}/blah.pub"
+          end
+        end
+
+        it 'the second public_key is created' do
+          chef_run.should have_updated "public_key[#{repo_path}/blah.pub2]", :create
+          IO.read("#{repo_path}/blah.pub").should start_with('ssh-rsa ')
+          "#{repo_path}/blah.pub".should be_public_key_for "#{repo_path}/blah"
+        end
+      end
+
+      context 'and another public_key based off the first public_key in-memory in a string' do
+        with_recipe do
+          public_key "#{repo_path}/blah.pub2" do
+            source_key IO.read("#{repo_path}/blah.pub")
+          end
+        end
+
+        it 'the second public_key is created' do
+          chef_run.should have_updated "public_key[#{repo_path}/blah.pub2]", :create
+          IO.read("#{repo_path}/blah.pub").should start_with('ssh-rsa ')
+          "#{repo_path}/blah.pub".should be_public_key_for "#{repo_path}/blah"
+        end
+      end
+
+      it 'and another public_key based off the first public_key in-memory in a key, the second public_key is created' do
+        key, format = Cheffish::KeyFormatter.decode(IO.read("#{repo_path}/blah.pub"))
+
+        run_recipe do
+          public_key "#{repo_path}/blah.pub2" do
+            source_key key
+          end
+        end
+
+        chef_run.should have_updated "public_key[#{repo_path}/blah.pub2]", :create
+        IO.read("#{repo_path}/blah.pub").should start_with('ssh-rsa ')
+        "#{repo_path}/blah.pub".should be_public_key_for "#{repo_path}/blah"
+      end
+
+      context 'and another public_key in :pem format based off the first public_key' do
+        with_recipe do
+          public_key "#{repo_path}/blah.pub2" do
+            source_key_path "#{repo_path}/blah.pub"
+            format :pem
+          end
+        end
+
+        it 'the second public_key is created' do
+          chef_run.should have_updated "public_key[#{repo_path}/blah.pub2]", :create
+          IO.read("#{repo_path}/blah.pub").should start_with('ssh-rsa ')
+          "#{repo_path}/blah.pub".should be_public_key_for "#{repo_path}/blah"
+        end
+      end
+
+      context 'and another public_key in :der format based off the first public_key' do
+        with_recipe do
+          public_key "#{repo_path}/blah.pub2" do
+            source_key_path "#{repo_path}/blah.pub"
+            format :pem
+          end
+        end
+
+        it 'the second public_key is created' do
+          chef_run.should have_updated "public_key[#{repo_path}/blah.pub2]", :create
+          IO.read("#{repo_path}/blah.pub").should start_with('ssh-rsa ')
+          "#{repo_path}/blah.pub".should be_public_key_for "#{repo_path}/blah"
+        end
+      end
+    end
+
+    context 'and a public key in pem format' do
+      with_recipe do
+        public_key "#{repo_path}/blah.pub" do
+          source_key_path "#{repo_path}/blah"
+          format :pem
+        end
+      end
+
+      it 'the public_key is created' do
+        chef_run.should have_updated "private_key[#{repo_path}/blah]", :create
+        chef_run.should have_updated "public_key[#{repo_path}/blah.pub]", :create
+        IO.read("#{repo_path}/blah.pub").should start_with('-----BEGIN')
+        "#{repo_path}/blah.pub".should be_public_key_for "#{repo_path}/blah"
+      end
+    end
+
+    context 'and a public key in der format' do
+      with_recipe do
+        public_key "#{repo_path}/blah.pub" do
+          source_key_path "#{repo_path}/blah"
+          format :der
+        end
+      end
+
+      it 'the public_key is created in openssh format' do
+        chef_run.should have_updated "private_key[#{repo_path}/blah]", :create
+        chef_run.should have_updated "public_key[#{repo_path}/blah.pub]", :create
+        IO.read("#{repo_path}/blah.pub").should_not start_with('-----BEGIN')
+        IO.read("#{repo_path}/blah.pub").should_not start_with('ssh-rsa')
+        "#{repo_path}/blah.pub".should be_public_key_for "#{repo_path}/blah"
+      end
+    end
+  end
+
+  context 'with a recipe with a private_key in der format' do
+    with_recipe do
+      private_key "#{repo_path}/blah" do
+        format :der
+      end
+    end
+
+    it 'the private_key is created' do
+      chef_run.should have_updated "private_key[#{repo_path}/blah]", :create
+      IO.read("#{repo_path}/blah").should_not start_with('-----BEGIN')
+      OpenSSL::PKey.read(IO.read("#{repo_path}/blah")).kind_of?(OpenSSL::PKey::RSA).should be_true
+    end
+
+    context 'and a public_key' do
+      with_recipe do
+        public_key "#{repo_path}/blah.pub" do
+          source_key_path "#{repo_path}/blah"
+        end
+      end
+
+      it 'the public_key is created in openssh format' do
+        chef_run.should have_updated "private_key[#{repo_path}/blah]", :create
+        chef_run.should have_updated "public_key[#{repo_path}/blah.pub]", :create
+        IO.read("#{repo_path}/blah.pub").should start_with('ssh-rsa ')
+        "#{repo_path}/blah.pub".should be_public_key_for "#{repo_path}/blah"
+      end
+    end
+  end
+
+  context 'with a recipe with a private_key with a pass_phrase' do
+    with_recipe do
+      private_key "#{repo_path}/blah" do
+        pass_phrase 'hello'
+      end
+    end
+
+    it 'the private_key is created' do
+      chef_run.should have_updated "private_key[#{repo_path}/blah]", :create
+      IO.read("#{repo_path}/blah").should start_with('-----BEGIN')
+      OpenSSL::PKey.read(IO.read("#{repo_path}/blah"), 'hello').kind_of?(OpenSSL::PKey::RSA).should be_true
+    end
+
+    context 'and a private_key that copies it in der format' do
+      with_recipe do
+        private_key "#{repo_path}/blah.der" do
+          source_key_path "#{repo_path}/blah"
+          source_key_pass_phrase 'hello'
+          format :der
+        end
+      end
+
+      it 'the private_key is copied in der format and is identical' do
+        chef_run.should have_updated "private_key[#{repo_path}/blah.der]", :create
+        key_str = IO.read("#{repo_path}/blah.der")
+        key_str.should_not start_with('-----BEGIN')
+        key_str.should_not start_with('ssh-')
+        "#{repo_path}/blah.der".should match_private_key("#{repo_path}/blah", 'hello')
+      end
+    end
+
+    it 'a private_key that copies it from in-memory as a string succeeds' do
+      run_recipe do
+        private_key "#{repo_path}/blah.der" do
+          source_key IO.read("#{repo_path}/blah")
+          source_key_pass_phrase 'hello'
+          format :der
+        end
+      end
+
+      chef_run.should have_updated "private_key[#{repo_path}/blah.der]", :create
+      key_str = IO.read("#{repo_path}/blah.der")
+      key_str.should_not start_with('-----BEGIN')
+      key_str.should_not start_with('ssh-')
+      "#{repo_path}/blah.der".should match_private_key("#{repo_path}/blah", 'hello')
+    end
+
+    context 'and a public_key' do
+      with_recipe do
+        public_key "#{repo_path}/blah.pub" do
+          source_key_path "#{repo_path}/blah"
+          source_key_pass_phrase 'hello'
+        end
+      end
+
+      it 'the public_key is created in openssh format' do
+        chef_run.should have_updated "private_key[#{repo_path}/blah]", :create
+        chef_run.should have_updated "public_key[#{repo_path}/blah.pub]", :create
+        IO.read("#{repo_path}/blah.pub").should start_with('ssh-rsa ')
+        "#{repo_path}/blah.pub".should be_public_key_for "#{repo_path}/blah", 'hello'
+      end
+    end
+
+    context 'and a public_key derived from the private key in an in-memory string' do
+      with_recipe do
+        public_key "#{repo_path}/blah.pub" do
+          source_key IO.read("#{repo_path}/blah")
+          source_key_pass_phrase 'hello'
+        end
+      end
+
+      it 'the public_key is created in openssh format' do
+        chef_run.should have_updated "private_key[#{repo_path}/blah]", :create
+        chef_run.should have_updated "public_key[#{repo_path}/blah.pub]", :create
+        IO.read("#{repo_path}/blah.pub").should start_with('ssh-rsa ')
+        "#{repo_path}/blah.pub".should be_public_key_for "#{repo_path}/blah", 'hello'
+      end
+    end
+  end
+
+  context 'with a recipe with a private_key and public_key_path' do
+    with_recipe do
+      private_key "#{repo_path}/blah" do
+        public_key_path "#{repo_path}/blah.pub"
+      end
+    end
+
+    it 'the private_key and public_key are created' do
+      chef_run.should have_updated "private_key[#{repo_path}/blah]", :create
+      IO.read("#{repo_path}/blah").should start_with('-----BEGIN')
+      OpenSSL::PKey.read(IO.read("#{repo_path}/blah")).kind_of?(OpenSSL::PKey::RSA).should be_true
+      IO.read("#{repo_path}/blah.pub").should start_with('ssh-rsa ')
+      "#{repo_path}/blah.pub".should be_public_key_for("#{repo_path}/blah")
+    end
+  end
+
+  context 'with a recipe with a private_key and public_key_path and public_key_format' do
+    with_recipe do
+      private_key "#{repo_path}/blah" do
+        public_key_path "#{repo_path}/blah.pub.der"
+        public_key_format :der
+      end
+    end
+
+    it 'the private_key and public_key are created' do
+      chef_run.should have_updated "private_key[#{repo_path}/blah]", :create
+      IO.read("#{repo_path}/blah").should start_with('-----BEGIN')
+      OpenSSL::PKey.read(IO.read("#{repo_path}/blah")).kind_of?(OpenSSL::PKey::RSA).should be_true
+      IO.read("#{repo_path}/blah.pub.der").should_not start_with('ssh-rsa ')
+      "#{repo_path}/blah.pub.der".should be_public_key_for("#{repo_path}/blah")
+    end
+  end
+
+  context 'with a recipe with a private_key with path :none' do
+    it 'the private_key is created' do
+      got_private_key = nil
+      run_recipe do
+        private_key 'in_memory' do
+          path :none
+          after { |resource, private_key| got_private_key = private_key }
+        end
+      end
+
+      chef_run.should have_updated "private_key[in_memory]", :create
+      got_private_key.kind_of?(OpenSSL::PKey::RSA).should be_true
+    end
+  end
+
+end
+