cheffish 0.6.2 → 0.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/chef/provider/private_key.rb +6 -3
- data/lib/cheffish/recipe_dsl.rb +1 -1
- data/lib/cheffish/version.rb +1 -1
- data/lib/cheffish.rb +2 -1
- data/spec/integration/chef_client_spec.rb +8 -8
- data/spec/integration/chef_node_spec.rb +19 -19
- data/spec/integration/chef_user_spec.rb +5 -5
- data/spec/integration/private_key_spec.rb +109 -85
- data/spec/integration/recipe_dsl_spec.rb +2 -2
- data/spec/support/key_support.rb +3 -3
- data/spec/support/spec_support.rb +3 -4
- data/spec/unit/get_private_key_spec.rb +93 -0
- metadata +21 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e58ebae3c3b7856ae29da6639debd75b93d1a2ba
|
4
|
+
data.tar.gz: 278ba389ad45a85bdc19dc9875c88da1084b832a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 225c6e83fc286c34a7d1272a3ae53cb02b25ed3168f231ec0315772e3195f492676d011af44d846c0725d79efe2fb97f91f83d9d83207f1908427fad328910a6
|
7
|
+
data.tar.gz: 165ab945e54d38c2e2173b71ac1584eab0d4b613f46c0402aa6dcc2fcb09635b3ae0d4c341d4de13493d36ab9319cc84b347a6996db53b5bc9135b33c0965ff8
|
@@ -51,12 +51,13 @@ class Chef::Provider::PrivateKey < Chef::Provider::LWRPBase
|
|
51
51
|
#
|
52
52
|
# Generate a new key
|
53
53
|
#
|
54
|
-
if
|
54
|
+
if current_resource.action == [ :delete ] || regenerate ||
|
55
55
|
(new_resource.regenerate_if_different &&
|
56
|
-
(
|
56
|
+
(!current_private_key ||
|
57
|
+
current_resource.size != new_resource.size ||
|
57
58
|
current_resource.type != new_resource.type))
|
58
59
|
|
59
|
-
|
60
|
+
case new_resource.type
|
60
61
|
when :rsa
|
61
62
|
if new_resource.exponent
|
62
63
|
final_private_key = OpenSSL::PKey::RSA.generate(new_resource.size, new_resource.exponent)
|
@@ -68,6 +69,8 @@ class Chef::Provider::PrivateKey < Chef::Provider::LWRPBase
|
|
68
69
|
end
|
69
70
|
|
70
71
|
generated_key = true
|
72
|
+
elsif !current_private_key
|
73
|
+
raise "Could not read private key from #{current_resource.path}: missing pass phrase?"
|
71
74
|
else
|
72
75
|
final_private_key = current_private_key
|
73
76
|
generated_key = false
|
data/lib/cheffish/recipe_dsl.rb
CHANGED
@@ -49,7 +49,7 @@ class Chef
|
|
49
49
|
def with_chef_local_server(options, &block)
|
50
50
|
options[:host] ||= '127.0.0.1'
|
51
51
|
options[:log_level] ||= Chef::Log.level
|
52
|
-
options[:port] ||= 8901
|
52
|
+
options[:port] ||= 8901.upto(9900)
|
53
53
|
|
54
54
|
# Create the data store chef-zero will use
|
55
55
|
options[:data_store] ||= begin
|
data/lib/cheffish/version.rb
CHANGED
data/lib/cheffish.rb
CHANGED
@@ -88,7 +88,8 @@ module Cheffish
|
|
88
88
|
end
|
89
89
|
elsif config[:private_key_paths]
|
90
90
|
config[:private_key_paths].each do |private_key_path|
|
91
|
-
|
91
|
+
next unless File.exist?(private_key_path)
|
92
|
+
Dir.entries(private_key_path).sort.each do |key|
|
92
93
|
ext = File.extname(key)
|
93
94
|
if ext == '' || ext == '.pem'
|
94
95
|
key_name = key[0..-(ext.length+1)]
|
@@ -22,11 +22,11 @@ describe Chef::Resource::ChefClient do
|
|
22
22
|
end
|
23
23
|
|
24
24
|
it 'the client gets created' do
|
25
|
-
chef_run.
|
25
|
+
expect(chef_run).to have_updated 'chef_client[blah]', :create
|
26
26
|
client = get('/clients/blah')
|
27
|
-
client['name'].
|
27
|
+
expect(client['name']).to eq('blah')
|
28
28
|
key, format = Cheffish::KeyFormatter.decode(client['public_key'])
|
29
|
-
key.
|
29
|
+
expect(key).to be_public_key_for("#{repo_path}/blah.pem")
|
30
30
|
end
|
31
31
|
end
|
32
32
|
|
@@ -39,8 +39,8 @@ describe Chef::Resource::ChefClient do
|
|
39
39
|
end
|
40
40
|
|
41
41
|
it 'the output public key gets created' do
|
42
|
-
IO.read("#{repo_path}/blah.pub").
|
43
|
-
"#{repo_path}/blah.pub".
|
42
|
+
expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
|
43
|
+
expect("#{repo_path}/blah.pub").to be_public_key_for("#{repo_path}/blah.pem")
|
44
44
|
end
|
45
45
|
end
|
46
46
|
end
|
@@ -62,13 +62,13 @@ describe Chef::Resource::ChefClient do
|
|
62
62
|
end
|
63
63
|
|
64
64
|
it 'the client is accessible via the given private key' do
|
65
|
-
chef_run.
|
65
|
+
expect(chef_run).to have_updated 'chef_client[foobar]', :create
|
66
66
|
client = get('/clients/foobar')
|
67
67
|
key, format = Cheffish::KeyFormatter.decode(client['public_key'])
|
68
|
-
key.
|
68
|
+
expect(key).to be_public_key_for("#{repo_path}/blah.pem")
|
69
69
|
|
70
70
|
private_key = Cheffish::KeyFormatter.decode(Cheffish.get_private_key('blah'))
|
71
|
-
key.
|
71
|
+
expect(key).to be_public_key_for(private_key)
|
72
72
|
end
|
73
73
|
end
|
74
74
|
end
|
@@ -12,8 +12,8 @@ describe Chef::Resource::ChefNode do
|
|
12
12
|
end
|
13
13
|
|
14
14
|
it 'the node gets created' do
|
15
|
-
chef_run.
|
16
|
-
get('/nodes/blah')['name'].
|
15
|
+
expect(chef_run).to have_updated 'chef_node[blah]', :create
|
16
|
+
expect(get('/nodes/blah')['name']).to eq('blah')
|
17
17
|
end
|
18
18
|
end
|
19
19
|
|
@@ -37,9 +37,9 @@ describe Chef::Resource::ChefNode do
|
|
37
37
|
end
|
38
38
|
|
39
39
|
it 'the node is created on the second chef server but not the first' do
|
40
|
-
chef_run.
|
41
|
-
|
42
|
-
get('http://127.0.0.1:8899/nodes/blah')['name'].
|
40
|
+
expect(chef_run).to have_updated 'chef_node[blah]', :create
|
41
|
+
expect { get('/nodes/blah') }.to raise_error(Net::HTTPServerException)
|
42
|
+
expect(get('http://127.0.0.1:8899/nodes/blah')['name']).to eq('blah')
|
43
43
|
end
|
44
44
|
end
|
45
45
|
|
@@ -52,9 +52,9 @@ describe Chef::Resource::ChefNode do
|
|
52
52
|
end
|
53
53
|
|
54
54
|
it 'the node is created on the second chef server but not the first' do
|
55
|
-
chef_run.
|
56
|
-
|
57
|
-
get('http://127.0.0.1:8899/nodes/blah')['name'].
|
55
|
+
expect(chef_run).to have_updated 'chef_node[blah]', :create
|
56
|
+
expect { get('/nodes/blah') }.to raise_error(Net::HTTPServerException)
|
57
|
+
expect(get('http://127.0.0.1:8899/nodes/blah')['name']).to eq('blah')
|
58
58
|
end
|
59
59
|
end
|
60
60
|
|
@@ -69,7 +69,7 @@ describe Chef::Resource::ChefNode do
|
|
69
69
|
end
|
70
70
|
|
71
71
|
it 'chef_node "blah" does not get created or updated' do
|
72
|
-
chef_run.
|
72
|
+
expect(chef_run).not_to have_updated 'chef_node[blah]', :create
|
73
73
|
end
|
74
74
|
end
|
75
75
|
|
@@ -86,7 +86,7 @@ describe Chef::Resource::ChefNode do
|
|
86
86
|
end
|
87
87
|
|
88
88
|
it 'the tags in attributes are used' do
|
89
|
-
get('/nodes/blah')['normal']['tags'].
|
89
|
+
expect(get('/nodes/blah')['normal']['tags']).to eq([ 'a', 'b' ])
|
90
90
|
end
|
91
91
|
end
|
92
92
|
|
@@ -98,7 +98,7 @@ describe Chef::Resource::ChefNode do
|
|
98
98
|
end
|
99
99
|
|
100
100
|
it 'the tags in attributes are used' do
|
101
|
-
get('/nodes/blah')['normal']['tags'].
|
101
|
+
expect(get('/nodes/blah')['normal']['tags']).to eq([ 'c', 'd' ])
|
102
102
|
end
|
103
103
|
end
|
104
104
|
end
|
@@ -119,7 +119,7 @@ describe Chef::Resource::ChefNode do
|
|
119
119
|
end
|
120
120
|
|
121
121
|
it 'nothing gets updated' do
|
122
|
-
chef_run.
|
122
|
+
expect(chef_run).not_to have_updated 'chef_node[blah]', :create
|
123
123
|
end
|
124
124
|
end
|
125
125
|
|
@@ -131,14 +131,14 @@ describe Chef::Resource::ChefNode do
|
|
131
131
|
end
|
132
132
|
|
133
133
|
it 'default, automatic and override attributes are left alone' do
|
134
|
-
chef_run.
|
134
|
+
expect(chef_run).to have_updated 'chef_node[blah]', :create
|
135
135
|
node = get('/nodes/blah')
|
136
|
-
node['chef_environment'].
|
137
|
-
node['run_list'].
|
138
|
-
node['normal'].
|
139
|
-
node['default'].
|
140
|
-
node['automatic'].
|
141
|
-
node['override'].
|
136
|
+
expect(node['chef_environment']).to eq('_default')
|
137
|
+
expect(node['run_list']).to eq([])
|
138
|
+
expect(node['normal']).to eq({ 'tags' => [ 'a', 'b' ] })
|
139
|
+
expect(node['default']).to eq({ 'foo2' => 'bar2' })
|
140
|
+
expect(node['automatic']).to eq({ 'foo3' => 'bar3' })
|
141
|
+
expect(node['override']).to eq({ 'foo4' => 'bar4' })
|
142
142
|
end
|
143
143
|
end
|
144
144
|
end
|
@@ -22,11 +22,11 @@ describe Chef::Resource::ChefUser do
|
|
22
22
|
end
|
23
23
|
|
24
24
|
it 'the user gets created' do
|
25
|
-
chef_run.
|
25
|
+
expect(chef_run).to have_updated 'chef_user[blah]', :create
|
26
26
|
user = get('/users/blah')
|
27
|
-
user['name'].
|
27
|
+
expect(user['name']).to eq('blah')
|
28
28
|
key, format = Cheffish::KeyFormatter.decode(user['public_key'])
|
29
|
-
key.
|
29
|
+
expect(key).to be_public_key_for("#{repo_path}/blah.pem")
|
30
30
|
end
|
31
31
|
end
|
32
32
|
|
@@ -39,8 +39,8 @@ describe Chef::Resource::ChefUser do
|
|
39
39
|
end
|
40
40
|
|
41
41
|
it 'the output public key gets created' do
|
42
|
-
IO.read("#{repo_path}/blah.pub").
|
43
|
-
"#{repo_path}/blah.pub".
|
42
|
+
expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
|
43
|
+
expect("#{repo_path}/blah.pub").to be_public_key_for("#{repo_path}/blah.pem")
|
44
44
|
end
|
45
45
|
end
|
46
46
|
end
|
@@ -21,9 +21,9 @@ describe Chef::Resource::PrivateKey do
|
|
21
21
|
end
|
22
22
|
|
23
23
|
it 'the private_key is created in pem format' do
|
24
|
-
chef_run.
|
25
|
-
IO.read("#{repo_path}/blah").
|
26
|
-
OpenSSL::PKey.read(IO.read("#{repo_path}/blah")).
|
24
|
+
expect(chef_run).to have_updated "private_key[#{repo_path}/blah]", :create
|
25
|
+
expect(IO.read("#{repo_path}/blah")).to start_with('-----BEGIN')
|
26
|
+
expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
|
27
27
|
end
|
28
28
|
end
|
29
29
|
|
@@ -38,12 +38,12 @@ describe Chef::Resource::PrivateKey do
|
|
38
38
|
end
|
39
39
|
|
40
40
|
it 'the private key is created in the private_key_write_path' do
|
41
|
-
chef_run.
|
42
|
-
Chef::Config.private_key_write_path.
|
43
|
-
File.exist?("#{repo_path}/blah").
|
44
|
-
File.exist?("#{repo_path}/other_keys/blah").
|
45
|
-
OpenSSL::PKey.read(IO.read("#{repo_path}/blah")).
|
46
|
-
OpenSSL::PKey.read(Cheffish.get_private_key('blah')).
|
41
|
+
expect(chef_run).to have_updated "private_key[blah]", :create
|
42
|
+
expect(Chef::Config.private_key_write_path).to eq(repo_path)
|
43
|
+
expect(File.exist?("#{repo_path}/blah")).to be true
|
44
|
+
expect(File.exist?("#{repo_path}/other_keys/blah")).to be false
|
45
|
+
expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
|
46
|
+
expect(OpenSSL::PKey.read(Cheffish.get_private_key('blah'))).to be_kind_of(OpenSSL::PKey::RSA)
|
47
47
|
end
|
48
48
|
|
49
49
|
context 'and the private key already exists somewhere not in the write path' do
|
@@ -53,11 +53,11 @@ describe Chef::Resource::PrivateKey do
|
|
53
53
|
end
|
54
54
|
end
|
55
55
|
|
56
|
-
it 'the private key
|
57
|
-
chef_run.
|
56
|
+
it 'the private expect(key).to not update' do
|
57
|
+
expect(chef_run).not_to have_updated "private_key[blah]", :create
|
58
58
|
|
59
|
-
File.exist?("#{repo_path}/blah").
|
60
|
-
File.exist?("#{repo_path}/other_keys/blah").
|
59
|
+
expect(File.exist?("#{repo_path}/blah")).to be false
|
60
|
+
expect(File.exist?("#{repo_path}/other_keys/blah")).to be true
|
61
61
|
end
|
62
62
|
end
|
63
63
|
end
|
@@ -78,11 +78,11 @@ describe Chef::Resource::PrivateKey do
|
|
78
78
|
end
|
79
79
|
|
80
80
|
it 'the private_key is copied in der format and is identical' do
|
81
|
-
chef_run.
|
81
|
+
expect(chef_run).to have_updated "private_key[#{repo_path}/blah.der]", :create
|
82
82
|
key_str = IO.read("#{repo_path}/blah.der")
|
83
|
-
key_str.
|
84
|
-
key_str.
|
85
|
-
"#{repo_path}/blah.der".
|
83
|
+
expect(key_str).not_to start_with('-----BEGIN')
|
84
|
+
expect(key_str).not_to start_with('ssh-')
|
85
|
+
expect("#{repo_path}/blah.der").to match_private_key("#{repo_path}/blah")
|
86
86
|
end
|
87
87
|
end
|
88
88
|
|
@@ -94,11 +94,11 @@ describe Chef::Resource::PrivateKey do
|
|
94
94
|
end
|
95
95
|
end
|
96
96
|
|
97
|
-
chef_run.
|
97
|
+
expect(chef_run).to have_updated "private_key[#{repo_path}/blah.der]", :create
|
98
98
|
key_str = IO.read("#{repo_path}/blah.der")
|
99
|
-
key_str.
|
100
|
-
key_str.
|
101
|
-
"#{repo_path}/blah.der".
|
99
|
+
expect(key_str).not_to start_with('-----BEGIN')
|
100
|
+
expect(key_str).not_to start_with('ssh-')
|
101
|
+
expect("#{repo_path}/blah.der").to match_private_key("#{repo_path}/blah")
|
102
102
|
end
|
103
103
|
|
104
104
|
it 'a private_key that copies it from in-memory as a key succeeds' do
|
@@ -110,11 +110,11 @@ describe Chef::Resource::PrivateKey do
|
|
110
110
|
end
|
111
111
|
end
|
112
112
|
|
113
|
-
chef_run.
|
113
|
+
expect(chef_run).to have_updated "private_key[#{repo_path}/blah.der]", :create
|
114
114
|
key_str = IO.read("#{repo_path}/blah.der")
|
115
|
-
key_str.
|
116
|
-
key_str.
|
117
|
-
"#{repo_path}/blah.der".
|
115
|
+
expect(key_str).not_to start_with('-----BEGIN')
|
116
|
+
expect(key_str).not_to start_with('ssh-')
|
117
|
+
expect("#{repo_path}/blah.der").to match_private_key("#{repo_path}/blah")
|
118
118
|
end
|
119
119
|
|
120
120
|
context 'and a public_key recipe' do
|
@@ -125,9 +125,9 @@ describe Chef::Resource::PrivateKey do
|
|
125
125
|
end
|
126
126
|
|
127
127
|
it 'the public_key is created' do
|
128
|
-
chef_run.
|
129
|
-
IO.read("#{repo_path}/blah.pub").
|
130
|
-
"#{repo_path}/blah.pub".
|
128
|
+
expect(chef_run).to have_updated "public_key[#{repo_path}/blah.pub]", :create
|
129
|
+
expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
|
130
|
+
expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
|
131
131
|
end
|
132
132
|
end
|
133
133
|
|
@@ -148,9 +148,9 @@ describe Chef::Resource::PrivateKey do
|
|
148
148
|
end
|
149
149
|
|
150
150
|
it 'the second public_key is created' do
|
151
|
-
chef_run.
|
152
|
-
IO.read("#{repo_path}/blah.pub").
|
153
|
-
"#{repo_path}/blah.pub".
|
151
|
+
expect(chef_run).to have_updated "public_key[#{repo_path}/blah.pub2]", :create
|
152
|
+
expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
|
153
|
+
expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
|
154
154
|
end
|
155
155
|
end
|
156
156
|
|
@@ -162,9 +162,9 @@ describe Chef::Resource::PrivateKey do
|
|
162
162
|
end
|
163
163
|
|
164
164
|
it 'the second public_key is created' do
|
165
|
-
chef_run.
|
166
|
-
IO.read("#{repo_path}/blah.pub").
|
167
|
-
"#{repo_path}/blah.pub".
|
165
|
+
expect(chef_run).to have_updated "public_key[#{repo_path}/blah.pub2]", :create
|
166
|
+
expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
|
167
|
+
expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
|
168
168
|
end
|
169
169
|
end
|
170
170
|
|
@@ -177,9 +177,9 @@ describe Chef::Resource::PrivateKey do
|
|
177
177
|
end
|
178
178
|
end
|
179
179
|
|
180
|
-
chef_run.
|
181
|
-
IO.read("#{repo_path}/blah.pub").
|
182
|
-
"#{repo_path}/blah.pub".
|
180
|
+
expect(chef_run).to have_updated "public_key[#{repo_path}/blah.pub2]", :create
|
181
|
+
expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
|
182
|
+
expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
|
183
183
|
end
|
184
184
|
|
185
185
|
context 'and another public_key in :pem format based off the first public_key' do
|
@@ -191,9 +191,9 @@ describe Chef::Resource::PrivateKey do
|
|
191
191
|
end
|
192
192
|
|
193
193
|
it 'the second public_key is created' do
|
194
|
-
chef_run.
|
195
|
-
IO.read("#{repo_path}/blah.pub").
|
196
|
-
"#{repo_path}/blah.pub".
|
194
|
+
expect(chef_run).to have_updated "public_key[#{repo_path}/blah.pub2]", :create
|
195
|
+
expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
|
196
|
+
expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
|
197
197
|
end
|
198
198
|
end
|
199
199
|
|
@@ -206,9 +206,9 @@ describe Chef::Resource::PrivateKey do
|
|
206
206
|
end
|
207
207
|
|
208
208
|
it 'the second public_key is created' do
|
209
|
-
chef_run.
|
210
|
-
IO.read("#{repo_path}/blah.pub").
|
211
|
-
"#{repo_path}/blah.pub".
|
209
|
+
expect(chef_run).to have_updated "public_key[#{repo_path}/blah.pub2]", :create
|
210
|
+
expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
|
211
|
+
expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
|
212
212
|
end
|
213
213
|
end
|
214
214
|
end
|
@@ -222,9 +222,9 @@ describe Chef::Resource::PrivateKey do
|
|
222
222
|
end
|
223
223
|
|
224
224
|
it 'the public_key is created' do
|
225
|
-
chef_run.
|
226
|
-
IO.read("#{repo_path}/blah.pub").
|
227
|
-
"#{repo_path}/blah.pub".
|
225
|
+
expect(chef_run).to have_updated "public_key[#{repo_path}/blah.pub]", :create
|
226
|
+
expect(IO.read("#{repo_path}/blah.pub")).to start_with('-----BEGIN')
|
227
|
+
expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
|
228
228
|
end
|
229
229
|
end
|
230
230
|
|
@@ -237,10 +237,10 @@ describe Chef::Resource::PrivateKey do
|
|
237
237
|
end
|
238
238
|
|
239
239
|
it 'the public_key is created in openssh format' do
|
240
|
-
chef_run.
|
241
|
-
IO.read("#{repo_path}/blah.pub").
|
242
|
-
IO.read("#{repo_path}/blah.pub").
|
243
|
-
"#{repo_path}/blah.pub".
|
240
|
+
expect(chef_run).to have_updated "public_key[#{repo_path}/blah.pub]", :create
|
241
|
+
expect(IO.read("#{repo_path}/blah.pub")).not_to start_with('-----BEGIN')
|
242
|
+
expect(IO.read("#{repo_path}/blah.pub")).not_to start_with('ssh-rsa')
|
243
|
+
expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
|
244
244
|
end
|
245
245
|
end
|
246
246
|
end
|
@@ -253,9 +253,9 @@ describe Chef::Resource::PrivateKey do
|
|
253
253
|
end
|
254
254
|
|
255
255
|
it 'the private_key is created' do
|
256
|
-
chef_run.
|
257
|
-
IO.read("#{repo_path}/blah").
|
258
|
-
OpenSSL::PKey.read(IO.read("#{repo_path}/blah")).
|
256
|
+
expect(chef_run).to have_updated "private_key[#{repo_path}/blah]", :create
|
257
|
+
expect(IO.read("#{repo_path}/blah")).not_to start_with('-----BEGIN')
|
258
|
+
expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
|
259
259
|
end
|
260
260
|
end
|
261
261
|
|
@@ -276,9 +276,9 @@ describe Chef::Resource::PrivateKey do
|
|
276
276
|
end
|
277
277
|
|
278
278
|
it 'the public_key is created in openssh format' do
|
279
|
-
chef_run.
|
280
|
-
IO.read("#{repo_path}/blah.pub").
|
281
|
-
"#{repo_path}/blah.pub".
|
279
|
+
expect(chef_run).to have_updated "public_key[#{repo_path}/blah.pub]", :create
|
280
|
+
expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
|
281
|
+
expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
|
282
282
|
end
|
283
283
|
end
|
284
284
|
end
|
@@ -291,9 +291,9 @@ describe Chef::Resource::PrivateKey do
|
|
291
291
|
end
|
292
292
|
|
293
293
|
it 'the private_key is created' do
|
294
|
-
chef_run.
|
295
|
-
IO.read("#{repo_path}/blah").
|
296
|
-
OpenSSL::PKey.read(IO.read("#{repo_path}/blah"), 'hello').
|
294
|
+
expect(chef_run).to have_updated "private_key[#{repo_path}/blah]", :create
|
295
|
+
expect(IO.read("#{repo_path}/blah")).to start_with('-----BEGIN')
|
296
|
+
expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"), 'hello')).to be_kind_of(OpenSSL::PKey::RSA)
|
297
297
|
end
|
298
298
|
end
|
299
299
|
|
@@ -316,11 +316,35 @@ describe Chef::Resource::PrivateKey do
|
|
316
316
|
end
|
317
317
|
|
318
318
|
it 'the private_key is copied in der format and is identical' do
|
319
|
-
chef_run.
|
319
|
+
expect(chef_run).to have_updated "private_key[#{repo_path}/blah.der]", :create
|
320
320
|
key_str = IO.read("#{repo_path}/blah.der")
|
321
|
-
key_str.
|
322
|
-
key_str.
|
323
|
-
"#{repo_path}/blah.der".
|
321
|
+
expect(key_str).not_to start_with('-----BEGIN')
|
322
|
+
expect(key_str).not_to start_with('ssh-')
|
323
|
+
expect("#{repo_path}/blah.der").to match_private_key("#{repo_path}/blah", 'hello')
|
324
|
+
end
|
325
|
+
end
|
326
|
+
|
327
|
+
context 'and a private_key resource pointing at it without a pass_phrase' do
|
328
|
+
with_recipe do
|
329
|
+
private_key "#{repo_path}/blah"
|
330
|
+
end
|
331
|
+
|
332
|
+
it 'the run fails with an exception' do
|
333
|
+
expect { chef_run }.to raise_error
|
334
|
+
end
|
335
|
+
end
|
336
|
+
|
337
|
+
context 'and a private_key resource with no pass phrase and regenerate_if_different' do
|
338
|
+
with_recipe do
|
339
|
+
private_key "#{repo_path}/blah" do
|
340
|
+
regenerate_if_different true
|
341
|
+
end
|
342
|
+
end
|
343
|
+
|
344
|
+
it 'the private_key is regenerated' do
|
345
|
+
expect(chef_run).to have_updated "private_key[#{repo_path}/blah]", :create
|
346
|
+
expect(IO.read("#{repo_path}/blah")).to start_with('-----BEGIN')
|
347
|
+
expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
|
324
348
|
end
|
325
349
|
end
|
326
350
|
|
@@ -333,11 +357,11 @@ describe Chef::Resource::PrivateKey do
|
|
333
357
|
end
|
334
358
|
end
|
335
359
|
|
336
|
-
chef_run.
|
360
|
+
expect(chef_run).to have_updated "private_key[#{repo_path}/blah.der]", :create
|
337
361
|
key_str = IO.read("#{repo_path}/blah.der")
|
338
|
-
key_str.
|
339
|
-
key_str.
|
340
|
-
"#{repo_path}/blah.der".
|
362
|
+
expect(key_str).not_to start_with('-----BEGIN')
|
363
|
+
expect(key_str).not_to start_with('ssh-')
|
364
|
+
expect("#{repo_path}/blah.der").to match_private_key("#{repo_path}/blah", 'hello')
|
341
365
|
end
|
342
366
|
|
343
367
|
context 'and a public_key' do
|
@@ -349,9 +373,9 @@ describe Chef::Resource::PrivateKey do
|
|
349
373
|
end
|
350
374
|
|
351
375
|
it 'the public_key is created in openssh format' do
|
352
|
-
chef_run.
|
353
|
-
IO.read("#{repo_path}/blah.pub").
|
354
|
-
"#{repo_path}/blah.pub".
|
376
|
+
expect(chef_run).to have_updated "public_key[#{repo_path}/blah.pub]", :create
|
377
|
+
expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
|
378
|
+
expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah", 'hello'
|
355
379
|
end
|
356
380
|
end
|
357
381
|
|
@@ -364,9 +388,9 @@ describe Chef::Resource::PrivateKey do
|
|
364
388
|
end
|
365
389
|
|
366
390
|
it 'the public_key is created in openssh format' do
|
367
|
-
chef_run.
|
368
|
-
IO.read("#{repo_path}/blah.pub").
|
369
|
-
"#{repo_path}/blah.pub".
|
391
|
+
expect(chef_run).to have_updated "public_key[#{repo_path}/blah.pub]", :create
|
392
|
+
expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
|
393
|
+
expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah", 'hello'
|
370
394
|
end
|
371
395
|
end
|
372
396
|
end
|
@@ -379,11 +403,11 @@ describe Chef::Resource::PrivateKey do
|
|
379
403
|
end
|
380
404
|
|
381
405
|
it 'the private_key and public_key are created' do
|
382
|
-
chef_run.
|
383
|
-
IO.read("#{repo_path}/blah").
|
384
|
-
OpenSSL::PKey.read(IO.read("#{repo_path}/blah")).
|
385
|
-
IO.read("#{repo_path}/blah.pub").
|
386
|
-
"#{repo_path}/blah.pub".
|
406
|
+
expect(chef_run).to have_updated "private_key[#{repo_path}/blah]", :create
|
407
|
+
expect(IO.read("#{repo_path}/blah")).to start_with('-----BEGIN')
|
408
|
+
expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
|
409
|
+
expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
|
410
|
+
expect("#{repo_path}/blah.pub").to be_public_key_for("#{repo_path}/blah")
|
387
411
|
end
|
388
412
|
end
|
389
413
|
|
@@ -396,11 +420,11 @@ describe Chef::Resource::PrivateKey do
|
|
396
420
|
end
|
397
421
|
|
398
422
|
it 'the private_key and public_key are created' do
|
399
|
-
chef_run.
|
400
|
-
IO.read("#{repo_path}/blah").
|
401
|
-
OpenSSL::PKey.read(IO.read("#{repo_path}/blah")).
|
402
|
-
IO.read("#{repo_path}/blah.pub.der").
|
403
|
-
"#{repo_path}/blah.pub.der".
|
423
|
+
expect(chef_run).to have_updated "private_key[#{repo_path}/blah]", :create
|
424
|
+
expect(IO.read("#{repo_path}/blah")).to start_with('-----BEGIN')
|
425
|
+
expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
|
426
|
+
expect(IO.read("#{repo_path}/blah.pub.der")).not_to start_with('ssh-rsa ')
|
427
|
+
expect("#{repo_path}/blah.pub.der").to be_public_key_for("#{repo_path}/blah")
|
404
428
|
end
|
405
429
|
end
|
406
430
|
|
@@ -414,8 +438,8 @@ describe Chef::Resource::PrivateKey do
|
|
414
438
|
end
|
415
439
|
end
|
416
440
|
|
417
|
-
chef_run.
|
418
|
-
got_private_key.
|
441
|
+
expect(chef_run).to have_updated "private_key[in_memory]", :create
|
442
|
+
expect(got_private_key).to be_kind_of(OpenSSL::PKey::RSA)
|
419
443
|
end
|
420
444
|
end
|
421
445
|
|
@@ -22,8 +22,8 @@ describe 'Cheffish Recipe DSL' do
|
|
22
22
|
run_recipe do
|
23
23
|
chef_node 'blah'
|
24
24
|
end
|
25
|
-
chef_run.
|
26
|
-
File.
|
25
|
+
expect(chef_run).to have_updated 'chef_node[blah]', :create
|
26
|
+
expect(File).to exist("#{@tmp_repo}/nodes/blah.json")
|
27
27
|
end
|
28
28
|
end
|
29
29
|
end
|
data/spec/support/key_support.rb
CHANGED
@@ -8,7 +8,7 @@ RSpec::Matchers.define :be_public_key_for do |private_key, pass_phrase|
|
|
8
8
|
end
|
9
9
|
|
10
10
|
encrypted = public_key.public_encrypt('hi there')
|
11
|
-
private_key.private_decrypt(encrypted).
|
11
|
+
expect(private_key.private_decrypt(encrypted)).to eq('hi there')
|
12
12
|
end
|
13
13
|
end
|
14
14
|
|
@@ -22,8 +22,8 @@ RSpec::Matchers.define :match_private_key do |expected, pass_phrase|
|
|
22
22
|
end
|
23
23
|
|
24
24
|
encrypted = actual.public_encrypt('hi there')
|
25
|
-
expected.private_decrypt(encrypted).
|
25
|
+
expect(expected.private_decrypt(encrypted)).to eq('hi there')
|
26
26
|
encrypted = expected.public_encrypt('hi there')
|
27
|
-
actual.private_decrypt(encrypted).
|
27
|
+
expect(actual.private_decrypt(encrypted)).to eq('hi there')
|
28
28
|
end
|
29
29
|
end
|
@@ -87,9 +87,9 @@ end
|
|
87
87
|
RSpec::Matchers.define :have_updated do |resource_name, *expected_actions|
|
88
88
|
match do |actual|
|
89
89
|
actual_actions = actual.select { |event, resource, action| event == :resource_updated && resource.to_s == resource_name }.map { |event, resource, action| action }
|
90
|
-
actual_actions.
|
90
|
+
expect(actual_actions).to eq(expected_actions)
|
91
91
|
end
|
92
|
-
|
92
|
+
failure_message do |actual|
|
93
93
|
updates = actual.select { |event, resource, action| event == :resource_updated }.to_a
|
94
94
|
result = "expected that the chef_run would #{expected_actions.join(',')} #{resource_name}."
|
95
95
|
if updates.size > 0
|
@@ -99,7 +99,7 @@ RSpec::Matchers.define :have_updated do |resource_name, *expected_actions|
|
|
99
99
|
end
|
100
100
|
result
|
101
101
|
end
|
102
|
-
|
102
|
+
failure_message_when_negated do |actual|
|
103
103
|
updates = actual.select { |event, resource, action| event == :resource_updated }.to_a
|
104
104
|
result = "expected that the chef_run would not #{expected_actions.join(',')} #{resource_name}."
|
105
105
|
if updates.size > 0
|
@@ -114,7 +114,6 @@ end
|
|
114
114
|
RSpec.configure do |config|
|
115
115
|
config.filter_run :focus => true
|
116
116
|
config.run_all_when_everything_filtered = true
|
117
|
-
config.treat_symbols_as_metadata_keys_with_true_values = true
|
118
117
|
|
119
118
|
config.before :each do
|
120
119
|
Chef::Config.reset
|
@@ -0,0 +1,93 @@
|
|
1
|
+
require 'support/spec_support'
|
2
|
+
|
3
|
+
describe Cheffish do
|
4
|
+
let(:directory_that_exists) {
|
5
|
+
Dir.mktmpdir("cheffish-rspec")
|
6
|
+
}
|
7
|
+
|
8
|
+
let(:directory_that_does_not_exist) {
|
9
|
+
dir = Dir.mktmpdir("cheffish-rspec")
|
10
|
+
FileUtils.remove_entry dir
|
11
|
+
dir
|
12
|
+
}
|
13
|
+
|
14
|
+
let(:private_key_contents) { "contents of private key" }
|
15
|
+
|
16
|
+
let(:private_key_pem_contents) { "contents of private key pem" }
|
17
|
+
|
18
|
+
let(:private_key_garbage_contents) { "da vinci virus" }
|
19
|
+
|
20
|
+
def setup_key
|
21
|
+
key_file = File.expand_path("ned_stark", directory_that_exists)
|
22
|
+
File.open(key_file, "w+") do |f|
|
23
|
+
f.write private_key_contents
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
def setup_pem_key
|
28
|
+
key_file = File.expand_path("ned_stark.pem", directory_that_exists)
|
29
|
+
File.open(key_file, "w+") do |f|
|
30
|
+
f.write private_key_pem_contents
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
def setup_garbage_key
|
35
|
+
key_file = File.expand_path("ned_stark.pem.bak", directory_that_exists)
|
36
|
+
File.open(key_file, "w+") do |f|
|
37
|
+
f.write private_key_garbage_contents
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
shared_examples_for "returning the contents of the key file if it finds one" do
|
42
|
+
it "returns nil if it cannot find the private key file" do
|
43
|
+
expect(Cheffish.get_private_key("ned_stark", config)).to be_nil
|
44
|
+
end
|
45
|
+
|
46
|
+
it "returns the contents of the key if it doesn't have an extension" do
|
47
|
+
setup_key
|
48
|
+
expect(Cheffish.get_private_key("ned_stark", config)).to eq(private_key_contents)
|
49
|
+
end
|
50
|
+
|
51
|
+
it "returns the contents of the key if it has an extension" do
|
52
|
+
setup_pem_key
|
53
|
+
expect(Cheffish.get_private_key("ned_stark", config)).to eq(private_key_pem_contents)
|
54
|
+
end
|
55
|
+
|
56
|
+
# we arbitrarily prefer "ned_stark" over "ned_stark.pem" for deterministic behavior
|
57
|
+
it "returns the contents of the key that does not have an extension if both exist" do
|
58
|
+
setup_key
|
59
|
+
setup_pem_key
|
60
|
+
expect(Cheffish.get_private_key("ned_stark", config)).to eq(private_key_contents)
|
61
|
+
end
|
62
|
+
end
|
63
|
+
|
64
|
+
context "#get_private_key" do
|
65
|
+
context "when private_key_paths has a directory which is empty" do
|
66
|
+
let(:config) {
|
67
|
+
{ :private_key_paths => [ directory_that_exists ] }
|
68
|
+
}
|
69
|
+
|
70
|
+
it_behaves_like "returning the contents of the key file if it finds one"
|
71
|
+
|
72
|
+
context "when it also has a garbage file" do
|
73
|
+
before { setup_garbage_key }
|
74
|
+
|
75
|
+
it "does not return the da vinci virus if we find only the garbage file" do
|
76
|
+
setup_garbage_key
|
77
|
+
expect(Cheffish.get_private_key("ned_stark", config)).to be_nil
|
78
|
+
end
|
79
|
+
|
80
|
+
it_behaves_like "returning the contents of the key file if it finds one"
|
81
|
+
end
|
82
|
+
|
83
|
+
end
|
84
|
+
|
85
|
+
context "when private_key_paths leads with a directory that does not exist and then an empty directory" do
|
86
|
+
let(:config) {
|
87
|
+
{ :private_key_paths => [ directory_that_does_not_exist, directory_that_exists ] }
|
88
|
+
}
|
89
|
+
|
90
|
+
it_behaves_like "returning the contents of the key file if it finds one"
|
91
|
+
end
|
92
|
+
end
|
93
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cheffish
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: '0.7'
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- John Keiser
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2014-
|
11
|
+
date: 2014-07-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: chef
|
@@ -24,6 +24,20 @@ dependencies:
|
|
24
24
|
- - ">="
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: '0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: chef-zero
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '2.2'
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '2.2'
|
27
41
|
- !ruby/object:Gem::Dependency
|
28
42
|
name: rake
|
29
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -42,16 +56,16 @@ dependencies:
|
|
42
56
|
name: rspec
|
43
57
|
requirement: !ruby/object:Gem::Requirement
|
44
58
|
requirements:
|
45
|
-
- - "
|
59
|
+
- - "~>"
|
46
60
|
- !ruby/object:Gem::Version
|
47
|
-
version: '0'
|
61
|
+
version: '3.0'
|
48
62
|
type: :development
|
49
63
|
prerelease: false
|
50
64
|
version_requirements: !ruby/object:Gem::Requirement
|
51
65
|
requirements:
|
52
|
-
- - "
|
66
|
+
- - "~>"
|
53
67
|
- !ruby/object:Gem::Version
|
54
|
-
version: '0'
|
68
|
+
version: '3.0'
|
55
69
|
description: A library to manipulate Chef in Chef.
|
56
70
|
email: jkeiser@opscode.com
|
57
71
|
executables: []
|
@@ -104,6 +118,7 @@ files:
|
|
104
118
|
- spec/integration/recipe_dsl_spec.rb
|
105
119
|
- spec/support/key_support.rb
|
106
120
|
- spec/support/spec_support.rb
|
121
|
+
- spec/unit/get_private_key_spec.rb
|
107
122
|
homepage: http://wiki.opscode.com/display/chef
|
108
123
|
licenses: []
|
109
124
|
metadata: {}
|