RubyGems - cheffish - Versions diffs - 1.3.1 → 1.4.0 - Mend

cheffish 1.3.1 → 1.4.0

Files changed (76) hide show

checksums.yaml +4 -4
data/LICENSE +201 -201
data/README.md +120 -117
data/Rakefile +23 -23
data/lib/chef/provider/chef_acl.rb +439 -434
data/lib/chef/provider/chef_client.rb +53 -48
data/lib/chef/provider/chef_container.rb +55 -50
data/lib/chef/provider/chef_data_bag.rb +55 -50
data/lib/chef/provider/chef_data_bag_item.rb +278 -273
data/lib/chef/provider/chef_environment.rb +83 -78
data/lib/chef/provider/chef_group.rb +83 -78
data/lib/chef/provider/chef_mirror.rb +169 -164
data/lib/chef/provider/chef_node.rb +87 -82
data/lib/chef/provider/chef_organization.rb +155 -150
data/lib/chef/provider/chef_resolved_cookbooks.rb +46 -41
data/lib/chef/provider/chef_role.rb +84 -79
data/lib/chef/provider/chef_user.rb +59 -54
data/lib/chef/provider/private_key.rb +225 -220
data/lib/chef/provider/public_key.rb +88 -82
data/lib/chef/resource/chef_acl.rb +69 -65
data/lib/chef/resource/chef_client.rb +48 -44
data/lib/chef/resource/chef_container.rb +22 -18
data/lib/chef/resource/chef_data_bag.rb +22 -18
data/lib/chef/resource/chef_data_bag_item.rb +121 -114
data/lib/chef/resource/chef_environment.rb +77 -71
data/lib/chef/resource/chef_group.rb +53 -49
data/lib/chef/resource/chef_mirror.rb +52 -48
data/lib/chef/resource/chef_node.rb +22 -18
data/lib/chef/resource/chef_organization.rb +69 -64
data/lib/chef/resource/chef_resolved_cookbooks.rb +35 -31
data/lib/chef/resource/chef_role.rb +110 -104
data/lib/chef/resource/chef_user.rb +56 -52
data/lib/chef/resource/private_key.rb +48 -44
data/lib/chef/resource/public_key.rb +25 -21
data/lib/cheffish.rb +235 -233
data/lib/cheffish/actor_provider_base.rb +131 -131
data/lib/cheffish/basic_chef_client.rb +184 -184
data/lib/cheffish/chef_provider_base.rb +246 -246
data/lib/cheffish/chef_run.rb +162 -155
data/lib/cheffish/chef_run_data.rb +19 -19
data/lib/cheffish/chef_run_listener.rb +30 -30
data/lib/cheffish/key_formatter.rb +113 -113
data/lib/cheffish/merged_config.rb +94 -94
data/lib/cheffish/recipe_dsl.rb +157 -157
data/lib/cheffish/rspec.rb +8 -8
data/lib/cheffish/rspec/chef_run_support.rb +83 -83
data/lib/cheffish/rspec/matchers.rb +4 -4
data/lib/cheffish/rspec/matchers/be_idempotent.rb +16 -16
data/lib/cheffish/rspec/matchers/emit_no_warnings_or_errors.rb +15 -15
data/lib/cheffish/rspec/matchers/have_updated.rb +37 -37
data/lib/cheffish/rspec/matchers/partially_match.rb +63 -63
data/lib/cheffish/rspec/recipe_run_wrapper.rb +59 -47
data/lib/cheffish/rspec/repository_support.rb +108 -108
data/lib/cheffish/server_api.rb +52 -52
data/lib/cheffish/version.rb +3 -3
data/lib/cheffish/with_pattern.rb +21 -21
data/spec/functional/fingerprint_spec.rb +64 -64
data/spec/functional/merged_config_spec.rb +19 -19
data/spec/functional/server_api_spec.rb +13 -13
data/spec/integration/chef_acl_spec.rb +879 -879
data/spec/integration/chef_client_spec.rb +105 -105
data/spec/integration/chef_container_spec.rb +33 -33
data/spec/integration/chef_group_spec.rb +309 -309
data/spec/integration/chef_mirror_spec.rb +491 -491
data/spec/integration/chef_node_spec.rb +786 -786
data/spec/integration/chef_organization_spec.rb +226 -226
data/spec/integration/chef_role_spec.rb +78 -0
data/spec/integration/chef_user_spec.rb +85 -85
data/spec/integration/private_key_spec.rb +399 -399
data/spec/integration/recipe_dsl_spec.rb +28 -28
data/spec/integration/rspec/converge_spec.rb +183 -183
data/spec/support/key_support.rb +29 -29
data/spec/support/spec_support.rb +15 -15
data/spec/unit/get_private_key_spec.rb +131 -131
data/spec/unit/recipe_run_wrapper_spec.rb +37 -0
metadata +8 -5

data/spec/integration/chef_user_spec.rb CHANGED

@@ -1,85 +1,85 @@
-require 'support/spec_support'
-require 'cheffish/rspec/chef_run_support'
-require 'support/key_support'
-require 'chef/resource/chef_user'
-require 'chef/provider/chef_user'
-repo_path = Dir.mktmpdir('chef_repo')
-describe Chef::Resource::ChefUser do
-  extend Cheffish::RSpec::ChefRunSupport
-  with_converge do
-    private_key "#{repo_path}/blah.pem"
-  end
-  when_the_chef_server 'is empty' do
-    context 'and we run a recipe that creates user "blah"'do
-      it 'the user gets created' do
-        expect_recipe {
-          chef_user 'blah' do
-            source_key_path "#{repo_path}/blah.pem"
-          end
-        }.to have_updated 'chef_user[blah]', :create
-        user = get('/users/blah')
-        expect(user['name']).to eq('blah')
-        key, format = Cheffish::KeyFormatter.decode(user['public_key'])
-        expect(key).to be_public_key_for("#{repo_path}/blah.pem")
-      end
-    end
-    context 'and we run a recipe that creates user "blah" with output_key_path' do
-      with_converge do
-        chef_user 'blah' do
-          source_key_path "#{repo_path}/blah.pem"
-          output_key_path "#{repo_path}/blah.pub"
-        end
-      end
-      it 'the output public key gets created' do
-        expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
-        expect("#{repo_path}/blah.pub").to be_public_key_for("#{repo_path}/blah.pem")
-      end
-    end
-  end
-  when_the_chef_12_server 'is in multi-org mode' do
-    context 'and chef_server_url is pointed at the top level' do
-      context 'and we run a recipe that creates user "blah"'do
-        it 'the user gets created' do
-          expect_recipe {
-            chef_user 'blah' do
-              source_key_path "#{repo_path}/blah.pem"
-            end
-          }.to have_updated 'chef_user[blah]', :create
-          user = get('/users/blah')
-          expect(user['name']).to eq('blah')
-          key, format = Cheffish::KeyFormatter.decode(user['public_key'])
-          expect(key).to be_public_key_for("#{repo_path}/blah.pem")
-        end
-      end
-    end
-    context 'and chef_server_url is pointed at /organizations/foo' do
-      organization 'foo'
-      before :each do
-        Chef::Config.chef_server_url = URI.join(Chef::Config.chef_server_url, '/organizations/foo').to_s
-      end
-      context 'and we run a recipe that creates user "blah"'do
-        it 'the user gets created' do
-          expect_recipe {
-            chef_user 'blah' do
-              source_key_path "#{repo_path}/blah.pem"
-            end
-          }.to have_updated 'chef_user[blah]', :create
-          user = get('/users/blah')
-          expect(user['name']).to eq('blah')
-          key, format = Cheffish::KeyFormatter.decode(user['public_key'])
-          expect(key).to be_public_key_for("#{repo_path}/blah.pem")
-        end
-      end
-    end
-  end
-end
+require 'support/spec_support'
+require 'cheffish/rspec/chef_run_support'
+require 'support/key_support'
+require 'chef/resource/chef_user'
+require 'chef/provider/chef_user'
+repo_path = Dir.mktmpdir('chef_repo')
+describe Chef::Resource::ChefUser do
+  extend Cheffish::RSpec::ChefRunSupport
+  with_converge do
+    private_key "#{repo_path}/blah.pem"
+  end
+  when_the_chef_server 'is empty' do
+    context 'and we run a recipe that creates user "blah"'do
+      it 'the user gets created' do
+        expect_recipe {
+          chef_user 'blah' do
+            source_key_path "#{repo_path}/blah.pem"
+          end
+        }.to have_updated 'chef_user[blah]', :create
+        user = get('/users/blah')
+        expect(user['name']).to eq('blah')
+        key, format = Cheffish::KeyFormatter.decode(user['public_key'])
+        expect(key).to be_public_key_for("#{repo_path}/blah.pem")
+      end
+    end
+    context 'and we run a recipe that creates user "blah" with output_key_path' do
+      with_converge do
+        chef_user 'blah' do
+          source_key_path "#{repo_path}/blah.pem"
+          output_key_path "#{repo_path}/blah.pub"
+        end
+      end
+      it 'the output public key gets created' do
+        expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
+        expect("#{repo_path}/blah.pub").to be_public_key_for("#{repo_path}/blah.pem")
+      end
+    end
+  end
+  when_the_chef_12_server 'is in multi-org mode' do
+    context 'and chef_server_url is pointed at the top level' do
+      context 'and we run a recipe that creates user "blah"'do
+        it 'the user gets created' do
+          expect_recipe {
+            chef_user 'blah' do
+              source_key_path "#{repo_path}/blah.pem"
+            end
+          }.to have_updated 'chef_user[blah]', :create
+          user = get('/users/blah')
+          expect(user['name']).to eq('blah')
+          key, format = Cheffish::KeyFormatter.decode(user['public_key'])
+          expect(key).to be_public_key_for("#{repo_path}/blah.pem")
+        end
+      end
+    end
+    context 'and chef_server_url is pointed at /organizations/foo' do
+      organization 'foo'
+      before :each do
+        Chef::Config.chef_server_url = URI.join(Chef::Config.chef_server_url, '/organizations/foo').to_s
+      end
+      context 'and we run a recipe that creates user "blah"'do
+        it 'the user gets created' do
+          expect_recipe {
+            chef_user 'blah' do
+              source_key_path "#{repo_path}/blah.pem"
+            end
+          }.to have_updated 'chef_user[blah]', :create
+          user = get('/users/blah')
+          expect(user['name']).to eq('blah')
+          key, format = Cheffish::KeyFormatter.decode(user['public_key'])
+          expect(key).to be_public_key_for("#{repo_path}/blah.pem")
+        end
+      end
+    end
+  end
+end

data/spec/integration/private_key_spec.rb CHANGED

@@ -1,399 +1,399 @@
-require 'support/spec_support'
-require 'cheffish/rspec/chef_run_support'
-require 'chef/resource/private_key'
-require 'chef/provider/private_key'
-require 'chef/resource/public_key'
-require 'chef/provider/public_key'
-require 'support/key_support'
-repo_path = Dir.mktmpdir('chef_repo')
-describe Chef::Resource::PrivateKey do
-  extend Cheffish::RSpec::ChefRunSupport
-  before :each do
-    FileUtils.remove_entry_secure(repo_path)
-    Dir.mkdir(repo_path)
-  end
-  context 'with a recipe with a private_key' do
-    it 'the private_key is created in pem format' do
-      expect_recipe {
-        private_key "#{repo_path}/blah"
-      }.to have_updated "private_key[#{repo_path}/blah]", :create
-      expect(IO.read("#{repo_path}/blah")).to start_with('-----BEGIN')
-      expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
-    end
-  end
-  context 'with a private_key "blah" resource' do
-    before :each do
-      Dir.mkdir("#{repo_path}/other_keys")
-      Chef::Config.private_key_paths = [ repo_path, "#{repo_path}/other_keys" ]
-    end
-    it 'the private key is created in the private_key_write_path' do
-      expect_recipe {
-        private_key 'blah'
-      }.to have_updated "private_key[blah]", :create
-      expect(Chef::Config.private_key_write_path).to eq(repo_path)
-      expect(File.exist?("#{repo_path}/blah")).to be true
-      expect(File.exist?("#{repo_path}/other_keys/blah")).to be false
-      expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
-      expect(OpenSSL::PKey.read(Cheffish.get_private_key('blah'))).to be_kind_of(OpenSSL::PKey::RSA)
-    end
-    context 'and the private key already exists somewhere not in the write path' do
-      before :each do
-        recipe { private_key "#{repo_path}/other_keys/blah" }.converge
-      end
-      it 'the private expect(key).to not update' do
-        expect_recipe {
-          private_key 'blah'
-        }.not_to have_updated "private_key[blah]", :create
-        expect(File.exist?("#{repo_path}/blah")).to be false
-        expect(File.exist?("#{repo_path}/other_keys/blah")).to be true
-      end
-    end
-  end
-  context 'with a private key' do
-    before :each do
-      Cheffish::BasicChefClient.converge_block do
-        private_key "#{repo_path}/blah"
-      end
-    end
-    context 'and a private_key that copies it in der format' do
-      it 'the private_key is copied in der format and is identical' do
-        expect_recipe {
-          private_key "#{repo_path}/blah.der" do
-            source_key_path "#{repo_path}/blah"
-            format :der
-          end
-        }.to have_updated "private_key[#{repo_path}/blah.der]", :create
-        key_str = IO.read("#{repo_path}/blah.der")
-        expect(key_str).not_to start_with('-----BEGIN')
-        expect(key_str).not_to start_with('ssh-')
-        expect("#{repo_path}/blah.der").to match_private_key("#{repo_path}/blah")
-      end
-    end
-    it 'a private_key that copies it from in-memory as a string succeeds' do
-      expect_recipe {
-        private_key "#{repo_path}/blah.der" do
-          source_key IO.read("#{repo_path}/blah")
-          format :der
-        end
-      }.to have_updated "private_key[#{repo_path}/blah.der]", :create
-      key_str = IO.read("#{repo_path}/blah.der")
-      expect(key_str).not_to start_with('-----BEGIN')
-      expect(key_str).not_to start_with('ssh-')
-      expect("#{repo_path}/blah.der").to match_private_key("#{repo_path}/blah")
-    end
-    it 'a private_key that copies it from in-memory as a key succeeds' do
-      key = OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))
-      expect_recipe {
-        private_key "#{repo_path}/blah.der" do
-          source_key key
-          format :der
-        end
-      }.to have_updated "private_key[#{repo_path}/blah.der]", :create
-      key_str = IO.read("#{repo_path}/blah.der")
-      expect(key_str).not_to start_with('-----BEGIN')
-      expect(key_str).not_to start_with('ssh-')
-      expect("#{repo_path}/blah.der").to match_private_key("#{repo_path}/blah")
-    end
-    context 'and a public_key recipe' do
-      it 'the public_key is created' do
-        expect_recipe {
-          public_key "#{repo_path}/blah.pub" do
-            source_key_path "#{repo_path}/blah"
-          end
-        }.to have_updated "public_key[#{repo_path}/blah.pub]", :create
-        expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
-        expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
-      end
-    end
-    context 'and a public key' do
-      before :each do
-        Cheffish::BasicChefClient.converge_block do
-          public_key "#{repo_path}/blah.pub" do
-            source_key_path "#{repo_path}/blah"
-          end
-        end
-      end
-      context 'and public_key resource based off the public key file' do
-        it 'the second public_key is created' do
-          expect_recipe {
-            public_key "#{repo_path}/blah.pub2" do
-              source_key_path "#{repo_path}/blah.pub"
-            end
-          }.to have_updated "public_key[#{repo_path}/blah.pub2]", :create
-          expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
-          expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
-        end
-      end
-      context 'and another public_key based off the first public_key in-memory in a string' do
-        it 'the second public_key is created' do
-          expect_recipe {
-            public_key "#{repo_path}/blah.pub2" do
-              source_key IO.read("#{repo_path}/blah.pub")
-            end
-          }.to have_updated "public_key[#{repo_path}/blah.pub2]", :create
-          expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
-          expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
-        end
-      end
-      it 'and another public_key based off the first public_key in-memory in a key, the second public_key is created' do
-        key, format = Cheffish::KeyFormatter.decode(IO.read("#{repo_path}/blah.pub"))
-        expect_recipe {
-          public_key "#{repo_path}/blah.pub2" do
-            source_key key
-          end
-        }.to have_updated "public_key[#{repo_path}/blah.pub2]", :create
-        expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
-        expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
-      end
-      context 'and another public_key in :pem format based off the first public_key' do
-        it 'the second public_key is created' do
-          expect_recipe {
-            public_key "#{repo_path}/blah.pub2" do
-              source_key_path "#{repo_path}/blah.pub"
-              format :pem
-            end
-          }.to have_updated "public_key[#{repo_path}/blah.pub2]", :create
-          expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
-          expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
-        end
-      end
-      context 'and another public_key in :der format based off the first public_key' do
-        it 'the second public_key is created' do
-          expect_recipe {
-            public_key "#{repo_path}/blah.pub2" do
-              source_key_path "#{repo_path}/blah.pub"
-              format :pem
-            end
-          }.to have_updated "public_key[#{repo_path}/blah.pub2]", :create
-          expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
-          expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
-        end
-      end
-    end
-    context 'and a public_key resource in pem format' do
-      it 'the public_key is created' do
-        expect_recipe {
-          public_key "#{repo_path}/blah.pub" do
-            source_key_path "#{repo_path}/blah"
-            format :pem
-          end
-        }.to have_updated "public_key[#{repo_path}/blah.pub]", :create
-        expect(IO.read("#{repo_path}/blah.pub")).to start_with('-----BEGIN')
-        expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
-      end
-    end
-    context 'and a public_key resource in der format' do
-      it 'the public_key is created in openssh format' do
-        expect_recipe {
-          public_key "#{repo_path}/blah.pub" do
-            source_key_path "#{repo_path}/blah"
-            format :der
-          end
-        }.to have_updated "public_key[#{repo_path}/blah.pub]", :create
-        expect(IO.read("#{repo_path}/blah.pub")).not_to start_with('-----BEGIN')
-        expect(IO.read("#{repo_path}/blah.pub")).not_to start_with('ssh-rsa')
-        expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
-      end
-    end
-  end
-  context 'with a recipe with a private_key in der format' do
-    it 'the private_key is created' do
-      expect_recipe {
-        private_key "#{repo_path}/blah" do
-          format :der
-        end
-      }.to have_updated "private_key[#{repo_path}/blah]", :create
-      expect(IO.read("#{repo_path}/blah")).not_to start_with('-----BEGIN')
-      expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
-    end
-  end
-  context 'with a private key in der format' do
-    before :each do
-      Cheffish::BasicChefClient.converge_block do
-        private_key "#{repo_path}/blah" do
-          format :der
-        end
-      end
-    end
-    context 'and a public_key' do
-      it 'the public_key is created in openssh format' do
-        expect_recipe {
-          public_key "#{repo_path}/blah.pub" do
-            source_key_path "#{repo_path}/blah"
-          end
-        }.to have_updated "public_key[#{repo_path}/blah.pub]", :create
-        expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
-        expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
-      end
-    end
-  end
-  context 'with a recipe with a private_key with a pass_phrase' do
-    it 'the private_key is created' do
-      expect_recipe {
-        private_key "#{repo_path}/blah" do
-          pass_phrase 'hello'
-        end
-      }.to have_updated "private_key[#{repo_path}/blah]", :create
-      expect(IO.read("#{repo_path}/blah")).to start_with('-----BEGIN')
-      expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"), 'hello')).to be_kind_of(OpenSSL::PKey::RSA)
-    end
-  end
-  context 'with a private key with a pass phrase' do
-    before :each do
-      Cheffish::BasicChefClient.converge_block do
-        private_key "#{repo_path}/blah" do
-          pass_phrase 'hello'
-        end
-      end
-    end
-    context 'and a private_key that copies it in der format' do
-      it 'the private_key is copied in der format and is identical' do
-        expect_recipe {
-          private_key "#{repo_path}/blah.der" do
-            source_key_path "#{repo_path}/blah"
-            source_key_pass_phrase 'hello'
-            format :der
-          end
-        }.to have_updated "private_key[#{repo_path}/blah.der]", :create
-        key_str = IO.read("#{repo_path}/blah.der")
-        expect(key_str).not_to start_with('-----BEGIN')
-        expect(key_str).not_to start_with('ssh-')
-        expect("#{repo_path}/blah.der").to match_private_key("#{repo_path}/blah", 'hello')
-      end
-    end
-    context 'and a private_key resource pointing at it without a pass_phrase' do
-      it 'the run fails with an exception' do
-        expect {
-          converge {
-            private_key "#{repo_path}/blah"
-          }
-        }.to raise_error
-      end
-    end
-    context 'and a private_key resource with no pass phrase and regenerate_if_different' do
-      it 'the private_key is regenerated' do
-        expect_recipe {
-          private_key "#{repo_path}/blah" do
-            regenerate_if_different true
-          end
-        }.to have_updated "private_key[#{repo_path}/blah]", :create
-        expect(IO.read("#{repo_path}/blah")).to start_with('-----BEGIN')
-        expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
-      end
-    end
-    it 'a private_key resource that copies it from in-memory as a string succeeds' do
-      expect_recipe {
-        private_key "#{repo_path}/blah.der" do
-          source_key IO.read("#{repo_path}/blah")
-          source_key_pass_phrase 'hello'
-          format :der
-        end
-      }.to have_updated "private_key[#{repo_path}/blah.der]", :create
-      key_str = IO.read("#{repo_path}/blah.der")
-      expect(key_str).not_to start_with('-----BEGIN')
-      expect(key_str).not_to start_with('ssh-')
-      expect("#{repo_path}/blah.der").to match_private_key("#{repo_path}/blah", 'hello')
-    end
-    context 'and a public_key' do
-      it 'the public_key is created in openssh format' do
-        expect_recipe {
-          public_key "#{repo_path}/blah.pub" do
-            source_key_path "#{repo_path}/blah"
-            source_key_pass_phrase 'hello'
-          end
-        }.to have_updated "public_key[#{repo_path}/blah.pub]", :create
-        expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
-        expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah", 'hello'
-      end
-    end
-    context 'and a public_key derived from the private key in an in-memory string' do
-      it 'the public_key is created in openssh format' do
-        expect_recipe {
-          public_key "#{repo_path}/blah.pub" do
-            source_key IO.read("#{repo_path}/blah")
-            source_key_pass_phrase 'hello'
-          end
-        }.to have_updated "public_key[#{repo_path}/blah.pub]", :create
-        expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
-        expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah", 'hello'
-      end
-    end
-  end
-  context 'with a recipe with a private_key and public_key_path' do
-    it 'the private_key and public_key are created' do
-      expect_recipe {
-        private_key "#{repo_path}/blah" do
-          public_key_path "#{repo_path}/blah.pub"
-        end
-      }.to have_updated "private_key[#{repo_path}/blah]", :create
-      expect(IO.read("#{repo_path}/blah")).to start_with('-----BEGIN')
-      expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
-      expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
-      expect("#{repo_path}/blah.pub").to be_public_key_for("#{repo_path}/blah")
-    end
-  end
-  context 'with a recipe with a private_key and public_key_path and public_key_format' do
-    it 'the private_key and public_key are created' do
-      expect_recipe {
-        private_key "#{repo_path}/blah" do
-          public_key_path "#{repo_path}/blah.pub.der"
-          public_key_format :der
-        end
-      }.to have_updated "private_key[#{repo_path}/blah]", :create
-      expect(IO.read("#{repo_path}/blah")).to start_with('-----BEGIN')
-      expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
-      expect(IO.read("#{repo_path}/blah.pub.der")).not_to start_with('ssh-rsa ')
-      expect("#{repo_path}/blah.pub.der").to be_public_key_for("#{repo_path}/blah")
-    end
-  end
-  context 'with a recipe with a private_key with path :none' do
-    it 'the private_key is created' do
-      got_private_key = nil
-      expect_recipe {
-        private_key 'in_memory' do
-          path :none
-          after { |resource, private_key| got_private_key = private_key }
-        end
-      }.to have_updated "private_key[in_memory]", :create
-      expect(got_private_key).to be_kind_of(OpenSSL::PKey::RSA)
-    end
-  end
-end
+require 'support/spec_support'
+require 'cheffish/rspec/chef_run_support'
+require 'chef/resource/private_key'
+require 'chef/provider/private_key'
+require 'chef/resource/public_key'
+require 'chef/provider/public_key'
+require 'support/key_support'
+repo_path = Dir.mktmpdir('chef_repo')
+describe Chef::Resource::PrivateKey do
+  extend Cheffish::RSpec::ChefRunSupport
+  before :each do
+    FileUtils.remove_entry_secure(repo_path)
+    Dir.mkdir(repo_path)
+  end
+  context 'with a recipe with a private_key' do
+    it 'the private_key is created in pem format' do
+      expect_recipe {
+        private_key "#{repo_path}/blah"
+      }.to have_updated "private_key[#{repo_path}/blah]", :create
+      expect(IO.read("#{repo_path}/blah")).to start_with('-----BEGIN')
+      expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
+    end
+  end
+  context 'with a private_key "blah" resource' do
+    before :each do
+      Dir.mkdir("#{repo_path}/other_keys")
+      Chef::Config.private_key_paths = [ repo_path, "#{repo_path}/other_keys" ]
+    end
+    it 'the private key is created in the private_key_write_path' do
+      expect_recipe {
+        private_key 'blah'
+      }.to have_updated "private_key[blah]", :create
+      expect(Chef::Config.private_key_write_path).to eq(repo_path)
+      expect(File.exist?("#{repo_path}/blah")).to be true
+      expect(File.exist?("#{repo_path}/other_keys/blah")).to be false
+      expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
+      expect(OpenSSL::PKey.read(Cheffish.get_private_key('blah'))).to be_kind_of(OpenSSL::PKey::RSA)
+    end
+    context 'and the private key already exists somewhere not in the write path' do
+      before :each do
+        recipe { private_key "#{repo_path}/other_keys/blah" }.converge
+      end
+      it 'the private expect(key).to not update' do
+        expect_recipe {
+          private_key 'blah'
+        }.not_to have_updated "private_key[blah]", :create
+        expect(File.exist?("#{repo_path}/blah")).to be false
+        expect(File.exist?("#{repo_path}/other_keys/blah")).to be true
+      end
+    end
+  end
+  context 'with a private key' do
+    before :each do
+      Cheffish::BasicChefClient.converge_block do
+        private_key "#{repo_path}/blah"
+      end
+    end
+    context 'and a private_key that copies it in der format' do
+      it 'the private_key is copied in der format and is identical' do
+        expect_recipe {
+          private_key "#{repo_path}/blah.der" do
+            source_key_path "#{repo_path}/blah"
+            format :der
+          end
+        }.to have_updated "private_key[#{repo_path}/blah.der]", :create
+        key_str = IO.read("#{repo_path}/blah.der")
+        expect(key_str).not_to start_with('-----BEGIN')
+        expect(key_str).not_to start_with('ssh-')
+        expect("#{repo_path}/blah.der").to match_private_key("#{repo_path}/blah")
+      end
+    end
+    it 'a private_key that copies it from in-memory as a string succeeds' do
+      expect_recipe {
+        private_key "#{repo_path}/blah.der" do
+          source_key IO.read("#{repo_path}/blah")
+          format :der
+        end
+      }.to have_updated "private_key[#{repo_path}/blah.der]", :create
+      key_str = IO.read("#{repo_path}/blah.der")
+      expect(key_str).not_to start_with('-----BEGIN')
+      expect(key_str).not_to start_with('ssh-')
+      expect("#{repo_path}/blah.der").to match_private_key("#{repo_path}/blah")
+    end
+    it 'a private_key that copies it from in-memory as a key succeeds' do
+      key = OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))
+      expect_recipe {
+        private_key "#{repo_path}/blah.der" do
+          source_key key
+          format :der
+        end
+      }.to have_updated "private_key[#{repo_path}/blah.der]", :create
+      key_str = IO.read("#{repo_path}/blah.der")
+      expect(key_str).not_to start_with('-----BEGIN')
+      expect(key_str).not_to start_with('ssh-')
+      expect("#{repo_path}/blah.der").to match_private_key("#{repo_path}/blah")
+    end
+    context 'and a public_key recipe' do
+      it 'the public_key is created' do
+        expect_recipe {
+          public_key "#{repo_path}/blah.pub" do
+            source_key_path "#{repo_path}/blah"
+          end
+        }.to have_updated "public_key[#{repo_path}/blah.pub]", :create
+        expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
+        expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
+      end
+    end
+    context 'and a public key' do
+      before :each do
+        Cheffish::BasicChefClient.converge_block do
+          public_key "#{repo_path}/blah.pub" do
+            source_key_path "#{repo_path}/blah"
+          end
+        end
+      end
+      context 'and public_key resource based off the public key file' do
+        it 'the second public_key is created' do
+          expect_recipe {
+            public_key "#{repo_path}/blah.pub2" do
+              source_key_path "#{repo_path}/blah.pub"
+            end
+          }.to have_updated "public_key[#{repo_path}/blah.pub2]", :create
+          expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
+          expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
+        end
+      end
+      context 'and another public_key based off the first public_key in-memory in a string' do
+        it 'the second public_key is created' do
+          expect_recipe {
+            public_key "#{repo_path}/blah.pub2" do
+              source_key IO.read("#{repo_path}/blah.pub")
+            end
+          }.to have_updated "public_key[#{repo_path}/blah.pub2]", :create
+          expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
+          expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
+        end
+      end
+      it 'and another public_key based off the first public_key in-memory in a key, the second public_key is created' do
+        key, format = Cheffish::KeyFormatter.decode(IO.read("#{repo_path}/blah.pub"))
+        expect_recipe {
+          public_key "#{repo_path}/blah.pub2" do
+            source_key key
+          end
+        }.to have_updated "public_key[#{repo_path}/blah.pub2]", :create
+        expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
+        expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
+      end
+      context 'and another public_key in :pem format based off the first public_key' do
+        it 'the second public_key is created' do
+          expect_recipe {
+            public_key "#{repo_path}/blah.pub2" do
+              source_key_path "#{repo_path}/blah.pub"
+              format :pem
+            end
+          }.to have_updated "public_key[#{repo_path}/blah.pub2]", :create
+          expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
+          expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
+        end
+      end
+      context 'and another public_key in :der format based off the first public_key' do
+        it 'the second public_key is created' do
+          expect_recipe {
+            public_key "#{repo_path}/blah.pub2" do
+              source_key_path "#{repo_path}/blah.pub"
+              format :pem
+            end
+          }.to have_updated "public_key[#{repo_path}/blah.pub2]", :create
+          expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
+          expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
+        end
+      end
+    end
+    context 'and a public_key resource in pem format' do
+      it 'the public_key is created' do
+        expect_recipe {
+          public_key "#{repo_path}/blah.pub" do
+            source_key_path "#{repo_path}/blah"
+            format :pem
+          end
+        }.to have_updated "public_key[#{repo_path}/blah.pub]", :create
+        expect(IO.read("#{repo_path}/blah.pub")).to start_with('-----BEGIN')
+        expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
+      end
+    end
+    context 'and a public_key resource in der format' do
+      it 'the public_key is created in openssh format' do
+        expect_recipe {
+          public_key "#{repo_path}/blah.pub" do
+            source_key_path "#{repo_path}/blah"
+            format :der
+          end
+        }.to have_updated "public_key[#{repo_path}/blah.pub]", :create
+        expect(IO.read("#{repo_path}/blah.pub")).not_to start_with('-----BEGIN')
+        expect(IO.read("#{repo_path}/blah.pub")).not_to start_with('ssh-rsa')
+        expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
+      end
+    end
+  end
+  context 'with a recipe with a private_key in der format' do
+    it 'the private_key is created' do
+      expect_recipe {
+        private_key "#{repo_path}/blah" do
+          format :der
+        end
+      }.to have_updated "private_key[#{repo_path}/blah]", :create
+      expect(IO.read("#{repo_path}/blah")).not_to start_with('-----BEGIN')
+      expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
+    end
+  end
+  context 'with a private key in der format' do
+    before :each do
+      Cheffish::BasicChefClient.converge_block do
+        private_key "#{repo_path}/blah" do
+          format :der
+        end
+      end
+    end
+    context 'and a public_key' do
+      it 'the public_key is created in openssh format' do
+        expect_recipe {
+          public_key "#{repo_path}/blah.pub" do
+            source_key_path "#{repo_path}/blah"
+          end
+        }.to have_updated "public_key[#{repo_path}/blah.pub]", :create
+        expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
+        expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
+      end
+    end
+  end
+  context 'with a recipe with a private_key with a pass_phrase' do
+    it 'the private_key is created' do
+      expect_recipe {
+        private_key "#{repo_path}/blah" do
+          pass_phrase 'hello'
+        end
+      }.to have_updated "private_key[#{repo_path}/blah]", :create
+      expect(IO.read("#{repo_path}/blah")).to start_with('-----BEGIN')
+      expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"), 'hello')).to be_kind_of(OpenSSL::PKey::RSA)
+    end
+  end
+  context 'with a private key with a pass phrase' do
+    before :each do
+      Cheffish::BasicChefClient.converge_block do
+        private_key "#{repo_path}/blah" do
+          pass_phrase 'hello'
+        end
+      end
+    end
+    context 'and a private_key that copies it in der format' do
+      it 'the private_key is copied in der format and is identical' do
+        expect_recipe {
+          private_key "#{repo_path}/blah.der" do
+            source_key_path "#{repo_path}/blah"
+            source_key_pass_phrase 'hello'
+            format :der
+          end
+        }.to have_updated "private_key[#{repo_path}/blah.der]", :create
+        key_str = IO.read("#{repo_path}/blah.der")
+        expect(key_str).not_to start_with('-----BEGIN')
+        expect(key_str).not_to start_with('ssh-')
+        expect("#{repo_path}/blah.der").to match_private_key("#{repo_path}/blah", 'hello')
+      end
+    end
+    context 'and a private_key resource pointing at it without a pass_phrase' do
+      it 'the run fails with an exception' do
+        expect {
+          converge {
+            private_key "#{repo_path}/blah"
+          }
+        }.to raise_error /missing pass phrase?/
+      end
+    end
+    context 'and a private_key resource with no pass phrase and regenerate_if_different' do
+      it 'the private_key is regenerated' do
+        expect_recipe {
+          private_key "#{repo_path}/blah" do
+            regenerate_if_different true
+          end
+        }.to have_updated "private_key[#{repo_path}/blah]", :create
+        expect(IO.read("#{repo_path}/blah")).to start_with('-----BEGIN')
+        expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
+      end
+    end
+    it 'a private_key resource that copies it from in-memory as a string succeeds' do
+      expect_recipe {
+        private_key "#{repo_path}/blah.der" do
+          source_key IO.read("#{repo_path}/blah")
+          source_key_pass_phrase 'hello'
+          format :der
+        end
+      }.to have_updated "private_key[#{repo_path}/blah.der]", :create
+      key_str = IO.read("#{repo_path}/blah.der")
+      expect(key_str).not_to start_with('-----BEGIN')
+      expect(key_str).not_to start_with('ssh-')
+      expect("#{repo_path}/blah.der").to match_private_key("#{repo_path}/blah", 'hello')
+    end
+    context 'and a public_key' do
+      it 'the public_key is created in openssh format' do
+        expect_recipe {
+          public_key "#{repo_path}/blah.pub" do
+            source_key_path "#{repo_path}/blah"
+            source_key_pass_phrase 'hello'
+          end
+        }.to have_updated "public_key[#{repo_path}/blah.pub]", :create
+        expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
+        expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah", 'hello'
+      end
+    end
+    context 'and a public_key derived from the private key in an in-memory string' do
+      it 'the public_key is created in openssh format' do
+        expect_recipe {
+          public_key "#{repo_path}/blah.pub" do
+            source_key IO.read("#{repo_path}/blah")
+            source_key_pass_phrase 'hello'
+          end
+        }.to have_updated "public_key[#{repo_path}/blah.pub]", :create
+        expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
+        expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah", 'hello'
+      end
+    end
+  end
+  context 'with a recipe with a private_key and public_key_path' do
+    it 'the private_key and public_key are created' do
+      expect_recipe {
+        private_key "#{repo_path}/blah" do
+          public_key_path "#{repo_path}/blah.pub"
+        end
+      }.to have_updated "private_key[#{repo_path}/blah]", :create
+      expect(IO.read("#{repo_path}/blah")).to start_with('-----BEGIN')
+      expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
+      expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
+      expect("#{repo_path}/blah.pub").to be_public_key_for("#{repo_path}/blah")
+    end
+  end
+  context 'with a recipe with a private_key and public_key_path and public_key_format' do
+    it 'the private_key and public_key are created' do
+      expect_recipe {
+        private_key "#{repo_path}/blah" do
+          public_key_path "#{repo_path}/blah.pub.der"
+          public_key_format :der
+        end
+      }.to have_updated "private_key[#{repo_path}/blah]", :create
+      expect(IO.read("#{repo_path}/blah")).to start_with('-----BEGIN')
+      expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
+      expect(IO.read("#{repo_path}/blah.pub.der")).not_to start_with('ssh-rsa ')
+      expect("#{repo_path}/blah.pub.der").to be_public_key_for("#{repo_path}/blah")
+    end
+  end
+  context 'with a recipe with a private_key with path :none' do
+    it 'the private_key is created' do
+      got_private_key = nil
+      expect_recipe {
+        private_key 'in_memory' do
+          path :none
+          after { |resource, private_key| got_private_key = private_key }
+        end
+      }.to have_updated "private_key[in_memory]", :create
+      expect(got_private_key).to be_kind_of(OpenSSL::PKey::RSA)
+    end
+  end
+end