RubyGems - cheffish - Versions diffs - 1.4.0 → 1.4.1 - Mend

cheffish 1.4.0 → 1.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (76) hide show

checksums.yaml +4 -4
data/LICENSE +201 -201
data/README.md +120 -120
data/Rakefile +23 -23
data/lib/chef/provider/chef_acl.rb +439 -439
data/lib/chef/provider/chef_client.rb +53 -53
data/lib/chef/provider/chef_container.rb +55 -55
data/lib/chef/provider/chef_data_bag.rb +55 -55
data/lib/chef/provider/chef_data_bag_item.rb +278 -278
data/lib/chef/provider/chef_environment.rb +83 -83
data/lib/chef/provider/chef_group.rb +83 -83
data/lib/chef/provider/chef_mirror.rb +169 -169
data/lib/chef/provider/chef_node.rb +87 -87
data/lib/chef/provider/chef_organization.rb +155 -155
data/lib/chef/provider/chef_resolved_cookbooks.rb +46 -46
data/lib/chef/provider/chef_role.rb +84 -84
data/lib/chef/provider/chef_user.rb +59 -59
data/lib/chef/provider/private_key.rb +225 -225
data/lib/chef/provider/public_key.rb +88 -88
data/lib/chef/resource/chef_acl.rb +69 -69
data/lib/chef/resource/chef_client.rb +48 -48
data/lib/chef/resource/chef_container.rb +22 -22
data/lib/chef/resource/chef_data_bag.rb +22 -22
data/lib/chef/resource/chef_data_bag_item.rb +121 -121
data/lib/chef/resource/chef_environment.rb +77 -77
data/lib/chef/resource/chef_group.rb +53 -53
data/lib/chef/resource/chef_mirror.rb +52 -52
data/lib/chef/resource/chef_node.rb +22 -22
data/lib/chef/resource/chef_organization.rb +69 -69
data/lib/chef/resource/chef_resolved_cookbooks.rb +35 -35
data/lib/chef/resource/chef_role.rb +110 -110
data/lib/chef/resource/chef_user.rb +56 -56
data/lib/chef/resource/private_key.rb +48 -48
data/lib/chef/resource/public_key.rb +25 -25
data/lib/cheffish.rb +235 -235
data/lib/cheffish/actor_provider_base.rb +131 -131
data/lib/cheffish/basic_chef_client.rb +184 -184
data/lib/cheffish/chef_provider_base.rb +246 -246
data/lib/cheffish/chef_run.rb +162 -162
data/lib/cheffish/chef_run_data.rb +19 -19
data/lib/cheffish/chef_run_listener.rb +30 -30
data/lib/cheffish/key_formatter.rb +113 -113
data/lib/cheffish/merged_config.rb +94 -94
data/lib/cheffish/recipe_dsl.rb +157 -157
data/lib/cheffish/rspec.rb +8 -8
data/lib/cheffish/rspec/chef_run_support.rb +83 -83
data/lib/cheffish/rspec/matchers.rb +4 -4
data/lib/cheffish/rspec/matchers/be_idempotent.rb +16 -16
data/lib/cheffish/rspec/matchers/emit_no_warnings_or_errors.rb +15 -15
data/lib/cheffish/rspec/matchers/have_updated.rb +37 -37
data/lib/cheffish/rspec/matchers/partially_match.rb +63 -63
data/lib/cheffish/rspec/recipe_run_wrapper.rb +59 -59
data/lib/cheffish/rspec/repository_support.rb +108 -108
data/lib/cheffish/server_api.rb +52 -52
data/lib/cheffish/version.rb +3 -3
data/lib/cheffish/with_pattern.rb +21 -21
data/spec/functional/fingerprint_spec.rb +64 -64
data/spec/functional/merged_config_spec.rb +19 -19
data/spec/functional/server_api_spec.rb +13 -13
data/spec/integration/chef_acl_spec.rb +879 -879
data/spec/integration/chef_client_spec.rb +105 -105
data/spec/integration/chef_container_spec.rb +33 -33
data/spec/integration/chef_group_spec.rb +309 -309
data/spec/integration/chef_mirror_spec.rb +491 -491
data/spec/integration/chef_node_spec.rb +786 -786
data/spec/integration/chef_organization_spec.rb +226 -226
data/spec/integration/chef_role_spec.rb +78 -78
data/spec/integration/chef_user_spec.rb +85 -85
data/spec/integration/private_key_spec.rb +399 -399
data/spec/integration/recipe_dsl_spec.rb +28 -28
data/spec/integration/rspec/converge_spec.rb +183 -183
data/spec/support/key_support.rb +29 -29
data/spec/support/spec_support.rb +15 -15
data/spec/unit/get_private_key_spec.rb +131 -131
data/spec/unit/recipe_run_wrapper_spec.rb +37 -37
metadata +3 -4

data/spec/integration/chef_user_spec.rb CHANGED Viewed

@@ -1,85 +1,85 @@
-require 'support/spec_support'
-require 'cheffish/rspec/chef_run_support'
-require 'support/key_support'
-require 'chef/resource/chef_user'
-require 'chef/provider/chef_user'
-repo_path = Dir.mktmpdir('chef_repo')
-describe Chef::Resource::ChefUser do
-  extend Cheffish::RSpec::ChefRunSupport
-  with_converge do
-    private_key "#{repo_path}/blah.pem"
-  end
-  when_the_chef_server 'is empty' do
-    context 'and we run a recipe that creates user "blah"'do
-      it 'the user gets created' do
-        expect_recipe {
-          chef_user 'blah' do
-            source_key_path "#{repo_path}/blah.pem"
-          end
-        }.to have_updated 'chef_user[blah]', :create
-        user = get('/users/blah')
-        expect(user['name']).to eq('blah')
-        key, format = Cheffish::KeyFormatter.decode(user['public_key'])
-        expect(key).to be_public_key_for("#{repo_path}/blah.pem")
-      end
-    end
-    context 'and we run a recipe that creates user "blah" with output_key_path' do
-      with_converge do
-        chef_user 'blah' do
-          source_key_path "#{repo_path}/blah.pem"
-          output_key_path "#{repo_path}/blah.pub"
-        end
-      end
-      it 'the output public key gets created' do
-        expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
-        expect("#{repo_path}/blah.pub").to be_public_key_for("#{repo_path}/blah.pem")
-      end
-    end
-  end
-  when_the_chef_12_server 'is in multi-org mode' do
-    context 'and chef_server_url is pointed at the top level' do
-      context 'and we run a recipe that creates user "blah"'do
-        it 'the user gets created' do
-          expect_recipe {
-            chef_user 'blah' do
-              source_key_path "#{repo_path}/blah.pem"
-            end
-          }.to have_updated 'chef_user[blah]', :create
-          user = get('/users/blah')
-          expect(user['name']).to eq('blah')
-          key, format = Cheffish::KeyFormatter.decode(user['public_key'])
-          expect(key).to be_public_key_for("#{repo_path}/blah.pem")
-        end
-      end
-    end
-    context 'and chef_server_url is pointed at /organizations/foo' do
-      organization 'foo'
-      before :each do
-        Chef::Config.chef_server_url = URI.join(Chef::Config.chef_server_url, '/organizations/foo').to_s
-      end
-      context 'and we run a recipe that creates user "blah"'do
-        it 'the user gets created' do
-          expect_recipe {
-            chef_user 'blah' do
-              source_key_path "#{repo_path}/blah.pem"
-            end
-          }.to have_updated 'chef_user[blah]', :create
-          user = get('/users/blah')
-          expect(user['name']).to eq('blah')
-          key, format = Cheffish::KeyFormatter.decode(user['public_key'])
-          expect(key).to be_public_key_for("#{repo_path}/blah.pem")
-        end
-      end
-    end
-  end
-end
+require 'support/spec_support'
+require 'cheffish/rspec/chef_run_support'
+require 'support/key_support'
+require 'chef/resource/chef_user'
+require 'chef/provider/chef_user'
+repo_path = Dir.mktmpdir('chef_repo')
+describe Chef::Resource::ChefUser do
+  extend Cheffish::RSpec::ChefRunSupport
+  with_converge do
+    private_key "#{repo_path}/blah.pem"
+  end
+  when_the_chef_server 'is empty' do
+    context 'and we run a recipe that creates user "blah"'do
+      it 'the user gets created' do
+        expect_recipe {
+          chef_user 'blah' do
+            source_key_path "#{repo_path}/blah.pem"
+          end
+        }.to have_updated 'chef_user[blah]', :create
+        user = get('/users/blah')
+        expect(user['name']).to eq('blah')
+        key, format = Cheffish::KeyFormatter.decode(user['public_key'])
+        expect(key).to be_public_key_for("#{repo_path}/blah.pem")
+      end
+    end
+    context 'and we run a recipe that creates user "blah" with output_key_path' do
+      with_converge do
+        chef_user 'blah' do
+          source_key_path "#{repo_path}/blah.pem"
+          output_key_path "#{repo_path}/blah.pub"
+        end
+      end
+      it 'the output public key gets created' do
+        expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
+        expect("#{repo_path}/blah.pub").to be_public_key_for("#{repo_path}/blah.pem")
+      end
+    end
+  end
+  when_the_chef_12_server 'is in multi-org mode' do
+    context 'and chef_server_url is pointed at the top level' do
+      context 'and we run a recipe that creates user "blah"'do
+        it 'the user gets created' do
+          expect_recipe {
+            chef_user 'blah' do
+              source_key_path "#{repo_path}/blah.pem"
+            end
+          }.to have_updated 'chef_user[blah]', :create
+          user = get('/users/blah')
+          expect(user['name']).to eq('blah')
+          key, format = Cheffish::KeyFormatter.decode(user['public_key'])
+          expect(key).to be_public_key_for("#{repo_path}/blah.pem")
+        end
+      end
+    end
+    context 'and chef_server_url is pointed at /organizations/foo' do
+      organization 'foo'
+      before :each do
+        Chef::Config.chef_server_url = URI.join(Chef::Config.chef_server_url, '/organizations/foo').to_s
+      end
+      context 'and we run a recipe that creates user "blah"'do
+        it 'the user gets created' do
+          expect_recipe {
+            chef_user 'blah' do
+              source_key_path "#{repo_path}/blah.pem"
+            end
+          }.to have_updated 'chef_user[blah]', :create
+          user = get('/users/blah')
+          expect(user['name']).to eq('blah')
+          key, format = Cheffish::KeyFormatter.decode(user['public_key'])
+          expect(key).to be_public_key_for("#{repo_path}/blah.pem")
+        end
+      end
+    end
+  end
+end

data/spec/integration/private_key_spec.rb CHANGED Viewed

@@ -1,399 +1,399 @@
-require 'support/spec_support'
-require 'cheffish/rspec/chef_run_support'
-require 'chef/resource/private_key'
-require 'chef/provider/private_key'
-require 'chef/resource/public_key'
-require 'chef/provider/public_key'
-require 'support/key_support'
-repo_path = Dir.mktmpdir('chef_repo')
-describe Chef::Resource::PrivateKey do
-  extend Cheffish::RSpec::ChefRunSupport
-  before :each do
-    FileUtils.remove_entry_secure(repo_path)
-    Dir.mkdir(repo_path)
-  end
-  context 'with a recipe with a private_key' do
-    it 'the private_key is created in pem format' do
-      expect_recipe {
-        private_key "#{repo_path}/blah"
-      }.to have_updated "private_key[#{repo_path}/blah]", :create
-      expect(IO.read("#{repo_path}/blah")).to start_with('-----BEGIN')
-      expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
-    end
-  end
-  context 'with a private_key "blah" resource' do
-    before :each do
-      Dir.mkdir("#{repo_path}/other_keys")
-      Chef::Config.private_key_paths = [ repo_path, "#{repo_path}/other_keys" ]
-    end
-    it 'the private key is created in the private_key_write_path' do
-      expect_recipe {
-        private_key 'blah'
-      }.to have_updated "private_key[blah]", :create
-      expect(Chef::Config.private_key_write_path).to eq(repo_path)
-      expect(File.exist?("#{repo_path}/blah")).to be true
-      expect(File.exist?("#{repo_path}/other_keys/blah")).to be false
-      expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
-      expect(OpenSSL::PKey.read(Cheffish.get_private_key('blah'))).to be_kind_of(OpenSSL::PKey::RSA)
-    end
-    context 'and the private key already exists somewhere not in the write path' do
-      before :each do
-        recipe { private_key "#{repo_path}/other_keys/blah" }.converge
-      end
-      it 'the private expect(key).to not update' do
-        expect_recipe {
-          private_key 'blah'
-        }.not_to have_updated "private_key[blah]", :create
-        expect(File.exist?("#{repo_path}/blah")).to be false
-        expect(File.exist?("#{repo_path}/other_keys/blah")).to be true
-      end
-    end
-  end
-  context 'with a private key' do
-    before :each do
-      Cheffish::BasicChefClient.converge_block do
-        private_key "#{repo_path}/blah"
-      end
-    end
-    context 'and a private_key that copies it in der format' do
-      it 'the private_key is copied in der format and is identical' do
-        expect_recipe {
-          private_key "#{repo_path}/blah.der" do
-            source_key_path "#{repo_path}/blah"
-            format :der
-          end
-        }.to have_updated "private_key[#{repo_path}/blah.der]", :create
-        key_str = IO.read("#{repo_path}/blah.der")
-        expect(key_str).not_to start_with('-----BEGIN')
-        expect(key_str).not_to start_with('ssh-')
-        expect("#{repo_path}/blah.der").to match_private_key("#{repo_path}/blah")
-      end
-    end
-    it 'a private_key that copies it from in-memory as a string succeeds' do
-      expect_recipe {
-        private_key "#{repo_path}/blah.der" do
-          source_key IO.read("#{repo_path}/blah")
-          format :der
-        end
-      }.to have_updated "private_key[#{repo_path}/blah.der]", :create
-      key_str = IO.read("#{repo_path}/blah.der")
-      expect(key_str).not_to start_with('-----BEGIN')
-      expect(key_str).not_to start_with('ssh-')
-      expect("#{repo_path}/blah.der").to match_private_key("#{repo_path}/blah")
-    end
-    it 'a private_key that copies it from in-memory as a key succeeds' do
-      key = OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))
-      expect_recipe {
-        private_key "#{repo_path}/blah.der" do
-          source_key key
-          format :der
-        end
-      }.to have_updated "private_key[#{repo_path}/blah.der]", :create
-      key_str = IO.read("#{repo_path}/blah.der")
-      expect(key_str).not_to start_with('-----BEGIN')
-      expect(key_str).not_to start_with('ssh-')
-      expect("#{repo_path}/blah.der").to match_private_key("#{repo_path}/blah")
-    end
-    context 'and a public_key recipe' do
-      it 'the public_key is created' do
-        expect_recipe {
-          public_key "#{repo_path}/blah.pub" do
-            source_key_path "#{repo_path}/blah"
-          end
-        }.to have_updated "public_key[#{repo_path}/blah.pub]", :create
-        expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
-        expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
-      end
-    end
-    context 'and a public key' do
-      before :each do
-        Cheffish::BasicChefClient.converge_block do
-          public_key "#{repo_path}/blah.pub" do
-            source_key_path "#{repo_path}/blah"
-          end
-        end
-      end
-      context 'and public_key resource based off the public key file' do
-        it 'the second public_key is created' do
-          expect_recipe {
-            public_key "#{repo_path}/blah.pub2" do
-              source_key_path "#{repo_path}/blah.pub"
-            end
-          }.to have_updated "public_key[#{repo_path}/blah.pub2]", :create
-          expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
-          expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
-        end
-      end
-      context 'and another public_key based off the first public_key in-memory in a string' do
-        it 'the second public_key is created' do
-          expect_recipe {
-            public_key "#{repo_path}/blah.pub2" do
-              source_key IO.read("#{repo_path}/blah.pub")
-            end
-          }.to have_updated "public_key[#{repo_path}/blah.pub2]", :create
-          expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
-          expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
-        end
-      end
-      it 'and another public_key based off the first public_key in-memory in a key, the second public_key is created' do
-        key, format = Cheffish::KeyFormatter.decode(IO.read("#{repo_path}/blah.pub"))
-        expect_recipe {
-          public_key "#{repo_path}/blah.pub2" do
-            source_key key
-          end
-        }.to have_updated "public_key[#{repo_path}/blah.pub2]", :create
-        expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
-        expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
-      end
-      context 'and another public_key in :pem format based off the first public_key' do
-        it 'the second public_key is created' do
-          expect_recipe {
-            public_key "#{repo_path}/blah.pub2" do
-              source_key_path "#{repo_path}/blah.pub"
-              format :pem
-            end
-          }.to have_updated "public_key[#{repo_path}/blah.pub2]", :create
-          expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
-          expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
-        end
-      end
-      context 'and another public_key in :der format based off the first public_key' do
-        it 'the second public_key is created' do
-          expect_recipe {
-            public_key "#{repo_path}/blah.pub2" do
-              source_key_path "#{repo_path}/blah.pub"
-              format :pem
-            end
-          }.to have_updated "public_key[#{repo_path}/blah.pub2]", :create
-          expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
-          expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
-        end
-      end
-    end
-    context 'and a public_key resource in pem format' do
-      it 'the public_key is created' do
-        expect_recipe {
-          public_key "#{repo_path}/blah.pub" do
-            source_key_path "#{repo_path}/blah"
-            format :pem
-          end
-        }.to have_updated "public_key[#{repo_path}/blah.pub]", :create
-        expect(IO.read("#{repo_path}/blah.pub")).to start_with('-----BEGIN')
-        expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
-      end
-    end
-    context 'and a public_key resource in der format' do
-      it 'the public_key is created in openssh format' do
-        expect_recipe {
-          public_key "#{repo_path}/blah.pub" do
-            source_key_path "#{repo_path}/blah"
-            format :der
-          end
-        }.to have_updated "public_key[#{repo_path}/blah.pub]", :create
-        expect(IO.read("#{repo_path}/blah.pub")).not_to start_with('-----BEGIN')
-        expect(IO.read("#{repo_path}/blah.pub")).not_to start_with('ssh-rsa')
-        expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
-      end
-    end
-  end
-  context 'with a recipe with a private_key in der format' do
-    it 'the private_key is created' do
-      expect_recipe {
-        private_key "#{repo_path}/blah" do
-          format :der
-        end
-      }.to have_updated "private_key[#{repo_path}/blah]", :create
-      expect(IO.read("#{repo_path}/blah")).not_to start_with('-----BEGIN')
-      expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
-    end
-  end
-  context 'with a private key in der format' do
-    before :each do
-      Cheffish::BasicChefClient.converge_block do
-        private_key "#{repo_path}/blah" do
-          format :der
-        end
-      end
-    end
-    context 'and a public_key' do
-      it 'the public_key is created in openssh format' do
-        expect_recipe {
-          public_key "#{repo_path}/blah.pub" do
-            source_key_path "#{repo_path}/blah"
-          end
-        }.to have_updated "public_key[#{repo_path}/blah.pub]", :create
-        expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
-        expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
-      end
-    end
-  end
-  context 'with a recipe with a private_key with a pass_phrase' do
-    it 'the private_key is created' do
-      expect_recipe {
-        private_key "#{repo_path}/blah" do
-          pass_phrase 'hello'
-        end
-      }.to have_updated "private_key[#{repo_path}/blah]", :create
-      expect(IO.read("#{repo_path}/blah")).to start_with('-----BEGIN')
-      expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"), 'hello')).to be_kind_of(OpenSSL::PKey::RSA)
-    end
-  end
-  context 'with a private key with a pass phrase' do
-    before :each do
-      Cheffish::BasicChefClient.converge_block do
-        private_key "#{repo_path}/blah" do
-          pass_phrase 'hello'
-        end
-      end
-    end
-    context 'and a private_key that copies it in der format' do
-      it 'the private_key is copied in der format and is identical' do
-        expect_recipe {
-          private_key "#{repo_path}/blah.der" do
-            source_key_path "#{repo_path}/blah"
-            source_key_pass_phrase 'hello'
-            format :der
-          end
-        }.to have_updated "private_key[#{repo_path}/blah.der]", :create
-        key_str = IO.read("#{repo_path}/blah.der")
-        expect(key_str).not_to start_with('-----BEGIN')
-        expect(key_str).not_to start_with('ssh-')
-        expect("#{repo_path}/blah.der").to match_private_key("#{repo_path}/blah", 'hello')
-      end
-    end
-    context 'and a private_key resource pointing at it without a pass_phrase' do
-      it 'the run fails with an exception' do
-        expect {
-          converge {
-            private_key "#{repo_path}/blah"
-          }
-        }.to raise_error /missing pass phrase?/
-      end
-    end
-    context 'and a private_key resource with no pass phrase and regenerate_if_different' do
-      it 'the private_key is regenerated' do
-        expect_recipe {
-          private_key "#{repo_path}/blah" do
-            regenerate_if_different true
-          end
-        }.to have_updated "private_key[#{repo_path}/blah]", :create
-        expect(IO.read("#{repo_path}/blah")).to start_with('-----BEGIN')
-        expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
-      end
-    end
-    it 'a private_key resource that copies it from in-memory as a string succeeds' do
-      expect_recipe {
-        private_key "#{repo_path}/blah.der" do
-          source_key IO.read("#{repo_path}/blah")
-          source_key_pass_phrase 'hello'
-          format :der
-        end
-      }.to have_updated "private_key[#{repo_path}/blah.der]", :create
-      key_str = IO.read("#{repo_path}/blah.der")
-      expect(key_str).not_to start_with('-----BEGIN')
-      expect(key_str).not_to start_with('ssh-')
-      expect("#{repo_path}/blah.der").to match_private_key("#{repo_path}/blah", 'hello')
-    end
-    context 'and a public_key' do
-      it 'the public_key is created in openssh format' do
-        expect_recipe {
-          public_key "#{repo_path}/blah.pub" do
-            source_key_path "#{repo_path}/blah"
-            source_key_pass_phrase 'hello'
-          end
-        }.to have_updated "public_key[#{repo_path}/blah.pub]", :create
-        expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
-        expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah", 'hello'
-      end
-    end
-    context 'and a public_key derived from the private key in an in-memory string' do
-      it 'the public_key is created in openssh format' do
-        expect_recipe {
-          public_key "#{repo_path}/blah.pub" do
-            source_key IO.read("#{repo_path}/blah")
-            source_key_pass_phrase 'hello'
-          end
-        }.to have_updated "public_key[#{repo_path}/blah.pub]", :create
-        expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
-        expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah", 'hello'
-      end
-    end
-  end
-  context 'with a recipe with a private_key and public_key_path' do
-    it 'the private_key and public_key are created' do
-      expect_recipe {
-        private_key "#{repo_path}/blah" do
-          public_key_path "#{repo_path}/blah.pub"
-        end
-      }.to have_updated "private_key[#{repo_path}/blah]", :create
-      expect(IO.read("#{repo_path}/blah")).to start_with('-----BEGIN')
-      expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
-      expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
-      expect("#{repo_path}/blah.pub").to be_public_key_for("#{repo_path}/blah")
-    end
-  end
-  context 'with a recipe with a private_key and public_key_path and public_key_format' do
-    it 'the private_key and public_key are created' do
-      expect_recipe {
-        private_key "#{repo_path}/blah" do
-          public_key_path "#{repo_path}/blah.pub.der"
-          public_key_format :der
-        end
-      }.to have_updated "private_key[#{repo_path}/blah]", :create
-      expect(IO.read("#{repo_path}/blah")).to start_with('-----BEGIN')
-      expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
-      expect(IO.read("#{repo_path}/blah.pub.der")).not_to start_with('ssh-rsa ')
-      expect("#{repo_path}/blah.pub.der").to be_public_key_for("#{repo_path}/blah")
-    end
-  end
-  context 'with a recipe with a private_key with path :none' do
-    it 'the private_key is created' do
-      got_private_key = nil
-      expect_recipe {
-        private_key 'in_memory' do
-          path :none
-          after { |resource, private_key| got_private_key = private_key }
-        end
-      }.to have_updated "private_key[in_memory]", :create
-      expect(got_private_key).to be_kind_of(OpenSSL::PKey::RSA)
-    end
-  end
-end
+require 'support/spec_support'
+require 'cheffish/rspec/chef_run_support'
+require 'chef/resource/private_key'
+require 'chef/provider/private_key'
+require 'chef/resource/public_key'
+require 'chef/provider/public_key'
+require 'support/key_support'
+repo_path = Dir.mktmpdir('chef_repo')
+describe Chef::Resource::PrivateKey do
+  extend Cheffish::RSpec::ChefRunSupport
+  before :each do
+    FileUtils.remove_entry_secure(repo_path)
+    Dir.mkdir(repo_path)
+  end
+  context 'with a recipe with a private_key' do
+    it 'the private_key is created in pem format' do
+      expect_recipe {
+        private_key "#{repo_path}/blah"
+      }.to have_updated "private_key[#{repo_path}/blah]", :create
+      expect(IO.read("#{repo_path}/blah")).to start_with('-----BEGIN')
+      expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
+    end
+  end
+  context 'with a private_key "blah" resource' do
+    before :each do
+      Dir.mkdir("#{repo_path}/other_keys")
+      Chef::Config.private_key_paths = [ repo_path, "#{repo_path}/other_keys" ]
+    end
+    it 'the private key is created in the private_key_write_path' do
+      expect_recipe {
+        private_key 'blah'
+      }.to have_updated "private_key[blah]", :create
+      expect(Chef::Config.private_key_write_path).to eq(repo_path)
+      expect(File.exist?("#{repo_path}/blah")).to be true
+      expect(File.exist?("#{repo_path}/other_keys/blah")).to be false
+      expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
+      expect(OpenSSL::PKey.read(Cheffish.get_private_key('blah'))).to be_kind_of(OpenSSL::PKey::RSA)
+    end
+    context 'and the private key already exists somewhere not in the write path' do
+      before :each do
+        recipe { private_key "#{repo_path}/other_keys/blah" }.converge
+      end
+      it 'the private expect(key).to not update' do
+        expect_recipe {
+          private_key 'blah'
+        }.not_to have_updated "private_key[blah]", :create
+        expect(File.exist?("#{repo_path}/blah")).to be false
+        expect(File.exist?("#{repo_path}/other_keys/blah")).to be true
+      end
+    end
+  end
+  context 'with a private key' do
+    before :each do
+      Cheffish::BasicChefClient.converge_block do
+        private_key "#{repo_path}/blah"
+      end
+    end
+    context 'and a private_key that copies it in der format' do
+      it 'the private_key is copied in der format and is identical' do
+        expect_recipe {
+          private_key "#{repo_path}/blah.der" do
+            source_key_path "#{repo_path}/blah"
+            format :der
+          end
+        }.to have_updated "private_key[#{repo_path}/blah.der]", :create
+        key_str = IO.read("#{repo_path}/blah.der")
+        expect(key_str).not_to start_with('-----BEGIN')
+        expect(key_str).not_to start_with('ssh-')
+        expect("#{repo_path}/blah.der").to match_private_key("#{repo_path}/blah")
+      end
+    end
+    it 'a private_key that copies it from in-memory as a string succeeds' do
+      expect_recipe {
+        private_key "#{repo_path}/blah.der" do
+          source_key IO.read("#{repo_path}/blah")
+          format :der
+        end
+      }.to have_updated "private_key[#{repo_path}/blah.der]", :create
+      key_str = IO.read("#{repo_path}/blah.der")
+      expect(key_str).not_to start_with('-----BEGIN')
+      expect(key_str).not_to start_with('ssh-')
+      expect("#{repo_path}/blah.der").to match_private_key("#{repo_path}/blah")
+    end
+    it 'a private_key that copies it from in-memory as a key succeeds' do
+      key = OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))
+      expect_recipe {
+        private_key "#{repo_path}/blah.der" do
+          source_key key
+          format :der
+        end
+      }.to have_updated "private_key[#{repo_path}/blah.der]", :create
+      key_str = IO.read("#{repo_path}/blah.der")
+      expect(key_str).not_to start_with('-----BEGIN')
+      expect(key_str).not_to start_with('ssh-')
+      expect("#{repo_path}/blah.der").to match_private_key("#{repo_path}/blah")
+    end
+    context 'and a public_key recipe' do
+      it 'the public_key is created' do
+        expect_recipe {
+          public_key "#{repo_path}/blah.pub" do
+            source_key_path "#{repo_path}/blah"
+          end
+        }.to have_updated "public_key[#{repo_path}/blah.pub]", :create
+        expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
+        expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
+      end
+    end
+    context 'and a public key' do
+      before :each do
+        Cheffish::BasicChefClient.converge_block do
+          public_key "#{repo_path}/blah.pub" do
+            source_key_path "#{repo_path}/blah"
+          end
+        end
+      end
+      context 'and public_key resource based off the public key file' do
+        it 'the second public_key is created' do
+          expect_recipe {
+            public_key "#{repo_path}/blah.pub2" do
+              source_key_path "#{repo_path}/blah.pub"
+            end
+          }.to have_updated "public_key[#{repo_path}/blah.pub2]", :create
+          expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
+          expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
+        end
+      end
+      context 'and another public_key based off the first public_key in-memory in a string' do
+        it 'the second public_key is created' do
+          expect_recipe {
+            public_key "#{repo_path}/blah.pub2" do
+              source_key IO.read("#{repo_path}/blah.pub")
+            end
+          }.to have_updated "public_key[#{repo_path}/blah.pub2]", :create
+          expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
+          expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
+        end
+      end
+      it 'and another public_key based off the first public_key in-memory in a key, the second public_key is created' do
+        key, format = Cheffish::KeyFormatter.decode(IO.read("#{repo_path}/blah.pub"))
+        expect_recipe {
+          public_key "#{repo_path}/blah.pub2" do
+            source_key key
+          end
+        }.to have_updated "public_key[#{repo_path}/blah.pub2]", :create
+        expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
+        expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
+      end
+      context 'and another public_key in :pem format based off the first public_key' do
+        it 'the second public_key is created' do
+          expect_recipe {
+            public_key "#{repo_path}/blah.pub2" do
+              source_key_path "#{repo_path}/blah.pub"
+              format :pem
+            end
+          }.to have_updated "public_key[#{repo_path}/blah.pub2]", :create
+          expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
+          expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
+        end
+      end
+      context 'and another public_key in :der format based off the first public_key' do
+        it 'the second public_key is created' do
+          expect_recipe {
+            public_key "#{repo_path}/blah.pub2" do
+              source_key_path "#{repo_path}/blah.pub"
+              format :pem
+            end
+          }.to have_updated "public_key[#{repo_path}/blah.pub2]", :create
+          expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
+          expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
+        end
+      end
+    end
+    context 'and a public_key resource in pem format' do
+      it 'the public_key is created' do
+        expect_recipe {
+          public_key "#{repo_path}/blah.pub" do
+            source_key_path "#{repo_path}/blah"
+            format :pem
+          end
+        }.to have_updated "public_key[#{repo_path}/blah.pub]", :create
+        expect(IO.read("#{repo_path}/blah.pub")).to start_with('-----BEGIN')
+        expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
+      end
+    end
+    context 'and a public_key resource in der format' do
+      it 'the public_key is created in openssh format' do
+        expect_recipe {
+          public_key "#{repo_path}/blah.pub" do
+            source_key_path "#{repo_path}/blah"
+            format :der
+          end
+        }.to have_updated "public_key[#{repo_path}/blah.pub]", :create
+        expect(IO.read("#{repo_path}/blah.pub")).not_to start_with('-----BEGIN')
+        expect(IO.read("#{repo_path}/blah.pub")).not_to start_with('ssh-rsa')
+        expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
+      end
+    end
+  end
+  context 'with a recipe with a private_key in der format' do
+    it 'the private_key is created' do
+      expect_recipe {
+        private_key "#{repo_path}/blah" do
+          format :der
+        end
+      }.to have_updated "private_key[#{repo_path}/blah]", :create
+      expect(IO.read("#{repo_path}/blah")).not_to start_with('-----BEGIN')
+      expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
+    end
+  end
+  context 'with a private key in der format' do
+    before :each do
+      Cheffish::BasicChefClient.converge_block do
+        private_key "#{repo_path}/blah" do
+          format :der
+        end
+      end
+    end
+    context 'and a public_key' do
+      it 'the public_key is created in openssh format' do
+        expect_recipe {
+          public_key "#{repo_path}/blah.pub" do
+            source_key_path "#{repo_path}/blah"
+          end
+        }.to have_updated "public_key[#{repo_path}/blah.pub]", :create
+        expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
+        expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
+      end
+    end
+  end
+  context 'with a recipe with a private_key with a pass_phrase' do
+    it 'the private_key is created' do
+      expect_recipe {
+        private_key "#{repo_path}/blah" do
+          pass_phrase 'hello'
+        end
+      }.to have_updated "private_key[#{repo_path}/blah]", :create
+      expect(IO.read("#{repo_path}/blah")).to start_with('-----BEGIN')
+      expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"), 'hello')).to be_kind_of(OpenSSL::PKey::RSA)
+    end
+  end
+  context 'with a private key with a pass phrase' do
+    before :each do
+      Cheffish::BasicChefClient.converge_block do
+        private_key "#{repo_path}/blah" do
+          pass_phrase 'hello'
+        end
+      end
+    end
+    context 'and a private_key that copies it in der format' do
+      it 'the private_key is copied in der format and is identical' do
+        expect_recipe {
+          private_key "#{repo_path}/blah.der" do
+            source_key_path "#{repo_path}/blah"
+            source_key_pass_phrase 'hello'
+            format :der
+          end
+        }.to have_updated "private_key[#{repo_path}/blah.der]", :create
+        key_str = IO.read("#{repo_path}/blah.der")
+        expect(key_str).not_to start_with('-----BEGIN')
+        expect(key_str).not_to start_with('ssh-')
+        expect("#{repo_path}/blah.der").to match_private_key("#{repo_path}/blah", 'hello')
+      end
+    end
+    context 'and a private_key resource pointing at it without a pass_phrase' do
+      it 'the run fails with an exception' do
+        expect {
+          converge {
+            private_key "#{repo_path}/blah"
+          }
+        }.to raise_error /missing pass phrase?/
+      end
+    end
+    context 'and a private_key resource with no pass phrase and regenerate_if_different' do
+      it 'the private_key is regenerated' do
+        expect_recipe {
+          private_key "#{repo_path}/blah" do
+            regenerate_if_different true
+          end
+        }.to have_updated "private_key[#{repo_path}/blah]", :create
+        expect(IO.read("#{repo_path}/blah")).to start_with('-----BEGIN')
+        expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
+      end
+    end
+    it 'a private_key resource that copies it from in-memory as a string succeeds' do
+      expect_recipe {
+        private_key "#{repo_path}/blah.der" do
+          source_key IO.read("#{repo_path}/blah")
+          source_key_pass_phrase 'hello'
+          format :der
+        end
+      }.to have_updated "private_key[#{repo_path}/blah.der]", :create
+      key_str = IO.read("#{repo_path}/blah.der")
+      expect(key_str).not_to start_with('-----BEGIN')
+      expect(key_str).not_to start_with('ssh-')
+      expect("#{repo_path}/blah.der").to match_private_key("#{repo_path}/blah", 'hello')
+    end
+    context 'and a public_key' do
+      it 'the public_key is created in openssh format' do
+        expect_recipe {
+          public_key "#{repo_path}/blah.pub" do
+            source_key_path "#{repo_path}/blah"
+            source_key_pass_phrase 'hello'
+          end
+        }.to have_updated "public_key[#{repo_path}/blah.pub]", :create
+        expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
+        expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah", 'hello'
+      end
+    end
+    context 'and a public_key derived from the private key in an in-memory string' do
+      it 'the public_key is created in openssh format' do
+        expect_recipe {
+          public_key "#{repo_path}/blah.pub" do
+            source_key IO.read("#{repo_path}/blah")
+            source_key_pass_phrase 'hello'
+          end
+        }.to have_updated "public_key[#{repo_path}/blah.pub]", :create
+        expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
+        expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah", 'hello'
+      end
+    end
+  end
+  context 'with a recipe with a private_key and public_key_path' do
+    it 'the private_key and public_key are created' do
+      expect_recipe {
+        private_key "#{repo_path}/blah" do
+          public_key_path "#{repo_path}/blah.pub"
+        end
+      }.to have_updated "private_key[#{repo_path}/blah]", :create
+      expect(IO.read("#{repo_path}/blah")).to start_with('-----BEGIN')
+      expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
+      expect(IO.read("#{repo_path}/blah.pub")).to start_with('ssh-rsa ')
+      expect("#{repo_path}/blah.pub").to be_public_key_for("#{repo_path}/blah")
+    end
+  end
+  context 'with a recipe with a private_key and public_key_path and public_key_format' do
+    it 'the private_key and public_key are created' do
+      expect_recipe {
+        private_key "#{repo_path}/blah" do
+          public_key_path "#{repo_path}/blah.pub.der"
+          public_key_format :der
+        end
+      }.to have_updated "private_key[#{repo_path}/blah]", :create
+      expect(IO.read("#{repo_path}/blah")).to start_with('-----BEGIN')
+      expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
+      expect(IO.read("#{repo_path}/blah.pub.der")).not_to start_with('ssh-rsa ')
+      expect("#{repo_path}/blah.pub.der").to be_public_key_for("#{repo_path}/blah")
+    end
+  end
+  context 'with a recipe with a private_key with path :none' do
+    it 'the private_key is created' do
+      got_private_key = nil
+      expect_recipe {
+        private_key 'in_memory' do
+          path :none
+          after { |resource, private_key| got_private_key = private_key }
+        end
+      }.to have_updated "private_key[in_memory]", :create
+      expect(got_private_key).to be_kind_of(OpenSSL::PKey::RSA)
+    end
+  end
+end