cheffish 4.0.0 → 4.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +8 -8
- data/Rakefile +24 -12
- data/cheffish.gemspec +15 -15
- data/lib/chef/resource/chef_acl.rb +63 -63
- data/lib/chef/resource/chef_client.rb +9 -9
- data/lib/chef/resource/chef_container.rb +9 -9
- data/lib/chef/resource/chef_data_bag.rb +9 -9
- data/lib/chef/resource/chef_data_bag_item.rb +27 -27
- data/lib/chef/resource/chef_environment.rb +21 -22
- data/lib/chef/resource/chef_group.rb +19 -19
- data/lib/chef/resource/chef_mirror.rb +32 -17
- data/lib/chef/resource/chef_node.rb +14 -14
- data/lib/chef/resource/chef_organization.rb +29 -30
- data/lib/chef/resource/chef_resolved_cookbooks.rb +7 -7
- data/lib/chef/resource/chef_role.rb +25 -22
- data/lib/chef/resource/chef_user.rb +13 -14
- data/lib/chef/resource/private_key.rb +24 -25
- data/lib/chef/resource/public_key.rb +6 -7
- data/lib/cheffish.rb +17 -17
- data/lib/cheffish/array_property.rb +2 -2
- data/lib/cheffish/base_properties.rb +3 -3
- data/lib/cheffish/base_resource.rb +8 -8
- data/lib/cheffish/basic_chef_client.rb +17 -17
- data/lib/cheffish/chef_actor_base.rb +8 -8
- data/lib/cheffish/chef_run.rb +7 -2
- data/lib/cheffish/chef_run_data.rb +2 -2
- data/lib/cheffish/chef_run_listener.rb +1 -1
- data/lib/cheffish/key_formatter.rb +16 -18
- data/lib/cheffish/merged_config.rb +5 -3
- data/lib/cheffish/node_properties.rb +11 -7
- data/lib/cheffish/recipe_dsl.rb +33 -34
- data/lib/cheffish/rspec.rb +3 -3
- data/lib/cheffish/rspec/chef_run_support.rb +13 -13
- data/lib/cheffish/rspec/matchers.rb +4 -4
- data/lib/cheffish/rspec/matchers/be_idempotent.rb +3 -3
- data/lib/cheffish/rspec/matchers/emit_no_warnings_or_errors.rb +3 -3
- data/lib/cheffish/rspec/matchers/have_updated.rb +3 -3
- data/lib/cheffish/rspec/recipe_run_wrapper.rb +8 -7
- data/lib/cheffish/rspec/repository_support.rb +6 -6
- data/lib/cheffish/server_api.rb +11 -11
- data/lib/cheffish/version.rb +1 -1
- data/spec/functional/fingerprint_spec.rb +12 -12
- data/spec/functional/merged_config_spec.rb +46 -6
- data/spec/functional/server_api_spec.rb +3 -3
- data/spec/integration/chef_acl_spec.rb +489 -489
- data/spec/integration/chef_client_spec.rb +39 -39
- data/spec/integration/chef_container_spec.rb +14 -14
- data/spec/integration/chef_data_bag_item_spec.rb +9 -9
- data/spec/integration/chef_group_spec.rb +219 -219
- data/spec/integration/chef_mirror_spec.rb +228 -228
- data/spec/integration/chef_node_spec.rb +511 -511
- data/spec/integration/chef_organization_spec.rb +126 -126
- data/spec/integration/chef_role_spec.rb +33 -33
- data/spec/integration/chef_user_spec.rb +37 -37
- data/spec/integration/private_key_spec.rb +154 -154
- data/spec/integration/recipe_dsl_spec.rb +10 -10
- data/spec/integration/rspec/converge_spec.rb +49 -49
- data/spec/support/key_support.rb +6 -6
- data/spec/support/spec_support.rb +3 -3
- data/spec/unit/get_private_key_spec.rb +19 -19
- data/spec/unit/recipe_run_wrapper_spec.rb +4 -4
- metadata +3 -3
@@ -1,8 +1,8 @@
|
|
1
|
-
require
|
2
|
-
require
|
3
|
-
require
|
1
|
+
require "support/spec_support"
|
2
|
+
require "cheffish/rspec/chef_run_support"
|
3
|
+
require "support/key_support"
|
4
4
|
|
5
|
-
repo_path = Dir.mktmpdir(
|
5
|
+
repo_path = Dir.mktmpdir("chef_repo")
|
6
6
|
|
7
7
|
describe Chef::Resource::PrivateKey do
|
8
8
|
extend Cheffish::RSpec::ChefRunSupport
|
@@ -12,12 +12,12 @@ describe Chef::Resource::PrivateKey do
|
|
12
12
|
Dir.mkdir(repo_path)
|
13
13
|
end
|
14
14
|
|
15
|
-
context
|
16
|
-
it
|
17
|
-
expect_recipe
|
15
|
+
context "with a recipe with a private_key" do
|
16
|
+
it "the private_key is created in pem format" do
|
17
|
+
expect_recipe do
|
18
18
|
private_key "#{repo_path}/blah"
|
19
|
-
|
20
|
-
expect(IO.read("#{repo_path}/blah")).to start_with(
|
19
|
+
end.to have_updated "private_key[#{repo_path}/blah]", :create
|
20
|
+
expect(IO.read("#{repo_path}/blah")).to start_with("-----BEGIN")
|
21
21
|
expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
|
22
22
|
end
|
23
23
|
end
|
@@ -28,26 +28,26 @@ describe Chef::Resource::PrivateKey do
|
|
28
28
|
Chef::Config.private_key_paths = [ repo_path, "#{repo_path}/other_keys" ]
|
29
29
|
end
|
30
30
|
|
31
|
-
it
|
32
|
-
expect_recipe
|
33
|
-
private_key
|
34
|
-
|
31
|
+
it "the private key is created in the private_key_write_path" do
|
32
|
+
expect_recipe do
|
33
|
+
private_key "blah"
|
34
|
+
end.to have_updated "private_key[blah]", :create
|
35
35
|
expect(Chef::Config.private_key_write_path).to eq(repo_path)
|
36
36
|
expect(File.exist?("#{repo_path}/blah")).to be true
|
37
37
|
expect(File.exist?("#{repo_path}/other_keys/blah")).to be false
|
38
38
|
expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
|
39
|
-
expect(OpenSSL::PKey.read(Cheffish.get_private_key(
|
39
|
+
expect(OpenSSL::PKey.read(Cheffish.get_private_key("blah"))).to be_kind_of(OpenSSL::PKey::RSA)
|
40
40
|
end
|
41
41
|
|
42
|
-
context
|
42
|
+
context "and the private key already exists somewhere not in the write path" do
|
43
43
|
before :each do
|
44
44
|
recipe { private_key "#{repo_path}/other_keys/blah" }.converge
|
45
45
|
end
|
46
46
|
|
47
|
-
it
|
48
|
-
expect_recipe
|
49
|
-
private_key
|
50
|
-
|
47
|
+
it "the private expect(key).to not update" do
|
48
|
+
expect_recipe do
|
49
|
+
private_key "blah"
|
50
|
+
end.not_to have_updated "private_key[blah]", :create
|
51
51
|
|
52
52
|
expect(File.exist?("#{repo_path}/blah")).to be false
|
53
53
|
expect(File.exist?("#{repo_path}/other_keys/blah")).to be true
|
@@ -55,68 +55,68 @@ describe Chef::Resource::PrivateKey do
|
|
55
55
|
end
|
56
56
|
end
|
57
57
|
|
58
|
-
context
|
58
|
+
context "with a private key" do
|
59
59
|
before :each do
|
60
60
|
Cheffish::BasicChefClient.converge_block do
|
61
61
|
private_key "#{repo_path}/blah"
|
62
62
|
end
|
63
63
|
end
|
64
64
|
|
65
|
-
context
|
66
|
-
it
|
67
|
-
expect_recipe
|
65
|
+
context "and a private_key that copies it in der format" do
|
66
|
+
it "the private_key is copied in der format and is identical" do
|
67
|
+
expect_recipe do
|
68
68
|
private_key "#{repo_path}/blah.der" do
|
69
69
|
source_key_path "#{repo_path}/blah"
|
70
70
|
format :der
|
71
71
|
end
|
72
|
-
|
72
|
+
end.to have_updated "private_key[#{repo_path}/blah.der]", :create
|
73
73
|
key_str = IO.read("#{repo_path}/blah.der")
|
74
|
-
expect(key_str).not_to start_with(
|
75
|
-
expect(key_str).not_to start_with(
|
74
|
+
expect(key_str).not_to start_with("-----BEGIN")
|
75
|
+
expect(key_str).not_to start_with("ssh-")
|
76
76
|
expect("#{repo_path}/blah.der").to match_private_key("#{repo_path}/blah")
|
77
77
|
end
|
78
78
|
end
|
79
79
|
|
80
|
-
it
|
81
|
-
expect_recipe
|
80
|
+
it "a private_key that copies it from in-memory as a string succeeds" do
|
81
|
+
expect_recipe do
|
82
82
|
private_key "#{repo_path}/blah.der" do
|
83
83
|
source_key IO.read("#{repo_path}/blah")
|
84
84
|
format :der
|
85
85
|
end
|
86
|
-
|
86
|
+
end.to have_updated "private_key[#{repo_path}/blah.der]", :create
|
87
87
|
key_str = IO.read("#{repo_path}/blah.der")
|
88
|
-
expect(key_str).not_to start_with(
|
89
|
-
expect(key_str).not_to start_with(
|
88
|
+
expect(key_str).not_to start_with("-----BEGIN")
|
89
|
+
expect(key_str).not_to start_with("ssh-")
|
90
90
|
expect("#{repo_path}/blah.der").to match_private_key("#{repo_path}/blah")
|
91
91
|
end
|
92
92
|
|
93
|
-
it
|
93
|
+
it "a private_key that copies it from in-memory as a key succeeds" do
|
94
94
|
key = OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))
|
95
|
-
expect_recipe
|
95
|
+
expect_recipe do
|
96
96
|
private_key "#{repo_path}/blah.der" do
|
97
97
|
source_key key
|
98
98
|
format :der
|
99
99
|
end
|
100
|
-
|
100
|
+
end.to have_updated "private_key[#{repo_path}/blah.der]", :create
|
101
101
|
key_str = IO.read("#{repo_path}/blah.der")
|
102
|
-
expect(key_str).not_to start_with(
|
103
|
-
expect(key_str).not_to start_with(
|
102
|
+
expect(key_str).not_to start_with("-----BEGIN")
|
103
|
+
expect(key_str).not_to start_with("ssh-")
|
104
104
|
expect("#{repo_path}/blah.der").to match_private_key("#{repo_path}/blah")
|
105
105
|
end
|
106
106
|
|
107
|
-
context
|
108
|
-
it
|
109
|
-
expect_recipe
|
107
|
+
context "and a public_key recipe" do
|
108
|
+
it "the public_key is created" do
|
109
|
+
expect_recipe do
|
110
110
|
public_key "#{repo_path}/blah.pub" do
|
111
111
|
source_key_path "#{repo_path}/blah"
|
112
112
|
end
|
113
|
-
|
114
|
-
expect(IO.read("#{repo_path}/blah.pub")).to start_with(
|
113
|
+
end.to have_updated "public_key[#{repo_path}/blah.pub]", :create
|
114
|
+
expect(IO.read("#{repo_path}/blah.pub")).to start_with("ssh-rsa ")
|
115
115
|
expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
|
116
116
|
end
|
117
117
|
end
|
118
118
|
|
119
|
-
context
|
119
|
+
context "and a public key" do
|
120
120
|
before :each do
|
121
121
|
Cheffish::BasicChefClient.converge_block do
|
122
122
|
public_key "#{repo_path}/blah.pub" do
|
@@ -125,110 +125,110 @@ describe Chef::Resource::PrivateKey do
|
|
125
125
|
end
|
126
126
|
end
|
127
127
|
|
128
|
-
context
|
129
|
-
it
|
130
|
-
expect_recipe
|
128
|
+
context "and public_key resource based off the public key file" do
|
129
|
+
it "the second public_key is created" do
|
130
|
+
expect_recipe do
|
131
131
|
public_key "#{repo_path}/blah.pub2" do
|
132
132
|
source_key_path "#{repo_path}/blah.pub"
|
133
133
|
end
|
134
|
-
|
135
|
-
expect(IO.read("#{repo_path}/blah.pub")).to start_with(
|
134
|
+
end.to have_updated "public_key[#{repo_path}/blah.pub2]", :create
|
135
|
+
expect(IO.read("#{repo_path}/blah.pub")).to start_with("ssh-rsa ")
|
136
136
|
expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
|
137
137
|
end
|
138
138
|
end
|
139
139
|
|
140
|
-
context
|
141
|
-
it
|
142
|
-
expect_recipe
|
140
|
+
context "and another public_key based off the first public_key in-memory in a string" do
|
141
|
+
it "the second public_key is created" do
|
142
|
+
expect_recipe do
|
143
143
|
public_key "#{repo_path}/blah.pub2" do
|
144
144
|
source_key IO.read("#{repo_path}/blah.pub")
|
145
145
|
end
|
146
|
-
|
147
|
-
expect(IO.read("#{repo_path}/blah.pub")).to start_with(
|
146
|
+
end.to have_updated "public_key[#{repo_path}/blah.pub2]", :create
|
147
|
+
expect(IO.read("#{repo_path}/blah.pub")).to start_with("ssh-rsa ")
|
148
148
|
expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
|
149
149
|
end
|
150
150
|
end
|
151
151
|
|
152
|
-
it
|
152
|
+
it "and another public_key based off the first public_key in-memory in a key, the second public_key is created" do
|
153
153
|
key, format = Cheffish::KeyFormatter.decode(IO.read("#{repo_path}/blah.pub"))
|
154
154
|
|
155
|
-
expect_recipe
|
155
|
+
expect_recipe do
|
156
156
|
public_key "#{repo_path}/blah.pub2" do
|
157
157
|
source_key key
|
158
158
|
end
|
159
|
-
|
160
|
-
expect(IO.read("#{repo_path}/blah.pub")).to start_with(
|
159
|
+
end.to have_updated "public_key[#{repo_path}/blah.pub2]", :create
|
160
|
+
expect(IO.read("#{repo_path}/blah.pub")).to start_with("ssh-rsa ")
|
161
161
|
expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
|
162
162
|
end
|
163
163
|
|
164
|
-
context
|
165
|
-
it
|
166
|
-
expect_recipe
|
164
|
+
context "and another public_key in :pem format based off the first public_key" do
|
165
|
+
it "the second public_key is created" do
|
166
|
+
expect_recipe do
|
167
167
|
public_key "#{repo_path}/blah.pub2" do
|
168
168
|
source_key_path "#{repo_path}/blah.pub"
|
169
169
|
format :pem
|
170
170
|
end
|
171
|
-
|
172
|
-
expect(IO.read("#{repo_path}/blah.pub")).to start_with(
|
171
|
+
end.to have_updated "public_key[#{repo_path}/blah.pub2]", :create
|
172
|
+
expect(IO.read("#{repo_path}/blah.pub")).to start_with("ssh-rsa ")
|
173
173
|
expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
|
174
174
|
end
|
175
175
|
end
|
176
176
|
|
177
|
-
context
|
178
|
-
it
|
179
|
-
expect_recipe
|
177
|
+
context "and another public_key in :der format based off the first public_key" do
|
178
|
+
it "the second public_key is created" do
|
179
|
+
expect_recipe do
|
180
180
|
public_key "#{repo_path}/blah.pub2" do
|
181
181
|
source_key_path "#{repo_path}/blah.pub"
|
182
182
|
format :pem
|
183
183
|
end
|
184
|
-
|
185
|
-
expect(IO.read("#{repo_path}/blah.pub")).to start_with(
|
184
|
+
end.to have_updated "public_key[#{repo_path}/blah.pub2]", :create
|
185
|
+
expect(IO.read("#{repo_path}/blah.pub")).to start_with("ssh-rsa ")
|
186
186
|
expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
|
187
187
|
end
|
188
188
|
end
|
189
189
|
end
|
190
190
|
|
191
|
-
context
|
192
|
-
it
|
193
|
-
expect_recipe
|
191
|
+
context "and a public_key resource in pem format" do
|
192
|
+
it "the public_key is created" do
|
193
|
+
expect_recipe do
|
194
194
|
public_key "#{repo_path}/blah.pub" do
|
195
195
|
source_key_path "#{repo_path}/blah"
|
196
196
|
format :pem
|
197
197
|
end
|
198
|
-
|
199
|
-
expect(IO.read("#{repo_path}/blah.pub")).to start_with(
|
198
|
+
end.to have_updated "public_key[#{repo_path}/blah.pub]", :create
|
199
|
+
expect(IO.read("#{repo_path}/blah.pub")).to start_with("-----BEGIN")
|
200
200
|
expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
|
201
201
|
end
|
202
202
|
end
|
203
203
|
|
204
|
-
context
|
205
|
-
it
|
206
|
-
expect_recipe
|
204
|
+
context "and a public_key resource in der format" do
|
205
|
+
it "the public_key is created in openssh format" do
|
206
|
+
expect_recipe do
|
207
207
|
public_key "#{repo_path}/blah.pub" do
|
208
208
|
source_key_path "#{repo_path}/blah"
|
209
209
|
format :der
|
210
210
|
end
|
211
|
-
|
212
|
-
expect(IO.read("#{repo_path}/blah.pub")).not_to start_with(
|
213
|
-
expect(IO.read("#{repo_path}/blah.pub")).not_to start_with(
|
211
|
+
end.to have_updated "public_key[#{repo_path}/blah.pub]", :create
|
212
|
+
expect(IO.read("#{repo_path}/blah.pub")).not_to start_with("-----BEGIN")
|
213
|
+
expect(IO.read("#{repo_path}/blah.pub")).not_to start_with("ssh-rsa")
|
214
214
|
expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
|
215
215
|
end
|
216
216
|
end
|
217
217
|
end
|
218
218
|
|
219
|
-
context
|
220
|
-
it
|
221
|
-
expect_recipe
|
219
|
+
context "with a recipe with a private_key in der format" do
|
220
|
+
it "the private_key is created" do
|
221
|
+
expect_recipe do
|
222
222
|
private_key "#{repo_path}/blah" do
|
223
223
|
format :der
|
224
224
|
end
|
225
|
-
|
226
|
-
expect(IO.read("#{repo_path}/blah")).not_to start_with(
|
225
|
+
end.to have_updated "private_key[#{repo_path}/blah]", :create
|
226
|
+
expect(IO.read("#{repo_path}/blah")).not_to start_with("-----BEGIN")
|
227
227
|
expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
|
228
228
|
end
|
229
229
|
end
|
230
230
|
|
231
|
-
context
|
231
|
+
context "with a private key in der format" do
|
232
232
|
before :each do
|
233
233
|
Cheffish::BasicChefClient.converge_block do
|
234
234
|
private_key "#{repo_path}/blah" do
|
@@ -237,157 +237,157 @@ describe Chef::Resource::PrivateKey do
|
|
237
237
|
end
|
238
238
|
end
|
239
239
|
|
240
|
-
context
|
241
|
-
it
|
242
|
-
expect_recipe
|
240
|
+
context "and a public_key" do
|
241
|
+
it "the public_key is created in openssh format" do
|
242
|
+
expect_recipe do
|
243
243
|
public_key "#{repo_path}/blah.pub" do
|
244
244
|
source_key_path "#{repo_path}/blah"
|
245
245
|
end
|
246
|
-
|
247
|
-
expect(IO.read("#{repo_path}/blah.pub")).to start_with(
|
246
|
+
end.to have_updated "public_key[#{repo_path}/blah.pub]", :create
|
247
|
+
expect(IO.read("#{repo_path}/blah.pub")).to start_with("ssh-rsa ")
|
248
248
|
expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah"
|
249
249
|
end
|
250
250
|
end
|
251
251
|
end
|
252
252
|
|
253
|
-
context
|
254
|
-
it
|
255
|
-
expect_recipe
|
253
|
+
context "with a recipe with a private_key with a pass_phrase" do
|
254
|
+
it "the private_key is created" do
|
255
|
+
expect_recipe do
|
256
256
|
private_key "#{repo_path}/blah" do
|
257
|
-
pass_phrase
|
257
|
+
pass_phrase "hello"
|
258
258
|
end
|
259
|
-
|
260
|
-
expect(IO.read("#{repo_path}/blah")).to start_with(
|
261
|
-
expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"),
|
259
|
+
end.to have_updated "private_key[#{repo_path}/blah]", :create
|
260
|
+
expect(IO.read("#{repo_path}/blah")).to start_with("-----BEGIN")
|
261
|
+
expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"), "hello")).to be_kind_of(OpenSSL::PKey::RSA)
|
262
262
|
end
|
263
263
|
end
|
264
264
|
|
265
|
-
context
|
265
|
+
context "with a private key with a pass phrase" do
|
266
266
|
before :each do
|
267
267
|
Cheffish::BasicChefClient.converge_block do
|
268
268
|
private_key "#{repo_path}/blah" do
|
269
|
-
pass_phrase
|
269
|
+
pass_phrase "hello"
|
270
270
|
end
|
271
271
|
end
|
272
272
|
end
|
273
273
|
|
274
|
-
context
|
275
|
-
it
|
276
|
-
expect_recipe
|
274
|
+
context "and a private_key that copies it in der format" do
|
275
|
+
it "the private_key is copied in der format and is identical" do
|
276
|
+
expect_recipe do
|
277
277
|
private_key "#{repo_path}/blah.der" do
|
278
278
|
source_key_path "#{repo_path}/blah"
|
279
|
-
source_key_pass_phrase
|
279
|
+
source_key_pass_phrase "hello"
|
280
280
|
format :der
|
281
281
|
end
|
282
|
-
|
282
|
+
end.to have_updated "private_key[#{repo_path}/blah.der]", :create
|
283
283
|
key_str = IO.read("#{repo_path}/blah.der")
|
284
|
-
expect(key_str).not_to start_with(
|
285
|
-
expect(key_str).not_to start_with(
|
286
|
-
expect("#{repo_path}/blah.der").to match_private_key("#{repo_path}/blah",
|
284
|
+
expect(key_str).not_to start_with("-----BEGIN")
|
285
|
+
expect(key_str).not_to start_with("ssh-")
|
286
|
+
expect("#{repo_path}/blah.der").to match_private_key("#{repo_path}/blah", "hello")
|
287
287
|
end
|
288
288
|
end
|
289
289
|
|
290
|
-
context
|
291
|
-
it
|
292
|
-
expect
|
293
|
-
converge
|
290
|
+
context "and a private_key resource pointing at it without a pass_phrase" do
|
291
|
+
it "the run fails with an exception" do
|
292
|
+
expect do
|
293
|
+
converge do
|
294
294
|
private_key "#{repo_path}/blah"
|
295
|
-
|
296
|
-
|
295
|
+
end
|
296
|
+
end.to raise_error /missing pass phrase?/
|
297
297
|
end
|
298
298
|
end
|
299
299
|
|
300
|
-
context
|
301
|
-
it
|
302
|
-
expect_recipe
|
300
|
+
context "and a private_key resource with no pass phrase and regenerate_if_different" do
|
301
|
+
it "the private_key is regenerated" do
|
302
|
+
expect_recipe do
|
303
303
|
private_key "#{repo_path}/blah" do
|
304
304
|
regenerate_if_different true
|
305
305
|
end
|
306
|
-
|
307
|
-
expect(IO.read("#{repo_path}/blah")).to start_with(
|
306
|
+
end.to have_updated "private_key[#{repo_path}/blah]", :create
|
307
|
+
expect(IO.read("#{repo_path}/blah")).to start_with("-----BEGIN")
|
308
308
|
expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
|
309
309
|
end
|
310
310
|
end
|
311
311
|
|
312
|
-
it
|
313
|
-
expect_recipe
|
312
|
+
it "a private_key resource that copies it from in-memory as a string succeeds" do
|
313
|
+
expect_recipe do
|
314
314
|
private_key "#{repo_path}/blah.der" do
|
315
315
|
source_key IO.read("#{repo_path}/blah")
|
316
|
-
source_key_pass_phrase
|
316
|
+
source_key_pass_phrase "hello"
|
317
317
|
format :der
|
318
318
|
end
|
319
|
-
|
319
|
+
end.to have_updated "private_key[#{repo_path}/blah.der]", :create
|
320
320
|
key_str = IO.read("#{repo_path}/blah.der")
|
321
|
-
expect(key_str).not_to start_with(
|
322
|
-
expect(key_str).not_to start_with(
|
323
|
-
expect("#{repo_path}/blah.der").to match_private_key("#{repo_path}/blah",
|
321
|
+
expect(key_str).not_to start_with("-----BEGIN")
|
322
|
+
expect(key_str).not_to start_with("ssh-")
|
323
|
+
expect("#{repo_path}/blah.der").to match_private_key("#{repo_path}/blah", "hello")
|
324
324
|
end
|
325
325
|
|
326
|
-
context
|
327
|
-
it
|
328
|
-
expect_recipe
|
326
|
+
context "and a public_key" do
|
327
|
+
it "the public_key is created in openssh format" do
|
328
|
+
expect_recipe do
|
329
329
|
public_key "#{repo_path}/blah.pub" do
|
330
330
|
source_key_path "#{repo_path}/blah"
|
331
|
-
source_key_pass_phrase
|
331
|
+
source_key_pass_phrase "hello"
|
332
332
|
end
|
333
|
-
|
334
|
-
expect(IO.read("#{repo_path}/blah.pub")).to start_with(
|
335
|
-
expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah",
|
333
|
+
end.to have_updated "public_key[#{repo_path}/blah.pub]", :create
|
334
|
+
expect(IO.read("#{repo_path}/blah.pub")).to start_with("ssh-rsa ")
|
335
|
+
expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah", "hello"
|
336
336
|
end
|
337
337
|
end
|
338
338
|
|
339
|
-
context
|
340
|
-
it
|
341
|
-
expect_recipe
|
339
|
+
context "and a public_key derived from the private key in an in-memory string" do
|
340
|
+
it "the public_key is created in openssh format" do
|
341
|
+
expect_recipe do
|
342
342
|
public_key "#{repo_path}/blah.pub" do
|
343
343
|
source_key IO.read("#{repo_path}/blah")
|
344
|
-
source_key_pass_phrase
|
344
|
+
source_key_pass_phrase "hello"
|
345
345
|
end
|
346
|
-
|
347
|
-
expect(IO.read("#{repo_path}/blah.pub")).to start_with(
|
348
|
-
expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah",
|
346
|
+
end.to have_updated "public_key[#{repo_path}/blah.pub]", :create
|
347
|
+
expect(IO.read("#{repo_path}/blah.pub")).to start_with("ssh-rsa ")
|
348
|
+
expect("#{repo_path}/blah.pub").to be_public_key_for "#{repo_path}/blah", "hello"
|
349
349
|
end
|
350
350
|
end
|
351
351
|
end
|
352
352
|
|
353
|
-
context
|
354
|
-
it
|
355
|
-
expect_recipe
|
353
|
+
context "with a recipe with a private_key and public_key_path" do
|
354
|
+
it "the private_key and public_key are created" do
|
355
|
+
expect_recipe do
|
356
356
|
private_key "#{repo_path}/blah" do
|
357
357
|
public_key_path "#{repo_path}/blah.pub"
|
358
358
|
end
|
359
|
-
|
360
|
-
expect(IO.read("#{repo_path}/blah")).to start_with(
|
359
|
+
end.to have_updated "private_key[#{repo_path}/blah]", :create
|
360
|
+
expect(IO.read("#{repo_path}/blah")).to start_with("-----BEGIN")
|
361
361
|
expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
|
362
|
-
expect(IO.read("#{repo_path}/blah.pub")).to start_with(
|
362
|
+
expect(IO.read("#{repo_path}/blah.pub")).to start_with("ssh-rsa ")
|
363
363
|
expect("#{repo_path}/blah.pub").to be_public_key_for("#{repo_path}/blah")
|
364
364
|
end
|
365
365
|
end
|
366
366
|
|
367
|
-
context
|
368
|
-
it
|
369
|
-
expect_recipe
|
367
|
+
context "with a recipe with a private_key and public_key_path and public_key_format" do
|
368
|
+
it "the private_key and public_key are created" do
|
369
|
+
expect_recipe do
|
370
370
|
private_key "#{repo_path}/blah" do
|
371
371
|
public_key_path "#{repo_path}/blah.pub.der"
|
372
372
|
public_key_format :der
|
373
373
|
end
|
374
|
-
|
375
|
-
expect(IO.read("#{repo_path}/blah")).to start_with(
|
374
|
+
end.to have_updated "private_key[#{repo_path}/blah]", :create
|
375
|
+
expect(IO.read("#{repo_path}/blah")).to start_with("-----BEGIN")
|
376
376
|
expect(OpenSSL::PKey.read(IO.read("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
|
377
|
-
expect(IO.read("#{repo_path}/blah.pub.der")).not_to start_with(
|
377
|
+
expect(IO.read("#{repo_path}/blah.pub.der")).not_to start_with("ssh-rsa ")
|
378
378
|
expect("#{repo_path}/blah.pub.der").to be_public_key_for("#{repo_path}/blah")
|
379
379
|
end
|
380
380
|
end
|
381
381
|
|
382
|
-
context
|
383
|
-
it
|
382
|
+
context "with a recipe with a private_key with path :none" do
|
383
|
+
it "the private_key is created" do
|
384
384
|
got_private_key = nil
|
385
|
-
expect_recipe
|
386
|
-
private_key
|
385
|
+
expect_recipe do
|
386
|
+
private_key "in_memory" do
|
387
387
|
path :none
|
388
388
|
after { |resource, private_key| got_private_key = private_key }
|
389
389
|
end
|
390
|
-
|
390
|
+
end.to have_updated "private_key[in_memory]", :create
|
391
391
|
expect(got_private_key).to be_kind_of(OpenSSL::PKey::RSA)
|
392
392
|
end
|
393
393
|
end
|