122 lines
4.4 KiB
Ruby
122 lines
4.4 KiB
Ruby
require_relative 'spec_helper'
|
|
require ::File.join ::File.dirname(__FILE__), '..', 'libraries', 'passwords'
|
|
require 'chef-vault'
|
|
|
|
describe 'openstack-common::default' do
|
|
describe 'Passwords' do
|
|
let(:runner) { ChefSpec::SoloRunner.new(CHEFSPEC_OPTS) }
|
|
let(:node) { runner.node }
|
|
cached(:chef_run) { runner.converge(described_recipe) }
|
|
let(:subject) { Object.new.extend(Openstack) }
|
|
|
|
include_context 'library-stubs'
|
|
|
|
context 'stored in encrypted data bags by default' do
|
|
describe '#secret' do
|
|
it 'returns databag' do
|
|
value = { 'nova' => 'this' }
|
|
allow(Chef::EncryptedDataBagItem).to receive(:load_secret).with(
|
|
'/etc/chef/openstack_data_bag_secret').and_return('secret')
|
|
allow(Chef::EncryptedDataBagItem).to receive(:load).with(
|
|
'passwords', 'nova', 'secret').and_return(value)
|
|
expect(subject.secret('passwords', 'nova')).to eq('this')
|
|
end
|
|
end
|
|
|
|
context 'using chef-vault' do
|
|
cached(:chef_run) do
|
|
node.override['openstack']['databag_type'] = 'vault'
|
|
runner.converge(described_recipe)
|
|
end
|
|
it 'returns the data from a chef vault item' do
|
|
allow(ChefVault::Item).to receive(:load)
|
|
.with('vault_passwords', 'nova')
|
|
.and_return('nova' => 'novapassword')
|
|
expect(subject.secret('passwords', 'nova')).to eq('novapassword')
|
|
end
|
|
end
|
|
|
|
describe '#get_password' do
|
|
%w(service db user).each do |type|
|
|
it "returns databag value for #{type}" do
|
|
value = { 'nova' => 'this' }
|
|
allow(Chef::EncryptedDataBagItem).to receive(:load_secret).with(
|
|
'/etc/chef/openstack_data_bag_secret').and_return('secret')
|
|
allow(Chef::EncryptedDataBagItem).to receive(:load).with(
|
|
"#{type}_passwords", 'nova', 'secret').and_return(value)
|
|
expect(subject.get_password(type, 'nova')).to eq('this')
|
|
end
|
|
end
|
|
|
|
it 'returns nil for an invalid type' do
|
|
expect(subject.get_password('invalid_type', 'nova')).to be_nil
|
|
end
|
|
|
|
it 'returns tokens from the secrets_data_bag' do
|
|
bag_content = { 'nova' => 'mysecret' }
|
|
allow(Chef::EncryptedDataBagItem).to receive(:load_secret).with(
|
|
'/etc/chef/openstack_data_bag_secret'
|
|
).and_return('secret')
|
|
allow(Chef::EncryptedDataBagItem).to receive(:load).with(
|
|
'secrets', 'nova', 'secret'
|
|
).and_return(bag_content)
|
|
expect(subject.get_password('token', 'nova')).to eq('mysecret')
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'stored in standard data bags' do
|
|
cached(:chef_run) do
|
|
node.override['openstack']['databag_type'] = 'standard'
|
|
runner.converge(described_recipe)
|
|
end
|
|
describe '#secret' do
|
|
it 'returns databag' do
|
|
value = { 'nova' => 'this' }
|
|
allow(Chef::DataBagItem).to receive(:load)
|
|
.with('passwords', 'nova').and_return(value)
|
|
expect(subject.secret('passwords', 'nova')).to eq('this')
|
|
end
|
|
end
|
|
|
|
describe '#get_password' do
|
|
%w(service db user).each do |type|
|
|
it "returns databag value for #{type}" do
|
|
value = { 'nova' => 'this' }
|
|
allow(Chef::DataBagItem).to receive(:load).with(
|
|
"#{type}_passwords", 'nova').and_return(value)
|
|
expect(subject.get_password(type, 'nova')).to eq('this')
|
|
end
|
|
end
|
|
|
|
it 'returns nil for an invalid type' do
|
|
expect(subject.get_password('invalid_type', 'nova')).to be_nil
|
|
end
|
|
|
|
it 'returns tokens from the secrets_data_bag' do
|
|
bag_content = { 'nova' => 'mysecret' }
|
|
allow(Chef::DataBagItem).to receive(:load).with(
|
|
'secrets', 'nova'
|
|
).and_return(bag_content)
|
|
expect(subject.get_password('token', 'nova')).to eq('mysecret')
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'stored in attributes as an alternative' do
|
|
cached(:chef_run) do
|
|
node.override['openstack']['use_databags'] = false
|
|
runner.converge(described_recipe)
|
|
end
|
|
|
|
describe '#get_password' do
|
|
%w(service db user token).each do |type|
|
|
it "returns the set attribute for #{type}" do
|
|
expect(subject.get_password(type, 'compute')).to eq("compute-#{type}")
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|