openstack
/
cookbook-openstack-common
Code Issues Proposed changes
cookbook-openstack-common/spec/password_spec.rb

122 lines
4.4 KiB
Ruby
Raw Blame History

require_relative 'spec_helper'
require ::File.join ::File.dirname(__FILE__), '..', 'libraries', 'passwords'
require 'chef-vault'
describe 'openstack-common::default' do
describe 'Passwords' do
let(:runner) { ChefSpec::SoloRunner.new(CHEFSPEC_OPTS) }
let(:node) { runner.node }
cached(:chef_run) { runner.converge(described_recipe) }
let(:subject) { Object.new.extend(Openstack) }
include_context 'library-stubs'
context 'stored in encrypted data bags by default' do
describe '#secret' do
it 'returns databag' do
value = { 'nova' => 'this' }
allow(Chef::EncryptedDataBagItem).to receive(:load_secret).with(
'/etc/chef/openstack_data_bag_secret').and_return('secret')
allow(Chef::EncryptedDataBagItem).to receive(:load).with(
'passwords', 'nova', 'secret').and_return(value)
expect(subject.secret('passwords', 'nova')).to eq('this')
end
end
context 'using chef-vault' do
cached(:chef_run) do
node.override['openstack']['databag_type'] = 'vault'
runner.converge(described_recipe)
end
it 'returns the data from a chef vault item' do
allow(ChefVault::Item).to receive(:load)
.with('vault_passwords', 'nova')
.and_return('nova' => 'novapassword')
expect(subject.secret('passwords', 'nova')).to eq('novapassword')
end
end
describe '#get_password' do
%w(service db user).each do |type|
it "returns databag value for #{type}" do
value = { 'nova' => 'this' }
allow(Chef::EncryptedDataBagItem).to receive(:load_secret).with(
'/etc/chef/openstack_data_bag_secret').and_return('secret')
allow(Chef::EncryptedDataBagItem).to receive(:load).with(
"#{type}_passwords", 'nova', 'secret').and_return(value)
expect(subject.get_password(type, 'nova')).to eq('this')
end
end
it 'returns nil for an invalid type' do
expect(subject.get_password('invalid_type', 'nova')).to be_nil
end
it 'returns tokens from the secrets_data_bag' do
bag_content = { 'nova' => 'mysecret' }
allow(Chef::EncryptedDataBagItem).to receive(:load_secret).with(
'/etc/chef/openstack_data_bag_secret'
).and_return('secret')
allow(Chef::EncryptedDataBagItem).to receive(:load).with(
'secrets', 'nova', 'secret'
).and_return(bag_content)
expect(subject.get_password('token', 'nova')).to eq('mysecret')
end
end
end
context 'stored in standard data bags' do
cached(:chef_run) do
node.override['openstack']['databag_type'] = 'standard'
runner.converge(described_recipe)
end
describe '#secret' do
it 'returns databag' do
value = { 'nova' => 'this' }
allow(Chef::DataBagItem).to receive(:load)
.with('passwords', 'nova').and_return(value)
expect(subject.secret('passwords', 'nova')).to eq('this')
end
end
describe '#get_password' do
%w(service db user).each do |type|
it "returns databag value for #{type}" do
value = { 'nova' => 'this' }
allow(Chef::DataBagItem).to receive(:load).with(
"#{type}_passwords", 'nova').and_return(value)
expect(subject.get_password(type, 'nova')).to eq('this')
end
end
it 'returns nil for an invalid type' do
expect(subject.get_password('invalid_type', 'nova')).to be_nil
end
it 'returns tokens from the secrets_data_bag' do
bag_content = { 'nova' => 'mysecret' }
allow(Chef::DataBagItem).to receive(:load).with(
'secrets', 'nova'
).and_return(bag_content)
expect(subject.get_password('token', 'nova')).to eq('mysecret')
end
end
end
context 'stored in attributes as an alternative' do
cached(:chef_run) do
node.override['openstack']['use_databags'] = false
runner.converge(described_recipe)
end
describe '#get_password' do
%w(service db user token).each do |type|
it "returns the set attribute for #{type}" do
expect(subject.get_password(type, 'compute')).to eq("compute-#{type}")
end
end
end
end
end
end
View Git Blame Copy Permalink