Merge pull request #338 from chef/green

Use Chef 14 to avoid license failures in test + use config.rb where we can

.github/CODEOWNERS

@@ -1,5 +1,5 @@
 # Order is important. The last matching pattern has the most precedence.
 
 *                 @chef/chef-vault-maintainers
-.expeditor/       @chef/jex-team
+.expeditor/**     @chef/jex-team
 *.md              @chef/docs-team

Gemfile

@@ -1,14 +1,27 @@
-source "https://rubygems.org/"
+source "https://rubygems.org"
 
 gemspec
 
 group :development do
-  gem "chefstyle", git: "https://github.com/chef/chefstyle.git"
+  gem "chefstyle"
   gem "chef-zero"
   gem "rake"
   gem "rspec", "~> 3.4"
   gem "aruba", "~> 0.6"
   gem "simplecov", "~> 0.9"
-  gem "simplecov-console", "~> 0.2"
-  gem "chef"
+  gem "simplecov-console", "~> 0.2.0"
+  gem "chef", "~> 14.0" # avoids test failures on license acceptance
+end
+
+group :docs do
+  gem "yard"
+  gem "redcarpet"
+  gem "github-markup"
+end
+
+group :debug do
+  gem "pry"
+  gem "pry-byebug"
+  gem "pry-stack_explorer"
+  gem "rb-readline"
 end

KNIFE_EXAMPLES.md

@@ -246,7 +246,7 @@ This command outputs the type of the data bag item: normal, encrypted or vault
 
 Short | Long | Description | Default | Valid Values | Sub-Commands
 ------|------|-------------|---------|--------------|-------------
--M MODE | --mode MODE | Chef mode to run in. Can be set in knife.rb | solo | solo, client | all
+-M MODE | --mode MODE | Chef mode to run in. Can be set in config.rb | solo | solo, client | all
 -S SEARCH | --search SEARCH | Chef Server SOLR Search Of Nodes | | | create, remove , update
 -A ADMINS | --admins ADMINS | Chef clients or users to be vault admins, can be comma list | | | create, remove, update
 -J FILE | --json FILE | JSON file to be used for values, will be merged with VALUES if VALUES is passed | | | create, update

README.md

@@ -80,7 +80,7 @@ directory and try out the commands that failed:
 
 ```
 cd tmp/aruba
-bundle exec knife <your command that failed from test with -c knife.rb>
+bundle exec knife <your command that failed from test with -c config.rb>
 ```
 
 Optionally add `-VV` to the above to get a full stacktrace.
@@ -97,14 +97,14 @@ This will fix up your rubocop errors automatically, and warn you about any it ca
 
 See KNIFE_EXAMPLES.md for examples of commands
 
-### knife.rb
+### config.rb (aka knife.rb)
 
-To set 'client' as the default mode, add the following line to the knife.rb file.
+To set 'client' as the default mode, add the following line to the config.rb file.
 
     knife[:vault_mode] = 'client'
 
 To set the default list of admins for creating and updating vaults, add the
-following line to the knife.rb file.
+following line to the config.rb file.
 
     knife[:vault_admins] = [ 'example-alice', 'example-bob', 'example-carol' ]
 
@@ -132,7 +132,7 @@ NOTE: chef-vault 1.0 knife commands are not supported! Please use chef-vault
 
 Short | Long | Description | Default | Valid Values | Sub-Commands
 ------|------|-------------|---------|--------------|-------------
--M MODE | --mode MODE | Chef mode to run in. Can be set in knife.rb | solo | solo, client | all
+-M MODE | --mode MODE | Chef mode to run in. Can be set in config.rb | solo | solo, client | all
 -S SEARCH | --search SEARCH | Chef Server SOLR Search Of Nodes | | | create, remove , update
 -C CLIENTS | --clients CLIENTS | Chef clients to be added as clients, can be comma list | | | create, remove , update
 -A ADMINS | --admins ADMINS | Chef clients or users to be vault admins, can be comma list | | | create, remove, update
@@ -235,7 +235,7 @@ This functionality is also available from the command line as `knife vault itemt
 
 `chef-vault` can be used as a stand alone binary to decrypt values stored in
 Chef. It requires that Chef is installed on the system and that you have a
-valid knife.rb. This is useful if you want to mix `chef-vault` into non-Chef
+valid config.rb. This is useful if you want to mix `chef-vault` into non-Chef
 recipe code, for example some other script where you want to protect a
 password.
 
@@ -247,7 +247,7 @@ Use `chef-vault --help` to see all all available options
 
 ### Example usage (password)
 
-    chef-vault -v passwords -i root -a password -k /etc/chef/knife.rb
+    chef-vault -v passwords -i root -a password -k /etc/chef/config.rb
 
 ## SCALING
 As more nodes use a shared key, some operations like refresh or update can execute more efficiently using sparse mode (see [issue #237](https://github.com/chef/chef-vault/issues/237)).

features/step_definitions/chef-databag.rb

@@ -1,9 +1,9 @@
 When(/^I create a data bag '(.+)' containing the JSON '(.+)'$/) do |bag, json|
   write_file "item.json", json
-  run_simple "knife data bag create #{bag} -z -c knife.rb -d"
-  run_simple "knife data bag from_file #{bag} -z -c knife.rb item.json"
+  run_command_and_stop "knife data bag create #{bag} -z -c config.rb -d"
+  run_command_and_stop "knife data bag from_file #{bag} -z -c config.rb item.json"
 end
 
 Given(/^I create an empty data bag '(.+)'$/) do |databag|
-  run_simple "knife data bag create #{databag} -z -c knife.rb", false
+  run_command_and_stop "knife data bag create #{databag} -z -c config.rb", false
 end

features/step_definitions/chef-repo.rb

@@ -3,8 +3,8 @@
   %w{cookbooks clients nodes data_bags}.each do |dir|
     create_directory dir
   end
-  # create a basic knife.rb
-  write_file "knife.rb", <<EOF
+  # create a basic config.rb
+  write_file "config.rb", <<EOF
 local_mode true
 chef_repo_path '.'
 chef_zero.enabled true
@@ -19,7 +19,7 @@
     create_admin(admin)
   end
   # add the admin key to the knife configuration
-  append_to_file "knife.rb", <<EOF
+  append_to_file "config.rb", <<EOF
 node_name 'admin'
 client_key 'admin.pem'
 EOF
@@ -50,23 +50,23 @@
 end
 
 def create_node(name)
-  run_simple "knife node create #{name} -z -d -c knife.rb"
+  run_command_and_stop "knife node create #{name} -z -d -c config.rb"
 end
 
 def create_admin(admin)
   create_client(admin, "-a")
 end
 
 def create_client(name, args = nil)
-  command = "knife client create #{name} -z -d -c knife.rb #{args} >#{name}.pem"
-  run_simple command
+  command = "knife client create #{name} -z -d -c config.rb #{args} >#{name}.pem"
+  run_command_and_stop command
   write_file("#{name}.pem", last_command_started.stdout)
 end
 
 def delete_client(name)
-  run_simple "knife client delete #{name} -y -z -c knife.rb"
+  run_command_and_stop "knife client delete #{name} -y -z -c config.rb"
 end
 
 def delete_node(name)
-  run_simple "knife node delete #{name} -y -z -c knife.rb"
+  run_command_and_stop "knife node delete #{name} -y -z -c config.rb"
 end

features/step_definitions/chef-vault.rb

@@ -5,54 +5,54 @@
   query = nodelist.split(/,/).map { |e| "name:#{e}" }.join(" OR ")
   adminarg = admins.nil? ? "-A admin" : "-A #{admins}"
   sparseopt = sparse.nil? ? "" : "-K sparse"
-  run_simple "knife vault create #{vault} #{item} -z -c knife.rb #{adminarg} #{sparseopt} -S '#{query}' -J item.json", false
+  run_command_and_stop "knife vault create #{vault} #{item} -z -c config.rb #{adminarg} #{sparseopt} -S '#{query}' -J item.json", false
 end
 
 Given(%r{^I update the vault item '(.+)/(.+)' to be encrypted for '(.+)'( with the clean option)?$}) do |vault, item, nodelist, cleanopt|
   query = nodelist.split(/,/).map { |e| "name:#{e}" }.join(" OR ")
-  run_simple "knife vault update #{vault} #{item} -z -c knife.rb -S '#{query}' #{cleanopt ? "--clean" : ""}"
+  run_command_and_stop "knife vault update #{vault} #{item} -z -c config.rb -S '#{query}' #{cleanopt ? "--clean" : ""}"
 end
 
 Given(%r{^I remove clients? '(.+)' from vault item '(.+)/(.+)' with the '(.+)' options?$}) do |nodelist, vault, item, optionlist|
   query = nodelist.split(/,/).map { |e| "name:#{e}" }.join(" OR ")
   options = optionlist.split(/,/).map { |o| "--#{o}" }.join(" ")
-  run_simple "knife vault remove #{vault} #{item} -z -c knife.rb -S '#{query}' #{options}"
+  run_command_and_stop "knife vault remove #{vault} #{item} -z -c config.rb -S '#{query}' #{options}"
 end
 
 Given(%r{^I rotate the keys for vault item '(.+)/(.+)' with the '(.+)' options?$}) do |vault, item, optionlist|
   options = optionlist.split(/,/).map { |o| "--#{o}" }.join(" ")
-  run_simple "knife vault rotate keys #{vault} #{item} -c knife.rb -z #{options}"
+  run_command_and_stop "knife vault rotate keys #{vault} #{item} -c config.rb -z #{options}"
 end
 
 Given(/^I rotate all keys with the '(.+)' options?$/) do |optionlist|
   options = optionlist.split(/,/).map { |o| "--#{o}" }.join(" ")
-  run_simple "knife vault rotate all keys -z -c knife.rb #{options}"
+  run_command_and_stop "knife vault rotate all keys -z -c config.rb #{options}"
 end
 
 Given(%r{^I refresh the vault item '(.+)/(.+)'$}) do |vault, item|
-  run_simple "knife vault refresh #{vault} #{item} -c knife.rb -z"
+  run_command_and_stop "knife vault refresh #{vault} #{item} -c config.rb -z"
 end
 
 Given(%r{^I refresh the vault item '(.+)/(.+)' with the '(.+)' options?$}) do |vault, item, optionlist|
   options = optionlist.split(/,/).map { |o| "--#{o}" }.join(" ")
-  run_simple "knife vault refresh #{vault} #{item} -c knife.rb -z #{options}"
+  run_command_and_stop "knife vault refresh #{vault} #{item} -c config.rb -z #{options}"
 end
 
 Given(%r{^I try to decrypt the vault item '(.+)/(.+)' as '(.+)'$}) do |vault, item, node|
-  run_simple "knife vault show #{vault} #{item} -z -c knife.rb -u #{node} -k #{node}.pem", false
+  run_command_and_stop "knife vault show #{vault} #{item} -z -c config.rb -u #{node} -k #{node}.pem", false
 end
 
 Then(%r{^the vault item '(.+)/(.+)' should( not)? be encrypted for '(.+)'( with keys in sparse mode)?$}) do |vault, item, neg, nodelist, sparse|
   nodes = nodelist.split(/,/)
-  command = "knife data bag show #{vault} #{item}_keys -z -c knife.rb -F json"
-  run_simple(command)
+  command = "knife data bag show #{vault} #{item}_keys -z -c config.rb -F json"
+  run_command_and_stop(command)
   output = last_command_started.stdout
   data = JSON.parse(output)
   if sparse
     expect(data).to include("mode" => "sparse")
     nodes.each do |node|
-      command = "knife data bag show #{vault} #{item}_key_#{node} -z -c knife.rb -F json"
-      run_simple(command, fail_on_error: false)
+      command = "knife data bag show #{vault} #{item}_key_#{node} -z -c config.rb -F json"
+      run_command_and_stop(command, fail_on_error: false)
       if neg
         error = last_command_started.stderr
         expect(error).to include("ERROR: The object you are looking for could not be found")
@@ -69,8 +69,8 @@
 
 Given(%r{^'(.+)' should( not)? be a client for the vault item '(.+)/(.+)'$}) do |nodelist, neg, vault, item|
   nodes = nodelist.split(/,/)
-  command = "knife data bag show #{vault} #{item}_keys -z -c knife.rb -F json"
-  run_simple(command)
+  command = "knife data bag show #{vault} #{item}_keys -z -c config.rb -F json"
+  run_command_and_stop(command)
   output = last_command_started.stdout
   data = JSON.parse(output)
   nodes.each do |node|
@@ -84,8 +84,8 @@
 
 Given(%r{^'(.+)' should( not)? be an admin for the vault item '(.+)/(.+)'$}) do |nodelist, neg, vault, item|
   nodes = nodelist.split(/,/)
-  command = "knife data bag show #{vault} #{item}_keys -z -c knife.rb -F json"
-  run_simple(command)
+  command = "knife data bag show #{vault} #{item}_keys -z -c config.rb -F json"
+  run_command_and_stop(command)
   output = last_command_started.stdout
   data = JSON.parse(output)
   nodes.each do |node|
@@ -98,11 +98,11 @@
 end
 
 Given(/^I list the vaults$/) do
-  run_simple("knife vault list")
+  run_command_and_stop("knife vault list")
 end
 
 Given(%r{^I can('t)? decrypt the vault item '(.+)/(.+)' as '(.+)'$}) do |neg, vault, item, client|
-  run_simple "knife vault show #{vault} #{item} -c knife.rb -z -u #{client} -k #{client}.pem", false
+  run_command_and_stop "knife vault show #{vault} #{item} -c config.rb -z -u #{client} -k #{client}.pem", false
   if neg
     expect(last_command_started).not_to have_exit_status(0)
   else
@@ -111,19 +111,19 @@
 end
 
 Given(%r{^I (try to )?add '(.+)' as an admin for the vault item '(.+)/(.+)'$}) do |try, newadmin, vault, item|
-  run_simple "knife vault update #{vault} #{item} -c knife.rb -z -A #{newadmin}", !try
+  run_command_and_stop "knife vault update #{vault} #{item} -c config.rb -z -A #{newadmin}", !try
 end
 
 Given(/^I show the keys of the vault '(.+)'$/) do |vault|
-  run_simple "knife vault show #{vault} -c knife.rb -z"
+  run_command_and_stop "knife vault show #{vault} -c config.rb -z"
 end
 
 Given(%r{^I check if the data bag item '(.+)/(.+)' is a vault$}) do |vault, item|
-  run_simple "knife vault isvault #{vault} #{item} -c knife.rb -z", false
+  run_command_and_stop "knife vault isvault #{vault} #{item} -c config.rb -z", false
 end
 
 Given(%r{^I check the type of the data bag item '(.+)/(.+)'$}) do |vault, item|
-  run_simple "knife vault itemtype #{vault} #{item} -c knife.rb -z"
+  run_command_and_stop "knife vault itemtype #{vault} #{item} -c config.rb -z"
 end
 
 Given(%r{^I downgrade the vault item '(.+)/(.+)' to v1 syntax}) do |vault, item|
@@ -135,15 +135,15 @@
 end
 
 Given(%r{^I can save the JSON object of the encrypted data bag for the vault item '(.+)/(.+)'$}) do |vault, item|
-  command = "knife data bag show #{vault} #{item} -z -c knife.rb -F json"
-  run_simple(command)
+  command = "knife data bag show #{vault} #{item} -z -c config.rb -F json"
+  run_command_and_stop(command)
   output = last_command_started.stdout
   @saved_encrypted_vault_item = JSON.parse(output)
 end
 
 Given(%r{^the data bag of the vault item '(.+)/(.+)' has not been re-encrypted$}) do |vault, item|
-  command = "knife data bag show #{vault} #{item} -z -c knife.rb -F json"
-  run_simple(command)
+  command = "knife data bag show #{vault} #{item} -z -c config.rb -F json"
+  run_command_and_stop(command)
   output = last_command_started.stdout
   encrypted_vault_item = JSON.parse(output)
 

features/step_definitions/chef_databagitem.rb

@@ -1,9 +1,9 @@
 Given(%r{^I create a data bag item '(.+)/(.+)' containing the JSON '(.+)'$}) do |databag, _, json|
   write_file "item.json", json
-  run_simple "knife data bag from file #{databag} item.json -z -c knife.rb", false
+  run_command_and_stop "knife data bag from file #{databag} item.json -z -c config.rb", false
 end
 
 Given(%r{^I create an encrypted data bag item '(.+)/(.+)' containing the JSON '(.+)' with the secret '(.+)'$}) do |databag, _, json, secret|
   write_file "item.json", json
-  run_simple "knife data bag from file #{databag} item.json -s #{secret} -z -c knife.rb", false
+  run_command_and_stop "knife data bag from file #{databag} item.json -s #{secret} -z -c config.rb", false
 end

spec/chef-vault_spec.rb

@@ -42,17 +42,17 @@ def chef_zero
 
   context "with a vault and config file parameter specified" do
     before do
-      allow(IO).to receive(:read).with("knife.rb").and_return("node_name 'myserver'")
+      allow(IO).to receive(:read).with("config.rb").and_return("node_name 'myserver'")
     end
 
-    let(:vault) { ChefVault.new("foo", "knife.rb") }
+    let(:vault) { ChefVault.new("foo", "config.rb") }
 
     it "assigns 'foo' to the vault accessor" do
       expect(vault.vault).to eq "foo"
     end
 
     it "loads the Chef config values" do
-      expect(ChefVault).to receive(:load_config).with("knife.rb")
+      expect(ChefVault).to receive(:load_config).with("config.rb")
       vault
     end
   end