-
Notifications
You must be signed in to change notification settings - Fork 4
/
Rakefile
128 lines (107 loc) · 2.93 KB
/
Rakefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
# Rake tasks
require 'rake'
require 'fileutils'
require 'base64'
require 'chef/encrypted_data_bag_item'
require 'json'
require 'openssl'
snakeoil_file_path = 'test/integration/data_bags/certificates/snakeoil.json'
encrypted_data_bag_secret_path = 'test/integration/encrypted_data_bag_secret'
##
# Run command wrapper
def run_command(command)
if File.exist?('Gemfile.lock')
sh %(bundle exec #{command})
else
sh %(chef exec #{command})
end
end
##
# Create a self-signed SSL certificate
#
def gen_ssl_cert
name = OpenSSL::X509::Name.new [
%w(C US),
%w(ST Oregon),
['CN', 'OSU Open Source Lab'],
%w(DC example),
]
key = OpenSSL::PKey::RSA.new 2048
cert = OpenSSL::X509::Certificate.new
cert.version = 2
cert.serial = 2
cert.subject = name
cert.public_key = key.public_key
cert.not_before = Time.now
cert.not_after = cert.not_before + 1 * 365 * 24 * 60 * 60 # 1 years validity
# Self-sign the Certificate
cert.issuer = name
cert.sign(key, OpenSSL::Digest.new('SHA1'))
[cert, key]
end
##
# Create a data bag item (with the id of snakeoil) containing a self-signed SSL
# certificate
#
def ssl_data_bag_item
cert, key = gen_ssl_cert
Chef::DataBagItem.from_hash(
'id' => 'snakeoil',
'cert' => cert.to_pem,
'key' => key.to_pem
)
end
##
# Create the integration tests directory if it doesn't exist
#
directory 'test/integration'
##
# Generates a 512 byte random sequence and write it to
# 'test/integration/encrypted_data_bag_secret'
#
file encrypted_data_bag_secret_path => 'test/integration' do
encrypted_data_bag_secret = OpenSSL::Random.random_bytes(512)
open encrypted_data_bag_secret_path, 'w' do |io|
io.write Base64.encode64(encrypted_data_bag_secret)
end
end
##
# Create the certificates data bag if it doesn't exist
#
directory 'test/integration/data_bags/certificates' => 'test/integration'
##
# Create the encrypted snakeoil certificate under
# test/integration/data_bags/certificates
#
file snakeoil_file_path => [
'test/integration/data_bags/certificates',
'test/integration/encrypted_data_bag_secret',
] do
encrypted_data_bag_secret = Chef::EncryptedDataBagItem.load_secret(
encrypted_data_bag_secret_path
)
encrypted_snakeoil_cert = Chef::EncryptedDataBagItem.encrypt_data_bag_item(
ssl_data_bag_item, encrypted_data_bag_secret
)
open snakeoil_file_path, 'w' do |io|
io.write JSON.pretty_generate(encrypted_snakeoil_cert)
end
end
desc 'Create an Encrypted Databag Snakeoil SSL Certificate'
task snakeoil: snakeoil_file_path
desc 'Create an Encrypted Databag Secret'
task secret_file: encrypted_data_bag_secret_path
require 'cookstyle'
require 'rubocop/rake_task'
desc 'Run RuboCop (cookstyle) tests'
RuboCop::RakeTask.new(:style) do |task|
task.options << '--display-cop-names'
end
desc 'Run RSpec (unit) tests'
task :unit do
run_command('rm -f Berksfile.lock')
run_command('rspec')
end
desc 'Run all tests'
task test: [:style, :unit]
task default: :test