Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cucumber tests are failing on windows #353

Open
dheerajd-msys opened this issue Jul 8, 2020 · 0 comments
Open

cucumber tests are failing on windows #353

dheerajd-msys opened this issue Jul 8, 2020 · 0 comments
Labels
Type: Bug Does not work as expected.

Comments

@dheerajd-msys
Copy link

Platform:

Windows OS

Steps to Reproduce:

Running cucumber on machine with master code

PS D:\chef-vaul\chef-vault> bundle exec cucumber
*** WARNING: You must use ANSICON 1.31 or higher (https://github.com/adoxa/ansicon/) to get coloured output on Windows
Feature: clean client keys
  When updating a vault item, chef-vault normally performs the
  saved or specified query and encrypts the item for all nodes
  returned.  It does not remove old client keys from the vault
  item keys data bag, which will grow over time.  Using the
  --clean switch will cause all client keys to be removed from
  the data bag before encrypting the item for all clients
  returned by the query

  Scenario: Do not clean client keys on update                                                         # features/clean.feature:10
    Given a local mode chef repo with nodes 'one,two,three'                                            # features/step_definitions/chef-repo.rb:1
      expected "knife node create one -z -d -c config.rb" to be successfully executed (RSpec::Expectations::ExpectationNotMetError)
      ./features/step_definitions/chef-repo.rb:53:in `create_node'
      ./features/step_definitions/chef-repo.rb:29:in `block (2 levels) in <top (required)>'
      ./features/step_definitions/chef-repo.rb:27:in `each'
      ./features/step_definitions/chef-repo.rb:27:in `/^a local mode chef repo with nodes '(.+?)'(?: with admins '(.+?)')?$/'
      features/clean.feature:11:in `a local mode chef repo with nodes 'one,two,three''
    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two' # features/step_definitions/chef-vault.rb:3
    Then the vault item 'test/item' should be encrypted for 'one,two'                                  # features/step_definitions/chef-vault.rb:45
    And I update the vault item 'test/item' to be encrypted for 'two,three'                            # features/step_definitions/chef-vault.rb:11
    Then the vault item 'test/item' should be encrypted for 'one,two,three'                            # features/step_definitions/chef-vault.rb:45

  Scenario: Clean client keys on update                                                                # features/clean.feature:17
    Given a local mode chef repo with nodes 'one,two,three'                                            # features/step_definitions/chef-repo.rb:1
      expected "knife node create one -z -d -c config.rb" to be successfully executed (RSpec::Expectations::ExpectationNotMetError)
      ./features/step_definitions/chef-repo.rb:53:in `create_node'
      ./features/step_definitions/chef-repo.rb:29:in `block (2 levels) in <top (required)>'
      ./features/step_definitions/chef-repo.rb:27:in `each'
      ./features/step_definitions/chef-repo.rb:27:in `/^a local mode chef repo with nodes '(.+?)'(?: with admins '(.+?)')?$/'
      features/clean.feature:18:in `a local mode chef repo with nodes 'one,two,three''
    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two' # features/step_definitions/chef-vault.rb:3
    Then the vault item 'test/item' should be encrypted for 'one,two'                                  # features/step_definitions/chef-vault.rb:45
    And I update the vault item 'test/item' to be encrypted for 'two,three' with the clean option      # features/step_definitions/chef-vault.rb:11
    Then the vault item 'test/item' should be encrypted for 'two,three'                                # features/step_definitions/chef-vault.rb:45
    And the vault item 'test/item' should not be encrypted for 'one'                                   # features/step_definitions/chef-vault.rb:45

Feature: clean unknown clients on vault refresh
  When refreshing a vault, new clients may be added if they match
  the search query or client list, but old clients that no longer
  exist will never be removed.  The --clean-unknown-clients switch
  will cause cause any unknown clients to be removed from the vault
  item's access list as well

  Scenario: Refresh without clean option                                                                     # features/clean_on_refresh.feature:8
    Given a local mode chef repo with nodes 'one,two,three'                                                  # features/step_definitions/chef-repo.rb:1
      expected "knife node create one -z -d -c config.rb" to be successfully executed (RSpec::Expectations::ExpectationNotMetError)
      ./features/step_definitions/chef-repo.rb:53:in `create_node'
      ./features/step_definitions/chef-repo.rb:29:in `block (2 levels) in <top (required)>'
      ./features/step_definitions/chef-repo.rb:27:in `each'
      ./features/step_definitions/chef-repo.rb:27:in `/^a local mode chef repo with nodes '(.+?)'(?: with admins '(.+?)')?$/'
      features/clean_on_refresh.feature:9:in `a local mode chef repo with nodes 'one,two,three''
    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' # features/step_definitions/chef-vault.rb:3
    Then the vault item 'test/item' should be encrypted for 'one,two,three'                                  # features/step_definitions/chef-vault.rb:45
    And I delete node 'one' from the Chef server                                                             # features/step_definitions/chef-repo.rb:48
    And I refresh the vault item 'test/item'                                                                 # features/step_definitions/chef-vault.rb:32
    And the vault item 'test/item' should be encrypted for 'one,two,three'                                   # features/step_definitions/chef-vault.rb:45
    And 'one,two,three' should be a client for the vault item 'test/item'                                    # features/step_definitions/chef-vault.rb:70

  Scenario: Refresh with clean option                                                                        # features/clean_on_refresh.feature:17
    Given a local mode chef repo with nodes 'one,two,three'                                                  # features/step_definitions/chef-repo.rb:1
      expected "knife node create one -z -d -c config.rb" to be successfully executed (RSpec::Expectations::ExpectationNotMetError)
      ./features/step_definitions/chef-repo.rb:53:in `create_node'
      ./features/step_definitions/chef-repo.rb:29:in `block (2 levels) in <top (required)>'
      ./features/step_definitions/chef-repo.rb:27:in `each'
      ./features/step_definitions/chef-repo.rb:27:in `/^a local mode chef repo with nodes '(.+?)'(?: with admins '(.+?)')?$/'
      features/clean_on_refresh.feature:18:in `a local mode chef repo with nodes 'one,two,three''
    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' # features/step_definitions/chef-vault.rb:3
    Then the vault item 'test/item' should be encrypted for 'one,two,three'                                  # features/step_definitions/chef-vault.rb:45
    And I delete node 'one' from the Chef server                                                             # features/step_definitions/chef-repo.rb:48
    And I refresh the vault item 'test/item' with the 'clean-unknown-clients' option                         # features/step_definitions/chef-vault.rb:36
    Then the output should contain "Removing unknown client 'one'"                                           # aruba-0.14.14/lib/aruba/cucumber/command.rb:139
    And the vault item 'test/item' should be encrypted for 'two,three'                                       # features/step_definitions/chef-vault.rb:45
    And the vault item 'test/item' should not be encrypted for 'one'                                         # features/step_definitions/chef-vault.rb:45
    And 'two,three' should be a client for the vault item 'test/item'                                        # features/step_definitions/chef-vault.rb:70
    And 'one' should not be a client for the vault item 'test/item'                                          # features/step_definitions/chef-vault.rb:70

Feature: clean unknown clients on key rotation
  When removing a client from a vault item, chef-vault normally
  removes the key and then rotates the key.  If a node has been
  deleted in the meantime from the Chef server but not the vault,
  the rotation will fail due to that client's public key missing.
  Using the --clean-unknown-clients switch will cause any clients
  that have been removed to be removed from the vault item's
  access list as well

  Scenario: Prune clients when rotating keys                                                                 # features/clean_unknown_clients.feature:10
    Given a local mode chef repo with nodes 'one,two,three'                                                  # features/step_definitions/chef-repo.rb:1
      expected "knife node create one -z -d -c config.rb" to be successfully executed (RSpec::Expectations::ExpectationNotMetError)
      ./features/step_definitions/chef-repo.rb:53:in `create_node'
      ./features/step_definitions/chef-repo.rb:29:in `block (2 levels) in <top (required)>'
      ./features/step_definitions/chef-repo.rb:27:in `each'
      ./features/step_definitions/chef-repo.rb:27:in `/^a local mode chef repo with nodes '(.+?)'(?: with admins '(.+?)')?$/'
      features/clean_unknown_clients.feature:11:in `a local mode chef repo with nodes 'one,two,three''
    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' # features/step_definitions/chef-vault.rb:3
    Then the vault item 'test/item' should be encrypted for 'one,two,three'                                  # features/step_definitions/chef-vault.rb:45
    And I delete node 'one' from the Chef server                                                             # features/step_definitions/chef-repo.rb:48
    And I rotate the keys for vault item 'test/item' with the 'clean-unknown-clients' option                 # features/step_definitions/chef-vault.rb:22
    Then the output should contain "Removing unknown client 'one'"                                           # aruba-0.14.14/lib/aruba/cucumber/command.rb:139
    And the vault item 'test/item' should be encrypted for 'two,three'                                       # features/step_definitions/chef-vault.rb:45
    And the vault item 'test/item' should not be encrypted for 'one'                                         # features/step_definitions/chef-vault.rb:45
    And 'two,three' should be a client for the vault item 'test/item'                                        # features/step_definitions/chef-vault.rb:70
    And 'one' should not be a client for the vault item 'test/item'                                          # features/step_definitions/chef-vault.rb:70

  Scenario: Prune clients when rotating all keys                                                             # features/clean_unknown_clients.feature:22
    Given a local mode chef repo with nodes 'one,two,three'                                                  # features/step_definitions/chef-repo.rb:1
      expected "knife node create one -z -d -c config.rb" to be successfully executed (RSpec::Expectations::ExpectationNotMetError)
      ./features/step_definitions/chef-repo.rb:53:in `create_node'
      ./features/step_definitions/chef-repo.rb:29:in `block (2 levels) in <top (required)>'
      ./features/step_definitions/chef-repo.rb:27:in `each'
      ./features/step_definitions/chef-repo.rb:27:in `/^a local mode chef repo with nodes '(.+?)'(?: with admins '(.+?)')?$/'
      features/clean_unknown_clients.feature:23:in `a local mode chef repo with nodes 'one,two,three''
    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' # features/step_definitions/chef-vault.rb:3
    Then the vault item 'test/item' should be encrypted for 'one,two,three'                                  # features/step_definitions/chef-vault.rb:45
    And I delete nodes 'one,two' from the Chef server                                                        # features/step_definitions/chef-repo.rb:48
    And I rotate all keys with the 'clean-unknown-clients' option                                            # features/step_definitions/chef-vault.rb:27
    Then the output should contain "Removing unknown client 'one'"                                           # aruba-0.14.14/lib/aruba/cucumber/command.rb:139
    And the output should contain "Removing unknown client 'two'"                                            # aruba-0.14.14/lib/aruba/cucumber/command.rb:139
    And the vault item 'test/item' should be encrypted for 'three'                                           # features/step_definitions/chef-vault.rb:45
    And the vault item 'test/item' should not be encrypted for 'one,two'                                     # features/step_definitions/chef-vault.rb:45
    And 'three' should be a client for the vault item 'test/item'                                            # features/step_definitions/chef-vault.rb:70
    And 'one,two' should not be a client for the vault item 'test/item'                                      # features/step_definitions/chef-vault.rb:70

  Scenario: Prune clients when node gone but client exists                                                   # features/clean_unknown_clients.feature:35
    Given a local mode chef repo with nodes 'one,two,three'                                                  # features/step_definitions/chef-repo.rb:1
      expected "knife node create one -z -d -c config.rb" to be successfully executed (RSpec::Expectations::ExpectationNotMetError)
      ./features/step_definitions/chef-repo.rb:53:in `create_node'
      ./features/step_definitions/chef-repo.rb:29:in `block (2 levels) in <top (required)>'
      ./features/step_definitions/chef-repo.rb:27:in `each'
      ./features/step_definitions/chef-repo.rb:27:in `/^a local mode chef repo with nodes '(.+?)'(?: with admins '(.+?)')?$/'
      features/clean_unknown_clients.feature:36:in `a local mode chef repo with nodes 'one,two,three''
    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' # features/step_definitions/chef-vault.rb:3
    Then the vault item 'test/item' should be encrypted for 'one,two,three'                                  # features/step_definitions/chef-vault.rb:45
    And I delete node 'one' from the Chef server                                                             # features/step_definitions/chef-repo.rb:48
    And I rotate the keys for vault item 'test/item' with the 'clean-unknown-clients' option                 # features/step_definitions/chef-vault.rb:22
    Then the output should contain "Removing unknown client 'one'"                                           # aruba-0.14.14/lib/aruba/cucumber/command.rb:139
    And the vault item 'test/item' should be encrypted for 'two,three'                                       # features/step_definitions/chef-vault.rb:45
    And the vault item 'test/item' should not be encrypted for 'one'                                         # features/step_definitions/chef-vault.rb:45
    And 'two,three' should be a client for the vault item 'test/item'                                        # features/step_definitions/chef-vault.rb:70
    And 'one' should not be a client for the vault item 'test/item'                                          # features/step_definitions/chef-vault.rb:70

Feature: Detect and Warn for v1 Vaults
  chef-vault can read a v1 vault, but the management commands
  tend to break when they try to reference v2 fields like
  clients and admins.  They should detect and warn when trying
  to access a v1 vault

  Scenario: Add search query to v1 vault                                                                     # features/detect_and_warn_v1_vault.feature:7
    Given a local mode chef repo with nodes 'one,two,three' with admins 'bob'                                # features/step_definitions/chef-repo.rb:1
      expected "knife node create one -z -d -c config.rb" to be successfully executed (RSpec::Expectations::ExpectationNotMetError)
      ./features/step_definitions/chef-repo.rb:53:in `create_node'
      ./features/step_definitions/chef-repo.rb:29:in `block (2 levels) in <top (required)>'
      ./features/step_definitions/chef-repo.rb:27:in `each'
      ./features/step_definitions/chef-repo.rb:27:in `/^a local mode chef repo with nodes '(.+?)'(?: with admins '(.+?)')?$/'
      features/detect_and_warn_v1_vault.feature:8:in `a local mode chef repo with nodes 'one,two,three' with admins 'bob''
    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' # features/step_definitions/chef-vault.rb:3
    Then the vault item 'test/item' should be encrypted for 'one,two,three'                                  # features/step_definitions/chef-vault.rb:45
    And 'one,two,three' should be a client for the vault item 'test/item'                                    # features/step_definitions/chef-vault.rb:70
    And I downgrade the vault item 'test/item' to v1 syntax                                                  # features/step_definitions/chef-vault.rb:129
    And I try to add 'bob' as an admin for the vault item 'test/item'                                        # features/step_definitions/chef-vault.rb:113
    Then the output should match /cannot manage a v1 vault.  See UPGRADE.md for help/                        # aruba-0.14.14/lib/aruba/cucumber/command.rb:239

Feature: determine if a data bag item is a vault
  If a data bag item is a vault, 'knife vault isvault VAULTNAME ITEMNAME'
  should exit 0.  Otherwise it should exit 1.

  Scenario: detect vault item                                                                                # features/isvault.feature:5
    Given a local mode chef repo with nodes 'one,two,three'                                                  # features/step_definitions/chef-repo.rb:1
      expected "knife node create one -z -d -c config.rb" to be successfully executed (RSpec::Expectations::ExpectationNotMetError)
      ./features/step_definitions/chef-repo.rb:53:in `create_node'
      ./features/step_definitions/chef-repo.rb:29:in `block (2 levels) in <top (required)>'
      ./features/step_definitions/chef-repo.rb:27:in `each'
      ./features/step_definitions/chef-repo.rb:27:in `/^a local mode chef repo with nodes '(.+?)'(?: with admins '(.+?)')?$/'
      features/isvault.feature:6:in `a local mode chef repo with nodes 'one,two,three''
    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' # features/step_definitions/chef-vault.rb:3
    And I check if the data bag item 'test/item' is a vault                                                  # features/step_definitions/chef-vault.rb:121
    Then the exit status should be 0                                                                         # aruba-0.14.14/lib/aruba/cucumber/command.rb:263

  Scenario: detect vault item with keys in sparse mode                                                                                # features/isvault.feature:11
    Given a local mode chef repo with nodes 'one,two,three'                                                                           # features/step_definitions/chef-repo.rb:1
      expected "knife node create one -z -d -c config.rb" to be successfully executed (RSpec::Expectations::ExpectationNotMetError)
      ./features/step_definitions/chef-repo.rb:53:in `create_node'
      ./features/step_definitions/chef-repo.rb:29:in `block (2 levels) in <top (required)>'
      ./features/step_definitions/chef-repo.rb:27:in `each'
      ./features/step_definitions/chef-repo.rb:27:in `/^a local mode chef repo with nodes '(.+?)'(?: with admins '(.+?)')?$/'
      features/isvault.feature:12:in `a local mode chef repo with nodes 'one,two,three''
    And I create a vault item 'test/item' with keys in sparse mode containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' # features/step_definitions/chef-vault.rb:3
    And I check if the data bag item 'test/item' is a vault                                                                           # features/step_definitions/chef-vault.rb:121
    Then the exit status should be 0                                                                                                  # aruba-0.14.14/lib/aruba/cucumber/command.rb:263

  Scenario: detect non-vault item (encrypted data bag)                                                                              # features/isvault.feature:17
    Given a local mode chef repo with nodes 'one,two,three'                                                                         # features/step_definitions/chef-repo.rb:1
      expected "knife node create one -z -d -c config.rb" to be successfully executed (RSpec::Expectations::ExpectationNotMetError)
      ./features/step_definitions/chef-repo.rb:53:in `create_node'
      ./features/step_definitions/chef-repo.rb:29:in `block (2 levels) in <top (required)>'
      ./features/step_definitions/chef-repo.rb:27:in `each'
      ./features/step_definitions/chef-repo.rb:27:in `/^a local mode chef repo with nodes '(.+?)'(?: with admins '(.+?)')?$/'
      features/isvault.feature:18:in `a local mode chef repo with nodes 'one,two,three''
    And I create an empty data bag 'test'                                                                                           # features/step_definitions/chef-databag.rb:7
    And I create an encrypted data bag item 'test/item' containing the JSON '{"id": "item", "foo": "bar"}' with the secret 'sekrit' # features/step_definitions/chef_databagitem.rb:6
    And I check if the data bag item 'test/item' is a vault                                                                         # features/step_definitions/chef-vault.rb:121
    Then the exit status should not be 0                                                                                            # aruba-0.14.14/lib/aruba/cucumber/command.rb:263

  Scenario: detect non-vault item (normal data bag)                                             # features/isvault.feature:24
    Given a local mode chef repo with nodes 'one,two,three'                                     # features/step_definitions/chef-repo.rb:1
      expected "knife node create one -z -d -c config.rb" to be successfully executed (RSpec::Expectations::ExpectationNotMetError)
      ./features/step_definitions/chef-repo.rb:53:in `create_node'
      ./features/step_definitions/chef-repo.rb:29:in `block (2 levels) in <top (required)>'
      ./features/step_definitions/chef-repo.rb:27:in `each'
      ./features/step_definitions/chef-repo.rb:27:in `/^a local mode chef repo with nodes '(.+?)'(?: with admins '(.+?)')?$/'
      features/isvault.feature:25:in `a local mode chef repo with nodes 'one,two,three''
    And I create an empty data bag 'test'                                                       # features/step_definitions/chef-databag.rb:7
    And I create a data bag item 'test/item' containing the JSON '{"id": "item", "foo": "bar"}' # features/step_definitions/chef_databagitem.rb:1
    And I check if the data bag item 'test/item' is a vault                                     # features/step_definitions/chef-vault.rb:121
    Then the exit status should not be 0                                                        # aruba-0.14.14/lib/aruba/cucumber/command.rb:263

Feature: determine the type of a data bag item
  'knife vault itemtype VAULTNAME ITEMNAME' should output one of
  'normal', 'encrypted', or 'vault' depending on what type of item
  it detects

  Scenario: detect vault item                                                                                # features/itemtype.feature:6
    Given a local mode chef repo with nodes 'one,two,three'                                                  # features/step_definitions/chef-repo.rb:1
      expected "knife node create one -z -d -c config.rb" to be successfully executed (RSpec::Expectations::ExpectationNotMetError)
      ./features/step_definitions/chef-repo.rb:53:in `create_node'
      ./features/step_definitions/chef-repo.rb:29:in `block (2 levels) in <top (required)>'
      ./features/step_definitions/chef-repo.rb:27:in `each'
      ./features/step_definitions/chef-repo.rb:27:in `/^a local mode chef repo with nodes '(.+?)'(?: with admins '(.+?)')?$/'
      features/itemtype.feature:7:in `a local mode chef repo with nodes 'one,two,three''
    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' # features/step_definitions/chef-vault.rb:3
    And I check the type of the data bag item 'test/item'                                                    # features/step_definitions/chef-vault.rb:125
    Then the output should match /^vault$/                                                                   # aruba-0.14.14/lib/aruba/cucumber/command.rb:239

  Scenario: detect non-vault item (encrypted data bag)                                                                              # features/itemtype.feature:12
    Given a local mode chef repo with nodes 'one,two,three'                                                                         # features/step_definitions/chef-repo.rb:1
      expected "knife node create one -z -d -c config.rb" to be successfully executed (RSpec::Expectations::ExpectationNotMetError)
      ./features/step_definitions/chef-repo.rb:53:in `create_node'
      ./features/step_definitions/chef-repo.rb:29:in `block (2 levels) in <top (required)>'
      ./features/step_definitions/chef-repo.rb:27:in `each'
      ./features/step_definitions/chef-repo.rb:27:in `/^a local mode chef repo with nodes '(.+?)'(?: with admins '(.+?)')?$/'
      features/itemtype.feature:13:in `a local mode chef repo with nodes 'one,two,three''
    And I create an empty data bag 'test'                                                                                           # features/step_definitions/chef-databag.rb:7
    And I create an encrypted data bag item 'test/item' containing the JSON '{"id": "item", "foo": "bar"}' with the secret 'sekrit' # features/step_definitions/chef_databagitem.rb:6
    And I check the type of the data bag item 'test/item'                                                                           # features/step_definitions/chef-vault.rb:125
    Then the output should match /^encrypted$/                                                                                      # aruba-0.14.14/lib/aruba/cucumber/command.rb:239

  Scenario: detect non-vault item (normal data bag)                                             # features/itemtype.feature:19
    Given a local mode chef repo with nodes 'one,two,three'                                     # features/step_definitions/chef-repo.rb:1
      expected "knife node create one -z -d -c config.rb" to be successfully executed (RSpec::Expectations::ExpectationNotMetError)
      ./features/step_definitions/chef-repo.rb:53:in `create_node'
      ./features/step_definitions/chef-repo.rb:29:in `block (2 levels) in <top (required)>'
      ./features/step_definitions/chef-repo.rb:27:in `each'
      ./features/step_definitions/chef-repo.rb:27:in `/^a local mode chef repo with nodes '(.+?)'(?: with admins '(.+?)')?$/'
      features/itemtype.feature:20:in `a local mode chef repo with nodes 'one,two,three''
    And I create an empty data bag 'test'                                                       # features/step_definitions/chef-databag.rb:7
    And I create a data bag item 'test/item' containing the JSON '{"id": "item", "foo": "bar"}' # features/step_definitions/chef_databagitem.rb:1
    And I check the type of the data bag item 'test/item'                                       # features/step_definitions/chef-vault.rb:125
    Then the output should match /^normal$/                                                     # aruba-0.14.14/lib/aruba/cucumber/command.rb:239

Feature: knife vault create
  'knife vault create' creates two Chef data bag items: an
  encrypted data bag item encrypted with a randomized shared
  secret, and a side-along data bag item suffixed with _keys
  that contains an set of asymmetrically encrypted copies of
  the shared secret using the public keys of a set of admins
  and/or clients

  Scenario: create vault with all known clients                                                              # features/vault_create.feature:9
    Given a local mode chef repo with nodes 'one,two,three'                                                  # features/step_definitions/chef-repo.rb:1
      expected "knife node create one -z -d -c config.rb" to be successfully executed (RSpec::Expectations::ExpectationNotMetError)
      ./features/step_definitions/chef-repo.rb:53:in `create_node'
      ./features/step_definitions/chef-repo.rb:29:in `block (2 levels) in <top (required)>'
      ./features/step_definitions/chef-repo.rb:27:in `each'
      ./features/step_definitions/chef-repo.rb:27:in `/^a local mode chef repo with nodes '(.+?)'(?: with admins '(.+?)')?$/'
      features/vault_create.feature:10:in `a local mode chef repo with nodes 'one,two,three''
    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' # features/step_definitions/chef-vault.rb:3
    Then the vault item 'test/item' should be encrypted for 'one,two,three'                                  # features/step_definitions/chef-vault.rb:45
    And 'one,two,three' should be a client for the vault item 'test/item'                                    # features/step_definitions/chef-vault.rb:70

  Scenario: create vault with all unknown clients                                                        # features/vault_create.feature:15
    Given a local mode chef repo with nodes 'two,three'                                                  # features/step_definitions/chef-repo.rb:1
      expected "knife node create two -z -d -c config.rb" to be successfully executed (RSpec::Expectations::ExpectationNotMetError)
      ./features/step_definitions/chef-repo.rb:53:in `create_node'
      ./features/step_definitions/chef-repo.rb:29:in `block (2 levels) in <top (required)>'
      ./features/step_definitions/chef-repo.rb:27:in `each'
      ./features/step_definitions/chef-repo.rb:27:in `/^a local mode chef repo with nodes '(.+?)'(?: with admins '(.+?)')?$/'
      features/vault_create.feature:16:in `a local mode chef repo with nodes 'two,three''
    And I delete clients 'two,three' from the Chef server                                                # features/step_definitions/chef-repo.rb:37
    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'two,three' # features/step_definitions/chef-vault.rb:3
    Then the vault item 'test/item' should not be encrypted for 'one,two,three'                          # features/step_definitions/chef-vault.rb:45
    And the output should contain "node 'two' has no 'default' public key; skipping"                     # aruba-0.14.14/lib/aruba/cucumber/command.rb:139
    And the output should contain "node 'three' has no 'default' public key; skipping"                   # aruba-0.14.14/lib/aruba/cucumber/command.rb:139
    And 'two,three' should not be a client for the vault item 'test/item'                                # features/step_definitions/chef-vault.rb:70

  Scenario: create vault with mix of known and unknown clients                                               # features/vault_create.feature:24
    Given a local mode chef repo with nodes 'one,two,three'                                                  # features/step_definitions/chef-repo.rb:1
      expected "knife node create one -z -d -c config.rb" to be successfully executed (RSpec::Expectations::ExpectationNotMetError)
      ./features/step_definitions/chef-repo.rb:53:in `create_node'
      ./features/step_definitions/chef-repo.rb:29:in `block (2 levels) in <top (required)>'
      ./features/step_definitions/chef-repo.rb:27:in `each'
      ./features/step_definitions/chef-repo.rb:27:in `/^a local mode chef repo with nodes '(.+?)'(?: with admins '(.+?)')?$/'
      features/vault_create.feature:25:in `a local mode chef repo with nodes 'one,two,three''
    And I delete client 'three' from the Chef server                                                         # features/step_definitions/chef-repo.rb:37
    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' # features/step_definitions/chef-vault.rb:3
    Then the vault item 'test/item' should be encrypted for 'one,two'                                        # features/step_definitions/chef-vault.rb:45
    And the output should contain "node 'three' has no 'default' public key; skipping"                       # aruba-0.14.14/lib/aruba/cucumber/command.rb:139
    And 'one,two' should be a client for the vault item 'test/item'                                          # features/step_definitions/chef-vault.rb:70
    And 'three' should not be a client for the vault item 'test/item'                                        # features/step_definitions/chef-vault.rb:70

  Scenario: create vault with mix of known and unknown nodes                                                 # features/vault_create.feature:33
    Given a local mode chef repo with nodes 'one,two'                                                        # features/step_definitions/chef-repo.rb:1
      expected "knife node create one -z -d -c config.rb" to be successfully executed (RSpec::Expectations::ExpectationNotMetError)
      ./features/step_definitions/chef-repo.rb:53:in `create_node'
      ./features/step_definitions/chef-repo.rb:29:in `block (2 levels) in <top (required)>'
      ./features/step_definitions/chef-repo.rb:27:in `each'
      ./features/step_definitions/chef-repo.rb:27:in `/^a local mode chef repo with nodes '(.+?)'(?: with admins '(.+?)')?$/'
      features/vault_create.feature:34:in `a local mode chef repo with nodes 'one,two''
    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' # features/step_definitions/chef-vault.rb:3
    Then the vault item 'test/item' should be encrypted for 'one,two'                                        # features/step_definitions/chef-vault.rb:45
    And 'one,two' should be a client for the vault item 'test/item'                                          # features/step_definitions/chef-vault.rb:70
    And 'three' should not be a client for the vault item 'test/item'                                        # features/step_definitions/chef-vault.rb:70

  Scenario: create vault with several admins                                                                                       # features/vault_create.feature:40
    Given a local mode chef repo with nodes 'one,two' with admins 'alice,bob'                                                      # features/step_definitions/chef-repo.rb:1
      expected "knife node create one -z -d -c config.rb" to be successfully executed (RSpec::Expectations::ExpectationNotMetError)
      ./features/step_definitions/chef-repo.rb:53:in `create_node'
      ./features/step_definitions/chef-repo.rb:29:in `block (2 levels) in <top (required)>'
      ./features/step_definitions/chef-repo.rb:27:in `each'
      ./features/step_definitions/chef-repo.rb:27:in `/^a local mode chef repo with nodes '(.+?)'(?: with admins '(.+?)')?$/'
      features/vault_create.feature:41:in `a local mode chef repo with nodes 'one,two' with admins 'alice,bob''
    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' with 'alice' as admin # features/step_definitions/chef-vault.rb:3
    Then the vault item 'test/item' should be encrypted for 'one,two'                                                              # features/step_definitions/chef-vault.rb:45
    And 'one,two' should be a client for the vault item 'test/item'                                                                # features/step_definitions/chef-vault.rb:70
    And 'three' should not be a client for the vault item 'test/item'                                                              # features/step_definitions/chef-vault.rb:70
    And 'alice' should be an admin for the vault item 'test/item'                                                                  # features/step_definitions/chef-vault.rb:85
    And 'bob' should not be an admin for the vault item 'test/item'                                                                # features/step_definitions/chef-vault.rb:85

  Scenario: create vault with several admins in sparse mode                                                                                                 # features/vault_create.feature:49
    Given a local mode chef repo with nodes 'one,two' with admins 'alice,bob'                                                                               # features/step_definitions/chef-repo.rb:1
      expected "knife node create one -z -d -c config.rb" to be successfully executed (RSpec::Expectations::ExpectationNotMetError)
      ./features/step_definitions/chef-repo.rb:53:in `create_node'
      ./features/step_definitions/chef-repo.rb:29:in `block (2 levels) in <top (required)>'
      ./features/step_definitions/chef-repo.rb:27:in `each'
      ./features/step_definitions/chef-repo.rb:27:in `/^a local mode chef repo with nodes '(.+?)'(?: with admins '(.+?)')?$/'
      features/vault_create.feature:50:in `a local mode chef repo with nodes 'one,two' with admins 'alice,bob''
    And I create a vault item 'test/item' with keys in sparse mode containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' with 'alice' as admin # features/step_definitions/chef-vault.rb:3
    Then the vault item 'test/item' should be encrypted for 'one,two' with keys in sparse mode                                                              # features/step_definitions/chef-vault.rb:45
    And the vault item 'test/item' should not be encrypted for 'three' with keys in sparse mode                                                             # features/step_definitions/chef-vault.rb:45
    And 'one,two' should be a client for the vault item 'test/item'                                                                                         # features/step_definitions/chef-vault.rb:70
    And 'three' should not be a client for the vault item 'test/item'                                                                                       # features/step_definitions/chef-vault.rb:70
    And 'alice' should be an admin for the vault item 'test/item'                                                                                           # features/step_definitions/chef-vault.rb:85
    And 'bob' should not be an admin for the vault item 'test/item'                                                                                         # features/step_definitions/chef-vault.rb:85

  Scenario: create vault with an unknown admin                                                                                     # features/vault_create.feature:59
    Given a local mode chef repo with nodes 'one,two'                                                                              # features/step_definitions/chef-repo.rb:1
      expected "knife node create one -z -d -c config.rb" to be successfully executed (RSpec::Expectations::ExpectationNotMetError)
      ./features/step_definitions/chef-repo.rb:53:in `create_node'
      ./features/step_definitions/chef-repo.rb:29:in `block (2 levels) in <top (required)>'
      ./features/step_definitions/chef-repo.rb:27:in `each'
      ./features/step_definitions/chef-repo.rb:27:in `/^a local mode chef repo with nodes '(.+?)'(?: with admins '(.+?)')?$/'
      features/vault_create.feature:60:in `a local mode chef repo with nodes 'one,two''
    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' with 'alice' as admin # features/step_definitions/chef-vault.rb:3
    Then the exit status should not be 0                                                                                           # aruba-0.14.14/lib/aruba/cucumber/command.rb:263
    And the output should contain "FATAL: Could not find default key for alice in users or clients!"                               # aruba-0.14.14/lib/aruba/cucumber/command.rb:139

Feature: list data bags that are vaults
  knife vault list should list all data bags that appear to
  be vaults.  This is not an exact science; we assume that
  any data bag containing an even number of items and for
  which all items are pairs of thing/thing_keys is a vault

  Scenario: List bags that are vaults                                                                        # features/vault_list.feature:7
    Given a local mode chef repo with nodes 'one,two,three'                                                  # features/step_definitions/chef-repo.rb:1
      expected "knife node create one -z -d -c config.rb" to be successfully executed (RSpec::Expectations::ExpectationNotMetError)
      ./features/step_definitions/chef-repo.rb:53:in `create_node'
      ./features/step_definitions/chef-repo.rb:29:in `block (2 levels) in <top (required)>'
      ./features/step_definitions/chef-repo.rb:27:in `each'
      ./features/step_definitions/chef-repo.rb:27:in `/^a local mode chef repo with nodes '(.+?)'(?: with admins '(.+?)')?$/'
      features/vault_list.feature:8:in `a local mode chef repo with nodes 'one,two,three''
    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' # features/step_definitions/chef-vault.rb:3
    And I list the vaults                                                                                    # features/step_definitions/chef-vault.rb:100
    Then the output should match /(?m:^test$)/                                                               # aruba-0.14.14/lib/aruba/cucumber/command.rb:239

  Scenario: List bags that are vaults with keys in sparse mode                                                                        # features/vault_list.feature:13
    Given a local mode chef repo with nodes 'one,two,three'                                                                           # features/step_definitions/chef-repo.rb:1
      expected "knife node create one -z -d -c config.rb" to be successfully executed (RSpec::Expectations::ExpectationNotMetError)
      ./features/step_definitions/chef-repo.rb:53:in `create_node'
      ./features/step_definitions/chef-repo.rb:29:in `block (2 levels) in <top (required)>'
      ./features/step_definitions/chef-repo.rb:27:in `each'
      ./features/step_definitions/chef-repo.rb:27:in `/^a local mode chef repo with nodes '(.+?)'(?: with admins '(.+?)')?$/'
      features/vault_list.feature:14:in `a local mode chef repo with nodes 'one,two,three''
    And I create a vault item 'test/item' with keys in sparse mode containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' # features/step_definitions/chef-vault.rb:3
    And I list the vaults                                                                                                             # features/step_definitions/chef-vault.rb:100
    Then the output should match /(?m:^test$)/                                                                                        # aruba-0.14.14/lib/aruba/cucumber/command.rb:239

  Scenario: Skip data bags that are not vaults                                                                                         # features/vault_list.feature:19
    Given a local mode chef repo with nodes 'one,two,three'                                                                            # features/step_definitions/chef-repo.rb:1
      expected "knife node create one -z -d -c config.rb" to be successfully executed (RSpec::Expectations::ExpectationNotMetError)
      ./features/step_definitions/chef-repo.rb:53:in `create_node'
      ./features/step_definitions/chef-repo.rb:29:in `block (2 levels) in <top (required)>'
      ./features/step_definitions/chef-repo.rb:27:in `each'
      ./features/step_definitions/chef-repo.rb:27:in `/^a local mode chef repo with nodes '(.+?)'(?: with admins '(.+?)')?$/'
      features/vault_list.feature:20:in `a local mode chef repo with nodes 'one,two,three''
    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three'                           # features/step_definitions/chef-vault.rb:3
    And I create a data bag 'lessthantwokeys' containing the JSON '{"id": "item", "foo": "bar"}'                                       # features/step_definitions/chef-databag.rb:1
    And I create a data bag 'oddnumberofkeys' containing the JSON '{"id": "item", "one": 1, "two": 2, "three":3}'                      # features/step_definitions/chef-databag.rb:1
    And I create a data bag 'unbalanced' containing the JSON '{"id": "item", "one": 1, "one_keys": 1, "two_keys": 1, "three_keys": 1}' # features/step_definitions/chef-databag.rb:1
    And I create a data bag 'mismatched' containing the JSON '{"id": "item", "one": 1, "one_keys": 1, "two_keys": 1, "three": 1}'      # features/step_definitions/chef-databag.rb:1
    And I list the vaults                                                                                                              # features/step_definitions/chef-vault.rb:100
    Then the output should match /(?m:^test$)/                                                                                         # aruba-0.14.14/lib/aruba/cucumber/command.rb:239
    And the output should not match /(?m:^lessthantwokeys$)/                                                                           # aruba-0.14.14/lib/aruba/cucumber/command.rb:239
    And the output should not match /(?m:^oddnumberofkeys$)/                                                                           # aruba-0.14.14/lib/aruba/cucumber/command.rb:239
    And the output should not match /(?m:^unbalanced$)/                                                                                # aruba-0.14.14/lib/aruba/cucumber/command.rb:239
    And the output should not match /(?m:^mismatched$)/                                                                                # aruba-0.14.14/lib/aruba/cucumber/command.rb:239

Feature: knife vault show
  'knife vault show' displays the contents of a Chef encrypted
  data bag by fetching the asymmetrically encrypted shared
  secret and decrypting it using the private key of the user
  or node

  Scenario: successful decrypt as admin                                                                                            # features/vault_show.feature:7
    Given a local mode chef repo with nodes 'one,two,three' with admins 'alice,bob'                                                # features/step_definitions/chef-repo.rb:1
      expected "knife node create one -z -d -c config.rb" to be successfully executed (RSpec::Expectations::ExpectationNotMetError)
      ./features/step_definitions/chef-repo.rb:53:in `create_node'
      ./features/step_definitions/chef-repo.rb:29:in `block (2 levels) in <top (required)>'
      ./features/step_definitions/chef-repo.rb:27:in `each'
      ./features/step_definitions/chef-repo.rb:27:in `/^a local mode chef repo with nodes '(.+?)'(?: with admins '(.+?)')?$/'
      features/vault_show.feature:8:in `a local mode chef repo with nodes 'one,two,three' with admins 'alice,bob''
    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' with 'alice' as admin # features/step_definitions/chef-vault.rb:3
    Then the vault item 'test/item' should be encrypted for 'one,two,three,alice'                                                  # features/step_definitions/chef-vault.rb:45
    And 'one,two,three' should be a client for the vault item 'test/item'                                                          # features/step_definitions/chef-vault.rb:70
    And 'alice' should be an admin for the vault item 'test/item'                                                                  # features/step_definitions/chef-vault.rb:85
    And 'bob' should not be an admin for the vault item 'test/item'                                                                # features/step_definitions/chef-vault.rb:85
    And I can decrypt the vault item 'test/item' as 'alice'                                                                        # features/step_definitions/chef-vault.rb:104
    And the output should match /^foo: bar$/                                                                                       # aruba-0.14.14/lib/aruba/cucumber/command.rb:239

  Scenario: successful decrypt as node                                                                                             # features/vault_show.feature:17
    Given a local mode chef repo with nodes 'one,two,three' with admins 'alice,bob'                                                # features/step_definitions/chef-repo.rb:1
      expected "knife node create one -z -d -c config.rb" to be successfully executed (RSpec::Expectations::ExpectationNotMetError)
      ./features/step_definitions/chef-repo.rb:53:in `create_node'
      ./features/step_definitions/chef-repo.rb:29:in `block (2 levels) in <top (required)>'
      ./features/step_definitions/chef-repo.rb:27:in `each'
      ./features/step_definitions/chef-repo.rb:27:in `/^a local mode chef repo with nodes '(.+?)'(?: with admins '(.+?)')?$/'
      features/vault_show.feature:18:in `a local mode chef repo with nodes 'one,two,three' with admins 'alice,bob''
    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' with 'alice' as admin # features/step_definitions/chef-vault.rb:3
    Then the vault item 'test/item' should be encrypted for 'one,two,three,alice'                                                  # features/step_definitions/chef-vault.rb:45
    And 'one,two,three' should be a client for the vault item 'test/item'                                                          # features/step_definitions/chef-vault.rb:70
    And 'alice' should be an admin for the vault item 'test/item'                                                                  # features/step_definitions/chef-vault.rb:85
    And 'bob' should not be an admin for the vault item 'test/item'                                                                # features/step_definitions/chef-vault.rb:85
    And I can decrypt the vault item 'test/item' as 'two'                                                                          # features/step_definitions/chef-vault.rb:104
    And the output should match /^foo: bar$/                                                                                       # aruba-0.14.14/lib/aruba/cucumber/command.rb:239

  Scenario: failed decrypt as admin                                                                                                # features/vault_show.feature:27
    Given a local mode chef repo with nodes 'one,two,three' with admins 'alice,bob'                                                # features/step_definitions/chef-repo.rb:1
      expected "knife node create one -z -d -c config.rb" to be successfully executed (RSpec::Expectations::ExpectationNotMetError)
      ./features/step_definitions/chef-repo.rb:53:in `create_node'
      ./features/step_definitions/chef-repo.rb:29:in `block (2 levels) in <top (required)>'
      ./features/step_definitions/chef-repo.rb:27:in `each'
      ./features/step_definitions/chef-repo.rb:27:in `/^a local mode chef repo with nodes '(.+?)'(?: with admins '(.+?)')?$/'
      features/vault_show.feature:28:in `a local mode chef repo with nodes 'one,two,three' with admins 'alice,bob''
    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' with 'alice' as admin # features/step_definitions/chef-vault.rb:3
    Then the vault item 'test/item' should be encrypted for 'one,two,three,alice'                                                  # features/step_definitions/chef-vault.rb:45
    And 'one,two,three' should be a client for the vault item 'test/item'                                                          # features/step_definitions/chef-vault.rb:70
    And 'alice' should be an admin for the vault item 'test/item'                                                                  # features/step_definitions/chef-vault.rb:85
    And 'bob' should not be an admin for the vault item 'test/item'                                                                # features/step_definitions/chef-vault.rb:85
    And I can't decrypt the vault item 'test/item' as 'bob'                                                                        # features/step_definitions/chef-vault.rb:104
    And the output should contain "test/item is not encrypted with your public key"                                                # aruba-0.14.14/lib/aruba/cucumber/command.rb:139

  Scenario: failed decrypt as node                                                                                           # features/vault_show.feature:37
    Given a local mode chef repo with nodes 'one,two,three' with admins 'alice,bob'                                          # features/step_definitions/chef-repo.rb:1
      expected "knife node create one -z -d -c config.rb" to be successfully executed (RSpec::Expectations::ExpectationNotMetError)
      ./features/step_definitions/chef-repo.rb:53:in `create_node'
      ./features/step_definitions/chef-repo.rb:29:in `block (2 levels) in <top (required)>'
      ./features/step_definitions/chef-repo.rb:27:in `each'
      ./features/step_definitions/chef-repo.rb:27:in `/^a local mode chef repo with nodes '(.+?)'(?: with admins '(.+?)')?$/'
      features/vault_show.feature:38:in `a local mode chef repo with nodes 'one,two,three' with admins 'alice,bob''
    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two' with 'alice' as admin # features/step_definitions/chef-vault.rb:3
    Then the vault item 'test/item' should be encrypted for 'one,two,alice'                                                  # features/step_definitions/chef-vault.rb:45
    And 'one,two' should be a client for the vault item 'test/item'                                                          # features/step_definitions/chef-vault.rb:70
    And 'alice' should be an admin for the vault item 'test/item'                                                            # features/step_definitions/chef-vault.rb:85
    And 'bob' should not be an admin for the vault item 'test/item'                                                          # features/step_definitions/chef-vault.rb:85
    And I can't decrypt the vault item 'test/item' as 'three'                                                                # features/step_definitions/chef-vault.rb:104
    And the output should contain "test/item is not encrypted with your public key"                                          # aruba-0.14.14/lib/aruba/cucumber/command.rb:139

Feature: knife vault show [VAULTNAME]
  'knife vault show [VAULTNAME]' displays the keys of a vault
  (i.e. the items that are not suffixed with _keys)

  Scenario: show keys of a vault                                                                              # features/vault_show_vaultname.feature:5
    Given a local mode chef repo with nodes 'one,two,three'                                                   # features/step_definitions/chef-repo.rb:1
      expected "knife node create one -z -d -c config.rb" to be successfully executed (RSpec::Expectations::ExpectationNotMetError)
      ./features/step_definitions/chef-repo.rb:53:in `create_node'
      ./features/step_definitions/chef-repo.rb:29:in `block (2 levels) in <top (required)>'
      ./features/step_definitions/chef-repo.rb:27:in `each'
      ./features/step_definitions/chef-repo.rb:27:in `/^a local mode chef repo with nodes '(.+?)'(?: with admins '(.+?)')?$/'
      features/vault_show_vaultname.feature:6:in `a local mode chef repo with nodes 'one,two,three''
    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three'  # features/step_definitions/chef-vault.rb:3
    And I create a vault item 'test/item2' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' # features/step_definitions/chef-vault.rb:3
    Then the vault item 'test/item' should be encrypted for 'one,two,three'                                   # features/step_definitions/chef-vault.rb:45
    And 'one,two,three' should be a client for the vault item 'test/item'                                     # features/step_definitions/chef-vault.rb:70
    And I show the keys of the vault 'test'                                                                   # features/step_definitions/chef-vault.rb:117
    Then the output should match /(?m:^item$)/                                                                # aruba-0.14.14/lib/aruba/cucumber/command.rb:239
    And the output should match /(?m:^item2$)/                                                                # aruba-0.14.14/lib/aruba/cucumber/command.rb:239
    And the output should not match /(?m:^item_keys$)/                                                        # aruba-0.14.14/lib/aruba/cucumber/command.rb:239
    And the output should not match /(?m:^item2_keys$)/                                                       # aruba-0.14.14/lib/aruba/cucumber/command.rb:239

  Scenario: show keys of a data bag that is not a vault                                    # features/vault_show_vaultname.feature:17
    Given a local mode chef repo with nodes 'one,two,three'                                # features/step_definitions/chef-repo.rb:1
      expected "knife node create one -z -d -c config.rb" to be successfully executed (RSpec::Expectations::ExpectationNotMetError)
      ./features/step_definitions/chef-repo.rb:53:in `create_node'
      ./features/step_definitions/chef-repo.rb:29:in `block (2 levels) in <top (required)>'
      ./features/step_definitions/chef-repo.rb:27:in `each'
      ./features/step_definitions/chef-repo.rb:27:in `/^a local mode chef repo with nodes '(.+?)'(?: with admins '(.+?)')?$/'
      features/vault_show_vaultname.feature:18:in `a local mode chef repo with nodes 'one,two,three''
    And I create a data bag 'notavault' containing the JSON '{"id": "item", "foo": "bar"}' # features/step_definitions/chef-databag.rb:1
    And I show the keys of the vault 'notavault'                                           # features/step_definitions/chef-vault.rb:117
    Then the output should match /data bag notavault is not a chef-vault/                  # aruba-0.14.14/lib/aruba/cucumber/command.rb:239

Feature: knife vault update
  'knife vault update' is used to add clients, or administrators
  and to re-run the search query and update the vault's item values.

  Scenario: add admin to a vault                                                                                                    # features/vault_update.feature:5
    Given a local mode chef repo with nodes 'one,two,three' with admins 'alice,bob'                                                 # features/step_definitions/chef-repo.rb:1
      expected "knife node create one -z -d -c config.rb" to be successfully executed (RSpec::Expectations::ExpectationNotMetError)
      ./features/step_definitions/chef-repo.rb:53:in `create_node'
      ./features/step_definitions/chef-repo.rb:29:in `block (2 levels) in <top (required)>'
      ./features/step_definitions/chef-repo.rb:27:in `each'
      ./features/step_definitions/chef-repo.rb:27:in `/^a local mode chef repo with nodes '(.+?)'(?: with admins '(.+?)')?$/'
      features/vault_update.feature:6:in `a local mode chef repo with nodes 'one,two,three' with admins 'alice,bob''
    When I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' with 'alice' as admin # features/step_definitions/chef-vault.rb:3
    Then the vault item 'test/item' should be encrypted for 'one,two,three'                                                         # features/step_definitions/chef-vault.rb:45
    And 'one,two,three' should be a client for the vault item 'test/item'                                                           # features/step_definitions/chef-vault.rb:70
    And 'alice' should be an admin for the vault item 'test/item'                                                                   # features/step_definitions/chef-vault.rb:85
    And I can decrypt the vault item 'test/item' as 'alice'                                                                         # features/step_definitions/chef-vault.rb:104
    But I can't decrypt the vault item 'test/item' as 'bob'                                                                         # features/step_definitions/chef-vault.rb:104
    And I can save the JSON object of the encrypted data bag for the vault item 'test/item'                                         # features/step_definitions/chef-vault.rb:137
    When I add 'bob' as an admin for the vault item 'test/item'                                                                     # features/step_definitions/chef-vault.rb:113
    Then 'alice,bob' should be an admin for the vault item 'test/item'                                                              # features/step_definitions/chef-vault.rb:85
    And I can decrypt the vault item 'test/item' as 'alice'                                                                         # features/step_definitions/chef-vault.rb:104
    And I can decrypt the vault item 'test/item' as 'bob'                                                                           # features/step_definitions/chef-vault.rb:104
    And the data bag of the vault item 'test/item' has not been re-encrypted                                                        # features/step_definitions/chef-vault.rb:144

Feature: knife vault create with mismatched ID
  'knife vault create' creates a vault.  A JSON file can be passed
  on the command line.  If the vault ID specified on the command line
  does not match the value of the 'id' key in the JSON file, knife
  should throw an error

  Scenario: create vault from JSON file with mismatched ID                                                     # features/verify_id_matches.feature:7
    Given a local mode chef repo with nodes 'one,two,three'                                                    # features/step_definitions/chef-repo.rb:1
      expected "knife node create one -z -d -c config.rb" to be successfully executed (RSpec::Expectations::ExpectationNotMetError)
      ./features/step_definitions/chef-repo.rb:53:in `create_node'
      ./features/step_definitions/chef-repo.rb:29:in `block (2 levels) in <top (required)>'
      ./features/step_definitions/chef-repo.rb:27:in `each'
      ./features/step_definitions/chef-repo.rb:27:in `/^a local mode chef repo with nodes '(.+?)'(?: with admins '(.+?)')?$/'
      features/verify_id_matches.feature:8:in `a local mode chef repo with nodes 'one,two,three''
    And I create a vault item 'test/item' containing the JSON '{"id": "eyetem"}' encrypted for 'one,two,three' # features/step_definitions/chef-vault.rb:3
    Then the output should match /id mismatch - input JSON has id 'eyetem' but vault item has id 'item'/       # aruba-0.14.14/lib/aruba/cucumber/command.rb:239

Feature: Wrong private key during decrypt
  https://github.com/Nordstrom/chef-vault/issues/43
  If a vault is encrypted for a node and then the node's private
  key is regenerated, the error that comes back from chef-vault
  should be informative, not a lower-level error from OpenSSL
  like 'OpenSSL::PKey::RSAError: padding check failed'

  Scenario: Regenerate node key and attempt decrypt                                                          # features/wrong_private_key.feature:8
    Given a local mode chef repo with nodes 'one,two'                                                        # features/step_definitions/chef-repo.rb:1
      expected "knife node create one -z -d -c config.rb" to be successfully executed (RSpec::Expectations::ExpectationNotMetError)
      ./features/step_definitions/chef-repo.rb:53:in `create_node'
      ./features/step_definitions/chef-repo.rb:29:in `block (2 levels) in <top (required)>'
      ./features/step_definitions/chef-repo.rb:27:in `each'
      ./features/step_definitions/chef-repo.rb:27:in `/^a local mode chef repo with nodes '(.+?)'(?: with admins '(.+?)')?$/'
      features/wrong_private_key.feature:9:in `a local mode chef repo with nodes 'one,two''
    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two'       # features/step_definitions/chef-vault.rb:3
    And I regenerate the client key for the node 'one'                                                       # features/step_definitions/chef-repo.rb:43
    And I try to decrypt the vault item 'test/item' as 'one'                                                 # features/step_definitions/chef-vault.rb:41
    Then the output should match /is encrypted for you, but your private key failed to decrypt the contents/ # aruba-0.14.14/lib/aruba/cucumber/command.rb:239

Failing Scenarios:
cucumber features/clean.feature:10 # Scenario: Do not clean client keys on update
cucumber features/clean.feature:17 # Scenario: Clean client keys on update
cucumber features/clean_on_refresh.feature:8 # Scenario: Refresh without clean option
cucumber features/clean_on_refresh.feature:17 # Scenario: Refresh with clean option
cucumber features/clean_unknown_clients.feature:10 # Scenario: Prune clients when rotating keys
cucumber features/clean_unknown_clients.feature:22 # Scenario: Prune clients when rotating all keys
cucumber features/clean_unknown_clients.feature:35 # Scenario: Prune clients when node gone but client exists
cucumber features/detect_and_warn_v1_vault.feature:7 # Scenario: Add search query to v1 vault
cucumber features/isvault.feature:5 # Scenario: detect vault item
cucumber features/isvault.feature:11 # Scenario: detect vault item with keys in sparse mode
cucumber features/isvault.feature:17 # Scenario: detect non-vault item (encrypted data bag)
cucumber features/isvault.feature:24 # Scenario: detect non-vault item (normal data bag)
cucumber features/itemtype.feature:6 # Scenario: detect vault item
cucumber features/itemtype.feature:12 # Scenario: detect non-vault item (encrypted data bag)
cucumber features/itemtype.feature:19 # Scenario: detect non-vault item (normal data bag)
cucumber features/vault_create.feature:9 # Scenario: create vault with all known clients
cucumber features/vault_create.feature:15 # Scenario: create vault with all unknown clients
cucumber features/vault_create.feature:24 # Scenario: create vault with mix of known and unknown clients
cucumber features/vault_create.feature:33 # Scenario: create vault with mix of known and unknown nodes
cucumber features/vault_create.feature:40 # Scenario: create vault with several admins
cucumber features/vault_create.feature:49 # Scenario: create vault with several admins in sparse mode
cucumber features/vault_create.feature:59 # Scenario: create vault with an unknown admin
cucumber features/vault_list.feature:7 # Scenario: List bags that are vaults
cucumber features/vault_list.feature:13 # Scenario: List bags that are vaults with keys in sparse mode
cucumber features/vault_list.feature:19 # Scenario: Skip data bags that are not vaults
cucumber features/vault_show.feature:7 # Scenario: successful decrypt as admin
cucumber features/vault_show.feature:17 # Scenario: successful decrypt as node
cucumber features/vault_show.feature:27 # Scenario: failed decrypt as admin
cucumber features/vault_show.feature:37 # Scenario: failed decrypt as node
cucumber features/vault_show_vaultname.feature:5 # Scenario: show keys of a vault
cucumber features/vault_show_vaultname.feature:17 # Scenario: show keys of a data bag that is not a vault
cucumber features/vault_update.feature:5 # Scenario: add admin to a vault
cucumber features/verify_id_matches.feature:7 # Scenario: create vault from JSON file with mismatched ID
cucumber features/wrong_private_key.feature:8 # Scenario: Regenerate node key and attempt decrypt

34 scenarios (34 failed)
227 steps (34 failed, 193 skipped)
22m22.717s

Expected Result:

Tests should be passing on windows

Actual Result:

Tests are failing on windows
@dheerajd-msys dheerajd-msys added Type: Bug Does not work as expected. Status: Untriaged An issue that has yet to be triaged. labels Jul 8, 2020
@shindemahendra shindemahendra removed the Status: Untriaged An issue that has yet to be triaged. label Jul 31, 2020
@ayushbhatt29 ayushbhatt29 removed their assignment Dec 9, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type: Bug Does not work as expected.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dheerajd-msys @shindemahendra @sanga1794 @ayushbhatt29