item_spec.rb in chef-vault-2.9.0

- old
+ new

@@ -196,11 +196,11 @@
       privkey = double "private key contents"
       allow(privkey).to receive(:private_decrypt).and_return("sekrit")
       allow(OpenSSL::PKey::RSA).to receive(:new).and_return(privkey)
       allow(Chef::EncryptedDataBagItem).to receive(:load).and_return(
         "id" => "bar",
-        "password" => "12345",
+        "password" => "12345"
       )
       item = ChefVault::Item.load(
         "foo", "bar",
         node_name: "baz",
         client_key_path: "/foo/client.pem"
@@ -222,9 +222,38 @@
     it "validates that the id of the vault matches the id of the keys data bag" do
       item = ChefVault::Item.new("foo", "bar")
       item["id"] = "baz"
       item.keys["clients"] = %w{admin}
       expect { item.save }.to raise_error(ChefVault::Exceptions::IdMismatch)
+    end
+  end
+
+  describe '#refresh' do
+
+    it "saves only the keys" do
+      keys = double("keys",
+                    search_query: "*:*",
+                    add: nil,
+                    admins: [],
+                    clients: ["testnode"])
+      allow(keys).to receive(:[]).with("id").and_return("bar_keys")
+      allow(ChefVault::ItemKeys).to receive(:new).and_return(keys)
+
+      item = ChefVault::Item.new("foo", "bar")
+
+      node  = double("node", name: "testnode")
+      query = double("query")
+      allow(Chef::Search::Query).to receive(:new).and_return(query)
+      allow(query).to receive(:search).and_yield(node)
+
+      client = double("client",
+                     name: "testclient",
+                     public_key: OpenSSL::PKey::RSA.new(1024).public_key)
+      allow(ChefVault::ChefPatch::ApiClient).to receive(:load).and_return(client)
+
+      expect(item).not_to receive(:save)
+      expect(keys).to receive(:save)
+      item.refresh
     end
   end
 
   describe '#clients' do
     include BorkedNodeWithoutPublicKey