1

So in my recipe I have the following:

secret = Chef::EncryptedDataBagItem.load_secret("/root/.chef/encrypted_data_bag_secret")

# Decrypt the data bag
creds = Chef::EncryptedDataBagItem.load("passwords", "mysql-root", secret)

How can I override these lines with my test data? The recipe installs a MySQL database, hence, I would like to test for the existence of the DB.

sdot257
  • 10,046
  • 26
  • 88
  • 122

2 Answers2

1

i have created separate data bags for test with the desired secrets and load them, if its a test kitchen run

OK999
  • 1,353
  • 2
  • 19
  • 39
  • my first foray into test kitchen and chef...do you actually use the same values that you would in prod? for example, i have a root password set in the data bag for mysql install. this gets set in the recipe but during test kitchen my test fail if i dont have the right password. therefore, i need to reference the password from the encrypted data bag. – sdot257 Aug 18 '17 at 19:17
  • Why dont u set a different test password/acc for the test env ... i build local kitchen vm... so i have different secrets wrt prod – OK999 Aug 18 '17 at 19:19
  • well, the recipe references a root password to use from an encrypted data bag. wouldnt test kitchen run and need said password? but i think what you're implying is i can make the recipe read from a different data bag all toigether? – sdot257 Aug 18 '17 at 19:21
0

The best approach is to not use encrypted bags at all for testing, change your code to use the data_bag_item() helper instead of the underlying classes and it will work with both. Then just put some normal data bag fixtures in test/integration/data_bags/ (or set data_bags_path in your config to load from elsewhere).

coderanger
  • 52,400
  • 4
  • 52
  • 75