chef-conceal 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 992c2724709c43673c564439429a69a8deb6fa8a
+  data.tar.gz: f584c566f6f69444d76e1c8bc9f526f8a56c4de6
+SHA512:
+  metadata.gz: 969f03c578f713317441b343d9e984cef53755eea150e65c985782a25c0a5173b112bab615defabebe8632aafca923ace49e64ea863851ce0b4dd79aa4fc4ede
+  data.tar.gz: 99dda118883ee749d914aab333bf85c9f6dd503c269f116d1b87cb93d92af1611f587cef1e56b539e14c380dc848ad1b3f2ef4387ef51fa87aecb616feba4f52

data/.gitignore

@@ -0,0 +1,22 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+gemspec
+
+gem 'conceal', path: '~/dev/work/conceal'

data/LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2014 Ben Scott
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,16 @@
+# Chef::Conceal
+
+A gem and chef recipe that includes a helper method to make it easier to work with encrypted data in cookbooks.
+
+## Installation
+
+Add this line to your cookbooks's Berksfile:
+
+    cookbook 'chef-conceal'
+
+## Usage
+
+```ruby
+include_recipe 'chef-conceal::default'
+decrypt(node[:my_app][:database][:password])
+```

data/Rakefile

@@ -0,0 +1,2 @@
+require "bundler/gem_tasks"
+

data/chef-conceal.gemspec

@@ -0,0 +1,27 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'chef/conceal/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'chef-conceal'
+  spec.version       = Chef::Conceal::VERSION
+  spec.authors       = ['Ben Scott']
+  spec.email         = ['gamepoet@gmail.com']
+  spec.summary       = 'Adds a helper method to chef make decryption easier'
+  spec.description   = 'Adds the decrypt helper method to the chef DSL to allow the use of encrypted attributes.'
+  spec.homepage      = 'https://github.com/gamepoet/chef-conceal'
+  spec.license       = 'MIT'
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ['lib']
+
+  spec.required_ruby_version = '>= 1.9.3'
+
+  spec.add_dependency 'conceal', '~> 0.1'
+
+  spec.add_development_dependency 'bundler', '~> 1.6'
+  spec.add_development_dependency 'rake',   '>= 0.8.7'
+end

data/cookbook/.gitignore

@@ -0,0 +1,20 @@
+*~
+*#
+.#*
+\#*#
+.*.sw[a-z]
+*.un~
+pkg/
+
+# Berkshelf
+.vagrant
+/cookbooks
+Berksfile.lock
+
+# Bundler
+Gemfile.lock
+bin/*
+.bundle/*
+
+.kitchen/
+.kitchen.local.yml

data/cookbook/.kitchen.yml

@@ -0,0 +1,22 @@
+---
+driver:
+  name: vagrant
+  synced_folders:
+    - ["<%= File.expand_path('../../pkg', __FILE__) %>", '/pkg/chef-conceal']
+
+provisioner:
+  name: chef_zero
+
+platforms:
+  - name: ubuntu-12.04
+
+suites:
+  - name: default
+    encrypted_data_bag_secret_key_path: test/encrypted_data_bag_secret
+    run_list:
+      - recipe[chef-conceal]
+    attributes:
+      chef-conceal:
+        _local_deploy: true
+        test:
+          password: 1:aes-256-cbc:7OEC+eudCge8z4cacPHPdg==:MWY5NWNmOTRmNmRhOWQ5NWE4MTRhNzM5Mzk4Mzg0ZTRhN2U1ZmIwNWM4ZWVlNDZlOTc2MmFiMGQwNDhhZDg5OTQ0YTJjZTRjZjVlOTY5ZWYzODljZmNlMTE2ZDBmMTMxNzI1ZTJiM2NkNTI5ZmFjMDA4MDhkZGI5NWU3YWZmNzgyMzdjNGYxMDQyNmQ1Y2ViZWRlMjY4YTc1ZTQzOGE4NzQ2ODUyZGUwOTY5YzExODY4OGY0YTg3MGFjNzc3ZmVlMzRiMTgyZGU0YjhiZDk0YmQwNjgyYTZmZGU2YTc1ZmEyYjJlYmE3ZjNlZjUzNWY5NjZlOGYyYmQ4YjY1YmEzYQ==:wjvtsF9WxPyzNYTi0cj19xF5UTe91TEmk2T1BAFEsKs=:+gZ0hSVyB2ZJI66vRzifMsy7fFGD1gnF6DE8otLVQNPA54cmeTrNHAWq/OYBi1mV

data/cookbook/Berksfile

@@ -0,0 +1,3 @@
+source "https://supermarket.getchef.com"
+
+metadata

data/cookbook/CHANGELOG.md

@@ -0,0 +1,5 @@
+# Changelog
+
+## 0.1.0 (pending)
+
+* Initial release

data/cookbook/Gemfile

@@ -0,0 +1,18 @@
+source 'https://rubygems.org'
+
+gem 'berkshelf'
+
+# Uncomment these lines if you want to live on the Edge:
+#
+# group :development do
+#   gem "berkshelf", github: "berkshelf/berkshelf"
+#   gem "vagrant", github: "mitchellh/vagrant", tag: "v1.5.2"
+# end
+#
+# group :plugins do
+#   gem "vagrant-berkshelf", github: "berkshelf/vagrant-berkshelf"
+#   gem "vagrant-omnibus", github: "schisamo/vagrant-omnibus"
+# end
+
+gem 'test-kitchen'
+gem 'kitchen-vagrant'

data/cookbook/LICENSE

@@ -0,0 +1,3 @@
+Copyright (C) 2014 YOUR_NAME
+
+All rights reserved - Do Not Redistribute

data/cookbook/README.md

@@ -0,0 +1,58 @@
+# chef-conceal
+
+Chef-conceal is a gem and chef recipe that includes a helpful DSL method to decrypt attributes with encrypted content using the encrypted_data_bag_secret file as the key.
+
+## Supported Platforms
+
+* Ubuntu
+
+## Installation
+
+Add `chef-conceal` to your `Berksfile`:
+
+```ruby
+cookbook 'chef-conceal'
+```
+
+## Usage
+
+In order to use chef-conceal in your recipes, you'll first need to include it:
+
+```ruby
+include_recipe 'chef-conceal'
+```
+
+This will extend the recipe, resource, and provider DSLs with a `decrypt` convenience method.
+
+## Encrypting plaintext
+
+Use the `conceal` gem (https://github.com/gamepoet/conceal) to encrypt your plaintext into an encoded string. Generating a new password and putting it in the clipboard can be as easy as:
+
+```
+$ ruby -rsecurerandom -e 'print SecureRandom.urlsafe_base64(32)' | conceal encrypt ~/.chef/encrypted_data_bag_secret | pbcopy
+```
+
+## Examples
+
+Given a chef environment
+
+```
+$ knife environment show chef_conceal_example
+chef_type: environment
+default_attributes:
+  my_password: '1:aes-256-cbc:toekea56oRvQG1KpJNo2tw==:NjI2MjFmNjliODk4ZDM0YjJmNTQzNzdhMDdlMTBjZjhhMTUyZDQ0NTkyNjVlYjY1ODM4OTk4YmI0NDA0MmFlMDAzNWE4MDYwNjdmMDA3MTAxZWQ1NjBjZGNjMGYxNGNjYTM2YzMzYWIzYzYyNTFjNGYxZWQzNGFkYjkzZTgyN2M3YzBjY2JhNDUzNWVjYjkwY2FmODEzNGJhNWRkZmNmZGI2ZTM0NWI0MzUzMGZhODY1OGIxNjU5NjU0N2JiMDg1NzMxNWEzMmMxYWRiNzBjNWZkZWJhZDFhYzVhMGM4NzllYTQyNjViODVlOWMwYTIxZjM1OGYzZWJkMTBmY2M0Zg==:oh8bn5krZvMKiIzYt5LFEvEZMZt3sDS2Q4jL97Vty0g=:rnaFQ4su+/tSjtondhXKbSlbmbmLSIndPaBA++2kMgw='
+json_class: Chef::Environment
+name: chef_conceal_example
+```
+
+You could then write a recipe that references the decrypted content of the attribute with the `decrypt` function which will automatically use your `encrypted_data_bag_secret` as the key.
+
+```ruby
+include_recipe 'chef-conceal'
+
+log decrypt(node[:my_password])
+```
+
+## Authors
+
+* Ben Scott (<gamepoet@gmail.com>)

data/cookbook/Thorfile

@@ -0,0 +1,12 @@
+# encoding: utf-8
+
+require 'bundler'
+require 'bundler/setup'
+require 'berkshelf/thor'
+
+begin
+  require 'kitchen/thor_tasks'
+  Kitchen::ThorTasks.new
+rescue LoadError
+  puts ">>>>> Kitchen gem not loaded, omitting tasks" unless ENV['CI']
+end

data/cookbook/Vagrantfile

@@ -0,0 +1,88 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
+VAGRANTFILE_API_VERSION = "2"
+
+Vagrant.require_version ">= 1.5.0"
+
+Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
+  # All Vagrant configuration is done here. The most common configuration
+  # options are documented and commented below. For a complete reference,
+  # please see the online documentation at vagrantup.com.
+
+  config.vm.hostname = "chef-conceal-berkshelf"
+
+  # Set the version of chef to install using the vagrant-omnibus plugin
+  config.omnibus.chef_version = :latest
+
+  # Every Vagrant virtual environment requires a box to build off of.
+  # If this value is a shorthand to a box in Vagrant Cloud then 
+  # config.vm.box_url doesn't need to be specified.
+  config.vm.box = "chef/ubuntu-14.04"
+
+  # The url from where the 'config.vm.box' box will be fetched if it
+  # is not a Vagrant Cloud box and if it doesn't already exist on the 
+  # user's system.
+  # config.vm.box_url = "https://vagrantcloud.com/chef/ubuntu-14.04/version/1/provider/virtualbox.box"
+
+  # Assign this VM to a host-only network IP, allowing you to access it
+  # via the IP. Host-only networks can talk to the host machine as well as
+  # any other machines on the same network, but cannot be accessed (through this
+  # network interface) by any external networks.
+  config.vm.network :private_network, type: "dhcp"
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+  # config.vm.provider :virtualbox do |vb|
+  #   # Don't boot with headless mode
+  #   vb.gui = true
+  #
+  #   # Use VBoxManage to customize the VM. For example to change memory:
+  #   vb.customize ["modifyvm", :id, "--memory", "1024"]
+  # end
+  #
+  # View the documentation for the provider you're using for more
+  # information on available options.
+
+  # The path to the Berksfile to use with Vagrant Berkshelf
+  # config.berkshelf.berksfile_path = "./Berksfile"
+
+  # Enabling the Berkshelf plugin. To enable this globally, add this configuration
+  # option to your ~/.vagrant.d/Vagrantfile file
+  config.berkshelf.enabled = true
+
+  # An array of symbols representing groups of cookbook described in the Vagrantfile
+  # to exclusively install and copy to Vagrant's shelf.
+  # config.berkshelf.only = []
+
+  # An array of symbols representing groups of cookbook described in the Vagrantfile
+  # to skip installing and copying to Vagrant's shelf.
+  # config.berkshelf.except = []
+
+  config.vm.provision :chef_solo do |chef|
+    chef.json = {
+      mysql: {
+        server_root_password: 'rootpass',
+        server_debian_password: 'debpass',
+        server_repl_password: 'replpass'
+      }
+    }
+
+    chef.run_list = [
+        "recipe[chef-conceal::default]"
+    ]
+  end
+end

data/cookbook/chefignore

@@ -0,0 +1,94 @@
+# Put files/directories that should be ignored in this file when uploading
+# or sharing to the community site.
+# Lines that start with '# ' are comments.
+
+# OS generated files #
+######################
+.DS_Store
+Icon?
+nohup.out
+ehthumbs.db
+Thumbs.db
+
+# SASS #
+########
+.sass-cache
+
+# EDITORS #
+###########
+\#*
+.#*
+*~
+*.sw[a-z]
+*.bak
+REVISION
+TAGS*
+tmtags
+*_flymake.*
+*_flymake
+*.tmproj
+.project
+.settings
+mkmf.log
+
+## COMPILED ##
+##############
+a.out
+*.o
+*.pyc
+*.so
+*.com
+*.class
+*.dll
+*.exe
+*/rdoc/
+
+# Testing #
+###########
+.watchr
+.rspec
+spec/*
+spec/fixtures/*
+test/*
+features/*
+Guardfile
+Procfile
+
+# SCM #
+#######
+.git
+*/.git
+.gitignore
+.gitmodules
+.gitconfig
+.gitattributes
+.svn
+*/.bzr/*
+*/.hg/*
+*/.svn/*
+
+# Berkshelf #
+#############
+cookbooks/*
+tmp
+
+# Cookbooks #
+#############
+CONTRIBUTING
+CHANGELOG*
+
+# Strainer #
+############
+Colanderfile
+Strainerfile
+.colander
+.strainer
+
+# Vagrant #
+###########
+.vagrant
+Vagrantfile
+
+# Travis #
+##########
+.travis.yml

data/cookbook/metadata.rb

@@ -0,0 +1,9 @@
+name             'chef-conceal'
+maintainer       'Ben Scott'
+maintainer_email 'gamepoet@gmail.com'
+license          'MIT'
+description      'Adds a decrypt function so you can store secrets in attributes.'
+long_description 'Adds a DSL function to let you decrypt attribute values encrypted with the conceal gem.'
+version          IO.read(File.expand_path('../../lib/chef/conceal/version.rb', __FILE__)).sub(/\A.*VERSION\s*=\s*['"]([^'"]+)['"].*\z/m, '\1')
+
+supports 'ubuntu'

data/cookbook/recipes/default.rb

@@ -0,0 +1,9 @@
+chef_gem 'chef-conceal' do
+  version run_context.cookbook_collection['chef-conceal'].version
+  if node[:'chef-conceal'][:_local_deploy]
+    source "/pkg/chef-conceal/chef-conceal-#{run_context.cookbook_collection['chef-conceal'].version}.gem"
+  end
+  action :nothing
+end.run_action(:install)
+
+require 'chef/conceal'

data/cookbook/test/encrypted_data_bag_secret

@@ -0,0 +1 @@
+TXTBeyB5gD4D3lTv5TJYmQ1gzgik2HZPFksJjDE+QLnhaMrJntOzfip20r9ddb0fN/dK9h59iVVYMBVR10JY71Tyuz21oj6kvpJFlxJqxjk1VZwR7J56/A5ETCBxtv07Ql3X/69BkzlVvSZ9kIoT/S0zyW5t4NsFlm9UczwYCjb5w4B8MIYfrtP9DAtK16Xc4F113hLWM5H6CvZFoesSJnNjjoMR8rE7Yox5OB8DFZlfP9Nu20reBr3WoX7eKwY8rQulMMQpMf/n+dlHAlz8Njv8pS5XvlXTJkKUvj1lK4v1NzGlcqIxiFhR7Yvskt6NJjGarBEJDnq48BDyKUgEATGTfQn4Sy0LQlF00CmMNXGVFLz+PRvaHOZTG6kEss47LkEo2sn456bBgGnoJyBRV6VBB4WACnPqyjYobSVkXRptx3qYDtCbBqfOSqrvEkpMjhHDCtDvPujIf8xMUdq1JSZfcWRAmcBa5oorBxQf/mnZWsNxl6AaxD4ZaCxg0qoVj/c/fNBYqtkLlCGv/J2ZXZ4qRqkshcRwrL6r4Foa8v/BbhHfiNccweTtFmZ9SiqttmDvA6kw4CUMR73qhkvidF91CmWmM7u65qp3/mPYHbkU1TlCVaS+CZ8xgRJSQKZPDmuDdE00yFSVKRDVhQBT/7IqS5/LCW+3qnTc5vngEcE=

data/lib/chef/conceal.rb

@@ -0,0 +1,21 @@
+require 'chef/conceal/version'
+require 'chef/encrypted_data_bag_item'
+require 'chef/recipe'
+require 'chef/resource'
+require 'chef/provider'
+require 'conceal'
+
+class Chef
+  module Conceal
+    module DSL
+      def decrypt(data)
+        key = Chef::EncryptedDataBagItem.load_secret
+        ::Conceal.decrypt(data, key: key)
+      end
+    end
+  end
+end
+
+Chef::Recipe.send(:include, Chef::Conceal::DSL)
+Chef::Resource.send(:include, Chef::Conceal::DSL)
+Chef::Provider.send(:include, Chef::Conceal::DSL)

data/lib/chef/conceal/version.rb

@@ -0,0 +1,5 @@
+class Chef
+  module Conceal
+    VERSION = '0.1.0'
+  end
+end

metadata

@@ -0,0 +1,109 @@
+--- !ruby/object:Gem::Specification
+name: chef-conceal
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Ben Scott
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-09-06 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: conceal
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.8.7
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.8.7
+description: Adds the decrypt helper method to the chef DSL to allow the use of encrypted
+  attributes.
+email:
+- gamepoet@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- chef-conceal.gemspec
+- cookbook/.gitignore
+- cookbook/.kitchen.yml
+- cookbook/Berksfile
+- cookbook/CHANGELOG.md
+- cookbook/Gemfile
+- cookbook/LICENSE
+- cookbook/README.md
+- cookbook/Thorfile
+- cookbook/Vagrantfile
+- cookbook/chefignore
+- cookbook/metadata.rb
+- cookbook/recipes/default.rb
+- cookbook/test/encrypted_data_bag_secret
+- lib/chef/conceal.rb
+- lib/chef/conceal/version.rb
+homepage: https://github.com/gamepoet/chef-conceal
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 1.9.3
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: Adds a helper method to chef make decryption easier
+test_files: []
+has_rdoc: