chef-encrypted-attributes 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/INTERNAL.md +1 -0
- data/README.md +7 -5
- data/lib/chef/encrypted_attribute/encrypted_mash/version0.rb +18 -1
- data/lib/chef/encrypted_attribute/version.rb +1 -1
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 17b97315e38f6e17547fb5686b485d628c84b40e
|
|
4
|
+
data.tar.gz: c475bd6e9f5631ffa0727cc2685938fa3263c611
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a24fde54be4cd23dd3215095a7d72f54c25589b3282dbf364569f11cb8e4f98dd92a41219d3962968456f0d5213984bbde841fca33025f404e426f7f9a8a1d42
|
|
7
|
+
data.tar.gz: ddd03f1b5e9b6a61b6c6d4dbde9239410094130d146b72a19a6024f7d7639159303b7337733bb2999e4d27211c5e8696f14862bfd67eb83253fe650682046f5d
|
data/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,14 @@
|
|
|
2
2
|
|
|
3
3
|
This file is used to list changes made in each version of `chef-encrypted-attributes`.
|
|
4
4
|
|
|
5
|
+
## 0.1.1:
|
|
6
|
+
|
|
7
|
+
* gemspec: replaced open-ended chef dependency by `~> 11.4`
|
|
8
|
+
* Fixed ruby `1.9.2` decryption (uses `PKCS#1` for public key format)
|
|
9
|
+
* README: added `encrypted_attributes` cookbook link
|
|
10
|
+
* INTERNAL doc: added `EncryptedMash` class name to the Version0 structure
|
|
11
|
+
* Added shields.io badges
|
|
12
|
+
|
|
5
13
|
## 0.1.0:
|
|
6
14
|
|
|
7
15
|
* Initial release of `chef-encrypted-attributes`
|
data/INTERNAL.md
CHANGED
|
@@ -23,6 +23,7 @@ This is the first version, considered old. Uses public key cryptography (PKI) to
|
|
|
23
23
|
If you try to read this encrypted attribute structure, you can see a `Chef::Mash` attribute with the following content:
|
|
24
24
|
|
|
25
25
|
```
|
|
26
|
+
EncryptedMash
|
|
26
27
|
└── encrypted_data
|
|
27
28
|
├── pub_key_hash1: The data encrypted using PKI for the public key 1 (base64)
|
|
28
29
|
├── pub_key_hash2: The data encrypted using PKI for the public key 2 (base64)
|
data/README.md
CHANGED
|
@@ -1,11 +1,13 @@
|
|
|
1
1
|
# Chef-Encrypted-Attributes
|
|
2
|
-
[](http://badge.fury.io/rb/chef-encrypted-attributes)
|
|
3
|
+
[](https://gemnasium.com/onddo/chef-encrypted-attributes)
|
|
4
|
+
[](https://travis-ci.org/onddo/chef-encrypted-attributes)
|
|
5
|
+
[](https://coveralls.io/r/onddo/chef-encrypted-attributes?branch=master)
|
|
6
6
|
|
|
7
7
|
[Chef](http://www.getchef.com) plugin to add Node encrypted attributes support using client keys.
|
|
8
8
|
|
|
9
|
+
We recommend using the [encrypted_attributes cookbook](http://community.opscode.com/cookbooks/encrypted_attributes) for easy installation.
|
|
10
|
+
|
|
9
11
|
## Description
|
|
10
12
|
|
|
11
13
|
Node attributes are encrypted using chef client and user keys with public key infrastructure (PKI). You can choose which clients, nodes or users will be able to read the attribute.
|
|
@@ -15,7 +17,7 @@ Node clients with read access can be specified using a `client_search` query. In
|
|
|
15
17
|
## Requirements
|
|
16
18
|
|
|
17
19
|
* Ruby `>= 1.9`
|
|
18
|
-
* Chef Client
|
|
20
|
+
* Chef Client `~> 11.4`
|
|
19
21
|
* yajl-ruby `~> 1.1` (included with Chef)
|
|
20
22
|
|
|
21
23
|
## Usage in Recipes
|
|
@@ -101,8 +101,25 @@ class Chef
|
|
|
101
101
|
raise DecryptionFailure, "#{e.class.name}: #{e.to_s}"
|
|
102
102
|
end
|
|
103
103
|
|
|
104
|
+
# Heavily based on @sl4m code: https://gist.github.com/sl4m/1470360
|
|
105
|
+
def rsa_ensure_x509(rsa)
|
|
106
|
+
if RUBY_VERSION < '1.9.3'
|
|
107
|
+
modulus = rsa.n
|
|
108
|
+
exponent = rsa.e
|
|
109
|
+
|
|
110
|
+
oid = OpenSSL::ASN1::ObjectId.new('rsaEncryption')
|
|
111
|
+
alg_id = OpenSSL::ASN1::Sequence.new([oid, OpenSSL::ASN1::Null.new(nil)])
|
|
112
|
+
ary = [OpenSSL::ASN1::Integer.new(modulus), OpenSSL::ASN1::Integer.new(exponent)]
|
|
113
|
+
pub_key = OpenSSL::ASN1::Sequence.new(ary)
|
|
114
|
+
enc_pk = OpenSSL::ASN1::BitString.new(pub_key.to_der)
|
|
115
|
+
subject_pk_info = OpenSSL::ASN1::Sequence.new([alg_id, enc_pk])
|
|
116
|
+
else
|
|
117
|
+
rsa
|
|
118
|
+
end
|
|
119
|
+
end
|
|
120
|
+
|
|
104
121
|
def node_key(public_key)
|
|
105
|
-
Digest::SHA1.hexdigest(public_key.to_der)
|
|
122
|
+
Digest::SHA1.hexdigest(rsa_ensure_x509(public_key).to_der)
|
|
106
123
|
end
|
|
107
124
|
|
|
108
125
|
def rsa_encrypt_value(value, public_key)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: chef-encrypted-attributes
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Onddo Labs, SL.
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2014-05-
|
|
11
|
+
date: 2014-05-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: yajl-ruby
|
|
@@ -28,16 +28,16 @@ dependencies:
|
|
|
28
28
|
name: chef
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
|
-
- -
|
|
31
|
+
- - ~>
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: 11.4
|
|
33
|
+
version: '11.4'
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
|
-
- -
|
|
38
|
+
- - ~>
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: 11.4
|
|
40
|
+
version: '11.4'
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: rake
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|