chef-encrypted-attributes 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/INTERNAL.md +1 -0
- data/README.md +7 -5
- data/lib/chef/encrypted_attribute/encrypted_mash/version0.rb +18 -1
- data/lib/chef/encrypted_attribute/version.rb +1 -1
- metadata +6 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 17b97315e38f6e17547fb5686b485d628c84b40e
|
4
|
+
data.tar.gz: c475bd6e9f5631ffa0727cc2685938fa3263c611
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a24fde54be4cd23dd3215095a7d72f54c25589b3282dbf364569f11cb8e4f98dd92a41219d3962968456f0d5213984bbde841fca33025f404e426f7f9a8a1d42
|
7
|
+
data.tar.gz: ddd03f1b5e9b6a61b6c6d4dbde9239410094130d146b72a19a6024f7d7639159303b7337733bb2999e4d27211c5e8696f14862bfd67eb83253fe650682046f5d
|
data/CHANGELOG.md
CHANGED
@@ -2,6 +2,14 @@
|
|
2
2
|
|
3
3
|
This file is used to list changes made in each version of `chef-encrypted-attributes`.
|
4
4
|
|
5
|
+
## 0.1.1:
|
6
|
+
|
7
|
+
* gemspec: replaced open-ended chef dependency by `~> 11.4`
|
8
|
+
* Fixed ruby `1.9.2` decryption (uses `PKCS#1` for public key format)
|
9
|
+
* README: added `encrypted_attributes` cookbook link
|
10
|
+
* INTERNAL doc: added `EncryptedMash` class name to the Version0 structure
|
11
|
+
* Added shields.io badges
|
12
|
+
|
5
13
|
## 0.1.0:
|
6
14
|
|
7
15
|
* Initial release of `chef-encrypted-attributes`
|
data/INTERNAL.md
CHANGED
@@ -23,6 +23,7 @@ This is the first version, considered old. Uses public key cryptography (PKI) to
|
|
23
23
|
If you try to read this encrypted attribute structure, you can see a `Chef::Mash` attribute with the following content:
|
24
24
|
|
25
25
|
```
|
26
|
+
EncryptedMash
|
26
27
|
└── encrypted_data
|
27
28
|
├── pub_key_hash1: The data encrypted using PKI for the public key 1 (base64)
|
28
29
|
├── pub_key_hash2: The data encrypted using PKI for the public key 2 (base64)
|
data/README.md
CHANGED
@@ -1,11 +1,13 @@
|
|
1
1
|
# Chef-Encrypted-Attributes
|
2
|
-
[![Gem Version](
|
3
|
-
[![Dependency Status](
|
4
|
-
[![Build Status](
|
5
|
-
[![Coverage Status](
|
2
|
+
[![Gem Version](http://img.shields.io/gem/v/chef-encrypted-attributes.svg?style=flat)](http://badge.fury.io/rb/chef-encrypted-attributes)
|
3
|
+
[![Dependency Status](http://img.shields.io/gemnasium/onddo/chef-encrypted-attributes.svg?style=flat)](https://gemnasium.com/onddo/chef-encrypted-attributes)
|
4
|
+
[![Build Status](http://img.shields.io/travis/onddo/chef-encrypted-attributes.svg?style=flat)](https://travis-ci.org/onddo/chef-encrypted-attributes)
|
5
|
+
[![Coverage Status](http://img.shields.io/coveralls/onddo/chef-encrypted-attributes.svg?style=flat)](https://coveralls.io/r/onddo/chef-encrypted-attributes?branch=master)
|
6
6
|
|
7
7
|
[Chef](http://www.getchef.com) plugin to add Node encrypted attributes support using client keys.
|
8
8
|
|
9
|
+
We recommend using the [encrypted_attributes cookbook](http://community.opscode.com/cookbooks/encrypted_attributes) for easy installation.
|
10
|
+
|
9
11
|
## Description
|
10
12
|
|
11
13
|
Node attributes are encrypted using chef client and user keys with public key infrastructure (PKI). You can choose which clients, nodes or users will be able to read the attribute.
|
@@ -15,7 +17,7 @@ Node clients with read access can be specified using a `client_search` query. In
|
|
15
17
|
## Requirements
|
16
18
|
|
17
19
|
* Ruby `>= 1.9`
|
18
|
-
* Chef Client
|
20
|
+
* Chef Client `~> 11.4`
|
19
21
|
* yajl-ruby `~> 1.1` (included with Chef)
|
20
22
|
|
21
23
|
## Usage in Recipes
|
@@ -101,8 +101,25 @@ class Chef
|
|
101
101
|
raise DecryptionFailure, "#{e.class.name}: #{e.to_s}"
|
102
102
|
end
|
103
103
|
|
104
|
+
# Heavily based on @sl4m code: https://gist.github.com/sl4m/1470360
|
105
|
+
def rsa_ensure_x509(rsa)
|
106
|
+
if RUBY_VERSION < '1.9.3'
|
107
|
+
modulus = rsa.n
|
108
|
+
exponent = rsa.e
|
109
|
+
|
110
|
+
oid = OpenSSL::ASN1::ObjectId.new('rsaEncryption')
|
111
|
+
alg_id = OpenSSL::ASN1::Sequence.new([oid, OpenSSL::ASN1::Null.new(nil)])
|
112
|
+
ary = [OpenSSL::ASN1::Integer.new(modulus), OpenSSL::ASN1::Integer.new(exponent)]
|
113
|
+
pub_key = OpenSSL::ASN1::Sequence.new(ary)
|
114
|
+
enc_pk = OpenSSL::ASN1::BitString.new(pub_key.to_der)
|
115
|
+
subject_pk_info = OpenSSL::ASN1::Sequence.new([alg_id, enc_pk])
|
116
|
+
else
|
117
|
+
rsa
|
118
|
+
end
|
119
|
+
end
|
120
|
+
|
104
121
|
def node_key(public_key)
|
105
|
-
Digest::SHA1.hexdigest(public_key.to_der)
|
122
|
+
Digest::SHA1.hexdigest(rsa_ensure_x509(public_key).to_der)
|
106
123
|
end
|
107
124
|
|
108
125
|
def rsa_encrypt_value(value, public_key)
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: chef-encrypted-attributes
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Onddo Labs, SL.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2014-05-
|
11
|
+
date: 2014-05-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: yajl-ruby
|
@@ -28,16 +28,16 @@ dependencies:
|
|
28
28
|
name: chef
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
|
-
- -
|
31
|
+
- - ~>
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: 11.4
|
33
|
+
version: '11.4'
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
|
-
- -
|
38
|
+
- - ~>
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: 11.4
|
40
|
+
version: '11.4'
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: rake
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|