chef-encrypted-attributes 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/API.md +163 -0
- data/CHANGELOG.md +7 -0
- data/INTERNAL.md +111 -0
- data/LICENSE +190 -0
- data/README.md +330 -0
- data/Rakefile +46 -0
- data/TESTING.md +45 -0
- data/TODO.md +20 -0
- data/lib/chef-encrypted-attributes.rb +19 -0
- data/lib/chef/encrypted_attribute.rb +218 -0
- data/lib/chef/encrypted_attribute/cache_lru.rb +74 -0
- data/lib/chef/encrypted_attribute/config.rb +200 -0
- data/lib/chef/encrypted_attribute/encrypted_mash.rb +122 -0
- data/lib/chef/encrypted_attribute/encrypted_mash/version0.rb +143 -0
- data/lib/chef/encrypted_attribute/encrypted_mash/version1.rb +140 -0
- data/lib/chef/encrypted_attribute/exceptions.rb +38 -0
- data/lib/chef/encrypted_attribute/local_node.rb +38 -0
- data/lib/chef/encrypted_attribute/remote_clients.rb +46 -0
- data/lib/chef/encrypted_attribute/remote_node.rb +111 -0
- data/lib/chef/encrypted_attribute/remote_users.rb +73 -0
- data/lib/chef/encrypted_attribute/search_helper.rb +144 -0
- data/lib/chef/encrypted_attribute/version.rb +23 -0
- data/lib/chef/knife/core/config.rb +19 -0
- data/lib/chef/knife/core/encrypted_attribute_editor_options.rb +100 -0
- data/lib/chef/knife/encrypted_attribute_create.rb +67 -0
- data/lib/chef/knife/encrypted_attribute_delete.rb +71 -0
- data/lib/chef/knife/encrypted_attribute_edit.rb +68 -0
- data/lib/chef/knife/encrypted_attribute_show.rb +86 -0
- data/lib/chef/knife/encrypted_attribute_update.rb +65 -0
- data/spec/benchmark_helper.rb +32 -0
- data/spec/integration_helper.rb +20 -0
- data/spec/spec_helper.rb +38 -0
- metadata +204 -0
@@ -0,0 +1,67 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Xabier de Zuazo (<xabier@onddo.com>)
|
3
|
+
# Copyright:: Copyright (c) 2014 Onddo Labs, SL. (www.onddo.com)
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
#
|
18
|
+
|
19
|
+
require 'chef/knife/encrypted_attribute_show'
|
20
|
+
require 'chef/knife/core/encrypted_attribute_editor_options'
|
21
|
+
|
22
|
+
class Chef
|
23
|
+
class Knife
|
24
|
+
class EncryptedAttributeCreate < EncryptedAttributeShow
|
25
|
+
|
26
|
+
include Knife::Core::EncryptedAttributeEditorOptions
|
27
|
+
|
28
|
+
option :input_format,
|
29
|
+
:short => '-i FORMAT',
|
30
|
+
:long => '--input-format FORMAT',
|
31
|
+
:description => 'Input (EDITOR) format, supported formats are "plain" (default) and "json"'
|
32
|
+
|
33
|
+
banner 'knife encrypted attribute create NODE ATTRIBUTE (options)'
|
34
|
+
|
35
|
+
def run
|
36
|
+
node_name = @name_args[0]
|
37
|
+
attr_path = @name_args[1]
|
38
|
+
|
39
|
+
if node_name.nil?
|
40
|
+
show_usage
|
41
|
+
ui.fatal('You must specify a node name')
|
42
|
+
exit 1
|
43
|
+
end
|
44
|
+
|
45
|
+
if attr_path.nil?
|
46
|
+
show_usage
|
47
|
+
ui.fatal('You must specify an encrypted attribute name')
|
48
|
+
exit 1
|
49
|
+
end
|
50
|
+
|
51
|
+
attr_ary = attribute_path_to_ary(attr_path)
|
52
|
+
|
53
|
+
# check if the encrypted attribute already exists
|
54
|
+
if Chef::EncryptedAttribute.exists_on_node?(node_name, attr_ary)
|
55
|
+
ui.fatal('Encrypted attribute already exists')
|
56
|
+
exit 1
|
57
|
+
end
|
58
|
+
|
59
|
+
# create encrypted attribute
|
60
|
+
output = edit_data(nil, config[:input_format])
|
61
|
+
enc_attr = Chef::EncryptedAttribute.new(Chef::Config[:knife][:encrypted_attributes])
|
62
|
+
enc_attr.create_on_node(node_name, attr_ary, output)
|
63
|
+
end
|
64
|
+
|
65
|
+
end
|
66
|
+
end
|
67
|
+
end
|
@@ -0,0 +1,71 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Xabier de Zuazo (<xabier@onddo.com>)
|
3
|
+
# Copyright:: Copyright (c) 2014 Onddo Labs, SL. (www.onddo.com)
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
#
|
18
|
+
|
19
|
+
require 'chef/knife'
|
20
|
+
require 'chef/knife/encrypted_attribute_show'
|
21
|
+
require 'chef/encrypted_attribute/remote_node'
|
22
|
+
|
23
|
+
class Chef
|
24
|
+
class Knife
|
25
|
+
class EncryptedAttributeDelete < EncryptedAttributeShow
|
26
|
+
|
27
|
+
deps do
|
28
|
+
require 'chef/encrypted_attribute'
|
29
|
+
require 'chef/json_compat'
|
30
|
+
end
|
31
|
+
|
32
|
+
banner 'knife encrypted attribute delete NODE ATTRIBUTE (options)'
|
33
|
+
|
34
|
+
option :force,
|
35
|
+
:short => '-f',
|
36
|
+
:long => '--force',
|
37
|
+
:description => 'Force the attribute deletion even if you cannot read it',
|
38
|
+
:boolean => true
|
39
|
+
|
40
|
+
def run
|
41
|
+
node_name = @name_args[0]
|
42
|
+
attr_path = @name_args[1]
|
43
|
+
|
44
|
+
if node_name.nil?
|
45
|
+
show_usage
|
46
|
+
ui.fatal('You must specify a node name')
|
47
|
+
exit 1
|
48
|
+
end
|
49
|
+
|
50
|
+
if attr_path.nil?
|
51
|
+
show_usage
|
52
|
+
ui.fatal('You must specify an encrypted attribute name')
|
53
|
+
exit 1
|
54
|
+
end
|
55
|
+
|
56
|
+
attr_ary = attribute_path_to_ary(attr_path)
|
57
|
+
if Chef::EncryptedAttribute.exists_on_node?(node_name, attr_ary)
|
58
|
+
# TODO move this to lib/EncryptedAttribute
|
59
|
+
unless config[:force] # try to read the attribute
|
60
|
+
Chef::EncryptedAttribute.load_from_node(node_name, attr_ary)
|
61
|
+
end
|
62
|
+
remote_node = Chef::EncryptedAttribute::RemoteNode.new(node_name)
|
63
|
+
if remote_node.delete_attribute(attr_ary)
|
64
|
+
ui.info('Encrypted attribute deleted.')
|
65
|
+
end
|
66
|
+
end
|
67
|
+
end
|
68
|
+
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end
|
@@ -0,0 +1,68 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Xabier de Zuazo (<xabier@onddo.com>)
|
3
|
+
# Copyright:: Copyright (c) 2014 Onddo Labs, SL. (www.onddo.com)
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
#
|
18
|
+
|
19
|
+
require 'chef/knife/encrypted_attribute_show'
|
20
|
+
require 'chef/knife/core/encrypted_attribute_editor_options'
|
21
|
+
|
22
|
+
class Chef
|
23
|
+
class Knife
|
24
|
+
class EncryptedAttributeEdit < EncryptedAttributeShow
|
25
|
+
|
26
|
+
include Knife::Core::EncryptedAttributeEditorOptions
|
27
|
+
|
28
|
+
option :input_format,
|
29
|
+
:short => '-i FORMAT',
|
30
|
+
:long => '--input-format FORMAT',
|
31
|
+
:description => 'Input (EDITOR) format, supported formats are "plain" (default) and "json"'
|
32
|
+
|
33
|
+
banner 'knife encrypted attribute edit NODE ATTRIBUTE (options)'
|
34
|
+
|
35
|
+
def run
|
36
|
+
node_name = @name_args[0]
|
37
|
+
attr_path = @name_args[1]
|
38
|
+
|
39
|
+
if node_name.nil?
|
40
|
+
show_usage
|
41
|
+
ui.fatal('You must specify a node name')
|
42
|
+
exit 1
|
43
|
+
end
|
44
|
+
|
45
|
+
if attr_path.nil?
|
46
|
+
show_usage
|
47
|
+
ui.fatal('You must specify an encrypted attribute name')
|
48
|
+
exit 1
|
49
|
+
end
|
50
|
+
|
51
|
+
attr_ary = attribute_path_to_ary(attr_path)
|
52
|
+
|
53
|
+
# check if the encrypted attribute already exists
|
54
|
+
unless Chef::EncryptedAttribute.exists_on_node?(node_name, attr_ary)
|
55
|
+
ui.fatal('Encrypted attribute not found')
|
56
|
+
exit 1
|
57
|
+
end
|
58
|
+
|
59
|
+
# edit encrypted attribute
|
60
|
+
enc_attr = Chef::EncryptedAttribute.new(Chef::Config[:knife][:encrypted_attributes])
|
61
|
+
input = enc_attr.load_from_node(node_name, attr_ary)
|
62
|
+
output = edit_data(input, config[:input_format])
|
63
|
+
enc_attr.create_on_node(node_name, attr_ary, output)
|
64
|
+
end
|
65
|
+
|
66
|
+
end
|
67
|
+
end
|
68
|
+
end
|
@@ -0,0 +1,86 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Xabier de Zuazo (<xabier@onddo.com>)
|
3
|
+
# Copyright:: Copyright (c) 2014 Onddo Labs, SL. (www.onddo.com)
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
#
|
18
|
+
|
19
|
+
require 'chef/knife'
|
20
|
+
|
21
|
+
class Chef
|
22
|
+
class Knife
|
23
|
+
class EncryptedAttributeShow < Knife
|
24
|
+
|
25
|
+
deps do
|
26
|
+
require 'chef/encrypted_attribute'
|
27
|
+
require 'chef/json_compat'
|
28
|
+
end
|
29
|
+
|
30
|
+
banner 'knife encrypted attribute show NODE ATTRIBUTE (options)'
|
31
|
+
|
32
|
+
def run
|
33
|
+
node_name = @name_args[0]
|
34
|
+
attr_path = @name_args[1]
|
35
|
+
|
36
|
+
if node_name.nil?
|
37
|
+
show_usage
|
38
|
+
ui.fatal('You must specify a node name')
|
39
|
+
exit 1
|
40
|
+
end
|
41
|
+
|
42
|
+
if attr_path.nil?
|
43
|
+
show_usage
|
44
|
+
ui.fatal('You must specify an encrypted attribute name')
|
45
|
+
exit 1
|
46
|
+
end
|
47
|
+
|
48
|
+
attr_ary = attribute_path_to_ary(attr_path)
|
49
|
+
|
50
|
+
unless Chef::EncryptedAttribute.exists_on_node?(node_name, attr_ary)
|
51
|
+
ui.fatal('Encrypted attribute not found')
|
52
|
+
exit 1
|
53
|
+
end
|
54
|
+
|
55
|
+
enc_attr = Chef::EncryptedAttribute.load_from_node(node_name, attr_ary)
|
56
|
+
output(enc_attr)
|
57
|
+
end
|
58
|
+
|
59
|
+
def attribute_path_to_ary(str, delim='.', escape='\\')
|
60
|
+
# return str.scan(/(?:[^.\\]|\\.)+/).map {|x| x.gsub('\\.', '.') } # cool, but doesn't work for some edge cases
|
61
|
+
result = []
|
62
|
+
current = ''
|
63
|
+
i = 0
|
64
|
+
while ! str[i].nil?
|
65
|
+
if str[i] == escape
|
66
|
+
if str[i+1] == delim
|
67
|
+
current << str[i+1]
|
68
|
+
else
|
69
|
+
current << str[i]
|
70
|
+
current << str[i+1] unless str[i+1].nil?
|
71
|
+
end
|
72
|
+
i += 1 # skip the next char
|
73
|
+
elsif str[i] == delim
|
74
|
+
result << current
|
75
|
+
current = ''
|
76
|
+
else
|
77
|
+
current << str[i]
|
78
|
+
end
|
79
|
+
i += 1
|
80
|
+
end
|
81
|
+
result << current
|
82
|
+
end
|
83
|
+
|
84
|
+
end
|
85
|
+
end
|
86
|
+
end
|
@@ -0,0 +1,65 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Xabier de Zuazo (<xabier@onddo.com>)
|
3
|
+
# Copyright:: Copyright (c) 2014 Onddo Labs, SL. (www.onddo.com)
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
#
|
18
|
+
|
19
|
+
require 'chef/knife/encrypted_attribute_show'
|
20
|
+
require 'chef/knife/core/encrypted_attribute_editor_options'
|
21
|
+
|
22
|
+
class Chef
|
23
|
+
class Knife
|
24
|
+
class EncryptedAttributeUpdate < EncryptedAttributeShow
|
25
|
+
|
26
|
+
include Knife::Core::EncryptedAttributeEditorOptions
|
27
|
+
|
28
|
+
banner 'knife encrypted attribute update NODE ATTRIBUTE (options)'
|
29
|
+
|
30
|
+
def run
|
31
|
+
node_name = @name_args[0]
|
32
|
+
attr_path = @name_args[1]
|
33
|
+
|
34
|
+
if node_name.nil?
|
35
|
+
show_usage
|
36
|
+
ui.fatal('You must specify a node name')
|
37
|
+
exit 1
|
38
|
+
end
|
39
|
+
|
40
|
+
if attr_path.nil?
|
41
|
+
show_usage
|
42
|
+
ui.fatal('You must specify an encrypted attribute name')
|
43
|
+
exit 1
|
44
|
+
end
|
45
|
+
|
46
|
+
attr_ary = attribute_path_to_ary(attr_path)
|
47
|
+
|
48
|
+
# check if the encrypted attribute already exists
|
49
|
+
unless Chef::EncryptedAttribute.exists_on_node?(node_name, attr_ary)
|
50
|
+
ui.fatal('Encrypted attribute not found')
|
51
|
+
exit 1
|
52
|
+
end
|
53
|
+
|
54
|
+
# update encrypted attribute
|
55
|
+
enc_attr = Chef::EncryptedAttribute.new(Chef::Config[:knife][:encrypted_attributes])
|
56
|
+
if enc_attr.update_on_node(node_name, attr_ary)
|
57
|
+
ui.info('Encrypted attribute updated.')
|
58
|
+
else
|
59
|
+
ui.info('Encrypted attribute does not need updating.')
|
60
|
+
end
|
61
|
+
end
|
62
|
+
|
63
|
+
end
|
64
|
+
end
|
65
|
+
end
|
@@ -0,0 +1,32 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Xabier de Zuazo (<xabier@onddo.com>)
|
3
|
+
# Copyright:: Copyright (c) 2014 Onddo Labs, SL. (www.onddo.com)
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
#
|
18
|
+
|
19
|
+
require 'rspec/autorun'
|
20
|
+
require 'chef_zero/rspec'
|
21
|
+
require 'chef_encrypted_attributes'
|
22
|
+
|
23
|
+
require 'support/silent_formatter'
|
24
|
+
RSpec.configure do |config|
|
25
|
+
config.reset
|
26
|
+
config.formatter = 'SilentFormatter'
|
27
|
+
end
|
28
|
+
|
29
|
+
require 'support/benchmark_helpers'
|
30
|
+
include BenchmarkHelpers
|
31
|
+
require 'support/benchmark_helpers/encrypted_attribute'
|
32
|
+
include BenchmarkHelpers::EncryptedAttribute
|
@@ -0,0 +1,20 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Xabier de Zuazo (<xabier@onddo.com>)
|
3
|
+
# Copyright:: Copyright (c) 2014 Onddo Labs, SL. (www.onddo.com)
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
#
|
18
|
+
|
19
|
+
require 'spec_helper'
|
20
|
+
require 'chef_zero/rspec'
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,38 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Xabier de Zuazo (<xabier@onddo.com>)
|
3
|
+
# Copyright:: Copyright (c) 2014 Onddo Labs, SL. (www.onddo.com)
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
#
|
18
|
+
|
19
|
+
require 'simplecov'
|
20
|
+
if ENV['TRAVIS'] and RUBY_VERSION >= '1.9.3'
|
21
|
+
require 'coveralls'
|
22
|
+
SimpleCov.formatter = Coveralls::SimpleCov::Formatter
|
23
|
+
end
|
24
|
+
SimpleCov.start do
|
25
|
+
add_filter '/spec/'
|
26
|
+
end
|
27
|
+
|
28
|
+
require 'chef-encrypted-attributes'
|
29
|
+
require 'chef/exceptions'
|
30
|
+
|
31
|
+
require 'rspec/autorun'
|
32
|
+
|
33
|
+
RSpec.configure do |config|
|
34
|
+
config.order = 'random'
|
35
|
+
|
36
|
+
config.color_enabled = true
|
37
|
+
config.tty = true
|
38
|
+
end
|