chef-encrypted-attributes 0.1.0

data/lib/chef/knife/encrypted_attribute_create.rb

@@ -0,0 +1,67 @@
+#
+# Author:: Xabier de Zuazo (<xabier@onddo.com>)
+# Copyright:: Copyright (c) 2014 Onddo Labs, SL. (www.onddo.com)
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/knife/encrypted_attribute_show'
+require 'chef/knife/core/encrypted_attribute_editor_options'
+
+class Chef
+  class Knife
+    class EncryptedAttributeCreate < EncryptedAttributeShow
+
+      include Knife::Core::EncryptedAttributeEditorOptions
+
+      option :input_format,
+        :short => '-i FORMAT',
+        :long => '--input-format FORMAT',
+        :description => 'Input (EDITOR) format, supported formats are "plain" (default) and "json"'
+
+      banner 'knife encrypted attribute create NODE ATTRIBUTE (options)'
+
+      def run
+        node_name = @name_args[0]
+        attr_path = @name_args[1]
+
+        if node_name.nil?
+          show_usage
+          ui.fatal('You must specify a node name')
+          exit 1
+        end
+
+        if attr_path.nil?
+          show_usage
+          ui.fatal('You must specify an encrypted attribute name')
+          exit 1
+        end
+
+        attr_ary = attribute_path_to_ary(attr_path)
+
+        # check if the encrypted attribute already exists
+        if Chef::EncryptedAttribute.exists_on_node?(node_name, attr_ary)
+          ui.fatal('Encrypted attribute already exists')
+          exit 1
+        end
+
+        # create encrypted attribute
+        output = edit_data(nil, config[:input_format])
+        enc_attr = Chef::EncryptedAttribute.new(Chef::Config[:knife][:encrypted_attributes])
+        enc_attr.create_on_node(node_name, attr_ary, output)
+      end
+
+    end
+  end
+end

data/lib/chef/knife/encrypted_attribute_delete.rb

@@ -0,0 +1,71 @@
+#
+# Author:: Xabier de Zuazo (<xabier@onddo.com>)
+# Copyright:: Copyright (c) 2014 Onddo Labs, SL. (www.onddo.com)
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/knife'
+require 'chef/knife/encrypted_attribute_show'
+require 'chef/encrypted_attribute/remote_node'
+
+class Chef
+  class Knife
+    class EncryptedAttributeDelete < EncryptedAttributeShow
+
+      deps do
+        require 'chef/encrypted_attribute'
+        require 'chef/json_compat'
+      end
+
+      banner 'knife encrypted attribute delete NODE ATTRIBUTE (options)'
+
+      option :force,
+        :short => '-f',
+        :long => '--force',
+        :description => 'Force the attribute deletion even if you cannot read it',
+        :boolean => true
+
+      def run
+        node_name = @name_args[0]
+        attr_path = @name_args[1]
+
+        if node_name.nil?
+          show_usage
+          ui.fatal('You must specify a node name')
+          exit 1
+        end
+
+        if attr_path.nil?
+          show_usage
+          ui.fatal('You must specify an encrypted attribute name')
+          exit 1
+        end
+
+        attr_ary = attribute_path_to_ary(attr_path)
+        if Chef::EncryptedAttribute.exists_on_node?(node_name, attr_ary)
+          # TODO move this to lib/EncryptedAttribute
+          unless config[:force] # try to read the attribute
+            Chef::EncryptedAttribute.load_from_node(node_name, attr_ary)
+          end
+          remote_node = Chef::EncryptedAttribute::RemoteNode.new(node_name)
+          if remote_node.delete_attribute(attr_ary)
+            ui.info('Encrypted attribute deleted.')
+          end
+        end
+      end
+
+    end
+  end
+end

data/lib/chef/knife/encrypted_attribute_edit.rb

@@ -0,0 +1,68 @@
+#
+# Author:: Xabier de Zuazo (<xabier@onddo.com>)
+# Copyright:: Copyright (c) 2014 Onddo Labs, SL. (www.onddo.com)
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/knife/encrypted_attribute_show'
+require 'chef/knife/core/encrypted_attribute_editor_options'
+
+class Chef
+  class Knife
+    class EncryptedAttributeEdit < EncryptedAttributeShow
+
+      include Knife::Core::EncryptedAttributeEditorOptions
+
+      option :input_format,
+        :short => '-i FORMAT',
+        :long => '--input-format FORMAT',
+        :description => 'Input (EDITOR) format, supported formats are "plain" (default) and "json"'
+
+      banner 'knife encrypted attribute edit NODE ATTRIBUTE (options)'
+
+      def run
+        node_name = @name_args[0]
+        attr_path = @name_args[1]
+
+        if node_name.nil?
+          show_usage
+          ui.fatal('You must specify a node name')
+          exit 1
+        end
+
+        if attr_path.nil?
+          show_usage
+          ui.fatal('You must specify an encrypted attribute name')
+          exit 1
+        end
+
+        attr_ary = attribute_path_to_ary(attr_path)
+
+        # check if the encrypted attribute already exists
+        unless Chef::EncryptedAttribute.exists_on_node?(node_name, attr_ary)
+          ui.fatal('Encrypted attribute not found')
+          exit 1
+        end
+
+        # edit encrypted attribute
+        enc_attr = Chef::EncryptedAttribute.new(Chef::Config[:knife][:encrypted_attributes])
+        input = enc_attr.load_from_node(node_name, attr_ary)
+        output = edit_data(input, config[:input_format])
+        enc_attr.create_on_node(node_name, attr_ary, output)
+      end
+
+    end
+  end
+end

data/lib/chef/knife/encrypted_attribute_show.rb

@@ -0,0 +1,86 @@
+#
+# Author:: Xabier de Zuazo (<xabier@onddo.com>)
+# Copyright:: Copyright (c) 2014 Onddo Labs, SL. (www.onddo.com)
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/knife'
+
+class Chef
+  class Knife
+    class EncryptedAttributeShow < Knife
+
+      deps do
+        require 'chef/encrypted_attribute'
+        require 'chef/json_compat'
+      end
+
+      banner 'knife encrypted attribute show NODE ATTRIBUTE (options)'
+
+      def run
+        node_name = @name_args[0]
+        attr_path = @name_args[1]
+
+        if node_name.nil?
+          show_usage
+          ui.fatal('You must specify a node name')
+          exit 1
+        end
+
+        if attr_path.nil?
+          show_usage
+          ui.fatal('You must specify an encrypted attribute name')
+          exit 1
+        end
+
+        attr_ary = attribute_path_to_ary(attr_path)
+
+        unless Chef::EncryptedAttribute.exists_on_node?(node_name, attr_ary)
+          ui.fatal('Encrypted attribute not found')
+          exit 1
+        end
+
+        enc_attr = Chef::EncryptedAttribute.load_from_node(node_name, attr_ary)
+        output(enc_attr)
+      end
+
+      def attribute_path_to_ary(str, delim='.', escape='\\')
+        # return str.scan(/(?:[^.\\]|\\.)+/).map {|x| x.gsub('\\.', '.') } # cool, but doesn't work for some edge cases
+        result = []
+        current = ''
+        i = 0
+        while ! str[i].nil?
+          if str[i] == escape
+            if str[i+1] == delim
+              current << str[i+1]
+            else
+              current << str[i]
+              current << str[i+1] unless str[i+1].nil?
+            end
+            i += 1 # skip the next char
+          elsif str[i] == delim
+            result << current
+            current = ''
+          else
+            current << str[i]
+          end
+          i += 1
+        end
+        result << current
+      end
+
+    end
+  end
+end

data/lib/chef/knife/encrypted_attribute_update.rb

@@ -0,0 +1,65 @@
+#
+# Author:: Xabier de Zuazo (<xabier@onddo.com>)
+# Copyright:: Copyright (c) 2014 Onddo Labs, SL. (www.onddo.com)
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/knife/encrypted_attribute_show'
+require 'chef/knife/core/encrypted_attribute_editor_options'
+
+class Chef
+  class Knife
+    class EncryptedAttributeUpdate < EncryptedAttributeShow
+
+      include Knife::Core::EncryptedAttributeEditorOptions
+
+      banner 'knife encrypted attribute update NODE ATTRIBUTE (options)'
+
+      def run
+        node_name = @name_args[0]
+        attr_path = @name_args[1]
+
+        if node_name.nil?
+          show_usage
+          ui.fatal('You must specify a node name')
+          exit 1
+        end
+
+        if attr_path.nil?
+          show_usage
+          ui.fatal('You must specify an encrypted attribute name')
+          exit 1
+        end
+
+        attr_ary = attribute_path_to_ary(attr_path)
+
+        # check if the encrypted attribute already exists
+        unless Chef::EncryptedAttribute.exists_on_node?(node_name, attr_ary)
+          ui.fatal('Encrypted attribute not found')
+          exit 1
+        end
+
+        # update encrypted attribute
+        enc_attr = Chef::EncryptedAttribute.new(Chef::Config[:knife][:encrypted_attributes])
+        if enc_attr.update_on_node(node_name, attr_ary)
+          ui.info('Encrypted attribute updated.')
+        else
+          ui.info('Encrypted attribute does not need updating.')
+        end
+      end
+
+    end
+  end
+end

data/spec/benchmark_helper.rb

@@ -0,0 +1,32 @@
+#
+# Author:: Xabier de Zuazo (<xabier@onddo.com>)
+# Copyright:: Copyright (c) 2014 Onddo Labs, SL. (www.onddo.com)
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'rspec/autorun'
+require 'chef_zero/rspec'
+require 'chef_encrypted_attributes'
+
+require 'support/silent_formatter'
+RSpec.configure do |config|
+  config.reset
+  config.formatter = 'SilentFormatter'
+end
+
+require 'support/benchmark_helpers'
+include BenchmarkHelpers
+require 'support/benchmark_helpers/encrypted_attribute'
+include BenchmarkHelpers::EncryptedAttribute

data/spec/integration_helper.rb

@@ -0,0 +1,20 @@
+#
+# Author:: Xabier de Zuazo (<xabier@onddo.com>)
+# Copyright:: Copyright (c) 2014 Onddo Labs, SL. (www.onddo.com)
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'spec_helper'
+require 'chef_zero/rspec'

data/spec/spec_helper.rb

@@ -0,0 +1,38 @@
+#
+# Author:: Xabier de Zuazo (<xabier@onddo.com>)
+# Copyright:: Copyright (c) 2014 Onddo Labs, SL. (www.onddo.com)
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'simplecov'
+if ENV['TRAVIS'] and RUBY_VERSION >= '1.9.3'
+  require 'coveralls'
+  SimpleCov.formatter = Coveralls::SimpleCov::Formatter
+end
+SimpleCov.start do
+  add_filter '/spec/'
+end
+
+require 'chef-encrypted-attributes'
+require 'chef/exceptions'
+
+require 'rspec/autorun'
+
+RSpec.configure do |config|
+  config.order = 'random'
+
+  config.color_enabled = true
+  config.tty = true
+end