chef-encrypted-attributes 0.3.0 → 0.4.0

data/Rakefile

@@ -1,5 +1,8 @@
-#!/usr/bin/env rake
-# encoding: utf-8
+# encoding: UTF-8
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# More info at https://github.com/jimweirich/rake/blob/master/doc/rakefile.rdoc
 
 #
 # Author:: Xabier de Zuazo (<xabier@onddo.com>)
@@ -24,23 +27,33 @@ Bundler::GemHelper.install_tasks
 
 require 'rake/testtask'
 
+desc 'Run RuboCop style checks'
+task :rubocop do
+  require 'rubocop/rake_task'
+  RuboCop::RakeTask.new
+end
+
+desc 'Run all style checks'
+task style: %w(rubocop)
+
 {
-  :test => '{unit,integration}',
-  :unit => 'unit',
-  :integration => 'integration',
-  :benchmark => 'benchmark',
+  test: '{unit,integration}',
+  unit: 'unit',
+  integration: 'integration',
+  benchmark: 'benchmark'
 }.each do |test, dir|
-  Rake::TestTask.new(test) do |test|
-    test.libs << 'lib' << 'spec'
-    test.pattern = "spec/#{dir}/**/*.rb"
-    test.verbose = true
+  Rake::TestTask.new(test) do |t|
+    t.libs << 'lib' << 'spec'
+    t.pattern = "spec/#{dir}/**/*.rb"
+    t.verbose = true
   end
 end
 
 if RUBY_VERSION < '1.9.3'
-  # integration tests are broken in 1.9.2 due to a chef-zero bug
-  # https://github.com/opscode/chef-zero/issues/65
-  task :default => :unit
+  # Integration tests are broken in 1.9.2 due to a chef-zero bug:
+  #   https://github.com/opscode/chef-zero/issues/65
+  # RuboCop require Ruby 1.9.3.
+  task default: %w(unit)
 else
-  task :default => :test
+  task default: %w(style test)
 end

data/TESTING.md

@@ -1,22 +1,33 @@
 # Testing
 
+## Installing the Requirements
+
+You can install gem dependencies with bundler:
+
+    $ gem install bundler
+    $ bundler install
+
 ## All the Tests
 
-    $ rake test
+    $ bundle exec rake test
+
+## Running the Syntax Style Tests
+
+    $ bundle exec rake style
 
-## Unit Tests
+## Running the Unit Tests
 
-    $ rake unit
+    $ bundle exec rake unit
 
-## Integration Tests
+## Running the Integration Tests
 
-    $ rake integration
+    $ bundle exec rake integration
 
-## Benchmarks
+## Running the Benchmarks
 
 You can run some simple benchmarks, not at all realistic:
 
-    $ rspec spec/benchmark/*
+    $ bundle exec rspec spec/benchmark/*
                                                                  user     system      total        real
     Local EncryptedAttribute read (v=0)                  0.410000   0.000000   0.410000 (  0.417956)
     Local EncryptedAttribute read (v=1)                  0.390000   0.010000   0.400000 (  0.398934)

data/TODO.md

@@ -1,20 +1,17 @@
 TODO
 ====
 
+* Fix all RuboCop offenses.
 * knife encrypted attribute create/edit from file.
 * Save config inside encrypted data: `:client_search`, `:node_search` and `:keys` (including user keys).
 * Chef internal node attribute integration monkey-patch. It may require some `EncryptedMash` class rewrite or adding some methods.
 * Support for Chef `< 11.4` (add `JSONCompat#map_to_rb_obj`, disable `Chef::User` for `< 11.2`, ...).
-* Test with Chef `10`.
-* Add Ruby `1.8` support?
-* Document the Ruby code.
 * Add more info/debug prints.
 * Space-optimized `EncryptedMash::Version3` class.
 * Tests: Add test helper functions (key generation, ApiClients including priv keys, Node creation...).
 * Tests: Add more tests for `EncryptedMash::Version1` and `EncryptedMash::Version2`.
 * Tests: Add unit tests for `EncryptedAttribute`.
 * Tests: Add unit tests for all knife commands.
-* Tests: Tests `raise_error` always include regex.
-* Tests: Review and clean some tests.
+* Tests: `raise_error` tests always include regex.
 * Add `chef-vault` to benchmarks.
 * Signed attributes?

data/lib/chef-encrypted-attributes.rb

@@ -1,3 +1,4 @@
+# encoding: UTF-8
 #
 # Author:: Xabier de Zuazo (<xabier@onddo.com>)
 # Copyright:: Copyright (c) 2014 Onddo Labs, SL. (www.onddo.com)
@@ -16,4 +17,9 @@
 # limitations under the License.
 #
 
-require 'chef/encrypted_attribute'
+warn(
+  '[DEPRECATION] The required "chef-encrypted-attributes" file has been moved '\
+  'to "chef/encrypted_attributes" and will be removed in a future release. '\
+  'Please switch to "chef/encrypted_attributes" as soon as possible.'
+)
+require 'chef/encrypted_attributes'

data/lib/chef/encrypted_attribute.rb

@@ -1,3 +1,4 @@
+# encoding: UTF-8
 #
 # Author:: Xabier de Zuazo (<xabier@onddo.com>)
 # Copyright:: Copyright (c) 2014 Onddo Labs, SL. (www.onddo.com)
@@ -21,6 +22,7 @@ require 'chef/encrypted_attribute/encrypted_mash'
 require 'chef/config'
 require 'chef/mash'
 
+require 'chef/encrypted_attribute/api'
 require 'chef/encrypted_attribute/local_node'
 require 'chef/encrypted_attribute/remote_node'
 require 'chef/encrypted_attribute/remote_nodes'
@@ -30,60 +32,227 @@ require 'chef/encrypted_attribute/encrypted_mash/version0'
 require 'chef/encrypted_attribute/encrypted_mash/version1'
 require 'chef/encrypted_attribute/encrypted_mash/version2'
 
-Chef::Config[:encrypted_attributes] = Mash.new unless Chef::Config[:encrypted_attributes].kind_of?(Hash)
+unless Chef::Config[:encrypted_attributes].is_a?(Hash)
+  Chef::Config[:encrypted_attributes] = Mash.new
+end
 
 class Chef
+  # Main EncryptedAttribute class.
+  #
+  # This class contains both static and instance level public methods.
+  # Internally, all work with {EncryptedMash} object instances.
+  #
+  # # Class Methods
+  #
+  # The *class methods* (or static methods) are normally used **from Chef
+  # cookbooks**.
+  #
+  # The attributes create with the class methods are encrypted **only for the
+  # local node** by default.
+  #
+  # The static `*_on_node` methods can be used, although they have not been
+  # designed for this purpose (have not been tested).
+  #
+  # They are # documented in the {Chef::EncryptedAttribute::API} class.
+  #
+  # # Instance Methods
+  #
+  # The *instance methods* are normally used **by other libraries or gems**. For
+  # example, the knife extensions included in this gem uses these methods.
+  #
+  # The instance methods will grant encrypted attribute access **only to the
+  # remote node** by default.
+  #
+  # Usually only the `*_from_node/*_on_node` instance methods will be used.
+  #
+  # @see EncryptedAttribute::API
   class EncryptedAttribute
+    # Include the *class methods* for the recipe API.
+    extend Chef::EncryptedAttribute::API
 
-    def initialize(c=nil)
+    # Chef::EncryptedAttribute constructor.
+    #
+    # @param c [Config, Hash] configuration to use.
+    def initialize(c = nil)
       config(c)
     end
 
-    def config(arg=nil)
-      @config ||= EncryptedAttribute::Config.new(Chef::Config[:encrypted_attributes])
+    # Sets or gets the encrypted attribute configuration.
+    #
+    # Reads the default configuration from
+    # `Chef::Config[:encrypted_attributes]`.
+    #
+    # When setting using a {Chef::EncryptedAttribute::Config} class, all the
+    # configuration options will be replaced.
+    #
+    # When setting using a _Hash_, only the provided keys will be replaced.
+    #
+    # @param arg [Config, Hash] the configuration to set.
+    # @return [Config] the read or set configuration object.
+    def config(arg = nil)
+      @config ||= EncryptedAttribute::Config.new(
+        Chef::Config[:encrypted_attributes]
+      )
       @config.update!(arg) unless arg.nil?
       @config
     end
 
-    # Decrypts an encrypted attribute from a (encrypted) Hash
-    def load(enc_hs, key=nil)
+    # Decrypts an encrypted attribute from a local node attribute.
+    #
+    # @param enc_hs [Mash] the encrypted hash as read from the node attributes.
+    # @param key [String, OpenSSL::PKey::RSA] private key to use in the
+    #   decryption process, uses the local node key by default.
+    # @return [Hash, Array, String, ...] decrypted attribute value.
+    # @raise [UnacceptableEncryptedAttributeFormat] if encrypted attribute
+    #   format is wrong.
+    # @raise [UnsupportedEncryptedAttributeFormat] if encrypted attribute
+    #   format is not supported or unknown.
+    def load(enc_hs, key = nil)
       enc_attr = EncryptedMash.json_create(enc_hs)
       decrypted = enc_attr.decrypt(key || local_key)
-      decrypted['content'] # TODO check this Hash
+      decrypted['content'] # TODO: check this Hash
     end
 
-    # Decrypts a encrypted attribute from a remote node
-    def load_from_node(name, attr_ary, key=nil)
+    # Decrypts a encrypted attribute from a remote node.
+    #
+    # @param name [String] node name.
+    # @param attr_ary [Array<String>] node attribute path as Array.
+    # @param key [String, OpenSSL::PKey::RSA] private key to use in the
+    #   decryption process, uses the local key by default.
+    # @return [Hash, Array, String, ...] decrypted attribute value.
+    # @raise [ArgumentError] if the attribute path format is wrong.
+    # @raise [UnacceptableEncryptedAttributeFormat] if encrypted attribute
+    #   format is wrong.
+    # @raise [UnsupportedEncryptedAttributeFormat] if encrypted attribute
+    #   format is not supported or unknown.
+    # @raise [SearchFailure] if there is a Chef search error.
+    # @raise [SearchFatalError] if the Chef search response is wrong.
+    # @raise [InvalidSearchKeys] if search keys structure is wrong.
+    def load_from_node(name, attr_ary, key = nil)
       remote_node = RemoteNode.new(name)
-      self.load(remote_node.load_attribute(attr_ary, config.partial_search), key)
+      load(remote_node.load_attribute(attr_ary, config.partial_search), key)
     end
 
-    # Creates an encrypted attribute from a Hash
-    def create(value, keys=nil)
+    # Creates an encrypted attribute from a Hash.
+    #
+    # Only the **keys passed as parameter and the configured keys** will be able
+    # to decrypt the attribute, so beware of including your local key if you
+    # need to decrypt it in the future.
+    #
+    # @param value [Hash, Array, String, Fixnum, ...] the value to encrypt in
+    #   clear.
+    # @param keys [String, OpenSSL::PKey::RSA] public keys that will be able to
+    #   decrypt the attribute.
+    # @raise [ArgumentError] if user list is wrong.
+    # @return [EncryptedMash] encrypted attribute value. This is usually what is
+    #   saved in the node attributes.
+    # @raise [UnacceptableEncryptedAttributeFormat] if encrypted attribute
+    #   format is wrong or does not exist.
+    # @raise [UnsupportedEncryptedAttributeFormat] if encrypted attribute
+    #   format is not supported or unknown.
+    # @raise [EncryptionFailure] if there are encryption errors.
+    # @raise [MessageAuthenticationFailure] if HMAC calculation error.
+    # @raise [InvalidPublicKey] if it is not a valid RSA public key.
+    # @raise [InvalidKey] if the RSA key format is wrong.
+    # @raise [InsufficientPrivileges] if you lack enough privileges to read
+    #   the keys from the Chef Server.
+    # @raise [ClientNotFound] if client does not exist.
+    # @raise [Net::HTTPServerException] for Chef Server HTTP errors.
+    # @raise [RequirementsFailure] if the specified encrypted attribute
+    #   version cannot be used.
+    # @raise [SearchFailure] if there is a Chef search error.
+    # @raise [SearchFatalError] if the Chef search response is wrong.
+    # @raise [InvalidSearchKeys] if search keys structure is wrong.
+    def create(value, keys = nil)
       decrypted = { 'content' => value }
 
       enc_attr = EncryptedMash.create(config.version)
       enc_attr.encrypt(decrypted, target_keys(keys))
     end
 
+    # Creates an encrypted attribute on a remote node.
+    #
+    # The remote node will always be able to decrypt it. The local node will
+    # not be able to decrypt it by default, you must remember to include the key
+    # in the configuration.
+    #
+    # @param name [String] node name.
+    # @param attr_ary [Array<String>] node attribute path as Array.
+    # @param value [Hash, Array, String, Fixnum, ...] the value to encrypt.
+    # @return [EncryptedMash] encrypted attribute value.
+    # @raise [ArgumentError] if the attribute path format or the user list is
+    #   wrong.
+    # @raise [UnacceptableEncryptedAttributeFormat] if encrypted attribute
+    #   format is wrong or does not exist.
+    # @raise [UnsupportedEncryptedAttributeFormat] if encrypted attribute
+    #   format is not supported or unknown.
+    # @raise [EncryptionFailure] if there are encryption errors.
+    # @raise [MessageAuthenticationFailure] if HMAC calculation error.
+    # @raise [InvalidPublicKey] if it is not a valid RSA public key.
+    # @raise [InvalidKey] if the RSA key format is wrong.
+    # @raise [InsufficientPrivileges] if you lack enough privileges to read
+    #   the keys from the Chef Server.
+    # @raise [ClientNotFound] if client does not exist.
+    # @raise [Net::HTTPServerException] for Chef Server HTTP errors.
+    # @raise [RequirementsFailure] if the specified encrypted attribute
+    #   version cannot be used.
+    # @raise [SearchFailure] if there is a Chef search error.
+    # @raise [SearchFatalError] if the Chef search response is wrong.
+    # @raise [InvalidSearchKeys] if search keys structure is wrong.
     def create_on_node(name, attr_ary, value)
       # read the client public key
       node_public_key = RemoteClients.get_public_key(name)
 
       # create the encrypted attribute
-      enc_attr = self.create(value, [ node_public_key ])
+      enc_attr = create(value, [node_public_key])
 
       # save encrypted attribute
       remote_node = RemoteNode.new(name)
       remote_node.save_attribute(attr_ary, enc_attr)
     end
 
-    # Updates the keys for which the attribute is encrypted
-    def update(enc_hs, keys=nil)
+    # Updates the keys for which a local attribute is encrypted.
+    #
+    # In case new keys are added or some keys are removed, the attribute will
+    # be re-created again.
+    #
+    # Only the **keys passed as parameter and the configured keys** will be able
+    # to decrypt the attribute, so beware of including your local key if you
+    # need to decrypt it in the future.
+    #
+    # Uses the local key to decrypt the attribute, so the local key should be
+    # able to read the attribute. At least before updating.
+    #
+    # @param enc_hs [Mash] encrypted attribute. This parameter value will be
+    #   modified on updates.
+    # @param keys [Array<String, OpenSSL::PKey::RSA> public keys that should be
+    #   able to read the attribute.
+    # @return [Boolean] Returns `true` if the encrypted attribute (the *Mash*
+    #   parameter) has been updated.
+    # @raise [ArgumentError] if user list is wrong.
+    # @raise [UnacceptableEncryptedAttributeFormat] if encrypted attribute
+    #   format is wrong or does not exist.
+    # @raise [UnsupportedEncryptedAttributeFormat] if encrypted attribute
+    #   format is not supported or unknown.
+    # @raise [EncryptionFailure] if there are encryption errors.
+    # @raise [MessageAuthenticationFailure] if HMAC calculation error.
+    # @raise [InvalidPublicKey] if it is not a valid RSA public key.
+    # @raise [InvalidKey] if the RSA key format is wrong.
+    # @raise [InsufficientPrivileges] if you lack enough privileges to read
+    #   the keys from the Chef Server.
+    # @raise [ClientNotFound] if client does not exist.
+    # @raise [Net::HTTPServerException] for Chef Server HTTP errors.
+    # @raise [RequirementsFailure] if the specified encrypted attribute
+    #   version cannot be used.
+    # @raise [SearchFailure] if there is a Chef search error.
+    # @raise [SearchFatalError] if the Chef search response is wrong.
+    # @raise [InvalidSearchKeys] if search keys structure is wrong.
+    # @see #config
+    def update(enc_hs, keys = nil)
       old_enc_attr = EncryptedMash.json_create(enc_hs)
       if old_enc_attr.needs_update?(target_keys(keys))
         hs = old_enc_attr.decrypt(local_key)
-        new_enc_attr = create(hs['content'], keys) # TODO check this Hash
+        new_enc_attr = create(hs['content'], keys) # TODO: check this Hash
         enc_hs.replace(new_enc_attr)
         true
       else
@@ -91,6 +260,42 @@ class Chef
       end
     end
 
+    # Updates the keys for which a remote attribute is encrypted.
+    #
+    # In case new keys are added or some keys are removed, the attribute will
+    # be re-created again.
+    #
+    # Only the **remote node and the configured keys** will be able to decrypt
+    # the attribute, so beware of including your local key if you need to
+    # decrypt it in the future.
+    #
+    # Uses the local key to decrypt the attribute, so the local key should be
+    # able to read the attribute. At least before updating.
+    #
+    # @param name [String] node name.
+    # @param attr_ary [Array<String>] node attribute path as Array.
+    # @return [Boolean] Returns `true` if the remote encrypted attribute has
+    #   been updated.
+    # @raise [ArgumentError] if the attribute path format or the user list is
+    #   wrong.
+    # @raise [UnacceptableEncryptedAttributeFormat] if encrypted attribute
+    #   format is wrong or does not exist.
+    # @raise [UnsupportedEncryptedAttributeFormat] if encrypted attribute
+    #   format is not supported or unknown.
+    # @raise [EncryptionFailure] if there are encryption errors.
+    # @raise [MessageAuthenticationFailure] if HMAC calculation error.
+    # @raise [InvalidPublicKey] if it is not a valid RSA public key.
+    # @raise [InvalidKey] if the RSA key format is wrong.
+    # @raise [InsufficientPrivileges] if you lack enough privileges to read
+    #   the keys from the Chef Server.
+    # @raise [ClientNotFound] if client does not exist.
+    # @raise [Net::HTTPServerException] for Chef Server HTTP errors.
+    # @raise [RequirementsFailure] if the specified encrypted attribute
+    #   version cannot be used.
+    # @raise [SearchFailure] if there is a Chef search error.
+    # @raise [SearchFatalError] if the Chef search response is wrong.
+    # @raise [InvalidSearchKeys] if search keys structure is wrong.
+    # @see #config
     def update_on_node(name, attr_ary)
       # read the client public key
       node_public_key = RemoteClients.get_public_key(name)
@@ -98,11 +303,11 @@ class Chef
       # update the encrypted attribute
       remote_node = RemoteNode.new(name)
       enc_hs = remote_node.load_attribute(attr_ary, config.partial_search)
-      updated = update(enc_hs, [ node_public_key ])
+      updated = update(enc_hs, [node_public_key])
 
       # save encrypted attribute
       if updated
-        # TODO Node is accessed twice (here and RemoteNode#load_attribute above)
+        # TODO: Node is accessed twice (RemoteNode#load_attribute above)
         remote_node.save_attribute(attr_ary, enc_hs)
       end
       updated
@@ -110,124 +315,80 @@ class Chef
 
     protected
 
+    # Gets remote client public keys using the *client search* query included in
+    # the configuration.
+    #
+    # @return [Array<String>] list of client public keys.
+    # @raise [ClientNotFound] if client does not exist.
+    # @raise [Net::HTTPServerException] for Chef Server HTTP errors.
+    # @raise [SearchFailure] if there is a Chef search error.
+    # @raise [SearchFatalError] if the Chef search response is wrong.
+    # @raise [InvalidSearchKeys] if search keys structure is wrong.
+    # @see #config
     def remote_client_keys
-      RemoteClients.search_public_keys(config.client_search, config.partial_search)
+      RemoteClients.search_public_keys(
+        config.client_search, config.partial_search
+      )
     end
 
+    # Gets remote node public keys using the *node search* query included in the
+    # configuration.
+    #
+    # @return [Array<String>] list of node public keys.
+    # @raise [InsufficientPrivileges] if you lack enough privileges to read
+    #   the keys from the Chef Server.
+    # @raise [ClientNotFound] if client does not exist.
+    # @raise [Net::HTTPServerException] for Chef Server HTTP errors.
+    # @raise [SearchFailure] if there is a Chef search error.
+    # @raise [SearchFatalError] if the Chef search response is wrong.
+    # @raise [InvalidSearchKeys] if search keys structure is wrong.
+    # @see #config
     def remote_node_keys
       RemoteNodes.search_public_keys(config.node_search, config.partial_search)
     end
 
+    # Gets remote user keys using the configured user list.
+    #
+    # @return [Array<String>] list of user public keys.
+    # @raise [ArgumentError] if user list is wrong.
+    # @see #config
     def remote_user_keys
       RemoteUsers.get_public_keys(config.users)
     end
 
-    def target_keys(keys=nil)
-      target_keys = config.keys + remote_client_keys + remote_node_keys + remote_user_keys
-      target_keys += keys if keys.kind_of?(Array)
+    # Gets the public keys that should be able to read the attribute based on
+    # the configuration.
+    #
+    # This includes keys passed as parameter, configured keys,
+    # #remote_client_keys, #remote_node_keys and remote_user_keys.
+    #
+    # @param keys [Array<String>] list of public keys to include in addition to
+    #   the configured.
+    # @return [Array<String>] list of user public keys.
+    # @raise [ArgumentError] if user list is wrong.
+    # @raise [InsufficientPrivileges] if you lack enough privileges to read
+    #   the keys from the Chef Server.
+    # @raise [ClientNotFound] if client does not exist.
+    # @raise [Net::HTTPServerException] for Chef Server HTTP errors.
+    # @raise [SearchFailure] if there is a Chef search error.
+    # @raise [SearchFatalError] if the Chef search response is wrong.
+    # @raise [InvalidSearchKeys] if search keys structure is wrong.
+    # @see #config
+    # @see #remote_client_keys
+    # @see #remote_node_keys
+    # @see #remote_user_keys
+    def target_keys(keys = nil)
+      target_keys =
+        config.keys + remote_client_keys + remote_node_keys + remote_user_keys
+      target_keys += keys if keys.is_a?(Array)
       target_keys
     end
 
+    # Gets the local private key.
+    #
+    # @return [OpenSSL::PKey::RSA.new] local private (and public) key object.
     def local_key
-      self.class.local_node.key
-    end
-
-    def self.local_node
-      LocalNode.new
-    end
-
-    def self.config(arg)
-      config = EncryptedAttribute::Config.new(Chef::Config[:encrypted_attributes])
-      config.update!(arg)
-      config.keys(config.keys + [ self.local_node.public_key ])
-      config
-    end
-
-    public
-
-    def self.load(hs, c={})
-      Chef::Log.debug("#{self.class.name}: Loading Local Encrypted Attribute from: #{hs.to_s}")
-      enc_attr = EncryptedAttribute.new(self.config(c))
-      result = enc_attr.load(hs)
-      Chef::Log.debug("#{self.class.name}: Local Encrypted Attribute loaded.")
-      result
-    end
-
-    def self.load_from_node(name, attr_ary, c={})
-      Chef::Log.debug("#{self.class.name}: Loading Remote Encrypted Attribute from #{name}: #{attr_ary.to_s}")
-      enc_attr = EncryptedAttribute.new(self.config(c))
-      result = enc_attr.load_from_node(name, attr_ary)
-      Chef::Log.debug("#{self.class.name}: Remote Encrypted Attribute loaded.")
-      result
-    end
-
-    def self.create(value, c={})
-      Chef::Log.debug("#{self.class.name}: Creating Encrypted Attribute.")
-      enc_attr = EncryptedAttribute.new(self.config(c))
-      result = enc_attr.create(value)
-      Chef::Log.debug("#{self.class.name}: Encrypted Attribute created.")
-      result
-    end
-
-    def self.create_on_node(name, attr_ary, value, c={})
-      Chef::Log.debug("#{self.class.name}: Creating Remote Encrypted Attribute on #{name}: #{attr_ary.to_s}")
-      enc_attr = EncryptedAttribute.new(self.config(c))
-      result = enc_attr.create_on_node(name, attr_ary, value)
-      Chef::Log.debug("#{self.class.name}: Encrypted Remote Attribute created.")
-      result
-    end
-
-    def self.update(hs, c={})
-      Chef::Log.debug("#{self.class.name}: Updating Encrypted Attribute: #{hs.to_s}")
-      enc_attr = EncryptedAttribute.new(self.config(c))
-      result = enc_attr.update(hs)
-      if result
-        Chef::Log.debug("#{self.class.name}: Encrypted Attribute updated.")
-      else
-        Chef::Log.debug("#{self.class.name}: Encrypted Attribute not updated.")
-      end
-      result
-    end
-
-    def self.update_on_node(name, attr_ary, c={})
-      Chef::Log.debug("#{self.class.name}: Updating Remote Encrypted Attribute on #{name}: #{attr_ary.to_s}")
-      enc_attr = EncryptedAttribute.new(self.config(c))
-      result = enc_attr.update_on_node(name, attr_ary)
-      if result
-        Chef::Log.debug("#{self.class.name}: Encrypted Remote Attribute updated.")
-      else
-        Chef::Log.debug("#{self.class.name}: Encrypted Remote Attribute not updated.")
-      end
-      result
-    end
-
-    def self.exist?(hs)
-      Chef::Log.debug("#{self.class.name}: Checking if Encrypted Attribute exists here: #{hs.to_s}")
-      result = EncryptedMash.exist?(hs)
-      if result
-        Chef::Log.debug("#{self.class.name}: Encrypted Attribute found.")
-      else
-        Chef::Log.debug("#{self.class.name}: Encrypted Attribute not found.")
-      end
-      result
+      LocalNode.new.key
     end
-
-    def self.exists?(*args)
-      Chef::Log.warn("#{self.name}.exists? is deprecated in favor of #{self.name}.exist?.")
-      exist?(*args)
-    end
-
-    def self.exist_on_node?(name, attr_ary, c={})
-      Chef::Log.debug("#{self.class.name}: Checking if Remote Encrypted Attribute exists on #{name}")
-      remote_node = RemoteNode.new(name)
-      node_attr = remote_node.load_attribute(attr_ary, self.config(c).partial_search)
-      Chef::EncryptedAttribute.exist?(node_attr)
-    end
-
-    def self.exists_on_node?(*args)
-      Chef::Log.warn("#{self.name}.exists_on_node? is deprecated in favor of #{self.name}.exist_on_node?.")
-      exist_on_node?(*args)
-    end
-
   end
 end