chef-encrypted-attributes 0.3.0 → 0.4.0

data/lib/chef/knife/core/encrypted_attribute_depends.rb

@@ -0,0 +1,43 @@
+# encoding: UTF-8
+#
+# Author:: Xabier de Zuazo (<xabier@onddo.com>)
+# Copyright:: Copyright (c) 2014 Onddo Labs, SL. (www.onddo.com)
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/knife'
+
+class Chef
+  class Knife
+    module Core
+      # Loads knife encrypted attribute dependencies.
+      module EncryptedAttributeDepends
+        # Reopens EncryptedAttributeDepends class to define knife dependencies.
+        #
+        # Includes the required gems to work with encrypted attributes.
+        #
+        # @param includer [Class] includer class.
+        def self.included(includer)
+          includer.class_eval do
+            deps do
+              require 'chef/encrypted_attribute'
+              require 'chef/json_compat'
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/chef/knife/core/encrypted_attribute_editor_options.rb

@@ -1,3 +1,4 @@
+# encoding: UTF-8
 #
 # Author:: Xabier de Zuazo (<xabier@onddo.com>)
 # Copyright:: Copyright (c) 2014 Onddo Labs, SL. (www.onddo.com)
@@ -21,88 +22,151 @@ require 'chef/knife/core/config'
 class Chef
   class Knife
     module Core
-
+      # Reads knife encrypted attribute edit commands arguments
       module EncryptedAttributeEditorOptions
+        # Reopens EncryptedAttributeEditorOptions class to define knife
+        # argument options.
+        #
+        # @param includer [Class] includer class.
         def self.included(includer)
           includer.class_eval do
 
-            deps do
-              require 'chef/encrypted_attribute'
-              require 'chef/json_compat'
+            # Helper method to set the encrypted attributes configuration.
+            def self.encrypted_attributes_option_set(key, value)
+              Chef::Config[:knife][:encrypted_attributes][key] = value
+            end
+
+            # Helper method to add a value to an encrypted configuration array
+            # option.
+            def self.encrypted_attributes_option_push(key, value)
+              unless Chef::Config[:knife][:encrypted_attributes][key]
+                     .is_a?(Array)
+                Chef::Config[:knife][:encrypted_attributes][key] = []
+              end
+              Chef::Config[:knife][:encrypted_attributes][key] << value
             end
 
             option :encrypted_attribute_version,
-              :long  => '--encrypted-attribute-version VERSION',
-              :description => 'Encrypted Attribute protocol version to use',
-              :proc => lambda { |i| Chef::Config[:knife][:encrypted_attributes][:version] = i }
+                   long: '--encrypted-attribute-version VERSION',
+                   description: 'Encrypted Attribute protocol version to use',
+                   proc: ->(i) { encrypted_attributes_option_set(:version, i) }
 
             option :encrypted_attribute_partial_search,
-              :short => '-P',
-              :long => '--disable-partial-search',
-              :description => 'Disable partial search',
-              :boolean => true,
-              :proc => lambda { |i| Chef::Config[:knife][:encrypted_attributes][:partial_search] = false }
+                   short: '-P',
+                   long: '--disable-partial-search',
+                   description: 'Disable partial search',
+                   boolean: true,
+                   proc:
+                    (lambda do |_i|
+                      encrypted_attributes_option_set(:partial_search, false)
+                    end)
 
             option :encrypted_attribute_client_search,
-              :short => '-C CLIENT_SEARCH_QUERY',
-              :long => '--client-search CLIENT_SEARCH_QUERY',
-              :description => 'Client search query. Can be specified multiple times',
-              :proc => lambda { |i|
-                Chef::Config[:knife][:encrypted_attributes][:client_search] = [] unless Chef::Config[:knife][:encrypted_attributes][:client_search].kind_of?(Array)
-                Chef::Config[:knife][:encrypted_attributes][:client_search] << i
-              }
+                   short: '-C CLIENT_SEARCH_QUERY',
+                   long: '--client-search CLIENT_SEARCH_QUERY',
+                   description:
+                     'Client search query. Can be specified multiple times',
+                   proc:
+                     (lambda do |i|
+                       encrypted_attributes_option_push(:client_search, i)
+                     end)
 
             option :encrypted_attribute_node_search,
-              :short => '-N NODE_SEARCH_QUERY',
-              :long => '--node-search NODE_SEARCH_QUERY',
-              :description => 'Node search query. Can be specified multiple times',
-              :proc => lambda { |i|
-                Chef::Config[:knife][:encrypted_attributes][:node_search] = [] unless Chef::Config[:knife][:encrypted_attributes][:node_search].kind_of?(Array)
-                Chef::Config[:knife][:encrypted_attributes][:node_search] << i
-              }
+                   short: '-N NODE_SEARCH_QUERY',
+                   long: '--node-search NODE_SEARCH_QUERY',
+                   description:
+                     'Node search query. Can be specified multiple times',
+                   proc:
+                     ->(i) { encrypted_attributes_option_push(:node_search, i) }
 
             option :encrypted_attribute_users,
-              :short => '-U USER',
-              :long => '--encrypted-attribute-user USER',
-              :description => 'User name to allow access to. Can be specified multiple times',
-              :proc => lambda { |i|
-                Chef::Config[:knife][:encrypted_attributes][:users] = [] unless Chef::Config[:knife][:encrypted_attributes][:users].kind_of?(Array)
-                Chef::Config[:knife][:encrypted_attributes][:users] << i
-              }
+                   short: '-U USER',
+                   long: '--encrypted-attribute-user USER',
+                   description:
+                     'User name to allow access to. Can be specified multiple '\
+                     'times',
+                   proc: ->(i) { encrypted_attributes_option_push(:users, i) }
 
-            # TODO option :keys
+            # TODO: option :keys
+          end # includer.class_eval
+        end # self.included(includer)
 
-            # Modified Chef::Knife::UI#edit_data method with plain text format support
-            def edit_data(data=nil, format='plain')
-              output = case format
-              when 'JSON', 'json'
-                data.nil? ? {} : Chef::JSONCompat.to_json_pretty(data, {:quirks_mode => true})
-              else
-                data.nil? ? '' : data
-              end
+        # Converts a string data to a Ruby value.
+        #
+        # @param data [String] data to convert.
+        # @param format [String] `'plain'` or `'json'`.
+        # @return [String, Mixed] Ruby value.
+        def edit_data_string_to_obj(data, format)
+          case format
+          when 'JSON', 'json'
+            if data.nil?
+              {}
+            else
+              Chef::JSONCompat.to_json_pretty(data, quirks_mode: true)
+            end
+          else
+            data.nil? ? '' : data
+          end
+        end
 
-              if !config[:disable_editing]
-                Tempfile.open([ 'knife-edit-', '.json' ]) do |tf|
-                  tf.sync = true
-                  tf.puts output
-                  tf.close
-                  raise 'Please set EDITOR environment variable' unless system("#{config[:editor]} #{tf.path}")
+        # Converts Ruby values to string.
+        #
+        # @param data [Mixed] Ruby value to convert.
+        # @param format [String] `'plain'` or `'json'`.
+        # @return [String] value encoded as string.
+        def edit_data_obj_to_string(data, format)
+          case format
+          when 'JSON', 'json'
+            FFI_Yajl::Parser.parse(data)
+          else
+            data
+          end
+        end
 
-                  output = IO.read(tf.path)
-                  tf.unlink # not needed, but recommended
-                end
-              end
+        # Runs system editor.
+        #
+        # @param path [String] path file to edit.
+        # @return void
+        # @raise [RuntimeError] if the editing command fails.
+        def edit_data_run_editor_command(path)
+          return if system("#{config[:editor]} #{path}")
+          fail 'Please set EDITOR environment variable'
+        end
 
-              case format
-              when 'JSON', 'json'
-                Yajl::Parser.parse(output)
-              else
-                output
-              end
-            end # def edit_data
+        # Edits a data using the system editor.
+        #
+        # Creates a temporal file to edit the data value.
+        #
+        # @param data [String] data to edit.
+        # @return [String] the data after the editing.
+        # @raise [RuntimeError] if the editing command fails.
+        def edit_data_run_editor(data)
+          return if config[:disable_editing]
+          result = nil
+          Tempfile.open(%w(knife-edit- .json)) do |tf|
+            tf.sync = true
+            tf.puts(data)
+            tf.close
+            edit_data_run_editor_command(tf.path)
+            result = IO.read(tf.path)
+          end
+          result
+        end
 
-          end # includer.class_eval
-        end # self.included(includer)
+        # Edits data using an editor.
+        #
+        # Modified `Chef::Knife::UI#edit_data` method with plain text format
+        # support
+        #
+        # @param data [String] default data value to edit.
+        # @param format [String] `'plain'` or `'json'`.
+        # @return [String] resulting data value after edition.
+        # @raise [RuntimeError] if the editing command fails.
+        def edit_data(data = nil, format = 'plain')
+          output = edit_data_string_to_obj(data, format)
+          output = edit_data_run_editor(output)
+          edit_data_obj_to_string(output, format)
+        end # def edit_data
       end # EncryptedAttributeEditorOptions
     end # Core
   end # Knife

data/lib/chef/knife/encrypted_attribute_create.rb

@@ -1,3 +1,4 @@
+# encoding: UTF-8
 #
 # Author:: Xabier de Zuazo (<xabier@onddo.com>)
 # Copyright:: Copyright (c) 2014 Onddo Labs, SL. (www.onddo.com)
@@ -16,52 +17,71 @@
 # limitations under the License.
 #
 
-require 'chef/knife/encrypted_attribute_show'
+require 'chef/knife/core/encrypted_attribute_base'
+require 'chef/knife/core/encrypted_attribute_depends'
 require 'chef/knife/core/encrypted_attribute_editor_options'
 
 class Chef
   class Knife
-    class EncryptedAttributeCreate < EncryptedAttributeShow
-
+    # knife encrypted attribute create command.
+    #
+    # ```
+    # $ knife encrypted attribute create NODE ATTRIBUTE (options)
+    # ```
+    class EncryptedAttributeCreate < Core::EncryptedAttributeBase
+      include Knife::Core::EncryptedAttributeDepends
       include Knife::Core::EncryptedAttributeEditorOptions
 
       option :input_format,
-        :short => '-i FORMAT',
-        :long => '--input-format FORMAT',
-        :description => 'Input (EDITOR) format, supported formats are "plain" (default) and "json"'
+             short: '-i FORMAT',
+             long: '--input-format FORMAT',
+             description:
+                'Input (EDITOR) format, supported formats are "plain" '\
+                '(default) and "json"'
 
       banner 'knife encrypted attribute create NODE ATTRIBUTE (options)'
 
-      def run
-        node_name = @name_args[0]
-        attr_path = @name_args[1]
-
-        if node_name.nil?
-          show_usage
-          ui.fatal('You must specify a node name')
-          exit 1
-        end
-
-        if attr_path.nil?
-          show_usage
-          ui.fatal('You must specify an encrypted attribute name')
-          exit 1
-        end
-
-        attr_ary = attribute_path_to_ary(attr_path)
-
+      # (see EncryptedAttributeBase#assert_valid_args)
+      # @raise [ArgumentError] if the attribute path format is wrong.
+      def assert_valid_args
         # check if the encrypted attribute already exists
-        if Chef::EncryptedAttribute.exist_on_node?(node_name, attr_ary)
-          ui.fatal('Encrypted attribute already exists')
-          exit 1
-        end
+        assert_attribute_does_not_exist(@node_name, @attr_ary)
+      end
+
+      # Runs knife command.
+      #
+      # @raise [RuntimeError] if the editing command fails.
+      # @raise [ArgumentError] if the attribute path format or the user list is
+      #   wrong.
+      # @raise [UnacceptableEncryptedAttributeFormat] if encrypted attribute
+      #   format is wrong or does not exist.
+      # @raise [UnsupportedEncryptedAttributeFormat] if encrypted attribute
+      #   format is not supported or unknown.
+      # @raise [EncryptionFailure] if there are encryption errors.
+      # @raise [MessageAuthenticationFailure] if HMAC calculation error.
+      # @raise [InvalidPublicKey] if it is not a valid RSA public key.
+      # @raise [InvalidKey] if the RSA key format is wrong.
+      # @raise [InsufficientPrivileges] if you lack enough privileges to read
+      #   the keys from the Chef Server.
+      # @raise [ClientNotFound] if client does not exist.
+      # @raise [Net::HTTPServerException] for Chef Server HTTP errors.
+      # @raise [RequirementsFailure] if the specified encrypted attribute
+      #   version cannot be used.
+      # @raise [SearchFailure] if there is a Chef search error.
+      # @raise [SearchFatalError] if the Chef search response is wrong.
+      # @raise [InvalidSearchKeys] if search keys structure is wrong.
+      # @return void
+      def run
+        parse_args
 
         # create encrypted attribute
         output = edit_data(nil, config[:input_format])
-        enc_attr = Chef::EncryptedAttribute.new(Chef::Config[:knife][:encrypted_attributes])
-        enc_attr.create_on_node(node_name, attr_ary, output)
+        enc_attr =
+          Chef::EncryptedAttribute.new(
+            Chef::Config[:knife][:encrypted_attributes]
+          )
+        enc_attr.create_on_node(@node_name, @attr_ary, output)
       end
-
     end
   end
 end

data/lib/chef/knife/encrypted_attribute_delete.rb

@@ -1,3 +1,4 @@
+# encoding: UTF-8
 #
 # Author:: Xabier de Zuazo (<xabier@onddo.com>)
 # Copyright:: Copyright (c) 2014 Onddo Labs, SL. (www.onddo.com)
@@ -16,56 +17,47 @@
 # limitations under the License.
 #
 
-require 'chef/knife'
-require 'chef/knife/encrypted_attribute_show'
+require 'chef/knife/core/encrypted_attribute_base'
+require 'chef/knife/core/encrypted_attribute_depends'
 require 'chef/encrypted_attribute/remote_node'
 
 class Chef
   class Knife
-    class EncryptedAttributeDelete < EncryptedAttributeShow
-
-      deps do
-        require 'chef/encrypted_attribute'
-        require 'chef/json_compat'
-      end
+    # knife encrypted attribute delete command.
+    #
+    # ```
+    # $ knife encrypted attribute delete NODE ATTRIBUTE (options)
+    # ```
+    class EncryptedAttributeDelete < Core::EncryptedAttributeBase
+      include Knife::Core::EncryptedAttributeDepends
 
       banner 'knife encrypted attribute delete NODE ATTRIBUTE (options)'
 
       option :force,
-        :short => '-f',
-        :long => '--force',
-        :description => 'Force the attribute deletion even if you cannot read it',
-        :boolean => true
-
+             short: '-f',
+             long: '--force',
+             description:
+               'Force the attribute deletion even if you cannot read it',
+             boolean: true
+
+      # Runs knife command.
+      #
+      # @return void
+      # @raise [ArgumentError] if the attribute path format is wrong.
+      # @raise [SearchFailure] if there is a Chef search error.
+      # @raise [SearchFatalError] if the Chef search response is wrong.
+      # @raise [InvalidSearchKeys] if search keys structure is wrong.
       def run
-        node_name = @name_args[0]
-        attr_path = @name_args[1]
-
-        if node_name.nil?
-          show_usage
-          ui.fatal('You must specify a node name')
-          exit 1
-        end
-
-        if attr_path.nil?
-          show_usage
-          ui.fatal('You must specify an encrypted attribute name')
-          exit 1
-        end
-
-        attr_ary = attribute_path_to_ary(attr_path)
-        if Chef::EncryptedAttribute.exist_on_node?(node_name, attr_ary)
-          # TODO move this to lib/EncryptedAttribute
-          unless config[:force] # try to read the attribute
-            Chef::EncryptedAttribute.load_from_node(node_name, attr_ary)
-          end
-          remote_node = Chef::EncryptedAttribute::RemoteNode.new(node_name)
-          if remote_node.delete_attribute(attr_ary)
-            ui.info('Encrypted attribute deleted.')
-          end
-        end
+        parse_args
+
+        return unless
+          Chef::EncryptedAttribute.exist_on_node?(@node_name, @attr_ary)
+        # TODO: move this to lib/EncryptedAttribute
+        assert_attribute_readable(@node_name, @attr_ary) unless config[:force]
+        remote_node = Chef::EncryptedAttribute::RemoteNode.new(@node_name)
+        return unless remote_node.delete_attribute(@attr_ary)
+        ui.info('Encrypted attribute deleted.')
       end
-
     end
   end
 end