chef-encrypted-attributes 0.7.0 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9cdea59e2de10064ea5d0e3bc56bc81ceead120e
-  data.tar.gz: 0deb1f801ae0bf42f7f85b34f42240d213a45802
+  metadata.gz: e206a093b2d8ed07fe97cd37c9eeeba215073585
+  data.tar.gz: d0a0b4bb447df79ba59c1c2e65990ca17de7993e
 SHA512:
-  metadata.gz: 6c0cc800e8252f437349d0970b82182756bab2394f20de1504b8c5bd939cd692cb410b7435a9f3a139d334692fe204754eca21458002d793f1936a2b30f593f9
-  data.tar.gz: e2d69beb84580fb66183615c247a32035a872d62c74de1ca9ec313e87b50922defe13d2c71f84e7ac4f125f30d6cf036124f6da88f38dd0f11a3776e37d59fb2
+  metadata.gz: 1883981d17325eb1306b9c415a4fd721b52d21520299317755128170a7271bb1c1e227e256ad5281e240aac742a6b5861e8b2fd6c17d91a136cf935434eca304
+  data.tar.gz: 8cc84abfea65767303e6e83c4cec84a9a551df4d40243e30deebcb655653a0b6dec490ff798cfbb4ee087f40863a7790e4f9802678182804a6ce21c432f2fa29

data/CHANGELOG.md

@@ -2,6 +2,11 @@
 
 This file is used to list changes made in each version of `chef-encrypted-attributes`.
 
+## 0.8.0 (2015-05-22)
+
+* Do not limit `RemoteNode#load_attribute` search result to one row (related to [issue #3](https://github.com/onddo/chef-encrypted-attributes/pull/3), thanks [Crystal Hsiung](https://github.com/chhsiung) for the help).
+* Update opscode and github links to chef.io and chef.
+
 ## 0.7.0 (2015-05-20)
 
 * Move chef to dev dependency and remove dynamic dependency installation extension (related to [cookbook issue #2](https://github.com/onddo/encrypted_attributes-cookbook/pull/2#issuecomment-101454221) and [issue #2](https://github.com/onddo/chef-encrypted-attributes/pull/2), thanks [Lisa Danz](https://github.com/ldanz) for reporting).
@@ -75,7 +80,7 @@ This file is used to list changes made in each version of `chef-encrypted-attrib
 
 * Deprecate `#exists?` methods in favor of `#exist?` methods
 * Fixed all RSpec deprecation warnings
-* Added Protocol Version 2 (*disabled by default*): uses [GCM](http://en.wikipedia.org/wiki/Galois/Counter_Mode) as in [Chef 12 Encrypted Data Bags Version 3](https://github.com/opscode/chef/pull/1591).
+* Added Protocol Version 2 (*disabled by default*): uses [GCM](http://en.wikipedia.org/wiki/Galois/Counter_Mode) as in [Chef 12 Encrypted Data Bags Version 3](https://github.com/chef/chef/pull/1591).
  * Added `RequirementsFailure` exception
 * README, CONTRIBUTING, TODO: multiple documentation improvements
  * Added some security related sections to the README

data/README.md

@@ -2,8 +2,8 @@
 [![Gem Version](http://img.shields.io/gem/v/chef-encrypted-attributes.svg?style=flat)](http://badge.fury.io/rb/chef-encrypted-attributes)
 [![Dependency Status](http://img.shields.io/gemnasium/onddo/chef-encrypted-attributes.svg?style=flat)](https://gemnasium.com/onddo/chef-encrypted-attributes)
 [![Code Climate](http://img.shields.io/codeclimate/github/onddo/chef-encrypted-attributes.svg?style=flat)](https://codeclimate.com/github/onddo/chef-encrypted-attributes)
-[![Build Status](http://img.shields.io/travis/onddo/chef-encrypted-attributes/0.7.0.svg?style=flat)](https://travis-ci.org/onddo/chef-encrypted-attributes)
-[![Coverage Status](http://img.shields.io/coveralls/onddo/chef-encrypted-attributes/0.7.0.svg?style=flat)](https://coveralls.io/r/onddo/chef-encrypted-attributes?branch=0.7.0)
+[![Build Status](http://img.shields.io/travis/onddo/chef-encrypted-attributes/0.8.0.svg?style=flat)](https://travis-ci.org/onddo/chef-encrypted-attributes)
+[![Coverage Status](http://img.shields.io/coveralls/onddo/chef-encrypted-attributes/0.8.0.svg?style=flat)](https://coveralls.io/r/onddo/chef-encrypted-attributes?branch=0.8.0)
 [![Inline docs](http://inch-ci.org/github/onddo/chef-encrypted-attributes.svg?branch=master&style=flat)](http://inch-ci.org/github/onddo/chef-encrypted-attributes)
 
 [Chef](https://www.chef.io/) plugin to add Node encrypted attributes support using client keys.
@@ -176,6 +176,14 @@ To fix this limitation you should expose de *Chef Client* *public key* in the `n
 
 Exposing the public key through attributes should not be considered a security breach, so it's not a problem to include it on all machines.
 
+## Maximum Number of Nodes
+
+This gem is ready to be used with Chef Servers that have less than `1000` nodes by default. You can increase this limit setting the `search_max_rows` configuration option:
+
+```ruby
+Chef::Config[:encrypted_attributes][:search_max_rows] = 50_000
+```
+
 ## Knife Commands
 
 See the [KNIFE.md](http://www.rubydoc.info/gems/chef-encrypted-attributes/file/KNIFE.md) file.
@@ -195,11 +203,11 @@ See the [official gem documentation](http://www.rubydoc.info/gems/chef-encrypted
 
 The `chef-encrypted-attributes` gem is cryptographically signed by Onddo Labs's certificate, which identifies as *team@onddo.com*. You can obtain the official signature here:
 
-    https://raw.github.com/onddo/chef-encrypted-attributes/master/certs/team_onddo.crt
+    https://raw.github.com/onddo/chef-encrypted-attributes/0.8.0/certs/team_onddo.crt
 
 To be sure the gem you install has not been tampered with:
 
-    $ gem cert --add <(curl -Ls https://raw.github.com/onddo/chef-encrypted-attributes/master/certs/team_onddo.crt)
+    $ gem cert --add <(curl -Ls https://raw.github.com/onddo/chef-encrypted-attributes/0.8.0/certs/team_onddo.crt)
     $ gem install chef-encrypted-attributes -P MediumSecurity
 
 The *MediumSecurity* trust profile will verify signed gems, but allow the installation of unsigned dependencies. This is necessary because not all of `chef-encrypted-attributes`'s dependencies are signed, so we cannot use *HighSecurity*.
@@ -218,7 +226,7 @@ Still, this gem should be considered experimental until audited by professional
 
 If you have discovered a bug in `chef-encrypted-attributes` of a sensitive nature, i.e.  one which can compromise the security of `chef-encrypted-attributes` users, you can report it securely by sending a GPG encrypted message. Please use the following key:
 
-    https://raw.github.com/onddo/chef-encrypted-attributes/master/zuazo.gpg
+    https://raw.github.com/onddo/chef-encrypted-attributes/0.8.0/zuazo.gpg
 
 The key fingerprint is (or should be):
 

data/Rakefile

@@ -61,7 +61,7 @@ end
 
 if RUBY_VERSION < '1.9.3'
   # Integration tests are broken in 1.9.2 due to a chef-zero bug:
-  #   https://github.com/opscode/chef-zero/issues/65
+  #   https://github.com/chef/chef-zero/issues/65
   # RuboCop require Ruby 1.9.3.
   task default: %w(unit)
 else

data/lib/chef/encrypted_attribute.rb

@@ -130,7 +130,11 @@ class Chef
     # @raise [InvalidSearchKeys] if search keys structure is wrong.
     def load_from_node(name, attr_ary, key = nil)
       remote_node = RemoteNode.new(name)
-      load(remote_node.load_attribute(attr_ary, config.partial_search), key)
+      enc_hs =
+        remote_node.load_attribute(
+          attr_ary, config.search_max_rows, config.partial_search
+        )
+      load(enc_hs, key)
     end
 
     # Creates an encrypted attribute from a Hash.
@@ -302,7 +306,10 @@ class Chef
 
       # update the encrypted attribute
       remote_node = RemoteNode.new(name)
-      enc_hs = remote_node.load_attribute(attr_ary, config.partial_search)
+      enc_hs =
+        remote_node.load_attribute(
+          attr_ary, config.search_max_rows, config.partial_search
+        )
       updated = update(enc_hs, [node_public_key])
 
       # save encrypted attribute
@@ -327,7 +334,7 @@ class Chef
     # @see #config
     def remote_client_keys
       RemoteClients.search_public_keys(
-        config.client_search, config.partial_search
+        config.client_search, config.search_max_rows, config.partial_search
       )
     end
 
@@ -344,7 +351,9 @@ class Chef
     # @raise [InvalidSearchKeys] if search keys structure is wrong.
     # @see #config
     def remote_node_keys
-      RemoteNodes.search_public_keys(config.node_search, config.partial_search)
+      RemoteNodes.search_public_keys(
+        config.node_search, config.search_max_rows, config.partial_search
+      )
     end
 
     # Gets remote user keys using the configured user list.

data/lib/chef/encrypted_attribute/api.rb

@@ -35,8 +35,8 @@ class Chef
     # {Chef::EncryptedAttribute} class.
     #
     # These methods are intended to be used from Chef
-    # [Recipes](http://docs.getchef.com/recipes.html) or
-    # [Resources](https://docs.getchef.com/resource.html).
+    # [Recipes](http://docs.chef.io/recipes.html) or
+    # [Resources](https://docs.chef.io/resource.html).
     #
     # The attributes created by these methods are encrypted **only for the local
     # node** by default.
@@ -73,6 +73,9 @@ class Chef
     #   *OR*-ed.
     # * `:node_search` - Search query for nodes allowed to read the encrypted
     #   attribute. Can be a simple string or an array of queries to be *OR*-ed.
+    # * `:search_max_rows` - Maximum nodes returned by the internal chef
+    #   searches. This number should be above the maximum expected nodes in the
+    #   Chef Server. Defaults to `1000` nodes.
     # * `:users` - Array of user names to be allowed to read the encrypted
     #   attribute(s). `"*"` to allow access to all users. Keep in mind that only
     #   admin clients or admin users are allowed to read user public keys. It is
@@ -498,8 +501,12 @@ class Chef
       def exist_on_node?(name, attr_ary, c = {})
         debug("Checking if Remote Encrypted Attribute exists on #{name}")
         remote_node = RemoteNode.new(name)
+        config_merged = config(c)
         node_attr =
-          remote_node.load_attribute(attr_ary, config(c).partial_search)
+          remote_node.load_attribute(
+            attr_ary, config_merged.search_max_rows,
+            config_merged.partial_search
+          )
         Chef::EncryptedAttribute.exist?(node_attr)
       end
 

data/lib/chef/encrypted_attribute/config.rb

@@ -32,6 +32,7 @@ class Chef
         :version,
         :partial_search,
         :client_search,
+        :search_max_rows,
         :node_search,
         :users,
         :keys
@@ -66,7 +67,7 @@ class Chef
       # @param arg [Boolean] whether to enable partial search.
       # @return [Boolean] partial search usage.
       # @see
-      #   http://docs.getchef.com/chef_search.html Chef Search documentation
+      #   http://docs.chef.io/chef_search.html Chef Search documentation
       def partial_search(arg = nil)
         set_or_return(
           :partial_search, arg, kind_of: [TrueClass, FalseClass], default: true
@@ -81,11 +82,25 @@ class Chef
       # @param arg [String, Array<String>] list of client queries to perform.
       # @return [Array<String>] list of client queries.
       # @see
-      #   http://docs.getchef.com/chef_search.html Chef Search documentation
+      #   http://docs.chef.io/chef_search.html Chef Search documentation
       def client_search(arg = nil)
         set_or_return_search_array(:client_search, arg)
       end
 
+      # Set the maximum number of rows to be returned by internal search
+      # functions.
+      #
+      # You must set this value to your maximum number of nodes in your Chef
+      # Server. Defaults to `1000`.
+      #
+      # @param arg [Integer] maximum rows number.
+      # @return [Integer] maximum rows number.
+      def search_max_rows(arg = nil)
+        set_or_return(
+          :search_max_rows, arg, kind_of: Integer, default: 1000
+        )
+      end
+
       # Reads or sets node search query.
       #
       # This query will return a list of nodes that will be able to read the

data/lib/chef/encrypted_attribute/encrypted_mash/version2.rb

@@ -32,7 +32,7 @@ class Chef
       # (http://en.wikipedia.org/wiki/Galois/Counter_Mode).
       #
       # * This protocol version is based on the [Chef 12 Encrypted Data Bags
-      #   Version 3 implementation](https://github.com/opscode/chef/pull/1591).
+      #   Version 3 implementation](https://github.com/chef/chef/pull/1591).
       # * To use it, the following **special requirements** must be met:
       #   Ruby `>= 2` and OpenSSL `>= 1.0.1`.
       # * This implementation can be improved, is not optimized either for

data/lib/chef/encrypted_attribute/remote_clients.rb

@@ -59,16 +59,20 @@ class Chef
       #
       # @param search [Array<String>, String] search queries to perform, the
       #   query result will be *OR*-ed.
+      # @param rows [Integer] maximum number of rows to return in searches.
+      # @param partial_search [Boolean] whether to use partial search.
       # @return [Array<String>] list of public keys.
       # @raise [SearchFailure] if there is a Chef search error.
       # @raise [SearchFatalError] if the Chef search response is wrong.
       # @raise [InvalidSearchKeys] if search keys structure is wrong.
-      def self.search_public_keys(search = '*:*', partial_search = true)
+      def self.search_public_keys(
+            search = '*:*', rows = 1000, partial_search = true
+      )
         escaped_query = escape_query(search)
         return cache[escaped_query] if cache.key?(escaped_query)
         cache[escaped_query] = search(
           :client, search,
-          { 'public_key' => %w(public_key) }, 1000, partial_search
+          { 'public_key' => %w(public_key) }, rows, partial_search
         ).map { |client| client['public_key'] }.compact
       end
     end

data/lib/chef/encrypted_attribute/remote_node.rb

@@ -65,18 +65,19 @@ class Chef
       # Loads a remote node attribute.
       #
       # @param attr_ary [Array<String>] node attribute path as Array.
+      # @param rows [Integer] maximum number of rows to return in searches.
       # @param partial_search [Boolean] whether to use partial search.
       # @return [Mixed] node attribute value, `nil` if not found.
       # @raise [ArgumentError] if the attribute path format is wrong.
       # @raise [SearchFailure] if there is a Chef search error.
       # @raise [SearchFatalError] if the Chef search response is wrong.
       # @raise [InvalidSearchKeys] if search keys structure is wrong.
-      def load_attribute(attr_ary, partial_search = true)
+      def load_attribute(attr_ary, rows = 1000, partial_search = true)
         assert_attribute_array(attr_ary)
         cache_key = cache_key(name, attr_ary)
         return self.class.cache[cache_key] if self.class.cache.key?(cache_key)
         keys = { 'value' => attr_ary }
-        res = search_by_name(:node, @name, keys, 1, partial_search)
+        res = search_by_name(:node, @name, keys, rows, partial_search)
         self.class.cache[cache_key] = parse_search_result(res)
       end
 

data/lib/chef/encrypted_attribute/remote_nodes.rb

@@ -76,6 +76,8 @@ class Chef
       #
       # @param search [Array<String>, String] search queries to perform, the
       #   query result will be *OR*-ed.
+      # @param rows [Integer] maximum number of rows to return in searches.
+      # @param partial_search [Boolean] whether to use partial search.
       # @return [Array<String>] list of public keys.
       # @raise [InsufficientPrivileges] if you lack enough privileges to read
       #   the keys from the Chef Server.
@@ -84,14 +86,16 @@ class Chef
       # @raise [SearchFailure] if there is a Chef search error.
       # @raise [SearchFatalError] if the Chef search response is wrong.
       # @raise [InvalidSearchKeys] if search keys structure is wrong.
-      def self.search_public_keys(search = '*:*', partial_search = true)
+      def self.search_public_keys(
+            search = '*:*', rows = 1000, partial_search = true
+      )
         escaped_query = escape_query(search)
         return cache[escaped_query] if cache.key?(escaped_query)
         cache[escaped_query] =
           search(
             :node, search,
             { 'name' => %w(name), 'public_key' => %w(public_key) },
-            1000, partial_search
+            rows, partial_search
           ).map { |node| get_public_key(node) }.compact
       end
     end

data/lib/chef/encrypted_attribute/search_helper.rb

@@ -138,7 +138,7 @@ class Chef
       # Does a search in the Chef Server.
       #
       # @param type [Symbol] search index to use. See [Chef Search Indexes]
-      #   (http://docs.getchef.com/chef_search.html#search-indexes).
+      #   (http://docs.chef.io/chef_search.html#search-indexes).
       # @param query [Array<String>, String] search query. For example:
       #   `%w(admin:true)`. Results will be *OR*-ed when multiple string queries
       #   are provided.
@@ -162,7 +162,7 @@ class Chef
       # Does a search in the Chef Server by node or client name.
       #
       # @param type [Symbol] search index to use. See [Chef Search Indexes]
-      #   (http://docs.getchef.com/chef_search.html#search-indexes).
+      #   (http://docs.chef.io/chef_search.html#search-indexes).
       # @param name [String] node name to search.
       # @param keys [Hash] search keys structure. For example:
       #   `{ipaddress: %w(ipaddress), mysql_version: %w(mysql version) }`.
@@ -252,7 +252,7 @@ class Chef
       # Does a normal (no partial) search in the Chef Server.
       #
       # @param type [Symbol] search index to use. See [Chef Search Indexes]
-      #   (http://docs.getchef.com/chef_search.html#search-indexes).
+      #   (http://docs.chef.io/chef_search.html#search-indexes).
       # @param name [String, nil] searched node name.
       # @param query [String, Array<String>] search query. For example:
       #   `%w(admin:true)`. Results will be *OR*-ed when multiple string queries
@@ -355,7 +355,7 @@ class Chef
       # Does a partial search in the Chef Server.
       #
       # @param type [Symbol] search index to use. See [Chef Search Indexes]
-      #   (http://docs.getchef.com/chef_search.html#search-indexes).
+      #   (http://docs.chef.io/chef_search.html#search-indexes).
       # @param name [String, nil] searched node name.
       # @param query [String, Array<String>] search query. For example:
       #   `%w(admin:true)`. Results will be *OR*-ed when multiple string queries

data/lib/chef/encrypted_attribute/version.rb

@@ -20,6 +20,6 @@
 class Chef
   class EncryptedAttribute
     # `chef-encrypted-attributes` gem version.
-    VERSION = '0.7.0'
+    VERSION = '0.8.0'
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: chef-encrypted-attributes
 version: !ruby/object:Gem::Version
-  version: 0.7.0
+  version: 0.8.0
 platform: ruby
 authors:
 - Onddo Labs, SL.
@@ -30,7 +30,7 @@ cert_chain:
   cYe8PqNEkky7ugvF4zU3sB6TW+96XasuwDv1uJmyr35LF15U6Cs83+osMbAKJTmG
   /vqKzw==
   -----END CERTIFICATE-----
-date: 2015-05-20 00:00:00.000000000 Z
+date: 2015-05-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef
@@ -259,7 +259,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.4.3
 signing_key: 
 specification_version: 4
 summary: Chef Encrypted Attributes