chef-encrypted-attributes 0.7.0 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 9cdea59e2de10064ea5d0e3bc56bc81ceead120e
4
- data.tar.gz: 0deb1f801ae0bf42f7f85b34f42240d213a45802
3
+ metadata.gz: e206a093b2d8ed07fe97cd37c9eeeba215073585
4
+ data.tar.gz: d0a0b4bb447df79ba59c1c2e65990ca17de7993e
5
5
  SHA512:
6
- metadata.gz: 6c0cc800e8252f437349d0970b82182756bab2394f20de1504b8c5bd939cd692cb410b7435a9f3a139d334692fe204754eca21458002d793f1936a2b30f593f9
7
- data.tar.gz: e2d69beb84580fb66183615c247a32035a872d62c74de1ca9ec313e87b50922defe13d2c71f84e7ac4f125f30d6cf036124f6da88f38dd0f11a3776e37d59fb2
6
+ metadata.gz: 1883981d17325eb1306b9c415a4fd721b52d21520299317755128170a7271bb1c1e227e256ad5281e240aac742a6b5861e8b2fd6c17d91a136cf935434eca304
7
+ data.tar.gz: 8cc84abfea65767303e6e83c4cec84a9a551df4d40243e30deebcb655653a0b6dec490ff798cfbb4ee087f40863a7790e4f9802678182804a6ce21c432f2fa29
checksums.yaml.gz.sig CHANGED
Binary file
data.tar.gz.sig CHANGED
Binary file
data/CHANGELOG.md CHANGED
@@ -2,6 +2,11 @@
2
2
 
3
3
  This file is used to list changes made in each version of `chef-encrypted-attributes`.
4
4
 
5
+ ## 0.8.0 (2015-05-22)
6
+
7
+ * Do not limit `RemoteNode#load_attribute` search result to one row (related to [issue #3](https://github.com/onddo/chef-encrypted-attributes/pull/3), thanks [Crystal Hsiung](https://github.com/chhsiung) for the help).
8
+ * Update opscode and github links to chef.io and chef.
9
+
5
10
  ## 0.7.0 (2015-05-20)
6
11
 
7
12
  * Move chef to dev dependency and remove dynamic dependency installation extension (related to [cookbook issue #2](https://github.com/onddo/encrypted_attributes-cookbook/pull/2#issuecomment-101454221) and [issue #2](https://github.com/onddo/chef-encrypted-attributes/pull/2), thanks [Lisa Danz](https://github.com/ldanz) for reporting).
@@ -75,7 +80,7 @@ This file is used to list changes made in each version of `chef-encrypted-attrib
75
80
 
76
81
  * Deprecate `#exists?` methods in favor of `#exist?` methods
77
82
  * Fixed all RSpec deprecation warnings
78
- * Added Protocol Version 2 (*disabled by default*): uses [GCM](http://en.wikipedia.org/wiki/Galois/Counter_Mode) as in [Chef 12 Encrypted Data Bags Version 3](https://github.com/opscode/chef/pull/1591).
83
+ * Added Protocol Version 2 (*disabled by default*): uses [GCM](http://en.wikipedia.org/wiki/Galois/Counter_Mode) as in [Chef 12 Encrypted Data Bags Version 3](https://github.com/chef/chef/pull/1591).
79
84
  * Added `RequirementsFailure` exception
80
85
  * README, CONTRIBUTING, TODO: multiple documentation improvements
81
86
  * Added some security related sections to the README
data/README.md CHANGED
@@ -2,8 +2,8 @@
2
2
  [![Gem Version](http://img.shields.io/gem/v/chef-encrypted-attributes.svg?style=flat)](http://badge.fury.io/rb/chef-encrypted-attributes)
3
3
  [![Dependency Status](http://img.shields.io/gemnasium/onddo/chef-encrypted-attributes.svg?style=flat)](https://gemnasium.com/onddo/chef-encrypted-attributes)
4
4
  [![Code Climate](http://img.shields.io/codeclimate/github/onddo/chef-encrypted-attributes.svg?style=flat)](https://codeclimate.com/github/onddo/chef-encrypted-attributes)
5
- [![Build Status](http://img.shields.io/travis/onddo/chef-encrypted-attributes/0.7.0.svg?style=flat)](https://travis-ci.org/onddo/chef-encrypted-attributes)
6
- [![Coverage Status](http://img.shields.io/coveralls/onddo/chef-encrypted-attributes/0.7.0.svg?style=flat)](https://coveralls.io/r/onddo/chef-encrypted-attributes?branch=0.7.0)
5
+ [![Build Status](http://img.shields.io/travis/onddo/chef-encrypted-attributes/0.8.0.svg?style=flat)](https://travis-ci.org/onddo/chef-encrypted-attributes)
6
+ [![Coverage Status](http://img.shields.io/coveralls/onddo/chef-encrypted-attributes/0.8.0.svg?style=flat)](https://coveralls.io/r/onddo/chef-encrypted-attributes?branch=0.8.0)
7
7
  [![Inline docs](http://inch-ci.org/github/onddo/chef-encrypted-attributes.svg?branch=master&style=flat)](http://inch-ci.org/github/onddo/chef-encrypted-attributes)
8
8
 
9
9
  [Chef](https://www.chef.io/) plugin to add Node encrypted attributes support using client keys.
@@ -176,6 +176,14 @@ To fix this limitation you should expose de *Chef Client* *public key* in the `n
176
176
 
177
177
  Exposing the public key through attributes should not be considered a security breach, so it's not a problem to include it on all machines.
178
178
 
179
+ ## Maximum Number of Nodes
180
+
181
+ This gem is ready to be used with Chef Servers that have less than `1000` nodes by default. You can increase this limit setting the `search_max_rows` configuration option:
182
+
183
+ ```ruby
184
+ Chef::Config[:encrypted_attributes][:search_max_rows] = 50_000
185
+ ```
186
+
179
187
  ## Knife Commands
180
188
 
181
189
  See the [KNIFE.md](http://www.rubydoc.info/gems/chef-encrypted-attributes/file/KNIFE.md) file.
@@ -195,11 +203,11 @@ See the [official gem documentation](http://www.rubydoc.info/gems/chef-encrypted
195
203
 
196
204
  The `chef-encrypted-attributes` gem is cryptographically signed by Onddo Labs's certificate, which identifies as *team@onddo.com*. You can obtain the official signature here:
197
205
 
198
- https://raw.github.com/onddo/chef-encrypted-attributes/master/certs/team_onddo.crt
206
+ https://raw.github.com/onddo/chef-encrypted-attributes/0.8.0/certs/team_onddo.crt
199
207
 
200
208
  To be sure the gem you install has not been tampered with:
201
209
 
202
- $ gem cert --add <(curl -Ls https://raw.github.com/onddo/chef-encrypted-attributes/master/certs/team_onddo.crt)
210
+ $ gem cert --add <(curl -Ls https://raw.github.com/onddo/chef-encrypted-attributes/0.8.0/certs/team_onddo.crt)
203
211
  $ gem install chef-encrypted-attributes -P MediumSecurity
204
212
 
205
213
  The *MediumSecurity* trust profile will verify signed gems, but allow the installation of unsigned dependencies. This is necessary because not all of `chef-encrypted-attributes`'s dependencies are signed, so we cannot use *HighSecurity*.
@@ -218,7 +226,7 @@ Still, this gem should be considered experimental until audited by professional
218
226
 
219
227
  If you have discovered a bug in `chef-encrypted-attributes` of a sensitive nature, i.e. one which can compromise the security of `chef-encrypted-attributes` users, you can report it securely by sending a GPG encrypted message. Please use the following key:
220
228
 
221
- https://raw.github.com/onddo/chef-encrypted-attributes/master/zuazo.gpg
229
+ https://raw.github.com/onddo/chef-encrypted-attributes/0.8.0/zuazo.gpg
222
230
 
223
231
  The key fingerprint is (or should be):
224
232
 
data/Rakefile CHANGED
@@ -61,7 +61,7 @@ end
61
61
 
62
62
  if RUBY_VERSION < '1.9.3'
63
63
  # Integration tests are broken in 1.9.2 due to a chef-zero bug:
64
- # https://github.com/opscode/chef-zero/issues/65
64
+ # https://github.com/chef/chef-zero/issues/65
65
65
  # RuboCop require Ruby 1.9.3.
66
66
  task default: %w(unit)
67
67
  else
@@ -130,7 +130,11 @@ class Chef
130
130
  # @raise [InvalidSearchKeys] if search keys structure is wrong.
131
131
  def load_from_node(name, attr_ary, key = nil)
132
132
  remote_node = RemoteNode.new(name)
133
- load(remote_node.load_attribute(attr_ary, config.partial_search), key)
133
+ enc_hs =
134
+ remote_node.load_attribute(
135
+ attr_ary, config.search_max_rows, config.partial_search
136
+ )
137
+ load(enc_hs, key)
134
138
  end
135
139
 
136
140
  # Creates an encrypted attribute from a Hash.
@@ -302,7 +306,10 @@ class Chef
302
306
 
303
307
  # update the encrypted attribute
304
308
  remote_node = RemoteNode.new(name)
305
- enc_hs = remote_node.load_attribute(attr_ary, config.partial_search)
309
+ enc_hs =
310
+ remote_node.load_attribute(
311
+ attr_ary, config.search_max_rows, config.partial_search
312
+ )
306
313
  updated = update(enc_hs, [node_public_key])
307
314
 
308
315
  # save encrypted attribute
@@ -327,7 +334,7 @@ class Chef
327
334
  # @see #config
328
335
  def remote_client_keys
329
336
  RemoteClients.search_public_keys(
330
- config.client_search, config.partial_search
337
+ config.client_search, config.search_max_rows, config.partial_search
331
338
  )
332
339
  end
333
340
 
@@ -344,7 +351,9 @@ class Chef
344
351
  # @raise [InvalidSearchKeys] if search keys structure is wrong.
345
352
  # @see #config
346
353
  def remote_node_keys
347
- RemoteNodes.search_public_keys(config.node_search, config.partial_search)
354
+ RemoteNodes.search_public_keys(
355
+ config.node_search, config.search_max_rows, config.partial_search
356
+ )
348
357
  end
349
358
 
350
359
  # Gets remote user keys using the configured user list.
@@ -35,8 +35,8 @@ class Chef
35
35
  # {Chef::EncryptedAttribute} class.
36
36
  #
37
37
  # These methods are intended to be used from Chef
38
- # [Recipes](http://docs.getchef.com/recipes.html) or
39
- # [Resources](https://docs.getchef.com/resource.html).
38
+ # [Recipes](http://docs.chef.io/recipes.html) or
39
+ # [Resources](https://docs.chef.io/resource.html).
40
40
  #
41
41
  # The attributes created by these methods are encrypted **only for the local
42
42
  # node** by default.
@@ -73,6 +73,9 @@ class Chef
73
73
  # *OR*-ed.
74
74
  # * `:node_search` - Search query for nodes allowed to read the encrypted
75
75
  # attribute. Can be a simple string or an array of queries to be *OR*-ed.
76
+ # * `:search_max_rows` - Maximum nodes returned by the internal chef
77
+ # searches. This number should be above the maximum expected nodes in the
78
+ # Chef Server. Defaults to `1000` nodes.
76
79
  # * `:users` - Array of user names to be allowed to read the encrypted
77
80
  # attribute(s). `"*"` to allow access to all users. Keep in mind that only
78
81
  # admin clients or admin users are allowed to read user public keys. It is
@@ -498,8 +501,12 @@ class Chef
498
501
  def exist_on_node?(name, attr_ary, c = {})
499
502
  debug("Checking if Remote Encrypted Attribute exists on #{name}")
500
503
  remote_node = RemoteNode.new(name)
504
+ config_merged = config(c)
501
505
  node_attr =
502
- remote_node.load_attribute(attr_ary, config(c).partial_search)
506
+ remote_node.load_attribute(
507
+ attr_ary, config_merged.search_max_rows,
508
+ config_merged.partial_search
509
+ )
503
510
  Chef::EncryptedAttribute.exist?(node_attr)
504
511
  end
505
512
 
@@ -32,6 +32,7 @@ class Chef
32
32
  :version,
33
33
  :partial_search,
34
34
  :client_search,
35
+ :search_max_rows,
35
36
  :node_search,
36
37
  :users,
37
38
  :keys
@@ -66,7 +67,7 @@ class Chef
66
67
  # @param arg [Boolean] whether to enable partial search.
67
68
  # @return [Boolean] partial search usage.
68
69
  # @see
69
- # http://docs.getchef.com/chef_search.html Chef Search documentation
70
+ # http://docs.chef.io/chef_search.html Chef Search documentation
70
71
  def partial_search(arg = nil)
71
72
  set_or_return(
72
73
  :partial_search, arg, kind_of: [TrueClass, FalseClass], default: true
@@ -81,11 +82,25 @@ class Chef
81
82
  # @param arg [String, Array<String>] list of client queries to perform.
82
83
  # @return [Array<String>] list of client queries.
83
84
  # @see
84
- # http://docs.getchef.com/chef_search.html Chef Search documentation
85
+ # http://docs.chef.io/chef_search.html Chef Search documentation
85
86
  def client_search(arg = nil)
86
87
  set_or_return_search_array(:client_search, arg)
87
88
  end
88
89
 
90
+ # Set the maximum number of rows to be returned by internal search
91
+ # functions.
92
+ #
93
+ # You must set this value to your maximum number of nodes in your Chef
94
+ # Server. Defaults to `1000`.
95
+ #
96
+ # @param arg [Integer] maximum rows number.
97
+ # @return [Integer] maximum rows number.
98
+ def search_max_rows(arg = nil)
99
+ set_or_return(
100
+ :search_max_rows, arg, kind_of: Integer, default: 1000
101
+ )
102
+ end
103
+
89
104
  # Reads or sets node search query.
90
105
  #
91
106
  # This query will return a list of nodes that will be able to read the
@@ -32,7 +32,7 @@ class Chef
32
32
  # (http://en.wikipedia.org/wiki/Galois/Counter_Mode).
33
33
  #
34
34
  # * This protocol version is based on the [Chef 12 Encrypted Data Bags
35
- # Version 3 implementation](https://github.com/opscode/chef/pull/1591).
35
+ # Version 3 implementation](https://github.com/chef/chef/pull/1591).
36
36
  # * To use it, the following **special requirements** must be met:
37
37
  # Ruby `>= 2` and OpenSSL `>= 1.0.1`.
38
38
  # * This implementation can be improved, is not optimized either for
@@ -59,16 +59,20 @@ class Chef
59
59
  #
60
60
  # @param search [Array<String>, String] search queries to perform, the
61
61
  # query result will be *OR*-ed.
62
+ # @param rows [Integer] maximum number of rows to return in searches.
63
+ # @param partial_search [Boolean] whether to use partial search.
62
64
  # @return [Array<String>] list of public keys.
63
65
  # @raise [SearchFailure] if there is a Chef search error.
64
66
  # @raise [SearchFatalError] if the Chef search response is wrong.
65
67
  # @raise [InvalidSearchKeys] if search keys structure is wrong.
66
- def self.search_public_keys(search = '*:*', partial_search = true)
68
+ def self.search_public_keys(
69
+ search = '*:*', rows = 1000, partial_search = true
70
+ )
67
71
  escaped_query = escape_query(search)
68
72
  return cache[escaped_query] if cache.key?(escaped_query)
69
73
  cache[escaped_query] = search(
70
74
  :client, search,
71
- { 'public_key' => %w(public_key) }, 1000, partial_search
75
+ { 'public_key' => %w(public_key) }, rows, partial_search
72
76
  ).map { |client| client['public_key'] }.compact
73
77
  end
74
78
  end
@@ -65,18 +65,19 @@ class Chef
65
65
  # Loads a remote node attribute.
66
66
  #
67
67
  # @param attr_ary [Array<String>] node attribute path as Array.
68
+ # @param rows [Integer] maximum number of rows to return in searches.
68
69
  # @param partial_search [Boolean] whether to use partial search.
69
70
  # @return [Mixed] node attribute value, `nil` if not found.
70
71
  # @raise [ArgumentError] if the attribute path format is wrong.
71
72
  # @raise [SearchFailure] if there is a Chef search error.
72
73
  # @raise [SearchFatalError] if the Chef search response is wrong.
73
74
  # @raise [InvalidSearchKeys] if search keys structure is wrong.
74
- def load_attribute(attr_ary, partial_search = true)
75
+ def load_attribute(attr_ary, rows = 1000, partial_search = true)
75
76
  assert_attribute_array(attr_ary)
76
77
  cache_key = cache_key(name, attr_ary)
77
78
  return self.class.cache[cache_key] if self.class.cache.key?(cache_key)
78
79
  keys = { 'value' => attr_ary }
79
- res = search_by_name(:node, @name, keys, 1, partial_search)
80
+ res = search_by_name(:node, @name, keys, rows, partial_search)
80
81
  self.class.cache[cache_key] = parse_search_result(res)
81
82
  end
82
83
 
@@ -76,6 +76,8 @@ class Chef
76
76
  #
77
77
  # @param search [Array<String>, String] search queries to perform, the
78
78
  # query result will be *OR*-ed.
79
+ # @param rows [Integer] maximum number of rows to return in searches.
80
+ # @param partial_search [Boolean] whether to use partial search.
79
81
  # @return [Array<String>] list of public keys.
80
82
  # @raise [InsufficientPrivileges] if you lack enough privileges to read
81
83
  # the keys from the Chef Server.
@@ -84,14 +86,16 @@ class Chef
84
86
  # @raise [SearchFailure] if there is a Chef search error.
85
87
  # @raise [SearchFatalError] if the Chef search response is wrong.
86
88
  # @raise [InvalidSearchKeys] if search keys structure is wrong.
87
- def self.search_public_keys(search = '*:*', partial_search = true)
89
+ def self.search_public_keys(
90
+ search = '*:*', rows = 1000, partial_search = true
91
+ )
88
92
  escaped_query = escape_query(search)
89
93
  return cache[escaped_query] if cache.key?(escaped_query)
90
94
  cache[escaped_query] =
91
95
  search(
92
96
  :node, search,
93
97
  { 'name' => %w(name), 'public_key' => %w(public_key) },
94
- 1000, partial_search
98
+ rows, partial_search
95
99
  ).map { |node| get_public_key(node) }.compact
96
100
  end
97
101
  end
@@ -138,7 +138,7 @@ class Chef
138
138
  # Does a search in the Chef Server.
139
139
  #
140
140
  # @param type [Symbol] search index to use. See [Chef Search Indexes]
141
- # (http://docs.getchef.com/chef_search.html#search-indexes).
141
+ # (http://docs.chef.io/chef_search.html#search-indexes).
142
142
  # @param query [Array<String>, String] search query. For example:
143
143
  # `%w(admin:true)`. Results will be *OR*-ed when multiple string queries
144
144
  # are provided.
@@ -162,7 +162,7 @@ class Chef
162
162
  # Does a search in the Chef Server by node or client name.
163
163
  #
164
164
  # @param type [Symbol] search index to use. See [Chef Search Indexes]
165
- # (http://docs.getchef.com/chef_search.html#search-indexes).
165
+ # (http://docs.chef.io/chef_search.html#search-indexes).
166
166
  # @param name [String] node name to search.
167
167
  # @param keys [Hash] search keys structure. For example:
168
168
  # `{ipaddress: %w(ipaddress), mysql_version: %w(mysql version) }`.
@@ -252,7 +252,7 @@ class Chef
252
252
  # Does a normal (no partial) search in the Chef Server.
253
253
  #
254
254
  # @param type [Symbol] search index to use. See [Chef Search Indexes]
255
- # (http://docs.getchef.com/chef_search.html#search-indexes).
255
+ # (http://docs.chef.io/chef_search.html#search-indexes).
256
256
  # @param name [String, nil] searched node name.
257
257
  # @param query [String, Array<String>] search query. For example:
258
258
  # `%w(admin:true)`. Results will be *OR*-ed when multiple string queries
@@ -355,7 +355,7 @@ class Chef
355
355
  # Does a partial search in the Chef Server.
356
356
  #
357
357
  # @param type [Symbol] search index to use. See [Chef Search Indexes]
358
- # (http://docs.getchef.com/chef_search.html#search-indexes).
358
+ # (http://docs.chef.io/chef_search.html#search-indexes).
359
359
  # @param name [String, nil] searched node name.
360
360
  # @param query [String, Array<String>] search query. For example:
361
361
  # `%w(admin:true)`. Results will be *OR*-ed when multiple string queries
@@ -20,6 +20,6 @@
20
20
  class Chef
21
21
  class EncryptedAttribute
22
22
  # `chef-encrypted-attributes` gem version.
23
- VERSION = '0.7.0'
23
+ VERSION = '0.8.0'
24
24
  end
25
25
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: chef-encrypted-attributes
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.0
4
+ version: 0.8.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Onddo Labs, SL.
@@ -30,7 +30,7 @@ cert_chain:
30
30
  cYe8PqNEkky7ugvF4zU3sB6TW+96XasuwDv1uJmyr35LF15U6Cs83+osMbAKJTmG
31
31
  /vqKzw==
32
32
  -----END CERTIFICATE-----
33
- date: 2015-05-20 00:00:00.000000000 Z
33
+ date: 2015-05-22 00:00:00.000000000 Z
34
34
  dependencies:
35
35
  - !ruby/object:Gem::Dependency
36
36
  name: chef
@@ -259,7 +259,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
259
259
  version: '0'
260
260
  requirements: []
261
261
  rubyforge_project:
262
- rubygems_version: 2.2.2
262
+ rubygems_version: 2.4.3
263
263
  signing_key:
264
264
  specification_version: 4
265
265
  summary: Chef Encrypted Attributes
metadata.gz.sig CHANGED
Binary file