chef-flavor-flay 0.4.1 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 16b50d75fcfefaad5d32a3468c465e9db7aae1f0
4
- data.tar.gz: 9aaf7b275e2773953473c5008b8c2c037764d3ff
3
+ metadata.gz: 6114d63746f15e1bf98e6a80070b68bf7455c5fa
4
+ data.tar.gz: 7631eba19a6fd5c47bd9d480a9c3477938a6eff2
5
5
  SHA512:
6
- metadata.gz: 5f7d46a340210e3b9e20ddd9fae12977b6b5a478667c0bdc6e5e5065698aa22ace3071c977743552780679872015bf185949f7a402f5ed4e1e6fde7a257c2922
7
- data.tar.gz: cd5beba02c602894984e487be026833e2a85cc6ee9482a68bfbdcec38b82a173c6316b44918b8e6539c6b19ebc029f48b352257c8454ea5c1eec4b7fbe231acd
6
+ metadata.gz: b9cd09e71dc97912aa44dc829baf3c7fc473308b75a12ea98fa1478102557acf3287bb1505cc08e92ee2b110fbac455240b8337d981bec64dcc3835784c627f4
7
+ data.tar.gz: e2c72641f9328f4d18e7ac5858764493955a8ccbb16b9b62083fbc36a84eef3ef07360ce7285723db5f0267f829015e01bcfbc6e72c26a406b69c109dab767eb
data/README.md CHANGED
@@ -1,4 +1,4 @@
1
- # Flay - A Customizable Chef Cookbook Template
1
+ # Flay - A Customized Chef Cookbook Template with Other Useful Things
2
2
 
3
3
  [![Build Status](https://travis-ci.org/sweeperio/flay.svg?branch=master)](https://travis-ci.org/sweeperio/flay)
4
4
  [![Gem Version](https://badge.fury.io/rb/chef-flavor-flay.svg)](https://badge.fury.io/rb/chef-flavor-flay)
@@ -28,23 +28,7 @@ It's very opinionated and works with the sweeperio infrastructure specifically.
28
28
  * Updates all templates to pass `bundle exec rubocop && bundle exec rspec`
29
29
  * Adds a travis file for CI that will use the chefdk to run tests
30
30
  * Creates a single `test` directory rather than spec/unit and test/integration
31
- * Adds a _dummy_ `encrypted_data_bag_secret` file for [Test Kitchen]
32
- * Adds `encrypt_data_bag` rake task for working with encrypted data bags in [Test Kitchen] (see note below)
33
-
34
- ### Testing Encrypted Data Bags
35
-
36
- In order to make testing encrypted data bags easier, there's a convention (and rake task) in place in this template.
37
-
38
- The _test/integration/data_bags_ directory should contain subdirectories for each data bag you want to test (just like
39
- your chef repo would).
40
-
41
- **To create an encrypted data bag item, follow these steps (assuming you're testing ejson/keys):**
42
-
43
- * Create `test/integration/data_bags/ejson/keys.plaintext.json` and add your items
44
- * Run `bundle exec rake encrypt_data_bag[ejson,keys]` (zsh users, you'll need to quote, escape or `unsetopt nomatch`)
45
- * Notice that `test/integration/data_bags/ejson/keys.json` has been created and contains the encrypted contents
46
-
47
- Updating follows the exact same process.
31
+ * Adds a _dummy_ `encrypted_data_bag_secret` file for [Test Kitchen] (see note about testing data bags below)
48
32
 
49
33
  [Berkshelf]: https://docs.chef.io/berkshelf.html
50
34
  [ChefSpec]: https://docs.chef.io/chefspec.html
@@ -72,6 +56,8 @@ Celebrate! :rocket:
72
56
 
73
57
  * `chef exec flay cookbook my_cookbook`
74
58
  * `chef exec flay recipe my_cookbook` (from within the cookbook directory)
59
+ * `chef exec flay encrypt DATA_BAG ITEM (options)`
60
+ * `chef exec flay decrypt DATA_BAG ITEM (options)`
75
61
  * `chef exec flay release` (see below)
76
62
 
77
63
  There are a few other commands available. Run `chef exec flay help` for details.
@@ -91,9 +77,69 @@ It will run:
91
77
  * `git tag -a -m "Version #{version}" v#{version}` - unless the tag already exists
92
78
  * `git push && git push --tags`
93
79
  * `chef exec berks install`
94
- * `chef exec berks upload --no-ssl-verify`
80
+ * `chef exec berks upload`
81
+
82
+ ### Working With Data Bags
83
+
84
+ Normally data bags are edited directly on the chef server by using the normal `knife data bag` commands. I'm not fond of
85
+ this practise because there is no history there. If someone changes an item, how do you go back to what it was if
86
+ something goes wrong?
87
+
88
+ For this reason, I've added a simple knife plugin that exposes 2 new knife commands `data bag encrypt` and `data bag
89
+ decrypt`. These commands work with json files in the `data_bags/` directory of your chef repo. The basic idea is that
90
+ you encrypt the items locally, commit to git and then create/update the items from json files.
91
+
92
+ For example, suppose you have an unencrypted json file at `data_bags/ejson/keys.json` that defines an item. To encrypt
93
+ this item you can run the following command:
94
+
95
+ `chef exec knife data bag encrypt ejson keys -w`
96
+
97
+ This will encrypt the contents using your `encrypted_data_bag_secret` (pulled from chef config/knife.rb).
98
+
99
+ Similarly there's a `decrypt` version that does the opposite. `knife data bag decrypt ejson keys -w`
100
+
101
+ Both of these commands support the following options:
102
+
103
+ * `-w` - whether or not to write the file. If false, the results will be printed to STDOUT, but not written to the file.
104
+ Default `false`
105
+ * `-s` - The path to your encrypted_data_bag_secret file. Default `Chef::Config[:encrypted_data_bag_secret]`
106
+ * `-p` - The path to your data bag directory. Default `Chef::Config[:data_bag_path]`
107
+
108
+ For example to use test data bags with a custom secret file you could run:
109
+
110
+ `chef exec knife data bag encrypt -w -s /some/path/to/secret -p /custom/data_bags/dir`
111
+
112
+ #### Flay Wrappers
113
+
114
+ For convenience, there are equivalent commands added to flay that really just wrap the call to these commands.
115
+
116
+ * `flay encrypt DATA_BAG ITEM` - Will encrypt the data bag and write to the file
117
+ * `flay decrypt DATA_BAG ITEM` - Will decrypt the data bag and write to the file
118
+
119
+ Both of these support the `--no-write` option to prevent writing the result to the file. There is also the `-t` option,
120
+ we sets the secret file and data bag path to `test/integration/encrypted_data_bag_secret` and
121
+ `test/integration/data_bags` respectively.
122
+
123
+ ### Testing Encrypted Data Bags
124
+
125
+ The _test/integration/data_bags_ directory should contain subdirectories for each data bag you want to test (just like
126
+ your chef repo would).
127
+
128
+ **To create an encrypted data bag item, follow these steps (assuming you're testing ejson/keys):**
129
+
130
+ * Create `test/integration/data_bags/ejson/keys.json` and add your items
131
+ * Run `chef exec flay encrypt ejson keys -t`
132
+ * Notice that `test/integration/data_bags/ejson/keys.json` contains the encrypted contents
133
+
134
+ **Updating a data bag**
135
+
136
+ * Decrypt the data bag using `chef exec flay decrypt ejson keys -t`
137
+ * Notice that `test/integration/data_bags/ejson/keys.json` contains the decrypted contents
138
+ * Update the contents as necessary
139
+ * Run `chef exec flay encrypt ejson keys -t`
140
+ * Notice that `test/integration/data_bags/ejson/keys.json` contains the (updated) encrypted contents
95
141
 
96
- ### Example
142
+ ### Cookbook Generation Example
97
143
 
98
144
  ```
99
145
  $ chef exec flay generate cookbook chef-demo-flay
@@ -0,0 +1,14 @@
1
+ require_relative "flay_knife_helpers"
2
+
3
+ class Chef::Knife::DataBagDecrypt < Chef::Knife
4
+ include Chef::Knife::FlayKnifeHelpers
5
+
6
+ banner "knife data bag decrypt DATA_BAG ITEM (options)"
7
+ category "data bag"
8
+
9
+ def run
10
+ plain_text_bag = Chef::EncryptedDataBagItem.new(data_bag, secret)
11
+ write_to_file(plain_text_bag) if config.fetch(:write, false)
12
+ display(plain_text_bag)
13
+ end
14
+ end
@@ -0,0 +1,14 @@
1
+ require_relative "flay_knife_helpers"
2
+
3
+ class Chef::Knife::DataBagEncrypt < Chef::Knife
4
+ include Chef::Knife::FlayKnifeHelpers
5
+
6
+ banner "knife data bag encrypt DATA_BAG ITEM (options)"
7
+ category "data bag"
8
+
9
+ def run
10
+ cipher_text_bag = Chef::EncryptedDataBagItem.encrypt_data_bag_item(data_bag, secret)
11
+ write_to_file(cipher_text_bag) if config.fetch(:write, false)
12
+ display(cipher_text_bag)
13
+ end
14
+ end
@@ -0,0 +1,42 @@
1
+ require "chef"
2
+ require "chef/knife"
3
+
4
+ module Chef::Knife::FlayKnifeHelpers
5
+ def self.included(base)
6
+ base.class_eval do
7
+ option :data_bag_path, short: "-p", long: "--path", default: nil
8
+ option :secret_file, short: "-s", long: "--secret-file", default: nil
9
+ option :write, short: "-w", long: "--write", boolean: true, default: false
10
+ end
11
+ end
12
+
13
+ private
14
+
15
+ def write_to_file(bag)
16
+ json = JSON.pretty_generate(bag.to_hash)
17
+ File.open(data_bag_path, "w") { |file| file.write(json) }
18
+ end
19
+
20
+ def display(bag)
21
+ output(format_for_display(bag))
22
+ end
23
+
24
+ def secret
25
+ @secret ||= begin
26
+ path = config.fetch(:secret_file, Chef::Config[:encrypted_data_bag_secret])
27
+ Chef::EncryptedDataBagItem.load_secret(path)
28
+ end
29
+ end
30
+
31
+ def data_bag
32
+ @data_bag ||= Chef::DataBagItem.from_hash(JSON.parse(File.read(data_bag_path)))
33
+ end
34
+
35
+ def data_bag_path
36
+ @data_bag_path ||= begin
37
+ base_path = config.fetch(:data_bag_path, Chef::Config[:data_bag_path])
38
+ bag, item = name_args
39
+ File.join(base_path, bag, "#{item}.json")
40
+ end
41
+ end
42
+ end
@@ -1,17 +1,13 @@
1
1
  class Flay::CLI < Thor
2
2
  include Thor::Actions
3
+ include Flay::Helpers
3
4
 
4
5
  package_name "flay"
5
6
 
6
7
  Flay::Commands::Generate.register_with(self, as: "generate")
7
8
  Flay::Commands::Release.register_with(self, as: "release")
8
9
 
9
- method_option(
10
- :chef_path,
11
- type: :string,
12
- desc: "The path that contains your knife.rb file",
13
- default: "~/.chef-sweeper/"
14
- )
10
+ method_option :chef_path, type: :string, desc: "Your .chef/ folder", default: "~/.chef-sweeper/"
15
11
  desc "link [--chef-path=PATH]", "symlinks .chef to --chef-path"
16
12
  long_desc "Creates a symlink in the current directory from .chef to --chef-path"
17
13
  def link
@@ -26,4 +22,34 @@ class Flay::CLI < Thor
26
22
  def version
27
23
  say "flay version: #{Flay::VERSION}"
28
24
  end
25
+
26
+ method_option :write, type: :boolean, desc: "Whether or not to write the file", default: true
27
+ method_option :test, type: :boolean, desc: "Whether or not this is a test data bag", default: false, aliases: "-t"
28
+ desc "encrypt DATA_BAG ITEM (options)", "encrypt a data bag item"
29
+ long_desc "Encrypts a data bag item"
30
+ def encrypt(data_bag, item)
31
+ cmd = "chef exec knife data bag encrypt #{data_bag} #{item}"
32
+ cmd << " -w" if options.fetch("write")
33
+ cmd << " #{test_data_bag_args}" if options.fetch("test")
34
+
35
+ shell_exec(cmd)
36
+ end
37
+
38
+ method_option :write, type: :boolean, desc: "Whether or not to write the file", default: true
39
+ method_option :test, type: :boolean, desc: "Whether or not this is a test data bag", default: false, aliases: "-t"
40
+ desc "decrypt DATA_BAG ITEM (options)", "decrypt a data bag item"
41
+ long_desc "Decrypts a data bag item"
42
+ def decrypt(data_bag, item)
43
+ cmd = "chef exec knife data bag decrypt #{data_bag} #{item}"
44
+ cmd << " -w" if options.fetch("write")
45
+ cmd << " #{test_data_bag_args}" if options.fetch("test")
46
+
47
+ shell_exec(cmd)
48
+ end
49
+
50
+ private
51
+
52
+ def test_data_bag_args
53
+ "-s test/integration/encrypted_data_bag_secret -p test/integration/data_bags"
54
+ end
29
55
  end
@@ -38,7 +38,7 @@ class Flay::Commands::Release < Thor::Group
38
38
 
39
39
  def berks_upload
40
40
  say "Uploading cookbook to chef server...", :green
41
- shell_exec("chef exec berks upload --no-ssl-verify")
41
+ shell_exec("chef exec berks upload")
42
42
  end
43
43
 
44
44
  def all_done
@@ -1,3 +1,3 @@
1
1
  module Flay
2
- VERSION = "0.4.1".freeze
2
+ VERSION = "1.0.0".freeze
3
3
  end
@@ -1,20 +1,7 @@
1
- require "chef"
2
1
  require "foodcritic"
3
2
  require "rspec/core/rake_task"
4
3
  require "rubocop/rake_task"
5
4
 
6
- # Data Bag Helpers
7
- SECRET_FILE = "./test/integration/encrypted_data_bag_secret".freeze
8
- INPUT_PATH_FORMAT = "./test/integration/data_bags/%s/%s.plaintext.json".freeze
9
- OUTPUT_PATH_FORMAT = "./test/integration/data_bags/%s/%s.json".freeze
10
-
11
- def raw_bag_item(args)
12
- path = format(INPUT_PATH_FORMAT, *args.values_at(:bag, :item))
13
- hash = JSON.parse(File.read(path))
14
-
15
- Chef::DataBagItem.from_hash(hash)
16
- end
17
-
18
5
  RSpec::Core::RakeTask.new { |rspec| rspec.rspec_opts = File.read("./.rspec").split("\n") }
19
6
 
20
7
  RuboCop::RakeTask.new { |rubocop| rubocop.options = %w(-D) }
@@ -24,19 +11,6 @@ FoodCritic::Rake::LintTask.new do |foodcritic|
24
11
  foodcritic.options[:fail_tags] = "any"
25
12
  end
26
13
 
27
- desc "encrypts a data bag item for integration tests"
28
- task :encrypt_data_bag, [:bag, :item] do |_, args|
29
- data_bag_item = raw_bag_item(args)
30
- data_bag_secret = Chef::EncryptedDataBagItem.load_secret(SECRET_FILE)
31
- encrypted_item = Chef::EncryptedDataBagItem.encrypt_data_bag_item(data_bag_item, data_bag_secret)
32
-
33
- pretty_json = JSON.pretty_generate(encrypted_item.to_hash)
34
- output_path = format(OUTPUT_PATH_FORMAT, *args.values_at(:bag, :item))
35
- File.open(output_path, "w") { |file| file.write(pretty_json) }
36
-
37
- puts format("encrypted test data bag: %s", output_path)
38
- end
39
-
40
14
  desc "Run Rubocop and Foodcritic style checks"
41
15
  task style: [:rubocop, :foodcritic]
42
16
 
@@ -49,10 +49,6 @@ cookbook_file("#{kitchen_dir}/data_bags/ejson/keys.json") do
49
49
  source "test/integration/data_bags/ejson/keys.json"
50
50
  end
51
51
 
52
- cookbook_file("#{kitchen_dir}/data_bags/ejson/keys.plaintext.json") do
53
- source "test/integration/data_bags/ejson/keys.plaintext.json"
54
- end
55
-
56
52
  cookbook_file "#{kitchen_dir}/helpers/serverspec/spec_helper.rb" do
57
53
  source "test/integration/helpers/serverspec/spec_helper.rb"
58
54
  action :create_if_missing
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: chef-flavor-flay
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.1
4
+ version: 1.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - pseudomuto
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2016-01-08 00:00:00.000000000 Z
11
+ date: 2016-01-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: chef-gen-flavors
@@ -61,6 +61,9 @@ files:
61
61
  - cucumber.yml
62
62
  - exe/flay
63
63
  - flay.gemspec
64
+ - lib/chef/knife/data_bag_decrypt.rb
65
+ - lib/chef/knife/data_bag_encrypt.rb
66
+ - lib/chef/knife/flay_knife_helpers.rb
64
67
  - lib/chef_gen/flavor/flay.rb
65
68
  - lib/flay.rb
66
69
  - lib/flay/cli.rb
@@ -80,7 +83,6 @@ files:
80
83
  - shared/flavor/flay/files/default/test/chef/client.enc
81
84
  - shared/flavor/flay/files/default/test/chef/knife.rb
82
85
  - shared/flavor/flay/files/default/test/integration/data_bags/ejson/keys.json
83
- - shared/flavor/flay/files/default/test/integration/data_bags/ejson/keys.plaintext.json
84
86
  - shared/flavor/flay/files/default/test/integration/encrypted_data_bag_secret
85
87
  - shared/flavor/flay/files/default/test/integration/helpers/serverspec/spec_helper.rb
86
88
  - shared/flavor/flay/files/default/test/unit/spec_helper.rb
@@ -1,7 +0,0 @@
1
- {
2
- "id": "keys",
3
- "test": {
4
- "public": "12345abc",
5
- "private": "cba54321"
6
- }
7
- }