chef-flavor-flay 0.4.1 → 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 16b50d75fcfefaad5d32a3468c465e9db7aae1f0
4
- data.tar.gz: 9aaf7b275e2773953473c5008b8c2c037764d3ff
3
+ metadata.gz: 6114d63746f15e1bf98e6a80070b68bf7455c5fa
4
+ data.tar.gz: 7631eba19a6fd5c47bd9d480a9c3477938a6eff2
5
5
  SHA512:
6
- metadata.gz: 5f7d46a340210e3b9e20ddd9fae12977b6b5a478667c0bdc6e5e5065698aa22ace3071c977743552780679872015bf185949f7a402f5ed4e1e6fde7a257c2922
7
- data.tar.gz: cd5beba02c602894984e487be026833e2a85cc6ee9482a68bfbdcec38b82a173c6316b44918b8e6539c6b19ebc029f48b352257c8454ea5c1eec4b7fbe231acd
6
+ metadata.gz: b9cd09e71dc97912aa44dc829baf3c7fc473308b75a12ea98fa1478102557acf3287bb1505cc08e92ee2b110fbac455240b8337d981bec64dcc3835784c627f4
7
+ data.tar.gz: e2c72641f9328f4d18e7ac5858764493955a8ccbb16b9b62083fbc36a84eef3ef07360ce7285723db5f0267f829015e01bcfbc6e72c26a406b69c109dab767eb
data/README.md CHANGED
@@ -1,4 +1,4 @@
1
- # Flay - A Customizable Chef Cookbook Template
1
+ # Flay - A Customized Chef Cookbook Template with Other Useful Things
2
2
 
3
3
  [![Build Status](https://travis-ci.org/sweeperio/flay.svg?branch=master)](https://travis-ci.org/sweeperio/flay)
4
4
  [![Gem Version](https://badge.fury.io/rb/chef-flavor-flay.svg)](https://badge.fury.io/rb/chef-flavor-flay)
@@ -28,23 +28,7 @@ It's very opinionated and works with the sweeperio infrastructure specifically.
28
28
  * Updates all templates to pass `bundle exec rubocop && bundle exec rspec`
29
29
  * Adds a travis file for CI that will use the chefdk to run tests
30
30
  * Creates a single `test` directory rather than spec/unit and test/integration
31
- * Adds a _dummy_ `encrypted_data_bag_secret` file for [Test Kitchen]
32
- * Adds `encrypt_data_bag` rake task for working with encrypted data bags in [Test Kitchen] (see note below)
33
-
34
- ### Testing Encrypted Data Bags
35
-
36
- In order to make testing encrypted data bags easier, there's a convention (and rake task) in place in this template.
37
-
38
- The _test/integration/data_bags_ directory should contain subdirectories for each data bag you want to test (just like
39
- your chef repo would).
40
-
41
- **To create an encrypted data bag item, follow these steps (assuming you're testing ejson/keys):**
42
-
43
- * Create `test/integration/data_bags/ejson/keys.plaintext.json` and add your items
44
- * Run `bundle exec rake encrypt_data_bag[ejson,keys]` (zsh users, you'll need to quote, escape or `unsetopt nomatch`)
45
- * Notice that `test/integration/data_bags/ejson/keys.json` has been created and contains the encrypted contents
46
-
47
- Updating follows the exact same process.
31
+ * Adds a _dummy_ `encrypted_data_bag_secret` file for [Test Kitchen] (see note about testing data bags below)
48
32
 
49
33
  [Berkshelf]: https://docs.chef.io/berkshelf.html
50
34
  [ChefSpec]: https://docs.chef.io/chefspec.html
@@ -72,6 +56,8 @@ Celebrate! :rocket:
72
56
 
73
57
  * `chef exec flay cookbook my_cookbook`
74
58
  * `chef exec flay recipe my_cookbook` (from within the cookbook directory)
59
+ * `chef exec flay encrypt DATA_BAG ITEM (options)`
60
+ * `chef exec flay decrypt DATA_BAG ITEM (options)`
75
61
  * `chef exec flay release` (see below)
76
62
 
77
63
  There are a few other commands available. Run `chef exec flay help` for details.
@@ -91,9 +77,69 @@ It will run:
91
77
  * `git tag -a -m "Version #{version}" v#{version}` - unless the tag already exists
92
78
  * `git push && git push --tags`
93
79
  * `chef exec berks install`
94
- * `chef exec berks upload --no-ssl-verify`
80
+ * `chef exec berks upload`
81
+
82
+ ### Working With Data Bags
83
+
84
+ Normally data bags are edited directly on the chef server by using the normal `knife data bag` commands. I'm not fond of
85
+ this practise because there is no history there. If someone changes an item, how do you go back to what it was if
86
+ something goes wrong?
87
+
88
+ For this reason, I've added a simple knife plugin that exposes 2 new knife commands `data bag encrypt` and `data bag
89
+ decrypt`. These commands work with json files in the `data_bags/` directory of your chef repo. The basic idea is that
90
+ you encrypt the items locally, commit to git and then create/update the items from json files.
91
+
92
+ For example, suppose you have an unencrypted json file at `data_bags/ejson/keys.json` that defines an item. To encrypt
93
+ this item you can run the following command:
94
+
95
+ `chef exec knife data bag encrypt ejson keys -w`
96
+
97
+ This will encrypt the contents using your `encrypted_data_bag_secret` (pulled from chef config/knife.rb).
98
+
99
+ Similarly there's a `decrypt` version that does the opposite. `knife data bag decrypt ejson keys -w`
100
+
101
+ Both of these commands support the following options:
102
+
103
+ * `-w` - whether or not to write the file. If false, the results will be printed to STDOUT, but not written to the file.
104
+ Default `false`
105
+ * `-s` - The path to your encrypted_data_bag_secret file. Default `Chef::Config[:encrypted_data_bag_secret]`
106
+ * `-p` - The path to your data bag directory. Default `Chef::Config[:data_bag_path]`
107
+
108
+ For example to use test data bags with a custom secret file you could run:
109
+
110
+ `chef exec knife data bag encrypt -w -s /some/path/to/secret -p /custom/data_bags/dir`
111
+
112
+ #### Flay Wrappers
113
+
114
+ For convenience, there are equivalent commands added to flay that really just wrap the call to these commands.
115
+
116
+ * `flay encrypt DATA_BAG ITEM` - Will encrypt the data bag and write to the file
117
+ * `flay decrypt DATA_BAG ITEM` - Will decrypt the data bag and write to the file
118
+
119
+ Both of these support the `--no-write` option to prevent writing the result to the file. There is also the `-t` option,
120
+ we sets the secret file and data bag path to `test/integration/encrypted_data_bag_secret` and
121
+ `test/integration/data_bags` respectively.
122
+
123
+ ### Testing Encrypted Data Bags
124
+
125
+ The _test/integration/data_bags_ directory should contain subdirectories for each data bag you want to test (just like
126
+ your chef repo would).
127
+
128
+ **To create an encrypted data bag item, follow these steps (assuming you're testing ejson/keys):**
129
+
130
+ * Create `test/integration/data_bags/ejson/keys.json` and add your items
131
+ * Run `chef exec flay encrypt ejson keys -t`
132
+ * Notice that `test/integration/data_bags/ejson/keys.json` contains the encrypted contents
133
+
134
+ **Updating a data bag**
135
+
136
+ * Decrypt the data bag using `chef exec flay decrypt ejson keys -t`
137
+ * Notice that `test/integration/data_bags/ejson/keys.json` contains the decrypted contents
138
+ * Update the contents as necessary
139
+ * Run `chef exec flay encrypt ejson keys -t`
140
+ * Notice that `test/integration/data_bags/ejson/keys.json` contains the (updated) encrypted contents
95
141
 
96
- ### Example
142
+ ### Cookbook Generation Example
97
143
 
98
144
  ```
99
145
  $ chef exec flay generate cookbook chef-demo-flay
@@ -0,0 +1,14 @@
1
+ require_relative "flay_knife_helpers"
2
+
3
+ class Chef::Knife::DataBagDecrypt < Chef::Knife
4
+ include Chef::Knife::FlayKnifeHelpers
5
+
6
+ banner "knife data bag decrypt DATA_BAG ITEM (options)"
7
+ category "data bag"
8
+
9
+ def run
10
+ plain_text_bag = Chef::EncryptedDataBagItem.new(data_bag, secret)
11
+ write_to_file(plain_text_bag) if config.fetch(:write, false)
12
+ display(plain_text_bag)
13
+ end
14
+ end
@@ -0,0 +1,14 @@
1
+ require_relative "flay_knife_helpers"
2
+
3
+ class Chef::Knife::DataBagEncrypt < Chef::Knife
4
+ include Chef::Knife::FlayKnifeHelpers
5
+
6
+ banner "knife data bag encrypt DATA_BAG ITEM (options)"
7
+ category "data bag"
8
+
9
+ def run
10
+ cipher_text_bag = Chef::EncryptedDataBagItem.encrypt_data_bag_item(data_bag, secret)
11
+ write_to_file(cipher_text_bag) if config.fetch(:write, false)
12
+ display(cipher_text_bag)
13
+ end
14
+ end
@@ -0,0 +1,42 @@
1
+ require "chef"
2
+ require "chef/knife"
3
+
4
+ module Chef::Knife::FlayKnifeHelpers
5
+ def self.included(base)
6
+ base.class_eval do
7
+ option :data_bag_path, short: "-p", long: "--path", default: nil
8
+ option :secret_file, short: "-s", long: "--secret-file", default: nil
9
+ option :write, short: "-w", long: "--write", boolean: true, default: false
10
+ end
11
+ end
12
+
13
+ private
14
+
15
+ def write_to_file(bag)
16
+ json = JSON.pretty_generate(bag.to_hash)
17
+ File.open(data_bag_path, "w") { |file| file.write(json) }
18
+ end
19
+
20
+ def display(bag)
21
+ output(format_for_display(bag))
22
+ end
23
+
24
+ def secret
25
+ @secret ||= begin
26
+ path = config.fetch(:secret_file, Chef::Config[:encrypted_data_bag_secret])
27
+ Chef::EncryptedDataBagItem.load_secret(path)
28
+ end
29
+ end
30
+
31
+ def data_bag
32
+ @data_bag ||= Chef::DataBagItem.from_hash(JSON.parse(File.read(data_bag_path)))
33
+ end
34
+
35
+ def data_bag_path
36
+ @data_bag_path ||= begin
37
+ base_path = config.fetch(:data_bag_path, Chef::Config[:data_bag_path])
38
+ bag, item = name_args
39
+ File.join(base_path, bag, "#{item}.json")
40
+ end
41
+ end
42
+ end
@@ -1,17 +1,13 @@
1
1
  class Flay::CLI < Thor
2
2
  include Thor::Actions
3
+ include Flay::Helpers
3
4
 
4
5
  package_name "flay"
5
6
 
6
7
  Flay::Commands::Generate.register_with(self, as: "generate")
7
8
  Flay::Commands::Release.register_with(self, as: "release")
8
9
 
9
- method_option(
10
- :chef_path,
11
- type: :string,
12
- desc: "The path that contains your knife.rb file",
13
- default: "~/.chef-sweeper/"
14
- )
10
+ method_option :chef_path, type: :string, desc: "Your .chef/ folder", default: "~/.chef-sweeper/"
15
11
  desc "link [--chef-path=PATH]", "symlinks .chef to --chef-path"
16
12
  long_desc "Creates a symlink in the current directory from .chef to --chef-path"
17
13
  def link
@@ -26,4 +22,34 @@ class Flay::CLI < Thor
26
22
  def version
27
23
  say "flay version: #{Flay::VERSION}"
28
24
  end
25
+
26
+ method_option :write, type: :boolean, desc: "Whether or not to write the file", default: true
27
+ method_option :test, type: :boolean, desc: "Whether or not this is a test data bag", default: false, aliases: "-t"
28
+ desc "encrypt DATA_BAG ITEM (options)", "encrypt a data bag item"
29
+ long_desc "Encrypts a data bag item"
30
+ def encrypt(data_bag, item)
31
+ cmd = "chef exec knife data bag encrypt #{data_bag} #{item}"
32
+ cmd << " -w" if options.fetch("write")
33
+ cmd << " #{test_data_bag_args}" if options.fetch("test")
34
+
35
+ shell_exec(cmd)
36
+ end
37
+
38
+ method_option :write, type: :boolean, desc: "Whether or not to write the file", default: true
39
+ method_option :test, type: :boolean, desc: "Whether or not this is a test data bag", default: false, aliases: "-t"
40
+ desc "decrypt DATA_BAG ITEM (options)", "decrypt a data bag item"
41
+ long_desc "Decrypts a data bag item"
42
+ def decrypt(data_bag, item)
43
+ cmd = "chef exec knife data bag decrypt #{data_bag} #{item}"
44
+ cmd << " -w" if options.fetch("write")
45
+ cmd << " #{test_data_bag_args}" if options.fetch("test")
46
+
47
+ shell_exec(cmd)
48
+ end
49
+
50
+ private
51
+
52
+ def test_data_bag_args
53
+ "-s test/integration/encrypted_data_bag_secret -p test/integration/data_bags"
54
+ end
29
55
  end
@@ -38,7 +38,7 @@ class Flay::Commands::Release < Thor::Group
38
38
 
39
39
  def berks_upload
40
40
  say "Uploading cookbook to chef server...", :green
41
- shell_exec("chef exec berks upload --no-ssl-verify")
41
+ shell_exec("chef exec berks upload")
42
42
  end
43
43
 
44
44
  def all_done
@@ -1,3 +1,3 @@
1
1
  module Flay
2
- VERSION = "0.4.1".freeze
2
+ VERSION = "1.0.0".freeze
3
3
  end
@@ -1,20 +1,7 @@
1
- require "chef"
2
1
  require "foodcritic"
3
2
  require "rspec/core/rake_task"
4
3
  require "rubocop/rake_task"
5
4
 
6
- # Data Bag Helpers
7
- SECRET_FILE = "./test/integration/encrypted_data_bag_secret".freeze
8
- INPUT_PATH_FORMAT = "./test/integration/data_bags/%s/%s.plaintext.json".freeze
9
- OUTPUT_PATH_FORMAT = "./test/integration/data_bags/%s/%s.json".freeze
10
-
11
- def raw_bag_item(args)
12
- path = format(INPUT_PATH_FORMAT, *args.values_at(:bag, :item))
13
- hash = JSON.parse(File.read(path))
14
-
15
- Chef::DataBagItem.from_hash(hash)
16
- end
17
-
18
5
  RSpec::Core::RakeTask.new { |rspec| rspec.rspec_opts = File.read("./.rspec").split("\n") }
19
6
 
20
7
  RuboCop::RakeTask.new { |rubocop| rubocop.options = %w(-D) }
@@ -24,19 +11,6 @@ FoodCritic::Rake::LintTask.new do |foodcritic|
24
11
  foodcritic.options[:fail_tags] = "any"
25
12
  end
26
13
 
27
- desc "encrypts a data bag item for integration tests"
28
- task :encrypt_data_bag, [:bag, :item] do |_, args|
29
- data_bag_item = raw_bag_item(args)
30
- data_bag_secret = Chef::EncryptedDataBagItem.load_secret(SECRET_FILE)
31
- encrypted_item = Chef::EncryptedDataBagItem.encrypt_data_bag_item(data_bag_item, data_bag_secret)
32
-
33
- pretty_json = JSON.pretty_generate(encrypted_item.to_hash)
34
- output_path = format(OUTPUT_PATH_FORMAT, *args.values_at(:bag, :item))
35
- File.open(output_path, "w") { |file| file.write(pretty_json) }
36
-
37
- puts format("encrypted test data bag: %s", output_path)
38
- end
39
-
40
14
  desc "Run Rubocop and Foodcritic style checks"
41
15
  task style: [:rubocop, :foodcritic]
42
16
 
@@ -49,10 +49,6 @@ cookbook_file("#{kitchen_dir}/data_bags/ejson/keys.json") do
49
49
  source "test/integration/data_bags/ejson/keys.json"
50
50
  end
51
51
 
52
- cookbook_file("#{kitchen_dir}/data_bags/ejson/keys.plaintext.json") do
53
- source "test/integration/data_bags/ejson/keys.plaintext.json"
54
- end
55
-
56
52
  cookbook_file "#{kitchen_dir}/helpers/serverspec/spec_helper.rb" do
57
53
  source "test/integration/helpers/serverspec/spec_helper.rb"
58
54
  action :create_if_missing
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: chef-flavor-flay
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.1
4
+ version: 1.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - pseudomuto
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2016-01-08 00:00:00.000000000 Z
11
+ date: 2016-01-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: chef-gen-flavors
@@ -61,6 +61,9 @@ files:
61
61
  - cucumber.yml
62
62
  - exe/flay
63
63
  - flay.gemspec
64
+ - lib/chef/knife/data_bag_decrypt.rb
65
+ - lib/chef/knife/data_bag_encrypt.rb
66
+ - lib/chef/knife/flay_knife_helpers.rb
64
67
  - lib/chef_gen/flavor/flay.rb
65
68
  - lib/flay.rb
66
69
  - lib/flay/cli.rb
@@ -80,7 +83,6 @@ files:
80
83
  - shared/flavor/flay/files/default/test/chef/client.enc
81
84
  - shared/flavor/flay/files/default/test/chef/knife.rb
82
85
  - shared/flavor/flay/files/default/test/integration/data_bags/ejson/keys.json
83
- - shared/flavor/flay/files/default/test/integration/data_bags/ejson/keys.plaintext.json
84
86
  - shared/flavor/flay/files/default/test/integration/encrypted_data_bag_secret
85
87
  - shared/flavor/flay/files/default/test/integration/helpers/serverspec/spec_helper.rb
86
88
  - shared/flavor/flay/files/default/test/unit/spec_helper.rb
@@ -1,7 +0,0 @@
1
- {
2
- "id": "keys",
3
- "test": {
4
- "public": "12345abc",
5
- "private": "cba54321"
6
- }
7
- }