chef-vault 1.1.0 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
- data/README.rdoc +2 -0
- data/lib/chef-vault/version.rb +1 -1
- data/lib/chef/knife/EncryptCert.rb +1 -3
- data/lib/chef/knife/EncryptPassword.rb +1 -3
- data/lib/chef/knife/compat.rb +23 -0
- metadata +2 -2
data/README.rdoc
CHANGED
|
@@ -7,6 +7,8 @@ Gem that allows you to encrypt passwords & certificates using the public key of
|
|
|
7
7
|
a list of chef nodes. This allows only those chef nodes to decrypt the
|
|
8
8
|
password or certificate.
|
|
9
9
|
|
|
10
|
+
This is supported on both Chef 10 and Chef 11 API.
|
|
11
|
+
|
|
10
12
|
= INSTALLATION:
|
|
11
13
|
|
|
12
14
|
Be sure you are running the latest version Chef. Versions earlier than 0.10.0
|
data/lib/chef-vault/version.rb
CHANGED
|
@@ -81,9 +81,7 @@ class EncryptCert < Chef::Knife
|
|
|
81
81
|
puts("INFO: Skipping #{client} as it is already in the data bag...")
|
|
82
82
|
else
|
|
83
83
|
puts("INFO: Adding #{client} to public_key array...")
|
|
84
|
-
|
|
85
|
-
cert = OpenSSL::X509::Certificate.new cert_der
|
|
86
|
-
keyfob[client]=OpenSSL::PKey::RSA.new cert.public_key
|
|
84
|
+
keyfob[client] = get_client_public_key(client)
|
|
87
85
|
end
|
|
88
86
|
rescue Exception => node_error
|
|
89
87
|
puts("WARNING: Caught exception: #{node_error.message} while processing #{client}, so skipping...")
|
|
@@ -79,9 +79,7 @@ class EncryptPassword < Chef::Knife
|
|
|
79
79
|
puts("INFO: Skipping #{client} as it is already in the data bag...")
|
|
80
80
|
else
|
|
81
81
|
puts("INFO: Adding #{client} to public_key array...")
|
|
82
|
-
|
|
83
|
-
cert = OpenSSL::X509::Certificate.new cert_der
|
|
84
|
-
keyfob[client]=OpenSSL::PKey::RSA.new cert.public_key
|
|
82
|
+
keyfob[client] = get_client_public_key(client)
|
|
85
83
|
end
|
|
86
84
|
rescue Exception => node_error
|
|
87
85
|
puts("WARNING: Caught exception: #{node_error.message} while processing #{client}, so skipping...")
|
data/lib/chef/knife/compat.rb
CHANGED
|
@@ -12,5 +12,28 @@ module ChefVault
|
|
|
12
12
|
Shef::Extensions.extend_context_object(obj)
|
|
13
13
|
end
|
|
14
14
|
end
|
|
15
|
+
|
|
16
|
+
def get_client_public_key(client)
|
|
17
|
+
client = api.get("clients/#{client}")
|
|
18
|
+
|
|
19
|
+
# Check the response back from the api call to see if
|
|
20
|
+
# we get 'certificate' which is Chef 10 or just
|
|
21
|
+
# 'public_key' which is Chef 11
|
|
22
|
+
unless client.is_a?(Chef::ApiClient)
|
|
23
|
+
name = client['name']
|
|
24
|
+
certificate = client['certificate']
|
|
25
|
+
client = Chef::ApiClient.new
|
|
26
|
+
client.name name
|
|
27
|
+
client.admin false
|
|
28
|
+
|
|
29
|
+
cert_der = OpenSSL::X509::Certificate.new certificate
|
|
30
|
+
|
|
31
|
+
client.public_key cert_der.public_key.to_s
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
public_key = OpenSSL::PKey::RSA.new client.public_key
|
|
35
|
+
|
|
36
|
+
public_key
|
|
37
|
+
end
|
|
15
38
|
end
|
|
16
39
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: chef-vault
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.2.0
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2013-04-
|
|
12
|
+
date: 2013-04-17 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: chef
|