chef-vault 1.1.0 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.rdoc +2 -0
- data/lib/chef-vault/version.rb +1 -1
- data/lib/chef/knife/EncryptCert.rb +1 -3
- data/lib/chef/knife/EncryptPassword.rb +1 -3
- data/lib/chef/knife/compat.rb +23 -0
- metadata +2 -2
data/README.rdoc
CHANGED
|
@@ -7,6 +7,8 @@ Gem that allows you to encrypt passwords & certificates using the public key of
|
|
|
7
7
|
a list of chef nodes. This allows only those chef nodes to decrypt the
|
|
8
8
|
password or certificate.
|
|
9
9
|
|
|
10
|
+
This is supported on both Chef 10 and Chef 11 API.
|
|
11
|
+
|
|
10
12
|
= INSTALLATION:
|
|
11
13
|
|
|
12
14
|
Be sure you are running the latest version Chef. Versions earlier than 0.10.0
|
data/lib/chef-vault/version.rb
CHANGED
|
@@ -81,9 +81,7 @@ class EncryptCert < Chef::Knife
|
|
|
81
81
|
puts("INFO: Skipping #{client} as it is already in the data bag...")
|
|
82
82
|
else
|
|
83
83
|
puts("INFO: Adding #{client} to public_key array...")
|
|
84
|
-
|
|
85
|
-
cert = OpenSSL::X509::Certificate.new cert_der
|
|
86
|
-
keyfob[client]=OpenSSL::PKey::RSA.new cert.public_key
|
|
84
|
+
keyfob[client] = get_client_public_key(client)
|
|
87
85
|
end
|
|
88
86
|
rescue Exception => node_error
|
|
89
87
|
puts("WARNING: Caught exception: #{node_error.message} while processing #{client}, so skipping...")
|
|
@@ -79,9 +79,7 @@ class EncryptPassword < Chef::Knife
|
|
|
79
79
|
puts("INFO: Skipping #{client} as it is already in the data bag...")
|
|
80
80
|
else
|
|
81
81
|
puts("INFO: Adding #{client} to public_key array...")
|
|
82
|
-
|
|
83
|
-
cert = OpenSSL::X509::Certificate.new cert_der
|
|
84
|
-
keyfob[client]=OpenSSL::PKey::RSA.new cert.public_key
|
|
82
|
+
keyfob[client] = get_client_public_key(client)
|
|
85
83
|
end
|
|
86
84
|
rescue Exception => node_error
|
|
87
85
|
puts("WARNING: Caught exception: #{node_error.message} while processing #{client}, so skipping...")
|
data/lib/chef/knife/compat.rb
CHANGED
|
@@ -12,5 +12,28 @@ module ChefVault
|
|
|
12
12
|
Shef::Extensions.extend_context_object(obj)
|
|
13
13
|
end
|
|
14
14
|
end
|
|
15
|
+
|
|
16
|
+
def get_client_public_key(client)
|
|
17
|
+
client = api.get("clients/#{client}")
|
|
18
|
+
|
|
19
|
+
# Check the response back from the api call to see if
|
|
20
|
+
# we get 'certificate' which is Chef 10 or just
|
|
21
|
+
# 'public_key' which is Chef 11
|
|
22
|
+
unless client.is_a?(Chef::ApiClient)
|
|
23
|
+
name = client['name']
|
|
24
|
+
certificate = client['certificate']
|
|
25
|
+
client = Chef::ApiClient.new
|
|
26
|
+
client.name name
|
|
27
|
+
client.admin false
|
|
28
|
+
|
|
29
|
+
cert_der = OpenSSL::X509::Certificate.new certificate
|
|
30
|
+
|
|
31
|
+
client.public_key cert_der.public_key.to_s
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
public_key = OpenSSL::PKey::RSA.new client.public_key
|
|
35
|
+
|
|
36
|
+
public_key
|
|
37
|
+
end
|
|
15
38
|
end
|
|
16
39
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: chef-vault
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.2.0
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2013-04-
|
|
12
|
+
date: 2013-04-17 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: chef
|