chef-vault 1.1.0 → 1.2.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -7,6 +7,8 @@ Gem that allows you to encrypt passwords & certificates using the public key of
7
7
  a list of chef nodes. This allows only those chef nodes to decrypt the
8
8
  password or certificate.
9
9
 
10
+ This is supported on both Chef 10 and Chef 11 API.
11
+
10
12
  = INSTALLATION:
11
13
 
12
14
  Be sure you are running the latest version Chef. Versions earlier than 0.10.0
@@ -1,4 +1,4 @@
1
1
  class ChefVault
2
- VERSION = "1.1.0"
2
+ VERSION = "1.2.0"
3
3
  MAJOR, MINOR, TINY = VERSION.split('.')
4
4
  end
@@ -81,9 +81,7 @@ class EncryptCert < Chef::Knife
81
81
  puts("INFO: Skipping #{client} as it is already in the data bag...")
82
82
  else
83
83
  puts("INFO: Adding #{client} to public_key array...")
84
- cert_der = api.get("clients/#{client}")['certificate']
85
- cert = OpenSSL::X509::Certificate.new cert_der
86
- keyfob[client]=OpenSSL::PKey::RSA.new cert.public_key
84
+ keyfob[client] = get_client_public_key(client)
87
85
  end
88
86
  rescue Exception => node_error
89
87
  puts("WARNING: Caught exception: #{node_error.message} while processing #{client}, so skipping...")
@@ -79,9 +79,7 @@ class EncryptPassword < Chef::Knife
79
79
  puts("INFO: Skipping #{client} as it is already in the data bag...")
80
80
  else
81
81
  puts("INFO: Adding #{client} to public_key array...")
82
- cert_der = api.get("clients/#{client}")['certificate']
83
- cert = OpenSSL::X509::Certificate.new cert_der
84
- keyfob[client]=OpenSSL::PKey::RSA.new cert.public_key
82
+ keyfob[client] = get_client_public_key(client)
85
83
  end
86
84
  rescue Exception => node_error
87
85
  puts("WARNING: Caught exception: #{node_error.message} while processing #{client}, so skipping...")
@@ -12,5 +12,28 @@ module ChefVault
12
12
  Shef::Extensions.extend_context_object(obj)
13
13
  end
14
14
  end
15
+
16
+ def get_client_public_key(client)
17
+ client = api.get("clients/#{client}")
18
+
19
+ # Check the response back from the api call to see if
20
+ # we get 'certificate' which is Chef 10 or just
21
+ # 'public_key' which is Chef 11
22
+ unless client.is_a?(Chef::ApiClient)
23
+ name = client['name']
24
+ certificate = client['certificate']
25
+ client = Chef::ApiClient.new
26
+ client.name name
27
+ client.admin false
28
+
29
+ cert_der = OpenSSL::X509::Certificate.new certificate
30
+
31
+ client.public_key cert_der.public_key.to_s
32
+ end
33
+
34
+ public_key = OpenSSL::PKey::RSA.new client.public_key
35
+
36
+ public_key
37
+ end
15
38
  end
16
39
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: chef-vault
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.0
4
+ version: 1.2.0
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2013-04-12 00:00:00.000000000 Z
12
+ date: 2013-04-17 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: chef