chef-vault 1.2.3 → 1.2.4

data/.gitignore

@@ -1 +1,2 @@
-*.gem
+*.gem
+Gemfile.lock

data/.travis.yml

@@ -0,0 +1,3 @@
+language: ruby
+rvm:
+  - "1.9.3"

data/Changelog.md

@@ -1,23 +1,30 @@
 ## Unreleased
 
+## v1.2.4 / 2013-07-01
+* Move compat include into the lazy-load deps
+* Modify open file commands in knife commands to avoid file locking on windows
 
-## v1.2.2 / 2012-04-23
+## v1.2.3 / 2013-04-30
+* Update to use attr_accessor in chef_vault
+* Add rspec tests
+
+## v1.2.2 / 2013-04-23
 * Update to create data bag folder if it does not already exist
 
-## v1.2.1 / 2012-04-23
+## v1.2.1 / 2013-04-23
 * Clarify Readme
 
-## v1.0.1 / 2012-04-12
+## v1.0.1 / 2013-04-12
 * Compatibility with Chef 10/11 (Shef vs Chef-Shell)
 
-## v1.0.0 / 2012-04-08
+## v1.0.0 / 2013-04-08
 * Rename from Chef-Keepass to Chef-Vault
 
-## v0.2.1 / 2012-04/05
+## v0.2.1 / 2013-04/05
 * Add Certificate class
 
-## v0.2.0 / 2012-04-05
+## v0.2.0 / 2013-04-05
 * Add encrypt cert
 
-## v0.1.1 / 2012-03-14
+## v0.1.1 / 2013-03-14
 

data/Gemfile

@@ -1,7 +1,3 @@
 source "https://rubygems.org/"
 
 gemspec
-
-group :test do
-  gem 'rspec'
-end

data/README.md

@@ -1,4 +1,7 @@
 # Chef-Vault
+[![Gem Version](https://badge.fury.io/rb/chef-vault.png)](http://badge.fury.io/rb/chef-vault)
+
+[![Build Status](https://travis-ci.org/Nordstrom/chef-vault.png?branch=master)](https://travis-ci.org/Nordstrom/chef-vault)
 
 ## DESCRIPTION:
 

data/chef-vault.gemspec

@@ -28,7 +28,12 @@ Gem::Specification.new do |s|
   s.license          = 'Apache License, v2.0'
 
   s.files            = `git ls-files`.split("\n")
-  s.add_dependency "chef", ">= 0.10.10"
+  s.add_dependency     "chef", ">= 0.10.10"
+
+  # tests
+  s.add_development_dependency 'rake'
+  s.add_development_dependency 'rspec'
+
   s.require_paths    = ["lib"]
 
   s.bindir           = "bin"

data/lib/chef-vault/version.rb

@@ -14,6 +14,6 @@
 # limitations under the License.
 
 class ChefVault
-  VERSION = "1.2.3"
+  VERSION = "1.2.4"
   MAJOR, MINOR, TINY = VERSION.split('.')
 end

data/lib/chef/knife/DecryptCert.rb

@@ -20,15 +20,15 @@ class DecryptCert < Chef::Knife
     require 'chef/search/query'
     require 'json'
     require File.expand_path('../compat', __FILE__)
+    include ChefVault::Compat
   end
-  include ChefVault::Compat
 
   banner "knife decrypt cert --name NAME"
 
   option :name,
     :short => '-N NAME',
     :long => '--name NAME',
-    :description => 'Certificate data bag name' 
+    :description => 'Certificate data bag name'
 
   def run
     unless config[:name]

data/lib/chef/knife/DecryptPassword.rb

@@ -20,15 +20,15 @@ class DecryptPassword < Chef::Knife
     require 'chef/search/query'
     require 'json'
     require File.expand_path('../compat', __FILE__)
+    include ChefVault::Compat
   end
-  include ChefVault::Compat
 
   banner "knife decrypt password --username USERNAME"
 
   option :username,
     :short => '-U USERNAME',
     :long => '--username USERNAME',
-    :description => 'username of account to encrypt' 
+    :description => 'username of account to encrypt'
 
   def run
     unless config[:username]

data/lib/chef/knife/EncryptCert.rb

@@ -19,15 +19,15 @@ class EncryptCert < Chef::Knife
   deps do
     require 'chef/search/query'
     require File.expand_path('../compat', __FILE__)
+    include ChefVault::Compat
   end
-  include ChefVault::Compat
 
   banner "knife encrypt cert --search SEARCH --cert CERT --password PASSWORD --name NAME --admins ADMINS"
 
   option :search,
     :short => '-S SEARCH',
     :long => '--search SEARCH',
-    :description => 'node search for nodes to encrypt to' 
+    :description => 'node search for nodes to encrypt to'
 
   option :cert,
     :short => '-C CERT',
@@ -42,12 +42,12 @@ class EncryptCert < Chef::Knife
   option :password,
     :short => '-P PASSWORD',
     :long => '--password PASSWORD',
-    :description => 'optional pfx password' 
+    :description => 'optional pfx password'
 
   option :name,
     :short => '-N NAME',
     :long => '--name NAME',
-    :description => 'optional data bag name' 
+    :description => 'optional data bag name'
 
   def run
     unless config[:search]
@@ -79,12 +79,12 @@ class EncryptCert < Chef::Knife
     file_to_encrypt = config[:cert]
     contents = open(file_to_encrypt, "rb").read
     name = config[:name] ? config[:name].gsub(".", "_") : File.basename(file_to_encrypt, ".*").gsub(".", "_")
-    
+
     current_dbi = Hash.new
     current_dbi_keys = Hash.new
     if File.exists?("#{data_bag_path}/#{name}_keys.json") && File.exists?("#{data_bag_path}/#{name}.json")
-      current_dbi_keys = JSON.parse(open("#{data_bag_path}/#{name}_keys.json").read())
-      current_dbi = JSON.parse(open("#{data_bag_path}/#{name}.json").read())
+      current_dbi_keys = JSON.parse(File.open("#{data_bag_path}/#{name}_keys.json"){ |file| file.read() })
+      current_dbi = JSON.parse(File.open("#{data_bag_path}/#{name}_keys.json"){ |file| file.read() })
 
       unless equal?(data_bag, name, "contents", contents)
         puts("FATAL: Content in #{data_bag_path}/#{name}.json does not match content in file supplied!")
@@ -109,7 +109,7 @@ class EncryptCert < Chef::Knife
         puts("WARNING: Caught exception: #{node_error.message} while processing #{client}, so skipping...")
       end
     end
-    
+
     # Get the public keys for the admin users, skipping users already in the data bag
     public_keys << admins.split(/[\s,]+/).map do |user|
       begin
@@ -126,7 +126,7 @@ class EncryptCert < Chef::Knife
     end
 
     if public_keys.length == 0
-      puts "A node search for #{node_search} returned no results" 
+      puts "A node search for #{node_search} returned no results"
       exit 1
     end
 
@@ -144,7 +144,7 @@ class EncryptCert < Chef::Knife
     # Delete existing keys data bag and rewrite the whole bag from memory
     puts("INFO: Writing #{data_bag_path}/#{name}_keys.json...")
     File.delete("#{data_bag_path}/#{name}_keys.json") if File.exists?("#{data_bag_path}/#{name}_keys.json")
-    File.open("#{data_bag_path}/#{name}_keys.json",'w').write(JSON.pretty_generate(enc_db_key_dbi))
+    File.open("#{data_bag_path}/#{name}_keys.json",'w'){ |file| file.write(JSON.pretty_generate(enc_db_key_dbi)) }
 
     # If the existing certificate bag does not exist, write it out with the correct certificate
     # Otherwise leave the existing bag alone
@@ -155,7 +155,7 @@ class EncryptCert < Chef::Knife
       edbi = Chef::EncryptedDataBagItem.encrypt_data_bag_item(dbi, data_bag_shared_key)
 
       puts("INFO: Writing #{data_bag_path}/#{name}.json...")
-      open("#{data_bag_path}/#{name}.json",'w').write(JSON.pretty_generate(edbi))
+      File.open("#{data_bag_path}/#{name}.json",'w'){ |file| file.write(JSON.pretty_generate(edbi)) }
     end
 
     puts("INFO: Successfully wrote #{data_bag_path}/#{name}.json & #{data_bag_path}/#{name}_keys.json!")
@@ -165,7 +165,7 @@ class EncryptCert < Chef::Knife
     data_bag_path = "./data_bags/#{db}"
 
     shared_secret = get_shared_secret(db, dbi)
-    dbi = JSON.parse(open("#{data_bag_path}/#{dbi}.json").read())
+    dbi = JSON.parse(File.open("#{data_bag_path}/#{dbi}.json") { |file| file.read() })
     dbi = Chef::EncryptedDataBagItem.new dbi, shared_secret
 
     dbi[key] == value
@@ -175,7 +175,7 @@ class EncryptCert < Chef::Knife
     data_bag_path = "./data_bags/#{db}"
 
     private_key = OpenSSL::PKey::RSA.new(open(Chef::Config[:client_key]).read())
-    key = File.exists?("#{data_bag_path}/#{dbi}_keys.json") ? JSON.parse(open("#{data_bag_path}/#{dbi}_keys.json").read()) : nil
+    key = File.exists?("#{data_bag_path}/#{dbi}_keys.json") ? JSON.parse(File.open("#{data_bag_path}/#{dbi}_keys.json"){ |file| file.read() }) : nil
     
     begin      
       private_key.private_decrypt(Base64.decode64(key[Chef::Config[:node_name]]))

data/lib/chef/knife/EncryptPassword.rb

@@ -19,20 +19,20 @@ class EncryptPassword < Chef::Knife
   deps do
     require 'chef/search/query'
     require File.expand_path('../compat', __FILE__)
+    include ChefVault::Compat
   end
-  include ChefVault::Compat
 
   banner "knife encrypt password --search SEARCH --username USERNAME --password PASSWORD --admins ADMINS"
 
   option :search,
     :short => '-S SEARCH',
     :long => '--search SEARCH',
-    :description => 'node search for nodes to encrypt for' 
+    :description => 'node search for nodes to encrypt for'
 
   option :username,
     :short => '-U USERNAME',
     :long => '--username USERNAME',
-    :description => 'username of account to encrypt' 
+    :description => 'username of account to encrypt'
 
   option :password,
     :short => '-P PASSWORD',
@@ -61,7 +61,7 @@ class EncryptPassword < Chef::Knife
       puts("You must supply either -A or --admins")
       exit 1
     end
-  
+
     extend_context_object(self)
 
     data_bag = "passwords"
@@ -81,8 +81,8 @@ class EncryptPassword < Chef::Knife
     current_dbi = Hash.new
     current_dbi_keys = Hash.new
     if File.exists?("#{data_bag_path}/#{username}_keys.json") && File.exists?("#{data_bag_path}/#{username}.json")
-      current_dbi_keys = JSON.parse(open("#{data_bag_path}/#{username}_keys.json").read())
-      current_dbi = JSON.parse(open("#{data_bag_path}/#{username}.json").read())
+      current_dbi_keys = JSON.parse(File.open("#{data_bag_path}/#{username}_keys.json"){ |file| file.read() })
+      current_dbi = JSON.parse(File.open("#{data_bag_path}/#{username}.json"){ |file| file.read() })
 
       unless equal?(data_bag, username, "password", password)
         puts("FATAL: Password in #{data_bag_path}/#{username}.json does not match password supplied!")
@@ -107,7 +107,7 @@ class EncryptPassword < Chef::Knife
         puts("WARNING: Caught exception: #{node_error.message} while processing #{client}, so skipping...")
       end
     end
-    
+
     # Get the public keys for the admin users, skipping users already in the data bag
     public_keys << admins.split(/[\s,]+/).map do |user|
       begin
@@ -124,7 +124,7 @@ class EncryptPassword < Chef::Knife
     end
 
     if public_keys.length == 0
-      puts "A node search for #{node_search} returned no results" 
+      puts "A node search for #{node_search} returned no results"
       exit 1
     end
 
@@ -142,7 +142,7 @@ class EncryptPassword < Chef::Knife
     # Delete existing keys data bag and rewrite the whole bag from memory
     puts("INFO: Writing #{data_bag_path}/#{username}_keys.json...")
     File.delete("#{data_bag_path}/#{username}_keys.json") if File.exists?("#{data_bag_path}/#{username}_keys.json")
-    File.open("#{data_bag_path}/#{username}_keys.json",'w').write(JSON.pretty_generate(enc_db_key_dbi))
+    File.open("#{data_bag_path}/#{username}_keys.json",'w'){ |file| file.write(JSON.pretty_generate(enc_db_key_dbi)) }
 
     # If the existing password bag does not exist, write it out with the correct password
     # Otherwise leave the existing bag alone
@@ -152,7 +152,7 @@ class EncryptPassword < Chef::Knife
       edbi = Chef::EncryptedDataBagItem.encrypt_data_bag_item(dbi, data_bag_shared_key)
 
       puts("INFO: Writing #{data_bag_path}/#{username}.json...")
-      open("#{data_bag_path}/#{username}.json",'w').write(JSON.pretty_generate(edbi))
+      File.open("#{data_bag_path}/#{username}.json",'w'){ |file| file.write(JSON.pretty_generate(edbi)) }
     end
 
     puts("INFO: Successfully wrote #{data_bag_path}/#{username}.json & #{data_bag_path}/#{username}_keys.json!")
@@ -172,7 +172,7 @@ class EncryptPassword < Chef::Knife
     data_bag_path = "./data_bags/#{db}"
 
     private_key = OpenSSL::PKey::RSA.new(open(Chef::Config[:client_key]).read())
-    key = File.exists?("#{data_bag_path}/#{dbi}_keys.json") ? JSON.parse(open("#{data_bag_path}/#{dbi}_keys.json").read()) : nil
+    key = File.exists?("#{data_bag_path}/#{dbi}_keys.json") ? JSON.parse(File.open("#{data_bag_path}/#{dbi}_keys.json"){ |file| file.read() }) : nil
     
     begin      
       private_key.private_decrypt(Base64.decode64(key[Chef::Config[:node_name]]))

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: chef-vault
 version: !ruby/object:Gem::Version
-  version: 1.2.3
+  version: 1.2.4
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-04-30 00:00:00.000000000 Z
+date: 2013-07-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef
@@ -27,6 +27,38 @@ dependencies:
     - - ! '>='
       - !ruby/object:Gem::Version
         version: 0.10.10
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Data encryption support for chef using data bags
 email:
 - kevin.moser@nordstrom.com
@@ -37,10 +69,10 @@ extra_rdoc_files: []
 files:
 - .gitignore
 - .rspec
+- .travis.yml
 - CONTRIBUTING.md
 - Changelog.md
 - Gemfile
-- Gemfile.lock
 - LICENSE
 - README.md
 - Rakefile

data/Gemfile.lock

@@ -1,73 +0,0 @@
-GEM
-  remote: https://rubygems.org/
-  specs:
-    bunny (0.7.9)
-    chef (10.16.6)
-      bunny (>= 0.6.0, < 0.8.0)
-      erubis
-      highline (>= 1.6.9)
-      json (>= 1.4.4, <= 1.6.1)
-      mixlib-authentication (>= 1.3.0)
-      mixlib-cli (>= 1.1.0)
-      mixlib-config (>= 1.1.2)
-      mixlib-log (>= 1.3.0)
-      mixlib-shellout
-      moneta (< 0.7.0)
-      net-ssh (~> 2.2.2)
-      net-ssh-multi (~> 1.1.0)
-      ohai (>= 0.6.0)
-      rest-client (>= 1.0.4, < 1.7.0)
-      treetop (~> 1.4.9)
-      uuidtools
-      yajl-ruby (~> 1.1)
-    diff-lcs (1.2.4)
-    erubis (2.7.0)
-    highline (1.6.18)
-    ipaddress (0.8.0)
-    json (1.6.1)
-    mime-types (1.23)
-    mixlib-authentication (1.3.0)
-      mixlib-log
-    mixlib-cli (1.3.0)
-    mixlib-config (1.1.2)
-    mixlib-log (1.6.0)
-    mixlib-shellout (1.1.0)
-    moneta (0.6.0)
-    net-ssh (2.2.2)
-    net-ssh-gateway (1.1.0)
-      net-ssh (>= 1.99.1)
-    net-ssh-multi (1.1)
-      net-ssh (>= 2.1.4)
-      net-ssh-gateway (>= 0.99.0)
-    ohai (6.16.0)
-      ipaddress
-      mixlib-cli
-      mixlib-config
-      mixlib-log
-      mixlib-shellout
-      systemu
-      yajl-ruby
-    polyglot (0.3.3)
-    rest-client (1.6.7)
-      mime-types (>= 1.16)
-    rspec (2.13.0)
-      rspec-core (~> 2.13.0)
-      rspec-expectations (~> 2.13.0)
-      rspec-mocks (~> 2.13.0)
-    rspec-core (2.13.1)
-    rspec-expectations (2.13.0)
-      diff-lcs (>= 1.1.3, < 2.0)
-    rspec-mocks (2.13.1)
-    systemu (2.5.2)
-    treetop (1.4.12)
-      polyglot
-      polyglot (>= 0.3.1)
-    uuidtools (2.1.3)
-    yajl-ruby (1.1.0)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  chef
-  rspec