chef-vault 1.2.5 → 2.0.1.pre

data/lib/{chef-vault/chef/offline.rb → chef/knife/mixin/compat.rb}

@@ -1,4 +1,4 @@
-# Description: ChefVault::ChefOffline class
+# Description: ChefVault::Mixin::KnifeCompat module
 # Copyright 2013, Nordstrom, Inc.
 
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -13,17 +13,21 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-class ChefVault
-  class ChefOffline
-    attr_accessor :config_file
-
-    def initialize(config_file)
-      @config_file = config_file
-    end
+# Make a wraper to chef10/11 "shef/shell" changes 
 
-    def connect
-      require 'chef'
-      ::Chef::Config.from_file(@config_file)
+class ChefVault
+  module Mixin
+    module KnifeCompat
+      require 'chef/version'
+      def extend_context_object(obj)
+        if Chef::VERSION.to_i >= 11 
+          require "chef/shell/ext"
+          Shell::Extensions.extend_context_object(obj)
+        else 
+          require 'chef/shef/ext'
+          Shef::Extensions.extend_context_object(obj)
+        end
+      end
     end
   end
 end

data/lib/chef/knife/mixin/helper.rb

@@ -0,0 +1,50 @@
+# Description: ChefVault::Mixin::Mode module
+# Copyright 2013, Nordstrom, Inc.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+class ChefVault
+  module Mixin
+    module Helper
+      def set_mode(mode)
+        if mode == "client"
+          Chef::Config[:solo] = false
+        else
+          Chef::Config[:solo] = true
+        end
+      end
+
+      def merge_values(json, file)
+        values = {}
+        values.merge!(values_from_file(file)) if file
+        values.merge!(values_from_json(json)) if json
+        
+        values
+      end
+
+      def values_from_file(file)
+        json = File.open(file){ |file| file.read() }
+
+        values_from_json(json)
+      end
+
+      def values_from_json(json)
+        begin
+          JSON.parse(json)
+        rescue JSON::ParserError
+          raise JSON::ParserError, "#{json} is not valid JSON!"
+        end
+      end
+    end
+  end
+end

data/spec/chef-vault_spec.rb

@@ -1,9 +1,8 @@
 require 'spec_helper'
 
 describe ChefVault do
-
   describe '#new' do
-    context 'with only a data bag parameter specified' do
+    context 'with only a vault parameter specified' do
       before(:each) do
         @vault = ChefVault.new('foo')
       end
@@ -12,26 +11,27 @@ describe ChefVault do
         expect(@vault).to be_an_instance_of ChefVault
       end
 
-      it 'correctly assigns the data_bag instance var' do
-        expect(@vault.data_bag).to eq 'foo'
-      end
-
-      it 'defaults to nil for the chef_config_file' do
-        expect(@vault.chef_config_file).to be_nil
+      it 'sets vault to foo' do
+        expect(@vault.vault).to eq "foo"
       end
     end
 
-    context 'with data_bag and chef_config_file parameters specified' do
+    context 'with a vault and config file parameter specified' do
       before(:each) do
-        @vault = ChefVault.new('foo', '~/chef-repo/.chef/knife.rb')
+        IO.stub(:read).with('knife.rb').and_return("node_name 'bar'")
+        @vault = ChefVault.new('foo', 'knife.rb')
+      end
+
+      it 'is an instance of ChefVault' do
+        expect(@vault).to be_an_instance_of ChefVault
       end
 
-      it 'correctly assigns the data_bag instance var' do
-        expect(@vault.data_bag).to eq 'foo'
+      it 'sets vault to foo' do
+        expect(@vault.vault).to eq "foo"
       end
 
-      it 'correctly assigns the chef_config_file var' do
-        expect(@vault.chef_config_file).to eq '~/chef-repo/.chef/knife.rb'
+      it 'sets Chef::Config[:node_name] to bar' do
+        expect(Chef::Config[:node_name]).to eq "bar"
       end
     end
   end
@@ -43,25 +43,14 @@ describe ChefVault do
     end
   end
 
-  describe '#user' do
-    before(:each) do
-      @vault = ChefVault.new('foo')
-      @user = @vault.user('mysql')
-    end
-
-    it 'is an instance of ChefVault::User' do
-      expect(@user).to be_an_instance_of ChefVault::User
-    end
-  end
-
-  describe '#certificate' do
+  describe '#self.load_config' do
     before(:each) do
-      @vault = ChefVault.new('certs')
-      @cert = @vault.certificate('my_ssl_cert')
+      IO.stub(:read).with('knife.rb').and_return("node_name 'bar'")
+      ChefVault.load_config("knife.rb")
     end
 
-    it 'is an instance of ChefVault::Certificate' do
-      expect(@cert).to be_an_instance_of ChefVault::Certificate
+    it "sets Chef::Config[:node_name] to bar" do
+      expect(Chef::Config[:node_name]).to eq "bar"
     end
   end
 end

data/spec/item_keys_spec.rb

@@ -0,0 +1,29 @@
+require 'spec_helper'
+
+describe ChefVault::ItemKeys do
+  describe '#new' do
+    before(:each) do
+      @keys = ChefVault::ItemKeys.new("foo", "bar")
+    end
+
+    it 'is an instance of ChefVault::ItemKeys' do
+      expect(@keys).to be_an_instance_of ChefVault::ItemKeys
+    end
+
+    it 'sets data_bag to foo' do
+      expect(@keys.data_bag).to eq "foo"
+    end
+
+    it 'sets keys["id"] to bar' do
+      expect(@keys["id"]).to eq "bar"
+    end
+
+    it 'sets keys["admins"] to []' do
+      expect(@keys["admins"]).to eq []
+    end
+
+    it 'sets keys["clients"] to []' do
+      expect(@keys["clients"]).to eq []
+    end
+  end
+end

data/spec/item_spec.rb

@@ -0,0 +1,33 @@
+require 'spec_helper'
+
+describe ChefVault::Item do
+  describe '#new' do
+    before(:each) do
+      @item = ChefVault::Item.new("foo", "bar")
+    end
+
+    it 'is an instance of ChefVault::Item' do
+      expect(@item).to be_an_instance_of ChefVault::Item
+    end
+
+    it 'sets data_bag to foo' do
+      expect(@item.data_bag).to eq "foo"
+    end
+
+    it 'sets item["id"] to bar' do
+      expect(@item["id"]).to eq "bar"
+    end
+
+    it 'sets item.keys to ChefVault::ItemKeys' do
+      expect(@item.keys).to be_an_instance_of ChefVault::ItemKeys
+    end
+
+    it 'sets item.keys.data_bag to foo' do
+      expect(@item.keys.data_bag).to eq "foo"
+    end
+
+    it 'sets item.keys["id"] to bar_keys' do
+      expect(@item.keys["id"]).to eq "bar_keys"
+    end
+  end
+end

metadata

@@ -1,20 +1,18 @@
 --- !ruby/object:Gem::Specification
 name: chef-vault
 version: !ruby/object:Gem::Version
-  version: 1.2.5
-  prerelease: 
+  version: 2.0.1.pre
 platform: ruby
 authors:
 - Kevin Moser
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-07-22 00:00:00.000000000 Z
+date: 2013-08-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -22,7 +20,6 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -30,7 +27,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -38,7 +34,6 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -46,7 +41,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -54,7 +48,6 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -73,6 +66,7 @@ files:
 - CONTRIBUTING.md
 - Changelog.md
 - Gemfile
+- KNIFE_EXAMPLES.md
 - LICENSE
 - README.md
 - Rakefile
@@ -80,39 +74,47 @@ files:
 - chef-vault.gemspec
 - lib/chef-vault.rb
 - lib/chef-vault/certificate.rb
-- lib/chef-vault/chef/offline.rb
+- lib/chef-vault/chef_patch/api_client.rb
+- lib/chef-vault/chef_patch/user.rb
+- lib/chef-vault/exceptions.rb
+- lib/chef-vault/item.rb
+- lib/chef-vault/item_keys.rb
 - lib/chef-vault/user.rb
 - lib/chef-vault/version.rb
-- lib/chef/knife/DecryptCert.rb
-- lib/chef/knife/DecryptPassword.rb
-- lib/chef/knife/EncryptCert.rb
-- lib/chef/knife/EncryptPassword.rb
-- lib/chef/knife/compat.rb
+- lib/chef/knife/Decrypt.rb
+- lib/chef/knife/encrypt_create.rb
+- lib/chef/knife/encrypt_delete.rb
+- lib/chef/knife/encrypt_remove.rb
+- lib/chef/knife/encrypt_rotate_keys.rb
+- lib/chef/knife/encrypt_update.rb
+- lib/chef/knife/mixin/compat.rb
+- lib/chef/knife/mixin/helper.rb
 - spec/chef-vault_spec.rb
+- spec/item_keys_spec.rb
+- spec/item_spec.rb
 - spec/spec_helper.rb
 homepage: 
 licenses:
 - Apache License, v2.0
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ! '>'
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.24
+rubygems_version: 2.0.7
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: Data encryption support for chef using data bags
 test_files: []

data/lib/chef/knife/DecryptCert.rb

@@ -1,59 +0,0 @@
-# Description: Chef-Vault DecryptCert class
-# Copyright 2013, Nordstrom, Inc.
-
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-
-#     http://www.apache.org/licenses/LICENSE-2.0
-
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-require 'chef/knife'
-
-class DecryptCert < Chef::Knife
-  deps do
-    require 'chef/search/query'
-    require 'json'
-    require File.expand_path('../compat', __FILE__)
-    include ChefVault::Compat
-  end
-
-  banner "knife decrypt cert --name NAME"
-
-  option :name,
-    :short => '-N NAME',
-    :long => '--name NAME',
-    :description => 'Certificate data bag name'
-
-  def run
-    unless config[:name]
-      puts("You must supply a certificate to decrypt")
-      exit 1
-    end
-    extend_context_object(self)
-
-    data_bag = "certs"
-    data_bag_path = "./data_bags/#{data_bag}"
-
-    name = config[:name].gsub(".", "_")
-
-    user_private_key = OpenSSL::PKey::RSA.new(open(Chef::Config[:client_key]).read())
-    key = JSON.parse(IO.read("#{data_bag_path}/#{name}_keys.json"))
-    unless key[Chef::Config[:node_name]]
-      puts("Can't find a key for #{Chef::Config[:node_name]}...  You can't decrypt!")
-      exit 1
-    end
-
-    data_bag_shared_key = user_private_key.private_decrypt(Base64.decode64(key[Chef::Config[:node_name]]))
-
-    certificate = JSON.parse(open("#{data_bag_path}/#{name}.json").read())
-    certificate = Chef::EncryptedDataBagItem.new certificate, data_bag_shared_key
-
-    puts("certificate:\n#{certificate['contents']}")
-  end
-end

data/lib/chef/knife/DecryptPassword.rb

@@ -1,58 +0,0 @@
-# Description: Chef-Vault DecryptPassword class
-# Copyright 2013, Nordstrom, Inc.
-
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-
-#     http://www.apache.org/licenses/LICENSE-2.0
-
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-require 'chef/knife'
-
-class DecryptPassword < Chef::Knife
-  deps do
-    require 'chef/search/query'
-    require 'json'
-    require File.expand_path('../compat', __FILE__)
-    include ChefVault::Compat
-  end
-
-  banner "knife decrypt password --username USERNAME"
-
-  option :username,
-    :short => '-U USERNAME',
-    :long => '--username USERNAME',
-    :description => 'username of account to encrypt'
-
-  def run
-    unless config[:username]
-      puts("You must supply a username to decrypt")
-      exit 1
-    end
-    extend_context_object(self)
-
-    data_bag_path = "./data_bags/passwords"
-
-    username = config[:username]
-
-    user_private_key = OpenSSL::PKey::RSA.new(open(Chef::Config[:client_key]).read())
-    key = JSON.parse(IO.read("#{data_bag_path}/#{username}_keys.json"))
-    unless key[Chef::Config[:node_name]]
-      puts("Can't find a key for #{Chef::Config[:node_name]}...  You can't decrypt!")
-      exit 1
-    end
-
-    data_bag_shared_key = user_private_key.private_decrypt(Base64.decode64(key[Chef::Config[:node_name]]))
-
-    credential = JSON.parse(open("#{data_bag_path}/#{username}.json").read())
-    credential = Chef::EncryptedDataBagItem.new credential, data_bag_shared_key
-
-    puts("username: #{credential['username']}, password: #{credential['password']}")
-  end
-end