chef-vault 2.0.2 → 2.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +8 -8
- data/Changelog.md +7 -2
- data/KNIFE_EXAMPLES.md +15 -3
- data/README.md +25 -10
- data/bin/chef-vault +1 -1
- data/lib/chef-vault/item.rb +43 -22
- data/lib/chef-vault/version.rb +1 -1
- data/lib/chef/knife/Decrypt.rb +16 -9
- data/lib/chef/knife/encrypt_create.rb +16 -6
- data/lib/chef/knife/encrypt_delete.rb +4 -4
- data/lib/chef/knife/encrypt_remove.rb +4 -4
- data/lib/chef/knife/encrypt_rotate_keys.rb +3 -3
- data/lib/chef/knife/encrypt_update.rb +15 -5
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,15 +1,15 @@
|
|
|
1
1
|
---
|
|
2
2
|
!binary "U0hBMQ==":
|
|
3
3
|
metadata.gz: !binary |-
|
|
4
|
-
|
|
4
|
+
MzRiMDI2MTkzOTA2MzcxOTRmNWY0OWNjYmZlZjIzNjYyMDE0ZTdmMw==
|
|
5
5
|
data.tar.gz: !binary |-
|
|
6
|
-
|
|
6
|
+
YzllYTQ2OGQyYzcyYjFjOTE4NWYyNTlhOTEyMGNiZDBmOTFmYTMyZA==
|
|
7
7
|
!binary "U0hBNTEy":
|
|
8
8
|
metadata.gz: !binary |-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
9
|
+
ZGM0NmM5Mzg2OTc1MmNlMzA1ZWQyZDY3N2VhYzViNGIzZTNiMjc3NmRhNDNm
|
|
10
|
+
ODM2M2NhMmExMDljMjc2ODIzMWM3NGJiNzZlODc3MTFjNWE5ZGYxNDQwNWZi
|
|
11
|
+
NGNhOWM4ZGRjN2JmMTYyYTVjYzJlNmZiZmY1ODI4MmU1NzI1Zjk=
|
|
12
12
|
data.tar.gz: !binary |-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
13
|
+
YzE2MjY4MzY0N2U5ZjE3NzQ0NmY4YjMyM2Y4ZDI3Yjc5MDVhYTNmYWIwNzU4
|
|
14
|
+
NWIzOGUwNjMzMmE5NTEyOTk3Mzc2MmRhNjIzN2FjODM4Yzg2ODQ2ZDIwNDlj
|
|
15
|
+
NjIzNTdhN2E4MDQ0NDQ3MjE1NWU3MWQwODcxMGVlYzAxMDk0NTk=
|
data/Changelog.md
CHANGED
|
@@ -1,8 +1,13 @@
|
|
|
1
|
-
## Unreleased
|
|
2
|
-
|
|
1
|
+
## Planned (Unreleased)
|
|
3
2
|
|
|
4
3
|
## Released
|
|
5
4
|
|
|
5
|
+
## v2.1.0 / 2013-12-23
|
|
6
|
+
* Update README to correct typos
|
|
7
|
+
* Modify admin loading to fall back to clients endpoint if not found in users endpoint
|
|
8
|
+
* Add --file to "knife encrypt update" & "knife encrypt create" to do file encryption in chef-vault. It will create a key called "file-content" & "file-name"
|
|
9
|
+
* When VALUES is not supplied print the whole vault item
|
|
10
|
+
|
|
6
11
|
## v2.0.2 / 2013-09-10
|
|
7
12
|
* Modify written data bag json files in solo mode to be valid for the knife data bag from file command
|
|
8
13
|
* Modify knife encrypt remove to automatically rotate keys
|
data/KNIFE_EXAMPLES.md
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
# knife examples
|
|
2
2
|
|
|
3
3
|
## encrypt
|
|
4
|
-
knife encrypt [create|update|remove|delete]
|
|
4
|
+
knife encrypt [create|update|remove|delete] VAULT ITEM VALUES
|
|
5
5
|
|
|
6
6
|
These are the commands that are used to take data in json format and encrypt that data into chef-vault style encrypted data bags in chef.
|
|
7
7
|
|
|
@@ -20,7 +20,7 @@ Creat a vault called passwords and put an item called root in it with the given
|
|
|
20
20
|
|
|
21
21
|
Creat a vault called passwords and put an item called root in it with the given values for username and password encrypted for admins admin1 & admin2
|
|
22
22
|
|
|
23
|
-
knife encrypt create passwords root "{username: 'root', password: 'mypassword'}" -A "admin1,admin2"
|
|
23
|
+
knife encrypt create passwords root "{username: 'root', password: 'mypassword'}" -A "admin1,admin2"
|
|
24
24
|
|
|
25
25
|
Note: A JSON file can be used in place of specifying the values on the command line, see global options below for details
|
|
26
26
|
|
|
@@ -134,7 +134,7 @@ Rotate the shared key for the vault passwords and item root. The shared key is
|
|
|
134
134
|
</table>
|
|
135
135
|
|
|
136
136
|
## decrypt
|
|
137
|
-
knife decrypt
|
|
137
|
+
knife decrypt VAULT ITEM [VALUES]
|
|
138
138
|
|
|
139
139
|
These are the commands that are used to take a chef-vault encrypted item and decrypt the requested values.
|
|
140
140
|
|
|
@@ -142,6 +142,11 @@ These are the commands that are used to take a chef-vault encrypted item and dec
|
|
|
142
142
|
* Item - The name of the item going in to the vault. This is analogous to a chef data bag item id
|
|
143
143
|
* Values - This is a comma list of values to decrypt from the vault item. This is analogous to a list of hash keys.
|
|
144
144
|
|
|
145
|
+
Decrypt the entire root item in the passwords vault and print in json
|
|
146
|
+
format.
|
|
147
|
+
|
|
148
|
+
knife decrypt passwords root -Fjson
|
|
149
|
+
|
|
145
150
|
Decrypt the username and password for the item root in the vault passwords.
|
|
146
151
|
|
|
147
152
|
knife decrypt passwords root "username, password"
|
|
@@ -166,4 +171,11 @@ Decrypt the contents for the item user_pem in the vault certs.
|
|
|
166
171
|
<td>solo</td>
|
|
167
172
|
<td>"solo", "client"</td>
|
|
168
173
|
</tr>
|
|
174
|
+
<tr>
|
|
175
|
+
<td>-F FORMAT</td>
|
|
176
|
+
<td>--format FORMAT</td>
|
|
177
|
+
<td>Format for output</td>
|
|
178
|
+
<td>summary</td>
|
|
179
|
+
<td>"summary", "json", "yaml", "pp"</td>
|
|
180
|
+
</tr>
|
|
169
181
|
</table>
|
data/README.md
CHANGED
|
@@ -22,15 +22,15 @@ Depending on your system's configuration, you may need to run this command with
|
|
|
22
22
|
## KNIFE COMMANDS:
|
|
23
23
|
See KNIFE_EXAMPLES.md for examples of commands
|
|
24
24
|
|
|
25
|
-
NOTE: chef-vault 1.0 knife commands are not
|
|
25
|
+
NOTE: chef-vault 1.0 knife commands are not supported! Please use chef-vault 2.0 commands.
|
|
26
26
|
|
|
27
27
|
### Encrypt
|
|
28
28
|
|
|
29
|
-
knife encrypt create
|
|
30
|
-
knife encrypt update
|
|
31
|
-
knife encrypt remove
|
|
32
|
-
knife encrypt delete
|
|
33
|
-
knife encrypt rotate keys
|
|
29
|
+
knife encrypt create VAULT ITEM VALUES
|
|
30
|
+
knife encrypt update VAULT ITEM VALUES
|
|
31
|
+
knife encrypt remove VAULT ITEM VALUES
|
|
32
|
+
knife encrypt delete VAULT ITEM
|
|
33
|
+
knife encrypt rotate keys VAULT ITEM
|
|
34
34
|
|
|
35
35
|
<i>Global Options:</i>
|
|
36
36
|
<table>
|
|
@@ -69,11 +69,17 @@ NOTE: chef-vault 1.0 knife commands are not support! Please use chef-vault 2.0
|
|
|
69
69
|
<td>nil</td>
|
|
70
70
|
<td></td>
|
|
71
71
|
</tr>
|
|
72
|
+
<tr>
|
|
73
|
+
<td>nil</td>
|
|
74
|
+
<td>--file FILE</td>
|
|
75
|
+
<td>File that chef-vault should encrypt. It adds "file-content" & "file-name" keys to the vault item. This is only valid in create & update</td>
|
|
76
|
+
<td>nil</td>
|
|
77
|
+
<td></td>
|
|
72
78
|
</table>
|
|
73
79
|
|
|
74
80
|
### Decrypt
|
|
75
81
|
|
|
76
|
-
knife decrypt
|
|
82
|
+
knife decrypt VAULT ITEM [VALUES]
|
|
77
83
|
|
|
78
84
|
<i>Global Options:</i>
|
|
79
85
|
<table>
|
|
@@ -91,6 +97,13 @@ NOTE: chef-vault 1.0 knife commands are not support! Please use chef-vault 2.0
|
|
|
91
97
|
<td>solo</td>
|
|
92
98
|
<td>"solo", "client"</td>
|
|
93
99
|
</tr>
|
|
100
|
+
<tr>
|
|
101
|
+
<td>-F FORMAT</td>
|
|
102
|
+
<td>--format FORMAT</td>
|
|
103
|
+
<td>Format for output</td>
|
|
104
|
+
<td>summary</td>
|
|
105
|
+
<td>"summary", "json", "yaml", "pp"</td>
|
|
106
|
+
</tr>
|
|
94
107
|
</table>
|
|
95
108
|
|
|
96
109
|
## USAGE IN RECIPES
|
|
@@ -124,9 +137,11 @@ Do `chef-vault --help` for all available options
|
|
|
124
137
|
|
|
125
138
|
## License and Author:
|
|
126
139
|
|
|
127
|
-
Author:: Kevin Moser
|
|
128
|
-
|
|
129
|
-
|
|
140
|
+
Author:: Kevin Moser - @moserke<br>
|
|
141
|
+
Author:: Eli Klein - @eliklein<br>
|
|
142
|
+
Author:: Joshua Timberman - @jtimberman<br>
|
|
143
|
+
Copyright:: Copyright (c) 2013 Nordstrom, Inc.<br>
|
|
144
|
+
License:: Apache License, Version 2.0
|
|
130
145
|
|
|
131
146
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
132
147
|
you may not use this file except in compliance with the License.
|
data/bin/chef-vault
CHANGED
data/lib/chef-vault/item.rb
CHANGED
|
@@ -14,6 +14,8 @@
|
|
|
14
14
|
# See the License for the specific language governing permissions and
|
|
15
15
|
# limitations under the License.
|
|
16
16
|
|
|
17
|
+
require 'securerandom'
|
|
18
|
+
|
|
17
19
|
class ChefVault::Item < Chef::DataBagItem
|
|
18
20
|
attr_accessor :keys
|
|
19
21
|
attr_accessor :encrypted_data_bag_item
|
|
@@ -42,16 +44,7 @@ class ChefVault::Item < Chef::DataBagItem
|
|
|
42
44
|
|
|
43
45
|
case action
|
|
44
46
|
when :add
|
|
45
|
-
|
|
46
|
-
keys.add(ChefVault::ChefPatch::ApiClient.load(node.name), @secret, "clients")
|
|
47
|
-
rescue Net::HTTPServerException => http_error
|
|
48
|
-
if http_error.response.code == "404"
|
|
49
|
-
raise ChefVault::Exceptions::ClientNotFound,
|
|
50
|
-
"#{node.name} is not a valid chef client and/or node"
|
|
51
|
-
else
|
|
52
|
-
raise http_error
|
|
53
|
-
end
|
|
54
|
-
end
|
|
47
|
+
keys.add(load_client(node.name), @secret, "clients")
|
|
55
48
|
when :delete
|
|
56
49
|
keys.delete(node.name, "clients")
|
|
57
50
|
else
|
|
@@ -75,16 +68,7 @@ class ChefVault::Item < Chef::DataBagItem
|
|
|
75
68
|
admin.strip!
|
|
76
69
|
case action
|
|
77
70
|
when :add
|
|
78
|
-
|
|
79
|
-
keys.add(ChefVault::ChefPatch::User.load(admin), @secret, "admins")
|
|
80
|
-
rescue Net::HTTPServerException => http_error
|
|
81
|
-
if http_error.response.code == "404"
|
|
82
|
-
raise ChefVault::Exceptions::AdminNotFound,
|
|
83
|
-
"#{admin} is not a valid chef admin"
|
|
84
|
-
else
|
|
85
|
-
raise http_error
|
|
86
|
-
end
|
|
87
|
-
end
|
|
71
|
+
keys.add(load_admin(admin), @secret, "admins")
|
|
88
72
|
when :delete
|
|
89
73
|
keys.delete(admin, "admins")
|
|
90
74
|
else
|
|
@@ -131,8 +115,10 @@ class ChefVault::Item < Chef::DataBagItem
|
|
|
131
115
|
reload_raw_data
|
|
132
116
|
end
|
|
133
117
|
|
|
134
|
-
def generate_secret
|
|
135
|
-
|
|
118
|
+
def generate_secret(key_size=32)
|
|
119
|
+
# Defaults to 32 bytes, as this is the size that a Chef
|
|
120
|
+
# Encrypted Data Bag Item will digest all secrets down to anyway
|
|
121
|
+
SecureRandom.random_bytes(key_size)
|
|
136
122
|
end
|
|
137
123
|
|
|
138
124
|
def []=(key, value)
|
|
@@ -240,4 +226,39 @@ class ChefVault::Item < Chef::DataBagItem
|
|
|
240
226
|
|
|
241
227
|
@raw_data
|
|
242
228
|
end
|
|
229
|
+
|
|
230
|
+
def load_admin(admin)
|
|
231
|
+
begin
|
|
232
|
+
admin = ChefVault::ChefPatch::User.load(admin)
|
|
233
|
+
rescue Net::HTTPServerException => http_error
|
|
234
|
+
if http_error.response.code == "404"
|
|
235
|
+
begin
|
|
236
|
+
puts "WARNING: #{admin} not found in users, trying clients."
|
|
237
|
+
admin = load_client(admin)
|
|
238
|
+
rescue ChefVault::Exceptions::ClientNotFound
|
|
239
|
+
raise ChefVault::Exceptions::AdminNotFound,
|
|
240
|
+
"FATAL: Could not find #{admin} in users or clients!"
|
|
241
|
+
end
|
|
242
|
+
else
|
|
243
|
+
raise http_error
|
|
244
|
+
end
|
|
245
|
+
end
|
|
246
|
+
|
|
247
|
+
admin
|
|
248
|
+
end
|
|
249
|
+
|
|
250
|
+
def load_client(client)
|
|
251
|
+
begin
|
|
252
|
+
client = ChefVault::ChefPatch::ApiClient.load(client)
|
|
253
|
+
rescue Net::HTTPServerException => http_error
|
|
254
|
+
if http_error.response.code == "404"
|
|
255
|
+
raise ChefVault::Exceptions::ClientNotFound,
|
|
256
|
+
"#{client} is not a valid chef client and/or node"
|
|
257
|
+
else
|
|
258
|
+
raise http_error
|
|
259
|
+
end
|
|
260
|
+
end
|
|
261
|
+
|
|
262
|
+
client
|
|
263
|
+
end
|
|
243
264
|
end
|
data/lib/chef-vault/version.rb
CHANGED
data/lib/chef/knife/Decrypt.rb
CHANGED
|
@@ -25,19 +25,19 @@ class Decrypt < Chef::Knife
|
|
|
25
25
|
include ChefVault::Mixin::Helper
|
|
26
26
|
end
|
|
27
27
|
|
|
28
|
-
banner "knife decrypt
|
|
28
|
+
banner "knife decrypt VAULT ITEM [VALUES] --mode MODE"
|
|
29
29
|
|
|
30
30
|
option :mode,
|
|
31
31
|
:short => '-M MODE',
|
|
32
32
|
:long => '--mode MODE',
|
|
33
|
-
:description => 'Chef mode to run in default - solo'
|
|
33
|
+
:description => 'Chef mode to run in default - solo'
|
|
34
34
|
|
|
35
35
|
def run
|
|
36
36
|
vault = @name_args[0]
|
|
37
37
|
item = @name_args[1]
|
|
38
38
|
values = @name_args[2]
|
|
39
39
|
|
|
40
|
-
if vault && item
|
|
40
|
+
if vault && item
|
|
41
41
|
set_mode(config[:mode])
|
|
42
42
|
|
|
43
43
|
print_values(vault, item, values)
|
|
@@ -52,13 +52,20 @@ class Decrypt < Chef::Knife
|
|
|
52
52
|
end
|
|
53
53
|
|
|
54
54
|
def print_values(vault, item, values)
|
|
55
|
-
vault_item = ChefVault::Item.load(vault, item)
|
|
55
|
+
vault_item = ChefVault::Item.load(vault, item).raw_data
|
|
56
56
|
|
|
57
|
-
|
|
57
|
+
if values
|
|
58
|
+
included_values = %W( id )
|
|
58
59
|
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
60
|
+
values.split(",").each do |value|
|
|
61
|
+
value.strip! # remove white space
|
|
62
|
+
included_values << value
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
output(Hash[vault_item.find_all{|k,v| included_values.include?(k)}])
|
|
66
|
+
else
|
|
67
|
+
output(vault_item)
|
|
62
68
|
end
|
|
63
|
-
end
|
|
69
|
+
end
|
|
64
70
|
end
|
|
71
|
+
|
|
@@ -25,8 +25,8 @@ class EncryptCreate < Chef::Knife
|
|
|
25
25
|
include ChefVault::Mixin::Helper
|
|
26
26
|
end
|
|
27
27
|
|
|
28
|
-
banner "knife encrypt create
|
|
29
|
-
"--mode MODE --search SEARCH --admins ADMINS --json FILE"
|
|
28
|
+
banner "knife encrypt create VAULT ITEM VALUES "\
|
|
29
|
+
"--mode MODE --search SEARCH --admins ADMINS --json FILE --file FILE"
|
|
30
30
|
|
|
31
31
|
option :mode,
|
|
32
32
|
:short => '-M MODE',
|
|
@@ -48,6 +48,10 @@ class EncryptCreate < Chef::Knife
|
|
|
48
48
|
:long => '--json FILE',
|
|
49
49
|
:description => 'File containing JSON data to encrypt'
|
|
50
50
|
|
|
51
|
+
option :file,
|
|
52
|
+
:long => '--file FILE',
|
|
53
|
+
:description => 'File to be added to vault item as file-content'
|
|
54
|
+
|
|
51
55
|
def run
|
|
52
56
|
vault = @name_args[0]
|
|
53
57
|
item = @name_args[1]
|
|
@@ -55,10 +59,11 @@ class EncryptCreate < Chef::Knife
|
|
|
55
59
|
search = config[:search]
|
|
56
60
|
admins = config[:admins]
|
|
57
61
|
json_file = config[:json]
|
|
62
|
+
file = config[:file]
|
|
58
63
|
|
|
59
64
|
set_mode(config[:mode])
|
|
60
65
|
|
|
61
|
-
if vault && item && (values || json_file) && (search || admins)
|
|
66
|
+
if vault && item && (values || json_file || file) && (search || admins)
|
|
62
67
|
begin
|
|
63
68
|
vault_item = ChefVault::Item.load(vault, item)
|
|
64
69
|
raise ChefVault::Exceptions::ItemAlreadyExists,
|
|
@@ -68,10 +73,15 @@ class EncryptCreate < Chef::Knife
|
|
|
68
73
|
rescue ChefVault::Exceptions::KeysNotFound,
|
|
69
74
|
ChefVault::Exceptions::ItemNotFound
|
|
70
75
|
vault_item = ChefVault::Item.new(vault, item)
|
|
71
|
-
|
|
76
|
+
|
|
72
77
|
merge_values(values, json_file).each do |key, value|
|
|
73
78
|
vault_item[key] = value
|
|
74
|
-
end
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
if file
|
|
82
|
+
vault_item["file-name"] = File.basename(file)
|
|
83
|
+
vault_item["file-content"] = File.open(file){ |file| file.read() }
|
|
84
|
+
end
|
|
75
85
|
|
|
76
86
|
vault_item.clients(search) if search
|
|
77
87
|
vault_item.admins(admins) if admins
|
|
@@ -88,4 +98,4 @@ class EncryptCreate < Chef::Knife
|
|
|
88
98
|
exit 1
|
|
89
99
|
end
|
|
90
100
|
end
|
|
91
|
-
|
|
101
|
+
|
|
@@ -25,7 +25,7 @@ class EncryptDelete < Chef::Knife
|
|
|
25
25
|
include ChefVault::Mixin::Helper
|
|
26
26
|
end
|
|
27
27
|
|
|
28
|
-
banner "knife encrypt delete
|
|
28
|
+
banner "knife encrypt delete VAULT ITEM --mode MODE"
|
|
29
29
|
|
|
30
30
|
option :mode,
|
|
31
31
|
:short => '-M MODE',
|
|
@@ -45,8 +45,8 @@ class EncryptDelete < Chef::Knife
|
|
|
45
45
|
rescue ChefVault::Exceptions::KeysNotFound,
|
|
46
46
|
ChefVault::Exceptions::ItemNotFound
|
|
47
47
|
|
|
48
|
-
|
|
49
|
-
|
|
48
|
+
raise ChefVault::Exceptions::ItemNotFound,
|
|
49
|
+
"#{vault}/#{item} not found."
|
|
50
50
|
end
|
|
51
51
|
end
|
|
52
52
|
else
|
|
@@ -59,4 +59,4 @@ class EncryptDelete < Chef::Knife
|
|
|
59
59
|
exit 1
|
|
60
60
|
end
|
|
61
61
|
end
|
|
62
|
-
|
|
62
|
+
|
|
@@ -25,7 +25,7 @@ class EncryptRemove < Chef::Knife
|
|
|
25
25
|
include ChefVault::Mixin::Helper
|
|
26
26
|
end
|
|
27
27
|
|
|
28
|
-
banner "knife encrypt remove
|
|
28
|
+
banner "knife encrypt remove VAULT ITEM VALUES "\
|
|
29
29
|
"--mode MODE --search SEARCH --admins ADMINS"
|
|
30
30
|
|
|
31
31
|
option :mode,
|
|
@@ -73,9 +73,9 @@ class EncryptRemove < Chef::Knife
|
|
|
73
73
|
remove_items.each do |key|
|
|
74
74
|
key.strip!
|
|
75
75
|
vault_item.remove(key)
|
|
76
|
-
end
|
|
76
|
+
end
|
|
77
77
|
end
|
|
78
|
-
|
|
78
|
+
|
|
79
79
|
vault_item.clients(search, :delete) if search
|
|
80
80
|
vault_item.admins(admins, :delete) if admins
|
|
81
81
|
|
|
@@ -97,4 +97,4 @@ class EncryptRemove < Chef::Knife
|
|
|
97
97
|
exit 1
|
|
98
98
|
end
|
|
99
99
|
end
|
|
100
|
-
|
|
100
|
+
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# Description: Chef-Vault
|
|
1
|
+
# Description: Chef-Vault EncryptRotateKeys class
|
|
2
2
|
# Copyright 2013, Nordstrom, Inc.
|
|
3
3
|
|
|
4
4
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
@@ -25,7 +25,7 @@ class EncryptRotateKeys < Chef::Knife
|
|
|
25
25
|
include ChefVault::Mixin::Helper
|
|
26
26
|
end
|
|
27
27
|
|
|
28
|
-
banner "knife rotate
|
|
28
|
+
banner "knife encrypt rotate keys VAULT ITEM --mode MODE"
|
|
29
29
|
|
|
30
30
|
option :mode,
|
|
31
31
|
:short => '-M MODE',
|
|
@@ -59,4 +59,4 @@ class EncryptRotateKeys < Chef::Knife
|
|
|
59
59
|
exit 1
|
|
60
60
|
end
|
|
61
61
|
end
|
|
62
|
-
|
|
62
|
+
|
|
@@ -25,8 +25,8 @@ class EncryptUpdate < Chef::Knife
|
|
|
25
25
|
include ChefVault::Mixin::Helper
|
|
26
26
|
end
|
|
27
27
|
|
|
28
|
-
banner "knife encrypt update
|
|
29
|
-
"--mode MODE --search SEARCH --admins ADMINS --json FILE"
|
|
28
|
+
banner "knife encrypt update VAULT ITEM VALUES "\
|
|
29
|
+
"--mode MODE --search SEARCH --admins ADMINS --json FILE --file FILE"
|
|
30
30
|
|
|
31
31
|
option :mode,
|
|
32
32
|
:short => '-M MODE',
|
|
@@ -48,6 +48,10 @@ class EncryptUpdate < Chef::Knife
|
|
|
48
48
|
:long => '--json FILE',
|
|
49
49
|
:description => 'File containing JSON data to encrypt'
|
|
50
50
|
|
|
51
|
+
option :file,
|
|
52
|
+
:long => '--file FILE',
|
|
53
|
+
:description => 'File to be added to vault item as file-content'
|
|
54
|
+
|
|
51
55
|
def run
|
|
52
56
|
vault = @name_args[0]
|
|
53
57
|
item = @name_args[1]
|
|
@@ -55,16 +59,22 @@ class EncryptUpdate < Chef::Knife
|
|
|
55
59
|
search = config[:search]
|
|
56
60
|
admins = config[:admins]
|
|
57
61
|
json_file = config[:json]
|
|
62
|
+
file = config[:file]
|
|
58
63
|
|
|
59
64
|
set_mode(config[:mode])
|
|
60
65
|
|
|
61
|
-
if vault && item && ((values || json_file) || (search || admins))
|
|
66
|
+
if vault && item && ((values || json_file || file) || (search || admins))
|
|
62
67
|
begin
|
|
63
68
|
vault_item = ChefVault::Item.load(vault, item)
|
|
64
69
|
|
|
65
70
|
merge_values(values, json_file).each do |key, value|
|
|
66
71
|
vault_item[key] = value
|
|
67
|
-
end
|
|
72
|
+
end
|
|
73
|
+
|
|
74
|
+
if file
|
|
75
|
+
vault_item["file-name"] = File.basename(file)
|
|
76
|
+
vault_item["file-content"] = File.open(file){ |file| file.read() }
|
|
77
|
+
end
|
|
68
78
|
|
|
69
79
|
vault_item.clients(search) if search
|
|
70
80
|
vault_item.admins(admins) if admins
|
|
@@ -87,4 +97,4 @@ class EncryptUpdate < Chef::Knife
|
|
|
87
97
|
exit 1
|
|
88
98
|
end
|
|
89
99
|
end
|
|
90
|
-
|
|
100
|
+
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: chef-vault
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.0
|
|
4
|
+
version: 2.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Kevin Moser
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2013-
|
|
11
|
+
date: 2013-12-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: chef
|