chef-vault 2.1.0 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -13,50 +13,21 @@
13
13
  # See the License for the specific language governing permissions and
14
14
  # limitations under the License.
15
15
 
16
- require 'chef/knife'
17
- require 'chef-vault'
18
-
19
- class EncryptRotateKeys < Chef::Knife
20
- deps do
21
- require 'chef/search/query'
22
- require File.expand_path('../mixin/compat', __FILE__)
23
- require File.expand_path('../mixin/helper', __FILE__)
24
- include ChefVault::Mixin::KnifeCompat
25
- include ChefVault::Mixin::Helper
26
- end
27
-
28
- banner "knife encrypt rotate keys VAULT ITEM --mode MODE"
29
-
30
- option :mode,
31
- :short => '-M MODE',
32
- :long => '--mode MODE',
33
- :description => 'Chef mode to run in default - solo'
16
+ require 'chef/knife/vault_base'
17
+ require 'chef/knife/vault_rotate_keys'
34
18
 
35
- def run
36
- vault = @name_args[0]
37
- item = @name_args[1]
19
+ class Chef
20
+ class Knife
21
+ class EncryptRotateKeys < VaultRotateKeys
38
22
 
39
- if vault && item
40
- set_mode(config[:mode])
23
+ include Knife::VaultBase
41
24
 
42
- begin
43
- item = ChefVault::Item.load(vault, item)
44
- item.rotate_keys!
45
- rescue ChefVault::Exceptions::KeysNotFound,
46
- ChefVault::Exceptions::ItemNotFound
25
+ banner "knife encrypt rotate keys VAULT ITEM (options)"
47
26
 
48
- raise ChefVault::Exceptions::ItemNotFound,
49
- "#{vault}/#{item} does not exists, "\
50
- "use 'knife encrypt create' to create."
27
+ def run
28
+ puts "DEPRECATION WARNING: knife encrypt is deprecated. Please use knife vault instead."
29
+ super
51
30
  end
52
- else
53
- show_usage
54
31
  end
55
32
  end
56
-
57
- def show_usage
58
- super
59
- exit 1
60
- end
61
33
  end
62
-
@@ -13,88 +13,40 @@
13
13
  # See the License for the specific language governing permissions and
14
14
  # limitations under the License.
15
15
 
16
- require 'chef/knife'
17
- require 'chef-vault'
16
+ require 'chef/knife/vault_base'
17
+ require 'chef/knife/vault_update'
18
18
 
19
- class EncryptUpdate < Chef::Knife
20
- deps do
21
- require 'chef/search/query'
22
- require File.expand_path('../mixin/compat', __FILE__)
23
- require File.expand_path('../mixin/helper', __FILE__)
24
- include ChefVault::Mixin::KnifeCompat
25
- include ChefVault::Mixin::Helper
26
- end
27
-
28
- banner "knife encrypt update VAULT ITEM VALUES "\
29
- "--mode MODE --search SEARCH --admins ADMINS --json FILE --file FILE"
30
-
31
- option :mode,
32
- :short => '-M MODE',
33
- :long => '--mode MODE',
34
- :description => 'Chef mode to run in default - solo'
35
-
36
- option :search,
37
- :short => '-S SEARCH',
38
- :long => '--search SEARCH',
39
- :description => 'Chef SOLR search for clients'
40
-
41
- option :admins,
42
- :short => '-A ADMINS',
43
- :long => '--admins ADMINS',
44
- :description => 'Chef users to be added as admins'
45
-
46
- option :json,
47
- :short => '-J FILE',
48
- :long => '--json FILE',
49
- :description => 'File containing JSON data to encrypt'
19
+ class Chef
20
+ class Knife
21
+ class EncryptUpdate < VaultUpdate
50
22
 
51
- option :file,
52
- :long => '--file FILE',
53
- :description => 'File to be added to vault item as file-content'
23
+ include Knife::VaultBase
54
24
 
55
- def run
56
- vault = @name_args[0]
57
- item = @name_args[1]
58
- values = @name_args[2]
59
- search = config[:search]
60
- admins = config[:admins]
61
- json_file = config[:json]
62
- file = config[:file]
25
+ option :search,
26
+ :short => '-S SEARCH',
27
+ :long => '--search SEARCH',
28
+ :description => 'Chef SOLR search for clients'
63
29
 
64
- set_mode(config[:mode])
30
+ option :admins,
31
+ :short => '-A ADMINS',
32
+ :long => '--admins ADMINS',
33
+ :description => 'Chef users to be added as admins'
65
34
 
66
- if vault && item && ((values || json_file || file) || (search || admins))
67
- begin
68
- vault_item = ChefVault::Item.load(vault, item)
35
+ option :json,
36
+ :short => '-J FILE',
37
+ :long => '--json FILE',
38
+ :description => 'File containing JSON data to encrypt'
69
39
 
70
- merge_values(values, json_file).each do |key, value|
71
- vault_item[key] = value
72
- end
40
+ option :file,
41
+ :long => '--file FILE',
42
+ :description => 'File to be added to vault item as file-content'
73
43
 
74
- if file
75
- vault_item["file-name"] = File.basename(file)
76
- vault_item["file-content"] = File.open(file){ |file| file.read() }
77
- end
44
+ banner "knife encrypt update VAULT ITEM VALUES (options)"
78
45
 
79
- vault_item.clients(search) if search
80
- vault_item.admins(admins) if admins
81
-
82
- vault_item.save
83
- rescue ChefVault::Exceptions::KeysNotFound,
84
- ChefVault::Exceptions::ItemNotFound
85
-
86
- raise ChefVault::Exceptions::ItemNotFound,
87
- "#{vault}/#{item} does not exists, "\
88
- "use 'knife encrypt create' to create."
46
+ def run
47
+ puts "DEPRECATION WARNING: knife encrypt is deprecated. Please use knife vault instead."
48
+ super
89
49
  end
90
- else
91
- show_usage
92
50
  end
93
51
  end
94
-
95
- def show_usage
96
- super
97
- exit 1
98
- end
99
52
  end
100
-
@@ -0,0 +1,46 @@
1
+ # Description: Chef-Vault VaultBase module
2
+ # Copyright 2013, Nordstrom, Inc.
3
+
4
+ # Licensed under the Apache License, Version 2.0 (the "License");
5
+ # you may not use this file except in compliance with the License.
6
+ # You may obtain a copy of the License at
7
+
8
+ # http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+ # Unless required by applicable law or agreed to in writing, software
11
+ # distributed under the License is distributed on an "AS IS" BASIS,
12
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+ # See the License for the specific language governing permissions and
14
+ # limitations under the License.
15
+
16
+ require 'chef/knife'
17
+ require 'chef-vault'
18
+
19
+ class Chef
20
+ class Knife
21
+ module VaultBase
22
+ def self.included(includer)
23
+ includer.class_eval do
24
+ deps do
25
+ require 'chef/search/query'
26
+ require File.expand_path('../mixin/compat', __FILE__)
27
+ require File.expand_path('../mixin/helper', __FILE__)
28
+ include ChefVault::Mixin::KnifeCompat
29
+ include ChefVault::Mixin::Helper
30
+ end
31
+
32
+ option :vault_mode,
33
+ :short => '-M MODE',
34
+ :long => '--mode MODE',
35
+ :description => 'Chef mode to run in default - solo',
36
+ :proc => Proc.new { |i| Chef::Config[:knife][:vault_mode] = i }
37
+ end
38
+ end
39
+
40
+ def show_usage
41
+ super
42
+ exit 1
43
+ end
44
+ end
45
+ end
46
+ end
@@ -0,0 +1,95 @@
1
+ # Description: Chef-Vault VaultCreate class
2
+ # Copyright 2013, Nordstrom, Inc.
3
+
4
+ # Licensed under the Apache License, Version 2.0 (the "License");
5
+ # you may not use this file except in compliance with the License.
6
+ # You may obtain a copy of the License at
7
+
8
+ # http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+ # Unless required by applicable law or agreed to in writing, software
11
+ # distributed under the License is distributed on an "AS IS" BASIS,
12
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+ # See the License for the specific language governing permissions and
14
+ # limitations under the License.
15
+
16
+ require 'chef/knife/vault_base'
17
+
18
+ class Chef
19
+ class Knife
20
+ class VaultCreate < Knife
21
+
22
+ include Chef::Knife::VaultBase
23
+
24
+ banner "knife vault create VAULT ITEM VALUES (options)"
25
+
26
+ option :search,
27
+ :short => '-S SEARCH',
28
+ :long => '--search SEARCH',
29
+ :description => 'Chef SOLR search for clients'
30
+
31
+ option :admins,
32
+ :short => '-A ADMINS',
33
+ :long => '--admins ADMINS',
34
+ :description => 'Chef users to be added as admins'
35
+
36
+ option :json,
37
+ :short => '-J FILE',
38
+ :long => '--json FILE',
39
+ :description => 'File containing JSON data to encrypt'
40
+
41
+ option :file,
42
+ :long => '--file FILE',
43
+ :description => 'File to be added to vault item as file-content'
44
+
45
+ def run
46
+ vault = @name_args[0]
47
+ item = @name_args[1]
48
+ values = @name_args[2]
49
+ search = config[:search]
50
+ admins = config[:admins]
51
+ json_file = config[:json]
52
+ file = config[:file]
53
+
54
+ set_mode(config[:vault_mode])
55
+
56
+ if vault && item && (search || admins)
57
+ begin
58
+ vault_item = ChefVault::Item.load(vault, item)
59
+ raise ChefVault::Exceptions::ItemAlreadyExists,
60
+ "#{vault_item.data_bag}/#{vault_item.id} already exists, "\
61
+ "use 'knife vault remove' 'knife vault update' "\
62
+ "or 'knife vault edit' to make changes."
63
+ rescue ChefVault::Exceptions::KeysNotFound,
64
+ ChefVault::Exceptions::ItemNotFound
65
+ vault_item = ChefVault::Item.new(vault, item)
66
+
67
+ if values || json_file || file
68
+ merge_values(values, json_file).each do |key, value|
69
+ vault_item[key] = value
70
+ end
71
+
72
+ if file
73
+ vault_item["file-name"] = File.basename(file)
74
+ vault_item["file-content"] = File.open(file){ |file| file.read() }
75
+ end
76
+ else
77
+ vault_json = edit_data(Hash.new)
78
+ vault_json.each do |key, value|
79
+ vault_item[key] = value
80
+ end
81
+ end
82
+
83
+ vault_item.search(search) if search
84
+ vault_item.clients(search) if search
85
+ vault_item.admins(admins) if admins
86
+
87
+ vault_item.save
88
+ end
89
+ else
90
+ show_usage
91
+ end
92
+ end
93
+ end
94
+ end
95
+ end
@@ -0,0 +1,59 @@
1
+ # Description: Chef-Vault VaultDecrypt class
2
+ # Copyright 2013, Nordstrom, Inc.
3
+
4
+ # Licensed under the Apache License, Version 2.0 (the "License");
5
+ # you may not use this file except in compliance with the License.
6
+ # You may obtain a copy of the License at
7
+
8
+ # http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+ # Unless required by applicable law or agreed to in writing, software
11
+ # distributed under the License is distributed on an "AS IS" BASIS,
12
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+ # See the License for the specific language governing permissions and
14
+ # limitations under the License.
15
+
16
+ require 'chef/knife/vault_base'
17
+
18
+ class Chef
19
+ class Knife
20
+ class VaultDecrypt < Knife
21
+
22
+ include Chef::Knife::VaultBase
23
+
24
+ banner "knife vault decrypt VAULT ITEM [VALUES] (options)"
25
+
26
+ def run
27
+ puts "DEPRECATION WARNING: knife vault decrypt is deprecated. Please use knife vault show instead."
28
+ vault = @name_args[0]
29
+ item = @name_args[1]
30
+ values = @name_args[2]
31
+
32
+ if vault && item
33
+ set_mode(config[:vault_mode])
34
+
35
+ print_values(vault, item, values)
36
+ else
37
+ show_usage
38
+ end
39
+ end
40
+
41
+ def print_values(vault, item, values)
42
+ vault_item = ChefVault::Item.load(vault, item).raw_data
43
+
44
+ if values
45
+ included_values = %W( id )
46
+
47
+ values.split(",").each do |value|
48
+ value.strip! # remove white space
49
+ included_values << value
50
+ end
51
+
52
+ output(Hash[vault_item.find_all{|k,v| included_values.include?(k)}])
53
+ else
54
+ output(vault_item)
55
+ end
56
+ end
57
+ end
58
+ end
59
+ end
@@ -0,0 +1,49 @@
1
+ # Description: Chef-Vault VaultDelete class
2
+ # Copyright 2013, Nordstrom, Inc.
3
+
4
+ # Licensed under the Apache License, Version 2.0 (the "License");
5
+ # you may not use this file except in compliance with the License.
6
+ # You may obtain a copy of the License at
7
+
8
+ # http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+ # Unless required by applicable law or agreed to in writing, software
11
+ # distributed under the License is distributed on an "AS IS" BASIS,
12
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+ # See the License for the specific language governing permissions and
14
+ # limitations under the License.
15
+
16
+ require 'chef/knife/vault_base'
17
+
18
+ class Chef
19
+ class Knife
20
+ class VaultDelete < Knife
21
+
22
+ include Chef::Knife::VaultBase
23
+
24
+ banner "knife vault delete VAULT ITEM (options)"
25
+
26
+ def run
27
+ vault = @name_args[0]
28
+ item = @name_args[1]
29
+
30
+ set_mode(config[:vault_mode])
31
+
32
+ if vault && item
33
+ delete_object(ChefVault::Item, "#{vault}/#{item}", "chef_vault_item") do
34
+ begin
35
+ ChefVault::Item.load(vault, item).destroy
36
+ rescue ChefVault::Exceptions::KeysNotFound,
37
+ ChefVault::Exceptions::ItemNotFound
38
+
39
+ raise ChefVault::Exceptions::ItemNotFound,
40
+ "#{vault}/#{item} not found."
41
+ end
42
+ end
43
+ else
44
+ show_usage
45
+ end
46
+ end
47
+ end
48
+ end
49
+ end
@@ -0,0 +1,70 @@
1
+ # Description: Chef-Vault VaultEdit class
2
+ # Copyright 2013, Nordstrom, Inc.
3
+
4
+ # Licensed under the Apache License, Version 2.0 (the "License");
5
+ # you may not use this file except in compliance with the License.
6
+ # You may obtain a copy of the License at
7
+
8
+ # http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+ # Unless required by applicable law or agreed to in writing, software
11
+ # distributed under the License is distributed on an "AS IS" BASIS,
12
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+ # See the License for the specific language governing permissions and
14
+ # limitations under the License.
15
+
16
+ require 'chef/knife/vault_base'
17
+
18
+ class Chef
19
+ class Knife
20
+ class VaultEdit < Knife
21
+
22
+ include Chef::Knife::VaultBase
23
+
24
+ banner "knife vault edit VAULT ITEM (options)"
25
+
26
+ option :mode,
27
+ :short => '-M MODE',
28
+ :long => '--mode MODE',
29
+ :description => 'Chef mode to run in default - solo'
30
+
31
+ def run
32
+ vault = @name_args[0]
33
+ item = @name_args[1]
34
+
35
+ set_mode(config[:vault_mode])
36
+
37
+ if vault && item
38
+ begin
39
+ vault_item = ChefVault::Item.load(vault, item)
40
+
41
+ filtered_vault_data = vault_item.raw_data.select{|x| x != 'id'}
42
+
43
+ updated_vault_json = edit_data(filtered_vault_data)
44
+
45
+ # Clean out contents of existing local vault_item
46
+ vault_item.raw_data.each do |key, value|
47
+ vault_item.remove(key) unless key == 'id'
48
+ end
49
+
50
+ # write new vault_item key/value pairs
51
+ updated_vault_json.each do |key, value|
52
+ vault_item[key] = value
53
+ end
54
+
55
+ vault_item.save
56
+ rescue ChefVault::Exceptions::KeysNotFound,
57
+ ChefVault::Exceptions::ItemNotFound
58
+
59
+ raise ChefVault::Exceptions::ItemNotFound,
60
+ "#{vault}/#{item} does not exist, "\
61
+ "use 'knife vault create' to create."
62
+ end
63
+ else
64
+ show_usage
65
+ end
66
+ end
67
+ end
68
+ end
69
+ end
70
+