chef-vault 2.1.0 → 2.2.0

data/lib/chef/knife/encrypt_rotate_keys.rb

@@ -13,50 +13,21 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require 'chef/knife'
-require 'chef-vault'
-
-class EncryptRotateKeys < Chef::Knife
-  deps do
-    require 'chef/search/query'
-    require File.expand_path('../mixin/compat', __FILE__)
-    require File.expand_path('../mixin/helper', __FILE__)
-    include ChefVault::Mixin::KnifeCompat
-    include ChefVault::Mixin::Helper
-  end
-
-  banner "knife encrypt rotate keys VAULT ITEM --mode MODE"
-
-  option :mode,
-    :short => '-M MODE',
-    :long => '--mode MODE',
-    :description => 'Chef mode to run in default - solo'
+require 'chef/knife/vault_base'
+require 'chef/knife/vault_rotate_keys'
 
-  def run
-    vault = @name_args[0]
-    item = @name_args[1]
+class Chef
+  class Knife
+    class EncryptRotateKeys < VaultRotateKeys
 
-    if vault && item
-      set_mode(config[:mode])
+      include Knife::VaultBase
 
-      begin
-        item = ChefVault::Item.load(vault, item)
-        item.rotate_keys!
-      rescue ChefVault::Exceptions::KeysNotFound,
-             ChefVault::Exceptions::ItemNotFound
+      banner "knife encrypt rotate keys VAULT ITEM (options)"
 
-        raise ChefVault::Exceptions::ItemNotFound,
-              "#{vault}/#{item} does not exists, "\
-              "use 'knife encrypt create' to create."
+      def run
+        puts "DEPRECATION WARNING: knife encrypt is deprecated. Please use knife vault instead."
+        super
       end
-    else
-      show_usage
     end
   end
-
-  def show_usage
-    super
-    exit 1
-  end
 end
-

data/lib/chef/knife/encrypt_update.rb

@@ -13,88 +13,40 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require 'chef/knife'
-require 'chef-vault'
+require 'chef/knife/vault_base'
+require 'chef/knife/vault_update'
 
-class EncryptUpdate < Chef::Knife
-  deps do
-    require 'chef/search/query'
-    require File.expand_path('../mixin/compat', __FILE__)
-    require File.expand_path('../mixin/helper', __FILE__)
-    include ChefVault::Mixin::KnifeCompat
-    include ChefVault::Mixin::Helper
-  end
-
-  banner "knife encrypt update VAULT ITEM VALUES "\
-        "--mode MODE --search SEARCH --admins ADMINS --json FILE --file FILE"
-
-  option :mode,
-    :short => '-M MODE',
-    :long => '--mode MODE',
-    :description => 'Chef mode to run in default - solo'
-
-  option :search,
-    :short => '-S SEARCH',
-    :long => '--search SEARCH',
-    :description => 'Chef SOLR search for clients'
-
-  option :admins,
-    :short => '-A ADMINS',
-    :long => '--admins ADMINS',
-    :description => 'Chef users to be added as admins'
-
-  option :json,
-    :short => '-J FILE',
-    :long => '--json FILE',
-    :description => 'File containing JSON data to encrypt'
+class Chef
+  class Knife
+    class EncryptUpdate < VaultUpdate
 
-  option :file,
-    :long => '--file FILE',
-    :description => 'File to be added to vault item as file-content'
+      include Knife::VaultBase
 
-  def run
-    vault = @name_args[0]
-    item = @name_args[1]
-    values = @name_args[2]
-    search = config[:search]
-    admins = config[:admins]
-    json_file = config[:json]
-    file = config[:file]
+      option :search,
+        :short => '-S SEARCH',
+        :long => '--search SEARCH',
+        :description => 'Chef SOLR search for clients'
 
-    set_mode(config[:mode])
+      option :admins,
+        :short => '-A ADMINS',
+        :long => '--admins ADMINS',
+        :description => 'Chef users to be added as admins'
 
-    if vault && item && ((values || json_file || file) || (search || admins))
-      begin
-        vault_item = ChefVault::Item.load(vault, item)
+      option :json,
+        :short => '-J FILE',
+        :long => '--json FILE',
+        :description => 'File containing JSON data to encrypt'
 
-        merge_values(values, json_file).each do |key, value|
-          vault_item[key] = value
-        end
+      option :file,
+        :long => '--file FILE',
+        :description => 'File to be added to vault item as file-content'
 
-        if file
-          vault_item["file-name"] = File.basename(file)
-          vault_item["file-content"] = File.open(file){ |file| file.read() }
-        end
+      banner "knife encrypt update VAULT ITEM VALUES (options)"
 
-        vault_item.clients(search) if search
-        vault_item.admins(admins) if admins
-
-        vault_item.save
-      rescue ChefVault::Exceptions::KeysNotFound,
-             ChefVault::Exceptions::ItemNotFound
-
-        raise ChefVault::Exceptions::ItemNotFound,
-              "#{vault}/#{item} does not exists, "\
-              "use 'knife encrypt create' to create."
+      def run
+        puts "DEPRECATION WARNING: knife encrypt is deprecated. Please use knife vault instead."
+        super
       end
-    else
-      show_usage
     end
   end
-
-  def show_usage
-    super
-    exit 1
-  end
 end
-

data/lib/chef/knife/vault_base.rb

@@ -0,0 +1,46 @@
+# Description: Chef-Vault VaultBase module
+# Copyright 2013, Nordstrom, Inc.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'chef/knife'
+require 'chef-vault'
+
+class Chef
+  class Knife
+    module VaultBase
+      def self.included(includer)
+        includer.class_eval do
+          deps do
+            require 'chef/search/query'
+            require File.expand_path('../mixin/compat', __FILE__)
+            require File.expand_path('../mixin/helper', __FILE__)
+            include ChefVault::Mixin::KnifeCompat
+            include ChefVault::Mixin::Helper
+          end
+
+          option :vault_mode,
+            :short => '-M MODE',
+            :long => '--mode MODE',
+            :description => 'Chef mode to run in default - solo',
+            :proc => Proc.new { |i| Chef::Config[:knife][:vault_mode] = i }
+        end
+      end
+
+      def show_usage
+        super
+        exit 1
+      end
+    end
+  end
+end

data/lib/chef/knife/vault_create.rb

@@ -0,0 +1,95 @@
+# Description: Chef-Vault VaultCreate class
+# Copyright 2013, Nordstrom, Inc.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'chef/knife/vault_base'
+
+class Chef
+  class Knife
+    class VaultCreate < Knife
+
+      include Chef::Knife::VaultBase
+
+      banner "knife vault create VAULT ITEM VALUES (options)"
+
+      option :search,
+        :short => '-S SEARCH',
+        :long => '--search SEARCH',
+        :description => 'Chef SOLR search for clients'
+
+      option :admins,
+        :short => '-A ADMINS',
+        :long => '--admins ADMINS',
+        :description => 'Chef users to be added as admins'
+
+      option :json,
+        :short => '-J FILE',
+        :long => '--json FILE',
+        :description => 'File containing JSON data to encrypt'
+
+      option :file,
+        :long => '--file FILE',
+        :description => 'File to be added to vault item as file-content'
+
+      def run
+        vault = @name_args[0]
+        item = @name_args[1]
+        values = @name_args[2]
+        search = config[:search]
+        admins = config[:admins]
+        json_file = config[:json]
+        file = config[:file]
+
+        set_mode(config[:vault_mode])
+
+        if vault && item && (search || admins)
+          begin
+            vault_item = ChefVault::Item.load(vault, item)
+            raise ChefVault::Exceptions::ItemAlreadyExists,
+              "#{vault_item.data_bag}/#{vault_item.id} already exists, "\
+              "use 'knife vault remove' 'knife vault update' "\
+              "or 'knife vault edit' to make changes."
+          rescue ChefVault::Exceptions::KeysNotFound,
+            ChefVault::Exceptions::ItemNotFound
+            vault_item = ChefVault::Item.new(vault, item)
+
+            if values || json_file || file
+              merge_values(values, json_file).each do |key, value|
+                vault_item[key] = value
+              end
+
+              if file
+                vault_item["file-name"] = File.basename(file)
+                vault_item["file-content"] = File.open(file){ |file| file.read() }
+              end
+            else
+              vault_json = edit_data(Hash.new)
+              vault_json.each do |key, value|
+                vault_item[key] = value
+              end
+            end
+
+            vault_item.search(search) if search
+            vault_item.clients(search) if search
+            vault_item.admins(admins) if admins
+
+            vault_item.save
+          end
+        else
+          show_usage
+        end
+      end
+    end
+  end
+end

data/lib/chef/knife/vault_decrypt.rb

@@ -0,0 +1,59 @@
+# Description: Chef-Vault VaultDecrypt class
+# Copyright 2013, Nordstrom, Inc.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'chef/knife/vault_base'
+
+class Chef
+  class Knife
+    class VaultDecrypt < Knife
+
+      include Chef::Knife::VaultBase
+
+      banner "knife vault decrypt VAULT ITEM [VALUES] (options)"
+
+      def run
+        puts "DEPRECATION WARNING: knife vault decrypt is deprecated. Please use knife vault show instead."
+        vault = @name_args[0]
+        item = @name_args[1]
+        values = @name_args[2]
+
+        if vault && item
+          set_mode(config[:vault_mode])
+
+          print_values(vault, item, values)
+        else
+          show_usage
+        end
+      end
+
+      def print_values(vault, item, values)
+        vault_item = ChefVault::Item.load(vault, item).raw_data
+
+        if values
+          included_values = %W( id )
+
+          values.split(",").each do |value|
+            value.strip! # remove white space
+            included_values << value
+          end
+
+          output(Hash[vault_item.find_all{|k,v| included_values.include?(k)}])
+        else
+          output(vault_item)
+        end
+      end
+    end
+  end
+end

data/lib/chef/knife/vault_delete.rb

@@ -0,0 +1,49 @@
+# Description: Chef-Vault VaultDelete class
+# Copyright 2013, Nordstrom, Inc.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'chef/knife/vault_base'
+
+class Chef
+  class Knife
+    class VaultDelete < Knife
+
+      include Chef::Knife::VaultBase
+
+      banner "knife vault delete VAULT ITEM (options)"
+
+      def run
+        vault = @name_args[0]
+        item = @name_args[1]
+
+        set_mode(config[:vault_mode])
+
+        if vault && item
+          delete_object(ChefVault::Item, "#{vault}/#{item}", "chef_vault_item") do
+            begin
+              ChefVault::Item.load(vault, item).destroy
+            rescue ChefVault::Exceptions::KeysNotFound,
+              ChefVault::Exceptions::ItemNotFound
+
+              raise ChefVault::Exceptions::ItemNotFound,
+                "#{vault}/#{item} not found."
+            end
+          end
+        else
+          show_usage
+        end
+      end
+    end
+  end
+end

data/lib/chef/knife/vault_edit.rb

@@ -0,0 +1,70 @@
+# Description: Chef-Vault VaultEdit class
+# Copyright 2013, Nordstrom, Inc.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'chef/knife/vault_base'
+
+class Chef
+  class Knife
+    class VaultEdit < Knife
+
+      include Chef::Knife::VaultBase
+
+      banner "knife vault edit VAULT ITEM (options)"
+
+      option :mode,
+        :short => '-M MODE',
+        :long => '--mode MODE',
+        :description => 'Chef mode to run in default - solo'
+
+      def run
+        vault = @name_args[0]
+        item = @name_args[1]
+
+        set_mode(config[:vault_mode])
+
+        if vault && item
+          begin
+            vault_item = ChefVault::Item.load(vault, item)
+
+            filtered_vault_data = vault_item.raw_data.select{|x| x != 'id'}
+
+            updated_vault_json = edit_data(filtered_vault_data)
+
+            # Clean out contents of existing local vault_item
+            vault_item.raw_data.each do |key, value|
+              vault_item.remove(key) unless key == 'id'
+            end
+
+            # write new vault_item key/value pairs
+            updated_vault_json.each do |key, value|
+              vault_item[key] = value
+            end
+
+            vault_item.save
+          rescue ChefVault::Exceptions::KeysNotFound,
+            ChefVault::Exceptions::ItemNotFound
+
+            raise ChefVault::Exceptions::ItemNotFound,
+              "#{vault}/#{item} does not exist, "\
+              "use 'knife vault create' to create."
+          end
+        else
+          show_usage
+        end
+      end
+    end
+  end
+end
+