chef-vault 2.2.1 → 2.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/.gitignore CHANGED
@@ -1,4 +1,30 @@
1
+ " from https://github.com/github/gitignore/blob/master/Ruby.gitignore
1
2
  *.gem
3
+ *.rbc
4
+ /.config
5
+ /coverage/
6
+ /InstalledFiles
7
+ /pkg/
8
+ /spec/reports/
9
+ /test/tmp/
10
+ /test/version_tmp/
11
+ /tmp/
12
+
13
+ ## Documentation cache and generated files:
14
+ /.yardoc/
15
+ /_yardoc/
16
+ /doc/
17
+ /rdoc/
18
+
19
+ ## Environment normalisation:
20
+ /.bundle/
21
+ /lib/bundler/man/
22
+
23
+ # for a library or gem, you might want to ignore these files since the code is
24
+ # intended to run in multiple environments; otherwise, check them in:
2
25
  Gemfile.lock
3
- vendor
4
- .bundle
26
+ .ruby-version
27
+ .ruby-gemset
28
+
29
+ # unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
30
+ .rvmrc
@@ -1,6 +1,11 @@
1
1
  ## Planned (Unreleased)
2
2
 
3
3
  ## Released
4
+ ## v2.2.2 / 2014-06-03
5
+ * Add knife vault refresh command
6
+ * Use node_name as a default admin
7
+ * Add DEMO for users
8
+
4
9
  ## v2.2.1 / 2014-02-26
5
10
  * Add vault_admins to knife.rb for a default set of vault admins
6
11
 
data/DEMO.md ADDED
@@ -0,0 +1,53 @@
1
+ # A Short Demo of the Magic of Chef-Vault
2
+
3
+ ##Set up the magic show from a shell on your own workstation
4
+
5
+ ###Put the bunny in the hat
6
+
7
+ echo "bunny" > tophat
8
+
9
+ ###Put the hat in the magic show
10
+
11
+ export assistant=aug24 #Change this to your chef id
12
+ export role=magician #Change this to the role you need to pass the secret to
13
+
14
+ knife vault create magicshow hat \ #Create a hat object in a data bag called magicshow
15
+ --mode client \ #Talk to the chef server rather than local
16
+ --file tophat \ #Use the hat (file) we put the bunny in
17
+ --search "role:${role}" \ #Encrypted for all *current* nodes with the magician role
18
+ --admins "${assistant}" #Encrypted for the assistant
19
+
20
+ ###Check the magic show is on the chef server
21
+
22
+ knife data bag list
23
+
24
+ ###Check the hat is there (and that nobody can see what's in it)
25
+ knife data bag show magicshow hat
26
+
27
+ ###Check you can see what's in it
28
+ knife vault show magicshow hat file-content --mode client
29
+
30
+ ##'Hop' on to a node with a role of 'magician'
31
+
32
+ ###Install required software
33
+ sudo apt-get install ruby-dev --yes
34
+ sudo gem install chef-vault --no-ri --no-rdoc
35
+
36
+ ###Get the bunny back out of the hat!
37
+ sudo chef-shell --client <<EOF
38
+ require 'chef-vault'
39
+ puts ChefVault::Item.load('magicshow', 'hat')['file-content']
40
+ EOF
41
+
42
+ If you are on a node which is not a magician, an exception will be thrown,
43
+ and the node cannot see what is in the hat.
44
+
45
+ #Finally, do a disappearing act.
46
+
47
+ ###Make the hat disappear...
48
+ knife vault delete magicshow hat --mode client
49
+
50
+ ###Make the entire magic show disappear...
51
+ knife data bag delete magicshow
52
+
53
+ ###Thank you!
@@ -142,6 +142,11 @@ Rotate the shared key for all vaults and items. The shared key is that which is
142
142
 
143
143
  knife vault rotate all keys
144
144
 
145
+ ### refresh
146
+ This command reads the search_query in the vault item, performs the search, and reapplies the results.
147
+
148
+ knife vault refresh VAULT ITEM
149
+
145
150
  ### global options
146
151
  <table>
147
152
  <tr>
data/README.md CHANGED
@@ -24,10 +24,13 @@ See KNIFE_EXAMPLES.md for examples of commands
24
24
 
25
25
  ### knife.rb
26
26
  To set 'client' as the default mode, add the following line to the knife.rb file.
27
- knife[:vault_mode] = 'client'
27
+
28
+ ```knife[:vault_mode] = 'client'```
28
29
 
29
30
  To set the default list of admins for creating and updating vaults, add the following line to the knife.rb file.
30
- knife[:vault_admins] = ["example-alice", "example-bob", "example-carol"]
31
+
32
+ ```knife[:vault_admins] = [ 'example-alice', 'example-bob', 'example-carol' ]```
33
+
31
34
  (These values can be overridden on the command line by using -A)
32
35
 
33
36
  NOTE: chef-vault 1.0 knife commands are not supported! Please use chef-vault 2.0 commands.
@@ -36,6 +39,7 @@ NOTE: chef-vault 1.0 knife commands are not supported! Please use chef-vault 2.
36
39
 
37
40
  knife vault create VAULT ITEM VALUES
38
41
  knife vault edit VAULT ITEM
42
+ knife vault refresh VAULT ITEM
39
43
  knife vault update VAULT ITEM VALUES
40
44
  knife vault remove VAULT ITEM VALUES
41
45
  knife vault delete VAULT ITEM
data/Rakefile CHANGED
@@ -1,5 +1,6 @@
1
+ require 'bundler/gem_tasks'
1
2
  require 'rspec/core/rake_task'
2
3
 
3
4
  RSpec::Core::RakeTask.new(:spec)
4
5
 
5
- task :default => :spec
6
+ task default: :spec
File without changes
@@ -14,28 +14,29 @@
14
14
  # See the License for the specific language governing permissions and
15
15
  # limitations under the License.
16
16
 
17
- $:.push File.expand_path("../lib", __FILE__)
18
- require "chef-vault/version"
17
+ $:.push File.expand_path('../lib', __FILE__)
18
+ require 'chef-vault/version'
19
19
 
20
20
  Gem::Specification.new do |s|
21
- s.name = "chef-vault"
21
+ s.name = 'chef-vault'
22
22
  s.version = ChefVault::VERSION
23
23
  s.has_rdoc = true
24
- s.authors = ["Kevin Moser"]
25
- s.email = ["kevin.moser@nordstrom.com"]
26
- s.summary = "Data encryption support for chef using data bags"
24
+ s.authors = ['Kevin Moser']
25
+ s.email = ['kevin.moser@nordstrom.com']
26
+ s.summary = 'Data encryption support for Chef using data bags'
27
27
  s.description = s.summary
28
+ s.homepage = 'https://github.com/Nordstrom/chef-vault'
29
+
28
30
  s.license = 'Apache License, v2.0'
29
31
 
30
32
  s.files = `git ls-files`.split("\n")
31
- s.add_dependency "chef", ">= 0.10.10"
32
-
33
- # tests
34
- s.add_development_dependency 'rake'
35
- s.add_development_dependency 'rspec'
33
+ s.require_paths = ['lib']
34
+ s.bindir = 'bin'
35
+ s.executables = %w( chef-vault )
36
36
 
37
- s.require_paths = ["lib"]
37
+ s.add_dependency 'chef', '>= 0.10.10'
38
38
 
39
- s.bindir = "bin"
40
- s.executables = %w( chef-vault )
39
+ s.add_development_dependency 'bundler', '~> 1.3'
40
+ s.add_development_dependency 'rake'
41
+ s.add_development_dependency 'rspec', '~> 2.14'
41
42
  end
@@ -24,4 +24,5 @@ class ChefVault::Exceptions
24
24
  class KeysNotFound < RuntimeError; end
25
25
  class ItemNotFound < RuntimeError; end
26
26
  class ItemAlreadyExists < RuntimeError; end
27
- end
27
+ class SearchNotFound < RuntimeError; end
28
+ end
@@ -14,6 +14,6 @@
14
14
  # limitations under the License.
15
15
 
16
16
  class ChefVault
17
- VERSION = "2.2.1"
17
+ VERSION = "2.2.2"
18
18
  MAJOR, MINOR, TINY = VERSION.split('.')
19
19
  end
@@ -0,0 +1,40 @@
1
+ # Description: Chef-Vault VaultAdmins module
2
+ # Copyright 2014, Nordstrom, Inc.
3
+
4
+ # Licensed under the Apache License, Version 2.0 (the "License");
5
+ # you may not use this file except in compliance with the License.
6
+ # You may obtain a copy of the License at
7
+
8
+ # http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+ # Unless required by applicable law or agreed to in writing, software
11
+ # distributed under the License is distributed on an "AS IS" BASIS,
12
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+ # See the License for the specific language governing permissions and
14
+ # limitations under the License.
15
+
16
+ require 'chef/knife'
17
+ require 'chef-vault'
18
+
19
+ class Chef
20
+ class Knife
21
+ module VaultAdmins
22
+
23
+ private
24
+
25
+ def admins
26
+ config_admins = config[:admins]
27
+ vault_admins = Chef::Config[:knife][:vault_admins]
28
+ admin_array = [Chef::Config[:node_name]]
29
+
30
+ if config_admins
31
+ admin_array += [config_admins]
32
+ elsif vault_admins
33
+ admin_array += vault_admins
34
+ end
35
+
36
+ admin_array.join(',')
37
+ end
38
+ end
39
+ end
40
+ end
@@ -1,5 +1,5 @@
1
1
  # Description: Chef-Vault VaultCreate class
2
- # Copyright 2013, Nordstrom, Inc.
2
+ # Copyright 2014, Nordstrom, Inc.
3
3
 
4
4
  # Licensed under the Apache License, Version 2.0 (the "License");
5
5
  # you may not use this file except in compliance with the License.
@@ -14,12 +14,14 @@
14
14
  # limitations under the License.
15
15
 
16
16
  require 'chef/knife/vault_base'
17
+ require 'chef/knife/vault_admins'
17
18
 
18
19
  class Chef
19
20
  class Knife
20
21
  class VaultCreate < Knife
21
22
 
22
23
  include Chef::Knife::VaultBase
24
+ include Chef::Knife::VaultAdmins
23
25
 
24
26
  banner "knife vault create VAULT ITEM VALUES (options)"
25
27
 
@@ -47,7 +49,6 @@ class Chef
47
49
  item = @name_args[1]
48
50
  values = @name_args[2]
49
51
  search = config[:search]
50
- admins = config[:admins] || Chef::Config[:knife][:vault_admins].join(',')
51
52
  json_file = config[:json]
52
53
  file = config[:file]
53
54
 
@@ -71,7 +72,7 @@ class Chef
71
72
 
72
73
  if file
73
74
  vault_item["file-name"] = File.basename(file)
74
- vault_item["file-content"] = File.open(file){ |file| file.read() }
75
+ vault_item["file-content"] = File.open(file) { |f| f.read() }
75
76
  end
76
77
  else
77
78
  vault_json = edit_data(Hash.new)
@@ -0,0 +1,60 @@
1
+ # Description: Chef-Vault VaultReapply class
2
+ # Copyright 2013, Nordstrom, Inc.
3
+
4
+ # Licensed under the Apache License, Version 2.0 (the "License");
5
+ # you may not use this file except in compliance with the License.
6
+ # You may obtain a copy of the License at
7
+
8
+ # http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+ # Unless required by applicable law or agreed to in writing, software
11
+ # distributed under the License is distributed on an "AS IS" BASIS,
12
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+ # See the License for the specific language governing permissions and
14
+ # limitations under the License.
15
+
16
+ require 'chef/knife/vault_base'
17
+
18
+ class Chef
19
+ class Knife
20
+ class VaultRefresh < Knife
21
+
22
+ include Chef::Knife::VaultBase
23
+
24
+ banner "knife vault refresh VAULT ITEM"
25
+
26
+ def run
27
+ vault = @name_args[0]
28
+ item = @name_args[1]
29
+
30
+ set_mode(config[:vault_mode])
31
+
32
+ if vault && item
33
+ begin
34
+ vault_item = ChefVault::Item.load(vault, item)
35
+ search = vault_item.search
36
+
37
+ unless search
38
+ raise ChefVault::Exceptions::SearchNotFound,
39
+ "#{vault}/#{item} does not have a stored search_query, "\
40
+ "probably because it was created with an older version "\
41
+ "of chef-vault. Use 'knife vault update' to update the "\
42
+ "databag with the search query."
43
+ end
44
+
45
+ vault_item.clients(search)
46
+ vault_item.save
47
+ rescue ChefVault::Exceptions::KeysNotFound,
48
+ ChefVault::Exceptions::ItemNotFound
49
+
50
+ raise ChefVault::Exceptions::ItemNotFound,
51
+ "#{vault}/#{item} does not exist, "\
52
+ "use 'knife vault create' to create."
53
+ end
54
+ else
55
+ show_usage
56
+ end
57
+ end
58
+ end
59
+ end
60
+ end
@@ -1,5 +1,5 @@
1
1
  # Description: Chef-Vault VaultUpdate class
2
- # Copyright 2013, Nordstrom, Inc.
2
+ # Copyright 2014, Nordstrom, Inc.
3
3
 
4
4
  # Licensed under the Apache License, Version 2.0 (the "License");
5
5
  # you may not use this file except in compliance with the License.
@@ -14,12 +14,14 @@
14
14
  # limitations under the License.
15
15
 
16
16
  require 'chef/knife/vault_base'
17
+ require 'chef/knife/vault_admins'
17
18
 
18
19
  class Chef
19
20
  class Knife
20
21
  class VaultUpdate < Knife
21
22
 
22
23
  include Chef::Knife::VaultBase
24
+ include Chef::Knife::VaultAdmins
23
25
 
24
26
  banner "knife vault update VAULT ITEM VALUES (options)"
25
27
 
@@ -47,7 +49,6 @@ class Chef
47
49
  item = @name_args[1]
48
50
  values = @name_args[2]
49
51
  search = config[:search]
50
- admins = config[:admins] || Chef::Config[:knife][:vault_admins].join(',')
51
52
  json_file = config[:json]
52
53
  file = config[:file]
53
54
 
@@ -63,7 +64,7 @@ class Chef
63
64
 
64
65
  if file
65
66
  vault_item["file-name"] = File.basename(file)
66
- vault_item["file-content"] = File.open(file){ |file| file.read() }
67
+ vault_item["file-content"] = File.open(file) { |f| f.read() }
67
68
  end
68
69
 
69
70
  vault_item.search(search) if search
metadata CHANGED
@@ -1,18 +1,20 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: chef-vault
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.1
4
+ version: 2.2.2
5
+ prerelease:
5
6
  platform: ruby
6
7
  authors:
7
8
  - Kevin Moser
8
9
  autorequire:
9
10
  bindir: bin
10
11
  cert_chain: []
11
- date: 2014-02-26 00:00:00.000000000 Z
12
+ date: 2014-06-03 00:00:00.000000000 Z
12
13
  dependencies:
13
14
  - !ruby/object:Gem::Dependency
14
15
  name: chef
15
16
  requirement: !ruby/object:Gem::Requirement
17
+ none: false
16
18
  requirements:
17
19
  - - ! '>='
18
20
  - !ruby/object:Gem::Version
@@ -20,13 +22,31 @@ dependencies:
20
22
  type: :runtime
21
23
  prerelease: false
22
24
  version_requirements: !ruby/object:Gem::Requirement
25
+ none: false
23
26
  requirements:
24
27
  - - ! '>='
25
28
  - !ruby/object:Gem::Version
26
29
  version: 0.10.10
30
+ - !ruby/object:Gem::Dependency
31
+ name: bundler
32
+ requirement: !ruby/object:Gem::Requirement
33
+ none: false
34
+ requirements:
35
+ - - ~>
36
+ - !ruby/object:Gem::Version
37
+ version: '1.3'
38
+ type: :development
39
+ prerelease: false
40
+ version_requirements: !ruby/object:Gem::Requirement
41
+ none: false
42
+ requirements:
43
+ - - ~>
44
+ - !ruby/object:Gem::Version
45
+ version: '1.3'
27
46
  - !ruby/object:Gem::Dependency
28
47
  name: rake
29
48
  requirement: !ruby/object:Gem::Requirement
49
+ none: false
30
50
  requirements:
31
51
  - - ! '>='
32
52
  - !ruby/object:Gem::Version
@@ -34,6 +54,7 @@ dependencies:
34
54
  type: :development
35
55
  prerelease: false
36
56
  version_requirements: !ruby/object:Gem::Requirement
57
+ none: false
37
58
  requirements:
38
59
  - - ! '>='
39
60
  - !ruby/object:Gem::Version
@@ -41,18 +62,20 @@ dependencies:
41
62
  - !ruby/object:Gem::Dependency
42
63
  name: rspec
43
64
  requirement: !ruby/object:Gem::Requirement
65
+ none: false
44
66
  requirements:
45
- - - ! '>='
67
+ - - ~>
46
68
  - !ruby/object:Gem::Version
47
- version: '0'
69
+ version: '2.14'
48
70
  type: :development
49
71
  prerelease: false
50
72
  version_requirements: !ruby/object:Gem::Requirement
73
+ none: false
51
74
  requirements:
52
- - - ! '>='
75
+ - - ~>
53
76
  - !ruby/object:Gem::Version
54
- version: '0'
55
- description: Data encryption support for chef using data bags
77
+ version: '2.14'
78
+ description: Data encryption support for Chef using data bags
56
79
  email:
57
80
  - kevin.moser@nordstrom.com
58
81
  executables:
@@ -65,6 +88,7 @@ files:
65
88
  - .travis.yml
66
89
  - CONTRIBUTING.md
67
90
  - Changelog.md
91
+ - DEMO.md
68
92
  - Gemfile
69
93
  - KNIFE_EXAMPLES.md
70
94
  - LICENSE
@@ -89,11 +113,13 @@ files:
89
113
  - lib/chef/knife/encrypt_update.rb
90
114
  - lib/chef/knife/mixin/compat.rb
91
115
  - lib/chef/knife/mixin/helper.rb
116
+ - lib/chef/knife/vault_admins.rb
92
117
  - lib/chef/knife/vault_base.rb
93
118
  - lib/chef/knife/vault_create.rb
94
119
  - lib/chef/knife/vault_decrypt.rb
95
120
  - lib/chef/knife/vault_delete.rb
96
121
  - lib/chef/knife/vault_edit.rb
122
+ - lib/chef/knife/vault_refresh.rb
97
123
  - lib/chef/knife/vault_remove.rb
98
124
  - lib/chef/knife/vault_rotate_all_keys.rb
99
125
  - lib/chef/knife/vault_rotate_keys.rb
@@ -103,28 +129,29 @@ files:
103
129
  - spec/item_keys_spec.rb
104
130
  - spec/item_spec.rb
105
131
  - spec/spec_helper.rb
106
- homepage:
132
+ homepage: https://github.com/Nordstrom/chef-vault
107
133
  licenses:
108
134
  - Apache License, v2.0
109
- metadata: {}
110
135
  post_install_message:
111
136
  rdoc_options: []
112
137
  require_paths:
113
138
  - lib
114
139
  required_ruby_version: !ruby/object:Gem::Requirement
140
+ none: false
115
141
  requirements:
116
142
  - - ! '>='
117
143
  - !ruby/object:Gem::Version
118
144
  version: '0'
119
145
  required_rubygems_version: !ruby/object:Gem::Requirement
146
+ none: false
120
147
  requirements:
121
148
  - - ! '>='
122
149
  - !ruby/object:Gem::Version
123
150
  version: '0'
124
151
  requirements: []
125
152
  rubyforge_project:
126
- rubygems_version: 2.0.7
153
+ rubygems_version: 1.8.23.2
127
154
  signing_key:
128
- specification_version: 4
129
- summary: Data encryption support for chef using data bags
155
+ specification_version: 3
156
+ summary: Data encryption support for Chef using data bags
130
157
  test_files: []
checksums.yaml DELETED
@@ -1,15 +0,0 @@
1
- ---
2
- !binary "U0hBMQ==":
3
- metadata.gz: !binary |-
4
- ZGZkNTFmZjk4NGQxY2UwMjViZDI1MGM0NTczYWMxMDcyMWUxMGEwZQ==
5
- data.tar.gz: !binary |-
6
- MjA3MGY0OWY1N2NkMzA2MTNkOWY4OGUzZGQ2YmZmN2NhZDhlYjIwMg==
7
- !binary "U0hBNTEy":
8
- metadata.gz: !binary |-
9
- Y2Q2MTI4NGZhN2Y3ZDM0Y2JlNWFkZGQxMzEyMGQ2ZmI3NjU2N2I0MDE1NmRj
10
- NzlhNGY2ODIyNmU4YjI2NDg5YjkxYTgxMzIwMzEzOWI2YWZhYzY5YTg5YWJj
11
- ZGI4NTA3MGVjNGIyYzU0MzI5ZjE0N2EyZjhiNzgwNGIzY2FlNTE=
12
- data.tar.gz: !binary |-
13
- YTVmMzRlNTY3NGE5YWY4NzNmMTkyYWRhYjRhNTY5NjQ4YjkwNTc1NzFkYmU2
14
- MGY2OTM2ZjE1N2E1YzM0ZjkwOTM4MDFmZjIxOWU5ZWMwZGIyNDRkNTI3Mjlm
15
- N2M4MWEzODIwZmE1YmY4NmQzNjhkNmE4OGIxNjg2NDc1MjEyNTk=