chef-vault 2.6.1 → 2.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (56) hide show
  1. checksums.yaml +4 -4
  2. data/.rubocop.yml +6 -1
  3. data/.travis.yml +5 -6
  4. data/CONTRIBUTING.md +2 -2
  5. data/Gemfile +3 -1
  6. data/README.md +3 -3
  7. data/Rakefile +16 -20
  8. data/THEORY.md +1 -1
  9. data/UPGRADE.md +55 -0
  10. data/bin/chef-vault +8 -8
  11. data/chef-vault.gemspec +21 -21
  12. data/features/detect_and_warn_v1_vault.feature +15 -0
  13. data/features/step_definitions/chef-databag.rb +1 -1
  14. data/features/step_definitions/chef-repo.rb +7 -7
  15. data/features/step_definitions/chef-vault.rb +30 -22
  16. data/features/step_definitions/chef_databagitem.rb +2 -2
  17. data/features/support/env.rb +3 -3
  18. data/lib/chef-vault.rb +15 -15
  19. data/lib/chef-vault/chef_patch/api_client.rb +5 -5
  20. data/lib/chef-vault/chef_patch/user.rb +5 -5
  21. data/lib/chef-vault/exceptions.rb +3 -0
  22. data/lib/chef-vault/item.rb +13 -19
  23. data/lib/chef-vault/item_keys.rb +13 -13
  24. data/lib/chef-vault/mixins.rb +36 -0
  25. data/lib/chef-vault/version.rb +3 -2
  26. data/lib/chef/knife/decrypt.rb +2 -2
  27. data/lib/chef/knife/encrypt_create.rb +13 -13
  28. data/lib/chef/knife/encrypt_delete.rb +2 -2
  29. data/lib/chef/knife/encrypt_remove.rb +8 -8
  30. data/lib/chef/knife/encrypt_rotate_keys.rb +2 -2
  31. data/lib/chef/knife/encrypt_update.rb +13 -13
  32. data/lib/chef/knife/mixin/compat.rb +2 -2
  33. data/lib/chef/knife/vault_admins.rb +3 -3
  34. data/lib/chef/knife/vault_base.rb +9 -9
  35. data/lib/chef/knife/vault_create.rb +13 -13
  36. data/lib/chef/knife/vault_decrypt.rb +2 -2
  37. data/lib/chef/knife/vault_delete.rb +1 -1
  38. data/lib/chef/knife/vault_download.rb +2 -2
  39. data/lib/chef/knife/vault_edit.rb +6 -6
  40. data/lib/chef/knife/vault_isvault.rb +4 -4
  41. data/lib/chef/knife/vault_itemtype.rb +4 -4
  42. data/lib/chef/knife/vault_list.rb +4 -4
  43. data/lib/chef/knife/vault_refresh.rb +3 -3
  44. data/lib/chef/knife/vault_remove.rb +9 -9
  45. data/lib/chef/knife/vault_rotate_all_keys.rb +4 -4
  46. data/lib/chef/knife/vault_rotate_keys.rb +3 -3
  47. data/lib/chef/knife/vault_show.rb +12 -12
  48. data/lib/chef/knife/vault_update.rb +15 -15
  49. data/spec/chef-vault/certificate_spec.rb +7 -7
  50. data/spec/chef-vault/item_keys_spec.rb +53 -6
  51. data/spec/chef-vault/item_spec.rb +110 -110
  52. data/spec/chef-vault/user_spec.rb +6 -6
  53. data/spec/chef-vault_spec.rb +10 -10
  54. data/spec/spec_helper.rb +3 -3
  55. metadata +7 -6
  56. data/.rubocop_todo.yml +0 -101
@@ -18,13 +18,13 @@
18
18
  class ChefVault
19
19
  module Mixin
20
20
  module KnifeCompat
21
- require 'chef/version'
21
+ require "chef/version"
22
22
  def extend_context_object(obj)
23
23
  if Chef::VERSION.to_i >= 11
24
24
  require "chef/shell/ext"
25
25
  Shell::Extensions.extend_context_object(obj)
26
26
  else
27
- require 'chef/shef/ext'
27
+ require "chef/shef/ext"
28
28
  Shef::Extensions.extend_context_object(obj)
29
29
  end
30
30
  end
@@ -13,8 +13,8 @@
13
13
  # See the License for the specific language governing permissions and
14
14
  # limitations under the License.
15
15
 
16
- require 'chef/knife'
17
- require 'chef-vault'
16
+ require "chef/knife"
17
+ require "chef-vault"
18
18
 
19
19
  class Chef
20
20
  class Knife
@@ -32,7 +32,7 @@ class Chef
32
32
  admin_array += vault_admins
33
33
  end
34
34
 
35
- admin_array.join(',')
35
+ admin_array.join(",")
36
36
  end
37
37
  end
38
38
  end
@@ -13,8 +13,8 @@
13
13
  # See the License for the specific language governing permissions and
14
14
  # limitations under the License.
15
15
 
16
- require 'chef/knife'
17
- require 'chef-vault'
16
+ require "chef/knife"
17
+ require "chef-vault"
18
18
 
19
19
  class Chef
20
20
  class Knife
@@ -22,17 +22,17 @@ class Chef
22
22
  def self.included(includer)
23
23
  includer.class_eval do
24
24
  deps do
25
- require 'chef/search/query'
26
- require File.expand_path('../mixin/compat', __FILE__)
27
- require File.expand_path('../mixin/helper', __FILE__)
25
+ require "chef/search/query"
26
+ require File.expand_path("../mixin/compat", __FILE__)
27
+ require File.expand_path("../mixin/helper", __FILE__)
28
28
  include ChefVault::Mixin::KnifeCompat
29
29
  include ChefVault::Mixin::Helper
30
30
  end
31
31
 
32
32
  option :vault_mode,
33
- :short => '-M MODE',
34
- :long => '--mode MODE',
35
- :description => 'Chef mode to run in default - solo',
33
+ :short => "-M MODE",
34
+ :long => "--mode MODE",
35
+ :description => "Chef mode to run in default - solo",
36
36
  :proc => proc { |i| Chef::Config[:knife][:vault_mode] = i }
37
37
  end
38
38
  end
@@ -53,7 +53,7 @@ class Chef
53
53
  # there must be an equal number of keyline and not-keylike items
54
54
  return false unless keylike.size == notkeylike.size
55
55
  # strip the _keys suffix and check if the sets match
56
- keylike.map! { |k| k.gsub(/_keys$/, '') }
56
+ keylike.map! { |k| k.gsub(/_keys$/, "") }
57
57
  return false unless keylike.sort == notkeylike.sort
58
58
  # it's (probably) a vault
59
59
  true
@@ -13,8 +13,8 @@
13
13
  # See the License for the specific language governing permissions and
14
14
  # limitations under the License.
15
15
 
16
- require 'chef/knife/vault_base'
17
- require 'chef/knife/vault_admins'
16
+ require "chef/knife/vault_base"
17
+ require "chef/knife/vault_admins"
18
18
 
19
19
  class Chef
20
20
  class Knife
@@ -25,23 +25,23 @@ class Chef
25
25
  banner "knife vault create VAULT ITEM VALUES (options)"
26
26
 
27
27
  option :search,
28
- :short => '-S SEARCH',
29
- :long => '--search SEARCH',
30
- :description => 'Chef SOLR search for clients'
28
+ :short => "-S SEARCH",
29
+ :long => "--search SEARCH",
30
+ :description => "Chef SOLR search for clients"
31
31
 
32
32
  option :admins,
33
- :short => '-A ADMINS',
34
- :long => '--admins ADMINS',
35
- :description => 'Chef users to be added as admins'
33
+ :short => "-A ADMINS",
34
+ :long => "--admins ADMINS",
35
+ :description => "Chef users to be added as admins"
36
36
 
37
37
  option :json,
38
- :short => '-J FILE',
39
- :long => '--json FILE',
40
- :description => 'File containing JSON data to encrypt'
38
+ :short => "-J FILE",
39
+ :long => "--json FILE",
40
+ :description => "File containing JSON data to encrypt"
41
41
 
42
42
  option :file,
43
- :long => '--file FILE',
44
- :description => 'File to be added to vault item as file-content'
43
+ :long => "--file FILE",
44
+ :description => "File to be added to vault item as file-content"
45
45
 
46
46
  def run
47
47
  vault = @name_args[0]
@@ -13,7 +13,7 @@
13
13
  # See the License for the specific language governing permissions and
14
14
  # limitations under the License.
15
15
 
16
- require 'chef/knife/vault_base'
16
+ require "chef/knife/vault_base"
17
17
 
18
18
  class Chef
19
19
  class Knife
@@ -41,7 +41,7 @@ class Chef
41
41
  vault_item = ChefVault::Item.load(vault, item).raw_data
42
42
 
43
43
  if values
44
- included_values = %w(id)
44
+ included_values = %w{id}
45
45
 
46
46
  values.split(",").each do |value|
47
47
  value.strip! # remove white space
@@ -13,7 +13,7 @@
13
13
  # See the License for the specific language governing permissions and
14
14
  # limitations under the License.
15
15
 
16
- require 'chef/knife/vault_base'
16
+ require "chef/knife/vault_base"
17
17
 
18
18
  class Chef
19
19
  class Knife
@@ -13,7 +13,7 @@
13
13
  # See the License for the specific language governing permissions and
14
14
  # limitations under the License.
15
15
 
16
- require 'chef/knife/vault_base'
16
+ require "chef/knife/vault_base"
17
17
 
18
18
  class Chef
19
19
  class Knife
@@ -32,7 +32,7 @@ class Chef
32
32
  if vault && item && path
33
33
  vault_item = ChefVault::Item.load(vault, item)
34
34
  File.open(path, "w") do |file|
35
- file.write(vault_item['file-content'])
35
+ file.write(vault_item["file-content"])
36
36
  end
37
37
  ui.info("Saved #{vault_item['file-name']} as #{path}")
38
38
  else
@@ -13,7 +13,7 @@
13
13
  # See the License for the specific language governing permissions and
14
14
  # limitations under the License.
15
15
 
16
- require 'chef/knife/vault_base'
16
+ require "chef/knife/vault_base"
17
17
 
18
18
  class Chef
19
19
  class Knife
@@ -23,9 +23,9 @@ class Chef
23
23
  banner "knife vault edit VAULT ITEM (options)"
24
24
 
25
25
  option :mode,
26
- :short => '-M MODE',
27
- :long => '--mode MODE',
28
- :description => 'Chef mode to run in default - solo'
26
+ :short => "-M MODE",
27
+ :long => "--mode MODE",
28
+ :description => "Chef mode to run in default - solo"
29
29
 
30
30
  def run
31
31
  vault = @name_args[0]
@@ -37,13 +37,13 @@ class Chef
37
37
  begin
38
38
  vault_item = ChefVault::Item.load(vault, item)
39
39
 
40
- filtered_vault_data = vault_item.raw_data.select{|x| x != 'id'}
40
+ filtered_vault_data = vault_item.raw_data.select{|x| x != "id"}
41
41
 
42
42
  updated_vault_json = edit_data(filtered_vault_data)
43
43
 
44
44
  # Clean out contents of existing local vault_item
45
45
  vault_item.raw_data.each do |key, _|
46
- vault_item.remove(key) unless key == 'id'
46
+ vault_item.remove(key) unless key == "id"
47
47
  end
48
48
 
49
49
  # write new vault_item key/value pairs
@@ -13,7 +13,7 @@
13
13
  # See the License for the specific language governing permissions and
14
14
  # limitations under the License.
15
15
 
16
- require 'chef/knife/vault_base'
16
+ require "chef/knife/vault_base"
17
17
 
18
18
  class Chef
19
19
  class Knife
@@ -23,9 +23,9 @@ class Chef
23
23
  banner "knife vault isvault VAULT ITEM (options)"
24
24
 
25
25
  option :mode,
26
- :short => '-M MODE',
27
- :long => '--mode MODE',
28
- :description => 'Chef mode to run in default - solo'
26
+ :short => "-M MODE",
27
+ :long => "--mode MODE",
28
+ :description => "Chef mode to run in default - solo"
29
29
 
30
30
  def run
31
31
  vault = @name_args[0]
@@ -13,7 +13,7 @@
13
13
  # See the License for the specific language governing permissions and
14
14
  # limitations under the License.
15
15
 
16
- require 'chef/knife/vault_base'
16
+ require "chef/knife/vault_base"
17
17
 
18
18
  class Chef
19
19
  class Knife
@@ -23,9 +23,9 @@ class Chef
23
23
  banner "knife vault itemtype VAULT ITEM (options)"
24
24
 
25
25
  option :mode,
26
- :short => '-M MODE',
27
- :long => '--mode MODE',
28
- :description => 'Chef mode to run in default - solo'
26
+ :short => "-M MODE",
27
+ :long => "--mode MODE",
28
+ :description => "Chef mode to run in default - solo"
29
29
 
30
30
  def run
31
31
  vault = @name_args[0]
@@ -13,7 +13,7 @@
13
13
  # See the License for the specific language governing permissions and
14
14
  # limitations under the License.
15
15
 
16
- require 'chef/knife/vault_base'
16
+ require "chef/knife/vault_base"
17
17
 
18
18
  class Chef
19
19
  class Knife
@@ -23,9 +23,9 @@ class Chef
23
23
  banner "knife vault list (options)"
24
24
 
25
25
  option :mode,
26
- :short => '-M MODE',
27
- :long => '--mode MODE',
28
- :description => 'Chef mode to run in default - solo'
26
+ :short => "-M MODE",
27
+ :long => "--mode MODE",
28
+ :description => "Chef mode to run in default - solo"
29
29
 
30
30
  def run
31
31
  set_mode(config[:vault_mode])
@@ -13,7 +13,7 @@
13
13
  # See the License for the specific language governing permissions and
14
14
  # limitations under the License.
15
15
 
16
- require 'chef/knife/vault_base'
16
+ require "chef/knife/vault_base"
17
17
 
18
18
  class Chef
19
19
  class Knife
@@ -23,8 +23,8 @@ class Chef
23
23
  banner "knife vault refresh VAULT ITEM"
24
24
 
25
25
  option :clean_unknown_clients,
26
- :long => '--clean-unknown-clients',
27
- :description => 'Remove unknown clients during refresh'
26
+ :long => "--clean-unknown-clients",
27
+ :description => "Remove unknown clients during refresh"
28
28
 
29
29
  def run
30
30
  vault = @name_args[0]
@@ -13,7 +13,7 @@
13
13
  # See the License for the specific language governing permissions and
14
14
  # limitations under the License.
15
15
 
16
- require 'chef/knife/vault_base'
16
+ require "chef/knife/vault_base"
17
17
 
18
18
  class Chef
19
19
  class Knife
@@ -23,18 +23,18 @@ class Chef
23
23
  banner "knife vault remove VAULT ITEM VALUES (options)"
24
24
 
25
25
  option :search,
26
- :short => '-S SEARCH',
27
- :long => '--search SEARCH',
28
- :description => 'Chef SOLR search for clients'
26
+ :short => "-S SEARCH",
27
+ :long => "--search SEARCH",
28
+ :description => "Chef SOLR search for clients"
29
29
 
30
30
  option :admins,
31
- :short => '-A ADMINS',
32
- :long => '--admins ADMINS',
33
- :description => 'Chef users to be added as admins'
31
+ :short => "-A ADMINS",
32
+ :long => "--admins ADMINS",
33
+ :description => "Chef users to be added as admins"
34
34
 
35
35
  option :clean_unknown_clients,
36
- :long => '--clean-unknown-clients',
37
- :description => 'Remove unknown clients during key rotation'
36
+ :long => "--clean-unknown-clients",
37
+ :description => "Remove unknown clients during key rotation"
38
38
 
39
39
  def run
40
40
  vault = @name_args[0]
@@ -13,7 +13,7 @@
13
13
  # See the License for the specific language governing permissions and
14
14
  # limitations under the License.
15
15
 
16
- require 'chef/knife/vault_base'
16
+ require "chef/knife/vault_base"
17
17
 
18
18
  class Chef
19
19
  class Knife
@@ -23,8 +23,8 @@ class Chef
23
23
  banner "knife vault rotate all keys"
24
24
 
25
25
  option :clean_unknown_clients,
26
- :long => '--clean-unknown-clients',
27
- :description => 'Remove unknown clients during key rotation'
26
+ :long => "--clean-unknown-clients",
27
+ :description => "Remove unknown clients during key rotation"
28
28
 
29
29
  def run
30
30
  clean_unknown_clients = config[:clean_unknown_clients]
@@ -47,7 +47,7 @@ class Chef
47
47
 
48
48
  def vault_items(vault)
49
49
  Chef::DataBag.load(vault).keys.each_with_object([]) do |key, array|
50
- array << key.sub('_keys', '') if key.match(/.+_keys$/)
50
+ array << key.sub("_keys", "") if key.match(/.+_keys$/)
51
51
  end
52
52
  end
53
53
 
@@ -13,7 +13,7 @@
13
13
  # See the License for the specific language governing permissions and
14
14
  # limitations under the License.
15
15
 
16
- require 'chef/knife/vault_base'
16
+ require "chef/knife/vault_base"
17
17
 
18
18
  class Chef
19
19
  class Knife
@@ -23,8 +23,8 @@ class Chef
23
23
  banner "knife vault rotate keys VAULT ITEM (options)"
24
24
 
25
25
  option :clean_unknown_clients,
26
- :long => '--clean-unknown-clients',
27
- :description => 'Remove unknown clients during key rotation'
26
+ :long => "--clean-unknown-clients",
27
+ :description => "Remove unknown clients during key rotation"
28
28
 
29
29
  def run
30
30
  vault = @name_args[0]
@@ -13,7 +13,7 @@
13
13
  # See the License for the specific language governing permissions and
14
14
  # limitations under the License.
15
15
 
16
- require 'chef/knife/vault_base'
16
+ require "chef/knife/vault_base"
17
17
 
18
18
  class Chef
19
19
  class Knife
@@ -23,14 +23,14 @@ class Chef
23
23
  banner "knife vault show VAULT [ITEM] [VALUES] (options)"
24
24
 
25
25
  option :mode,
26
- :short => '-M MODE',
27
- :long => '--mode MODE',
28
- :description => 'Chef mode to run in default - solo'
26
+ :short => "-M MODE",
27
+ :long => "--mode MODE",
28
+ :description => "Chef mode to run in default - solo"
29
29
 
30
30
  option :print,
31
- :short => '-p TYPE',
32
- :long => '--print TYPE',
33
- :description => 'Print extra vault data, can be search, admins, clients or all'
31
+ :short => "-p TYPE",
32
+ :long => "--print TYPE",
33
+ :description => "Print extra vault data, can be search, admins, clients or all"
34
34
 
35
35
  def run
36
36
  vault = @name_args[0]
@@ -55,13 +55,13 @@ class Chef
55
55
 
56
56
  if config[:print]
57
57
  case config[:print]
58
- when 'search'
58
+ when "search"
59
59
  extra_data["search_query"] = vault_item.search
60
- when 'admins'
60
+ when "admins"
61
61
  extra_data["admins"] = vault_item.admins
62
- when 'clients'
62
+ when "clients"
63
63
  extra_data["clients"] = vault_item.clients
64
- when 'all'
64
+ when "all"
65
65
  extra_data["search_query"] = vault_item.search
66
66
  extra_data["admins"] = vault_item.admins
67
67
  extra_data["clients"] = vault_item.clients
@@ -69,7 +69,7 @@ class Chef
69
69
  end
70
70
 
71
71
  if values
72
- included_values = %w(id)
72
+ included_values = %w{id}
73
73
 
74
74
  values.split(",").each do |value|
75
75
  value.strip! # remove white space
@@ -13,8 +13,8 @@
13
13
  # See the License for the specific language governing permissions and
14
14
  # limitations under the License.
15
15
 
16
- require 'chef/knife/vault_base'
17
- require 'chef/knife/vault_admins'
16
+ require "chef/knife/vault_base"
17
+ require "chef/knife/vault_admins"
18
18
 
19
19
  class Chef
20
20
  class Knife
@@ -25,27 +25,27 @@ class Chef
25
25
  banner "knife vault update VAULT ITEM VALUES (options)"
26
26
 
27
27
  option :search,
28
- :short => '-S SEARCH',
29
- :long => '--search SEARCH',
30
- :description => 'Chef SOLR search for clients'
28
+ :short => "-S SEARCH",
29
+ :long => "--search SEARCH",
30
+ :description => "Chef SOLR search for clients"
31
31
 
32
32
  option :admins,
33
- :short => '-A ADMINS',
34
- :long => '--admins ADMINS',
35
- :description => 'Chef users to be added as admins'
33
+ :short => "-A ADMINS",
34
+ :long => "--admins ADMINS",
35
+ :description => "Chef users to be added as admins"
36
36
 
37
37
  option :json,
38
- :short => '-J FILE',
39
- :long => '--json FILE',
40
- :description => 'File containing JSON data to encrypt'
38
+ :short => "-J FILE",
39
+ :long => "--json FILE",
40
+ :description => "File containing JSON data to encrypt"
41
41
 
42
42
  option :file,
43
- :long => '--file FILE',
44
- :description => 'File to be added to vault item as file-content'
43
+ :long => "--file FILE",
44
+ :description => "File to be added to vault item as file-content"
45
45
 
46
46
  option :clean,
47
- :long => '--clean',
48
- :description => 'Clean clients before performing search'
47
+ :long => "--clean",
48
+ :description => "Clean clients before performing search"
49
49
 
50
50
  def run
51
51
  vault = @name_args[0]