RubyGems - chef-vault - Versions diffs - 2.6.1 → 2.7.1 - Mend

chef-vault 2.6.1 → 2.7.1

Files changed (56) hide show

checksums.yaml +4 -4
data/.rubocop.yml +6 -1
data/.travis.yml +5 -6
data/CONTRIBUTING.md +2 -2
data/Gemfile +3 -1
data/README.md +3 -3
data/Rakefile +16 -20
data/THEORY.md +1 -1
data/UPGRADE.md +55 -0
data/bin/chef-vault +8 -8
data/chef-vault.gemspec +21 -21
data/features/detect_and_warn_v1_vault.feature +15 -0
data/features/step_definitions/chef-databag.rb +1 -1
data/features/step_definitions/chef-repo.rb +7 -7
data/features/step_definitions/chef-vault.rb +30 -22
data/features/step_definitions/chef_databagitem.rb +2 -2
data/features/support/env.rb +3 -3
data/lib/chef-vault.rb +15 -15
data/lib/chef-vault/chef_patch/api_client.rb +5 -5
data/lib/chef-vault/chef_patch/user.rb +5 -5
data/lib/chef-vault/exceptions.rb +3 -0
data/lib/chef-vault/item.rb +13 -19
data/lib/chef-vault/item_keys.rb +13 -13
data/lib/chef-vault/mixins.rb +36 -0
data/lib/chef-vault/version.rb +3 -2
data/lib/chef/knife/decrypt.rb +2 -2
data/lib/chef/knife/encrypt_create.rb +13 -13
data/lib/chef/knife/encrypt_delete.rb +2 -2
data/lib/chef/knife/encrypt_remove.rb +8 -8
data/lib/chef/knife/encrypt_rotate_keys.rb +2 -2
data/lib/chef/knife/encrypt_update.rb +13 -13
data/lib/chef/knife/mixin/compat.rb +2 -2
data/lib/chef/knife/vault_admins.rb +3 -3
data/lib/chef/knife/vault_base.rb +9 -9
data/lib/chef/knife/vault_create.rb +13 -13
data/lib/chef/knife/vault_decrypt.rb +2 -2
data/lib/chef/knife/vault_delete.rb +1 -1
data/lib/chef/knife/vault_download.rb +2 -2
data/lib/chef/knife/vault_edit.rb +6 -6
data/lib/chef/knife/vault_isvault.rb +4 -4
data/lib/chef/knife/vault_itemtype.rb +4 -4
data/lib/chef/knife/vault_list.rb +4 -4
data/lib/chef/knife/vault_refresh.rb +3 -3
data/lib/chef/knife/vault_remove.rb +9 -9
data/lib/chef/knife/vault_rotate_all_keys.rb +4 -4
data/lib/chef/knife/vault_rotate_keys.rb +3 -3
data/lib/chef/knife/vault_show.rb +12 -12
data/lib/chef/knife/vault_update.rb +15 -15
data/spec/chef-vault/certificate_spec.rb +7 -7
data/spec/chef-vault/item_keys_spec.rb +53 -6
data/spec/chef-vault/item_spec.rb +110 -110
data/spec/chef-vault/user_spec.rb +6 -6
data/spec/chef-vault_spec.rb +10 -10
data/spec/spec_helper.rb +3 -3
metadata +7 -6
data/.rubocop_todo.yml +0 -101

data/lib/chef/knife/mixin/compat.rb CHANGED

@@ -18,13 +18,13 @@
 class ChefVault
   module Mixin
     module KnifeCompat
-      require 'chef/version'
+      require "chef/version"
       def extend_context_object(obj)
         if Chef::VERSION.to_i >= 11
           require "chef/shell/ext"
           Shell::Extensions.extend_context_object(obj)
         else
-          require 'chef/shef/ext'
+          require "chef/shef/ext"
           Shef::Extensions.extend_context_object(obj)
         end
       end

data/lib/chef/knife/vault_admins.rb CHANGED

@@ -13,8 +13,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-require 'chef/knife'
-require 'chef-vault'
+require "chef/knife"
+require "chef-vault"
 class Chef
   class Knife
@@ -32,7 +32,7 @@ class Chef
           admin_array += vault_admins
         end
-        admin_array.join(',')
+        admin_array.join(",")
       end
     end
   end

data/lib/chef/knife/vault_base.rb CHANGED

@@ -13,8 +13,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-require 'chef/knife'
-require 'chef-vault'
+require "chef/knife"
+require "chef-vault"
 class Chef
   class Knife
@@ -22,17 +22,17 @@ class Chef
       def self.included(includer)
         includer.class_eval do
           deps do
-            require 'chef/search/query'
-            require File.expand_path('../mixin/compat', __FILE__)
-            require File.expand_path('../mixin/helper', __FILE__)
+            require "chef/search/query"
+            require File.expand_path("../mixin/compat", __FILE__)
+            require File.expand_path("../mixin/helper", __FILE__)
             include ChefVault::Mixin::KnifeCompat
             include ChefVault::Mixin::Helper
           end
           option :vault_mode,
-            :short => '-M MODE',
-            :long => '--mode MODE',
-            :description => 'Chef mode to run in default - solo',
+            :short => "-M MODE",
+            :long => "--mode MODE",
+            :description => "Chef mode to run in default - solo",
             :proc => proc { |i| Chef::Config[:knife][:vault_mode] = i }
         end
       end
@@ -53,7 +53,7 @@ class Chef
         # there must be an equal number of keyline and not-keylike items
         return false unless keylike.size == notkeylike.size
         # strip the _keys suffix and check if the sets match
-        keylike.map! { |k| k.gsub(/_keys$/, '') }
+        keylike.map! { |k| k.gsub(/_keys$/, "") }
         return false unless keylike.sort == notkeylike.sort
         # it's (probably) a vault
         true

data/lib/chef/knife/vault_create.rb CHANGED

@@ -13,8 +13,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-require 'chef/knife/vault_base'
-require 'chef/knife/vault_admins'
+require "chef/knife/vault_base"
+require "chef/knife/vault_admins"
 class Chef
   class Knife
@@ -25,23 +25,23 @@ class Chef
       banner "knife vault create VAULT ITEM VALUES (options)"
       option :search,
-        :short => '-S SEARCH',
-        :long => '--search SEARCH',
-        :description => 'Chef SOLR search for clients'
+        :short => "-S SEARCH",
+        :long => "--search SEARCH",
+        :description => "Chef SOLR search for clients"
       option :admins,
-        :short => '-A ADMINS',
-        :long => '--admins ADMINS',
-        :description => 'Chef users to be added as admins'
+        :short => "-A ADMINS",
+        :long => "--admins ADMINS",
+        :description => "Chef users to be added as admins"
       option :json,
-        :short => '-J FILE',
-        :long => '--json FILE',
-        :description => 'File containing JSON data to encrypt'
+        :short => "-J FILE",
+        :long => "--json FILE",
+        :description => "File containing JSON data to encrypt"
       option :file,
-        :long => '--file FILE',
-        :description => 'File to be added to vault item as file-content'
+        :long => "--file FILE",
+        :description => "File to be added to vault item as file-content"
       def run
         vault = @name_args[0]

data/lib/chef/knife/vault_decrypt.rb CHANGED

@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-require 'chef/knife/vault_base'
+require "chef/knife/vault_base"
 class Chef
   class Knife
@@ -41,7 +41,7 @@ class Chef
         vault_item = ChefVault::Item.load(vault, item).raw_data
         if values
-          included_values = %w(id)
+          included_values = %w{id}
           values.split(",").each do |value|
             value.strip! # remove white space

data/lib/chef/knife/vault_delete.rb CHANGED

@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-require 'chef/knife/vault_base'
+require "chef/knife/vault_base"
 class Chef
   class Knife

data/lib/chef/knife/vault_download.rb CHANGED

@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-require 'chef/knife/vault_base'
+require "chef/knife/vault_base"
 class Chef
   class Knife
@@ -32,7 +32,7 @@ class Chef
         if vault && item && path
           vault_item = ChefVault::Item.load(vault, item)
           File.open(path, "w") do |file|
-            file.write(vault_item['file-content'])
+            file.write(vault_item["file-content"])
           end
           ui.info("Saved #{vault_item['file-name']} as #{path}")
         else

data/lib/chef/knife/vault_edit.rb CHANGED

@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-require 'chef/knife/vault_base'
+require "chef/knife/vault_base"
 class Chef
   class Knife
@@ -23,9 +23,9 @@ class Chef
       banner "knife vault edit VAULT ITEM (options)"
       option :mode,
-        :short => '-M MODE',
-        :long => '--mode MODE',
-        :description => 'Chef mode to run in default - solo'
+        :short => "-M MODE",
+        :long => "--mode MODE",
+        :description => "Chef mode to run in default - solo"
       def run
         vault = @name_args[0]
@@ -37,13 +37,13 @@ class Chef
           begin
             vault_item = ChefVault::Item.load(vault, item)
-            filtered_vault_data = vault_item.raw_data.select{|x| x != 'id'}
+            filtered_vault_data = vault_item.raw_data.select{|x| x != "id"}
             updated_vault_json = edit_data(filtered_vault_data)
             # Clean out contents of existing local vault_item
             vault_item.raw_data.each do |key, _|
-              vault_item.remove(key) unless key == 'id'
+              vault_item.remove(key) unless key == "id"
             end
             # write new vault_item key/value pairs

data/lib/chef/knife/vault_isvault.rb CHANGED

@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-require 'chef/knife/vault_base'
+require "chef/knife/vault_base"
 class Chef
   class Knife
@@ -23,9 +23,9 @@ class Chef
       banner "knife vault isvault VAULT ITEM (options)"
       option :mode,
-        :short => '-M MODE',
-        :long => '--mode MODE',
-        :description => 'Chef mode to run in default - solo'
+        :short => "-M MODE",
+        :long => "--mode MODE",
+        :description => "Chef mode to run in default - solo"
       def run
         vault = @name_args[0]

data/lib/chef/knife/vault_itemtype.rb CHANGED

@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-require 'chef/knife/vault_base'
+require "chef/knife/vault_base"
 class Chef
   class Knife
@@ -23,9 +23,9 @@ class Chef
       banner "knife vault itemtype VAULT ITEM (options)"
       option :mode,
-        :short => '-M MODE',
-        :long => '--mode MODE',
-        :description => 'Chef mode to run in default - solo'
+        :short => "-M MODE",
+        :long => "--mode MODE",
+        :description => "Chef mode to run in default - solo"
       def run
         vault = @name_args[0]

data/lib/chef/knife/vault_list.rb CHANGED

@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-require 'chef/knife/vault_base'
+require "chef/knife/vault_base"
 class Chef
   class Knife
@@ -23,9 +23,9 @@ class Chef
       banner "knife vault list (options)"
       option :mode,
-        :short => '-M MODE',
-        :long => '--mode MODE',
-        :description => 'Chef mode to run in default - solo'
+        :short => "-M MODE",
+        :long => "--mode MODE",
+        :description => "Chef mode to run in default - solo"
       def run
         set_mode(config[:vault_mode])

data/lib/chef/knife/vault_refresh.rb CHANGED

@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-require 'chef/knife/vault_base'
+require "chef/knife/vault_base"
 class Chef
   class Knife
@@ -23,8 +23,8 @@ class Chef
       banner "knife vault refresh VAULT ITEM"
       option :clean_unknown_clients,
-        :long => '--clean-unknown-clients',
-        :description => 'Remove unknown clients during refresh'
+        :long => "--clean-unknown-clients",
+        :description => "Remove unknown clients during refresh"
       def run
         vault = @name_args[0]

data/lib/chef/knife/vault_remove.rb CHANGED

@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-require 'chef/knife/vault_base'
+require "chef/knife/vault_base"
 class Chef
   class Knife
@@ -23,18 +23,18 @@ class Chef
       banner "knife vault remove VAULT ITEM VALUES (options)"
       option :search,
-        :short => '-S SEARCH',
-        :long => '--search SEARCH',
-        :description => 'Chef SOLR search for clients'
+        :short => "-S SEARCH",
+        :long => "--search SEARCH",
+        :description => "Chef SOLR search for clients"
       option :admins,
-        :short => '-A ADMINS',
-        :long => '--admins ADMINS',
-        :description => 'Chef users to be added as admins'
+        :short => "-A ADMINS",
+        :long => "--admins ADMINS",
+        :description => "Chef users to be added as admins"
       option :clean_unknown_clients,
-        :long => '--clean-unknown-clients',
-        :description => 'Remove unknown clients during key rotation'
+        :long => "--clean-unknown-clients",
+        :description => "Remove unknown clients during key rotation"
       def run
         vault = @name_args[0]

data/lib/chef/knife/vault_rotate_all_keys.rb CHANGED

@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-require 'chef/knife/vault_base'
+require "chef/knife/vault_base"
 class Chef
   class Knife
@@ -23,8 +23,8 @@ class Chef
       banner "knife vault rotate all keys"
       option :clean_unknown_clients,
-        :long => '--clean-unknown-clients',
-        :description => 'Remove unknown clients during key rotation'
+        :long => "--clean-unknown-clients",
+        :description => "Remove unknown clients during key rotation"
       def run
         clean_unknown_clients = config[:clean_unknown_clients]
@@ -47,7 +47,7 @@ class Chef
       def vault_items(vault)
         Chef::DataBag.load(vault).keys.each_with_object([]) do |key, array|
-          array << key.sub('_keys', '') if key.match(/.+_keys$/)
+          array << key.sub("_keys", "") if key.match(/.+_keys$/)
         end
       end

data/lib/chef/knife/vault_rotate_keys.rb CHANGED

@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-require 'chef/knife/vault_base'
+require "chef/knife/vault_base"
 class Chef
   class Knife
@@ -23,8 +23,8 @@ class Chef
       banner "knife vault rotate keys VAULT ITEM (options)"
       option :clean_unknown_clients,
-        :long => '--clean-unknown-clients',
-        :description => 'Remove unknown clients during key rotation'
+        :long => "--clean-unknown-clients",
+        :description => "Remove unknown clients during key rotation"
       def run
         vault = @name_args[0]

data/lib/chef/knife/vault_show.rb CHANGED

@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-require 'chef/knife/vault_base'
+require "chef/knife/vault_base"
 class Chef
   class Knife
@@ -23,14 +23,14 @@ class Chef
       banner "knife vault show VAULT [ITEM] [VALUES] (options)"
       option :mode,
-        :short => '-M MODE',
-        :long => '--mode MODE',
-        :description => 'Chef mode to run in default - solo'
+        :short => "-M MODE",
+        :long => "--mode MODE",
+        :description => "Chef mode to run in default - solo"
       option :print,
-        :short => '-p TYPE',
-        :long => '--print TYPE',
-        :description => 'Print extra vault data, can be search, admins, clients or all'
+        :short => "-p TYPE",
+        :long => "--print TYPE",
+        :description => "Print extra vault data, can be search, admins, clients or all"
       def run
         vault = @name_args[0]
@@ -55,13 +55,13 @@ class Chef
         if config[:print]
           case config[:print]
-          when 'search'
+          when "search"
             extra_data["search_query"] = vault_item.search
-          when 'admins'
+          when "admins"
             extra_data["admins"] = vault_item.admins
-          when 'clients'
+          when "clients"
             extra_data["clients"] = vault_item.clients
-          when 'all'
+          when "all"
             extra_data["search_query"] = vault_item.search
             extra_data["admins"] = vault_item.admins
             extra_data["clients"] = vault_item.clients
@@ -69,7 +69,7 @@ class Chef
         end
         if values
-          included_values = %w(id)
+          included_values = %w{id}
           values.split(",").each do |value|
             value.strip! # remove white space

data/lib/chef/knife/vault_update.rb CHANGED

@@ -13,8 +13,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-require 'chef/knife/vault_base'
-require 'chef/knife/vault_admins'
+require "chef/knife/vault_base"
+require "chef/knife/vault_admins"
 class Chef
   class Knife
@@ -25,27 +25,27 @@ class Chef
       banner "knife vault update VAULT ITEM VALUES (options)"
       option :search,
-        :short => '-S SEARCH',
-        :long => '--search SEARCH',
-        :description => 'Chef SOLR search for clients'
+        :short => "-S SEARCH",
+        :long => "--search SEARCH",
+        :description => "Chef SOLR search for clients"
       option :admins,
-        :short => '-A ADMINS',
-        :long => '--admins ADMINS',
-        :description => 'Chef users to be added as admins'
+        :short => "-A ADMINS",
+        :long => "--admins ADMINS",
+        :description => "Chef users to be added as admins"
       option :json,
-        :short => '-J FILE',
-        :long => '--json FILE',
-        :description => 'File containing JSON data to encrypt'
+        :short => "-J FILE",
+        :long => "--json FILE",
+        :description => "File containing JSON data to encrypt"
       option :file,
-        :long => '--file FILE',
-        :description => 'File to be added to vault item as file-content'
+        :long => "--file FILE",
+        :description => "File to be added to vault item as file-content"
       option :clean,
-        :long => '--clean',
-        :description => 'Clean clients before performing search'
+        :long => "--clean",
+        :description => "Clean clients before performing search"
       def run
         vault = @name_args[0]