chef-vault 2.9.2 → 3.0.0.rc1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +2 -11
- data/Changelog.md +1 -6
- data/Gemfile +4 -5
- data/KNIFE_EXAMPLES.md +66 -14
- data/LICENSE +201 -177
- data/README.md +74 -4
- data/Rakefile +1 -1
- data/bin/chef-vault +3 -2
- data/chef-vault.gemspec +13 -15
- data/features/clean.feature +0 -1
- data/features/clean_on_refresh.feature +0 -1
- data/features/clean_unknown_clients.feature +0 -1
- data/features/detect_and_warn_v1_vault.feature +0 -1
- data/features/isvault.feature +0 -1
- data/features/itemtype.feature +0 -1
- data/features/vault_create.feature +1 -2
- data/features/vault_list.feature +0 -1
- data/features/vault_show.feature +0 -1
- data/features/vault_show_vaultname.feature +0 -1
- data/features/vault_update.feature +0 -1
- data/features/verify_id_matches.feature +0 -1
- data/features/wrong_private_key.feature +0 -1
- data/hooks/pre-commit +43 -0
- data/lib/chef-vault.rb +10 -2
- data/lib/chef-vault/actor.rb +149 -0
- data/lib/chef-vault/certificate.rb +1 -1
- data/lib/chef-vault/chef_api.rb +39 -0
- data/lib/chef-vault/item.rb +57 -71
- data/lib/chef-vault/item_keys.rb +14 -9
- data/lib/chef-vault/user.rb +1 -1
- data/lib/chef-vault/version.rb +1 -1
- data/lib/chef/knife/vault_base.rb +5 -2
- data/lib/chef/knife/{encrypt_delete.rb → vault_clients.rb} +6 -12
- data/lib/chef/knife/vault_create.rb +9 -1
- data/lib/chef/knife/vault_remove.rb +9 -1
- data/lib/chef/knife/vault_rotate_all_keys.rb +1 -1
- data/lib/chef/knife/vault_show.rb +4 -4
- data/lib/chef/knife/vault_update.rb +13 -5
- data/spec/chef-vault/actor_spec.rb +247 -0
- data/spec/chef-vault/certificate_spec.rb +2 -9
- data/spec/chef-vault/chef_api_spec.rb +39 -0
- data/spec/chef-vault/item_keys_spec.rb +52 -0
- data/spec/chef-vault/item_spec.rb +139 -85
- data/spec/chef-vault/user_spec.rb +2 -9
- data/spec/spec_helper.rb +1 -0
- metadata +36 -42
- data/CONTRIBUTING.md +0 -118
- data/lib/chef-vault/chef_patch/api_client.rb +0 -45
- data/lib/chef-vault/chef_patch/user.rb +0 -33
- data/lib/chef/knife/decrypt.rb +0 -32
- data/lib/chef/knife/encrypt_create.rb +0 -51
- data/lib/chef/knife/encrypt_remove.rb +0 -42
- data/lib/chef/knife/encrypt_rotate_keys.rb +0 -32
- data/lib/chef/knife/encrypt_update.rb +0 -51
- data/lib/chef/knife/mixin/compat.rb +0 -33
- data/lib/chef/knife/vault_decrypt.rb +0 -58
data/CONTRIBUTING.md
DELETED
@@ -1,118 +0,0 @@
|
|
1
|
-
# Contributing to Chef-Vault
|
2
|
-
|
3
|
-
We welcome contributions. Your patch is part of a vibrant open source
|
4
|
-
community which makes Chef-Vault great. These guidelines will help your pull
|
5
|
-
request to be merged sooner.
|
6
|
-
|
7
|
-
### Create an Issue
|
8
|
-
|
9
|
-
Each pull request should have a corresponding [Chef-Vault GitHub
|
10
|
-
issue](https://github.com/chef/chef-vault/issues?state=open). Search the
|
11
|
-
issue list to make sure someone hasn't already submitted a pull request to fix
|
12
|
-
your issue. If not, please create a new issue.
|
13
|
-
|
14
|
-
Later, you'll create a feature branch with this issue number.
|
15
|
-
|
16
|
-
### Fork the Repo
|
17
|
-
|
18
|
-
Fork the Chef-Vault project and check out your copy. See this [GitHub
|
19
|
-
guide](https://help.github.com/articles/fork-a-repo) for more info.
|
20
|
-
|
21
|
-
```bash
|
22
|
-
$ git clone https://github.com/<username>/chef-vault.git
|
23
|
-
$ cd chef-vault
|
24
|
-
$ git remote add upstream https://github.com/chef/chef-vault.git
|
25
|
-
```
|
26
|
-
|
27
|
-
### Create a Local Feature Branch
|
28
|
-
|
29
|
-
Create a feature branch and start hacking:
|
30
|
-
|
31
|
-
```
|
32
|
-
$ git checkout -b my-feature-branch
|
33
|
-
```
|
34
|
-
|
35
|
-
### Code
|
36
|
-
|
37
|
-
Please follow the [Ruby Style
|
38
|
-
Guide](https://github.com/bbatsov/ruby-style-guide) when writing Ruby code for
|
39
|
-
Chef-Vault.
|
40
|
-
|
41
|
-
### Commit
|
42
|
-
|
43
|
-
Make sure git knows your name and email address:
|
44
|
-
|
45
|
-
```bash
|
46
|
-
$ git config --global user.name "Jane Doe"
|
47
|
-
$ git config --global user.email "jane.doe@example.com"
|
48
|
-
```
|
49
|
-
|
50
|
-
Writing good commit messages is important. A commit message should describe what
|
51
|
-
changed and why. Follow these guidelines when writing one:
|
52
|
-
|
53
|
-
1. The first line should be 50 or fewer characters and contain a short
|
54
|
-
description of the change.
|
55
|
-
If this commit fixes/closes an issue, prefix the commit message
|
56
|
-
like this: "Fixes #7: ". Here's a complete example:
|
57
|
-
`Fixes #9: Use getters instead of instance vars`
|
58
|
-
2. Keep the second line blank.
|
59
|
-
3. Wrap all other lines at 72 columns.
|
60
|
-
|
61
|
-
A good commit log looks like this:
|
62
|
-
|
63
|
-
```
|
64
|
-
Fixes #9: Use getters instead of instance vars
|
65
|
-
|
66
|
-
Body of commit message is a few lines of text, explaining things
|
67
|
-
in more detail, possibly giving some background about the issue
|
68
|
-
being fixed, etc etc.
|
69
|
-
|
70
|
-
The body of the commit message can be several paragraphs, and
|
71
|
-
please do proper word-wrap and keep columns shorter than about
|
72
|
-
72 characters or so. That way `git log` will show things
|
73
|
-
nicely even when it is indented.
|
74
|
-
```
|
75
|
-
|
76
|
-
The header line should be meaningful; it is what other people see when they
|
77
|
-
run `git shortlog` or `git log --oneline`.
|
78
|
-
|
79
|
-
### Rebase
|
80
|
-
|
81
|
-
Use `git rebase` (not `git merge`) to sync your work from time to time if
|
82
|
-
upstream/master has moved ahead of you.
|
83
|
-
|
84
|
-
```bash
|
85
|
-
$ git fetch upstream
|
86
|
-
$ git rebase upstream/master
|
87
|
-
```
|
88
|
-
|
89
|
-
### Test
|
90
|
-
|
91
|
-
Bug fixes and features should come with RSpec tests. Add your tests in the
|
92
|
-
`spec` directory. Look at other tests to see how they should be
|
93
|
-
structured (license boilerplate, common includes, etc.).
|
94
|
-
|
95
|
-
Run `bundle install && bundle exec rake` to run the test suite.
|
96
|
-
|
97
|
-
Make sure all tests pass.
|
98
|
-
|
99
|
-
### Push
|
100
|
-
|
101
|
-
```bash
|
102
|
-
$ git push origin my-feature-branch
|
103
|
-
```
|
104
|
-
|
105
|
-
### Create a Pull Request
|
106
|
-
Go to https://github.com/<username>/chef-vault and select your feature branch. Click
|
107
|
-
the 'Pull Request' button and fill out the form.
|
108
|
-
|
109
|
-
Pull requests are usually reviewed within a few days. If there are comments
|
110
|
-
to address, apply your changes in a separate commit and push that to your
|
111
|
-
feature branch. Post a comment in the pull request afterwards; GitHub does
|
112
|
-
not send out notifications when you add commits.
|
113
|
-
|
114
|
-
### Thank You
|
115
|
-
Thank you for reading this far. We look forward to your contribution.
|
116
|
-
|
117
|
-
Kevin Moser, Doug Ireton
|
118
|
-
Nordstrom
|
@@ -1,45 +0,0 @@
|
|
1
|
-
# Author:: Kevin Moser <kevin.moser@nordstrom.com>
|
2
|
-
# Copyright:: Copyright 2013, Nordstrom, Inc.
|
3
|
-
# License:: Apache License, Version 2.0
|
4
|
-
|
5
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
-
# you may not use this file except in compliance with the License.
|
7
|
-
# You may obtain a copy of the License at
|
8
|
-
|
9
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
10
|
-
|
11
|
-
# Unless required by applicable law or agreed to in writing, software
|
12
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
-
# See the License for the specific language governing permissions and
|
15
|
-
# limitations under the License.
|
16
|
-
|
17
|
-
class ChefVault
|
18
|
-
module ChefPatch
|
19
|
-
class ApiClient < Chef::ApiClient
|
20
|
-
# Fix an issue where core Chef::ApiClient does not load
|
21
|
-
# the private key for Chef 10
|
22
|
-
def self.load(name)
|
23
|
-
response = http_api.get("clients/#{name}")
|
24
|
-
if response.is_a?(Chef::ApiClient)
|
25
|
-
response
|
26
|
-
else
|
27
|
-
client = Chef::ApiClient.new
|
28
|
-
client.name(response["clientname"] || response["name"])
|
29
|
-
|
30
|
-
if response["certificate"]
|
31
|
-
der = OpenSSL::X509::Certificate.new response["certificate"]
|
32
|
-
client.public_key der.public_key.to_s
|
33
|
-
end
|
34
|
-
|
35
|
-
if response["public_key"]
|
36
|
-
der = OpenSSL::PKey::RSA.new response["public_key"]
|
37
|
-
client.public_key der.public_key.to_s
|
38
|
-
end
|
39
|
-
|
40
|
-
client
|
41
|
-
end
|
42
|
-
end
|
43
|
-
end
|
44
|
-
end
|
45
|
-
end
|
@@ -1,33 +0,0 @@
|
|
1
|
-
# Author:: Kevin Moser <kevin.moser@nordstrom.com>
|
2
|
-
# Copyright:: Copyright 2013, Nordstrom, Inc.
|
3
|
-
# License:: Apache License, Version 2.0
|
4
|
-
|
5
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
-
# you may not use this file except in compliance with the License.
|
7
|
-
# You may obtain a copy of the License at
|
8
|
-
|
9
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
10
|
-
|
11
|
-
# Unless required by applicable law or agreed to in writing, software
|
12
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
-
# See the License for the specific language governing permissions and
|
15
|
-
# limitations under the License.
|
16
|
-
|
17
|
-
class ChefVault
|
18
|
-
module ChefPatch
|
19
|
-
class User < Chef::User
|
20
|
-
# def from_hash for our implementation because name is not being
|
21
|
-
# set correctly for Chef 10 server
|
22
|
-
def superclass.from_hash(user_hash)
|
23
|
-
user = Chef::User.new
|
24
|
-
user.name user_hash["username"] ? user_hash["username"] : user_hash["name"]
|
25
|
-
user.private_key user_hash["private_key"] if user_hash.key?("private_key")
|
26
|
-
user.password user_hash["password"] if user_hash.key?("password")
|
27
|
-
user.public_key user_hash["public_key"]
|
28
|
-
user.admin user_hash["admin"]
|
29
|
-
user
|
30
|
-
end
|
31
|
-
end
|
32
|
-
end
|
33
|
-
end
|
data/lib/chef/knife/decrypt.rb
DELETED
@@ -1,32 +0,0 @@
|
|
1
|
-
# Description: Chef-Vault Decrypt class
|
2
|
-
# Copyright 2013-15, Nordstrom, Inc.
|
3
|
-
|
4
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
5
|
-
# you may not use this file except in compliance with the License.
|
6
|
-
# You may obtain a copy of the License at
|
7
|
-
|
8
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
9
|
-
|
10
|
-
# Unless required by applicable law or agreed to in writing, software
|
11
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
-
# See the License for the specific language governing permissions and
|
14
|
-
# limitations under the License.
|
15
|
-
|
16
|
-
require "chef/knife/vault_base"
|
17
|
-
require "chef/knife/vault_decrypt"
|
18
|
-
|
19
|
-
class Chef
|
20
|
-
class Knife
|
21
|
-
class Decrypt < VaultDecrypt
|
22
|
-
include Knife::VaultBase
|
23
|
-
|
24
|
-
banner "knife decrypt VAULT ITEM [VALUES] (options)"
|
25
|
-
|
26
|
-
def run
|
27
|
-
$stdout.puts "DEPRECATION WARNING: knife decrypt is deprecated. Please use knife vault decrypt instead."
|
28
|
-
super
|
29
|
-
end
|
30
|
-
end
|
31
|
-
end
|
32
|
-
end
|
@@ -1,51 +0,0 @@
|
|
1
|
-
# Description: Chef-Vault EncryptCreate class
|
2
|
-
# Copyright 2013-15, Nordstrom, Inc.
|
3
|
-
|
4
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
5
|
-
# you may not use this file except in compliance with the License.
|
6
|
-
# You may obtain a copy of the License at
|
7
|
-
|
8
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
9
|
-
|
10
|
-
# Unless required by applicable law or agreed to in writing, software
|
11
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
-
# See the License for the specific language governing permissions and
|
14
|
-
# limitations under the License.
|
15
|
-
|
16
|
-
require "chef/knife/vault_base"
|
17
|
-
require "chef/knife/vault_create"
|
18
|
-
|
19
|
-
class Chef
|
20
|
-
class Knife
|
21
|
-
class EncryptCreate < VaultCreate
|
22
|
-
include Knife::VaultBase
|
23
|
-
|
24
|
-
banner "knife encrypt create VAULT ITEM VALUES (options)"
|
25
|
-
|
26
|
-
option :search,
|
27
|
-
:short => "-S SEARCH",
|
28
|
-
:long => "--search SEARCH",
|
29
|
-
:description => "Chef SOLR search for clients"
|
30
|
-
|
31
|
-
option :admins,
|
32
|
-
:short => "-A ADMINS",
|
33
|
-
:long => "--admins ADMINS",
|
34
|
-
:description => "Chef users to be added as admins"
|
35
|
-
|
36
|
-
option :json,
|
37
|
-
:short => "-J FILE",
|
38
|
-
:long => "--json FILE",
|
39
|
-
:description => "File containing JSON data to encrypt"
|
40
|
-
|
41
|
-
option :file,
|
42
|
-
:long => "--file FILE",
|
43
|
-
:description => "File to be added to vault item as file-content"
|
44
|
-
|
45
|
-
def run
|
46
|
-
$stdout.puts "DEPRECATION WARNING: knife encrypt is deprecated. Please use knife vault instead."
|
47
|
-
super
|
48
|
-
end
|
49
|
-
end
|
50
|
-
end
|
51
|
-
end
|
@@ -1,42 +0,0 @@
|
|
1
|
-
# Description: Chef-Vault EncryptRemove class
|
2
|
-
# Copyright 2013-15, Nordstrom, Inc.
|
3
|
-
|
4
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
5
|
-
# you may not use this file except in compliance with the License.
|
6
|
-
# You may obtain a copy of the License at
|
7
|
-
|
8
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
9
|
-
|
10
|
-
# Unless required by applicable law or agreed to in writing, software
|
11
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
-
# See the License for the specific language governing permissions and
|
14
|
-
# limitations under the License.
|
15
|
-
|
16
|
-
require "chef/knife/vault_base"
|
17
|
-
require "chef/knife/vault_remove"
|
18
|
-
|
19
|
-
class Chef
|
20
|
-
class Knife
|
21
|
-
class EncryptRemove < VaultRemove
|
22
|
-
include Knife::VaultBase
|
23
|
-
|
24
|
-
banner "knife encrypt remove VAULT ITEM VALUES (options)"
|
25
|
-
|
26
|
-
option :search,
|
27
|
-
:short => "-S SEARCH",
|
28
|
-
:long => "--search SEARCH",
|
29
|
-
:description => "Chef SOLR search for clients"
|
30
|
-
|
31
|
-
option :admins,
|
32
|
-
:short => "-A ADMINS",
|
33
|
-
:long => "--admins ADMINS",
|
34
|
-
:description => "Chef users to be added as admins"
|
35
|
-
|
36
|
-
def run
|
37
|
-
$stdout.puts "DEPRECATION WARNING: knife encrypt is deprecated. Please use knife vault instead."
|
38
|
-
super
|
39
|
-
end
|
40
|
-
end
|
41
|
-
end
|
42
|
-
end
|
@@ -1,32 +0,0 @@
|
|
1
|
-
# Description: Chef-Vault EncryptRotateKeys class
|
2
|
-
# Copyright 2013-15, Nordstrom, Inc.
|
3
|
-
|
4
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
5
|
-
# you may not use this file except in compliance with the License.
|
6
|
-
# You may obtain a copy of the License at
|
7
|
-
|
8
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
9
|
-
|
10
|
-
# Unless required by applicable law or agreed to in writing, software
|
11
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
-
# See the License for the specific language governing permissions and
|
14
|
-
# limitations under the License.
|
15
|
-
|
16
|
-
require "chef/knife/vault_base"
|
17
|
-
require "chef/knife/vault_rotate_keys"
|
18
|
-
|
19
|
-
class Chef
|
20
|
-
class Knife
|
21
|
-
class EncryptRotateKeys < VaultRotateKeys
|
22
|
-
include Knife::VaultBase
|
23
|
-
|
24
|
-
banner "knife encrypt rotate keys VAULT ITEM (options)"
|
25
|
-
|
26
|
-
def run
|
27
|
-
$stdout.puts "DEPRECATION WARNING: knife encrypt is deprecated. Please use knife vault instead."
|
28
|
-
super
|
29
|
-
end
|
30
|
-
end
|
31
|
-
end
|
32
|
-
end
|
@@ -1,51 +0,0 @@
|
|
1
|
-
# Description: Chef-Vault EncryptUpdate class
|
2
|
-
# Copyright 2013-15, Nordstrom, Inc.
|
3
|
-
|
4
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
5
|
-
# you may not use this file except in compliance with the License.
|
6
|
-
# You may obtain a copy of the License at
|
7
|
-
|
8
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
9
|
-
|
10
|
-
# Unless required by applicable law or agreed to in writing, software
|
11
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
-
# See the License for the specific language governing permissions and
|
14
|
-
# limitations under the License.
|
15
|
-
|
16
|
-
require "chef/knife/vault_base"
|
17
|
-
require "chef/knife/vault_update"
|
18
|
-
|
19
|
-
class Chef
|
20
|
-
class Knife
|
21
|
-
class EncryptUpdate < VaultUpdate
|
22
|
-
include Knife::VaultBase
|
23
|
-
|
24
|
-
option :search,
|
25
|
-
:short => "-S SEARCH",
|
26
|
-
:long => "--search SEARCH",
|
27
|
-
:description => "Chef SOLR search for clients"
|
28
|
-
|
29
|
-
option :admins,
|
30
|
-
:short => "-A ADMINS",
|
31
|
-
:long => "--admins ADMINS",
|
32
|
-
:description => "Chef users to be added as admins"
|
33
|
-
|
34
|
-
option :json,
|
35
|
-
:short => "-J FILE",
|
36
|
-
:long => "--json FILE",
|
37
|
-
:description => "File containing JSON data to encrypt"
|
38
|
-
|
39
|
-
option :file,
|
40
|
-
:long => "--file FILE",
|
41
|
-
:description => "File to be added to vault item as file-content"
|
42
|
-
|
43
|
-
banner "knife encrypt update VAULT ITEM VALUES (options)"
|
44
|
-
|
45
|
-
def run
|
46
|
-
$stdout.puts "DEPRECATION WARNING: knife encrypt is deprecated. Please use knife vault instead."
|
47
|
-
super
|
48
|
-
end
|
49
|
-
end
|
50
|
-
end
|
51
|
-
end
|
@@ -1,33 +0,0 @@
|
|
1
|
-
# Description: ChefVault::Mixin::KnifeCompat module
|
2
|
-
# Copyright 2013, Nordstrom, Inc.
|
3
|
-
|
4
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
5
|
-
# you may not use this file except in compliance with the License.
|
6
|
-
# You may obtain a copy of the License at
|
7
|
-
|
8
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
9
|
-
|
10
|
-
# Unless required by applicable law or agreed to in writing, software
|
11
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
-
# See the License for the specific language governing permissions and
|
14
|
-
# limitations under the License.
|
15
|
-
|
16
|
-
# Make a wraper to chef10/11 "shef/shell" changes
|
17
|
-
|
18
|
-
class ChefVault
|
19
|
-
module Mixin
|
20
|
-
module KnifeCompat
|
21
|
-
require "chef/version"
|
22
|
-
def extend_context_object(obj)
|
23
|
-
if Chef::VERSION.to_i >= 11
|
24
|
-
require "chef/shell/ext"
|
25
|
-
Shell::Extensions.extend_context_object(obj)
|
26
|
-
else
|
27
|
-
require "chef/shef/ext"
|
28
|
-
Shef::Extensions.extend_context_object(obj)
|
29
|
-
end
|
30
|
-
end
|
31
|
-
end
|
32
|
-
end
|
33
|
-
end
|