chef-vault 2.9.2 → 3.0.0.rc1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (57) hide show
  1. checksums.yaml +4 -4
  2. data/.travis.yml +2 -11
  3. data/Changelog.md +1 -6
  4. data/Gemfile +4 -5
  5. data/KNIFE_EXAMPLES.md +66 -14
  6. data/LICENSE +201 -177
  7. data/README.md +74 -4
  8. data/Rakefile +1 -1
  9. data/bin/chef-vault +3 -2
  10. data/chef-vault.gemspec +13 -15
  11. data/features/clean.feature +0 -1
  12. data/features/clean_on_refresh.feature +0 -1
  13. data/features/clean_unknown_clients.feature +0 -1
  14. data/features/detect_and_warn_v1_vault.feature +0 -1
  15. data/features/isvault.feature +0 -1
  16. data/features/itemtype.feature +0 -1
  17. data/features/vault_create.feature +1 -2
  18. data/features/vault_list.feature +0 -1
  19. data/features/vault_show.feature +0 -1
  20. data/features/vault_show_vaultname.feature +0 -1
  21. data/features/vault_update.feature +0 -1
  22. data/features/verify_id_matches.feature +0 -1
  23. data/features/wrong_private_key.feature +0 -1
  24. data/hooks/pre-commit +43 -0
  25. data/lib/chef-vault.rb +10 -2
  26. data/lib/chef-vault/actor.rb +149 -0
  27. data/lib/chef-vault/certificate.rb +1 -1
  28. data/lib/chef-vault/chef_api.rb +39 -0
  29. data/lib/chef-vault/item.rb +57 -71
  30. data/lib/chef-vault/item_keys.rb +14 -9
  31. data/lib/chef-vault/user.rb +1 -1
  32. data/lib/chef-vault/version.rb +1 -1
  33. data/lib/chef/knife/vault_base.rb +5 -2
  34. data/lib/chef/knife/{encrypt_delete.rb → vault_clients.rb} +6 -12
  35. data/lib/chef/knife/vault_create.rb +9 -1
  36. data/lib/chef/knife/vault_remove.rb +9 -1
  37. data/lib/chef/knife/vault_rotate_all_keys.rb +1 -1
  38. data/lib/chef/knife/vault_show.rb +4 -4
  39. data/lib/chef/knife/vault_update.rb +13 -5
  40. data/spec/chef-vault/actor_spec.rb +247 -0
  41. data/spec/chef-vault/certificate_spec.rb +2 -9
  42. data/spec/chef-vault/chef_api_spec.rb +39 -0
  43. data/spec/chef-vault/item_keys_spec.rb +52 -0
  44. data/spec/chef-vault/item_spec.rb +139 -85
  45. data/spec/chef-vault/user_spec.rb +2 -9
  46. data/spec/spec_helper.rb +1 -0
  47. metadata +36 -42
  48. data/CONTRIBUTING.md +0 -118
  49. data/lib/chef-vault/chef_patch/api_client.rb +0 -45
  50. data/lib/chef-vault/chef_patch/user.rb +0 -33
  51. data/lib/chef/knife/decrypt.rb +0 -32
  52. data/lib/chef/knife/encrypt_create.rb +0 -51
  53. data/lib/chef/knife/encrypt_remove.rb +0 -42
  54. data/lib/chef/knife/encrypt_rotate_keys.rb +0 -32
  55. data/lib/chef/knife/encrypt_update.rb +0 -51
  56. data/lib/chef/knife/mixin/compat.rb +0 -33
  57. data/lib/chef/knife/vault_decrypt.rb +0 -58
@@ -1,118 +0,0 @@
1
- # Contributing to Chef-Vault
2
-
3
- We welcome contributions. Your patch is part of a vibrant open source
4
- community which makes Chef-Vault great. These guidelines will help your pull
5
- request to be merged sooner.
6
-
7
- ### Create an Issue
8
-
9
- Each pull request should have a corresponding [Chef-Vault GitHub
10
- issue](https://github.com/chef/chef-vault/issues?state=open). Search the
11
- issue list to make sure someone hasn't already submitted a pull request to fix
12
- your issue. If not, please create a new issue.
13
-
14
- Later, you'll create a feature branch with this issue number.
15
-
16
- ### Fork the Repo
17
-
18
- Fork the Chef-Vault project and check out your copy. See this [GitHub
19
- guide](https://help.github.com/articles/fork-a-repo) for more info.
20
-
21
- ```bash
22
- $ git clone https://github.com/<username>/chef-vault.git
23
- $ cd chef-vault
24
- $ git remote add upstream https://github.com/chef/chef-vault.git
25
- ```
26
-
27
- ### Create a Local Feature Branch
28
-
29
- Create a feature branch and start hacking:
30
-
31
- ```
32
- $ git checkout -b my-feature-branch
33
- ```
34
-
35
- ### Code
36
-
37
- Please follow the [Ruby Style
38
- Guide](https://github.com/bbatsov/ruby-style-guide) when writing Ruby code for
39
- Chef-Vault.
40
-
41
- ### Commit
42
-
43
- Make sure git knows your name and email address:
44
-
45
- ```bash
46
- $ git config --global user.name "Jane Doe"
47
- $ git config --global user.email "jane.doe@example.com"
48
- ```
49
-
50
- Writing good commit messages is important. A commit message should describe what
51
- changed and why. Follow these guidelines when writing one:
52
-
53
- 1. The first line should be 50 or fewer characters and contain a short
54
- description of the change.
55
- If this commit fixes/closes an issue, prefix the commit message
56
- like this: "Fixes #7: ". Here's a complete example:
57
- `Fixes #9: Use getters instead of instance vars`
58
- 2. Keep the second line blank.
59
- 3. Wrap all other lines at 72 columns.
60
-
61
- A good commit log looks like this:
62
-
63
- ```
64
- Fixes #9: Use getters instead of instance vars
65
-
66
- Body of commit message is a few lines of text, explaining things
67
- in more detail, possibly giving some background about the issue
68
- being fixed, etc etc.
69
-
70
- The body of the commit message can be several paragraphs, and
71
- please do proper word-wrap and keep columns shorter than about
72
- 72 characters or so. That way `git log` will show things
73
- nicely even when it is indented.
74
- ```
75
-
76
- The header line should be meaningful; it is what other people see when they
77
- run `git shortlog` or `git log --oneline`.
78
-
79
- ### Rebase
80
-
81
- Use `git rebase` (not `git merge`) to sync your work from time to time if
82
- upstream/master has moved ahead of you.
83
-
84
- ```bash
85
- $ git fetch upstream
86
- $ git rebase upstream/master
87
- ```
88
-
89
- ### Test
90
-
91
- Bug fixes and features should come with RSpec tests. Add your tests in the
92
- `spec` directory. Look at other tests to see how they should be
93
- structured (license boilerplate, common includes, etc.).
94
-
95
- Run `bundle install && bundle exec rake` to run the test suite.
96
-
97
- Make sure all tests pass.
98
-
99
- ### Push
100
-
101
- ```bash
102
- $ git push origin my-feature-branch
103
- ```
104
-
105
- ### Create a Pull Request
106
- Go to https://github.com/<username>/chef-vault and select your feature branch. Click
107
- the 'Pull Request' button and fill out the form.
108
-
109
- Pull requests are usually reviewed within a few days. If there are comments
110
- to address, apply your changes in a separate commit and push that to your
111
- feature branch. Post a comment in the pull request afterwards; GitHub does
112
- not send out notifications when you add commits.
113
-
114
- ### Thank You
115
- Thank you for reading this far. We look forward to your contribution.
116
-
117
- Kevin Moser, Doug Ireton
118
- Nordstrom
@@ -1,45 +0,0 @@
1
- # Author:: Kevin Moser <kevin.moser@nordstrom.com>
2
- # Copyright:: Copyright 2013, Nordstrom, Inc.
3
- # License:: Apache License, Version 2.0
4
-
5
- # Licensed under the Apache License, Version 2.0 (the "License");
6
- # you may not use this file except in compliance with the License.
7
- # You may obtain a copy of the License at
8
-
9
- # http://www.apache.org/licenses/LICENSE-2.0
10
-
11
- # Unless required by applicable law or agreed to in writing, software
12
- # distributed under the License is distributed on an "AS IS" BASIS,
13
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
- # See the License for the specific language governing permissions and
15
- # limitations under the License.
16
-
17
- class ChefVault
18
- module ChefPatch
19
- class ApiClient < Chef::ApiClient
20
- # Fix an issue where core Chef::ApiClient does not load
21
- # the private key for Chef 10
22
- def self.load(name)
23
- response = http_api.get("clients/#{name}")
24
- if response.is_a?(Chef::ApiClient)
25
- response
26
- else
27
- client = Chef::ApiClient.new
28
- client.name(response["clientname"] || response["name"])
29
-
30
- if response["certificate"]
31
- der = OpenSSL::X509::Certificate.new response["certificate"]
32
- client.public_key der.public_key.to_s
33
- end
34
-
35
- if response["public_key"]
36
- der = OpenSSL::PKey::RSA.new response["public_key"]
37
- client.public_key der.public_key.to_s
38
- end
39
-
40
- client
41
- end
42
- end
43
- end
44
- end
45
- end
@@ -1,33 +0,0 @@
1
- # Author:: Kevin Moser <kevin.moser@nordstrom.com>
2
- # Copyright:: Copyright 2013, Nordstrom, Inc.
3
- # License:: Apache License, Version 2.0
4
-
5
- # Licensed under the Apache License, Version 2.0 (the "License");
6
- # you may not use this file except in compliance with the License.
7
- # You may obtain a copy of the License at
8
-
9
- # http://www.apache.org/licenses/LICENSE-2.0
10
-
11
- # Unless required by applicable law or agreed to in writing, software
12
- # distributed under the License is distributed on an "AS IS" BASIS,
13
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
- # See the License for the specific language governing permissions and
15
- # limitations under the License.
16
-
17
- class ChefVault
18
- module ChefPatch
19
- class User < Chef::User
20
- # def from_hash for our implementation because name is not being
21
- # set correctly for Chef 10 server
22
- def superclass.from_hash(user_hash)
23
- user = Chef::User.new
24
- user.name user_hash["username"] ? user_hash["username"] : user_hash["name"]
25
- user.private_key user_hash["private_key"] if user_hash.key?("private_key")
26
- user.password user_hash["password"] if user_hash.key?("password")
27
- user.public_key user_hash["public_key"]
28
- user.admin user_hash["admin"]
29
- user
30
- end
31
- end
32
- end
33
- end
@@ -1,32 +0,0 @@
1
- # Description: Chef-Vault Decrypt class
2
- # Copyright 2013-15, Nordstrom, Inc.
3
-
4
- # Licensed under the Apache License, Version 2.0 (the "License");
5
- # you may not use this file except in compliance with the License.
6
- # You may obtain a copy of the License at
7
-
8
- # http://www.apache.org/licenses/LICENSE-2.0
9
-
10
- # Unless required by applicable law or agreed to in writing, software
11
- # distributed under the License is distributed on an "AS IS" BASIS,
12
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
- # See the License for the specific language governing permissions and
14
- # limitations under the License.
15
-
16
- require "chef/knife/vault_base"
17
- require "chef/knife/vault_decrypt"
18
-
19
- class Chef
20
- class Knife
21
- class Decrypt < VaultDecrypt
22
- include Knife::VaultBase
23
-
24
- banner "knife decrypt VAULT ITEM [VALUES] (options)"
25
-
26
- def run
27
- $stdout.puts "DEPRECATION WARNING: knife decrypt is deprecated. Please use knife vault decrypt instead."
28
- super
29
- end
30
- end
31
- end
32
- end
@@ -1,51 +0,0 @@
1
- # Description: Chef-Vault EncryptCreate class
2
- # Copyright 2013-15, Nordstrom, Inc.
3
-
4
- # Licensed under the Apache License, Version 2.0 (the "License");
5
- # you may not use this file except in compliance with the License.
6
- # You may obtain a copy of the License at
7
-
8
- # http://www.apache.org/licenses/LICENSE-2.0
9
-
10
- # Unless required by applicable law or agreed to in writing, software
11
- # distributed under the License is distributed on an "AS IS" BASIS,
12
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
- # See the License for the specific language governing permissions and
14
- # limitations under the License.
15
-
16
- require "chef/knife/vault_base"
17
- require "chef/knife/vault_create"
18
-
19
- class Chef
20
- class Knife
21
- class EncryptCreate < VaultCreate
22
- include Knife::VaultBase
23
-
24
- banner "knife encrypt create VAULT ITEM VALUES (options)"
25
-
26
- option :search,
27
- :short => "-S SEARCH",
28
- :long => "--search SEARCH",
29
- :description => "Chef SOLR search for clients"
30
-
31
- option :admins,
32
- :short => "-A ADMINS",
33
- :long => "--admins ADMINS",
34
- :description => "Chef users to be added as admins"
35
-
36
- option :json,
37
- :short => "-J FILE",
38
- :long => "--json FILE",
39
- :description => "File containing JSON data to encrypt"
40
-
41
- option :file,
42
- :long => "--file FILE",
43
- :description => "File to be added to vault item as file-content"
44
-
45
- def run
46
- $stdout.puts "DEPRECATION WARNING: knife encrypt is deprecated. Please use knife vault instead."
47
- super
48
- end
49
- end
50
- end
51
- end
@@ -1,42 +0,0 @@
1
- # Description: Chef-Vault EncryptRemove class
2
- # Copyright 2013-15, Nordstrom, Inc.
3
-
4
- # Licensed under the Apache License, Version 2.0 (the "License");
5
- # you may not use this file except in compliance with the License.
6
- # You may obtain a copy of the License at
7
-
8
- # http://www.apache.org/licenses/LICENSE-2.0
9
-
10
- # Unless required by applicable law or agreed to in writing, software
11
- # distributed under the License is distributed on an "AS IS" BASIS,
12
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
- # See the License for the specific language governing permissions and
14
- # limitations under the License.
15
-
16
- require "chef/knife/vault_base"
17
- require "chef/knife/vault_remove"
18
-
19
- class Chef
20
- class Knife
21
- class EncryptRemove < VaultRemove
22
- include Knife::VaultBase
23
-
24
- banner "knife encrypt remove VAULT ITEM VALUES (options)"
25
-
26
- option :search,
27
- :short => "-S SEARCH",
28
- :long => "--search SEARCH",
29
- :description => "Chef SOLR search for clients"
30
-
31
- option :admins,
32
- :short => "-A ADMINS",
33
- :long => "--admins ADMINS",
34
- :description => "Chef users to be added as admins"
35
-
36
- def run
37
- $stdout.puts "DEPRECATION WARNING: knife encrypt is deprecated. Please use knife vault instead."
38
- super
39
- end
40
- end
41
- end
42
- end
@@ -1,32 +0,0 @@
1
- # Description: Chef-Vault EncryptRotateKeys class
2
- # Copyright 2013-15, Nordstrom, Inc.
3
-
4
- # Licensed under the Apache License, Version 2.0 (the "License");
5
- # you may not use this file except in compliance with the License.
6
- # You may obtain a copy of the License at
7
-
8
- # http://www.apache.org/licenses/LICENSE-2.0
9
-
10
- # Unless required by applicable law or agreed to in writing, software
11
- # distributed under the License is distributed on an "AS IS" BASIS,
12
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
- # See the License for the specific language governing permissions and
14
- # limitations under the License.
15
-
16
- require "chef/knife/vault_base"
17
- require "chef/knife/vault_rotate_keys"
18
-
19
- class Chef
20
- class Knife
21
- class EncryptRotateKeys < VaultRotateKeys
22
- include Knife::VaultBase
23
-
24
- banner "knife encrypt rotate keys VAULT ITEM (options)"
25
-
26
- def run
27
- $stdout.puts "DEPRECATION WARNING: knife encrypt is deprecated. Please use knife vault instead."
28
- super
29
- end
30
- end
31
- end
32
- end
@@ -1,51 +0,0 @@
1
- # Description: Chef-Vault EncryptUpdate class
2
- # Copyright 2013-15, Nordstrom, Inc.
3
-
4
- # Licensed under the Apache License, Version 2.0 (the "License");
5
- # you may not use this file except in compliance with the License.
6
- # You may obtain a copy of the License at
7
-
8
- # http://www.apache.org/licenses/LICENSE-2.0
9
-
10
- # Unless required by applicable law or agreed to in writing, software
11
- # distributed under the License is distributed on an "AS IS" BASIS,
12
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
- # See the License for the specific language governing permissions and
14
- # limitations under the License.
15
-
16
- require "chef/knife/vault_base"
17
- require "chef/knife/vault_update"
18
-
19
- class Chef
20
- class Knife
21
- class EncryptUpdate < VaultUpdate
22
- include Knife::VaultBase
23
-
24
- option :search,
25
- :short => "-S SEARCH",
26
- :long => "--search SEARCH",
27
- :description => "Chef SOLR search for clients"
28
-
29
- option :admins,
30
- :short => "-A ADMINS",
31
- :long => "--admins ADMINS",
32
- :description => "Chef users to be added as admins"
33
-
34
- option :json,
35
- :short => "-J FILE",
36
- :long => "--json FILE",
37
- :description => "File containing JSON data to encrypt"
38
-
39
- option :file,
40
- :long => "--file FILE",
41
- :description => "File to be added to vault item as file-content"
42
-
43
- banner "knife encrypt update VAULT ITEM VALUES (options)"
44
-
45
- def run
46
- $stdout.puts "DEPRECATION WARNING: knife encrypt is deprecated. Please use knife vault instead."
47
- super
48
- end
49
- end
50
- end
51
- end
@@ -1,33 +0,0 @@
1
- # Description: ChefVault::Mixin::KnifeCompat module
2
- # Copyright 2013, Nordstrom, Inc.
3
-
4
- # Licensed under the Apache License, Version 2.0 (the "License");
5
- # you may not use this file except in compliance with the License.
6
- # You may obtain a copy of the License at
7
-
8
- # http://www.apache.org/licenses/LICENSE-2.0
9
-
10
- # Unless required by applicable law or agreed to in writing, software
11
- # distributed under the License is distributed on an "AS IS" BASIS,
12
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
- # See the License for the specific language governing permissions and
14
- # limitations under the License.
15
-
16
- # Make a wraper to chef10/11 "shef/shell" changes
17
-
18
- class ChefVault
19
- module Mixin
20
- module KnifeCompat
21
- require "chef/version"
22
- def extend_context_object(obj)
23
- if Chef::VERSION.to_i >= 11
24
- require "chef/shell/ext"
25
- Shell::Extensions.extend_context_object(obj)
26
- else
27
- require "chef/shef/ext"
28
- Shef::Extensions.extend_context_object(obj)
29
- end
30
- end
31
- end
32
- end
33
- end