RubyGems - chef-vault - Versions diffs - 3.0.3 → 3.1.0 - Mend

chef-vault 3.0.3 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

checksums.yaml +4 -4
data/.travis.yml +12 -3
data/Changelog.md +47 -238
data/appveyor.yml +33 -0
data/chef-vault.gemspec +5 -0
data/features/clean_on_refresh.feature +1 -1
data/features/clean_unknown_clients.feature +3 -15
data/lib/chef-vault/item.rb +5 -6
data/lib/chef-vault/item_keys.rb +14 -3
data/lib/chef-vault/version.rb +1 -1
data/lib/chef/knife/vault_create.rb +1 -1
data/spec/chef-vault/item_keys_spec.rb +21 -6
data/spec/chef-vault/item_spec.rb +5 -0
metadata +4 -3

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 41d30528b3f19c62a98a3f8de9bca62aae938558
-  data.tar.gz: b145884ac5edef7217845114c11b3a6ff522d17b
+  metadata.gz: 416703868d576d9b4d982942231ade93be3275ab
+  data.tar.gz: 9e979c65cca7f7135597858631f7eef97c5abb3e
 SHA512:
-  metadata.gz: 1576f97fdbf10afbfad93d17bd1dd073e41c30ebc3e00832d55c1d08e18d39dc905db733de55c049ef7d949b0956ac912cd72f6c7c5a34d9c478bcccd55cb068
-  data.tar.gz: d8c37f6d60d65ee966ed26759c4cbf8b35719abcd19f8d4126f55dcf781b8d85d2eea910743c94ae842b43d20e816b6a30768f024d39b8b994efd4d0cd2d7879
+  metadata.gz: 55a98786c9b1329d75645d9ec2e092079cd929a08c72a3c8af82f0bac0575fea2a64f2ed8a0fd5e2b2637fcf6ae97467db6650945cc87b06984bcad7401fb869
+  data.tar.gz: 7099c41898ca19a7e37850a9dc773ef1543a000b8ffc2ba712e4614d07b1ddcb5f377f22fdb930c64869c9ee534759526cb6211422d46ad8952cbb6f3ff92286

data/.travis.yml CHANGED

@@ -1,10 +1,19 @@
 language: ruby
 branches:
   only:
-    - master
+  - master
 rvm:
-  - "2.2.5"
-  - "2.3.1"
+- 2.2.5
+- 2.3.1
+- 2.4.1
 install: bundle install --binstubs --without changelog
 before_install: gem install bundler
 env: TRAVIS_BUILD=true
+deploy:
+  provider: rubygems
+  api_key:
+    secure: NNbOEQWaX+67bsMd1A/BB5lxd2dDzx+4uYsKxSvhVvx34UixKoLRmPhGJr0WapndsXdnG+crPpx3gpseOfJ3u42uNHQI9ASsgOOgmEiJKcW/MO/IQReRI998+XH2A4QLfLQ4JIWjpl8KNZCJSCp7w1LnDV6imy7FSM0mWS+3Lzk=
+  gem: chef-vault
+  on:
+    repo: chef/chef-vault
+    branch: master

data/Changelog.md CHANGED

@@ -1,11 +1,37 @@
 # Change Log
+## [v3.1.0](https://github.com/chef/chef-vault/tree/v3.1.0) (2017-07-04)
+[Full
+Changelog](https://github.com/chef/chef-vault/compare/v3.0.3...v3.1.0)
+**Implemented enhancements:**
+- Assume all nodes matching the search query are valid nodes [\#272](https://github.com/chef/chef-vault/pull/272) ([kamaradclimber](https://github.com/kamaradclimber))
+- Avoid re-encrypting key for all existing clients [\#269](https://github.com/chef/chef-vault/pull/269) ([kamaradclimber](https://github.com/kamaradclimber))
+**Fixed bugs:**
+- Fix fatal error during create [\#281](https://github.com/chef/chef-vault/pull/281) ([neclimdul](https://github.com/neclimdul))
+- Avoid sparse key read for non sparse secrets [\#280](https://github.com/chef/chef-vault/pull/280) ([kamaradclimber](https://github.com/kamaradclimber))
+- Make sure sparse mode is used on secrets where it is explicit [\#271](https://github.com/chef/chef-vault/pull/271) ([kamaradclimber](https://github.com/kamaradclimber))
+## [v3.0.3](https://github.com/chef/chef-vault/tree/v3.0.3) (2017-05-03)
+[Full Changelog](https://github.com/chef/chef-vault/compare/v3.0.2...v3.0.3)
+**Fixed bugs:**
+- Reduce the search response limit from 100k to 10k [\#275](https://github.com/chef/chef-vault/pull/275) ([btm](https://github.com/btm))
+- Replace edit\_data\(\) with edit\_hash\(\) in vault\_edit.rb [\#274](https://github.com/chef/chef-vault/pull/274) ([tmaczukin](https://github.com/tmaczukin))
+## [v3.0.2](https://github.com/chef/chef-vault/tree/v3.0.2) (2017-04-20)
+[Full Changelog](https://github.com/chef/chef-vault/compare/v3.0.1...v3.0.2)
 ## [v3.0.1](https://github.com/chef/chef-vault/tree/v3.0.1) (2017-04-11)
 [Full Changelog](https://github.com/chef/chef-vault/compare/v3.0.0...v3.0.1)
 **Fixed bugs:**
-- Only have a development dependency on Chef.
+- Change the chef dependency to development only [\#266](https://github.com/chef/chef-vault/pull/266) ([thommay](https://github.com/thommay))
 ## [v3.0.0](https://github.com/chef/chef-vault/tree/v3.0.0) (2017-04-10)
 [Full Changelog](https://github.com/chef/chef-vault/compare/v2.9.1...v3.0.0)
@@ -13,22 +39,34 @@
 **Implemented enhancements:**
 - Vault creation, list, and destruction in sparse mode [\#252](https://github.com/chef/chef-vault/pull/252) ([rveznaver](https://github.com/rveznaver))
+## [v2.9.1](https://github.com/chef/chef-vault/tree/v2.9.1) (2017-01-19)
+[Full Changelog](https://github.com/chef/chef-vault/compare/v3.0.0.rc2...v2.9.1)
+## [v3.0.0.rc2](https://github.com/chef/chef-vault/tree/v3.0.0.rc2) (2016-12-05)
+[Full Changelog](https://github.com/chef/chef-vault/compare/v3.0.0.rc1...v3.0.0.rc2)
+**Implemented enhancements:**
 - Add feature to save each key in different data bag item [\#246](https://github.com/chef/chef-vault/pull/246) ([rveznaver](https://github.com/rveznaver))
 - Enable testing with Chef Zero [\#244](https://github.com/chef/chef-vault/pull/244) ([rveznaver](https://github.com/rveznaver))
 - Minimize the number of searches [\#243](https://github.com/chef/chef-vault/pull/243) ([thommay](https://github.com/thommay))
 - Optimise queries when finding nodes [\#240](https://github.com/chef/chef-vault/pull/240) ([thommay](https://github.com/thommay))
-- Removed deprecated knife commands [\#236](https://github.com/chef/chef-vault/pull/236) ([thommay](https://github.com/thommay))
-- rename ChefKey to Actor [\#234](https://github.com/chef/chef-vault/pull/234) ([thommay](https://github.com/thommay))
-- Move to using a logger for all user output [\#232](https://github.com/chef/chef-vault/pull/232) ([thommay](https://github.com/thommay))
-- Add support for clients [\#227](https://github.com/chef/chef-vault/pull/227) ([svanharmelen](https://github.com/svanharmelen))
 **Fixed bugs:**
 - Use solo\_legacy\_mode fully [\#242](https://github.com/chef/chef-vault/pull/242) ([thommay](https://github.com/thommay))
 - Use legacy solo mode [\#241](https://github.com/chef/chef-vault/pull/241) ([thommay](https://github.com/thommay))
-## [v2.9.1](https://github.com/chef/chef-vault/tree/v2.9.1) (2017-01-19)
-[Full Changelog](https://github.com/chef/chef-vault/compare/v3.0.0.rc2...v2.9.1)
+## [v3.0.0.rc1](https://github.com/chef/chef-vault/tree/v3.0.0.rc1) (2016-10-21)
+[Full Changelog](https://github.com/chef/chef-vault/compare/v2.9.0...v3.0.0.rc1)
+**Implemented enhancements:**
+- Removed deprecated knife commands [\#236](https://github.com/chef/chef-vault/pull/236) ([thommay](https://github.com/thommay))
+- rename ChefKey to Actor [\#234](https://github.com/chef/chef-vault/pull/234) ([thommay](https://github.com/thommay))
+- Move to using a logger for all user output [\#232](https://github.com/chef/chef-vault/pull/232) ([thommay](https://github.com/thommay))
+- Add support for clients [\#227](https://github.com/chef/chef-vault/pull/227) ([svanharmelen](https://github.com/svanharmelen))
 ## [v2.9.0](https://github.com/chef/chef-vault/tree/v2.9.0) (2016-04-08)
 [Full Changelog](https://github.com/chef/chef-vault/compare/v2.8.0...v2.9.0)
@@ -46,271 +84,42 @@
 ## [v2.8.0](https://github.com/chef/chef-vault/tree/v2.8.0) (2016-02-09)
 [Full Changelog](https://github.com/chef/chef-vault/compare/v2.8.0.rc1...v2.8.0)
-**Merged pull requests:**
-- UPGRADE: fixed a typo [\#198](https://github.com/chef/chef-vault/pull/198) ([joonas](https://github.com/joonas))
-- adds link to Chef Vault blog post to README [\#197](https://github.com/chef/chef-vault/pull/197) ([nellshamrell](https://github.com/nellshamrell))
 ## [v2.8.0.rc1](https://github.com/chef/chef-vault/tree/v2.8.0.rc1) (2016-01-29)
 [Full Changelog](https://github.com/chef/chef-vault/compare/v2.7.1...v2.8.0.rc1)
-**Merged pull requests:**
-- Deal with more than 1000 nodes [\#196](https://github.com/chef/chef-vault/pull/196) ([thommay](https://github.com/thommay))
 ## [v2.7.1](https://github.com/chef/chef-vault/tree/v2.7.1) (2016-01-25)
 [Full Changelog](https://github.com/chef/chef-vault/compare/v2.7.0...v2.7.1)
 ## [v2.7.0](https://github.com/chef/chef-vault/tree/v2.7.0) (2016-01-25)
 [Full Changelog](https://github.com/chef/chef-vault/compare/v2.6.1...v2.7.0)
-**Fixed bugs:**
-- Should warn/error when modifying 1.x items [\#52](https://github.com/chef/chef-vault/issues/52)
-**Closed issues:**
-- Support data\_bag\_path arrays [\#191](https://github.com/chef/chef-vault/issues/191)
-- Refresh fails if no search expression is set [\#188](https://github.com/chef/chef-vault/issues/188)
-- knife vault create is failing  [\#187](https://github.com/chef/chef-vault/issues/187)
-- Issues with knife bootstrap --bootstrap-vault-item [\#185](https://github.com/chef/chef-vault/issues/185)
-- Can't create anything.  [\#183](https://github.com/chef/chef-vault/issues/183)
-- knife vault refresh broken - chefdk0.7.0/chef11.1.1 [\#182](https://github.com/chef/chef-vault/issues/182)
-- Environment Permissions [\#181](https://github.com/chef/chef-vault/issues/181)
-- Knife vault stopped working after chefdk & chef-client upgrade [\#180](https://github.com/chef/chef-vault/issues/180)
-- Chef 12.4.0 breaks user patch [\#176](https://github.com/chef/chef-vault/issues/176)
-- vault refresh broken with chef 12.4.0 [\#175](https://github.com/chef/chef-vault/issues/175)
-**Merged pull requests:**
-- Correctly handle an array of data\_bag paths [\#192](https://github.com/chef/chef-vault/pull/192) ([thommay](https://github.com/thommay))
-- add recognition of 'name' in response [\#184](https://github.com/chef/chef-vault/pull/184) ([lhandl](https://github.com/lhandl))
-- typo in THEORY.md [\#179](https://github.com/chef/chef-vault/pull/179) ([mindyor](https://github.com/mindyor))
-- Detect when trying to manage a v1 vault [\#173](https://github.com/chef/chef-vault/pull/173) ([jf647](https://github.com/jf647))
 ## [v2.6.1](https://github.com/chef/chef-vault/tree/v2.6.1) (2015-05-28)
 [Full Changelog](https://github.com/chef/chef-vault/compare/v2.6.0...v2.6.1)
-**Closed issues:**
-- Permission Issue - Missing Read Permission [\#171](https://github.com/chef/chef-vault/issues/171)
--   undefined method `vault' for Chef::Resource::User [\#170](https://github.com/chef/chef-vault/issues/170)
-- ChefVault::Item.refresh [\#168](https://github.com/chef/chef-vault/issues/168)
-**Merged pull requests:**
-- Only load the parts of chef we actually use [\#172](https://github.com/chef/chef-vault/pull/172) ([danielsdeleo](https://github.com/danielsdeleo))
-- Remove dependency on rspec-its gem [\#169](https://github.com/chef/chef-vault/pull/169) ([dougireton](https://github.com/dougireton))
-- Add gitter.im [\#167](https://github.com/chef/chef-vault/pull/167) ([jf647](https://github.com/jf647))
 ## [v2.6.0](https://github.com/chef/chef-vault/tree/v2.6.0) (2015-05-13)
 [Full Changelog](https://github.com/chef/chef-vault/compare/v2.5.0...v2.6.0)
-**Implemented enhancements:**
-- `ChefVault::Item` should not define `\#keys` method. [\#158](https://github.com/chef/chef-vault/issues/158)
-- Add --clean to refresh option [\#151](https://github.com/chef/chef-vault/issues/151)
-- Allow clients \(without a node\) to be returned via searches. [\#150](https://github.com/chef/chef-vault/issues/150)
-- Need validation for item id: property [\#149](https://github.com/chef/chef-vault/issues/149)
-- Add helper to get the keys of a vault item [\#142](https://github.com/chef/chef-vault/issues/142)
-- Add knife vault show vaultname [\#141](https://github.com/chef/chef-vault/issues/141)
-- Knife Vault Refresh Not Running on Server 2012R2 [\#129](https://github.com/chef/chef-vault/issues/129)
-**Closed issues:**
-- knife vault create examples using node/client names? [\#157](https://github.com/chef/chef-vault/issues/157)
-- Unable to create a chef vault secret from a recipe [\#154](https://github.com/chef/chef-vault/issues/154)
-- knife boostrap not picking up nodes from search query of vaults [\#148](https://github.com/chef/chef-vault/issues/148)
-- Cannot update vault item [\#116](https://github.com/chef/chef-vault/issues/116)
-- Refresh did not re-encrypt for an admin's new key [\#145](https://github.com/chef/chef-vault/issues/145)
-- Chef 12.1.0 warning [\#143](https://github.com/chef/chef-vault/issues/143)
-**Merged pull requests:**
-- Add vault probing predicates [\#165](https://github.com/chef/chef-vault/pull/165) ([jf647](https://github.com/jf647))
-- Allow the node name and path to the client key to be specified [\#163](https://github.com/chef/chef-vault/pull/163) ([jf647](https://github.com/jf647))
-- Add a \#raw\_keys method to ChefVault::Item [\#162](https://github.com/chef/chef-vault/pull/162) ([jf647](https://github.com/jf647))
-- Enhance 'knife vault show' to list vault items [\#161](https://github.com/chef/chef-vault/pull/161) ([jf647](https://github.com/jf647))
-- Validate that the vault id hasn't changed since the \_keys item was created [\#160](https://github.com/chef/chef-vault/pull/160) ([jf647](https://github.com/jf647))
-- Add --clean-unknown-clients to 'knife vault refresh' [\#159](https://github.com/chef/chef-vault/pull/159) ([jf647](https://github.com/jf647))
-- Let ChefVault::Item\#clients accept a Chef::ApiClient instead of a search... [\#156](https://github.com/chef/chef-vault/pull/156) ([jf647](https://github.com/jf647))
-- Allow ruby 1.9.3 to fail on Travis [\#155](https://github.com/chef/chef-vault/pull/155) ([jf647](https://github.com/jf647))
-- Update docs to reflect the new compile\_time attribute of chef\_gem [\#144](https://github.com/chef/chef-vault/pull/144) ([jf647](https://github.com/jf647))
-- very minor correction to typo [\#139](https://github.com/chef/chef-vault/pull/139) ([Dispader](https://github.com/Dispader))
-- Release 2.6.0 [\#164](https://github.com/chef/chef-vault/pull/164) ([jf647](https://github.com/jf647))
 ## [v2.5.0](https://github.com/chef/chef-vault/tree/v2.5.0) (2015-02-09)
 [Full Changelog](https://github.com/chef/chef-vault/compare/v2.4.0...v2.5.0)
-**Implemented enhancements:**
-- knife vault list [\#97](https://github.com/chef/chef-vault/issues/97)
-- Add chef-vault.bat to bin for windows users [\#60](https://github.com/chef/chef-vault/issues/60)
-- OpenSSL error if private key does not match used public key [\#43](https://github.com/chef/chef-vault/issues/43)
-- Skip missing/invalid client rather than raising exception [\#127](https://github.com/chef/chef-vault/issues/127)
-**Fixed bugs:**
-- 2.4.0 was not tagged in github [\#128](https://github.com/chef/chef-vault/issues/128)
-- clean\_unknown\_clients not working [\#133](https://github.com/chef/chef-vault/issues/133)
-- Skip missing/invalid client rather than raising exception [\#127](https://github.com/chef/chef-vault/issues/127)
-**Closed issues:**
-- Support pruning of deleted clients from vault access list when rotating keys [\#123](https://github.com/chef/chef-vault/issues/123)
-- knife subcommands fail in cryptic fashion if you don't set --mode [\#117](https://github.com/chef/chef-vault/issues/117)
-- vault commands force -A or knife.rb :vault\_admins [\#89](https://github.com/chef/chef-vault/issues/89)
-- Add RSpec tests for chef-vault/chef/offline.rb [\#13](https://github.com/chef/chef-vault/issues/13)
-- Need theory of operations/architecture documentation [\#109](https://github.com/chef/chef-vault/issues/109)
 ## [v2.4.0](https://github.com/chef/chef-vault/tree/v2.4.0) (2014-12-03)
 [Full Changelog](https://github.com/chef/chef-vault/compare/v2.3.0...v2.4.0)
-**Closed issues:**
-- Create, Refresh and Update behaviours [\#118](https://github.com/chef/chef-vault/issues/118)
-- vault refresh remove clients from keys data bag? [\#111](https://github.com/chef/chef-vault/issues/111)
-- There doesnt seem to be a way to remove authorized client from vault\_keys [\#103](https://github.com/chef/chef-vault/issues/103)
-**Merged pull requests:**
-- Upgrade to RSpec 3.1 and disable monkey-patching [\#122](https://github.com/chef/chef-vault/pull/122) ([dougireton](https://github.com/dougireton))
 ## [v2.3.0](https://github.com/chef/chef-vault/tree/v2.3.0) (2014-10-22)
 [Full Changelog](https://github.com/chef/chef-vault/compare/v2.2.4...v2.3.0)
-**Closed issues:**
-- Please push missing tags \(especially \> 2.2.1\) [\#119](https://github.com/chef/chef-vault/issues/119)
-- Vault subcommands not showing for knife [\#114](https://github.com/chef/chef-vault/issues/114)
-- cannot get client public\_key [\#113](https://github.com/chef/chef-vault/issues/113)
-- Key update methods [\#105](https://github.com/chef/chef-vault/issues/105)
-**Merged pull requests:**
-- Add a knife vault download command for downloading encrypted files [\#104](https://github.com/chef/chef-vault/pull/104) ([justinlocsei](https://github.com/justinlocsei))
 ## [v2.2.4](https://github.com/chef/chef-vault/tree/v2.2.4) (2014-07-17)
 [Full Changelog](https://github.com/chef/chef-vault/compare/v2.2.3...v2.2.4)
-**Closed issues:**
-- Improvement: easier way to update stored search for an item [\#110](https://github.com/chef/chef-vault/issues/110)
-- Missing refresh command  [\#106](https://github.com/chef/chef-vault/issues/106)
-- Add RSpec tests for chef-vault/certificate.rb [\#12](https://github.com/chef/chef-vault/issues/12)
-- Add RSpec tests for chef-vault/user.rb [\#11](https://github.com/chef/chef-vault/issues/11)
-**Merged pull requests:**
-- Improved tests [\#112](https://github.com/chef/chef-vault/pull/112) ([rastasheep](https://github.com/rastasheep))
 ## [v2.2.3](https://github.com/chef/chef-vault/tree/v2.2.3) (2014-06-24)
 [Full Changelog](https://github.com/chef/chef-vault/compare/v2.2.2...v2.2.3)
 ## [v2.2.2](https://github.com/chef/chef-vault/tree/v2.2.2) (2014-06-03)
 [Full Changelog](https://github.com/chef/chef-vault/compare/v2.2.1...v2.2.2)
-**Closed issues:**
-- cannot load such file -- chef/user [\#102](https://github.com/chef/chef-vault/issues/102)
-- Reapply Search [\#95](https://github.com/chef/chef-vault/issues/95)
-- knife vault create thows "can't convert Array into String \(TypeError\)" [\#94](https://github.com/chef/chef-vault/issues/94)
-- ChefVault::Exceptions::KeysNotFound in test kitchen [\#92](https://github.com/chef/chef-vault/issues/92)
-- Undefined method join for nil class [\#91](https://github.com/chef/chef-vault/issues/91)
-- Purpose of `rotate keys` [\#90](https://github.com/chef/chef-vault/issues/90)
-**Merged pull requests:**
-- Add gem\_tasks to Rakefile so you can do `rake release` [\#98](https://github.com/chef/chef-vault/pull/98) ([dougireton](https://github.com/dougireton))
-- Fixes \#95 - Adding reapply command [\#96](https://github.com/chef/chef-vault/pull/96) ([pdalinis](https://github.com/pdalinis))
-- knife.rb node name is default admin [\#93](https://github.com/chef/chef-vault/pull/93) ([jgeiger](https://github.com/jgeiger))
-- Fixed minor formatting in README to allow the vault\_admins info to display properly. [\#88](https://github.com/chef/chef-vault/pull/88) ([eklein](https://github.com/eklein))
-- Add a short demo as an easy way in [\#87](https://github.com/chef/chef-vault/pull/87) ([aug24](https://github.com/aug24))
 ## [v2.2.1](https://github.com/chef/chef-vault/tree/v2.2.1) (2014-02-26)
-**Implemented enhancements:**
+[Full Changelog](https://github.com/chef/chef-vault/compare/e7d75c65441989ce915a30fc28782748c8a1ed1e...v2.2.1)
-- Add a file-content option to the knife commands [\#42](https://github.com/chef/chef-vault/issues/42)
-- Rotate shared secret when you remove nodes or admins [\#38](https://github.com/chef/chef-vault/issues/38)
-**Fixed bugs:**
-- Fix broken travis ci badge [\#32](https://github.com/chef/chef-vault/issues/32)
-**Closed issues:**
-- A question about keys. [\#85](https://github.com/chef/chef-vault/issues/85)
-- --ADMINS option must be declared as mandatory when creating vault item [\#83](https://github.com/chef/chef-vault/issues/83)
-- Vault UPDATE fails when vault item is created without any ADMINS specified [\#81](https://github.com/chef/chef-vault/issues/81)
-- Changelog.md has a typo in "Released" date of version "v2.2.0" [\#79](https://github.com/chef/chef-vault/issues/79)
-- Release updated gem to rubygems [\#78](https://github.com/chef/chef-vault/issues/78)
-- knife encrypt allows illegal characters in dabag item ID [\#75](https://github.com/chef/chef-vault/issues/75)
-- knife encrypt should store the search query [\#66](https://github.com/chef/chef-vault/issues/66)
-- Allow for printing standard knife formatted output of the entire chef-vault'ed databag [\#62](https://github.com/chef/chef-vault/issues/62)
-- Is there a way to test recipes using ChefVault with test-kitchen? [\#61](https://github.com/chef/chef-vault/issues/61)
-- When is 2.1.0 scheduled for release? [\#59](https://github.com/chef/chef-vault/issues/59)
-- Getting gem load error on windows 2012 chef solo client. [\#57](https://github.com/chef/chef-vault/issues/57)
-- Typo in readme [\#55](https://github.com/chef/chef-vault/issues/55)
-- JSON::ParserError: Unsupported `json\_class` type 'Chef::WebUIUser' [\#54](https://github.com/chef/chef-vault/issues/54)
-- Improve knife commands and order [\#51](https://github.com/chef/chef-vault/issues/51)
-- decrypt should emit json for the entire item [\#50](https://github.com/chef/chef-vault/issues/50)
-- Use a larger key size for the generated secret by default, and allow keysize setting [\#46](https://github.com/chef/chef-vault/issues/46)
-- Usage text is incorrect for `knife encrypt rotate keys` [\#44](https://github.com/chef/chef-vault/issues/44)
-- Solo mode does not create knife data bag from file valid data bag file [\#40](https://github.com/chef/chef-vault/issues/40)
-- ERROR: ChefVault::Exceptions::AdminNotFound for client admins [\#39](https://github.com/chef/chef-vault/issues/39)
-- Warn when knife encrypt --search returns zero results [\#31](https://github.com/chef/chef-vault/issues/31)
-- Clarify that knife encrypt creates databag and data bag items [\#30](https://github.com/chef/chef-vault/issues/30)
-- Titlecase "chef" in README [\#29](https://github.com/chef/chef-vault/issues/29)
-- knife dumps stack trace with Chef 10.24.0 after installing chef-vault gem [\#27](https://github.com/chef/chef-vault/issues/27)
-- Remove Gemfile.lock from repo per Yehuda Katz and add dev dependencies to Gemspec [\#23](https://github.com/chef/chef-vault/issues/23)
-- Setup project to run with Travis CI [\#18](https://github.com/chef/chef-vault/issues/18)
-- Create Rake file to run tests [\#17](https://github.com/chef/chef-vault/issues/17)
-- Add LICENSE file [\#16](https://github.com/chef/chef-vault/issues/16)
-- Add Contributing guidelines [\#15](https://github.com/chef/chef-vault/issues/15)
-- Add changelog [\#14](https://github.com/chef/chef-vault/issues/14)
-- In `chef-vault.rb`, use data\_bag and chef\_config\_file getters instead of instance vars per POODR guidelines [\#9](https://github.com/chef/chef-vault/issues/9)
-- Add RSpec tests for lib/chef-vault.rb [\#7](https://github.com/chef/chef-vault/issues/7)
-- Splitting `admins` var on comma leaves in extraneous whitespace when --admins has spaces [\#5](https://github.com/chef/chef-vault/issues/5)
-- Show better error message when 'certs' or 'passwords' directory is missing from chef-repo/databags/ directory [\#4](https://github.com/chef/chef-vault/issues/4)
-- Readme should be clarified [\#1](https://github.com/chef/chef-vault/issues/1)
-**Merged pull requests:**
-- Add ability to use default administrators [\#84](https://github.com/chef/chef-vault/pull/84) ([dafyddcrosby](https://github.com/dafyddcrosby))
-- Wrong year for recent update [\#82](https://github.com/chef/chef-vault/pull/82) ([lamont](https://github.com/lamont))
-- Fixes \#79: "Released" date of version "v2.2.0" [\#80](https://github.com/chef/chef-vault/pull/80) ([techish1](https://github.com/techish1))
-- Validate ID before saving item [\#77](https://github.com/chef/chef-vault/pull/77) ([eklein](https://github.com/eklein))
-- Store search query & print vault admin data [\#74](https://github.com/chef/chef-vault/pull/74) ([eklein](https://github.com/eklein))
-- Missed replacing "decrypt" w/ "show" in README.md [\#73](https://github.com/chef/chef-vault/pull/73) ([eklein](https://github.com/eklein))
-- Rebased PR on top of jgeiger's merged PR [\#72](https://github.com/chef/chef-vault/pull/72) ([eklein](https://github.com/eklein))
-- Add vault commands, deprecate encrypt, add rotate all keys [\#71](https://github.com/chef/chef-vault/pull/71) ([jgeiger](https://github.com/jgeiger))
-- Fix github user name for repository [\#70](https://github.com/chef/chef-vault/pull/70) ([jgeiger](https://github.com/jgeiger))
-- Fix \#51: update knife commands [\#68](https://github.com/chef/chef-vault/pull/68) ([jgeiger](https://github.com/jgeiger))
-- Fix typos in KNIFE\_EXAMPLES.md [\#67](https://github.com/chef/chef-vault/pull/67) ([jgeiger](https://github.com/jgeiger))
-- Issue 50: Use standard chef/knife formatting for all knife decrypt output [\#64](https://github.com/chef/chef-vault/pull/64) ([eklein](https://github.com/eklein))
-- Issue \#62: Allow for printing entire chef-vault'ed databag [\#63](https://github.com/chef/chef-vault/pull/63) ([eklein](https://github.com/eklein))
-- Fixes \#56: Typo in readme [\#56](https://github.com/chef/chef-vault/pull/56) ([bhicks](https://github.com/bhicks))
-- Addresses \#46, use securerandom to generate secret [\#48](https://github.com/chef/chef-vault/pull/48) ([jtimberman](https://github.com/jtimberman))
-- Fixes \#44: Usage text is incorrect for `knife encrypt rotate keys` [\#45](https://github.com/chef/chef-vault/pull/45) ([jer](https://github.com/jer))
-- Fixing typo in command line option and README: vaules -\> values [\#41](https://github.com/chef/chef-vault/pull/41) ([trinitronx](https://github.com/trinitronx))
-- Fix: open locked file on windows during data\_bag update [\#37](https://github.com/chef/chef-vault/pull/37) ([aseresun](https://github.com/aseresun))
-- Allow any client key to act as admin [\#36](https://github.com/chef/chef-vault/pull/36) ([kisoku](https://github.com/kisoku))
-- move the compat include into the lazy-load [\#35](https://github.com/chef/chef-vault/pull/35) ([spheromak](https://github.com/spheromak))
-- Fix \#32: Correct Travis CI link [\#34](https://github.com/chef/chef-vault/pull/34) ([dougireton](https://github.com/dougireton))
-- Fix \#32: Fix broken travis ci badge [\#33](https://github.com/chef/chef-vault/pull/33) ([dougireton](https://github.com/dougireton))
-- Add Version Badge to Readme [\#26](https://github.com/chef/chef-vault/pull/26) ([dougireton](https://github.com/dougireton))
-- Fixes \#18: Add .travis.yml file [\#25](https://github.com/chef/chef-vault/pull/25) ([dougireton](https://github.com/dougireton))
-- Fixes \#23: Remove Gemfile.lock from repo per Yehuda Katz [\#24](https://github.com/chef/chef-vault/pull/24) ([dougireton](https://github.com/dougireton))
-- Fixes \#15: Add Contributing guide [\#22](https://github.com/chef/chef-vault/pull/22) ([dougireton](https://github.com/dougireton))
-- Fixes \#14: Add initial Changelog [\#21](https://github.com/chef/chef-vault/pull/21) ([dougireton](https://github.com/dougireton))
-- Fixes \#16: Add Apache 2.0 license file and source headers [\#20](https://github.com/chef/chef-vault/pull/20) ([dougireton](https://github.com/dougireton))
-- Fixes \#17: Add initial Rakefile to run specs [\#19](https://github.com/chef/chef-vault/pull/19) ([dougireton](https://github.com/dougireton))
-- Fixes \#9: Use getters instead of instance vars [\#10](https://github.com/chef/chef-vault/pull/10) ([dougireton](https://github.com/dougireton))
-- Fixes \#7: Add rspec tests for chef-vault.rb [\#8](https://github.com/chef/chef-vault/pull/8) ([dougireton](https://github.com/dougireton))
-- Fixes \#2: Split --admins string on ',' and whitespace [\#6](https://github.com/chef/chef-vault/pull/6) ([dougireton](https://github.com/dougireton))
-- Update for compatability with chef10/11 [\#3](https://github.com/chef/chef-vault/pull/3) ([spheromak](https://github.com/spheromak))
-- Fixes \#1: Clarify readme [\#2](https://github.com/chef/chef-vault/pull/2) ([dougireton](https://github.com/dougireton))
-\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*
+\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*

data/appveyor.yml ADDED

@@ -0,0 +1,33 @@
+version: "master-{build}"
+os: Windows Server 2012 R2
+platform:
+  - x64
+clone_depth: 1
+skip_tags: true
+skip_branch_with_pr: true
+branches:
+  only:
+    - master
+# caching vendor/bundle appears to break horribly in the face of gems checked out of git
+# cache:
+#   - vendor/bundle
+install:
+  - ps: iex (irm https://omnitruck.chef.io/install.ps1); Install-Project -Project chefdk -channel stable
+  - bundle config --local path vendor/bundle
+  - SET CI=true
+  - SET BUNDLE_WITHOUT=changelog:style
+build_script:
+  - ps: c:\opscode\chefdk\bin\chef.bat shell-init powershell | iex
+  - bundle install || bundle install || bundle install
+test_script:
+  - SET SPEC_OPTS=--format progress
+  - c:\opscode\chefdk\bin\chef.bat exec bundle exec rake spec
+  # aruba on windows seems pretty terribadly broken: https://github.com/cucumber/aruba/pull/422
+  # - c:\opscode\chefdk\bin\chef.bat exec bundle exec cucumber
+  - c:\opscode\chefdk\bin\chef.bat exec bundle exec rake style

data/chef-vault.gemspec CHANGED

@@ -17,9 +17,14 @@
 $:.push File.expand_path("../lib", __FILE__)
 require "chef-vault/version"
+def prerelease?
+  ENV["TRAVIS"] && !ENV["TRAVIS_TAG"]
+end
 Gem::Specification.new do |s|
   s.name             = "chef-vault"
   s.version          = ChefVault::VERSION
+  s.version          = "#{s.version}-pre#{ENV['TRAVIS_BUILD_NUMBER']}" if prerelease?
   s.has_rdoc         = true
   s.authors          = ["Thom May"]
   s.email            = ["thom@chef.io"]

data/features/clean_on_refresh.feature CHANGED

@@ -18,7 +18,7 @@ Feature: clean unknown clients on vault refresh
     Given a local mode chef repo with nodes 'one,two,three'
     And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three'
     Then the vault item 'test/item' should be encrypted for 'one,two,three'
-    And I delete client 'one' from the Chef server
+    And I delete node 'one' from the Chef server
     And I refresh the vault item 'test/item' with the 'clean-unknown-clients' option
     Then the output should contain "Removing unknown client 'one'"
     And the vault item 'test/item' should be encrypted for 'two,three'

data/features/clean_unknown_clients.feature CHANGED

@@ -1,29 +1,17 @@
 Feature: clean unknown clients on key rotation
   When removing a client from a vault item, chef-vault normally
-  removes the key and then rotates the key.  If a client has been
+  removes the key and then rotates the key.  If a node has been
   deleted in the meantime from the Chef server but not the vault,
   the rotation will fail due to that client's public key missing.
   Using the --clean-unknown-clients switch will cause any clients
   that have been removed to be removed from the vault item's
   access list as well
-  Scenario: Prune clients when removing a client
-    Given a local mode chef repo with nodes 'one,two,three'
-    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three'
-    Then the vault item 'test/item' should be encrypted for 'one,two,three'
-    And I delete client 'one' from the Chef server
-    And I remove client 'two' from vault item 'test/item' with the 'clean-unknown-clients' option
-    Then the output should contain "Removing unknown client 'one'"
-    And the vault item 'test/item' should be encrypted for 'three'
-    And the vault item 'test/item' should not be encrypted for 'one,two'
-    And 'three' should be a client for the vault item 'test/item'
-    And 'one,two' should not be a client for the vault item 'test/item'
   Scenario: Prune clients when rotating keys
     Given a local mode chef repo with nodes 'one,two,three'
     And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three'
     Then the vault item 'test/item' should be encrypted for 'one,two,three'
-    And I delete client 'one' from the Chef server
+    And I delete node 'one' from the Chef server
     And I rotate the keys for vault item 'test/item' with the 'clean-unknown-clients' option
     Then the output should contain "Removing unknown client 'one'"
     And the vault item 'test/item' should be encrypted for 'two,three'
@@ -35,7 +23,7 @@ Feature: clean unknown clients on key rotation
     Given a local mode chef repo with nodes 'one,two,three'
     And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three'
     Then the vault item 'test/item' should be encrypted for 'one,two,three'
-    And I delete clients 'one,two' from the Chef server
+    And I delete nodes 'one,two' from the Chef server
     And I rotate all keys with the 'clean-unknown-clients' option
     Then the output should contain "Removing unknown client 'one'"
     And the output should contain "Removing unknown client 'two'"

data/lib/chef-vault/item.rb CHANGED

@@ -172,6 +172,9 @@ class ChefVault
     def rotate_keys!(clean_unknown_clients = false)
       @secret = generate_secret
+      # clean existing encrypted data for clients/admins
+      keys.clear_encrypted
       unless get_clients.empty?
         # a bit of a misnomer; this doesn't remove unknown
         # admins, just clients which are nodes
@@ -411,15 +414,11 @@ class ChefVault
     # checks if a node exists on the Chef server by performing
     # a search against the node index.  If the search returns no
-    # results, the node does not exist.  If it does return results,
-    # check if there is a matching client
+    # results, the node does not exist.
     # @param nodename [String] the name of the node
     # @return [Boolean] whether the node exists or not
     def node_exists?(nodename)
-      # if we don't have a client it really doesn't matter if we have a node.
-      if client_exists?(nodename)
-        search_results.include?(nodename)
-      end
+      search_results.include?(nodename)
     end
     # checks if a client exists on the Chef server.  If we get back

data/lib/chef-vault/item_keys.rb CHANGED

@@ -39,7 +39,7 @@ class ChefVault
       ckey = @cache[key]
       return ckey unless ckey.nil?
       # check if the key is saved in sparse mode
-      skey = sparse_key(sparse_id(key))
+      skey = sparse_key(sparse_id(key)) if sparse?
       if skey
         skey[key]
       else
@@ -53,7 +53,7 @@ class ChefVault
       ckey = @cache[key]
       return (ckey ? true : false) unless ckey.nil?
       # check if the key is saved in sparse mode
-      return true unless sparse_key(sparse_id(key)).nil?
+      return true if sparse? && sparse_key(sparse_id(key))
       # fallback to non-sparse mode if sparse key is not found
       @raw_data.keys.include?(key)
     end
@@ -64,14 +64,21 @@ class ChefVault
         raise ChefVault::Exceptions::V1Format,
               "cannot manage a v1 vault.  See UPGRADE.md for help"
       end
-      @cache[chef_key.name] = ChefVault::ItemKeys.encode_key(chef_key.key, data_bag_shared_secret)
+      @cache[chef_key.name] = self[chef_key.name] || ChefVault::ItemKeys.encode_key(chef_key.key, data_bag_shared_secret)
       @raw_data[type] << chef_key.name unless @raw_data[type].include?(chef_key.name)
       @raw_data[type]
     end
+    def clear_encrypted
+      @cache.clear
+      self["clients"].each { |client| @raw_data.delete(client) }
+      self["admins"].each { |admin| @raw_data.delete(admin) }
+    end
     def delete(chef_key)
       @cache[chef_key.name] = false
       raw_data[chef_key.type].delete(chef_key.name)
+      raw_data.delete(chef_key.name)
     end
     def mode(mode = nil)
@@ -213,6 +220,10 @@ class ChefVault
     # @private
+    def sparse?
+      @raw_data["mode"] == "sparse"
+    end
     def sparse_id(key, item_id = @raw_data["id"])
       "#{item_id.chomp("_keys")}_key_#{key}"
     end

data/lib/chef-vault/version.rb CHANGED

@@ -15,6 +15,6 @@
 # limitations under the License.
 class ChefVault
-  VERSION = "3.0.3"
+  VERSION = "3.1.0"
   MAJOR, MINOR, TINY = VERSION.split(".")
 end

data/lib/chef/knife/vault_create.rb CHANGED

@@ -87,7 +87,7 @@ class Chef
                 vault_item["file-content"] = File.open(file) { |f| f.read() }
               end
             else
-              vault_json = edit_data({})
+              vault_json = edit_hash({})
               vault_json.each do |key, value|
                 vault_item[key] = value
               end

data/spec/chef-vault/item_keys_spec.rb CHANGED

@@ -36,12 +36,27 @@ RSpec.describe ChefVault::ItemKeys do
             keys.delete(chef_key)
           end
-          it "stores the encoded key in the data bag item under the actor's name and the name in the raw data" do
-            expect(described_class).to receive(:encode_key).with(public_key_string, shared_secret).and_return("encrypted_result")
-            keys.add(chef_key, shared_secret)
-            expect(keys[name]).to eq("encrypted_result")
-            expect(keys[type].include?(name)).to eq(true)
-            expect(keys.include?(name)).to eq(true)
+          context "when key is already there" do
+            it "keeps the encoded key in the data bag item under the actor's name and the name in the raw data" do
+              expect(described_class).not_to receive(:encode_key).with(public_key_string, shared_secret)
+              keys.add(chef_key, shared_secret)
+              expect(keys[name]).not_to be_empty
+              expect(keys[type].include?(name)).to eq(true)
+              expect(keys.include?(name)).to eq(true)
+            end
+          end
+          context "when keys not already there" do
+            before do
+              keys.delete(chef_key)
+            end
+            it "stores the encoded key in the data bag item under the actor's name and the name in the raw data" do
+              expect(described_class).to receive(:encode_key).with(public_key_string, shared_secret).and_return("encrypted_result")
+              keys.add(chef_key, shared_secret)
+              expect(keys[name]).to eq("encrypted_result")
+              expect(keys[type].include?(name)).to eq(true)
+              expect(keys.include?(name)).to eq(true)
+            end
           end
         end

data/spec/chef-vault/item_spec.rb CHANGED

@@ -5,6 +5,11 @@ RSpec.describe ChefVault::Item do
   before do
     item["foo"] = "bar"
+    http_response = double("http_response")
+    allow(http_response).to receive(:code).and_return("404")
+    non_existing = Net::HTTPServerException.new("http error message", http_response)
+    allow(Chef::DataBagItem).to receive(:load).with(anything, /_key_/).and_raise(non_existing)
   end
   describe "vault probe predicates" do

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chef-vault
 version: !ruby/object:Gem::Version
-  version: 3.0.3
+  version: 3.1.0
 platform: ruby
 authors:
 - Thom May
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-05-03 00:00:00.000000000 Z
+date: 2017-07-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -116,6 +116,7 @@ files:
 - Rakefile
 - THEORY.md
 - UPGRADE.md
+- appveyor.yml
 - bin/chef-vault
 - chef-vault.gemspec
 - features/clean.feature
@@ -193,7 +194,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.4.8
+rubygems_version: 2.6.11
 signing_key:
 specification_version: 4
 summary: Data encryption support for Chef using data bags