RubyGems - chef-vault - Versions diffs - 3.0.3 → 3.1.0 - Mend

chef-vault 3.0.3 → 3.1.0

Files changed (14) hide show

checksums.yaml +4 -4
data/.travis.yml +12 -3
data/Changelog.md +47 -238
data/appveyor.yml +33 -0
data/chef-vault.gemspec +5 -0
data/features/clean_on_refresh.feature +1 -1
data/features/clean_unknown_clients.feature +3 -15
data/lib/chef-vault/item.rb +5 -6
data/lib/chef-vault/item_keys.rb +14 -3
data/lib/chef-vault/version.rb +1 -1
data/lib/chef/knife/vault_create.rb +1 -1
data/spec/chef-vault/item_keys_spec.rb +21 -6
data/spec/chef-vault/item_spec.rb +5 -0
metadata +4 -3

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 41d30528b3f19c62a98a3f8de9bca62aae938558
-  data.tar.gz: b145884ac5edef7217845114c11b3a6ff522d17b
+  metadata.gz: 416703868d576d9b4d982942231ade93be3275ab
+  data.tar.gz: 9e979c65cca7f7135597858631f7eef97c5abb3e
 SHA512:
-  metadata.gz: 1576f97fdbf10afbfad93d17bd1dd073e41c30ebc3e00832d55c1d08e18d39dc905db733de55c049ef7d949b0956ac912cd72f6c7c5a34d9c478bcccd55cb068
-  data.tar.gz: d8c37f6d60d65ee966ed26759c4cbf8b35719abcd19f8d4126f55dcf781b8d85d2eea910743c94ae842b43d20e816b6a30768f024d39b8b994efd4d0cd2d7879
+  metadata.gz: 55a98786c9b1329d75645d9ec2e092079cd929a08c72a3c8af82f0bac0575fea2a64f2ed8a0fd5e2b2637fcf6ae97467db6650945cc87b06984bcad7401fb869
+  data.tar.gz: 7099c41898ca19a7e37850a9dc773ef1543a000b8ffc2ba712e4614d07b1ddcb5f377f22fdb930c64869c9ee534759526cb6211422d46ad8952cbb6f3ff92286

data/.travis.yml CHANGED

@@ -1,10 +1,19 @@
 language: ruby
 branches:
   only:
-    - master
+  - master
 rvm:
-  - "2.2.5"
-  - "2.3.1"
+- 2.2.5
+- 2.3.1
+- 2.4.1
 install: bundle install --binstubs --without changelog
 before_install: gem install bundler
 env: TRAVIS_BUILD=true
+deploy:
+  provider: rubygems
+  api_key:
+    secure: NNbOEQWaX+67bsMd1A/BB5lxd2dDzx+4uYsKxSvhVvx34UixKoLRmPhGJr0WapndsXdnG+crPpx3gpseOfJ3u42uNHQI9ASsgOOgmEiJKcW/MO/IQReRI998+XH2A4QLfLQ4JIWjpl8KNZCJSCp7w1LnDV6imy7FSM0mWS+3Lzk=
+  gem: chef-vault
+  on:
+    repo: chef/chef-vault
+    branch: master

data/Changelog.md CHANGED

@@ -1,11 +1,37 @@
 # Change Log
+## [v3.1.0](https://github.com/chef/chef-vault/tree/v3.1.0) (2017-07-04)
+[Full
+Changelog](https://github.com/chef/chef-vault/compare/v3.0.3...v3.1.0)
+**Implemented enhancements:**
+- Assume all nodes matching the search query are valid nodes [\#272](https://github.com/chef/chef-vault/pull/272) ([kamaradclimber](https://github.com/kamaradclimber))
+- Avoid re-encrypting key for all existing clients [\#269](https://github.com/chef/chef-vault/pull/269) ([kamaradclimber](https://github.com/kamaradclimber))
+**Fixed bugs:**
+- Fix fatal error during create [\#281](https://github.com/chef/chef-vault/pull/281) ([neclimdul](https://github.com/neclimdul))
+- Avoid sparse key read for non sparse secrets [\#280](https://github.com/chef/chef-vault/pull/280) ([kamaradclimber](https://github.com/kamaradclimber))
+- Make sure sparse mode is used on secrets where it is explicit [\#271](https://github.com/chef/chef-vault/pull/271) ([kamaradclimber](https://github.com/kamaradclimber))
+## [v3.0.3](https://github.com/chef/chef-vault/tree/v3.0.3) (2017-05-03)
+[Full Changelog](https://github.com/chef/chef-vault/compare/v3.0.2...v3.0.3)
+**Fixed bugs:**
+- Reduce the search response limit from 100k to 10k [\#275](https://github.com/chef/chef-vault/pull/275) ([btm](https://github.com/btm))
+- Replace edit\_data\(\) with edit\_hash\(\) in vault\_edit.rb [\#274](https://github.com/chef/chef-vault/pull/274) ([tmaczukin](https://github.com/tmaczukin))
+## [v3.0.2](https://github.com/chef/chef-vault/tree/v3.0.2) (2017-04-20)
+[Full Changelog](https://github.com/chef/chef-vault/compare/v3.0.1...v3.0.2)
 ## [v3.0.1](https://github.com/chef/chef-vault/tree/v3.0.1) (2017-04-11)
 [Full Changelog](https://github.com/chef/chef-vault/compare/v3.0.0...v3.0.1)
 **Fixed bugs:**
-- Only have a development dependency on Chef.
+- Change the chef dependency to development only [\#266](https://github.com/chef/chef-vault/pull/266) ([thommay](https://github.com/thommay))
 ## [v3.0.0](https://github.com/chef/chef-vault/tree/v3.0.0) (2017-04-10)
 [Full Changelog](https://github.com/chef/chef-vault/compare/v2.9.1...v3.0.0)
@@ -13,22 +39,34 @@
 **Implemented enhancements:**
 - Vault creation, list, and destruction in sparse mode [\#252](https://github.com/chef/chef-vault/pull/252) ([rveznaver](https://github.com/rveznaver))
+## [v2.9.1](https://github.com/chef/chef-vault/tree/v2.9.1) (2017-01-19)
+[Full Changelog](https://github.com/chef/chef-vault/compare/v3.0.0.rc2...v2.9.1)
+## [v3.0.0.rc2](https://github.com/chef/chef-vault/tree/v3.0.0.rc2) (2016-12-05)
+[Full Changelog](https://github.com/chef/chef-vault/compare/v3.0.0.rc1...v3.0.0.rc2)
+**Implemented enhancements:**
 - Add feature to save each key in different data bag item [\#246](https://github.com/chef/chef-vault/pull/246) ([rveznaver](https://github.com/rveznaver))
 - Enable testing with Chef Zero [\#244](https://github.com/chef/chef-vault/pull/244) ([rveznaver](https://github.com/rveznaver))
 - Minimize the number of searches [\#243](https://github.com/chef/chef-vault/pull/243) ([thommay](https://github.com/thommay))
 - Optimise queries when finding nodes [\#240](https://github.com/chef/chef-vault/pull/240) ([thommay](https://github.com/thommay))
-- Removed deprecated knife commands [\#236](https://github.com/chef/chef-vault/pull/236) ([thommay](https://github.com/thommay))
-- rename ChefKey to Actor [\#234](https://github.com/chef/chef-vault/pull/234) ([thommay](https://github.com/thommay))
-- Move to using a logger for all user output [\#232](https://github.com/chef/chef-vault/pull/232) ([thommay](https://github.com/thommay))
-- Add support for clients [\#227](https://github.com/chef/chef-vault/pull/227) ([svanharmelen](https://github.com/svanharmelen))
 **Fixed bugs:**
 - Use solo\_legacy\_mode fully [\#242](https://github.com/chef/chef-vault/pull/242) ([thommay](https://github.com/thommay))
 - Use legacy solo mode [\#241](https://github.com/chef/chef-vault/pull/241) ([thommay](https://github.com/thommay))
-## [v2.9.1](https://github.com/chef/chef-vault/tree/v2.9.1) (2017-01-19)
-[Full Changelog](https://github.com/chef/chef-vault/compare/v3.0.0.rc2...v2.9.1)
+## [v3.0.0.rc1](https://github.com/chef/chef-vault/tree/v3.0.0.rc1) (2016-10-21)
+[Full Changelog](https://github.com/chef/chef-vault/compare/v2.9.0...v3.0.0.rc1)
+**Implemented enhancements:**
+- Removed deprecated knife commands [\#236](https://github.com/chef/chef-vault/pull/236) ([thommay](https://github.com/thommay))
+- rename ChefKey to Actor [\#234](https://github.com/chef/chef-vault/pull/234) ([thommay](https://github.com/thommay))
+- Move to using a logger for all user output [\#232](https://github.com/chef/chef-vault/pull/232) ([thommay](https://github.com/thommay))
+- Add support for clients [\#227](https://github.com/chef/chef-vault/pull/227) ([svanharmelen](https://github.com/svanharmelen))
 ## [v2.9.0](https://github.com/chef/chef-vault/tree/v2.9.0) (2016-04-08)
 [Full Changelog](https://github.com/chef/chef-vault/compare/v2.8.0...v2.9.0)
@@ -46,271 +84,42 @@
 ## [v2.8.0](https://github.com/chef/chef-vault/tree/v2.8.0) (2016-02-09)
 [Full Changelog](https://github.com/chef/chef-vault/compare/v2.8.0.rc1...v2.8.0)
-**Merged pull requests:**
-- UPGRADE: fixed a typo [\#198](https://github.com/chef/chef-vault/pull/198) ([joonas](https://github.com/joonas))
-- adds link to Chef Vault blog post to README [\#197](https://github.com/chef/chef-vault/pull/197) ([nellshamrell](https://github.com/nellshamrell))
 ## [v2.8.0.rc1](https://github.com/chef/chef-vault/tree/v2.8.0.rc1) (2016-01-29)
 [Full Changelog](https://github.com/chef/chef-vault/compare/v2.7.1...v2.8.0.rc1)
-**Merged pull requests:**
-- Deal with more than 1000 nodes [\#196](https://github.com/chef/chef-vault/pull/196) ([thommay](https://github.com/thommay))
 ## [v2.7.1](https://github.com/chef/chef-vault/tree/v2.7.1) (2016-01-25)
 [Full Changelog](https://github.com/chef/chef-vault/compare/v2.7.0...v2.7.1)
 ## [v2.7.0](https://github.com/chef/chef-vault/tree/v2.7.0) (2016-01-25)
 [Full Changelog](https://github.com/chef/chef-vault/compare/v2.6.1...v2.7.0)
-**Fixed bugs:**
-- Should warn/error when modifying 1.x items [\#52](https://github.com/chef/chef-vault/issues/52)
-**Closed issues:**
-- Support data\_bag\_path arrays [\#191](https://github.com/chef/chef-vault/issues/191)
-- Refresh fails if no search expression is set [\#188](https://github.com/chef/chef-vault/issues/188)
-- knife vault create is failing  [\#187](https://github.com/chef/chef-vault/issues/187)
-- Issues with knife bootstrap --bootstrap-vault-item [\#185](https://github.com/chef/chef-vault/issues/185)
-- Can't create anything.  [\#183](https://github.com/chef/chef-vault/issues/183)
-- knife vault refresh broken - chefdk0.7.0/chef11.1.1 [\#182](https://github.com/chef/chef-vault/issues/182)
-- Environment Permissions [\#181](https://github.com/chef/chef-vault/issues/181)
-- Knife vault stopped working after chefdk & chef-client upgrade [\#180](https://github.com/chef/chef-vault/issues/180)
-- Chef 12.4.0 breaks user patch [\#176](https://github.com/chef/chef-vault/issues/176)
-- vault refresh broken with chef 12.4.0 [\#175](https://github.com/chef/chef-vault/issues/175)
-**Merged pull requests:**
-- Correctly handle an array of data\_bag paths [\#192](https://github.com/chef/chef-vault/pull/192) ([thommay](https://github.com/thommay))
-- add recognition of 'name' in response [\#184](https://github.com/chef/chef-vault/pull/184) ([lhandl](https://github.com/lhandl))
-- typo in THEORY.md [\#179](https://github.com/chef/chef-vault/pull/179) ([mindyor](https://github.com/mindyor))
-- Detect when trying to manage a v1 vault [\#173](https://github.com/chef/chef-vault/pull/173) ([jf647](https://github.com/jf647))
 ## [v2.6.1](https://github.com/chef/chef-vault/tree/v2.6.1) (2015-05-28)
 [Full Changelog](https://github.com/chef/chef-vault/compare/v2.6.0...v2.6.1)
-**Closed issues:**
-- Permission Issue - Missing Read Permission [\#171](https://github.com/chef/chef-vault/issues/171)
--   undefined method `vault' for Chef::Resource::User [\#170](https://github.com/chef/chef-vault/issues/170)
-- ChefVault::Item.refresh [\#168](https://github.com/chef/chef-vault/issues/168)
-**Merged pull requests:**
-- Only load the parts of chef we actually use [\#172](https://github.com/chef/chef-vault/pull/172) ([danielsdeleo](https://github.com/danielsdeleo))
-- Remove dependency on rspec-its gem [\#169](https://github.com/chef/chef-vault/pull/169) ([dougireton](https://github.com/dougireton))
-- Add gitter.im [\#167](https://github.com/chef/chef-vault/pull/167) ([jf647](https://github.com/jf647))
 ## [v2.6.0](https://github.com/chef/chef-vault/tree/v2.6.0) (2015-05-13)
 [Full Changelog](https://github.com/chef/chef-vault/compare/v2.5.0...v2.6.0)
-**Implemented enhancements:**
-- `ChefVault::Item` should not define `\#keys` method. [\#158](https://github.com/chef/chef-vault/issues/158)
-- Add --clean to refresh option [\#151](https://github.com/chef/chef-vault/issues/151)
-- Allow clients \(without a node\) to be returned via searches. [\#150](https://github.com/chef/chef-vault/issues/150)
-- Need validation for item id: property [\#149](https://github.com/chef/chef-vault/issues/149)
-- Add helper to get the keys of a vault item [\#142](https://github.com/chef/chef-vault/issues/142)
-- Add knife vault show vaultname [\#141](https://github.com/chef/chef-vault/issues/141)
-- Knife Vault Refresh Not Running on Server 2012R2 [\#129](https://github.com/chef/chef-vault/issues/129)
-**Closed issues:**
-- knife vault create examples using node/client names? [\#157](https://github.com/chef/chef-vault/issues/157)
-- Unable to create a chef vault secret from a recipe [\#154](https://github.com/chef/chef-vault/issues/154)
-- knife boostrap not picking up nodes from search query of vaults [\#148](https://github.com/chef/chef-vault/issues/148)
-- Cannot update vault item [\#116](https://github.com/chef/chef-vault/issues/116)
-- Refresh did not re-encrypt for an admin's new key [\#145](https://github.com/chef/chef-vault/issues/145)
-- Chef 12.1.0 warning [\#143](https://github.com/chef/chef-vault/issues/143)
-**Merged pull requests:**
-- Add vault probing predicates [\#165](https://github.com/chef/chef-vault/pull/165) ([jf647](https://github.com/jf647))
-- Allow the node name and path to the client key to be specified [\#163](https://github.com/chef/chef-vault/pull/163) ([jf647](https://github.com/jf647))
-- Add a \#raw\_keys method to ChefVault::Item [\#162](https://github.com/chef/chef-vault/pull/162) ([jf647](https://github.com/jf647))
-- Enhance 'knife vault show' to list vault items [\#161](https://github.com/chef/chef-vault/pull/161) ([jf647](https://github.com/jf647))
-- Validate that the vault id hasn't changed since the \_keys item was created [\#160](https://github.com/chef/chef-vault/pull/160) ([jf647](https://github.com/jf647))
-- Add --clean-unknown-clients to 'knife vault refresh' [\#159](https://github.com/chef/chef-vault/pull/159) ([jf647](https://github.com/jf647))
-- Let ChefVault::Item\#clients accept a Chef::ApiClient instead of a search... [\#156](https://github.com/chef/chef-vault/pull/156) ([jf647](https://github.com/jf647))
-- Allow ruby 1.9.3 to fail on Travis [\#155](https://github.com/chef/chef-vault/pull/155) ([jf647](https://github.com/jf647))
-- Update docs to reflect the new compile\_time attribute of chef\_gem [\#144](https://github.com/chef/chef-vault/pull/144) ([jf647](https://github.com/jf647))
-- very minor correction to typo [\#139](https://github.com/chef/chef-vault/pull/139) ([Dispader](https://github.com/Dispader))
-- Release 2.6.0 [\#164](https://github.com/chef/chef-vault/pull/164) ([jf647](https://github.com/jf647))
 ## [v2.5.0](https://github.com/chef/chef-vault/tree/v2.5.0) (2015-02-09)
 [Full Changelog](https://github.com/chef/chef-vault/compare/v2.4.0...v2.5.0)
-**Implemented enhancements:**
-- knife vault list [\#97](https://github.com/chef/chef-vault/issues/97)
-- Add chef-vault.bat to bin for windows users [\#60](https://github.com/chef/chef-vault/issues/60)
-- OpenSSL error if private key does not match used public key [\#43](https://github.com/chef/chef-vault/issues/43)
-- Skip missing/invalid client rather than raising exception [\#127](https://github.com/chef/chef-vault/issues/127)
-**Fixed bugs:**
-- 2.4.0 was not tagged in github [\#128](https://github.com/chef/chef-vault/issues/128)
-- clean\_unknown\_clients not working [\#133](https://github.com/chef/chef-vault/issues/133)
-- Skip missing/invalid client rather than raising exception [\#127](https://github.com/chef/chef-vault/issues/127)
-**Closed issues:**
-- Support pruning of deleted clients from vault access list when rotating keys [\#123](https://github.com/chef/chef-vault/issues/123)
-- knife subcommands fail in cryptic fashion if you don't set --mode [\#117](https://github.com/chef/chef-vault/issues/117)
-- vault commands force -A or knife.rb :vault\_admins [\#89](https://github.com/chef/chef-vault/issues/89)
-- Add RSpec tests for chef-vault/chef/offline.rb [\#13](https://github.com/chef/chef-vault/issues/13)
-- Need theory of operations/architecture documentation [\#109](https://github.com/chef/chef-vault/issues/109)
 ## [v2.4.0](https://github.com/chef/chef-vault/tree/v2.4.0) (2014-12-03)
 [Full Changelog](https://github.com/chef/chef-vault/compare/v2.3.0...v2.4.0)
-**Closed issues:**
-- Create, Refresh and Update behaviours [\#118](https://github.com/chef/chef-vault/issues/118)
-- vault refresh remove clients from keys data bag? [\#111](https://github.com/chef/chef-vault/issues/111)
-- There doesnt seem to be a way to remove authorized client from vault\_keys [\#103](https://github.com/chef/chef-vault/issues/103)
-**Merged pull requests:**
-- Upgrade to RSpec 3.1 and disable monkey-patching [\#122](https://github.com/chef/chef-vault/pull/122) ([dougireton](https://github.com/dougireton))
 ## [v2.3.0](https://github.com/chef/chef-vault/tree/v2.3.0) (2014-10-22)
 [Full Changelog](https://github.com/chef/chef-vault/compare/v2.2.4...v2.3.0)
-**Closed issues:**
-- Please push missing tags \(especially \> 2.2.1\) [\#119](https://github.com/chef/chef-vault/issues/119)
-- Vault subcommands not showing for knife [\#114](https://github.com/chef/chef-vault/issues/114)
-- cannot get client public\_key [\#113](https://github.com/chef/chef-vault/issues/113)
-- Key update methods [\#105](https://github.com/chef/chef-vault/issues/105)
-**Merged pull requests:**
-- Add a knife vault download command for downloading encrypted files [\#104](https://github.com/chef/chef-vault/pull/104) ([justinlocsei](https://github.com/justinlocsei))
 ## [v2.2.4](https://github.com/chef/chef-vault/tree/v2.2.4) (2014-07-17)
 [Full Changelog](https://github.com/chef/chef-vault/compare/v2.2.3...v2.2.4)
-**Closed issues:**
-- Improvement: easier way to update stored search for an item [\#110](https://github.com/chef/chef-vault/issues/110)
-- Missing refresh command  [\#106](https://github.com/chef/chef-vault/issues/106)
-- Add RSpec tests for chef-vault/certificate.rb [\#12](https://github.com/chef/chef-vault/issues/12)
-- Add RSpec tests for chef-vault/user.rb [\#11](https://github.com/chef/chef-vault/issues/11)
-**Merged pull requests:**
-- Improved tests [\#112](https://github.com/chef/chef-vault/pull/112) ([rastasheep](https://github.com/rastasheep))
 ## [v2.2.3](https://github.com/chef/chef-vault/tree/v2.2.3) (2014-06-24)
 [Full Changelog](https://github.com/chef/chef-vault/compare/v2.2.2...v2.2.3)
 ## [v2.2.2](https://github.com/chef/chef-vault/tree/v2.2.2) (2014-06-03)
 [Full Changelog](https://github.com/chef/chef-vault/compare/v2.2.1...v2.2.2)
-**Closed issues:**
-- cannot load such file -- chef/user [\#102](https://github.com/chef/chef-vault/issues/102)
-- Reapply Search [\#95](https://github.com/chef/chef-vault/issues/95)
-- knife vault create thows "can't convert Array into String \(TypeError\)" [\#94](https://github.com/chef/chef-vault/issues/94)
-- ChefVault::Exceptions::KeysNotFound in test kitchen [\#92](https://github.com/chef/chef-vault/issues/92)
-- Undefined method join for nil class [\#91](https://github.com/chef/chef-vault/issues/91)
-- Purpose of `rotate keys` [\#90](https://github.com/chef/chef-vault/issues/90)
-**Merged pull requests:**
-- Add gem\_tasks to Rakefile so you can do `rake release` [\#98](https://github.com/chef/chef-vault/pull/98) ([dougireton](https://github.com/dougireton))
-- Fixes \#95 - Adding reapply command [\#96](https://github.com/chef/chef-vault/pull/96) ([pdalinis](https://github.com/pdalinis))
-- knife.rb node name is default admin [\#93](https://github.com/chef/chef-vault/pull/93) ([jgeiger](https://github.com/jgeiger))
-- Fixed minor formatting in README to allow the vault\_admins info to display properly. [\#88](https://github.com/chef/chef-vault/pull/88) ([eklein](https://github.com/eklein))
-- Add a short demo as an easy way in [\#87](https://github.com/chef/chef-vault/pull/87) ([aug24](https://github.com/aug24))
 ## [v2.2.1](https://github.com/chef/chef-vault/tree/v2.2.1) (2014-02-26)
-**Implemented enhancements:**
+[Full Changelog](https://github.com/chef/chef-vault/compare/e7d75c65441989ce915a30fc28782748c8a1ed1e...v2.2.1)
-- Add a file-content option to the knife commands [\#42](https://github.com/chef/chef-vault/issues/42)
-- Rotate shared secret when you remove nodes or admins [\#38](https://github.com/chef/chef-vault/issues/38)
-**Fixed bugs:**
-- Fix broken travis ci badge [\#32](https://github.com/chef/chef-vault/issues/32)
-**Closed issues:**
-- A question about keys. [\#85](https://github.com/chef/chef-vault/issues/85)
-- --ADMINS option must be declared as mandatory when creating vault item [\#83](https://github.com/chef/chef-vault/issues/83)
-- Vault UPDATE fails when vault item is created without any ADMINS specified [\#81](https://github.com/chef/chef-vault/issues/81)
-- Changelog.md has a typo in "Released" date of version "v2.2.0" [\#79](https://github.com/chef/chef-vault/issues/79)
-- Release updated gem to rubygems [\#78](https://github.com/chef/chef-vault/issues/78)
-- knife encrypt allows illegal characters in dabag item ID [\#75](https://github.com/chef/chef-vault/issues/75)
-- knife encrypt should store the search query [\#66](https://github.com/chef/chef-vault/issues/66)
-- Allow for printing standard knife formatted output of the entire chef-vault'ed databag [\#62](https://github.com/chef/chef-vault/issues/62)
-- Is there a way to test recipes using ChefVault with test-kitchen? [\#61](https://github.com/chef/chef-vault/issues/61)
-- When is 2.1.0 scheduled for release? [\#59](https://github.com/chef/chef-vault/issues/59)
-- Getting gem load error on windows 2012 chef solo client. [\#57](https://github.com/chef/chef-vault/issues/57)
-- Typo in readme [\#55](https://github.com/chef/chef-vault/issues/55)
-- JSON::ParserError: Unsupported `json\_class` type 'Chef::WebUIUser' [\#54](https://github.com/chef/chef-vault/issues/54)
-- Improve knife commands and order [\#51](https://github.com/chef/chef-vault/issues/51)
-- decrypt should emit json for the entire item [\#50](https://github.com/chef/chef-vault/issues/50)
-- Use a larger key size for the generated secret by default, and allow keysize setting [\#46](https://github.com/chef/chef-vault/issues/46)
-- Usage text is incorrect for `knife encrypt rotate keys` [\#44](https://github.com/chef/chef-vault/issues/44)
-- Solo mode does not create knife data bag from file valid data bag file [\#40](https://github.com/chef/chef-vault/issues/40)
-- ERROR: ChefVault::Exceptions::AdminNotFound for client admins [\#39](https://github.com/chef/chef-vault/issues/39)
-- Warn when knife encrypt --search returns zero results [\#31](https://github.com/chef/chef-vault/issues/31)
-- Clarify that knife encrypt creates databag and data bag items [\#30](https://github.com/chef/chef-vault/issues/30)
-- Titlecase "chef" in README [\#29](https://github.com/chef/chef-vault/issues/29)
-- knife dumps stack trace with Chef 10.24.0 after installing chef-vault gem [\#27](https://github.com/chef/chef-vault/issues/27)
-- Remove Gemfile.lock from repo per Yehuda Katz and add dev dependencies to Gemspec [\#23](https://github.com/chef/chef-vault/issues/23)
-- Setup project to run with Travis CI [\#18](https://github.com/chef/chef-vault/issues/18)
-- Create Rake file to run tests [\#17](https://github.com/chef/chef-vault/issues/17)
-- Add LICENSE file [\#16](https://github.com/chef/chef-vault/issues/16)
-- Add Contributing guidelines [\#15](https://github.com/chef/chef-vault/issues/15)
-- Add changelog [\#14](https://github.com/chef/chef-vault/issues/14)
-- In `chef-vault.rb`, use data\_bag and chef\_config\_file getters instead of instance vars per POODR guidelines [\#9](https://github.com/chef/chef-vault/issues/9)
-- Add RSpec tests for lib/chef-vault.rb [\#7](https://github.com/chef/chef-vault/issues/7)
-- Splitting `admins` var on comma leaves in extraneous whitespace when --admins has spaces [\#5](https://github.com/chef/chef-vault/issues/5)
-- Show better error message when 'certs' or 'passwords' directory is missing from chef-repo/databags/ directory [\#4](https://github.com/chef/chef-vault/issues/4)
-- Readme should be clarified [\#1](https://github.com/chef/chef-vault/issues/1)
-**Merged pull requests:**
-- Add ability to use default administrators [\#84](https://github.com/chef/chef-vault/pull/84) ([dafyddcrosby](https://github.com/dafyddcrosby))
-- Wrong year for recent update [\#82](https://github.com/chef/chef-vault/pull/82) ([lamont](https://github.com/lamont))
-- Fixes \#79: "Released" date of version "v2.2.0" [\#80](https://github.com/chef/chef-vault/pull/80) ([techish1](https://github.com/techish1))
-- Validate ID before saving item [\#77](https://github.com/chef/chef-vault/pull/77) ([eklein](https://github.com/eklein))
-- Store search query & print vault admin data [\#74](https://github.com/chef/chef-vault/pull/74) ([eklein](https://github.com/eklein))
-- Missed replacing "decrypt" w/ "show" in README.md [\#73](https://github.com/chef/chef-vault/pull/73) ([eklein](https://github.com/eklein))
-- Rebased PR on top of jgeiger's merged PR [\#72](https://github.com/chef/chef-vault/pull/72) ([eklein](https://github.com/eklein))
-- Add vault commands, deprecate encrypt, add rotate all keys [\#71](https://github.com/chef/chef-vault/pull/71) ([jgeiger](https://github.com/jgeiger))
-- Fix github user name for repository [\#70](https://github.com/chef/chef-vault/pull/70) ([jgeiger](https://github.com/jgeiger))
-- Fix \#51: update knife commands [\#68](https://github.com/chef/chef-vault/pull/68) ([jgeiger](https://github.com/jgeiger))
-- Fix typos in KNIFE\_EXAMPLES.md [\#67](https://github.com/chef/chef-vault/pull/67) ([jgeiger](https://github.com/jgeiger))
-- Issue 50: Use standard chef/knife formatting for all knife decrypt output [\#64](https://github.com/chef/chef-vault/pull/64) ([eklein](https://github.com/eklein))
-- Issue \#62: Allow for printing entire chef-vault'ed databag [\#63](https://github.com/chef/chef-vault/pull/63) ([eklein](https://github.com/eklein))
-- Fixes \#56: Typo in readme [\#56](https://github.com/chef/chef-vault/pull/56) ([bhicks](https://github.com/bhicks))
-- Addresses \#46, use securerandom to generate secret [\#48](https://github.com/chef/chef-vault/pull/48) ([jtimberman](https://github.com/jtimberman))
-- Fixes \#44: Usage text is incorrect for `knife encrypt rotate keys` [\#45](https://github.com/chef/chef-vault/pull/45) ([jer](https://github.com/jer))
-- Fixing typo in command line option and README: vaules -\> values [\#41](https://github.com/chef/chef-vault/pull/41) ([trinitronx](https://github.com/trinitronx))
-- Fix: open locked file on windows during data\_bag update [\#37](https://github.com/chef/chef-vault/pull/37) ([aseresun](https://github.com/aseresun))
-- Allow any client key to act as admin [\#36](https://github.com/chef/chef-vault/pull/36) ([kisoku](https://github.com/kisoku))
-- move the compat include into the lazy-load [\#35](https://github.com/chef/chef-vault/pull/35) ([spheromak](https://github.com/spheromak))
-- Fix \#32: Correct Travis CI link [\#34](https://github.com/chef/chef-vault/pull/34) ([dougireton](https://github.com/dougireton))
-- Fix \#32: Fix broken travis ci badge [\#33](https://github.com/chef/chef-vault/pull/33) ([dougireton](https://github.com/dougireton))
-- Add Version Badge to Readme [\#26](https://github.com/chef/chef-vault/pull/26) ([dougireton](https://github.com/dougireton))
-- Fixes \#18: Add .travis.yml file [\#25](https://github.com/chef/chef-vault/pull/25) ([dougireton](https://github.com/dougireton))
-- Fixes \#23: Remove Gemfile.lock from repo per Yehuda Katz [\#24](https://github.com/chef/chef-vault/pull/24) ([dougireton](https://github.com/dougireton))
-- Fixes \#15: Add Contributing guide [\#22](https://github.com/chef/chef-vault/pull/22) ([dougireton](https://github.com/dougireton))
-- Fixes \#14: Add initial Changelog [\#21](https://github.com/chef/chef-vault/pull/21) ([dougireton](https://github.com/dougireton))
-- Fixes \#16: Add Apache 2.0 license file and source headers [\#20](https://github.com/chef/chef-vault/pull/20) ([dougireton](https://github.com/dougireton))
-- Fixes \#17: Add initial Rakefile to run specs [\#19](https://github.com/chef/chef-vault/pull/19) ([dougireton](https://github.com/dougireton))
-- Fixes \#9: Use getters instead of instance vars [\#10](https://github.com/chef/chef-vault/pull/10) ([dougireton](https://github.com/dougireton))
-- Fixes \#7: Add rspec tests for chef-vault.rb [\#8](https://github.com/chef/chef-vault/pull/8) ([dougireton](https://github.com/dougireton))
-- Fixes \#2: Split --admins string on ',' and whitespace [\#6](https://github.com/chef/chef-vault/pull/6) ([dougireton](https://github.com/dougireton))
-- Update for compatability with chef10/11 [\#3](https://github.com/chef/chef-vault/pull/3) ([spheromak](https://github.com/spheromak))
-- Fixes \#1: Clarify readme [\#2](https://github.com/chef/chef-vault/pull/2) ([dougireton](https://github.com/dougireton))
-\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*
+\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*

data/appveyor.yml ADDED

@@ -0,0 +1,33 @@
+version: "master-{build}"
+os: Windows Server 2012 R2
+platform:
+  - x64
+clone_depth: 1
+skip_tags: true
+skip_branch_with_pr: true
+branches:
+  only:
+    - master
+# caching vendor/bundle appears to break horribly in the face of gems checked out of git
+# cache:
+#   - vendor/bundle
+install:
+  - ps: iex (irm https://omnitruck.chef.io/install.ps1); Install-Project -Project chefdk -channel stable
+  - bundle config --local path vendor/bundle
+  - SET CI=true
+  - SET BUNDLE_WITHOUT=changelog:style
+build_script:
+  - ps: c:\opscode\chefdk\bin\chef.bat shell-init powershell | iex
+  - bundle install || bundle install || bundle install
+test_script:
+  - SET SPEC_OPTS=--format progress
+  - c:\opscode\chefdk\bin\chef.bat exec bundle exec rake spec
+  # aruba on windows seems pretty terribadly broken: https://github.com/cucumber/aruba/pull/422
+  # - c:\opscode\chefdk\bin\chef.bat exec bundle exec cucumber
+  - c:\opscode\chefdk\bin\chef.bat exec bundle exec rake style

data/chef-vault.gemspec CHANGED

@@ -17,9 +17,14 @@
 $:.push File.expand_path("../lib", __FILE__)
 require "chef-vault/version"
+def prerelease?
+  ENV["TRAVIS"] && !ENV["TRAVIS_TAG"]
+end
 Gem::Specification.new do |s|
   s.name             = "chef-vault"
   s.version          = ChefVault::VERSION
+  s.version          = "#{s.version}-pre#{ENV['TRAVIS_BUILD_NUMBER']}" if prerelease?
   s.has_rdoc         = true
   s.authors          = ["Thom May"]
   s.email            = ["thom@chef.io"]

data/features/clean_on_refresh.feature CHANGED

@@ -18,7 +18,7 @@ Feature: clean unknown clients on vault refresh
     Given a local mode chef repo with nodes 'one,two,three'
     And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three'
     Then the vault item 'test/item' should be encrypted for 'one,two,three'
-    And I delete client 'one' from the Chef server
+    And I delete node 'one' from the Chef server
     And I refresh the vault item 'test/item' with the 'clean-unknown-clients' option
     Then the output should contain "Removing unknown client 'one'"
     And the vault item 'test/item' should be encrypted for 'two,three'

data/features/clean_unknown_clients.feature CHANGED

@@ -1,29 +1,17 @@
 Feature: clean unknown clients on key rotation
   When removing a client from a vault item, chef-vault normally
-  removes the key and then rotates the key.  If a client has been
+  removes the key and then rotates the key.  If a node has been
   deleted in the meantime from the Chef server but not the vault,
   the rotation will fail due to that client's public key missing.
   Using the --clean-unknown-clients switch will cause any clients
   that have been removed to be removed from the vault item's
   access list as well
-  Scenario: Prune clients when removing a client
-    Given a local mode chef repo with nodes 'one,two,three'
-    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three'
-    Then the vault item 'test/item' should be encrypted for 'one,two,three'
-    And I delete client 'one' from the Chef server
-    And I remove client 'two' from vault item 'test/item' with the 'clean-unknown-clients' option
-    Then the output should contain "Removing unknown client 'one'"
-    And the vault item 'test/item' should be encrypted for 'three'
-    And the vault item 'test/item' should not be encrypted for 'one,two'
-    And 'three' should be a client for the vault item 'test/item'
-    And 'one,two' should not be a client for the vault item 'test/item'
   Scenario: Prune clients when rotating keys
     Given a local mode chef repo with nodes 'one,two,three'
     And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three'
     Then the vault item 'test/item' should be encrypted for 'one,two,three'
-    And I delete client 'one' from the Chef server
+    And I delete node 'one' from the Chef server
     And I rotate the keys for vault item 'test/item' with the 'clean-unknown-clients' option
     Then the output should contain "Removing unknown client 'one'"
     And the vault item 'test/item' should be encrypted for 'two,three'
@@ -35,7 +23,7 @@ Feature: clean unknown clients on key rotation
     Given a local mode chef repo with nodes 'one,two,three'
     And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three'
     Then the vault item 'test/item' should be encrypted for 'one,two,three'
-    And I delete clients 'one,two' from the Chef server
+    And I delete nodes 'one,two' from the Chef server
     And I rotate all keys with the 'clean-unknown-clients' option
     Then the output should contain "Removing unknown client 'one'"
     And the output should contain "Removing unknown client 'two'"

data/lib/chef-vault/item.rb CHANGED

@@ -172,6 +172,9 @@ class ChefVault
     def rotate_keys!(clean_unknown_clients = false)
       @secret = generate_secret
+      # clean existing encrypted data for clients/admins
+      keys.clear_encrypted
       unless get_clients.empty?
         # a bit of a misnomer; this doesn't remove unknown
         # admins, just clients which are nodes
@@ -411,15 +414,11 @@ class ChefVault
     # checks if a node exists on the Chef server by performing
     # a search against the node index.  If the search returns no
-    # results, the node does not exist.  If it does return results,
-    # check if there is a matching client
+    # results, the node does not exist.
     # @param nodename [String] the name of the node
     # @return [Boolean] whether the node exists or not
     def node_exists?(nodename)
-      # if we don't have a client it really doesn't matter if we have a node.
-      if client_exists?(nodename)
-        search_results.include?(nodename)
-      end
+      search_results.include?(nodename)
     end
     # checks if a client exists on the Chef server.  If we get back

data/lib/chef-vault/item_keys.rb CHANGED

@@ -39,7 +39,7 @@ class ChefVault
       ckey = @cache[key]
       return ckey unless ckey.nil?
       # check if the key is saved in sparse mode
-      skey = sparse_key(sparse_id(key))
+      skey = sparse_key(sparse_id(key)) if sparse?
       if skey
         skey[key]
       else
@@ -53,7 +53,7 @@ class ChefVault
       ckey = @cache[key]
       return (ckey ? true : false) unless ckey.nil?
       # check if the key is saved in sparse mode
-      return true unless sparse_key(sparse_id(key)).nil?
+      return true if sparse? && sparse_key(sparse_id(key))
       # fallback to non-sparse mode if sparse key is not found
       @raw_data.keys.include?(key)
     end
@@ -64,14 +64,21 @@ class ChefVault
         raise ChefVault::Exceptions::V1Format,
               "cannot manage a v1 vault.  See UPGRADE.md for help"
       end
-      @cache[chef_key.name] = ChefVault::ItemKeys.encode_key(chef_key.key, data_bag_shared_secret)
+      @cache[chef_key.name] = self[chef_key.name] || ChefVault::ItemKeys.encode_key(chef_key.key, data_bag_shared_secret)
       @raw_data[type] << chef_key.name unless @raw_data[type].include?(chef_key.name)
       @raw_data[type]
     end
+    def clear_encrypted
+      @cache.clear
+      self["clients"].each { |client| @raw_data.delete(client) }
+      self["admins"].each { |admin| @raw_data.delete(admin) }
+    end
     def delete(chef_key)
       @cache[chef_key.name] = false
       raw_data[chef_key.type].delete(chef_key.name)
+      raw_data.delete(chef_key.name)
     end
     def mode(mode = nil)
@@ -213,6 +220,10 @@ class ChefVault
     # @private
+    def sparse?
+      @raw_data["mode"] == "sparse"
+    end
     def sparse_id(key, item_id = @raw_data["id"])
       "#{item_id.chomp("_keys")}_key_#{key}"
     end

data/lib/chef-vault/version.rb CHANGED

@@ -15,6 +15,6 @@
 # limitations under the License.
 class ChefVault
-  VERSION = "3.0.3"
+  VERSION = "3.1.0"
   MAJOR, MINOR, TINY = VERSION.split(".")
 end

data/lib/chef/knife/vault_create.rb CHANGED

@@ -87,7 +87,7 @@ class Chef
                 vault_item["file-content"] = File.open(file) { |f| f.read() }
               end
             else
-              vault_json = edit_data({})
+              vault_json = edit_hash({})
               vault_json.each do |key, value|
                 vault_item[key] = value
               end

data/spec/chef-vault/item_keys_spec.rb CHANGED

@@ -36,12 +36,27 @@ RSpec.describe ChefVault::ItemKeys do
             keys.delete(chef_key)
           end
-          it "stores the encoded key in the data bag item under the actor's name and the name in the raw data" do
-            expect(described_class).to receive(:encode_key).with(public_key_string, shared_secret).and_return("encrypted_result")
-            keys.add(chef_key, shared_secret)
-            expect(keys[name]).to eq("encrypted_result")
-            expect(keys[type].include?(name)).to eq(true)
-            expect(keys.include?(name)).to eq(true)
+          context "when key is already there" do
+            it "keeps the encoded key in the data bag item under the actor's name and the name in the raw data" do
+              expect(described_class).not_to receive(:encode_key).with(public_key_string, shared_secret)
+              keys.add(chef_key, shared_secret)
+              expect(keys[name]).not_to be_empty
+              expect(keys[type].include?(name)).to eq(true)
+              expect(keys.include?(name)).to eq(true)
+            end
+          end
+          context "when keys not already there" do
+            before do
+              keys.delete(chef_key)
+            end
+            it "stores the encoded key in the data bag item under the actor's name and the name in the raw data" do
+              expect(described_class).to receive(:encode_key).with(public_key_string, shared_secret).and_return("encrypted_result")
+              keys.add(chef_key, shared_secret)
+              expect(keys[name]).to eq("encrypted_result")
+              expect(keys[type].include?(name)).to eq(true)
+              expect(keys.include?(name)).to eq(true)
+            end
           end
         end

data/spec/chef-vault/item_spec.rb CHANGED

@@ -5,6 +5,11 @@ RSpec.describe ChefVault::Item do
   before do
     item["foo"] = "bar"
+    http_response = double("http_response")
+    allow(http_response).to receive(:code).and_return("404")
+    non_existing = Net::HTTPServerException.new("http error message", http_response)
+    allow(Chef::DataBagItem).to receive(:load).with(anything, /_key_/).and_raise(non_existing)
   end
   describe "vault probe predicates" do

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chef-vault
 version: !ruby/object:Gem::Version
-  version: 3.0.3
+  version: 3.1.0
 platform: ruby
 authors:
 - Thom May
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-05-03 00:00:00.000000000 Z
+date: 2017-07-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -116,6 +116,7 @@ files:
 - Rakefile
 - THEORY.md
 - UPGRADE.md
+- appveyor.yml
 - bin/chef-vault
 - chef-vault.gemspec
 - features/clean.feature
@@ -193,7 +194,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.4.8
+rubygems_version: 2.6.11
 signing_key:
 specification_version: 4
 summary: Data encryption support for Chef using data bags