chef-vault 3.3.0 → 4.1.11

data/features/step_definitions/chef-repo.rb

@@ -1,72 +0,0 @@
-Given(/^a local mode chef repo with nodes '(.+?)'(?: with admins '(.+?)')?$/) do |nodelist, adminlist|
-  # create the repo directory hierarchy
-  %w{cookbooks clients nodes data_bags}.each do |dir|
-    create_directory dir
-  end
-  # create a basic knife.rb
-  write_file "knife.rb", <<EOF
-local_mode true
-chef_repo_path '.'
-chef_zero.enabled true
-knife[:vault_mode] = 'client'
-EOF
-  # create the admin users and capture their private key we
-  # always create an admin called 'admin' because otherwise subsequent
-  # steps become annoying to determine who the admin is
-  admins = %w{admin}
-  admins.push(adminlist.split(/,/)) if adminlist
-  admins.flatten.each do |admin|
-    create_admin(admin)
-  end
-  # add the admin key to the knife configuration
-  append_to_file "knife.rb", <<EOF
-node_name 'admin'
-client_key 'admin.pem'
-EOF
-  # create the requested nodes
-  nodelist.split(/,/).each do |node|
-    create_client(node)
-    create_node(node)
-  end
-end
-
-Given(/^I create an admin named '(.+)'$/) do |admin|
-  create_admin(admin)
-end
-
-Given(/^I delete clients? '(.+)' from the Chef server$/) do |nodelist|
-  nodelist.split(/,/).each do |node|
-    delete_client(node)
-  end
-end
-
-Given(/^I regenerate the client key for the node '(.+)'$/) do |node|
-  delete_client(node)
-  create_client(node)
-end
-
-Given(/^I delete nodes? '(.+)' from the Chef server$/) do |nodelist|
-  nodelist.split(/,/).each { |node| delete_node(node) }
-end
-
-def create_node(name)
-  run_simple "knife node create #{name} -z -d -c knife.rb"
-end
-
-def create_admin(admin)
-  create_client(admin, "-a")
-end
-
-def create_client(name, args = nil)
-  command = "knife client create #{name} -z -d -c knife.rb #{args} >#{name}.pem"
-  run_simple command
-  write_file("#{name}.pem", last_command_started.stdout)
-end
-
-def delete_client(name)
-  run_simple "knife client delete #{name} -y -z -c knife.rb"
-end
-
-def delete_node(name)
-  run_simple "knife node delete #{name} -y -z -c knife.rb"
-end

data/features/step_definitions/chef-vault.rb

@@ -1,151 +0,0 @@
-require "json"
-
-Given(/^I create a vault item '(.+)\/(.+)'( with keys in sparse mode)? containing the JSON '(.+)' encrypted for '(.+)'(?: with '(.+)' as admins?)?$/) do |vault, item, sparse, json, nodelist, admins|
-  write_file "item.json", json
-  query = nodelist.split(/,/).map { |e| "name:#{e}" }.join(" OR ")
-  adminarg = admins.nil? ? "-A admin" : "-A #{admins}"
-  sparseopt = sparse.nil? ? "" : "-K sparse"
-  run_simple "knife vault create #{vault} #{item} -z -c knife.rb #{adminarg} #{sparseopt} -S '#{query}' -J item.json", false
-end
-
-Given(/^I update the vault item '(.+)\/(.+)' to be encrypted for '(.+)'( with the clean option)?$/) do |vault, item, nodelist, cleanopt|
-  query = nodelist.split(/,/).map { |e| "name:#{e}" }.join(" OR ")
-  run_simple "knife vault update #{vault} #{item} -z -c knife.rb -S '#{query}' #{cleanopt ? '--clean' : ''}"
-end
-
-Given(/^I remove clients? '(.+)' from vault item '(.+)\/(.+)' with the '(.+)' options?$/) do |nodelist, vault, item, optionlist|
-  query = nodelist.split(/,/).map { |e| "name:#{e}" }.join(" OR ")
-  options = optionlist.split(/,/).map { |o| "--#{o}" }.join(" ")
-  run_simple "knife vault remove #{vault} #{item} -z -c knife.rb -S '#{query}' #{options}"
-end
-
-Given(/^I rotate the keys for vault item '(.+)\/(.+)' with the '(.+)' options?$/) do |vault, item, optionlist|
-  options = optionlist.split(/,/).map { |o| "--#{o}" }.join(" ")
-  run_simple "knife vault rotate keys #{vault} #{item} -c knife.rb -z #{options}"
-end
-
-Given(/^I rotate all keys with the '(.+)' options?$/) do |optionlist|
-  options = optionlist.split(/,/).map { |o| "--#{o}" }.join(" ")
-  run_simple "knife vault rotate all keys -z -c knife.rb #{options}"
-end
-
-Given(/^I refresh the vault item '(.+)\/(.+)'$/) do |vault, item|
-  run_simple "knife vault refresh #{vault} #{item} -c knife.rb -z"
-end
-
-Given(/^I refresh the vault item '(.+)\/(.+)' with the '(.+)' options?$/) do |vault, item, optionlist|
-  options = optionlist.split(/,/).map { |o| "--#{o}" }.join(" ")
-  run_simple "knife vault refresh #{vault} #{item} -c knife.rb -z #{options}"
-end
-
-Given(/^I try to decrypt the vault item '(.+)\/(.+)' as '(.+)'$/) do |vault, item, node|
-  run_simple "knife vault show #{vault} #{item} -z -c knife.rb -u #{node} -k #{node}.pem", false
-end
-
-Then(/^the vault item '(.+)\/(.+)' should( not)? be encrypted for '(.+)'( with keys in sparse mode)?$/) do |vault, item, neg, nodelist, sparse|
-  nodes = nodelist.split(/,/)
-  command = "knife data bag show #{vault} #{item}_keys -z -c knife.rb -F json"
-  run_simple(command)
-  output = last_command_started.stdout
-  data = JSON.parse(output)
-  if sparse
-    expect(data).to include("mode" => "sparse")
-    nodes.each do |node|
-      command = "knife data bag show #{vault} #{item}_key_#{node} -z -c knife.rb -F json"
-      run_simple(command, fail_on_error: false)
-      if neg
-        error = last_command_started.stderr
-        expect(error).to include("ERROR: The object you are looking for could not be found")
-      else
-        data = JSON.parse(last_command_started.stdout)
-        expect(data).to include("id" => "#{item}_key_#{node}")
-      end
-    end
-  else
-    expect(data).to include("mode" => "default")
-    nodes.each { |node| neg ? (expect(data).not_to include(node)) : (expect(data).to include(node)) }
-  end
-end
-
-Given(/^'(.+)' should( not)? be a client for the vault item '(.+)\/(.+)'$/) do |nodelist, neg, vault, item|
-  nodes = nodelist.split(/,/)
-  command = "knife data bag show #{vault} #{item}_keys -z -c knife.rb -F json"
-  run_simple(command)
-  output = last_command_started.stdout
-  data = JSON.parse(output)
-  nodes.each do |node|
-    if neg
-      expect(data["clients"]).not_to include(node)
-    else
-      expect(data["clients"]).to include(node)
-    end
-  end
-end
-
-Given(/^'(.+)' should( not)? be an admin for the vault item '(.+)\/(.+)'$/) do |nodelist, neg, vault, item|
-  nodes = nodelist.split(/,/)
-  command = "knife data bag show #{vault} #{item}_keys -z -c knife.rb -F json"
-  run_simple(command)
-  output = last_command_started.stdout
-  data = JSON.parse(output)
-  nodes.each do |node|
-    if neg
-      expect(data["admins"]).not_to include(node)
-    else
-      expect(data["admins"]).to include(node)
-    end
-  end
-end
-
-Given(/^I list the vaults$/) do
-  run_simple("knife vault list")
-end
-
-Given(/^I can('t)? decrypt the vault item '(.+)\/(.+)' as '(.+)'$/) do |neg, vault, item, client|
-  run_simple "knife vault show #{vault} #{item} -c knife.rb -z -u #{client} -k #{client}.pem", false
-  if neg
-    expect(last_command_started).not_to have_exit_status(0)
-  else
-    expect(last_command_started).to have_exit_status(0)
-  end
-end
-
-Given(/^I (try to )?add '(.+)' as an admin for the vault item '(.+)\/(.+)'$/) do |try, newadmin, vault, item|
-  run_simple "knife vault update #{vault} #{item} -c knife.rb -z -A #{newadmin}", !try
-end
-
-Given(/^I show the keys of the vault '(.+)'$/) do |vault|
-  run_simple "knife vault show #{vault} -c knife.rb -z"
-end
-
-Given(/^I check if the data bag item '(.+)\/(.+)' is a vault$/) do |vault, item|
-  run_simple "knife vault isvault #{vault} #{item} -c knife.rb -z", false
-end
-
-Given(/^I check the type of the data bag item '(.+)\/(.+)'$/) do |vault, item|
-  run_simple "knife vault itemtype #{vault} #{item} -c knife.rb -z"
-end
-
-Given(/^I downgrade the vault item '(.+)\/(.+)' to v1 syntax/) do |vault, item|
-  # v1 syntax doesn't have the admins, clients and search_query keys
-  keysfile = "tmp/aruba/data_bags/#{vault}/#{item}_keys.json"
-  data = JSON.parse(IO.read(keysfile))
-  %w{admins clients search_query}.each { |k| data.key?("raw_data") ? data["raw_data"].delete(k) : data.delete(k) }
-  IO.write(keysfile, JSON.generate(data))
-end
-
-Given(/^I can save the JSON object of the encrypted data bag for the vault item '(.+)\/(.+)'$/) do |vault, item|
-  command = "knife data bag show #{vault} #{item} -z -c knife.rb -F json"
-  run_simple(command)
-  output = last_command_started.stdout
-  @saved_encrypted_vault_item = JSON.parse(output)
-end
-
-Given(/^the data bag of the vault item '(.+)\/(.+)' has not been re-encrypted$/) do |vault, item|
-  command = "knife data bag show #{vault} #{item} -z -c knife.rb -F json"
-  run_simple(command)
-  output = last_command_started.stdout
-  encrypted_vault_item = JSON.parse(output)
-
-  expect(encrypted_vault_item).to eq(@saved_encrypted_vault_item)
-end

data/features/step_definitions/chef_databagitem.rb

@@ -1,9 +0,0 @@
-Given(/^I create a data bag item '(.+)\/(.+)' containing the JSON '(.+)'$/) do |databag, _, json|
-  write_file "item.json", json
-  run_simple "knife data bag from file #{databag} item.json -z -c knife.rb", false
-end
-
-Given(/^I create an encrypted data bag item '(.+)\/(.+)' containing the JSON '(.+)' with the secret '(.+)'$/) do |databag, _, json, secret|
-  write_file "item.json", json
-  run_simple "knife data bag from file #{databag} item.json -s #{secret} -z -c knife.rb", false
-end

data/features/support/env.rb

@@ -1,14 +0,0 @@
-if ENV["COVERAGE"]
-  require "simplecov"
-end
-
-require "aruba/cucumber"
-
-# Travis runs tests in a limited environment which takes a long time to invoke
-# the knife command.  Up the timeout when we're in a travis build based on the
-# environment variable set in .travis.yml
-#if ENV['TRAVIS_BUILD']
-Before do
-  @aruba_timeout_seconds = 15
-end
-#end

data/features/vault_create.feature

@@ -1,63 +0,0 @@
-Feature: knife vault create
-  'knife vault create' creates two Chef data bag items: an
-  encrypted data bag item encrypted with a randomized shared
-  secret, and a side-along data bag item suffixed with _keys
-  that contains an set of asymmetrically encrypted copies of
-  the shared secret using the public keys of a set of admins
-  and/or clients
-
-  Scenario: create vault with all known clients
-    Given a local mode chef repo with nodes 'one,two,three'
-    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three'
-    Then the vault item 'test/item' should be encrypted for 'one,two,three'
-    And 'one,two,three' should be a client for the vault item 'test/item'
-
-  Scenario: create vault with all unknown clients
-    Given a local mode chef repo with nodes 'two,three'
-    And I delete clients 'two,three' from the Chef server
-    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'two,three'
-    Then the vault item 'test/item' should not be encrypted for 'one,two,three'
-    And the output should contain "node 'two' has no private key; skipping"
-    And the output should contain "node 'three' has no private key; skipping"
-    And 'two,three' should not be a client for the vault item 'test/item'
-
-  Scenario: create vault with mix of known and unknown clients
-    Given a local mode chef repo with nodes 'one,two,three'
-    And I delete client 'three' from the Chef server
-    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three'
-    Then the vault item 'test/item' should be encrypted for 'one,two'
-    And the output should contain "node 'three' has no private key; skipping"
-    And 'one,two' should be a client for the vault item 'test/item'
-    And 'three' should not be a client for the vault item 'test/item'
-
-  Scenario: create vault with mix of known and unknown nodes
-    Given a local mode chef repo with nodes 'one,two'
-    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three'
-    Then the vault item 'test/item' should be encrypted for 'one,two'
-    And 'one,two' should be a client for the vault item 'test/item'
-    And 'three' should not be a client for the vault item 'test/item'
-
-  Scenario: create vault with several admins
-    Given a local mode chef repo with nodes 'one,two' with admins 'alice,bob'
-    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' with 'alice' as admin
-    Then the vault item 'test/item' should be encrypted for 'one,two'
-    And 'one,two' should be a client for the vault item 'test/item'
-    And 'three' should not be a client for the vault item 'test/item'
-    And 'alice' should be an admin for the vault item 'test/item'
-    And 'bob' should not be an admin for the vault item 'test/item'
-
-  Scenario: create vault with several admins in sparse mode
-    Given a local mode chef repo with nodes 'one,two' with admins 'alice,bob'
-    And I create a vault item 'test/item' with keys in sparse mode containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' with 'alice' as admin
-    Then the vault item 'test/item' should be encrypted for 'one,two' with keys in sparse mode
-    And the vault item 'test/item' should not be encrypted for 'three' with keys in sparse mode
-    And 'one,two' should be a client for the vault item 'test/item'
-    And 'three' should not be a client for the vault item 'test/item'
-    And 'alice' should be an admin for the vault item 'test/item'
-    And 'bob' should not be an admin for the vault item 'test/item'
-
-  Scenario: create vault with an unknown admin
-    Given a local mode chef repo with nodes 'one,two'
-    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' with 'alice' as admin
-    Then the exit status should not be 0
-    And the output should contain "FATAL: Could not find default key for alice in users or clients!"

data/features/vault_list.feature

@@ -1,31 +0,0 @@
-Feature: list data bags that are vaults
-  knife vault list should list all data bags that appear to
-  be vaults.  This is not an exact science; we assume that
-  any data bag containing an even number of items and for
-  which all items are pairs of thing/thing_keys is a vault
-
-  Scenario: List bags that are vaults
-    Given a local mode chef repo with nodes 'one,two,three'
-    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three'
-    And I list the vaults
-    Then the output should match /(?m:^test$)/
-
-  Scenario: List bags that are vaults with keys in sparse mode
-    Given a local mode chef repo with nodes 'one,two,three'
-    And I create a vault item 'test/item' with keys in sparse mode containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three'
-    And I list the vaults
-    Then the output should match /(?m:^test$)/
-
-  Scenario: Skip data bags that are not vaults
-    Given a local mode chef repo with nodes 'one,two,three'
-    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three'
-    And I create a data bag 'lessthantwokeys' containing the JSON '{"id": "item", "foo": "bar"}'
-    And I create a data bag 'oddnumberofkeys' containing the JSON '{"id": "item", "one": 1, "two": 2, "three":3}'
-    And I create a data bag 'unbalanced' containing the JSON '{"id": "item", "one": 1, "one_keys": 1, "two_keys": 1, "three_keys": 1}'
-    And I create a data bag 'mismatched' containing the JSON '{"id": "item", "one": 1, "one_keys": 1, "two_keys": 1, "three": 1}'
-    And I list the vaults
-    Then the output should match /(?m:^test$)/
-    And the output should not match /(?m:^lessthantwokeys$)/
-    And the output should not match /(?m:^oddnumberofkeys$)/
-    And the output should not match /(?m:^unbalanced$)/
-    And the output should not match /(?m:^mismatched$)/

data/features/vault_show.feature

@@ -1,45 +0,0 @@
-Feature: knife vault show
-  'knife vault show' displays the contents of a Chef encrypted
-  data bag by fetching the asymmetrically encrypted shared
-  secret and decrypting it using the private key of the user
-  or node
-
-  Scenario: successful decrypt as admin
-    Given a local mode chef repo with nodes 'one,two,three' with admins 'alice,bob'
-    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' with 'alice' as admin
-    Then the vault item 'test/item' should be encrypted for 'one,two,three,alice'
-    And 'one,two,three' should be a client for the vault item 'test/item'
-    And 'alice' should be an admin for the vault item 'test/item'
-    And 'bob' should not be an admin for the vault item 'test/item'
-    And I can decrypt the vault item 'test/item' as 'alice'
-    And the output should match /^foo: bar$/
-
-  Scenario: successful decrypt as node
-    Given a local mode chef repo with nodes 'one,two,three' with admins 'alice,bob'
-    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' with 'alice' as admin
-    Then the vault item 'test/item' should be encrypted for 'one,two,three,alice'
-    And 'one,two,three' should be a client for the vault item 'test/item'
-    And 'alice' should be an admin for the vault item 'test/item'
-    And 'bob' should not be an admin for the vault item 'test/item'
-    And I can decrypt the vault item 'test/item' as 'two'
-    And the output should match /^foo: bar$/
-
-  Scenario: failed decrypt as admin
-    Given a local mode chef repo with nodes 'one,two,three' with admins 'alice,bob'
-    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' with 'alice' as admin
-    Then the vault item 'test/item' should be encrypted for 'one,two,three,alice'
-    And 'one,two,three' should be a client for the vault item 'test/item'
-    And 'alice' should be an admin for the vault item 'test/item'
-    And 'bob' should not be an admin for the vault item 'test/item'
-    And I can't decrypt the vault item 'test/item' as 'bob'
-    And the output should contain "test/item is not encrypted with your public key"
-
-  Scenario: failed decrypt as node
-    Given a local mode chef repo with nodes 'one,two,three' with admins 'alice,bob'
-    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two' with 'alice' as admin
-    Then the vault item 'test/item' should be encrypted for 'one,two,alice'
-    And 'one,two' should be a client for the vault item 'test/item'
-    And 'alice' should be an admin for the vault item 'test/item'
-    And 'bob' should not be an admin for the vault item 'test/item'
-    And I can't decrypt the vault item 'test/item' as 'three'
-    And the output should contain "test/item is not encrypted with your public key"

data/features/vault_show_vaultname.feature

@@ -1,21 +0,0 @@
-Feature: knife vault show [VAULTNAME]
-  'knife vault show [VAULTNAME]' displays the keys of a vault
-  (i.e. the items that are not suffixed with _keys)
-
-  Scenario: show keys of a vault
-    Given a local mode chef repo with nodes 'one,two,three'
-    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three'
-    And I create a vault item 'test/item2' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three'
-    Then the vault item 'test/item' should be encrypted for 'one,two,three'
-    And 'one,two,three' should be a client for the vault item 'test/item'
-    And I show the keys of the vault 'test'
-    Then the output should match /(?m:^item$)/
-    And the output should match /(?m:^item2$)/
-    And the output should not match /(?m:^item_keys$)/
-    And the output should not match /(?m:^item2_keys$)/
-
-  Scenario: show keys of a data bag that is not a vault
-    Given a local mode chef repo with nodes 'one,two,three'
-    And I create a data bag 'notavault' containing the JSON '{"id": "item", "foo": "bar"}'
-    And I show the keys of the vault 'notavault'
-    Then the output should match /data bag notavault is not a chef-vault/

data/features/vault_update.feature

@@ -1,18 +0,0 @@
-Feature: knife vault update
-  'knife vault update' is used to add clients, or administrators
-  and to re-run the search query and update the vault's item values.
-
-  Scenario: add admin to a vault
-    Given a local mode chef repo with nodes 'one,two,three' with admins 'alice,bob'
-    When I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' with 'alice' as admin
-    Then the vault item 'test/item' should be encrypted for 'one,two,three'
-      And 'one,two,three' should be a client for the vault item 'test/item'
-      And 'alice' should be an admin for the vault item 'test/item'
-      And I can decrypt the vault item 'test/item' as 'alice'
-      But I can't decrypt the vault item 'test/item' as 'bob'
-      And I can save the JSON object of the encrypted data bag for the vault item 'test/item'
-    When I add 'bob' as an admin for the vault item 'test/item'
-    Then 'alice,bob' should be an admin for the vault item 'test/item'
-      And I can decrypt the vault item 'test/item' as 'alice'
-      And I can decrypt the vault item 'test/item' as 'bob'
-      And the data bag of the vault item 'test/item' has not been re-encrypted

data/features/verify_id_matches.feature

@@ -1,10 +0,0 @@
-Feature: knife vault create with mismatched ID
-  'knife vault create' creates a vault.  A JSON file can be passed
-  on the command line.  If the vault ID specified on the command line
-  does not match the value of the 'id' key in the JSON file, knife
-  should throw an error
-
-  Scenario: create vault from JSON file with mismatched ID
-    Given a local mode chef repo with nodes 'one,two,three'
-    And I create a vault item 'test/item' containing the JSON '{"id": "eyetem"}' encrypted for 'one,two,three'
-    Then the output should match /id mismatch - input JSON has id 'eyetem' but vault item has id 'item'/

data/features/wrong_private_key.feature

@@ -1,13 +0,0 @@
-Feature: Wrong private key during decrypt
-  https://github.com/Nordstrom/chef-vault/issues/43
-  If a vault is encrypted for a node and then the node's private
-  key is regenerated, the error that comes back from chef-vault
-  should be informative, not a lower-level error from OpenSSL
-  like 'OpenSSL::PKey::RSAError: padding check failed'
-
-  Scenario: Regenerate node key and attempt decrypt
-    Given a local mode chef repo with nodes 'one,two'
-    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two'
-    And I regenerate the client key for the node 'one'
-    And I try to decrypt the vault item 'test/item' as 'one'
-    Then the output should match /is encrypted for you, but your private key failed to decrypt the contents/

data/hooks/pre-commit

@@ -1,43 +0,0 @@
-#!/usr/bin/env ruby
-output = `bundle exec chefstyle -a`
-if !$?.success?
-  puts "pre-commit hook: Tried to run `bundle exec chefstyle -a` to autocleanup errors, but it failed with output:"
-  puts output
-end
-
-detected  = /(\d+) offenses detected/.match(output)
-corrected = /(\d+) offenses corrected/.match(output)
-
-# no errors detected by chefstyle
-exit 0 if detected.nil?
-
-# chefstyle found errors
-if !detected.nil?
-  # get the first result from the capture group that isn't the whole capture
-  num_detected = detected.to_a[1].to_i
-  num_corrected = if corrected.nil?
-                    0
-                  else
-                    corrected.to_a[1].to_i
-                  end
-  if num_detected == num_corrected
-    puts <<EOF
-pre-commit hook: Ran `bundle exec chefstyle -a` to autocleanup errors if any existed and
-#{num_detected} were detected, but all were cleaned up. `git add` all files that were
-autoupdated and try commiting again. New git status:
-
-EOF
-    puts `git status`
-  else
-    puts <<EOF
-pre-commit hook: Ran `bundle exec chefstyle -a` to autocleanup errors if any existed and
-#{num_detected} were detected, but #{num_detected - num_corrected} could not be cleaned up
-automatically. Run:
-
-bundle exec chefstyle -a
-
-to see remaining errors to clean up by hand, add all updated files, and try commiting again.
-EOF
-  end
-  exit 1
-end