chef-vault 3.4.3 → 4.0.12

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3336f55c18fbd76b1ae137c6fb5abc161cd81a65a0ab4d5a88057be1e157dc41
4
- data.tar.gz: 6d82cc44e26f513315e3a6c115ad39ae8d744d2f322321a03cdfb7957b279530
3
+ metadata.gz: 55bee9a29cb4298de63af8a2496433e264e4b57e5c61d8d408155521bf469a5c
4
+ data.tar.gz: fa587117182e9ea852ffc1a35c337f5428ba947243b40546fcc7cf5d14ce2bf8
5
5
  SHA512:
6
- metadata.gz: 4a99251a9323d05cec3a1ec3fd94422caad6aeeadc36185ae8d8bd6e3620a56eea4764d434eb4efb8a8d34297b9f1d4b9929a695d56e1796a1effea4d613dc7c
7
- data.tar.gz: 1b925c02741352391a0f94c48a305d4f4dd1bd3e13caedb39df1cc9a890c77cc69afb238205f5864f04c9112d4b53af62b247ae4ceef7830fd72ecc8746dbd79
6
+ metadata.gz: bde9574f9af2fa1c98ab317b7044f2fb75f695e3331a055446d046f2be1462ca0ad3808d4abf328192f194981d90bc1727c7c42e964ccf4c6dfd86c2e00f1c2a
7
+ data.tar.gz: 2621597e75cce12c1e06fab73743ce021d644f1067292f41737ba60aa3417ffbb7526fc5ece999f2f35966ddee78e1e34cfab235b6cc20428239929cee3c148d
data/Gemfile CHANGED
@@ -1,14 +1,25 @@
1
- source "https://rubygems.org/"
1
+ source "https://rubygems.org"
2
2
 
3
3
  gemspec
4
4
 
5
5
  group :development do
6
- gem "chefstyle", git: "https://github.com/chef/chefstyle.git"
6
+ gem "chefstyle"
7
7
  gem "chef-zero"
8
8
  gem "rake"
9
9
  gem "rspec", "~> 3.4"
10
10
  gem "aruba", "~> 0.6"
11
- gem "simplecov", "~> 0.9"
12
- gem "simplecov-console", "~> 0.2"
13
- gem "chef"
11
+ gem "chef", "~> 14.0" # avoids test failures on license acceptance
12
+ end
13
+
14
+ group :docs do
15
+ gem "yard"
16
+ gem "redcarpet"
17
+ gem "github-markup"
18
+ end
19
+
20
+ group :debug do
21
+ gem "pry"
22
+ gem "pry-byebug"
23
+ gem "pry-stack_explorer", "~> 0.4.0" # pin until we drop ruby < 2.6
24
+ gem "rb-readline"
14
25
  end
@@ -18,7 +18,7 @@
18
18
  # See the License for the specific language governing permissions and
19
19
  # limitations under the License.
20
20
 
21
- require "optparse"
21
+ require "optparse" unless defined?(OptionParser)
22
22
 
23
23
  options_config = {
24
24
  chef: {
@@ -82,7 +82,7 @@ options_config.each do |option, config|
82
82
  options[option] = options[option] ? options[option] : config[:default]
83
83
  end
84
84
 
85
- require "rubygems"
85
+ require "rubygems" unless defined?(Gem)
86
86
  $:.unshift(File.join(File.dirname(__FILE__), "..", "lib"))
87
87
  require "chef-vault"
88
88
 
@@ -1,6 +1,6 @@
1
- # -*- encoding: utf-8 -*-
2
1
  # Chef-Vault Gemspec file
3
- # Copyright 2013-15, Nordstrom, Inc.
2
+ # Copyright 2013-2015, Nordstrom, Inc.
3
+ # Copyright 2017-2019, Chef Software, Inc.
4
4
 
5
5
  # Licensed under the Apache License, Version 2.0 (the "License");
6
6
  # you may not use this file except in compliance with the License.
@@ -17,17 +17,12 @@
17
17
  $:.push File.expand_path("../lib", __FILE__)
18
18
  require "chef-vault/version"
19
19
 
20
- def self.prerelease?
21
- !ENV["TRAVIS_TAG"] || ENV["TRAVIS_TAG"].empty?
22
- end
23
-
24
20
  Gem::Specification.new do |s|
25
21
  s.name = "chef-vault"
26
22
  s.version = ChefVault::VERSION
27
- s.version = "#{s.version}-pre#{ENV['TRAVIS_BUILD_NUMBER']}" if ENV["TRAVIS"]
28
23
  s.authors = ["Thom May"]
29
24
  s.email = ["thom@chef.io"]
30
- s.summary = "Data encryption support for Chef using data bags"
25
+ s.summary = "Data encryption support for Chef Infra using data bags"
31
26
  s.description = s.summary
32
27
  s.homepage = "https://github.com/chef/chef-vault"
33
28
  s.license = "Apache-2.0"
@@ -36,5 +31,5 @@ Gem::Specification.new do |s|
36
31
  s.bindir = "bin"
37
32
  s.executables = %w{ chef-vault }
38
33
 
39
- s.required_ruby_version = ">= 2.2.0"
34
+ s.required_ruby_version = ">= 2.4"
40
35
  end
@@ -23,14 +23,14 @@ require "chef/api_client"
23
23
  require "chef/data_bag_item"
24
24
  require "chef/encrypted_data_bag_item"
25
25
  require "chef/user"
26
- require "chef-vault/version"
27
- require "chef-vault/exceptions"
28
- require "chef-vault/item"
29
- require "chef-vault/item_keys"
30
- require "chef-vault/user"
31
- require "chef-vault/certificate"
32
- require "chef-vault/chef_api"
33
- require "chef-vault/actor"
26
+ require_relative "chef-vault/version"
27
+ require_relative "chef-vault/exceptions"
28
+ require_relative "chef-vault/item"
29
+ require_relative "chef-vault/item_keys"
30
+ require_relative "chef-vault/user"
31
+ require_relative "chef-vault/certificate"
32
+ require_relative "chef-vault/chef_api"
33
+ require_relative "chef-vault/actor"
34
34
 
35
35
  require "mixlib/log"
36
36
 
@@ -14,7 +14,7 @@
14
14
  # See the License for the specific language governing permissions and
15
15
  # limitations under the License.
16
16
 
17
- require "json"
17
+ require "json" unless defined?(JSON)
18
18
 
19
19
  class ChefVault
20
20
  class Actor
@@ -27,6 +27,7 @@ class ChefVault
27
27
  if actor_type != "clients" && actor_type != "admins"
28
28
  raise "You must pass either 'clients' or 'admins' as the first argument to ChefVault::Actor.new."
29
29
  end
30
+
30
31
  @type = actor_type
31
32
  @name = actor_name
32
33
  end
@@ -52,7 +53,7 @@ class ChefVault
52
53
  case http_error.response.code
53
54
  when "404"
54
55
  raise ChefVault::Exceptions::AdminNotFound,
55
- "FATAL: Could not find default key for #{name} in users or clients!"
56
+ "FATAL: Could not find default key for #{name} in users or clients!"
56
57
  when "403"
57
58
  print_forbidden_error
58
59
  raise http_error
@@ -73,7 +74,7 @@ class ChefVault
73
74
  raise http_error
74
75
  elsif http_error.response.code.eql?("404")
75
76
  raise ChefVault::Exceptions::ClientNotFound,
76
- "#{name} is not a valid chef client and/or node"
77
+ "#{name} is not a valid chef client and/or node"
77
78
  else
78
79
  raise http_error
79
80
  end
@@ -115,6 +116,7 @@ class ChefVault
115
116
  # If the keys endpoint doesn't exist, try getting it directly from the V0 chef object.
116
117
  rescue Net::HTTPServerException => http_error
117
118
  raise http_error unless http_error.response.code.eql?("404")
119
+
118
120
  if request_actor_type.eql?("clients")
119
121
  chef_api_client.load(name).public_key
120
122
  else
@@ -15,8 +15,8 @@
15
15
  # See the License for the specific language governing permissions and
16
16
  # limitations under the License.
17
17
 
18
- require "securerandom"
19
- require "chef-vault/mixins"
18
+ require "securerandom" unless defined?(SecureRandom)
19
+ require_relative "mixins"
20
20
 
21
21
  class ChefVault
22
22
  class Item < Chef::DataBagItem
@@ -131,6 +131,10 @@ class ChefVault
131
131
  end
132
132
  end
133
133
 
134
+ def mode(mode)
135
+ keys.mode(mode) if mode
136
+ end
137
+
134
138
  def admins(admin_string, action = :add)
135
139
  admin_string.split(",").each do |admin|
136
140
  admin.strip!
@@ -142,7 +146,7 @@ class ChefVault
142
146
  keys.delete(admin_key)
143
147
  else
144
148
  raise ChefVault::Exceptions::KeysActionNotValid,
145
- "#{action} is not a valid action"
149
+ "#{action} is not a valid action"
146
150
  end
147
151
  end
148
152
  end
@@ -157,7 +161,7 @@ class ChefVault
157
161
 
158
162
  def secret
159
163
  if @keys.include?(@node_name) && !@keys[@node_name].nil?
160
- private_key = OpenSSL::PKey::RSA.new(File.open(@client_key_path).read())
164
+ private_key = OpenSSL::PKey::RSA.new(File.open(@client_key_path).read)
161
165
  begin
162
166
  private_key.private_decrypt(Base64.decode64(@keys[@node_name]))
163
167
  rescue OpenSSL::PKey::RSAError
@@ -268,7 +272,7 @@ class ChefVault
268
272
 
269
273
  if Chef::Config[:solo_legacy_mode]
270
274
  data_bag_path = File.join(Chef::Config[:data_bag_path],
271
- data_bag)
275
+ data_bag)
272
276
  data_bag_item_path = File.join(data_bag_path, @raw_data["id"])
273
277
 
274
278
  FileUtils.rm("#{data_bag_item_path}.json")
@@ -336,7 +340,16 @@ class ChefVault
336
340
  def self.data_bag_item_type(vault, name)
337
341
  # adapted from https://github.com/opscode-cookbooks/chef-vault/blob/v1.3.0/libraries/chef_vault_item.rb
338
342
  # and https://github.com/sensu/sensu-chef/blob/2.9.0/libraries/sensu_helpers.rb
339
- dbi = Chef::DataBagItem.load(vault, name)
343
+ begin
344
+ dbi = Chef::DataBagItem.load(vault, name)
345
+ rescue Net::HTTPServerException => http_error
346
+ if http_error.response.code == "404"
347
+ raise ChefVault::Exceptions::ItemNotFound,
348
+ "#{vault}/#{name} not found"
349
+ else
350
+ raise http_error
351
+ end
352
+ end
340
353
  encrypted = dbi.detect do |_, v|
341
354
  v.is_a?(Hash) && v.key?("encrypted_data")
342
355
  end
@@ -358,12 +371,12 @@ class ChefVault
358
371
  # no longer be found
359
372
  # @return [void]
360
373
  def refresh(clean_unknown_clients = false)
361
- unless search
374
+ if search.empty?
362
375
  raise ChefVault::Exceptions::SearchNotFound,
363
- "#{vault}/#{item} does not have a stored search_query, "\
364
- "probably because it was created with an older version "\
365
- "of chef-vault. Use 'knife vault update' to update the "\
366
- "databag with the search query."
376
+ "#{@data_bag}/#{@raw_data["id"]} does not have a stored "\
377
+ "search_query, probably because it was created with an "\
378
+ "older version of chef-vault. Use 'knife vault update' "\
379
+ "to update the databag with the search query."
367
380
  end
368
381
 
369
382
  # a bit of a misnomer; this doesn't remove unknown
@@ -434,11 +447,12 @@ class ChefVault
434
447
  true
435
448
  rescue Net::HTTPServerException => http_error
436
449
  return false if http_error.response.code == "404"
450
+
437
451
  raise http_error
438
452
  end
439
453
 
440
454
  # adds or deletes an API client from the vault item keys
441
- # @param client [Chef::ApiClient] the API client to operate on
455
+ # @param api_client [Chef::ApiClient] the API client to operate on
442
456
  # @param action [Symbol] :add or :delete
443
457
  # @return [void]
444
458
  def handle_client_action(api_client, action)
@@ -460,7 +474,7 @@ class ChefVault
460
474
  end
461
475
 
462
476
  # removes a client to the vault item keys
463
- # @param client_or_node [String] the name of the API client or node to remove
477
+ # @param name [String] the name of the API client or node to remove
464
478
  # @return [void]
465
479
  def delete_client_or_node(name)
466
480
  client = load_actor(name, "clients")
@@ -14,7 +14,7 @@
14
14
  # See the License for the specific language governing permissions and
15
15
  # limitations under the License.
16
16
 
17
- require "chef-vault/mixins"
17
+ require_relative "mixins"
18
18
 
19
19
  class ChefVault
20
20
  class ItemKeys < Chef::DataBagItem
@@ -39,9 +39,11 @@ class ChefVault
39
39
  def [](key)
40
40
  # return options immediately
41
41
  return @raw_data[key] if %w{id admins clients search_query mode}.include?(key)
42
+
42
43
  # check if the key is in the write-back cache
43
44
  ckey = @cache[key]
44
45
  return ckey unless ckey.nil?
46
+
45
47
  # check if the key is saved in sparse mode
46
48
  skey = sparse_key(sparse_id(key)) if sparse?
47
49
  if skey
@@ -58,6 +60,7 @@ class ChefVault
58
60
  return (ckey ? true : false) unless ckey.nil?
59
61
  # check if the key is saved in sparse mode
60
62
  return true if sparse? && sparse_key(sparse_id(key))
63
+
61
64
  # fallback to non-sparse mode if sparse key is not found
62
65
  @raw_data.keys.include?(key)
63
66
  end
@@ -66,10 +69,14 @@ class ChefVault
66
69
  type = chef_key.type
67
70
  unless @raw_data.key?(type)
68
71
  raise ChefVault::Exceptions::V1Format,
69
- "cannot manage a v1 vault. See UPGRADE.md for help"
72
+ "cannot manage a v1 vault. See UPGRADE.md for help"
70
73
  end
71
74
  @cache[chef_key.name] = skip_reencryption ? self[chef_key.name] : nil
72
- @cache[chef_key.name] ||= ChefVault::ItemKeys.encode_key(chef_key.key, data_bag_shared_secret)
75
+ begin
76
+ @cache[chef_key.name] ||= ChefVault::ItemKeys.encode_key(chef_key.key, data_bag_shared_secret)
77
+ rescue OpenSSL::PKey::RSAError
78
+ raise OpenSSL::PKey::RSAError, "While adding #{chef_key.type} an invalid or old (pre chef-server 12) format public key was found for #{chef_key.name}"
79
+ end
73
80
  @raw_data[type] << chef_key.name unless @raw_data[type].include?(chef_key.name)
74
81
  @raw_data[type]
75
82
  end
@@ -135,7 +142,7 @@ class ChefVault
135
142
  begin
136
143
  Chef::DataBagItem.from_hash("data_bag" => data_bag,
137
144
  "id" => sparse_id(key))
138
- .destroy(data_bag, sparse_id(key))
145
+ .destroy(data_bag, sparse_id(key))
139
146
  rescue Net::HTTPServerException => http_error
140
147
  raise http_error unless http_error.response.code == "404"
141
148
  end
@@ -161,6 +168,25 @@ class ChefVault
161
168
  end
162
169
  end
163
170
  end
171
+
172
+ if @raw_data["mode"] == "sparse"
173
+ @raw_data.each do |key, val|
174
+ next if %w{ id clients admins search_query mode }.include?(key)
175
+
176
+ skey = Chef::DataBagItem.from_hash(
177
+ "data_bag" => data_bag,
178
+ "id" => sparse_id(key),
179
+ key => val
180
+ )
181
+ @raw_data.delete(key)
182
+ if Chef::Config[:solo_legacy_mode]
183
+ save_solo(skey.id, skey.raw_data)
184
+ else
185
+ skey.save
186
+ end
187
+ end
188
+ end
189
+
164
190
  # save raw data
165
191
  if Chef::Config[:solo_legacy_mode]
166
192
  save_solo(item_id)
@@ -187,7 +213,7 @@ class ChefVault
187
213
  items = Chef::DataBag.load(data_bag).keys.select { |item| item =~ rgx }
188
214
  items.each do |id|
189
215
  Chef::DataBagItem.from_hash("data_bag" => data_bag, "id" => id)
190
- .destroy(data_bag, id)
216
+ .destroy(data_bag, id)
191
217
  end
192
218
  # destroy this metadata
193
219
  super(data_bag, id)
@@ -6,7 +6,7 @@ class ChefVault
6
6
  # paths and use that by preference
7
7
  # 1. Otherwise, just use the first location in the array
8
8
  def find_solo_path(item_id)
9
- if Chef::Config[:data_bag_path].kind_of?(Array)
9
+ if Chef::Config[:data_bag_path].is_a?(Array)
10
10
  path = Chef::Config[:data_bag_path].find do |dir|
11
11
  File.exist?(File.join(dir, data_bag, "#{item_id}.json"))
12
12
  end
@@ -15,7 +15,7 @@ class ChefVault
15
15
  data_bag_path = File.join(path, data_bag)
16
16
  else
17
17
  data_bag_path = File.join(Chef::Config[:data_bag_path],
18
- data_bag)
18
+ data_bag)
19
19
  end
20
20
  data_bag_item_path = File.join(data_bag_path, item_id) + ".json"
21
21
 
@@ -15,6 +15,6 @@
15
15
  # limitations under the License.
16
16
 
17
17
  class ChefVault
18
- VERSION = "3.4.3"
18
+ VERSION = "4.0.12"
19
19
  MAJOR, MINOR, TINY = VERSION.split(".")
20
20
  end
@@ -33,7 +33,7 @@ class ChefVault
33
33
  end
34
34
 
35
35
  def values_from_file(file)
36
- json = File.open(file) { |fh| fh.read() }
36
+ json = File.open(file, &:read)
37
37
 
38
38
  values_from_json(json)
39
39
  end
@@ -14,7 +14,7 @@
14
14
  # limitations under the License.
15
15
 
16
16
  require "chef/knife"
17
- require "chef-vault"
17
+ require_relative "../../chef-vault"
18
18
 
19
19
  class Chef
20
20
  class Knife
@@ -26,6 +26,10 @@ class Chef
26
26
  vault_admins = Chef::Config[:knife][:vault_admins]
27
27
  admin_array = [Chef::Config[:node_name]]
28
28
 
29
+ if !vault_admins.kind_of?(Array)
30
+ ui.warn("Vault admin must be an array")
31
+ end
32
+
29
33
  if config_admins
30
34
  admin_array += [config_admins]
31
35
  elsif vault_admins
@@ -14,7 +14,7 @@
14
14
  # limitations under the License.
15
15
 
16
16
  require "chef/knife"
17
- require "chef-vault"
17
+ require_relative "../../chef-vault"
18
18
 
19
19
  class Chef
20
20
  class Knife
@@ -55,13 +55,16 @@ class Chef
55
55
  # - item_keys has zero or more keys in sparse mode
56
56
  # vaults have a number of keys >= 2
57
57
  return false unless bag.keys.size >= 2
58
+
58
59
  # partition into those that end in _keys
59
60
  keylike, notkeylike = split_vault_keys(bag)
60
61
  # there must be an equal number of keyline and not-keylike items
61
62
  return false unless keylike.size == notkeylike.size
63
+
62
64
  # strip the _keys suffix and check if the sets match
63
65
  keylike.map! { |k| k.gsub(/_keys$/, "") }
64
66
  return false unless keylike.sort == notkeylike.sort
67
+
65
68
  # it's (probably) a vault
66
69
  true
67
70
  end
@@ -70,7 +73,7 @@ class Chef
70
73
  # get all item keys
71
74
  keys = bag.keys.select { |k| k =~ /_keys$/ }
72
75
  # get all sparse keys
73
- r = Regexp.union(keys.map { |k| Regexp.new("^#{k.chomp('_keys')}_key_.*") })
76
+ r = Regexp.union(keys.map { |k| Regexp.new("^#{k.chomp("_keys")}_key_.*") })
74
77
  sparse = bag.keys.select { |k| k =~ r }
75
78
  # the rest
76
79
  items = bag.keys - keys - sparse
@@ -13,9 +13,9 @@
13
13
  # See the License for the specific language governing permissions and
14
14
  # limitations under the License.
15
15
 
16
- require "chef/knife/vault_base"
17
- require "chef/knife/vault_admins"
18
- require "chef/knife/vault_clients"
16
+ require_relative "vault_base"
17
+ require_relative "vault_admins"
18
+ require_relative "vault_clients"
19
19
 
20
20
  class Chef
21
21
  class Knife
@@ -84,7 +84,7 @@ class Chef
84
84
 
85
85
  if file
86
86
  vault_item["file-name"] = File.basename(file)
87
- vault_item["file-content"] = File.open(file) { |f| f.read() }
87
+ vault_item["file-content"] = File.open(file, &:read)
88
88
  end
89
89
  else
90
90
  vault_json = edit_hash({})
@@ -13,7 +13,7 @@
13
13
  # See the License for the specific language governing permissions and
14
14
  # limitations under the License.
15
15
 
16
- require "chef/knife/vault_base"
16
+ require_relative "vault_base"
17
17
 
18
18
  class Chef
19
19
  class Knife
@@ -13,7 +13,7 @@
13
13
  # See the License for the specific language governing permissions and
14
14
  # limitations under the License.
15
15
 
16
- require "chef/knife/vault_base"
16
+ require_relative "vault_base"
17
17
 
18
18
  class Chef
19
19
  class Knife
@@ -34,7 +34,7 @@ class Chef
34
34
  File.open(path, "w") do |file|
35
35
  file.write(vault_item["file-content"])
36
36
  end
37
- ui.info("Saved #{vault_item['file-name']} as #{path}")
37
+ ui.info("Saved #{vault_item["file-name"]} as #{path}")
38
38
  else
39
39
  show_usage
40
40
  end
@@ -13,7 +13,7 @@
13
13
  # See the License for the specific language governing permissions and
14
14
  # limitations under the License.
15
15
 
16
- require "chef/knife/vault_base"
16
+ require_relative "vault_base"
17
17
 
18
18
  class Chef
19
19
  class Knife
@@ -13,7 +13,7 @@
13
13
  # See the License for the specific language governing permissions and
14
14
  # limitations under the License.
15
15
 
16
- require "chef/knife/vault_base"
16
+ require_relative "vault_base"
17
17
 
18
18
  class Chef
19
19
  class Knife
@@ -13,7 +13,7 @@
13
13
  # See the License for the specific language governing permissions and
14
14
  # limitations under the License.
15
15
 
16
- require "chef/knife/vault_base"
16
+ require_relative "vault_base"
17
17
 
18
18
  class Chef
19
19
  class Knife
@@ -13,7 +13,7 @@
13
13
  # See the License for the specific language governing permissions and
14
14
  # limitations under the License.
15
15
 
16
- require "chef/knife/vault_base"
16
+ require_relative "vault_base"
17
17
 
18
18
  class Chef
19
19
  class Knife
@@ -35,7 +35,7 @@ class Chef
35
35
  bags.each_key do |bagname|
36
36
  vaultbags.push(bagname) if bag_is_vault?(bagname)
37
37
  end
38
- output vaultbags.join("\n")
38
+ output vaultbags
39
39
  end
40
40
  end
41
41
  end
@@ -13,7 +13,7 @@
13
13
  # See the License for the specific language governing permissions and
14
14
  # limitations under the License.
15
15
 
16
- require "chef/knife/vault_base"
16
+ require_relative "vault_base"
17
17
 
18
18
  class Chef
19
19
  class Knife
@@ -47,8 +47,8 @@ class Chef
47
47
  ChefVault::Exceptions::ItemNotFound
48
48
 
49
49
  raise ChefVault::Exceptions::ItemNotFound,
50
- "#{vault}/#{item} does not exist, "\
51
- "use 'knife vault create' to create."
50
+ "#{vault}/#{item} does not exist, "\
51
+ "use 'knife vault create' to create."
52
52
  end
53
53
  else
54
54
  show_usage
@@ -13,8 +13,8 @@
13
13
  # See the License for the specific language governing permissions and
14
14
  # limitations under the License.
15
15
 
16
- require "chef/knife/vault_base"
17
- require "chef/knife/vault_clients"
16
+ require_relative "vault_base"
17
+ require_relative "vault_clients"
18
18
 
19
19
  class Chef
20
20
  class Knife
@@ -13,7 +13,7 @@
13
13
  # See the License for the specific language governing permissions and
14
14
  # limitations under the License.
15
15
 
16
- require "chef/knife/vault_base"
16
+ require_relative "vault_base"
17
17
 
18
18
  class Chef
19
19
  class Knife
@@ -45,9 +45,10 @@ class Chef
45
45
  end
46
46
  end
47
47
 
48
+ # Permalink for regex of replacing '_keys' with '': https://rubular.com/r/5cA5JNSyLfPSfY
48
49
  def vault_items(vault)
49
50
  Chef::DataBag.load(vault).keys.each_with_object([]) do |key, array|
50
- array << key.sub("_keys", "") if key =~ /.+_keys$/
51
+ array << key.sub(/_keys(?=[^_keys]*$)/, "") if key =~ /.+_keys$/
51
52
  end
52
53
  end
53
54
 
@@ -13,7 +13,7 @@
13
13
  # See the License for the specific language governing permissions and
14
14
  # limitations under the License.
15
15
 
16
- require "chef/knife/vault_base"
16
+ require_relative "vault_base"
17
17
 
18
18
  class Chef
19
19
  class Knife
@@ -13,7 +13,7 @@
13
13
  # See the License for the specific language governing permissions and
14
14
  # limitations under the License.
15
15
 
16
- require "chef/knife/vault_base"
16
+ require_relative "vault_base"
17
17
 
18
18
  class Chef
19
19
  class Knife
@@ -90,9 +90,7 @@ class Chef
90
90
  def print_keys(vault)
91
91
  if bag_is_vault?(vault)
92
92
  bag = Chef::DataBag.load(vault)
93
- split_vault_keys(bag)[1].each do |item|
94
- output item
95
- end
93
+ output split_vault_keys(bag)[1]
96
94
  else
97
95
  output "data bag #{vault} is not a chef-vault"
98
96
  end
@@ -13,9 +13,9 @@
13
13
  # See the License for the specific language governing permissions and
14
14
  # limitations under the License.
15
15
 
16
- require "chef/knife/vault_base"
17
- require "chef/knife/vault_admins"
18
- require "chef/knife/vault_clients"
16
+ require_relative "vault_base"
17
+ require_relative "vault_admins"
18
+ require_relative "vault_clients"
19
19
 
20
20
  class Chef
21
21
  class Knife
@@ -54,6 +54,11 @@ class Chef
54
54
  long: "--clean",
55
55
  description: "Clean clients before performing search"
56
56
 
57
+ option :keys_mode,
58
+ short: "-K KEYS_MODE",
59
+ long: "--keys-mode KEYS_MODE",
60
+ description: "Mode in which to save vault keys"
61
+
57
62
  def run
58
63
  vault = @name_args[0]
59
64
  item = @name_args[1]
@@ -62,16 +67,17 @@ class Chef
62
67
  json_file = config[:json]
63
68
  file = config[:file]
64
69
  clean = config[:clean]
70
+ keys_mode = config[:keys_mode]
65
71
 
66
72
  set_mode(config[:vault_mode])
67
73
 
68
- if vault && item && ((values || json_file || file) || (search || clients || admins))
74
+ if vault && item && ((values || json_file || file) || (search || clients || admins) || (keys_mode))
69
75
  begin
70
76
  vault_item = ChefVault::Item.load(vault, item)
71
77
 
72
78
  # Keys management first
73
79
  if clean
74
- vault_clients = vault_item.get_clients.clone().sort()
80
+ vault_clients = vault_item.get_clients.clone.sort
75
81
  vault_clients.each do |client|
76
82
  ui.info "Deleting #{client}"
77
83
  vault_item.delete_client(client)
@@ -91,7 +97,7 @@ class Chef
91
97
 
92
98
  if file
93
99
  vault_item["file-name"] = File.basename(file)
94
- vault_item["file-content"] = File.open(file) { |f| f.read() }
100
+ vault_item["file-content"] = File.open(file, &:read)
95
101
  end
96
102
 
97
103
  vault_item.save
@@ -105,6 +111,11 @@ class Chef
105
111
  "#{vault}/#{item} does not exist, "\
106
112
  "use 'knife vault create' to create."
107
113
  end
114
+
115
+ if keys_mode
116
+ vault_item.mode(keys_mode)
117
+ vault_item.save_keys
118
+ end
108
119
  else
109
120
  show_usage
110
121
  end
metadata CHANGED
@@ -1,16 +1,16 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: chef-vault
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.4.3
4
+ version: 4.0.12
5
5
  platform: ruby
6
6
  authors:
7
7
  - Thom May
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-10-24 00:00:00.000000000 Z
11
+ date: 2020-09-28 00:00:00.000000000 Z
12
12
  dependencies: []
13
- description: Data encryption support for Chef using data bags
13
+ description: Data encryption support for Chef Infra using data bags
14
14
  email:
15
15
  - thom@chef.io
16
16
  executables:
@@ -61,16 +61,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
61
61
  requirements:
62
62
  - - ">="
63
63
  - !ruby/object:Gem::Version
64
- version: 2.2.0
64
+ version: '2.4'
65
65
  required_rubygems_version: !ruby/object:Gem::Requirement
66
66
  requirements:
67
67
  - - ">="
68
68
  - !ruby/object:Gem::Version
69
69
  version: '0'
70
70
  requirements: []
71
- rubyforge_project:
72
- rubygems_version: 2.7.6
71
+ rubygems_version: 3.0.3
73
72
  signing_key:
74
73
  specification_version: 4
75
- summary: Data encryption support for Chef using data bags
74
+ summary: Data encryption support for Chef Infra using data bags
76
75
  test_files: []