chef-vault 4.0.10 → 4.1.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (14) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +2 -0
  3. data/bin/chef-vault +1 -1
  4. data/chef-vault.gemspec +1 -1
  5. data/lib/chef/knife/mixin/helper.rb +28 -0
  6. data/lib/chef/knife/vault_admins.rb +3 -3
  7. data/lib/chef/knife/vault_base.rb +15 -8
  8. data/lib/chef/knife/vault_delete.rb +7 -7
  9. data/lib/chef/knife/vault_list.rb +1 -1
  10. data/lib/chef/knife/vault_show.rb +1 -3
  11. data/lib/chef-vault/exceptions.rb +3 -0
  12. data/lib/chef-vault/item.rb +6 -6
  13. data/lib/chef-vault/version.rb +1 -1
  14. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 90adcd61e0fc654df4ce295a57fdbec194c1da9985298e8353165bd1ddb98f76
4
- data.tar.gz: 63eda080cc7a54bd9d5b66aaa75d7a384d2cc7f5fc834a84d70bc0e785c430e0
3
+ metadata.gz: 19add775da291b1eb9dc767f149c98e477f5048ea30e4a525ff1e143918f5847
4
+ data.tar.gz: 483d87a0e56f4209fc532be68a11add44a2b7a968ce9ee0c37729e241cb723c5
5
5
  SHA512:
6
- metadata.gz: f12f914abfd57e0b7e1b99051ec645b2ce34c3b67f8b3ef586f74b2686000f363963e7e27b3a1e85fc06d39e78524ed03c1fc0fdf5e41ed28fde036e9fa16732
7
- data.tar.gz: de5160bf822bb43934287f36f30b257a081b8988842dc106896dbb227d90e6a7690b337df4d12ba767d7f986107630a2b415261dd749da0d78c7b99d0fc29155
6
+ metadata.gz: 70423d48be58261e55b09b0cba47df51366571795d2bd9b1c60c0255b26f1e796e3d52c8c3cb32f13ae33e07860c88c67b2d124e74b432b8ac0bfc00c6b9b4a4
7
+ data.tar.gz: 89400da10b9840bd63b9ff626abbb32bea9f40897efa989f70c5ee63e6e533a21807491a936358d35652af30c67ceb67c4a9e5345393758217b7f9c42320bd58
data/Gemfile CHANGED
@@ -9,6 +9,8 @@ group :development do
9
9
  gem "rspec", "~> 3.4"
10
10
  gem "aruba", "~> 0.6"
11
11
  gem "chef", "~> 14.0" # avoids test failures on license acceptance
12
+ gem "contracts", "~> 0.16.1" # pin until we drop ruby < 2.7
13
+ gem "chef-utils", "= 16.6.14" # pin until we drop ruby 2.5
12
14
  end
13
15
 
14
16
  group :docs do
data/bin/chef-vault CHANGED
@@ -79,7 +79,7 @@ options_config.each do |option, config|
79
79
  end
80
80
 
81
81
  options_config.each do |option, config|
82
- options[option] = options[option] ? options[option] : config[:default]
82
+ options[option] = options[option] || config[:default]
83
83
  end
84
84
 
85
85
  require "rubygems" unless defined?(Gem)
data/chef-vault.gemspec CHANGED
@@ -14,7 +14,7 @@
14
14
  # See the License for the specific language governing permissions and
15
15
  # limitations under the License.
16
16
 
17
- $:.push File.expand_path("../lib", __FILE__)
17
+ $:.push File.expand_path("lib", __dir__)
18
18
  require "chef-vault/version"
19
19
 
20
20
  Gem::Specification.new do |s|
data/lib/chef/knife/mixin/helper.rb CHANGED
@@ -39,10 +39,38 @@ class ChefVault
39
39
  end
40
40
 
41
41
  def values_from_json(json)
42
+ validate_json(json)
42
43
  JSON.parse(json)
43
44
  rescue JSON::ParserError
44
45
  raise JSON::ParserError, "#{json} is not valid JSON!"
45
46
  end
47
+
48
+ # I/P: json string
49
+ # Raises `InvalidValue` if any of the json's values contain non-printable characters.
50
+ def validate_json(json)
51
+ begin
52
+ evaled_json = eval(json) # rubocop: disable Security/Eval
53
+ rescue SyntaxError
54
+ raise ChefVault::Exceptions::InvalidValue, "#{json} is not valid JSON!"
55
+ end
56
+
57
+ if evaled_json.is_a?(Hash)
58
+ evaled_json.each do |key, value|
59
+ next unless printable?(value.to_s)
60
+
61
+ msg = "Value '#{value}' of key '#{key}' contains non-printable characters. Check that backslashes are escaped with another backslash (e.g. C:\\\\Windows) in double-quoted strings."
62
+ ChefVault::Log.warn(msg)
63
+ end
64
+ end
65
+ end
66
+
67
+ # I/P: String
68
+ # O/P: true/false
69
+ # returns true if string is free of non-printable characters (escape sequences)
70
+ # this returns false for whitespace escape sequences as well, e.g. \n\t
71
+ def printable?(string)
72
+ /[^[:print:]]|[[:space:]]/.match(string)
73
+ end
46
74
  end
47
75
  end
48
76
  end
data/lib/chef/knife/vault_admins.rb CHANGED
@@ -26,9 +26,9 @@ class Chef
26
26
  vault_admins = Chef::Config[:knife][:vault_admins]
27
27
  admin_array = [Chef::Config[:node_name]]
28
28
 
29
- if !vault_admins.kind_of?(Array)
30
- + ui.warn("Vault admin must be an array")
31
- + end
29
+ unless vault_admins.is_a?(Array)
30
+ ui.warn("Vault admin must be an array")
31
+ end
32
32
 
33
33
  if config_admins
34
34
  admin_array += [config_admins]
data/lib/chef/knife/vault_base.rb CHANGED
@@ -13,6 +13,7 @@
13
13
  # See the License for the specific language governing permissions and
14
14
  # limitations under the License.
15
15
 
16
+ require "set" unless defined?(::Set)
16
17
  require "chef/knife"
17
18
  require_relative "../../chef-vault"
18
19
 
@@ -23,7 +24,7 @@ class Chef
23
24
  includer.class_eval do
24
25
  deps do
25
26
  require "chef/search/query"
26
- require File.expand_path("../mixin/helper", __FILE__)
27
+ require File.expand_path("mixin/helper", __dir__)
27
28
  include ChefVault::Mixin::Helper
28
29
  end
29
30
 
@@ -70,13 +71,19 @@ class Chef
70
71
  end
71
72
 
72
73
  def split_vault_keys(bag)
73
- # get all item keys
74
- keys = bag.keys.select { |k| k =~ /_keys$/ }
75
- # get all sparse keys
76
- r = Regexp.union(keys.map { |k| Regexp.new("^#{k.chomp("_keys")}_key_.*") })
77
- sparse = bag.keys.select { |k| k =~ r }
78
- # the rest
79
- items = bag.keys - keys - sparse
74
+ items = []
75
+ keys = ::Set.new
76
+ possible_sparses = ::Set.new
77
+
78
+ # spread bag keys into 3 categories: items, keys or possible sparse items
79
+ bag.each_key do |key|
80
+ next keys << key if key.end_with?("_keys")
81
+ next possible_sparses << key if key.include?("_key_")
82
+
83
+ items << key
84
+ end
85
+ # 2nd pass "sparse" items to avoid false positive when items have "_key" in their name
86
+ possible_sparses.each { |key| items << key if keys.include?("#{key}_keys") }
80
87
  # return item keys and items
81
88
  [keys, items]
82
89
  end
data/lib/chef/knife/vault_delete.rb CHANGED
@@ -30,13 +30,13 @@ class Chef
30
30
 
31
31
  if vault && item
32
32
  delete_object(ChefVault::Item, "#{vault}/#{item}", "chef_vault_item") do
33
- begin
34
- ChefVault::Item.load(vault, item).destroy
35
- rescue ChefVault::Exceptions::KeysNotFound,
36
- ChefVault::Exceptions::ItemNotFound
37
- raise ChefVault::Exceptions::ItemNotFound,
38
- "#{vault}/#{item} not found."
39
- end
33
+
34
+ ChefVault::Item.load(vault, item).destroy
35
+ rescue ChefVault::Exceptions::KeysNotFound,
36
+ ChefVault::Exceptions::ItemNotFound
37
+ raise ChefVault::Exceptions::ItemNotFound,
38
+ "#{vault}/#{item} not found."
39
+
40
40
  end
41
41
  else
42
42
  show_usage
data/lib/chef/knife/vault_list.rb CHANGED
@@ -35,7 +35,7 @@ class Chef
35
35
  bags.each_key do |bagname|
36
36
  vaultbags.push(bagname) if bag_is_vault?(bagname)
37
37
  end
38
- output vaultbags.join("\n")
38
+ output vaultbags
39
39
  end
40
40
  end
41
41
  end
data/lib/chef/knife/vault_show.rb CHANGED
@@ -90,9 +90,7 @@ class Chef
90
90
  def print_keys(vault)
91
91
  if bag_is_vault?(vault)
92
92
  bag = Chef::DataBag.load(vault)
93
- split_vault_keys(bag)[1].each do |item|
94
- output item
95
- end
93
+ output split_vault_keys(bag)[1]
96
94
  else
97
95
  output "data bag #{vault} is not a chef-vault"
98
96
  end
data/lib/chef-vault/exceptions.rb CHANGED
@@ -51,5 +51,8 @@ class ChefVault
51
51
 
52
52
  class V1Format < Exceptions
53
53
  end
54
+
55
+ class InvalidValue < Exceptions
56
+ end
54
57
  end
55
58
  end
data/lib/chef-vault/item.rb CHANGED
@@ -89,12 +89,12 @@ class ChefVault
89
89
  handle_client_action(search_or_client, action)
90
90
  else
91
91
  search_or_client.each do |name|
92
- begin
93
- client = load_actor(name, "clients")
94
- handle_client_action(client, action)
95
- rescue ChefVault::Exceptions::ClientNotFound
96
- ChefVault::Log.warn "node '#{name}' has no 'default' public key; skipping"
97
- end
92
+
93
+ client = load_actor(name, "clients")
94
+ handle_client_action(client, action)
95
+ rescue ChefVault::Exceptions::ClientNotFound
96
+ ChefVault::Log.warn "node '#{name}' has no 'default' public key; skipping"
97
+
98
98
  end
99
99
  end
100
100
  end
data/lib/chef-vault/version.rb CHANGED
@@ -15,6 +15,6 @@
15
15
  # limitations under the License.
16
16
 
17
17
  class ChefVault
18
- VERSION = "4.0.10"
18
+ VERSION = "4.1.3"
19
19
  MAJOR, MINOR, TINY = VERSION.split(".")
20
20
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: chef-vault
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.0.10
4
+ version: 4.1.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Thom May
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-08-21 00:00:00.000000000 Z
11
+ date: 2021-09-01 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: Data encryption support for Chef Infra using data bags
14
14
  email:
@@ -68,7 +68,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
68
68
  - !ruby/object:Gem::Version
69
69
  version: '0'
70
70
  requirements: []
71
- rubygems_version: 3.0.3
71
+ rubygems_version: 3.1.4
72
72
  signing_key:
73
73
  specification_version: 4
74
74
  summary: Data encryption support for Chef Infra using data bags