RubyGems - chef-vault - Versions diffs - 4.0.10 → 4.1.3 - Mend

chef-vault 4.0.10 → 4.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

checksums.yaml +4 -4
data/Gemfile +2 -0
data/bin/chef-vault +1 -1
data/chef-vault.gemspec +1 -1
data/lib/chef/knife/mixin/helper.rb +28 -0
data/lib/chef/knife/vault_admins.rb +3 -3
data/lib/chef/knife/vault_base.rb +15 -8
data/lib/chef/knife/vault_delete.rb +7 -7
data/lib/chef/knife/vault_list.rb +1 -1
data/lib/chef/knife/vault_show.rb +1 -3
data/lib/chef-vault/exceptions.rb +3 -0
data/lib/chef-vault/item.rb +6 -6
data/lib/chef-vault/version.rb +1 -1
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 90adcd61e0fc654df4ce295a57fdbec194c1da9985298e8353165bd1ddb98f76
-  data.tar.gz: 63eda080cc7a54bd9d5b66aaa75d7a384d2cc7f5fc834a84d70bc0e785c430e0
+  metadata.gz: 19add775da291b1eb9dc767f149c98e477f5048ea30e4a525ff1e143918f5847
+  data.tar.gz: 483d87a0e56f4209fc532be68a11add44a2b7a968ce9ee0c37729e241cb723c5
 SHA512:
-  metadata.gz: f12f914abfd57e0b7e1b99051ec645b2ce34c3b67f8b3ef586f74b2686000f363963e7e27b3a1e85fc06d39e78524ed03c1fc0fdf5e41ed28fde036e9fa16732
-  data.tar.gz: de5160bf822bb43934287f36f30b257a081b8988842dc106896dbb227d90e6a7690b337df4d12ba767d7f986107630a2b415261dd749da0d78c7b99d0fc29155
+  metadata.gz: 70423d48be58261e55b09b0cba47df51366571795d2bd9b1c60c0255b26f1e796e3d52c8c3cb32f13ae33e07860c88c67b2d124e74b432b8ac0bfc00c6b9b4a4
+  data.tar.gz: 89400da10b9840bd63b9ff626abbb32bea9f40897efa989f70c5ee63e6e533a21807491a936358d35652af30c67ceb67c4a9e5345393758217b7f9c42320bd58

data/Gemfile CHANGED Viewed

@@ -9,6 +9,8 @@ group :development do
   gem "rspec", "~> 3.4"
   gem "aruba", "~> 0.6"
   gem "chef", "~> 14.0" # avoids test failures on license acceptance
+  gem "contracts", "~> 0.16.1" # pin until we drop ruby < 2.7
+  gem "chef-utils", "= 16.6.14" # pin until we drop ruby 2.5
 end
 group :docs do

data/bin/chef-vault CHANGED Viewed

@@ -79,7 +79,7 @@ options_config.each do |option, config|
 end
 options_config.each do |option, config|
-  options[option] = options[option] ? options[option] : config[:default]
+  options[option] = options[option] || config[:default]
 end
 require "rubygems" unless defined?(Gem)

data/chef-vault.gemspec CHANGED Viewed

@@ -14,7 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-$:.push File.expand_path("../lib", __FILE__)
+$:.push File.expand_path("lib", __dir__)
 require "chef-vault/version"
 Gem::Specification.new do |s|

data/lib/chef/knife/mixin/helper.rb CHANGED Viewed

@@ -39,10 +39,38 @@ class ChefVault
       end
       def values_from_json(json)
+        validate_json(json)
         JSON.parse(json)
       rescue JSON::ParserError
         raise JSON::ParserError, "#{json} is not valid JSON!"
       end
+      # I/P: json string
+      # Raises `InvalidValue` if any of the json's values contain non-printable characters.
+      def validate_json(json)
+        begin
+          evaled_json = eval(json) # rubocop: disable Security/Eval
+        rescue SyntaxError
+          raise ChefVault::Exceptions::InvalidValue, "#{json} is not valid JSON!"
+        end
+        if evaled_json.is_a?(Hash)
+          evaled_json.each do |key, value|
+            next unless printable?(value.to_s)
+            msg = "Value '#{value}' of key '#{key}' contains non-printable characters. Check that backslashes are escaped with another backslash (e.g. C:\\\\Windows) in double-quoted strings."
+            ChefVault::Log.warn(msg)
+          end
+        end
+      end
+      # I/P: String
+      # O/P: true/false
+      # returns true if string is free of non-printable characters (escape sequences)
+      # this returns false for whitespace escape sequences as well, e.g. \n\t
+      def printable?(string)
+        /[^[:print:]]|[[:space:]]/.match(string)
+      end
     end
   end
 end

data/lib/chef/knife/vault_admins.rb CHANGED Viewed

@@ -26,9 +26,9 @@ class Chef
         vault_admins = Chef::Config[:knife][:vault_admins]
         admin_array = [Chef::Config[:node_name]]
-        if !vault_admins.kind_of?(Array)
-+         ui.warn("Vault admin must be an array")
-+       end
+        unless vault_admins.is_a?(Array)
+          ui.warn("Vault admin must be an array")
+        end
         if config_admins
           admin_array += [config_admins]

data/lib/chef/knife/vault_base.rb CHANGED Viewed

@@ -13,6 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
+require "set" unless defined?(::Set)
 require "chef/knife"
 require_relative "../../chef-vault"
@@ -23,7 +24,7 @@ class Chef
         includer.class_eval do
           deps do
             require "chef/search/query"
-            require File.expand_path("../mixin/helper", __FILE__)
+            require File.expand_path("mixin/helper", __dir__)
             include ChefVault::Mixin::Helper
           end
@@ -70,13 +71,19 @@ class Chef
       end
       def split_vault_keys(bag)
-        # get all item keys
-        keys = bag.keys.select { |k| k =~ /_keys$/ }
-        # get all sparse keys
-        r = Regexp.union(keys.map { |k| Regexp.new("^#{k.chomp("_keys")}_key_.*") })
-        sparse = bag.keys.select { |k| k =~ r }
-        # the rest
-        items = bag.keys - keys - sparse
+        items = []
+        keys = ::Set.new
+        possible_sparses = ::Set.new
+        # spread bag keys into 3 categories: items, keys or possible sparse items
+        bag.each_key do |key|
+          next keys << key if key.end_with?("_keys")
+          next possible_sparses << key if key.include?("_key_")
+          items << key
+        end
+        # 2nd pass "sparse" items to avoid false positive when items have "_key" in their name
+        possible_sparses.each { |key| items << key if keys.include?("#{key}_keys") }
         # return item keys and items
         [keys, items]
       end

data/lib/chef/knife/vault_delete.rb CHANGED Viewed

@@ -30,13 +30,13 @@ class Chef
         if vault && item
           delete_object(ChefVault::Item, "#{vault}/#{item}", "chef_vault_item") do
-            begin
-              ChefVault::Item.load(vault, item).destroy
-            rescue ChefVault::Exceptions::KeysNotFound,
-                   ChefVault::Exceptions::ItemNotFound
-              raise ChefVault::Exceptions::ItemNotFound,
-                "#{vault}/#{item} not found."
-            end
+            ChefVault::Item.load(vault, item).destroy
+          rescue ChefVault::Exceptions::KeysNotFound,
+                 ChefVault::Exceptions::ItemNotFound
+            raise ChefVault::Exceptions::ItemNotFound,
+              "#{vault}/#{item} not found."
           end
         else
           show_usage

data/lib/chef/knife/vault_list.rb CHANGED Viewed

@@ -35,7 +35,7 @@ class Chef
         bags.each_key do |bagname|
           vaultbags.push(bagname) if bag_is_vault?(bagname)
         end
-        output vaultbags.join("\n")
+        output vaultbags
       end
     end
   end

data/lib/chef/knife/vault_show.rb CHANGED Viewed

@@ -90,9 +90,7 @@ class Chef
       def print_keys(vault)
         if bag_is_vault?(vault)
           bag = Chef::DataBag.load(vault)
-          split_vault_keys(bag)[1].each do |item|
-            output item
-          end
+          output split_vault_keys(bag)[1]
         else
           output "data bag #{vault} is not a chef-vault"
         end

data/lib/chef-vault/exceptions.rb CHANGED Viewed

@@ -51,5 +51,8 @@ class ChefVault
     class V1Format < Exceptions
     end
+    class InvalidValue < Exceptions
+    end
   end
 end

data/lib/chef-vault/item.rb CHANGED Viewed

@@ -89,12 +89,12 @@ class ChefVault
         handle_client_action(search_or_client, action)
       else
         search_or_client.each do |name|
-          begin
-            client = load_actor(name, "clients")
-            handle_client_action(client, action)
-          rescue ChefVault::Exceptions::ClientNotFound
-            ChefVault::Log.warn "node '#{name}' has no 'default' public key; skipping"
-          end
+          client = load_actor(name, "clients")
+          handle_client_action(client, action)
+        rescue ChefVault::Exceptions::ClientNotFound
+          ChefVault::Log.warn "node '#{name}' has no 'default' public key; skipping"
         end
       end
     end

data/lib/chef-vault/version.rb CHANGED Viewed

@@ -15,6 +15,6 @@
 # limitations under the License.
 class ChefVault
-  VERSION = "4.0.10"
+  VERSION = "4.1.3"
   MAJOR, MINOR, TINY = VERSION.split(".")
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chef-vault
 version: !ruby/object:Gem::Version
-  version: 4.0.10
+  version: 4.1.3
 platform: ruby
 authors:
 - Thom May
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-08-21 00:00:00.000000000 Z
+date: 2021-09-01 00:00:00.000000000 Z
 dependencies: []
 description: Data encryption support for Chef Infra using data bags
 email:
@@ -68,7 +68,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.4
 signing_key:
 specification_version: 4
 summary: Data encryption support for Chef Infra using data bags