chef-vault 4.0.11 → 4.1.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +2 -0
- data/bin/chef-vault +1 -1
- data/chef-vault.gemspec +1 -1
- data/lib/chef/knife/mixin/helper.rb +28 -0
- data/lib/chef/knife/vault_admins.rb +1 -1
- data/lib/chef/knife/vault_base.rb +15 -8
- data/lib/chef/knife/vault_delete.rb +3 -1
- data/lib/chef/knife/vault_list.rb +1 -1
- data/lib/chef/knife/vault_show.rb +1 -3
- data/lib/chef-vault/exceptions.rb +3 -0
- data/lib/chef-vault/item.rb +2 -0
- data/lib/chef-vault/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 14e3a2852ee8d6656907e8a0d56c097457d28407d97019479f445676b5d2b04e
|
4
|
+
data.tar.gz: cf816e130bbb5b811658d2d164c23c8d5c24989ef76908fec4e65a7e3747ab31
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f80e43a595981aaf058b86389ca26c97f31b685281a981946ceca1d11468ad132965326c1583b9458dcac400be3d33edb76cfddb933676ae3396d81b1226c97a
|
7
|
+
data.tar.gz: f315160a8a135f005ea8204229910979b506b927b71da1131c76aeba088ec00ea0ba962d7c5c87e5f61b563024bccdcd7865c41c241719cf3ecd73ac33499be9
|
data/Gemfile
CHANGED
@@ -9,6 +9,8 @@ group :development do
|
|
9
9
|
gem "rspec", "~> 3.4"
|
10
10
|
gem "aruba", "~> 0.6"
|
11
11
|
gem "chef", "~> 14.0" # avoids test failures on license acceptance
|
12
|
+
gem "contracts", "~> 0.16.1" # pin until we drop ruby < 2.7
|
13
|
+
gem "chef-utils", "= 16.6.14" # pin until we drop ruby 2.5
|
12
14
|
end
|
13
15
|
|
14
16
|
group :docs do
|
data/bin/chef-vault
CHANGED
@@ -79,7 +79,7 @@ options_config.each do |option, config|
|
|
79
79
|
end
|
80
80
|
|
81
81
|
options_config.each do |option, config|
|
82
|
-
options[option] = options[option]
|
82
|
+
options[option] = options[option] || config[:default]
|
83
83
|
end
|
84
84
|
|
85
85
|
require "rubygems" unless defined?(Gem)
|
data/chef-vault.gemspec
CHANGED
@@ -14,7 +14,7 @@
|
|
14
14
|
# See the License for the specific language governing permissions and
|
15
15
|
# limitations under the License.
|
16
16
|
|
17
|
-
$:.push File.expand_path("
|
17
|
+
$:.push File.expand_path("lib", __dir__)
|
18
18
|
require "chef-vault/version"
|
19
19
|
|
20
20
|
Gem::Specification.new do |s|
|
@@ -39,10 +39,38 @@ class ChefVault
|
|
39
39
|
end
|
40
40
|
|
41
41
|
def values_from_json(json)
|
42
|
+
validate_json(json)
|
42
43
|
JSON.parse(json)
|
43
44
|
rescue JSON::ParserError
|
44
45
|
raise JSON::ParserError, "#{json} is not valid JSON!"
|
45
46
|
end
|
47
|
+
|
48
|
+
# I/P: json string
|
49
|
+
# Raises `InvalidValue` if any of the json's values contain non-printable characters.
|
50
|
+
def validate_json(json)
|
51
|
+
begin
|
52
|
+
evaled_json = eval(json) # rubocop: disable Security/Eval
|
53
|
+
rescue SyntaxError
|
54
|
+
raise ChefVault::Exceptions::InvalidValue, "#{json} is not valid JSON!"
|
55
|
+
end
|
56
|
+
|
57
|
+
if evaled_json.is_a?(Hash)
|
58
|
+
evaled_json.each do |key, value|
|
59
|
+
next unless printable?(value.to_s)
|
60
|
+
|
61
|
+
msg = "Value '#{value}' of key '#{key}' contains non-printable characters. Check that backslashes are escaped with another backslash (e.g. C:\\\\Windows) in double-quoted strings."
|
62
|
+
ChefVault::Log.warn(msg)
|
63
|
+
end
|
64
|
+
end
|
65
|
+
end
|
66
|
+
|
67
|
+
# I/P: String
|
68
|
+
# O/P: true/false
|
69
|
+
# returns true if string is free of non-printable characters (escape sequences)
|
70
|
+
# this returns false for whitespace escape sequences as well, e.g. \n\t
|
71
|
+
def printable?(string)
|
72
|
+
/[^[:print:]]|[[:space:]]/.match(string)
|
73
|
+
end
|
46
74
|
end
|
47
75
|
end
|
48
76
|
end
|
@@ -13,6 +13,7 @@
|
|
13
13
|
# See the License for the specific language governing permissions and
|
14
14
|
# limitations under the License.
|
15
15
|
|
16
|
+
require "set" unless defined?(::Set)
|
16
17
|
require "chef/knife"
|
17
18
|
require_relative "../../chef-vault"
|
18
19
|
|
@@ -23,7 +24,7 @@ class Chef
|
|
23
24
|
includer.class_eval do
|
24
25
|
deps do
|
25
26
|
require "chef/search/query"
|
26
|
-
require File.expand_path("
|
27
|
+
require File.expand_path("mixin/helper", __dir__)
|
27
28
|
include ChefVault::Mixin::Helper
|
28
29
|
end
|
29
30
|
|
@@ -70,13 +71,19 @@ class Chef
|
|
70
71
|
end
|
71
72
|
|
72
73
|
def split_vault_keys(bag)
|
73
|
-
|
74
|
-
keys =
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
74
|
+
items = []
|
75
|
+
keys = ::Set.new
|
76
|
+
possible_sparses = ::Set.new
|
77
|
+
|
78
|
+
# spread bag keys into 3 categories: items, keys or possible sparse items
|
79
|
+
bag.each_key do |key|
|
80
|
+
next keys << key if key.end_with?("_keys")
|
81
|
+
next possible_sparses << key if key.include?("_key_")
|
82
|
+
|
83
|
+
items << key
|
84
|
+
end
|
85
|
+
# 2nd pass "sparse" items to avoid false positive when items have "_key" in their name
|
86
|
+
possible_sparses.each { |key| items << key if keys.include?("#{key}_keys") }
|
80
87
|
# return item keys and items
|
81
88
|
[keys, items]
|
82
89
|
end
|
@@ -30,13 +30,15 @@ class Chef
|
|
30
30
|
|
31
31
|
if vault && item
|
32
32
|
delete_object(ChefVault::Item, "#{vault}/#{item}", "chef_vault_item") do
|
33
|
+
# rubocop:disable all
|
33
34
|
begin
|
34
35
|
ChefVault::Item.load(vault, item).destroy
|
35
36
|
rescue ChefVault::Exceptions::KeysNotFound,
|
36
|
-
|
37
|
+
ChefVault::Exceptions::ItemNotFound
|
37
38
|
raise ChefVault::Exceptions::ItemNotFound,
|
38
39
|
"#{vault}/#{item} not found."
|
39
40
|
end
|
41
|
+
# rubocop:enable all
|
40
42
|
end
|
41
43
|
else
|
42
44
|
show_usage
|
@@ -90,9 +90,7 @@ class Chef
|
|
90
90
|
def print_keys(vault)
|
91
91
|
if bag_is_vault?(vault)
|
92
92
|
bag = Chef::DataBag.load(vault)
|
93
|
-
split_vault_keys(bag)[1]
|
94
|
-
output item
|
95
|
-
end
|
93
|
+
output split_vault_keys(bag)[1]
|
96
94
|
else
|
97
95
|
output "data bag #{vault} is not a chef-vault"
|
98
96
|
end
|
data/lib/chef-vault/item.rb
CHANGED
@@ -89,12 +89,14 @@ class ChefVault
|
|
89
89
|
handle_client_action(search_or_client, action)
|
90
90
|
else
|
91
91
|
search_or_client.each do |name|
|
92
|
+
# rubocop:disable all
|
92
93
|
begin
|
93
94
|
client = load_actor(name, "clients")
|
94
95
|
handle_client_action(client, action)
|
95
96
|
rescue ChefVault::Exceptions::ClientNotFound
|
96
97
|
ChefVault::Log.warn "node '#{name}' has no 'default' public key; skipping"
|
97
98
|
end
|
99
|
+
# rubocop:enable all
|
98
100
|
end
|
99
101
|
end
|
100
102
|
end
|
data/lib/chef-vault/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: chef-vault
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.
|
4
|
+
version: 4.1.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Thom May
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-09-09 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: Data encryption support for Chef Infra using data bags
|
14
14
|
email:
|
@@ -68,7 +68,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
68
68
|
- !ruby/object:Gem::Version
|
69
69
|
version: '0'
|
70
70
|
requirements: []
|
71
|
-
rubygems_version: 3.
|
71
|
+
rubygems_version: 3.1.4
|
72
72
|
signing_key:
|
73
73
|
specification_version: 4
|
74
74
|
summary: Data encryption support for Chef Infra using data bags
|