chef-vault 4.0.11 → 4.1.4

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a31b1dc1d2889fdab403f6f55a662c744529586f116d4d3f87196595fedc245c
4
- data.tar.gz: '079f1cabc8c809b0a98b30b0e19181e88ea205317387ec1eef8a396c43476d56'
3
+ metadata.gz: 14e3a2852ee8d6656907e8a0d56c097457d28407d97019479f445676b5d2b04e
4
+ data.tar.gz: cf816e130bbb5b811658d2d164c23c8d5c24989ef76908fec4e65a7e3747ab31
5
5
  SHA512:
6
- metadata.gz: 50b6f9f0261bfd2f98aecdb0f84ec2c7b9aa775d31982ab2985a758cf423bf2af128e10f69de353129d3e74ce92d5f0579fafcdb3764abd6344a5de7b1e8ac84
7
- data.tar.gz: b6a488022c267e9c9709ec16ac835b45a833a11445c20af6b833f50e2d650bc5f6d9949baabce01f3502168b16c7ad1b676856d683e63914122e3a380a18fe99
6
+ metadata.gz: f80e43a595981aaf058b86389ca26c97f31b685281a981946ceca1d11468ad132965326c1583b9458dcac400be3d33edb76cfddb933676ae3396d81b1226c97a
7
+ data.tar.gz: f315160a8a135f005ea8204229910979b506b927b71da1131c76aeba088ec00ea0ba962d7c5c87e5f61b563024bccdcd7865c41c241719cf3ecd73ac33499be9
data/Gemfile CHANGED
@@ -9,6 +9,8 @@ group :development do
9
9
  gem "rspec", "~> 3.4"
10
10
  gem "aruba", "~> 0.6"
11
11
  gem "chef", "~> 14.0" # avoids test failures on license acceptance
12
+ gem "contracts", "~> 0.16.1" # pin until we drop ruby < 2.7
13
+ gem "chef-utils", "= 16.6.14" # pin until we drop ruby 2.5
12
14
  end
13
15
 
14
16
  group :docs do
data/bin/chef-vault CHANGED
@@ -79,7 +79,7 @@ options_config.each do |option, config|
79
79
  end
80
80
 
81
81
  options_config.each do |option, config|
82
- options[option] = options[option] ? options[option] : config[:default]
82
+ options[option] = options[option] || config[:default]
83
83
  end
84
84
 
85
85
  require "rubygems" unless defined?(Gem)
data/chef-vault.gemspec CHANGED
@@ -14,7 +14,7 @@
14
14
  # See the License for the specific language governing permissions and
15
15
  # limitations under the License.
16
16
 
17
- $:.push File.expand_path("../lib", __FILE__)
17
+ $:.push File.expand_path("lib", __dir__)
18
18
  require "chef-vault/version"
19
19
 
20
20
  Gem::Specification.new do |s|
@@ -39,10 +39,38 @@ class ChefVault
39
39
  end
40
40
 
41
41
  def values_from_json(json)
42
+ validate_json(json)
42
43
  JSON.parse(json)
43
44
  rescue JSON::ParserError
44
45
  raise JSON::ParserError, "#{json} is not valid JSON!"
45
46
  end
47
+
48
+ # I/P: json string
49
+ # Raises `InvalidValue` if any of the json's values contain non-printable characters.
50
+ def validate_json(json)
51
+ begin
52
+ evaled_json = eval(json) # rubocop: disable Security/Eval
53
+ rescue SyntaxError
54
+ raise ChefVault::Exceptions::InvalidValue, "#{json} is not valid JSON!"
55
+ end
56
+
57
+ if evaled_json.is_a?(Hash)
58
+ evaled_json.each do |key, value|
59
+ next unless printable?(value.to_s)
60
+
61
+ msg = "Value '#{value}' of key '#{key}' contains non-printable characters. Check that backslashes are escaped with another backslash (e.g. C:\\\\Windows) in double-quoted strings."
62
+ ChefVault::Log.warn(msg)
63
+ end
64
+ end
65
+ end
66
+
67
+ # I/P: String
68
+ # O/P: true/false
69
+ # returns true if string is free of non-printable characters (escape sequences)
70
+ # this returns false for whitespace escape sequences as well, e.g. \n\t
71
+ def printable?(string)
72
+ /[^[:print:]]|[[:space:]]/.match(string)
73
+ end
46
74
  end
47
75
  end
48
76
  end
@@ -26,7 +26,7 @@ class Chef
26
26
  vault_admins = Chef::Config[:knife][:vault_admins]
27
27
  admin_array = [Chef::Config[:node_name]]
28
28
 
29
- if !vault_admins.kind_of?(Array)
29
+ unless vault_admins.is_a?(Array)
30
30
  ui.warn("Vault admin must be an array")
31
31
  end
32
32
 
@@ -13,6 +13,7 @@
13
13
  # See the License for the specific language governing permissions and
14
14
  # limitations under the License.
15
15
 
16
+ require "set" unless defined?(::Set)
16
17
  require "chef/knife"
17
18
  require_relative "../../chef-vault"
18
19
 
@@ -23,7 +24,7 @@ class Chef
23
24
  includer.class_eval do
24
25
  deps do
25
26
  require "chef/search/query"
26
- require File.expand_path("../mixin/helper", __FILE__)
27
+ require File.expand_path("mixin/helper", __dir__)
27
28
  include ChefVault::Mixin::Helper
28
29
  end
29
30
 
@@ -70,13 +71,19 @@ class Chef
70
71
  end
71
72
 
72
73
  def split_vault_keys(bag)
73
- # get all item keys
74
- keys = bag.keys.select { |k| k =~ /_keys$/ }
75
- # get all sparse keys
76
- r = Regexp.union(keys.map { |k| Regexp.new("^#{k.chomp("_keys")}_key_.*") })
77
- sparse = bag.keys.select { |k| k =~ r }
78
- # the rest
79
- items = bag.keys - keys - sparse
74
+ items = []
75
+ keys = ::Set.new
76
+ possible_sparses = ::Set.new
77
+
78
+ # spread bag keys into 3 categories: items, keys or possible sparse items
79
+ bag.each_key do |key|
80
+ next keys << key if key.end_with?("_keys")
81
+ next possible_sparses << key if key.include?("_key_")
82
+
83
+ items << key
84
+ end
85
+ # 2nd pass "sparse" items to avoid false positive when items have "_key" in their name
86
+ possible_sparses.each { |key| items << key if keys.include?("#{key}_keys") }
80
87
  # return item keys and items
81
88
  [keys, items]
82
89
  end
@@ -30,13 +30,15 @@ class Chef
30
30
 
31
31
  if vault && item
32
32
  delete_object(ChefVault::Item, "#{vault}/#{item}", "chef_vault_item") do
33
+ # rubocop:disable all
33
34
  begin
34
35
  ChefVault::Item.load(vault, item).destroy
35
36
  rescue ChefVault::Exceptions::KeysNotFound,
36
- ChefVault::Exceptions::ItemNotFound
37
+ ChefVault::Exceptions::ItemNotFound
37
38
  raise ChefVault::Exceptions::ItemNotFound,
38
39
  "#{vault}/#{item} not found."
39
40
  end
41
+ # rubocop:enable all
40
42
  end
41
43
  else
42
44
  show_usage
@@ -35,7 +35,7 @@ class Chef
35
35
  bags.each_key do |bagname|
36
36
  vaultbags.push(bagname) if bag_is_vault?(bagname)
37
37
  end
38
- output vaultbags.join("\n")
38
+ output vaultbags
39
39
  end
40
40
  end
41
41
  end
@@ -90,9 +90,7 @@ class Chef
90
90
  def print_keys(vault)
91
91
  if bag_is_vault?(vault)
92
92
  bag = Chef::DataBag.load(vault)
93
- split_vault_keys(bag)[1].each do |item|
94
- output item
95
- end
93
+ output split_vault_keys(bag)[1]
96
94
  else
97
95
  output "data bag #{vault} is not a chef-vault"
98
96
  end
@@ -51,5 +51,8 @@ class ChefVault
51
51
 
52
52
  class V1Format < Exceptions
53
53
  end
54
+
55
+ class InvalidValue < Exceptions
56
+ end
54
57
  end
55
58
  end
@@ -89,12 +89,14 @@ class ChefVault
89
89
  handle_client_action(search_or_client, action)
90
90
  else
91
91
  search_or_client.each do |name|
92
+ # rubocop:disable all
92
93
  begin
93
94
  client = load_actor(name, "clients")
94
95
  handle_client_action(client, action)
95
96
  rescue ChefVault::Exceptions::ClientNotFound
96
97
  ChefVault::Log.warn "node '#{name}' has no 'default' public key; skipping"
97
98
  end
99
+ # rubocop:enable all
98
100
  end
99
101
  end
100
102
  end
@@ -15,6 +15,6 @@
15
15
  # limitations under the License.
16
16
 
17
17
  class ChefVault
18
- VERSION = "4.0.11"
18
+ VERSION = "4.1.4"
19
19
  MAJOR, MINOR, TINY = VERSION.split(".")
20
20
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: chef-vault
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.0.11
4
+ version: 4.1.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Thom May
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-08-21 00:00:00.000000000 Z
11
+ date: 2021-09-09 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: Data encryption support for Chef Infra using data bags
14
14
  email:
@@ -68,7 +68,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
68
68
  - !ruby/object:Gem::Version
69
69
  version: '0'
70
70
  requirements: []
71
- rubygems_version: 3.0.3
71
+ rubygems_version: 3.1.4
72
72
  signing_key:
73
73
  specification_version: 4
74
74
  summary: Data encryption support for Chef Infra using data bags