chef-vault 4.0.11 → 4.1.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a31b1dc1d2889fdab403f6f55a662c744529586f116d4d3f87196595fedc245c
-  data.tar.gz: '079f1cabc8c809b0a98b30b0e19181e88ea205317387ec1eef8a396c43476d56'
+  metadata.gz: 14e3a2852ee8d6656907e8a0d56c097457d28407d97019479f445676b5d2b04e
+  data.tar.gz: cf816e130bbb5b811658d2d164c23c8d5c24989ef76908fec4e65a7e3747ab31
 SHA512:
-  metadata.gz: 50b6f9f0261bfd2f98aecdb0f84ec2c7b9aa775d31982ab2985a758cf423bf2af128e10f69de353129d3e74ce92d5f0579fafcdb3764abd6344a5de7b1e8ac84
-  data.tar.gz: b6a488022c267e9c9709ec16ac835b45a833a11445c20af6b833f50e2d650bc5f6d9949baabce01f3502168b16c7ad1b676856d683e63914122e3a380a18fe99
+  metadata.gz: f80e43a595981aaf058b86389ca26c97f31b685281a981946ceca1d11468ad132965326c1583b9458dcac400be3d33edb76cfddb933676ae3396d81b1226c97a
+  data.tar.gz: f315160a8a135f005ea8204229910979b506b927b71da1131c76aeba088ec00ea0ba962d7c5c87e5f61b563024bccdcd7865c41c241719cf3ecd73ac33499be9

data/Gemfile

@@ -9,6 +9,8 @@ group :development do
   gem "rspec", "~> 3.4"
   gem "aruba", "~> 0.6"
   gem "chef", "~> 14.0" # avoids test failures on license acceptance
+  gem "contracts", "~> 0.16.1" # pin until we drop ruby < 2.7
+  gem "chef-utils", "= 16.6.14" # pin until we drop ruby 2.5
 end
 
 group :docs do

data/bin/chef-vault

@@ -79,7 +79,7 @@ options_config.each do |option, config|
 end
 
 options_config.each do |option, config|
-  options[option] = options[option] ? options[option] : config[:default]
+  options[option] = options[option] || config[:default]
 end
 
 require "rubygems" unless defined?(Gem)

data/chef-vault.gemspec

@@ -14,7 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-$:.push File.expand_path("../lib", __FILE__)
+$:.push File.expand_path("lib", __dir__)
 require "chef-vault/version"
 
 Gem::Specification.new do |s|

data/lib/chef/knife/mixin/helper.rb

@@ -39,10 +39,38 @@ class ChefVault
       end
 
       def values_from_json(json)
+        validate_json(json)
         JSON.parse(json)
       rescue JSON::ParserError
         raise JSON::ParserError, "#{json} is not valid JSON!"
       end
+
+      # I/P: json string
+      # Raises `InvalidValue` if any of the json's values contain non-printable characters.
+      def validate_json(json)
+        begin
+          evaled_json = eval(json) # rubocop: disable Security/Eval
+        rescue SyntaxError
+          raise ChefVault::Exceptions::InvalidValue, "#{json} is not valid JSON!"
+        end
+
+        if evaled_json.is_a?(Hash)
+          evaled_json.each do |key, value|
+            next unless printable?(value.to_s)
+
+            msg = "Value '#{value}' of key '#{key}' contains non-printable characters. Check that backslashes are escaped with another backslash (e.g. C:\\\\Windows) in double-quoted strings."
+            ChefVault::Log.warn(msg)
+          end
+        end
+      end
+
+      # I/P: String
+      # O/P: true/false
+      # returns true if string is free of non-printable characters (escape sequences)
+      # this returns false for whitespace escape sequences as well, e.g. \n\t
+      def printable?(string)
+        /[^[:print:]]|[[:space:]]/.match(string)
+      end
     end
   end
 end

data/lib/chef/knife/vault_admins.rb

@@ -26,7 +26,7 @@ class Chef
         vault_admins = Chef::Config[:knife][:vault_admins]
         admin_array = [Chef::Config[:node_name]]
 
-        if !vault_admins.kind_of?(Array)
+        unless vault_admins.is_a?(Array)
           ui.warn("Vault admin must be an array")
         end
 

data/lib/chef/knife/vault_base.rb

@@ -13,6 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+require "set" unless defined?(::Set)
 require "chef/knife"
 require_relative "../../chef-vault"
 
@@ -23,7 +24,7 @@ class Chef
         includer.class_eval do
           deps do
             require "chef/search/query"
-            require File.expand_path("../mixin/helper", __FILE__)
+            require File.expand_path("mixin/helper", __dir__)
             include ChefVault::Mixin::Helper
           end
 
@@ -70,13 +71,19 @@ class Chef
       end
 
       def split_vault_keys(bag)
-        # get all item keys
-        keys = bag.keys.select { |k| k =~ /_keys$/ }
-        # get all sparse keys
-        r = Regexp.union(keys.map { |k| Regexp.new("^#{k.chomp("_keys")}_key_.*") })
-        sparse = bag.keys.select { |k| k =~ r }
-        # the rest
-        items = bag.keys - keys - sparse
+        items = []
+        keys = ::Set.new
+        possible_sparses = ::Set.new
+
+        # spread bag keys into 3 categories: items, keys or possible sparse items
+        bag.each_key do |key|
+          next keys << key if key.end_with?("_keys")
+          next possible_sparses << key if key.include?("_key_")
+
+          items << key
+        end
+        # 2nd pass "sparse" items to avoid false positive when items have "_key" in their name
+        possible_sparses.each { |key| items << key if keys.include?("#{key}_keys") }
         # return item keys and items
         [keys, items]
       end

data/lib/chef/knife/vault_delete.rb

@@ -30,13 +30,15 @@ class Chef
 
         if vault && item
           delete_object(ChefVault::Item, "#{vault}/#{item}", "chef_vault_item") do
+            # rubocop:disable all
             begin
               ChefVault::Item.load(vault, item).destroy
             rescue ChefVault::Exceptions::KeysNotFound,
-                   ChefVault::Exceptions::ItemNotFound
+              ChefVault::Exceptions::ItemNotFound
               raise ChefVault::Exceptions::ItemNotFound,
                 "#{vault}/#{item} not found."
             end
+            # rubocop:enable all
           end
         else
           show_usage

data/lib/chef/knife/vault_list.rb

@@ -35,7 +35,7 @@ class Chef
         bags.each_key do |bagname|
           vaultbags.push(bagname) if bag_is_vault?(bagname)
         end
-        output vaultbags.join("\n")
+        output vaultbags
       end
     end
   end

data/lib/chef/knife/vault_show.rb

@@ -90,9 +90,7 @@ class Chef
       def print_keys(vault)
         if bag_is_vault?(vault)
           bag = Chef::DataBag.load(vault)
-          split_vault_keys(bag)[1].each do |item|
-            output item
-          end
+          output split_vault_keys(bag)[1]
         else
           output "data bag #{vault} is not a chef-vault"
         end

data/lib/chef-vault/exceptions.rb

@@ -51,5 +51,8 @@ class ChefVault
 
     class V1Format < Exceptions
     end
+
+    class InvalidValue < Exceptions
+    end
   end
 end

data/lib/chef-vault/item.rb

@@ -89,12 +89,14 @@ class ChefVault
         handle_client_action(search_or_client, action)
       else
         search_or_client.each do |name|
+          # rubocop:disable all
           begin
             client = load_actor(name, "clients")
             handle_client_action(client, action)
           rescue ChefVault::Exceptions::ClientNotFound
             ChefVault::Log.warn "node '#{name}' has no 'default' public key; skipping"
           end
+          # rubocop:enable all
         end
       end
     end

data/lib/chef-vault/version.rb

@@ -15,6 +15,6 @@
 # limitations under the License.
 
 class ChefVault
-  VERSION = "4.0.11"
+  VERSION = "4.1.4"
   MAJOR, MINOR, TINY = VERSION.split(".")
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chef-vault
 version: !ruby/object:Gem::Version
-  version: 4.0.11
+  version: 4.1.4
 platform: ruby
 authors:
 - Thom May
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-08-21 00:00:00.000000000 Z
+date: 2021-09-09 00:00:00.000000000 Z
 dependencies: []
 description: Data encryption support for Chef Infra using data bags
 email:
@@ -68,7 +68,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: Data encryption support for Chef Infra using data bags