chef-vault 4.0.12 → 4.1.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 55bee9a29cb4298de63af8a2496433e264e4b57e5c61d8d408155521bf469a5c
-  data.tar.gz: fa587117182e9ea852ffc1a35c337f5428ba947243b40546fcc7cf5d14ce2bf8
+  metadata.gz: 3dbf90bc269d6b9c3f76c53410d110c12f39fb82d7639c7f330fc44fe908b010
+  data.tar.gz: 01bbe6b31cf4afd76eaaac84abe62ec19d09ce56f8f77e85085c2a8fee0a34da
 SHA512:
-  metadata.gz: bde9574f9af2fa1c98ab317b7044f2fb75f695e3331a055446d046f2be1462ca0ad3808d4abf328192f194981d90bc1727c7c42e964ccf4c6dfd86c2e00f1c2a
-  data.tar.gz: 2621597e75cce12c1e06fab73743ce021d644f1067292f41737ba60aa3417ffbb7526fc5ece999f2f35966ddee78e1e34cfab235b6cc20428239929cee3c148d
+  metadata.gz: b10fd270fdbc62c7389eb81bc28426490df2ba0dee4cec0e40f6ff316e4a5368949dd315ccde9ed80b325f596f8eea59d7e8d506ee56fdf3c4a84b5e31ea1961
+  data.tar.gz: '08aa808060b961b10594f92c48f3bdb7098fe3f9d2a9bc9fc1a35b1053aa4dd6b289c68d53a23eb874099203db873969497dda4c0678c42440261b6b1af57725'

data/Gemfile

@@ -9,6 +9,8 @@ group :development do
   gem "rspec", "~> 3.4"
   gem "aruba", "~> 0.6"
   gem "chef", "~> 14.0" # avoids test failures on license acceptance
+  gem "contracts", "~> 0.16.1" # pin until we drop ruby < 2.7
+  gem "chef-utils", "= 16.6.14" # pin until we drop ruby 2.5
 end
 
 group :docs do

data/bin/chef-vault

@@ -79,7 +79,7 @@ options_config.each do |option, config|
 end
 
 options_config.each do |option, config|
-  options[option] = options[option] ? options[option] : config[:default]
+  options[option] = options[option] || config[:default]
 end
 
 require "rubygems" unless defined?(Gem)
@@ -88,7 +88,7 @@ require "chef-vault"
 
 ChefVault::Log.init(STDOUT)
 ChefVault.load_config(options[:chef])
-item = ChefVault::Item.load(options[:vault], options[:item])
+item = ChefVault::Item.load(options[:vault], options[:item], options)
 
 ChefVault::Log.info "#{options[:vault]}/#{options[:item]}"
 

data/chef-vault.gemspec

@@ -14,7 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-$:.push File.expand_path("../lib", __FILE__)
+$:.push File.expand_path("lib", __dir__)
 require "chef-vault/version"
 
 Gem::Specification.new do |s|

data/lib/chef/knife/mixin/helper.rb

@@ -39,10 +39,38 @@ class ChefVault
       end
 
       def values_from_json(json)
+        validate_json(json)
         JSON.parse(json)
       rescue JSON::ParserError
         raise JSON::ParserError, "#{json} is not valid JSON!"
       end
+
+      # I/P: json string
+      # Raises `InvalidValue` if any of the json's values contain non-printable characters.
+      def validate_json(json)
+        begin
+          evaled_json = eval(json) # rubocop: disable Security/Eval
+        rescue SyntaxError
+          raise ChefVault::Exceptions::InvalidValue, "#{json} is not valid JSON!"
+        end
+
+        if evaled_json.is_a?(Hash)
+          evaled_json.each do |key, value|
+            next unless printable?(value.to_s)
+
+            msg = "Value '#{value}' of key '#{key}' contains non-printable characters. Check that backslashes are escaped with another backslash (e.g. C:\\\\Windows) in double-quoted strings."
+            ChefVault::Log.warn(msg)
+          end
+        end
+      end
+
+      # I/P: String
+      # O/P: true/false
+      # returns true if string is free of non-printable characters (escape sequences)
+      # this returns false for whitespace escape sequences as well, e.g. \n\t
+      def printable?(string)
+        /[^[:print:]]|[[:space:]]/.match(string)
+      end
     end
   end
 end

data/lib/chef/knife/vault_admins.rb

@@ -26,7 +26,7 @@ class Chef
         vault_admins = Chef::Config[:knife][:vault_admins]
         admin_array = [Chef::Config[:node_name]]
 
-        if !vault_admins.kind_of?(Array)
+        unless vault_admins.is_a?(Array)
           ui.warn("Vault admin must be an array")
         end
 

data/lib/chef/knife/vault_base.rb

@@ -13,6 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+require "set" unless defined?(::Set)
 require "chef/knife"
 require_relative "../../chef-vault"
 
@@ -23,7 +24,7 @@ class Chef
         includer.class_eval do
           deps do
             require "chef/search/query"
-            require File.expand_path("../mixin/helper", __FILE__)
+            require File.expand_path("mixin/helper", __dir__)
             include ChefVault::Mixin::Helper
           end
 
@@ -70,13 +71,19 @@ class Chef
       end
 
       def split_vault_keys(bag)
-        # get all item keys
-        keys = bag.keys.select { |k| k =~ /_keys$/ }
-        # get all sparse keys
-        r = Regexp.union(keys.map { |k| Regexp.new("^#{k.chomp("_keys")}_key_.*") })
-        sparse = bag.keys.select { |k| k =~ r }
-        # the rest
-        items = bag.keys - keys - sparse
+        items = []
+        keys = ::Set.new
+        possible_sparses = ::Set.new
+
+        # spread bag keys into 3 categories: items, keys or possible sparse items
+        bag.each_key do |key|
+          next keys << key if key.end_with?("_keys")
+          next possible_sparses << key if key.include?("_key_")
+
+          items << key
+        end
+        # 2nd pass "sparse" items to avoid false positive when items have "_key" in their name
+        possible_sparses.each { |key| items << key if keys.include?("#{key}_keys") }
         # return item keys and items
         [keys, items]
       end

data/lib/chef/knife/vault_delete.rb

@@ -30,13 +30,15 @@ class Chef
 
         if vault && item
           delete_object(ChefVault::Item, "#{vault}/#{item}", "chef_vault_item") do
+            # rubocop:disable all
             begin
               ChefVault::Item.load(vault, item).destroy
             rescue ChefVault::Exceptions::KeysNotFound,
-                   ChefVault::Exceptions::ItemNotFound
+              ChefVault::Exceptions::ItemNotFound
               raise ChefVault::Exceptions::ItemNotFound,
                 "#{vault}/#{item} not found."
             end
+            # rubocop:enable all
           end
         else
           show_usage

data/lib/chef-vault/exceptions.rb

@@ -51,5 +51,8 @@ class ChefVault
 
     class V1Format < Exceptions
     end
+
+    class InvalidValue < Exceptions
+    end
   end
 end

data/lib/chef-vault/item.rb

@@ -89,12 +89,14 @@ class ChefVault
         handle_client_action(search_or_client, action)
       else
         search_or_client.each do |name|
+          # rubocop:disable all
           begin
             client = load_actor(name, "clients")
             handle_client_action(client, action)
           rescue ChefVault::Exceptions::ClientNotFound
             ChefVault::Log.warn "node '#{name}' has no 'default' public key; skipping"
           end
+          # rubocop:enable all
         end
       end
     end
@@ -304,10 +306,17 @@ class ChefVault
         raise ChefVault::Exceptions::ItemNotFound,
           "#{vault}/#{name} could not be found"
       end
-
+      format_output(opts[:values], item) if opts[:values]
       item
     end
 
+    def self.format_output(values, item)
+      values.split(",").each do |value|
+        value.strip!
+        $stdout.puts("#{value}: #{item[value]}")
+      end
+    end
+
     def delete_client(client_name)
       client_key = load_actor(client_name, "clients")
       keys.delete(client_key)

data/lib/chef-vault/version.rb

@@ -15,6 +15,6 @@
 # limitations under the License.
 
 class ChefVault
-  VERSION = "4.0.12"
+  VERSION = "4.1.5"
   MAJOR, MINOR, TINY = VERSION.split(".")
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chef-vault
 version: !ruby/object:Gem::Version
-  version: 4.0.12
+  version: 4.1.5
 platform: ruby
 authors:
 - Thom May
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-09-28 00:00:00.000000000 Z
+date: 2021-11-26 00:00:00.000000000 Z
 dependencies: []
 description: Data encryption support for Chef Infra using data bags
 email:
@@ -68,7 +68,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: Data encryption support for Chef Infra using data bags