chef-vault 4.1.10 → 4.1.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +13 -12
  3. data/chef-vault.gemspec +1 -1
  4. data/lib/chef/knife/mixin/helper.rb +0 -28
  5. data/lib/chef-vault/item.rb +14 -1
  6. data/lib/chef-vault/version.rb +1 -1
  7. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f6931a0011e0829b7920dfdab68f8c445a4ffed1533a15f530aca518df8a6aca
4
- data.tar.gz: beae925bc1d474a7f01b8e2d5d640594f33f0326a22cfda12bf26d9a4f847cc6
3
+ metadata.gz: f7e50b7ee7d1f76d98c42ade28257dc97848d4633999f8b06b24fca88c0e63b7
4
+ data.tar.gz: 9eb21a2b1f68c9d235a463a9a64cff11b6d6575c6854ba39b11910fb75d42d9b
5
5
  SHA512:
6
- metadata.gz: e7a7a8ba29f67856dd66dc2a97aed27b13c6895062b0ba716a31398042482e0b4bc189e52d00b6effe286bf7328234b45ecc861304154a84abb8132aa0f5b872
7
- data.tar.gz: ab3dcc738ce3afafc436c43056bb5de4d946bc274421410cbacce56a5ec69be51825320829144218afc260646a1f40553088bf3f1bf8962d4668ea2cb5ff67a0
6
+ metadata.gz: 15cb21745c41b125e453b156c20ef868bf23c5d682c6a50717e93ee265a50211e1214914ab242ed8af6cc5a16d4d8fcd1989d5a35aeda5bc57024e08dd28c100
7
+ data.tar.gz: 880a2231f0f4a08ee4af4aee54897f2a29048e1a780ffbd336eba74f46a6ccda170146a2cb358bfeedb1cef33ca7034715465f15e0cf21cc712a685ccd02566d
data/Gemfile CHANGED
@@ -5,20 +5,22 @@ gemspec
5
5
  group :development do
6
6
  gem "chefstyle"
7
7
  gem "rake"
8
- gem "contracts", "~> 0.16.1" # pin until we drop ruby < 2.7
8
+ gem "appbundler"
9
9
  if Gem::Version.new(RUBY_VERSION) < Gem::Version.new("3.0.0")
10
+ gem "contracts", "~> 0.16.1" # pin until we drop ruby < 2.7
10
11
  gem "chef-zero"
11
- gem "rspec", "~> 3.4"
12
- gem "aruba", "~> 0.6"
13
- gem "chef", "~> 14.0"
14
- gem "chef-utils", "17.10.0" # pin until we drop ruby 2.5
12
+ gem "rspec", "~> 3.0"
13
+ gem "aruba", "~> 2.2"
14
+ gem "chef", "~> 15.4"
15
+ gem "chef-utils", "17.10.68" # pin until we drop ruby 2.5
15
16
  else
16
- gem "chef-zero", ">= 15.0.4"
17
- gem "chef", "~> 17.0"
18
- gem "rspec", "~> 3.10.0"
19
- gem "aruba", "~> 1.1"
20
- gem "knife", "~> 17.0"
21
- gem "chef-utils", "17.10.0" # pin until we drop ruby >=3
17
+ gem "contracts", "~> 0.17"
18
+ gem "chef-zero", "~> 15.0"
19
+ gem "chef", ">= 18.5.0"
20
+ gem "rspec", "~> 3.0"
21
+ gem "aruba", "~> 2.3"
22
+ gem "knife", "~> 18.0"
23
+ gem "chef-utils", ">= 18.5.0" # pin until we drop ruby >=3
22
24
  end
23
25
  end
24
26
 
@@ -31,7 +33,6 @@ end
31
33
  group :debug do
32
34
  gem "pry"
33
35
  gem "pry-byebug"
34
- gem "pry-stack_explorer", "~> 0.6.1" # pin until we drop ruby < 2.6
35
36
  gem "rb-readline"
36
37
  end
37
38
 
data/chef-vault.gemspec CHANGED
@@ -31,5 +31,5 @@ Gem::Specification.new do |s|
31
31
  s.bindir = "bin"
32
32
  s.executables = %w{ chef-vault }
33
33
 
34
- s.required_ruby_version = ">= 2.6"
34
+ s.required_ruby_version = ">= 3.1"
35
35
  end
data/lib/chef/knife/mixin/helper.rb CHANGED
@@ -39,38 +39,10 @@ class ChefVault
39
39
  end
40
40
 
41
41
  def values_from_json(json)
42
- validate_json(json)
43
42
  JSON.parse(json)
44
43
  rescue JSON::ParserError
45
44
  raise JSON::ParserError, "#{json} is not valid JSON!"
46
45
  end
47
-
48
- # I/P: json string
49
- # Raises `InvalidValue` if any of the json's values contain non-printable characters.
50
- def validate_json(json)
51
- begin
52
- evaled_json = eval(json) # rubocop: disable Security/Eval
53
- rescue SyntaxError
54
- raise ChefVault::Exceptions::InvalidValue, "#{json} is not valid JSON!"
55
- end
56
-
57
- if evaled_json.is_a?(Hash)
58
- evaled_json.each do |key, value|
59
- next unless printable?(value.to_s)
60
-
61
- msg = "Value '#{value}' of key '#{key}' contains non-printable characters. Check that backslashes are escaped with another backslash (e.g. C:\\\\Windows) in double-quoted strings."
62
- ChefVault::Log.warn(msg)
63
- end
64
- end
65
- end
66
-
67
- # I/P: String
68
- # O/P: true/false
69
- # returns true if string is free of non-printable characters (escape sequences)
70
- # this returns false for whitespace escape sequences as well, e.g. \n\t
71
- def printable?(string)
72
- /[^[:print:]]|[[:space:]]/.match(string)
73
- end
74
46
  end
75
47
  end
76
48
  end
data/lib/chef-vault/item.rb CHANGED
@@ -40,6 +40,11 @@ class ChefVault
40
40
  # decrypt secrets. Defaults to the value of Chef::Config[:client_key]
41
41
  attr_accessor :client_key_path
42
42
 
43
+ # @!attribute [rw] client_key_contents
44
+ # @return [String] the contents of the private key that is used to
45
+ # decrypt secrets. Defaults to the value of Chef::Config[:client_key_contents]
46
+ attr_accessor :client_key_contents
47
+
43
48
  # returns the raw keys of the underlying Chef::DataBagItem. chef-vault v2
44
49
  # defined #keys as a public accessor that returns the ChefVault::ItemKeys
45
50
  # object for the vault. Ideally, #keys would provide Hash-like behaviour
@@ -58,6 +63,8 @@ class ChefVault
58
63
  # as. Defaults to the :node_name value of Chef::Config
59
64
  # @option opts [String] :client_key_path the name of the node to decrypt
60
65
  # secrets as. Defaults to the :client_key value of Chef::Config
66
+ # @option opts [String] :client_key_contents the private key to decrypt
67
+ # secrets as. Defaults to the :client_key_contents value of Chef::Config
61
68
  def initialize(vault, name, opts = {})
62
69
  super() # Don't pass parameters
63
70
  @data_bag = vault
@@ -68,9 +75,11 @@ class ChefVault
68
75
  opts = {
69
76
  node_name: Chef::Config[:node_name],
70
77
  client_key_path: Chef::Config[:client_key],
78
+ client_key_contents: Chef::Config[:client_key_contents],
71
79
  }.merge(opts)
72
80
  @node_name = opts[:node_name]
73
81
  @client_key_path = opts[:client_key_path]
82
+ @client_key_contents = opts[:client_key_contents]
74
83
  @current_query = search
75
84
  end
76
85
 
@@ -163,7 +172,11 @@ class ChefVault
163
172
 
164
173
  def secret
165
174
  if @keys.include?(@node_name) && !@keys[@node_name].nil?
166
- private_key = OpenSSL::PKey::RSA.new(File.open(@client_key_path).read)
175
+ unless @client_key_contents.nil?
176
+ private_key = OpenSSL::PKey::RSA.new(@client_key_contents)
177
+ else
178
+ private_key = OpenSSL::PKey::RSA.new(File.open(@client_key_path).read)
179
+ end
167
180
  begin
168
181
  private_key.private_decrypt(Base64.decode64(@keys[@node_name]))
169
182
  rescue OpenSSL::PKey::RSAError
data/lib/chef-vault/version.rb CHANGED
@@ -15,6 +15,6 @@
15
15
  # limitations under the License.
16
16
 
17
17
  class ChefVault
18
- VERSION = "4.1.10"
18
+ VERSION = "4.1.23"
19
19
  MAJOR, MINOR, TINY = VERSION.split(".")
20
20
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: chef-vault
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.1.10
4
+ version: 4.1.23
5
5
  platform: ruby
6
6
  authors:
7
7
  - Thom May
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-04-12 00:00:00.000000000 Z
11
+ date: 2025-05-14 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: Data encryption support for Chef Infra using data bags
14
14
  email:
@@ -61,14 +61,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
61
61
  requirements:
62
62
  - - ">="
63
63
  - !ruby/object:Gem::Version
64
- version: '2.6'
64
+ version: '3.1'
65
65
  required_rubygems_version: !ruby/object:Gem::Requirement
66
66
  requirements:
67
67
  - - ">="
68
68
  - !ruby/object:Gem::Version
69
69
  version: '0'
70
70
  requirements: []
71
- rubygems_version: 3.1.4
71
+ rubygems_version: 3.3.27
72
72
  signing_key:
73
73
  specification_version: 4
74
74
  summary: Data encryption support for Chef Infra using data bags