chef-vault 4.1.3 → 4.1.10

Sign up to get free protection for your applications and to get access to all the features.
Files changed (13) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +17 -6
  3. data/bin/chef-vault +1 -1
  4. data/chef-vault.gemspec +1 -1
  5. data/lib/chef/knife/vault_create.rb +7 -4
  6. data/lib/chef/knife/vault_delete.rb +9 -7
  7. data/lib/chef/knife/vault_remove.rb +5 -2
  8. data/lib/chef/knife/vault_update.rb +7 -4
  9. data/lib/chef-vault/actor.rb +4 -4
  10. data/lib/chef-vault/item.rb +20 -11
  11. data/lib/chef-vault/item_keys.rb +4 -4
  12. data/lib/chef-vault/version.rb +1 -1
  13. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 19add775da291b1eb9dc767f149c98e477f5048ea30e4a525ff1e143918f5847
4
- data.tar.gz: 483d87a0e56f4209fc532be68a11add44a2b7a968ce9ee0c37729e241cb723c5
3
+ metadata.gz: f6931a0011e0829b7920dfdab68f8c445a4ffed1533a15f530aca518df8a6aca
4
+ data.tar.gz: beae925bc1d474a7f01b8e2d5d640594f33f0326a22cfda12bf26d9a4f847cc6
5
5
  SHA512:
6
- metadata.gz: 70423d48be58261e55b09b0cba47df51366571795d2bd9b1c60c0255b26f1e796e3d52c8c3cb32f13ae33e07860c88c67b2d124e74b432b8ac0bfc00c6b9b4a4
7
- data.tar.gz: 89400da10b9840bd63b9ff626abbb32bea9f40897efa989f70c5ee63e6e533a21807491a936358d35652af30c67ceb67c4a9e5345393758217b7f9c42320bd58
6
+ metadata.gz: e7a7a8ba29f67856dd66dc2a97aed27b13c6895062b0ba716a31398042482e0b4bc189e52d00b6effe286bf7328234b45ecc861304154a84abb8132aa0f5b872
7
+ data.tar.gz: ab3dcc738ce3afafc436c43056bb5de4d946bc274421410cbacce56a5ec69be51825320829144218afc260646a1f40553088bf3f1bf8962d4668ea2cb5ff67a0
data/Gemfile CHANGED
@@ -4,13 +4,22 @@ gemspec
4
4
 
5
5
  group :development do
6
6
  gem "chefstyle"
7
- gem "chef-zero"
8
7
  gem "rake"
9
- gem "rspec", "~> 3.4"
10
- gem "aruba", "~> 0.6"
11
- gem "chef", "~> 14.0" # avoids test failures on license acceptance
12
8
  gem "contracts", "~> 0.16.1" # pin until we drop ruby < 2.7
13
- gem "chef-utils", "= 16.6.14" # pin until we drop ruby 2.5
9
+ if Gem::Version.new(RUBY_VERSION) < Gem::Version.new("3.0.0")
10
+ gem "chef-zero"
11
+ gem "rspec", "~> 3.4"
12
+ gem "aruba", "~> 0.6"
13
+ gem "chef", "~> 14.0"
14
+ gem "chef-utils", "17.10.0" # pin until we drop ruby 2.5
15
+ else
16
+ gem "chef-zero", ">= 15.0.4"
17
+ gem "chef", "~> 17.0"
18
+ gem "rspec", "~> 3.10.0"
19
+ gem "aruba", "~> 1.1"
20
+ gem "knife", "~> 17.0"
21
+ gem "chef-utils", "17.10.0" # pin until we drop ruby >=3
22
+ end
14
23
  end
15
24
 
16
25
  group :docs do
@@ -22,6 +31,8 @@ end
22
31
  group :debug do
23
32
  gem "pry"
24
33
  gem "pry-byebug"
25
- gem "pry-stack_explorer", "~> 0.4.0" # pin until we drop ruby < 2.6
34
+ gem "pry-stack_explorer", "~> 0.6.1" # pin until we drop ruby < 2.6
26
35
  gem "rb-readline"
27
36
  end
37
+
38
+ gem "simplecov", require: false
data/bin/chef-vault CHANGED
@@ -88,7 +88,7 @@ require "chef-vault"
88
88
 
89
89
  ChefVault::Log.init(STDOUT)
90
90
  ChefVault.load_config(options[:chef])
91
- item = ChefVault::Item.load(options[:vault], options[:item])
91
+ item = ChefVault::Item.load(options[:vault], options[:item], options)
92
92
 
93
93
  ChefVault::Log.info "#{options[:vault]}/#{options[:item]}"
94
94
 
data/chef-vault.gemspec CHANGED
@@ -31,5 +31,5 @@ Gem::Specification.new do |s|
31
31
  s.bindir = "bin"
32
32
  s.executables = %w{ chef-vault }
33
33
 
34
- s.required_ruby_version = ">= 2.4"
34
+ s.required_ruby_version = ">= 2.6"
35
35
  end
data/lib/chef/knife/vault_create.rb CHANGED
@@ -14,15 +14,11 @@
14
14
  # limitations under the License.
15
15
 
16
16
  require_relative "vault_base"
17
- require_relative "vault_admins"
18
- require_relative "vault_clients"
19
17
 
20
18
  class Chef
21
19
  class Knife
22
20
  class VaultCreate < Knife
23
21
  include Chef::Knife::VaultBase
24
- include Chef::Knife::VaultAdmins
25
- include Chef::Knife::VaultClients
26
22
 
27
23
  banner "knife vault create VAULT ITEM VALUES (options)"
28
24
 
@@ -55,6 +51,13 @@ class Chef
55
51
  long: "--file FILE",
56
52
  description: "File to be added to vault item as file-content"
57
53
 
54
+ deps do
55
+ require_relative "vault_admins"
56
+ require_relative "vault_clients"
57
+ include Chef::Knife::VaultAdmins
58
+ include Chef::Knife::VaultClients
59
+ end
60
+
58
61
  def run
59
62
  vault = @name_args[0]
60
63
  item = @name_args[1]
data/lib/chef/knife/vault_delete.rb CHANGED
@@ -30,13 +30,15 @@ class Chef
30
30
 
31
31
  if vault && item
32
32
  delete_object(ChefVault::Item, "#{vault}/#{item}", "chef_vault_item") do
33
-
34
- ChefVault::Item.load(vault, item).destroy
35
- rescue ChefVault::Exceptions::KeysNotFound,
36
- ChefVault::Exceptions::ItemNotFound
37
- raise ChefVault::Exceptions::ItemNotFound,
38
- "#{vault}/#{item} not found."
39
-
33
+ # rubocop:disable all
34
+ begin
35
+ ChefVault::Item.load(vault, item).destroy
36
+ rescue ChefVault::Exceptions::KeysNotFound,
37
+ ChefVault::Exceptions::ItemNotFound
38
+ raise ChefVault::Exceptions::ItemNotFound,
39
+ "#{vault}/#{item} not found."
40
+ end
41
+ # rubocop:enable all
40
42
  end
41
43
  else
42
44
  show_usage
data/lib/chef/knife/vault_remove.rb CHANGED
@@ -14,13 +14,11 @@
14
14
  # limitations under the License.
15
15
 
16
16
  require_relative "vault_base"
17
- require_relative "vault_clients"
18
17
 
19
18
  class Chef
20
19
  class Knife
21
20
  class VaultRemove < Knife
22
21
  include Chef::Knife::VaultBase
23
- include Chef::Knife::VaultClients
24
22
 
25
23
  banner "knife vault remove VAULT ITEM VALUES (options)"
26
24
 
@@ -43,6 +41,11 @@ class Chef
43
41
  long: "--clean-unknown-clients",
44
42
  description: "Remove unknown clients during key rotation"
45
43
 
44
+ deps do
45
+ require_relative "vault_clients"
46
+ include Chef::Knife::VaultClients
47
+ end
48
+
46
49
  def run
47
50
  vault = @name_args[0]
48
51
  item = @name_args[1]
data/lib/chef/knife/vault_update.rb CHANGED
@@ -14,15 +14,11 @@
14
14
  # limitations under the License.
15
15
 
16
16
  require_relative "vault_base"
17
- require_relative "vault_admins"
18
- require_relative "vault_clients"
19
17
 
20
18
  class Chef
21
19
  class Knife
22
20
  class VaultUpdate < Knife
23
21
  include Chef::Knife::VaultBase
24
- include Chef::Knife::VaultAdmins
25
- include Chef::Knife::VaultClients
26
22
 
27
23
  banner "knife vault update VAULT ITEM VALUES (options)"
28
24
 
@@ -59,6 +55,13 @@ class Chef
59
55
  long: "--keys-mode KEYS_MODE",
60
56
  description: "Mode in which to save vault keys"
61
57
 
58
+ deps do
59
+ require_relative "vault_admins"
60
+ require_relative "vault_clients"
61
+ include Chef::Knife::VaultAdmins
62
+ include Chef::Knife::VaultClients
63
+ end
64
+
62
65
  def run
63
66
  vault = @name_args[0]
64
67
  item = @name_args[1]
data/lib/chef-vault/actor.rb CHANGED
@@ -39,7 +39,7 @@ class ChefVault
39
39
  def get_admin_key
40
40
  # chef vault currently only supports using the default key
41
41
  get_key("users")
42
- rescue Net::HTTPServerException => http_error
42
+ rescue Net::HTTPClientException => http_error
43
43
  # if we failed to find an admin key, attempt to load a client key by the same name
44
44
  case http_error.response.code
45
45
  when "403"
@@ -49,7 +49,7 @@ class ChefVault
49
49
  begin
50
50
  ChefVault::Log.warn "The default key for #{name} not found in users, trying client keys."
51
51
  get_key("clients")
52
- rescue Net::HTTPServerException => http_error
52
+ rescue Net::HTTPClientException => http_error
53
53
  case http_error.response.code
54
54
  when "404"
55
55
  raise ChefVault::Exceptions::AdminNotFound,
@@ -68,7 +68,7 @@ class ChefVault
68
68
 
69
69
  def get_client_key
70
70
  get_key("clients")
71
- rescue Net::HTTPServerException => http_error
71
+ rescue Net::HTTPClientException => http_error
72
72
  if http_error.response.code.eql?("403")
73
73
  print_forbidden_error
74
74
  raise http_error
@@ -114,7 +114,7 @@ class ChefVault
114
114
  def get_key(request_actor_type)
115
115
  api.org_scoped_rest_v1.get("#{request_actor_type}/#{name}/keys/default").fetch("public_key")
116
116
  # If the keys endpoint doesn't exist, try getting it directly from the V0 chef object.
117
- rescue Net::HTTPServerException => http_error
117
+ rescue Net::HTTPClientException => http_error
118
118
  raise http_error unless http_error.response.code.eql?("404")
119
119
 
120
120
  if request_actor_type.eql?("clients")
data/lib/chef-vault/item.rb CHANGED
@@ -89,12 +89,14 @@ class ChefVault
89
89
  handle_client_action(search_or_client, action)
90
90
  else
91
91
  search_or_client.each do |name|
92
-
93
- client = load_actor(name, "clients")
94
- handle_client_action(client, action)
95
- rescue ChefVault::Exceptions::ClientNotFound
96
- ChefVault::Log.warn "node '#{name}' has no 'default' public key; skipping"
97
-
92
+ # rubocop:disable all
93
+ begin
94
+ client = load_actor(name, "clients")
95
+ handle_client_action(client, action)
96
+ rescue ChefVault::Exceptions::ClientNotFound
97
+ ChefVault::Log.warn "node '#{name}' has no 'default' public key; skipping"
98
+ end
99
+ # rubocop:enable all
98
100
  end
99
101
  end
100
102
  end
@@ -229,7 +231,7 @@ class ChefVault
229
231
  else
230
232
  begin
231
233
  Chef::DataBag.load(data_bag)
232
- rescue Net::HTTPServerException => http_error
234
+ rescue Net::HTTPClientException => http_error
233
235
  if http_error.response.code == "404"
234
236
  chef_data_bag = Chef::DataBag.new
235
237
  chef_data_bag.name data_bag
@@ -293,7 +295,7 @@ class ChefVault
293
295
  begin
294
296
  item.raw_data =
295
297
  Chef::EncryptedDataBagItem.load(vault, name, item.secret).to_hash
296
- rescue Net::HTTPServerException => http_error
298
+ rescue Net::HTTPClientException => http_error
297
299
  if http_error.response.code == "404"
298
300
  raise ChefVault::Exceptions::ItemNotFound,
299
301
  "#{vault}/#{name} could not be found"
@@ -304,10 +306,17 @@ class ChefVault
304
306
  raise ChefVault::Exceptions::ItemNotFound,
305
307
  "#{vault}/#{name} could not be found"
306
308
  end
307
-
309
+ format_output(opts[:values], item) if opts[:values]
308
310
  item
309
311
  end
310
312
 
313
+ def self.format_output(values, item)
314
+ values.split(",").each do |value|
315
+ value.strip!
316
+ $stdout.puts("#{value}: #{item[value]}")
317
+ end
318
+ end
319
+
311
320
  def delete_client(client_name)
312
321
  client_key = load_actor(client_name, "clients")
313
322
  keys.delete(client_key)
@@ -342,7 +351,7 @@ class ChefVault
342
351
  # and https://github.com/sensu/sensu-chef/blob/2.9.0/libraries/sensu_helpers.rb
343
352
  begin
344
353
  dbi = Chef::DataBagItem.load(vault, name)
345
- rescue Net::HTTPServerException => http_error
354
+ rescue Net::HTTPClientException => http_error
346
355
  if http_error.response.code == "404"
347
356
  raise ChefVault::Exceptions::ItemNotFound,
348
357
  "#{vault}/#{name} not found"
@@ -445,7 +454,7 @@ class ChefVault
445
454
  def client_exists?(clientname)
446
455
  Chef::ApiClient.load(clientname)
447
456
  true
448
- rescue Net::HTTPServerException => http_error
457
+ rescue Net::HTTPClientException => http_error
449
458
  return false if http_error.response.code == "404"
450
459
 
451
460
  raise http_error
data/lib/chef-vault/item_keys.rb CHANGED
@@ -122,7 +122,7 @@ class ChefVault
122
122
  unless Chef::Config[:solo_legacy_mode]
123
123
  begin
124
124
  Chef::DataBag.load(data_bag)
125
- rescue Net::HTTPServerException => http_error
125
+ rescue Net::HTTPClientException => http_error
126
126
  if http_error.response.code == "404"
127
127
  chef_data_bag = Chef::DataBag.new
128
128
  chef_data_bag.name data_bag
@@ -143,7 +143,7 @@ class ChefVault
143
143
  Chef::DataBagItem.from_hash("data_bag" => data_bag,
144
144
  "id" => sparse_id(key))
145
145
  .destroy(data_bag, sparse_id(key))
146
- rescue Net::HTTPServerException => http_error
146
+ rescue Net::HTTPClientException => http_error
147
147
  raise http_error unless http_error.response.code == "404"
148
148
  end
149
149
  end
@@ -234,7 +234,7 @@ class ChefVault
234
234
  def self.load(vault, name)
235
235
  begin
236
236
  data_bag_item = Chef::DataBagItem.load(vault, name)
237
- rescue Net::HTTPServerException => http_error
237
+ rescue Net::HTTPClientException => http_error
238
238
  if http_error.response.code == "404"
239
239
  raise ChefVault::Exceptions::KeysNotFound,
240
240
  "#{vault}/#{name} could not be found"
@@ -265,7 +265,7 @@ class ChefVault
265
265
  else
266
266
  begin
267
267
  Chef::DataBagItem.load(@data_bag, sid)
268
- rescue Net::HTTPServerException => http_error
268
+ rescue Net::HTTPClientException => http_error
269
269
  nil if http_error.response.code == "404"
270
270
  end
271
271
  end
data/lib/chef-vault/version.rb CHANGED
@@ -15,6 +15,6 @@
15
15
  # limitations under the License.
16
16
 
17
17
  class ChefVault
18
- VERSION = "4.1.3"
18
+ VERSION = "4.1.10"
19
19
  MAJOR, MINOR, TINY = VERSION.split(".")
20
20
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: chef-vault
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.1.3
4
+ version: 4.1.10
5
5
  platform: ruby
6
6
  authors:
7
7
  - Thom May
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-09-01 00:00:00.000000000 Z
11
+ date: 2022-04-12 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: Data encryption support for Chef Infra using data bags
14
14
  email:
@@ -61,7 +61,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
61
61
  requirements:
62
62
  - - ">="
63
63
  - !ruby/object:Gem::Version
64
- version: '2.4'
64
+ version: '2.6'
65
65
  required_rubygems_version: !ruby/object:Gem::Requirement
66
66
  requirements:
67
67
  - - ">="