chef-vault 2.0.2 → 2.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +8 -8
- data/Changelog.md +7 -2
- data/KNIFE_EXAMPLES.md +15 -3
- data/README.md +25 -10
- data/bin/chef-vault +1 -1
- data/lib/chef-vault/item.rb +43 -22
- data/lib/chef-vault/version.rb +1 -1
- data/lib/chef/knife/Decrypt.rb +16 -9
- data/lib/chef/knife/encrypt_create.rb +16 -6
- data/lib/chef/knife/encrypt_delete.rb +4 -4
- data/lib/chef/knife/encrypt_remove.rb +4 -4
- data/lib/chef/knife/encrypt_rotate_keys.rb +3 -3
- data/lib/chef/knife/encrypt_update.rb +15 -5
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,15 +1,15 @@
|
|
|
1
1
|
---
|
|
2
2
|
!binary "U0hBMQ==":
|
|
3
3
|
metadata.gz: !binary |-
|
|
4
|
-
|
|
4
|
+
MzRiMDI2MTkzOTA2MzcxOTRmNWY0OWNjYmZlZjIzNjYyMDE0ZTdmMw==
|
|
5
5
|
data.tar.gz: !binary |-
|
|
6
|
-
|
|
6
|
+
YzllYTQ2OGQyYzcyYjFjOTE4NWYyNTlhOTEyMGNiZDBmOTFmYTMyZA==
|
|
7
7
|
!binary "U0hBNTEy":
|
|
8
8
|
metadata.gz: !binary |-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
9
|
+
ZGM0NmM5Mzg2OTc1MmNlMzA1ZWQyZDY3N2VhYzViNGIzZTNiMjc3NmRhNDNm
|
|
10
|
+
ODM2M2NhMmExMDljMjc2ODIzMWM3NGJiNzZlODc3MTFjNWE5ZGYxNDQwNWZi
|
|
11
|
+
NGNhOWM4ZGRjN2JmMTYyYTVjYzJlNmZiZmY1ODI4MmU1NzI1Zjk=
|
|
12
12
|
data.tar.gz: !binary |-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
13
|
+
YzE2MjY4MzY0N2U5ZjE3NzQ0NmY4YjMyM2Y4ZDI3Yjc5MDVhYTNmYWIwNzU4
|
|
14
|
+
NWIzOGUwNjMzMmE5NTEyOTk3Mzc2MmRhNjIzN2FjODM4Yzg2ODQ2ZDIwNDlj
|
|
15
|
+
NjIzNTdhN2E4MDQ0NDQ3MjE1NWU3MWQwODcxMGVlYzAxMDk0NTk=
|
data/Changelog.md
CHANGED
|
@@ -1,8 +1,13 @@
|
|
|
1
|
-
## Unreleased
|
|
2
|
-
|
|
1
|
+
## Planned (Unreleased)
|
|
3
2
|
|
|
4
3
|
## Released
|
|
5
4
|
|
|
5
|
+
## v2.1.0 / 2013-12-23
|
|
6
|
+
* Update README to correct typos
|
|
7
|
+
* Modify admin loading to fall back to clients endpoint if not found in users endpoint
|
|
8
|
+
* Add --file to "knife encrypt update" & "knife encrypt create" to do file encryption in chef-vault. It will create a key called "file-content" & "file-name"
|
|
9
|
+
* When VALUES is not supplied print the whole vault item
|
|
10
|
+
|
|
6
11
|
## v2.0.2 / 2013-09-10
|
|
7
12
|
* Modify written data bag json files in solo mode to be valid for the knife data bag from file command
|
|
8
13
|
* Modify knife encrypt remove to automatically rotate keys
|
data/KNIFE_EXAMPLES.md
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
# knife examples
|
|
2
2
|
|
|
3
3
|
## encrypt
|
|
4
|
-
knife encrypt [create|update|remove|delete]
|
|
4
|
+
knife encrypt [create|update|remove|delete] VAULT ITEM VALUES
|
|
5
5
|
|
|
6
6
|
These are the commands that are used to take data in json format and encrypt that data into chef-vault style encrypted data bags in chef.
|
|
7
7
|
|
|
@@ -20,7 +20,7 @@ Creat a vault called passwords and put an item called root in it with the given
|
|
|
20
20
|
|
|
21
21
|
Creat a vault called passwords and put an item called root in it with the given values for username and password encrypted for admins admin1 & admin2
|
|
22
22
|
|
|
23
|
-
knife encrypt create passwords root "{username: 'root', password: 'mypassword'}" -A "admin1,admin2"
|
|
23
|
+
knife encrypt create passwords root "{username: 'root', password: 'mypassword'}" -A "admin1,admin2"
|
|
24
24
|
|
|
25
25
|
Note: A JSON file can be used in place of specifying the values on the command line, see global options below for details
|
|
26
26
|
|
|
@@ -134,7 +134,7 @@ Rotate the shared key for the vault passwords and item root. The shared key is
|
|
|
134
134
|
</table>
|
|
135
135
|
|
|
136
136
|
## decrypt
|
|
137
|
-
knife decrypt
|
|
137
|
+
knife decrypt VAULT ITEM [VALUES]
|
|
138
138
|
|
|
139
139
|
These are the commands that are used to take a chef-vault encrypted item and decrypt the requested values.
|
|
140
140
|
|
|
@@ -142,6 +142,11 @@ These are the commands that are used to take a chef-vault encrypted item and dec
|
|
|
142
142
|
* Item - The name of the item going in to the vault. This is analogous to a chef data bag item id
|
|
143
143
|
* Values - This is a comma list of values to decrypt from the vault item. This is analogous to a list of hash keys.
|
|
144
144
|
|
|
145
|
+
Decrypt the entire root item in the passwords vault and print in json
|
|
146
|
+
format.
|
|
147
|
+
|
|
148
|
+
knife decrypt passwords root -Fjson
|
|
149
|
+
|
|
145
150
|
Decrypt the username and password for the item root in the vault passwords.
|
|
146
151
|
|
|
147
152
|
knife decrypt passwords root "username, password"
|
|
@@ -166,4 +171,11 @@ Decrypt the contents for the item user_pem in the vault certs.
|
|
|
166
171
|
<td>solo</td>
|
|
167
172
|
<td>"solo", "client"</td>
|
|
168
173
|
</tr>
|
|
174
|
+
<tr>
|
|
175
|
+
<td>-F FORMAT</td>
|
|
176
|
+
<td>--format FORMAT</td>
|
|
177
|
+
<td>Format for output</td>
|
|
178
|
+
<td>summary</td>
|
|
179
|
+
<td>"summary", "json", "yaml", "pp"</td>
|
|
180
|
+
</tr>
|
|
169
181
|
</table>
|
data/README.md
CHANGED
|
@@ -22,15 +22,15 @@ Depending on your system's configuration, you may need to run this command with
|
|
|
22
22
|
## KNIFE COMMANDS:
|
|
23
23
|
See KNIFE_EXAMPLES.md for examples of commands
|
|
24
24
|
|
|
25
|
-
NOTE: chef-vault 1.0 knife commands are not
|
|
25
|
+
NOTE: chef-vault 1.0 knife commands are not supported! Please use chef-vault 2.0 commands.
|
|
26
26
|
|
|
27
27
|
### Encrypt
|
|
28
28
|
|
|
29
|
-
knife encrypt create
|
|
30
|
-
knife encrypt update
|
|
31
|
-
knife encrypt remove
|
|
32
|
-
knife encrypt delete
|
|
33
|
-
knife encrypt rotate keys
|
|
29
|
+
knife encrypt create VAULT ITEM VALUES
|
|
30
|
+
knife encrypt update VAULT ITEM VALUES
|
|
31
|
+
knife encrypt remove VAULT ITEM VALUES
|
|
32
|
+
knife encrypt delete VAULT ITEM
|
|
33
|
+
knife encrypt rotate keys VAULT ITEM
|
|
34
34
|
|
|
35
35
|
<i>Global Options:</i>
|
|
36
36
|
<table>
|
|
@@ -69,11 +69,17 @@ NOTE: chef-vault 1.0 knife commands are not support! Please use chef-vault 2.0
|
|
|
69
69
|
<td>nil</td>
|
|
70
70
|
<td></td>
|
|
71
71
|
</tr>
|
|
72
|
+
<tr>
|
|
73
|
+
<td>nil</td>
|
|
74
|
+
<td>--file FILE</td>
|
|
75
|
+
<td>File that chef-vault should encrypt. It adds "file-content" & "file-name" keys to the vault item. This is only valid in create & update</td>
|
|
76
|
+
<td>nil</td>
|
|
77
|
+
<td></td>
|
|
72
78
|
</table>
|
|
73
79
|
|
|
74
80
|
### Decrypt
|
|
75
81
|
|
|
76
|
-
knife decrypt
|
|
82
|
+
knife decrypt VAULT ITEM [VALUES]
|
|
77
83
|
|
|
78
84
|
<i>Global Options:</i>
|
|
79
85
|
<table>
|
|
@@ -91,6 +97,13 @@ NOTE: chef-vault 1.0 knife commands are not support! Please use chef-vault 2.0
|
|
|
91
97
|
<td>solo</td>
|
|
92
98
|
<td>"solo", "client"</td>
|
|
93
99
|
</tr>
|
|
100
|
+
<tr>
|
|
101
|
+
<td>-F FORMAT</td>
|
|
102
|
+
<td>--format FORMAT</td>
|
|
103
|
+
<td>Format for output</td>
|
|
104
|
+
<td>summary</td>
|
|
105
|
+
<td>"summary", "json", "yaml", "pp"</td>
|
|
106
|
+
</tr>
|
|
94
107
|
</table>
|
|
95
108
|
|
|
96
109
|
## USAGE IN RECIPES
|
|
@@ -124,9 +137,11 @@ Do `chef-vault --help` for all available options
|
|
|
124
137
|
|
|
125
138
|
## License and Author:
|
|
126
139
|
|
|
127
|
-
Author:: Kevin Moser
|
|
128
|
-
|
|
129
|
-
|
|
140
|
+
Author:: Kevin Moser - @moserke<br>
|
|
141
|
+
Author:: Eli Klein - @eliklein<br>
|
|
142
|
+
Author:: Joshua Timberman - @jtimberman<br>
|
|
143
|
+
Copyright:: Copyright (c) 2013 Nordstrom, Inc.<br>
|
|
144
|
+
License:: Apache License, Version 2.0
|
|
130
145
|
|
|
131
146
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
132
147
|
you may not use this file except in compliance with the License.
|
data/bin/chef-vault
CHANGED
data/lib/chef-vault/item.rb
CHANGED
|
@@ -14,6 +14,8 @@
|
|
|
14
14
|
# See the License for the specific language governing permissions and
|
|
15
15
|
# limitations under the License.
|
|
16
16
|
|
|
17
|
+
require 'securerandom'
|
|
18
|
+
|
|
17
19
|
class ChefVault::Item < Chef::DataBagItem
|
|
18
20
|
attr_accessor :keys
|
|
19
21
|
attr_accessor :encrypted_data_bag_item
|
|
@@ -42,16 +44,7 @@ class ChefVault::Item < Chef::DataBagItem
|
|
|
42
44
|
|
|
43
45
|
case action
|
|
44
46
|
when :add
|
|
45
|
-
|
|
46
|
-
keys.add(ChefVault::ChefPatch::ApiClient.load(node.name), @secret, "clients")
|
|
47
|
-
rescue Net::HTTPServerException => http_error
|
|
48
|
-
if http_error.response.code == "404"
|
|
49
|
-
raise ChefVault::Exceptions::ClientNotFound,
|
|
50
|
-
"#{node.name} is not a valid chef client and/or node"
|
|
51
|
-
else
|
|
52
|
-
raise http_error
|
|
53
|
-
end
|
|
54
|
-
end
|
|
47
|
+
keys.add(load_client(node.name), @secret, "clients")
|
|
55
48
|
when :delete
|
|
56
49
|
keys.delete(node.name, "clients")
|
|
57
50
|
else
|
|
@@ -75,16 +68,7 @@ class ChefVault::Item < Chef::DataBagItem
|
|
|
75
68
|
admin.strip!
|
|
76
69
|
case action
|
|
77
70
|
when :add
|
|
78
|
-
|
|
79
|
-
keys.add(ChefVault::ChefPatch::User.load(admin), @secret, "admins")
|
|
80
|
-
rescue Net::HTTPServerException => http_error
|
|
81
|
-
if http_error.response.code == "404"
|
|
82
|
-
raise ChefVault::Exceptions::AdminNotFound,
|
|
83
|
-
"#{admin} is not a valid chef admin"
|
|
84
|
-
else
|
|
85
|
-
raise http_error
|
|
86
|
-
end
|
|
87
|
-
end
|
|
71
|
+
keys.add(load_admin(admin), @secret, "admins")
|
|
88
72
|
when :delete
|
|
89
73
|
keys.delete(admin, "admins")
|
|
90
74
|
else
|
|
@@ -131,8 +115,10 @@ class ChefVault::Item < Chef::DataBagItem
|
|
|
131
115
|
reload_raw_data
|
|
132
116
|
end
|
|
133
117
|
|
|
134
|
-
def generate_secret
|
|
135
|
-
|
|
118
|
+
def generate_secret(key_size=32)
|
|
119
|
+
# Defaults to 32 bytes, as this is the size that a Chef
|
|
120
|
+
# Encrypted Data Bag Item will digest all secrets down to anyway
|
|
121
|
+
SecureRandom.random_bytes(key_size)
|
|
136
122
|
end
|
|
137
123
|
|
|
138
124
|
def []=(key, value)
|
|
@@ -240,4 +226,39 @@ class ChefVault::Item < Chef::DataBagItem
|
|
|
240
226
|
|
|
241
227
|
@raw_data
|
|
242
228
|
end
|
|
229
|
+
|
|
230
|
+
def load_admin(admin)
|
|
231
|
+
begin
|
|
232
|
+
admin = ChefVault::ChefPatch::User.load(admin)
|
|
233
|
+
rescue Net::HTTPServerException => http_error
|
|
234
|
+
if http_error.response.code == "404"
|
|
235
|
+
begin
|
|
236
|
+
puts "WARNING: #{admin} not found in users, trying clients."
|
|
237
|
+
admin = load_client(admin)
|
|
238
|
+
rescue ChefVault::Exceptions::ClientNotFound
|
|
239
|
+
raise ChefVault::Exceptions::AdminNotFound,
|
|
240
|
+
"FATAL: Could not find #{admin} in users or clients!"
|
|
241
|
+
end
|
|
242
|
+
else
|
|
243
|
+
raise http_error
|
|
244
|
+
end
|
|
245
|
+
end
|
|
246
|
+
|
|
247
|
+
admin
|
|
248
|
+
end
|
|
249
|
+
|
|
250
|
+
def load_client(client)
|
|
251
|
+
begin
|
|
252
|
+
client = ChefVault::ChefPatch::ApiClient.load(client)
|
|
253
|
+
rescue Net::HTTPServerException => http_error
|
|
254
|
+
if http_error.response.code == "404"
|
|
255
|
+
raise ChefVault::Exceptions::ClientNotFound,
|
|
256
|
+
"#{client} is not a valid chef client and/or node"
|
|
257
|
+
else
|
|
258
|
+
raise http_error
|
|
259
|
+
end
|
|
260
|
+
end
|
|
261
|
+
|
|
262
|
+
client
|
|
263
|
+
end
|
|
243
264
|
end
|
data/lib/chef-vault/version.rb
CHANGED
data/lib/chef/knife/Decrypt.rb
CHANGED
|
@@ -25,19 +25,19 @@ class Decrypt < Chef::Knife
|
|
|
25
25
|
include ChefVault::Mixin::Helper
|
|
26
26
|
end
|
|
27
27
|
|
|
28
|
-
banner "knife decrypt
|
|
28
|
+
banner "knife decrypt VAULT ITEM [VALUES] --mode MODE"
|
|
29
29
|
|
|
30
30
|
option :mode,
|
|
31
31
|
:short => '-M MODE',
|
|
32
32
|
:long => '--mode MODE',
|
|
33
|
-
:description => 'Chef mode to run in default - solo'
|
|
33
|
+
:description => 'Chef mode to run in default - solo'
|
|
34
34
|
|
|
35
35
|
def run
|
|
36
36
|
vault = @name_args[0]
|
|
37
37
|
item = @name_args[1]
|
|
38
38
|
values = @name_args[2]
|
|
39
39
|
|
|
40
|
-
if vault && item
|
|
40
|
+
if vault && item
|
|
41
41
|
set_mode(config[:mode])
|
|
42
42
|
|
|
43
43
|
print_values(vault, item, values)
|
|
@@ -52,13 +52,20 @@ class Decrypt < Chef::Knife
|
|
|
52
52
|
end
|
|
53
53
|
|
|
54
54
|
def print_values(vault, item, values)
|
|
55
|
-
vault_item = ChefVault::Item.load(vault, item)
|
|
55
|
+
vault_item = ChefVault::Item.load(vault, item).raw_data
|
|
56
56
|
|
|
57
|
-
|
|
57
|
+
if values
|
|
58
|
+
included_values = %W( id )
|
|
58
59
|
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
60
|
+
values.split(",").each do |value|
|
|
61
|
+
value.strip! # remove white space
|
|
62
|
+
included_values << value
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
output(Hash[vault_item.find_all{|k,v| included_values.include?(k)}])
|
|
66
|
+
else
|
|
67
|
+
output(vault_item)
|
|
62
68
|
end
|
|
63
|
-
end
|
|
69
|
+
end
|
|
64
70
|
end
|
|
71
|
+
|
|
@@ -25,8 +25,8 @@ class EncryptCreate < Chef::Knife
|
|
|
25
25
|
include ChefVault::Mixin::Helper
|
|
26
26
|
end
|
|
27
27
|
|
|
28
|
-
banner "knife encrypt create
|
|
29
|
-
"--mode MODE --search SEARCH --admins ADMINS --json FILE"
|
|
28
|
+
banner "knife encrypt create VAULT ITEM VALUES "\
|
|
29
|
+
"--mode MODE --search SEARCH --admins ADMINS --json FILE --file FILE"
|
|
30
30
|
|
|
31
31
|
option :mode,
|
|
32
32
|
:short => '-M MODE',
|
|
@@ -48,6 +48,10 @@ class EncryptCreate < Chef::Knife
|
|
|
48
48
|
:long => '--json FILE',
|
|
49
49
|
:description => 'File containing JSON data to encrypt'
|
|
50
50
|
|
|
51
|
+
option :file,
|
|
52
|
+
:long => '--file FILE',
|
|
53
|
+
:description => 'File to be added to vault item as file-content'
|
|
54
|
+
|
|
51
55
|
def run
|
|
52
56
|
vault = @name_args[0]
|
|
53
57
|
item = @name_args[1]
|
|
@@ -55,10 +59,11 @@ class EncryptCreate < Chef::Knife
|
|
|
55
59
|
search = config[:search]
|
|
56
60
|
admins = config[:admins]
|
|
57
61
|
json_file = config[:json]
|
|
62
|
+
file = config[:file]
|
|
58
63
|
|
|
59
64
|
set_mode(config[:mode])
|
|
60
65
|
|
|
61
|
-
if vault && item && (values || json_file) && (search || admins)
|
|
66
|
+
if vault && item && (values || json_file || file) && (search || admins)
|
|
62
67
|
begin
|
|
63
68
|
vault_item = ChefVault::Item.load(vault, item)
|
|
64
69
|
raise ChefVault::Exceptions::ItemAlreadyExists,
|
|
@@ -68,10 +73,15 @@ class EncryptCreate < Chef::Knife
|
|
|
68
73
|
rescue ChefVault::Exceptions::KeysNotFound,
|
|
69
74
|
ChefVault::Exceptions::ItemNotFound
|
|
70
75
|
vault_item = ChefVault::Item.new(vault, item)
|
|
71
|
-
|
|
76
|
+
|
|
72
77
|
merge_values(values, json_file).each do |key, value|
|
|
73
78
|
vault_item[key] = value
|
|
74
|
-
end
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
if file
|
|
82
|
+
vault_item["file-name"] = File.basename(file)
|
|
83
|
+
vault_item["file-content"] = File.open(file){ |file| file.read() }
|
|
84
|
+
end
|
|
75
85
|
|
|
76
86
|
vault_item.clients(search) if search
|
|
77
87
|
vault_item.admins(admins) if admins
|
|
@@ -88,4 +98,4 @@ class EncryptCreate < Chef::Knife
|
|
|
88
98
|
exit 1
|
|
89
99
|
end
|
|
90
100
|
end
|
|
91
|
-
|
|
101
|
+
|
|
@@ -25,7 +25,7 @@ class EncryptDelete < Chef::Knife
|
|
|
25
25
|
include ChefVault::Mixin::Helper
|
|
26
26
|
end
|
|
27
27
|
|
|
28
|
-
banner "knife encrypt delete
|
|
28
|
+
banner "knife encrypt delete VAULT ITEM --mode MODE"
|
|
29
29
|
|
|
30
30
|
option :mode,
|
|
31
31
|
:short => '-M MODE',
|
|
@@ -45,8 +45,8 @@ class EncryptDelete < Chef::Knife
|
|
|
45
45
|
rescue ChefVault::Exceptions::KeysNotFound,
|
|
46
46
|
ChefVault::Exceptions::ItemNotFound
|
|
47
47
|
|
|
48
|
-
|
|
49
|
-
|
|
48
|
+
raise ChefVault::Exceptions::ItemNotFound,
|
|
49
|
+
"#{vault}/#{item} not found."
|
|
50
50
|
end
|
|
51
51
|
end
|
|
52
52
|
else
|
|
@@ -59,4 +59,4 @@ class EncryptDelete < Chef::Knife
|
|
|
59
59
|
exit 1
|
|
60
60
|
end
|
|
61
61
|
end
|
|
62
|
-
|
|
62
|
+
|
|
@@ -25,7 +25,7 @@ class EncryptRemove < Chef::Knife
|
|
|
25
25
|
include ChefVault::Mixin::Helper
|
|
26
26
|
end
|
|
27
27
|
|
|
28
|
-
banner "knife encrypt remove
|
|
28
|
+
banner "knife encrypt remove VAULT ITEM VALUES "\
|
|
29
29
|
"--mode MODE --search SEARCH --admins ADMINS"
|
|
30
30
|
|
|
31
31
|
option :mode,
|
|
@@ -73,9 +73,9 @@ class EncryptRemove < Chef::Knife
|
|
|
73
73
|
remove_items.each do |key|
|
|
74
74
|
key.strip!
|
|
75
75
|
vault_item.remove(key)
|
|
76
|
-
end
|
|
76
|
+
end
|
|
77
77
|
end
|
|
78
|
-
|
|
78
|
+
|
|
79
79
|
vault_item.clients(search, :delete) if search
|
|
80
80
|
vault_item.admins(admins, :delete) if admins
|
|
81
81
|
|
|
@@ -97,4 +97,4 @@ class EncryptRemove < Chef::Knife
|
|
|
97
97
|
exit 1
|
|
98
98
|
end
|
|
99
99
|
end
|
|
100
|
-
|
|
100
|
+
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# Description: Chef-Vault
|
|
1
|
+
# Description: Chef-Vault EncryptRotateKeys class
|
|
2
2
|
# Copyright 2013, Nordstrom, Inc.
|
|
3
3
|
|
|
4
4
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
@@ -25,7 +25,7 @@ class EncryptRotateKeys < Chef::Knife
|
|
|
25
25
|
include ChefVault::Mixin::Helper
|
|
26
26
|
end
|
|
27
27
|
|
|
28
|
-
banner "knife rotate
|
|
28
|
+
banner "knife encrypt rotate keys VAULT ITEM --mode MODE"
|
|
29
29
|
|
|
30
30
|
option :mode,
|
|
31
31
|
:short => '-M MODE',
|
|
@@ -59,4 +59,4 @@ class EncryptRotateKeys < Chef::Knife
|
|
|
59
59
|
exit 1
|
|
60
60
|
end
|
|
61
61
|
end
|
|
62
|
-
|
|
62
|
+
|
|
@@ -25,8 +25,8 @@ class EncryptUpdate < Chef::Knife
|
|
|
25
25
|
include ChefVault::Mixin::Helper
|
|
26
26
|
end
|
|
27
27
|
|
|
28
|
-
banner "knife encrypt update
|
|
29
|
-
"--mode MODE --search SEARCH --admins ADMINS --json FILE"
|
|
28
|
+
banner "knife encrypt update VAULT ITEM VALUES "\
|
|
29
|
+
"--mode MODE --search SEARCH --admins ADMINS --json FILE --file FILE"
|
|
30
30
|
|
|
31
31
|
option :mode,
|
|
32
32
|
:short => '-M MODE',
|
|
@@ -48,6 +48,10 @@ class EncryptUpdate < Chef::Knife
|
|
|
48
48
|
:long => '--json FILE',
|
|
49
49
|
:description => 'File containing JSON data to encrypt'
|
|
50
50
|
|
|
51
|
+
option :file,
|
|
52
|
+
:long => '--file FILE',
|
|
53
|
+
:description => 'File to be added to vault item as file-content'
|
|
54
|
+
|
|
51
55
|
def run
|
|
52
56
|
vault = @name_args[0]
|
|
53
57
|
item = @name_args[1]
|
|
@@ -55,16 +59,22 @@ class EncryptUpdate < Chef::Knife
|
|
|
55
59
|
search = config[:search]
|
|
56
60
|
admins = config[:admins]
|
|
57
61
|
json_file = config[:json]
|
|
62
|
+
file = config[:file]
|
|
58
63
|
|
|
59
64
|
set_mode(config[:mode])
|
|
60
65
|
|
|
61
|
-
if vault && item && ((values || json_file) || (search || admins))
|
|
66
|
+
if vault && item && ((values || json_file || file) || (search || admins))
|
|
62
67
|
begin
|
|
63
68
|
vault_item = ChefVault::Item.load(vault, item)
|
|
64
69
|
|
|
65
70
|
merge_values(values, json_file).each do |key, value|
|
|
66
71
|
vault_item[key] = value
|
|
67
|
-
end
|
|
72
|
+
end
|
|
73
|
+
|
|
74
|
+
if file
|
|
75
|
+
vault_item["file-name"] = File.basename(file)
|
|
76
|
+
vault_item["file-content"] = File.open(file){ |file| file.read() }
|
|
77
|
+
end
|
|
68
78
|
|
|
69
79
|
vault_item.clients(search) if search
|
|
70
80
|
vault_item.admins(admins) if admins
|
|
@@ -87,4 +97,4 @@ class EncryptUpdate < Chef::Knife
|
|
|
87
97
|
exit 1
|
|
88
98
|
end
|
|
89
99
|
end
|
|
90
|
-
|
|
100
|
+
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: chef-vault
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.0
|
|
4
|
+
version: 2.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Kevin Moser
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2013-
|
|
11
|
+
date: 2013-12-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: chef
|