chef-vault 2.8.0.rc1 → 2.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 8298b0ae7bca091e181d7d0694c972526f4be1a1
4
- data.tar.gz: bbc9db10fd50a14f651b807bcc205ebfa2fac5d6
3
+ metadata.gz: 750abe3e243a8eed71602426024b73cd60fd4187
4
+ data.tar.gz: d014e5e9965a19cc05a5180b491d1e7938b148cb
5
5
  SHA512:
6
- metadata.gz: e07ed430004233978ca425f4b47baa107476bae5d98d056fa54bc1654e924f744fa7c70d7e00ff7b73729666866f406d5ee6b80a40532cb90c466a43d0e7de66
7
- data.tar.gz: beaeb7a671897a9ee6b417ff644fe8ee77910918df0d4d6ca901e9eda9fe95628ca47e07ebbb40d423f525cd558aa6ee6970b9efdfae397e14b4de68633d543a
6
+ metadata.gz: ce1a778347407af231250a5d98a745f14b17ed6ba0ed05dd5bc562bfa243bfd0669519a20a00cd997dbedff7fc3fa6dc774d6b9c567e621966c7987f3209e06b
7
+ data.tar.gz: d14135ed7acbca9c486e771573afde6af1ccd881cf5603fecaf46e47ca0038514c0e6cd95dfc22803a7088f63f94285495c516dbf149ffe9e3e3add098640a78
@@ -25,6 +25,10 @@ This release will also remove the chef-vault 1.x commands (encrypt/decrypt)
25
25
 
26
26
  ## Released
27
27
 
28
+ ## v2.8.0
29
+
30
+ * Fix searches for more than 1000 nodes
31
+
28
32
  ## v2.6.1
29
33
 
30
34
  * Remove dependency on [rspec-its](https://github.com/rspec/rspec-its)
data/README.md CHANGED
@@ -16,8 +16,7 @@ Gem that allows you to encrypt a Chef Data Bag Item using the public keys of
16
16
  a list of chef nodes. This allows only those chef nodes to decrypt the
17
17
  encrypted values.
18
18
 
19
- For a more detailed explanation of how chef-vault works, please refer to the
20
- file THEORY.md.
19
+ For a more detailed explanation of how chef-vault works, please refer to this blog post [Chef Vault – what is it and what can it do for you?](https://www.chef.io/blog/2016/01/21/chef-vault-what-is-it-and-what-can-it-do-for-you/) by Nell Shamrell-Harrington.
21
20
 
22
21
  ## INSTALLATION:
23
22
 
data/UPGRADE.md CHANGED
@@ -1,7 +1,7 @@
1
1
  # UPGRADING A v1 VAULT to v2
2
2
 
3
3
  chef-vault v2 added metadata to the vault to keep track of
4
- which secrets belong to admins and which belong to admins,
4
+ which secrets belong to clients and which belong to admins,
5
5
  as well as the search query to use during a `knife vault refresh`
6
6
  operation.
7
7
 
@@ -2,29 +2,29 @@ require "json"
2
2
 
3
3
  Given(/^I create a vault item '(.+)\/(.+)' containing the JSON '(.+)' encrypted for '(.+)'(?: with '(.+)' as admins?)?$/) do |vault, item, json, nodelist, admins|
4
4
  write_file "item.json", json
5
- query = nodelist.split(/,/).map{|e| "name:#{e}"}.join(" OR ")
5
+ query = nodelist.split(/,/).map { |e| "name:#{e}" }.join(" OR ")
6
6
  adminarg = admins.nil? ? "-A admin" : "-A #{admins}"
7
7
  run_simple "knife vault create #{vault} #{item} -z -c knife.rb #{adminarg} -S '#{query}' -J item.json", false
8
8
  end
9
9
 
10
10
  Given(/^I update the vault item '(.+)\/(.+)' to be encrypted for '(.+)'( with the clean option)?$/) do |vault, item, nodelist, cleanopt|
11
- query = nodelist.split(/,/).map{|e| "name:#{e}"}.join(" OR ")
11
+ query = nodelist.split(/,/).map { |e| "name:#{e}" }.join(" OR ")
12
12
  run_simple "knife vault update #{vault} #{item} -z -c knife.rb -S '#{query}' #{cleanopt ? '--clean' : ''}"
13
13
  end
14
14
 
15
15
  Given(/^I remove clients? '(.+)' from vault item '(.+)\/(.+)' with the '(.+)' options?$/) do |nodelist, vault, item, optionlist|
16
- query = nodelist.split(/,/).map{|e| "name:#{e}"}.join(" OR ")
17
- options = optionlist.split(/,/).map{|o| "--#{o}"}.join(" ")
16
+ query = nodelist.split(/,/).map { |e| "name:#{e}" }.join(" OR ")
17
+ options = optionlist.split(/,/).map { |o| "--#{o}" }.join(" ")
18
18
  run_simple "knife vault remove #{vault} #{item} -z -c knife.rb -S '#{query}' #{options}"
19
19
  end
20
20
 
21
21
  Given(/^I rotate the keys for vault item '(.+)\/(.+)' with the '(.+)' options?$/) do |vault, item, optionlist|
22
- options = optionlist.split(/,/).map{|o| "--#{o}"}.join(" ")
22
+ options = optionlist.split(/,/).map { |o| "--#{o}" }.join(" ")
23
23
  run_simple "knife vault rotate keys #{vault} #{item} -c knife.rb -z #{options}"
24
24
  end
25
25
 
26
26
  Given(/^I rotate all keys with the '(.+)' options?$/) do |optionlist|
27
- options = optionlist.split(/,/).map{|o| "--#{o}"}.join(" ")
27
+ options = optionlist.split(/,/).map { |o| "--#{o}" }.join(" ")
28
28
  run_simple "knife vault rotate all keys -z -c knife.rb #{options}"
29
29
  end
30
30
 
@@ -33,7 +33,7 @@ Given(/^I refresh the vault item '(.+)\/(.+)'$/) do |vault, item|
33
33
  end
34
34
 
35
35
  Given(/^I refresh the vault item '(.+)\/(.+)' with the '(.+)' options?$/) do |vault, item, optionlist|
36
- options = optionlist.split(/,/).map{|o| "--#{o}"}.join(" ")
36
+ options = optionlist.split(/,/).map { |o| "--#{o}" }.join(" ")
37
37
  run_simple "knife vault refresh #{vault} #{item} -c knife.rb -z #{options}"
38
38
  end
39
39
 
@@ -8,7 +8,7 @@ require "aruba/cucumber"
8
8
  # the knife command. Up the timeout when we're in a travis build based on the
9
9
  # environment variable set in .travis.yml
10
10
  #if ENV['TRAVIS_BUILD']
11
- Before do
12
- @aruba_timeout_seconds = 15
13
- end
11
+ Before do
12
+ @aruba_timeout_seconds = 15
13
+ end
14
14
  #end
@@ -35,7 +35,7 @@ require "chef-vault/chef_patch/user"
35
35
  class ChefVault
36
36
  attr_accessor :vault
37
37
 
38
- def initialize(vault, chef_config_file=nil)
38
+ def initialize(vault, chef_config_file = nil)
39
39
  @vault = vault
40
40
  ChefVault.load_config(chef_config_file) if chef_config_file
41
41
  end
@@ -74,7 +74,7 @@ class ChefVault
74
74
  @secret = secret
75
75
  end
76
76
 
77
- def clients(search_or_client=nil, action=:add)
77
+ def clients(search_or_client = nil, action = :add)
78
78
  if search_or_client.is_a?(Chef::ApiClient)
79
79
  handle_client_action(search_or_client, action)
80
80
  elsif search_or_client
@@ -107,7 +107,7 @@ class ChefVault
107
107
  end
108
108
  end
109
109
 
110
- def search(search_query=nil)
110
+ def search(search_query = nil)
111
111
  if search_query
112
112
  keys.search_query(search_query)
113
113
  else
@@ -115,7 +115,7 @@ class ChefVault
115
115
  end
116
116
  end
117
117
 
118
- def admins(admins=nil, action=:add)
118
+ def admins(admins = nil, action = :add)
119
119
  if admins
120
120
  admins.split(",").each do |admin|
121
121
  admin.strip!
@@ -179,7 +179,7 @@ class ChefVault
179
179
  reload_raw_data
180
180
  end
181
181
 
182
- def generate_secret(key_size=32)
182
+ def generate_secret(key_size = 32)
183
183
  # Defaults to 32 bytes, as this is the size that a Chef
184
184
  # Encrypted Data Bag Item will digest all secrets down to anyway
185
185
  SecureRandom.random_bytes(key_size)
@@ -195,7 +195,7 @@ class ChefVault
195
195
  super
196
196
  end
197
197
 
198
- def save(item_id=@raw_data["id"])
198
+ def save(item_id = @raw_data["id"])
199
199
  # validate the format of the id before attempting to save
200
200
  validate_id!(item_id)
201
201
 
@@ -52,7 +52,7 @@ class ChefVault
52
52
  raw_data[type].delete(chef_client)
53
53
  end
54
54
 
55
- def search_query(search_query=nil)
55
+ def search_query(search_query = nil)
56
56
  if search_query
57
57
  @raw_data["search_query"] = search_query
58
58
  else
@@ -68,7 +68,7 @@ class ChefVault
68
68
  @raw_data["admins"]
69
69
  end
70
70
 
71
- def save(item_id=@raw_data["id"])
71
+ def save(item_id = @raw_data["id"])
72
72
  if Chef::Config[:solo]
73
73
  save_solo(item_id)
74
74
  else
@@ -22,7 +22,7 @@ class ChefVault
22
22
  [data_bag_path, data_bag_item_path]
23
23
  end
24
24
 
25
- def save_solo(item_id=@raw_data["id"])
25
+ def save_solo(item_id = @raw_data["id"])
26
26
  data_bag_path, data_bag_item_path = find_solo_path(item_id)
27
27
 
28
28
  FileUtils.mkdir(data_bag_path) unless File.exist?(data_bag_path)
@@ -15,6 +15,6 @@
15
15
  # limitations under the License.
16
16
 
17
17
  class ChefVault
18
- VERSION = "2.8.0.rc1"
18
+ VERSION = "2.8.0"
19
19
  MAJOR, MINOR, TINY = VERSION.split(".")
20
20
  end
@@ -33,7 +33,7 @@ class ChefVault
33
33
  end
34
34
 
35
35
  def values_from_file(file)
36
- json = File.open(file){ |fh| fh.read() }
36
+ json = File.open(file) { |fh| fh.read() }
37
37
 
38
38
  values_from_json(json)
39
39
  end
@@ -48,7 +48,7 @@ class Chef
48
48
  included_values << value
49
49
  end
50
50
 
51
- output(Hash[vault_item.find_all{|k, _| included_values.include?(k)}])
51
+ output(Hash[vault_item.find_all { |k, _| included_values.include?(k) }])
52
52
  else
53
53
  output(vault_item)
54
54
  end
@@ -37,7 +37,7 @@ class Chef
37
37
  begin
38
38
  vault_item = ChefVault::Item.load(vault, item)
39
39
 
40
- filtered_vault_data = vault_item.raw_data.select{|x| x != "id"}
40
+ filtered_vault_data = vault_item.raw_data.select { |x| x != "id" }
41
41
 
42
42
  updated_vault_json = edit_data(filtered_vault_data)
43
43
 
@@ -34,7 +34,7 @@ class Chef
34
34
 
35
35
  private
36
36
 
37
- def rotate_all_keys(clean_unknown_clients=false)
37
+ def rotate_all_keys(clean_unknown_clients = false)
38
38
  vaults = Chef::DataBag.list.keys
39
39
  vaults.each { |vault| rotate_vault_keys(vault, clean_unknown_clients) }
40
40
  end
@@ -76,7 +76,7 @@ class Chef
76
76
  included_values << value
77
77
  end
78
78
 
79
- filtered_data = Hash[vault_item.raw_data.find_all{|k, _| included_values.include?(k)}]
79
+ filtered_data = Hash[vault_item.raw_data.find_all { |k, _| included_values.include?(k) }]
80
80
 
81
81
  output_data = filtered_data.merge(extra_data)
82
82
  else
@@ -3,9 +3,9 @@ RSpec.describe ChefVault::Certificate do
3
3
  let(:cert) { ChefVault::Certificate.new("foo", "bar") }
4
4
 
5
5
  before do
6
- allow(ChefVault::Item).to receive(:load).with("foo", "bar"){ item }
7
- allow(item).to receive(:[]).with("id"){ "bar" }
8
- allow(item).to receive(:[]).with("contents"){ "baz" }
6
+ allow(ChefVault::Item).to receive(:load).with("foo", "bar") { item }
7
+ allow(item).to receive(:[]).with("id") { "bar" }
8
+ allow(item).to receive(:[]).with("contents") { "baz" }
9
9
  @orig_stdout = $stdout
10
10
  $stdout = File.open(File::NULL, "w")
11
11
  end
@@ -3,9 +3,9 @@ RSpec.describe ChefVault::User do
3
3
  let(:user) { ChefVault::User.new("foo", "bar") }
4
4
 
5
5
  before do
6
- allow(ChefVault::Item).to receive(:load).with("foo", "bar"){ item }
7
- allow(item).to receive(:[]).with("id"){ "bar" }
8
- allow(item).to receive(:[]).with("password"){ "baz" }
6
+ allow(ChefVault::Item).to receive(:load).with("foo", "bar") { item }
7
+ allow(item).to receive(:[]).with("id") { "bar" }
8
+ allow(item).to receive(:[]).with("password") { "baz" }
9
9
  @orig_stdout = $stdout
10
10
  $stdout = File.open(File::NULL, "w")
11
11
  end
@@ -18,7 +18,7 @@ RSpec.describe ChefVault do
18
18
  let(:vault) { ChefVault.new("foo", "knife.rb") }
19
19
 
20
20
  it "assigns 'foo' to the vault accessor" do
21
- expect(vault.vault).to eq "foo"
21
+ expect(vault.vault).to eq "foo"
22
22
  end
23
23
 
24
24
  it "loads the Chef config values" do
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: chef-vault
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.8.0.rc1
4
+ version: 2.8.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Kevin Moser
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2016-01-29 00:00:00.000000000 Z
12
+ date: 2016-02-09 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rake
@@ -207,9 +207,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
207
207
  version: '0'
208
208
  required_rubygems_version: !ruby/object:Gem::Requirement
209
209
  requirements:
210
- - - ">"
210
+ - - ">="
211
211
  - !ruby/object:Gem::Version
212
- version: 1.3.1
212
+ version: '0'
213
213
  requirements: []
214
214
  rubyforge_project:
215
215
  rubygems_version: 2.4.5.1