chef-vault 2.8.0.rc1 → 2.8.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (20) hide show
  1. checksums.yaml +4 -4
  2. data/Changelog.md +4 -0
  3. data/README.md +1 -2
  4. data/UPGRADE.md +1 -1
  5. data/features/step_definitions/chef-vault.rb +7 -7
  6. data/features/support/env.rb +3 -3
  7. data/lib/chef-vault.rb +1 -1
  8. data/lib/chef-vault/item.rb +5 -5
  9. data/lib/chef-vault/item_keys.rb +2 -2
  10. data/lib/chef-vault/mixins.rb +1 -1
  11. data/lib/chef-vault/version.rb +1 -1
  12. data/lib/chef/knife/mixin/helper.rb +1 -1
  13. data/lib/chef/knife/vault_decrypt.rb +1 -1
  14. data/lib/chef/knife/vault_edit.rb +1 -1
  15. data/lib/chef/knife/vault_rotate_all_keys.rb +1 -1
  16. data/lib/chef/knife/vault_show.rb +1 -1
  17. data/spec/chef-vault/certificate_spec.rb +3 -3
  18. data/spec/chef-vault/user_spec.rb +3 -3
  19. data/spec/chef-vault_spec.rb +1 -1
  20. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 8298b0ae7bca091e181d7d0694c972526f4be1a1
4
- data.tar.gz: bbc9db10fd50a14f651b807bcc205ebfa2fac5d6
3
+ metadata.gz: 750abe3e243a8eed71602426024b73cd60fd4187
4
+ data.tar.gz: d014e5e9965a19cc05a5180b491d1e7938b148cb
5
5
  SHA512:
6
- metadata.gz: e07ed430004233978ca425f4b47baa107476bae5d98d056fa54bc1654e924f744fa7c70d7e00ff7b73729666866f406d5ee6b80a40532cb90c466a43d0e7de66
7
- data.tar.gz: beaeb7a671897a9ee6b417ff644fe8ee77910918df0d4d6ca901e9eda9fe95628ca47e07ebbb40d423f525cd558aa6ee6970b9efdfae397e14b4de68633d543a
6
+ metadata.gz: ce1a778347407af231250a5d98a745f14b17ed6ba0ed05dd5bc562bfa243bfd0669519a20a00cd997dbedff7fc3fa6dc774d6b9c567e621966c7987f3209e06b
7
+ data.tar.gz: d14135ed7acbca9c486e771573afde6af1ccd881cf5603fecaf46e47ca0038514c0e6cd95dfc22803a7088f63f94285495c516dbf149ffe9e3e3add098640a78
data/Changelog.md CHANGED
@@ -25,6 +25,10 @@ This release will also remove the chef-vault 1.x commands (encrypt/decrypt)
25
25
 
26
26
  ## Released
27
27
 
28
+ ## v2.8.0
29
+
30
+ * Fix searches for more than 1000 nodes
31
+
28
32
  ## v2.6.1
29
33
 
30
34
  * Remove dependency on [rspec-its](https://github.com/rspec/rspec-its)
data/README.md CHANGED
@@ -16,8 +16,7 @@ Gem that allows you to encrypt a Chef Data Bag Item using the public keys of
16
16
  a list of chef nodes. This allows only those chef nodes to decrypt the
17
17
  encrypted values.
18
18
 
19
- For a more detailed explanation of how chef-vault works, please refer to the
20
- file THEORY.md.
19
+ For a more detailed explanation of how chef-vault works, please refer to this blog post [Chef Vault – what is it and what can it do for you?](https://www.chef.io/blog/2016/01/21/chef-vault-what-is-it-and-what-can-it-do-for-you/) by Nell Shamrell-Harrington.
21
20
 
22
21
  ## INSTALLATION:
23
22
 
data/UPGRADE.md CHANGED
@@ -1,7 +1,7 @@
1
1
  # UPGRADING A v1 VAULT to v2
2
2
 
3
3
  chef-vault v2 added metadata to the vault to keep track of
4
- which secrets belong to admins and which belong to admins,
4
+ which secrets belong to clients and which belong to admins,
5
5
  as well as the search query to use during a `knife vault refresh`
6
6
  operation.
7
7
 
data/features/step_definitions/chef-vault.rb CHANGED
@@ -2,29 +2,29 @@ require "json"
2
2
 
3
3
  Given(/^I create a vault item '(.+)\/(.+)' containing the JSON '(.+)' encrypted for '(.+)'(?: with '(.+)' as admins?)?$/) do |vault, item, json, nodelist, admins|
4
4
  write_file "item.json", json
5
- query = nodelist.split(/,/).map{|e| "name:#{e}"}.join(" OR ")
5
+ query = nodelist.split(/,/).map { |e| "name:#{e}" }.join(" OR ")
6
6
  adminarg = admins.nil? ? "-A admin" : "-A #{admins}"
7
7
  run_simple "knife vault create #{vault} #{item} -z -c knife.rb #{adminarg} -S '#{query}' -J item.json", false
8
8
  end
9
9
 
10
10
  Given(/^I update the vault item '(.+)\/(.+)' to be encrypted for '(.+)'( with the clean option)?$/) do |vault, item, nodelist, cleanopt|
11
- query = nodelist.split(/,/).map{|e| "name:#{e}"}.join(" OR ")
11
+ query = nodelist.split(/,/).map { |e| "name:#{e}" }.join(" OR ")
12
12
  run_simple "knife vault update #{vault} #{item} -z -c knife.rb -S '#{query}' #{cleanopt ? '--clean' : ''}"
13
13
  end
14
14
 
15
15
  Given(/^I remove clients? '(.+)' from vault item '(.+)\/(.+)' with the '(.+)' options?$/) do |nodelist, vault, item, optionlist|
16
- query = nodelist.split(/,/).map{|e| "name:#{e}"}.join(" OR ")
17
- options = optionlist.split(/,/).map{|o| "--#{o}"}.join(" ")
16
+ query = nodelist.split(/,/).map { |e| "name:#{e}" }.join(" OR ")
17
+ options = optionlist.split(/,/).map { |o| "--#{o}" }.join(" ")
18
18
  run_simple "knife vault remove #{vault} #{item} -z -c knife.rb -S '#{query}' #{options}"
19
19
  end
20
20
 
21
21
  Given(/^I rotate the keys for vault item '(.+)\/(.+)' with the '(.+)' options?$/) do |vault, item, optionlist|
22
- options = optionlist.split(/,/).map{|o| "--#{o}"}.join(" ")
22
+ options = optionlist.split(/,/).map { |o| "--#{o}" }.join(" ")
23
23
  run_simple "knife vault rotate keys #{vault} #{item} -c knife.rb -z #{options}"
24
24
  end
25
25
 
26
26
  Given(/^I rotate all keys with the '(.+)' options?$/) do |optionlist|
27
- options = optionlist.split(/,/).map{|o| "--#{o}"}.join(" ")
27
+ options = optionlist.split(/,/).map { |o| "--#{o}" }.join(" ")
28
28
  run_simple "knife vault rotate all keys -z -c knife.rb #{options}"
29
29
  end
30
30
 
@@ -33,7 +33,7 @@ Given(/^I refresh the vault item '(.+)\/(.+)'$/) do |vault, item|
33
33
  end
34
34
 
35
35
  Given(/^I refresh the vault item '(.+)\/(.+)' with the '(.+)' options?$/) do |vault, item, optionlist|
36
- options = optionlist.split(/,/).map{|o| "--#{o}"}.join(" ")
36
+ options = optionlist.split(/,/).map { |o| "--#{o}" }.join(" ")
37
37
  run_simple "knife vault refresh #{vault} #{item} -c knife.rb -z #{options}"
38
38
  end
39
39
 
data/features/support/env.rb CHANGED
@@ -8,7 +8,7 @@ require "aruba/cucumber"
8
8
  # the knife command. Up the timeout when we're in a travis build based on the
9
9
  # environment variable set in .travis.yml
10
10
  #if ENV['TRAVIS_BUILD']
11
- Before do
12
- @aruba_timeout_seconds = 15
13
- end
11
+ Before do
12
+ @aruba_timeout_seconds = 15
13
+ end
14
14
  #end
data/lib/chef-vault.rb CHANGED
@@ -35,7 +35,7 @@ require "chef-vault/chef_patch/user"
35
35
  class ChefVault
36
36
  attr_accessor :vault
37
37
 
38
- def initialize(vault, chef_config_file=nil)
38
+ def initialize(vault, chef_config_file = nil)
39
39
  @vault = vault
40
40
  ChefVault.load_config(chef_config_file) if chef_config_file
41
41
  end
data/lib/chef-vault/item.rb CHANGED
@@ -74,7 +74,7 @@ class ChefVault
74
74
  @secret = secret
75
75
  end
76
76
 
77
- def clients(search_or_client=nil, action=:add)
77
+ def clients(search_or_client = nil, action = :add)
78
78
  if search_or_client.is_a?(Chef::ApiClient)
79
79
  handle_client_action(search_or_client, action)
80
80
  elsif search_or_client
@@ -107,7 +107,7 @@ class ChefVault
107
107
  end
108
108
  end
109
109
 
110
- def search(search_query=nil)
110
+ def search(search_query = nil)
111
111
  if search_query
112
112
  keys.search_query(search_query)
113
113
  else
@@ -115,7 +115,7 @@ class ChefVault
115
115
  end
116
116
  end
117
117
 
118
- def admins(admins=nil, action=:add)
118
+ def admins(admins = nil, action = :add)
119
119
  if admins
120
120
  admins.split(",").each do |admin|
121
121
  admin.strip!
@@ -179,7 +179,7 @@ class ChefVault
179
179
  reload_raw_data
180
180
  end
181
181
 
182
- def generate_secret(key_size=32)
182
+ def generate_secret(key_size = 32)
183
183
  # Defaults to 32 bytes, as this is the size that a Chef
184
184
  # Encrypted Data Bag Item will digest all secrets down to anyway
185
185
  SecureRandom.random_bytes(key_size)
@@ -195,7 +195,7 @@ class ChefVault
195
195
  super
196
196
  end
197
197
 
198
- def save(item_id=@raw_data["id"])
198
+ def save(item_id = @raw_data["id"])
199
199
  # validate the format of the id before attempting to save
200
200
  validate_id!(item_id)
201
201
 
data/lib/chef-vault/item_keys.rb CHANGED
@@ -52,7 +52,7 @@ class ChefVault
52
52
  raw_data[type].delete(chef_client)
53
53
  end
54
54
 
55
- def search_query(search_query=nil)
55
+ def search_query(search_query = nil)
56
56
  if search_query
57
57
  @raw_data["search_query"] = search_query
58
58
  else
@@ -68,7 +68,7 @@ class ChefVault
68
68
  @raw_data["admins"]
69
69
  end
70
70
 
71
- def save(item_id=@raw_data["id"])
71
+ def save(item_id = @raw_data["id"])
72
72
  if Chef::Config[:solo]
73
73
  save_solo(item_id)
74
74
  else
data/lib/chef-vault/mixins.rb CHANGED
@@ -22,7 +22,7 @@ class ChefVault
22
22
  [data_bag_path, data_bag_item_path]
23
23
  end
24
24
 
25
- def save_solo(item_id=@raw_data["id"])
25
+ def save_solo(item_id = @raw_data["id"])
26
26
  data_bag_path, data_bag_item_path = find_solo_path(item_id)
27
27
 
28
28
  FileUtils.mkdir(data_bag_path) unless File.exist?(data_bag_path)
data/lib/chef-vault/version.rb CHANGED
@@ -15,6 +15,6 @@
15
15
  # limitations under the License.
16
16
 
17
17
  class ChefVault
18
- VERSION = "2.8.0.rc1"
18
+ VERSION = "2.8.0"
19
19
  MAJOR, MINOR, TINY = VERSION.split(".")
20
20
  end
data/lib/chef/knife/mixin/helper.rb CHANGED
@@ -33,7 +33,7 @@ class ChefVault
33
33
  end
34
34
 
35
35
  def values_from_file(file)
36
- json = File.open(file){ |fh| fh.read() }
36
+ json = File.open(file) { |fh| fh.read() }
37
37
 
38
38
  values_from_json(json)
39
39
  end
data/lib/chef/knife/vault_decrypt.rb CHANGED
@@ -48,7 +48,7 @@ class Chef
48
48
  included_values << value
49
49
  end
50
50
 
51
- output(Hash[vault_item.find_all{|k, _| included_values.include?(k)}])
51
+ output(Hash[vault_item.find_all { |k, _| included_values.include?(k) }])
52
52
  else
53
53
  output(vault_item)
54
54
  end
data/lib/chef/knife/vault_edit.rb CHANGED
@@ -37,7 +37,7 @@ class Chef
37
37
  begin
38
38
  vault_item = ChefVault::Item.load(vault, item)
39
39
 
40
- filtered_vault_data = vault_item.raw_data.select{|x| x != "id"}
40
+ filtered_vault_data = vault_item.raw_data.select { |x| x != "id" }
41
41
 
42
42
  updated_vault_json = edit_data(filtered_vault_data)
43
43
 
data/lib/chef/knife/vault_rotate_all_keys.rb CHANGED
@@ -34,7 +34,7 @@ class Chef
34
34
 
35
35
  private
36
36
 
37
- def rotate_all_keys(clean_unknown_clients=false)
37
+ def rotate_all_keys(clean_unknown_clients = false)
38
38
  vaults = Chef::DataBag.list.keys
39
39
  vaults.each { |vault| rotate_vault_keys(vault, clean_unknown_clients) }
40
40
  end
data/lib/chef/knife/vault_show.rb CHANGED
@@ -76,7 +76,7 @@ class Chef
76
76
  included_values << value
77
77
  end
78
78
 
79
- filtered_data = Hash[vault_item.raw_data.find_all{|k, _| included_values.include?(k)}]
79
+ filtered_data = Hash[vault_item.raw_data.find_all { |k, _| included_values.include?(k) }]
80
80
 
81
81
  output_data = filtered_data.merge(extra_data)
82
82
  else
data/spec/chef-vault/certificate_spec.rb CHANGED
@@ -3,9 +3,9 @@ RSpec.describe ChefVault::Certificate do
3
3
  let(:cert) { ChefVault::Certificate.new("foo", "bar") }
4
4
 
5
5
  before do
6
- allow(ChefVault::Item).to receive(:load).with("foo", "bar"){ item }
7
- allow(item).to receive(:[]).with("id"){ "bar" }
8
- allow(item).to receive(:[]).with("contents"){ "baz" }
6
+ allow(ChefVault::Item).to receive(:load).with("foo", "bar") { item }
7
+ allow(item).to receive(:[]).with("id") { "bar" }
8
+ allow(item).to receive(:[]).with("contents") { "baz" }
9
9
  @orig_stdout = $stdout
10
10
  $stdout = File.open(File::NULL, "w")
11
11
  end
data/spec/chef-vault/user_spec.rb CHANGED
@@ -3,9 +3,9 @@ RSpec.describe ChefVault::User do
3
3
  let(:user) { ChefVault::User.new("foo", "bar") }
4
4
 
5
5
  before do
6
- allow(ChefVault::Item).to receive(:load).with("foo", "bar"){ item }
7
- allow(item).to receive(:[]).with("id"){ "bar" }
8
- allow(item).to receive(:[]).with("password"){ "baz" }
6
+ allow(ChefVault::Item).to receive(:load).with("foo", "bar") { item }
7
+ allow(item).to receive(:[]).with("id") { "bar" }
8
+ allow(item).to receive(:[]).with("password") { "baz" }
9
9
  @orig_stdout = $stdout
10
10
  $stdout = File.open(File::NULL, "w")
11
11
  end
data/spec/chef-vault_spec.rb CHANGED
@@ -18,7 +18,7 @@ RSpec.describe ChefVault do
18
18
  let(:vault) { ChefVault.new("foo", "knife.rb") }
19
19
 
20
20
  it "assigns 'foo' to the vault accessor" do
21
- expect(vault.vault).to eq "foo"
21
+ expect(vault.vault).to eq "foo"
22
22
  end
23
23
 
24
24
  it "loads the Chef config values" do
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: chef-vault
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.8.0.rc1
4
+ version: 2.8.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Kevin Moser
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2016-01-29 00:00:00.000000000 Z
12
+ date: 2016-02-09 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rake
@@ -207,9 +207,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
207
207
  version: '0'
208
208
  required_rubygems_version: !ruby/object:Gem::Requirement
209
209
  requirements:
210
- - - ">"
210
+ - - ">="
211
211
  - !ruby/object:Gem::Version
212
- version: 1.3.1
212
+ version: '0'
213
213
  requirements: []
214
214
  rubyforge_project:
215
215
  rubygems_version: 2.4.5.1