chef-vault 2.8.0 → 2.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 750abe3e243a8eed71602426024b73cd60fd4187
-  data.tar.gz: d014e5e9965a19cc05a5180b491d1e7938b148cb
+  metadata.gz: c90203a9c213aa3133e77ef37578555a361ea78f
+  data.tar.gz: 145c8e5648f61434f2456d30c552bd37e324b22c
 SHA512:
-  metadata.gz: ce1a778347407af231250a5d98a745f14b17ed6ba0ed05dd5bc562bfa243bfd0669519a20a00cd997dbedff7fc3fa6dc774d6b9c567e621966c7987f3209e06b
-  data.tar.gz: d14135ed7acbca9c486e771573afde6af1ccd881cf5603fecaf46e47ca0038514c0e6cd95dfc22803a7088f63f94285495c516dbf149ffe9e3e3add098640a78
+  metadata.gz: 48b43f9d6b2844348ec404aca801004bb4df6c6762558955713c3211c8efe7bca8b9029b4d66db41feac40626f79cf37c295dd3473ab4660452916f2edec985a
+  data.tar.gz: dac7905cc1eac1ba15976b75558b9c08651cb035de7d7b96abfc5c196ca653298b5d73bf286e131c242b4529d57ad18359767c561fd05a26103f2834dbccdefe

data/.gitignore

@@ -19,6 +19,7 @@
 ## Environment normalisation:
 /.bundle/
 /lib/bundler/man/
+/binstubs/
 
 # for a library or gem, you might want to ignore these files since the code is
 # intended to run in multiple environments; otherwise, check them in:

data/.travis.yml

@@ -7,7 +7,7 @@ rvm:
   - "2.0.0-p647"
   - "2.1.6"
   - "2.2.2"
-install: bundle install --binstubs
+install: bundle install --binstubs --without changelog
 before_install: gem install bundler
 env: TRAVIS_BUILD=true
 notifications:

data/Changelog.md

@@ -1,163 +1,286 @@
-## Planned (Unreleased)
+# Change Log
 
-## v2.7.0
+## [2.9.0](https://github.com/chef/chef-vault/tree/2.9.0) (2016-04-06)
+[Full Changelog](https://github.com/chef/chef-vault/compare/v2.8.0...2.9.0)
 
-This release will focus on reducing tech debt:
+**Implemented enhancements:**
 
-* improve the coverage of the RSpec suite
-* ensure there are Aruba tests for all the subcommands and scenarios that match DEMO.md
-* clean up any leftover Rubocop issues
+- Feature - knife vault update - update item\_keys only when no value is provided [\#202](https://github.com/chef/chef-vault/pull/202) ([xakraz](https://github.com/xakraz))
 
-## v2.99.0
+**Fixed bugs:**
 
-This will be the last release in the 2.x branch, and is for anyone who
-is constraining to '~> 2.4' (for example).  Anything that we decide to
-deprecate for v3.0.0 will produce warnings in this release.
+- knife vault refresh always updates the data bag item [\#193](https://github.com/chef/chef-vault/issues/193)
+- Correct vault creation in solo mode [\#206](https://github.com/chef/chef-vault/pull/206) ([kamaradclimber](https://github.com/kamaradclimber))
+- Only save keys on refresh operation [\#194](https://github.com/chef/chef-vault/pull/194) ([kamaradclimber](https://github.com/kamaradclimber))
 
-## v3.0.0
+## [v2.8.0](https://github.com/chef/chef-vault/tree/v2.8.0) (2016-02-09)
+[Full Changelog](https://github.com/chef/chef-vault/compare/v2.8.0.rc1...v2.8.0)
 
-This will be a major refactor.  The primary goal is to solve the bootstrap
-problem where a vault can't be encrypted for a node until the node has been
-created.  Exactly how we will do that is open to discussion (watch the
-chef-vault issues on github for news).
+**Merged pull requests:**
 
-This release will also remove the chef-vault 1.x commands (encrypt/decrypt)
+- UPGRADE: fixed a typo [\#198](https://github.com/chef/chef-vault/pull/198) ([joonas](https://github.com/joonas))
+- adds link to Chef Vault blog post to README [\#197](https://github.com/chef/chef-vault/pull/197) ([nellshamrell](https://github.com/nellshamrell))
 
-## Released
+## [v2.8.0.rc1](https://github.com/chef/chef-vault/tree/v2.8.0.rc1) (2016-01-29)
+[Full Changelog](https://github.com/chef/chef-vault/compare/v2.7.1...v2.8.0.rc1)
 
-## v2.8.0
+**Merged pull requests:**
 
-* Fix searches for more than 1000 nodes
+- Deal with more than 1000 nodes [\#196](https://github.com/chef/chef-vault/pull/196) ([thommay](https://github.com/thommay))
 
-## v2.6.1
+## [v2.7.1](https://github.com/chef/chef-vault/tree/v2.7.1) (2016-01-25)
+[Full Changelog](https://github.com/chef/chef-vault/compare/v2.7.0...v2.7.1)
 
-* Remove dependency on [rspec-its](https://github.com/rspec/rspec-its)
-* (via Chef/Dan DeLeo): reduce the number of parts of chef that chef-vault `require`s to easy integration of chef-vault into ChefDK
+## [v2.7.0](https://github.com/chef/chef-vault/tree/v2.7.0) (2016-01-25)
+[Full Changelog](https://github.com/chef/chef-vault/compare/v2.6.1...v2.7.0)
 
-## v2.6.0 / 2015-05-13
+**Fixed bugs:**
 
-* ChefVault::Item#clients can now accept a Chef::ApiClient object instead of a search string.  Requested by @lamont-granquist to make implementing chef-vault into `knife bootstrap` easier
-* allow Ruby 1.9.3 failures to not cause the overall build to fail on Travis
-* switch to latest 2.0.x, 2.1.x, and 2.2.x releases of Ruby
-* add --clean-unknown-clients switch to `knife vault refresh`
-  * as a side effect, `ChefVault::Item` now has a `#refresh` method which can be used to programatically perform the same operation as `knife vault refresh`
-* enhance 'knife vault show VAULTNAME' (without an item name) to list the names of the items in the vault for parity with 'knife data bag show'
-* add #raw_keys to ChefVault::Item that calls #keys on the underlying data bag item.  We can't make ChefVault::Item work like a true hash without breaking the public API, but this at least makes it easier to get a list of keys
-* allow ChefVault::Item.new and ChefVault::Item.load to specify an alternate node name and client key path.  See the README for the use case this serves.
-* added ChefVault::Item.vault? predicate that returns true if the item is a vault and false otherwise
-* added ChefVault::Item.data_bag_item_type method that returns one of :normal, :encrypted or :vault
-* added 'knife vault isvault VAULT ITEM' subcommand that exits 0 if the item is a vault and 1 if it is not
-* added 'knife vault itemtype VAULT ITEM' subcommand that outputs 'normal', 'encrypted' or 'vault'
+- Should warn/error when modifying 1.x items [\#52](https://github.com/chef/chef-vault/issues/52)
 
-## v2.5.0 / 2015-02-09
+**Closed issues:**
 
-* when decrypting, if the vault is encrypted for the node but decryption fails, emit a more friendly error message than 'OpenSSL::PKey::RSAError: padding check failed'
-* when attempting to add a client key to a vault item, warn and skip if the node doesn't have a public key (reported by Nik Ormseth)
-* add a new 'knife vault list' command that lists the data bags that are vaults
-* Add more detailed explanation of how chef-vault works in THEORY.md (Issue #109)
-* fix a problem with the --clean-unknown-clients switch to `rotate keys` that made it impossible to delete a client that could not be searched for (i.e. the node object is deleted)
-* add rubocop tasks to Rakefile and take a first pass at the low-hanging fruit
+- Support data\_bag\_path arrays [\#191](https://github.com/chef/chef-vault/issues/191)
+- Refresh fails if no search expression is set [\#188](https://github.com/chef/chef-vault/issues/188)
+- knife vault create is failing  [\#187](https://github.com/chef/chef-vault/issues/187)
+- Issues with knife bootstrap --bootstrap-vault-item [\#185](https://github.com/chef/chef-vault/issues/185)
+- Can't create anything.  [\#183](https://github.com/chef/chef-vault/issues/183)
+- knife vault refresh broken - chefdk0.7.0/chef11.1.1 [\#182](https://github.com/chef/chef-vault/issues/182)
+- Environment Permissions [\#181](https://github.com/chef/chef-vault/issues/181)
+- Knife vault stopped working after chefdk & chef-client upgrade [\#180](https://github.com/chef/chef-vault/issues/180)
+- Chef 12.4.0 breaks user patch [\#176](https://github.com/chef/chef-vault/issues/176)
+- vault refresh broken with chef 12.4.0 [\#175](https://github.com/chef/chef-vault/issues/175)
 
-## v2.4.0 / 2014-12-03
+**Merged pull requests:**
 
-* add simplecov test coverage configuration (Doug Ireton)
-* add --clean-unknown-clients switch to knife remove/rotate (Thomas Gschwind and Reto Hermann)
+- Correctly handle an array of data\_bag paths [\#192](https://github.com/chef/chef-vault/pull/192) ([thommay](https://github.com/thommay))
+- add recognition of 'name' in response [\#184](https://github.com/chef/chef-vault/pull/184) ([lhandl](https://github.com/lhandl))
+- typo in THEORY.md [\#179](https://github.com/chef/chef-vault/pull/179) ([mindyor](https://github.com/mindyor))
+- Detect when trying to manage a v1 vault [\#173](https://github.com/chef/chef-vault/pull/173) ([jf647](https://github.com/jf647))
 
-## v2.3.0 / 2014-10-22
+## [v2.6.1](https://github.com/chef/chef-vault/tree/v2.6.1) (2015-05-28)
+[Full Changelog](https://github.com/chef/chef-vault/compare/v2.6.0...v2.6.1)
 
-* add --clean switch to knife update (thanks to Matt Brimstone)
-* added aruba CLI testing framework (just for --clean option for now)
-* add Ruby 2.0.x and 2.1.x to Travis platforms
+**Closed issues:**
 
-## v2.2.2 / 2014-06-03
+- Permission Issue - Missing Read Permission [\#171](https://github.com/chef/chef-vault/issues/171)
+-   undefined method `vault' for Chef::Resource::User [\#170](https://github.com/chef/chef-vault/issues/170)
+- ChefVault::Item.refresh [\#168](https://github.com/chef/chef-vault/issues/168)
 
-* Add knife vault refresh command
-* Use node_name as a default admin
-* Add DEMO for users
+**Merged pull requests:**
 
-## v2.2.1 / 2014-02-26
+- Only load the parts of chef we actually use [\#172](https://github.com/chef/chef-vault/pull/172) ([danielsdeleo](https://github.com/danielsdeleo))
+- Remove dependency on rspec-its gem [\#169](https://github.com/chef/chef-vault/pull/169) ([dougireton](https://github.com/dougireton))
+- Add gitter.im [\#167](https://github.com/chef/chef-vault/pull/167) ([jf647](https://github.com/jf647))
 
-* Add vault_admins to knife.rb for a default set of vault admins
+## [v2.6.0](https://github.com/chef/chef-vault/tree/v2.6.0) (2015-05-13)
+[Full Changelog](https://github.com/chef/chef-vault/compare/v2.5.0...v2.6.0)
 
-## v2.2.0 / 2014-01-21
+**Implemented enhancements:**
 
-* Validate data bag ID before saving
-* Add search_query to vault metadata
-* Refactor knife commands to be knife vault verb
-* Deprecate old knife commands
-* Add knife vault show to deprecate knife decrypt
-* Print admins, clients and search_query in show with -p
-* Add knife vault edit to edit vault items
-* Add mode option for knife.rb
-* Fix more README typos
+- `ChefVault::Item` should not define `\#keys` method. [\#158](https://github.com/chef/chef-vault/issues/158)
+- Add --clean to refresh option [\#151](https://github.com/chef/chef-vault/issues/151)
+- Allow clients \(without a node\) to be returned via searches. [\#150](https://github.com/chef/chef-vault/issues/150)
+- Need validation for item id: property [\#149](https://github.com/chef/chef-vault/issues/149)
+- Add helper to get the keys of a vault item [\#142](https://github.com/chef/chef-vault/issues/142)
+- Add knife vault show vaultname [\#141](https://github.com/chef/chef-vault/issues/141)
+- Knife Vault Refresh Not Running on Server 2012R2 [\#129](https://github.com/chef/chef-vault/issues/129)
 
-## v2.1.0 / 2013-12-23
+**Closed issues:**
 
-* Update README to correct typos
-* Modify admin loading to fall back to clients endpoint if not found in users endpoint
-* Add --file to "knife encrypt update" & "knife encrypt create" to do file encryption in chef-vault.  It will create a key called "file-content" & "file-name"
-* When VALUES is not supplied print the whole vault item
+- knife vault create examples using node/client names? [\#157](https://github.com/chef/chef-vault/issues/157)
+- Unable to create a chef vault secret from a recipe [\#154](https://github.com/chef/chef-vault/issues/154)
+- knife boostrap not picking up nodes from search query of vaults [\#148](https://github.com/chef/chef-vault/issues/148)
+- Cannot update vault item [\#116](https://github.com/chef/chef-vault/issues/116)
+- Refresh did not re-encrypt for an admin's new key [\#145](https://github.com/chef/chef-vault/issues/145)
+- Chef 12.1.0 warning [\#143](https://github.com/chef/chef-vault/issues/143)
 
-## v2.0.2 / 2013-09-10
+**Merged pull requests:**
 
-* Modify written data bag json files in solo mode to be valid for the knife data bag from file command
-* Modify knife encrypt remove to automatically rotate keys
+- Add vault probing predicates [\#165](https://github.com/chef/chef-vault/pull/165) ([jf647](https://github.com/jf647))
+- Allow the node name and path to the client key to be specified [\#163](https://github.com/chef/chef-vault/pull/163) ([jf647](https://github.com/jf647))
+- Add a \#raw\_keys method to ChefVault::Item [\#162](https://github.com/chef/chef-vault/pull/162) ([jf647](https://github.com/jf647))
+- Enhance 'knife vault show' to list vault items [\#161](https://github.com/chef/chef-vault/pull/161) ([jf647](https://github.com/jf647))
+- Validate that the vault id hasn't changed since the \_keys item was created [\#160](https://github.com/chef/chef-vault/pull/160) ([jf647](https://github.com/jf647))
+- Add --clean-unknown-clients to 'knife vault refresh' [\#159](https://github.com/chef/chef-vault/pull/159) ([jf647](https://github.com/jf647))
+- Let ChefVault::Item\#clients accept a Chef::ApiClient instead of a search... [\#156](https://github.com/chef/chef-vault/pull/156) ([jf647](https://github.com/jf647))
+- Allow ruby 1.9.3 to fail on Travis [\#155](https://github.com/chef/chef-vault/pull/155) ([jf647](https://github.com/jf647))
+- Update docs to reflect the new compile\_time attribute of chef\_gem [\#144](https://github.com/chef/chef-vault/pull/144) ([jf647](https://github.com/jf647))
+- very minor correction to typo [\#139](https://github.com/chef/chef-vault/pull/139) ([Dispader](https://github.com/Dispader))
+- Release 2.6.0 [\#164](https://github.com/chef/chef-vault/pull/164) ([jf647](https://github.com/jf647))
 
-## v2.0.1 / 2013-09-03
+## [v2.5.0](https://github.com/chef/chef-vault/tree/v2.5.0) (2015-02-09)
+[Full Changelog](https://github.com/chef/chef-vault/compare/v2.4.0...v2.5.0)
 
-* Removal of knife encrypt certs
-* Removal of knife encrypt passwords
-* Add knife encrypt create
-* Add knife encrypt update
-* Add knife encrypt remove
-* Add knife encrypt delete
-* Add knife encrypt rotate keys
-* Add knife decrypt
-* Update chef-vault binary to take -v, -i, -a
-* Add ChefVault::Item class
-* Add ChefVault::ItemKeys class
-* Modify ChefVault::User to use ChefVault::Item to maintain backwards compatability
-* Modify ChefVault::Certificate to use ChefVault::Item to maintain backwards compatability
+**Implemented enhancements:**
 
-## v1.2.5 / 2013-07-22
+- knife vault list [\#97](https://github.com/chef/chef-vault/issues/97)
+- Add chef-vault.bat to bin for windows users [\#60](https://github.com/chef/chef-vault/issues/60)
+- OpenSSL error if private key does not match used public key [\#43](https://github.com/chef/chef-vault/issues/43)
+- Skip missing/invalid client rather than raising exception [\#127](https://github.com/chef/chef-vault/issues/127)
 
-* Update compat to be class ChefVault not module ChefVault to remove knife errors
-* Allow nodes/clients to be used as Admins
+**Fixed bugs:**
 
-## v1.2.4 / 2013-07-01
+- 2.4.0 was not tagged in github [\#128](https://github.com/chef/chef-vault/issues/128)
+- clean\_unknown\_clients not working [\#133](https://github.com/chef/chef-vault/issues/133)
+- Skip missing/invalid client rather than raising exception [\#127](https://github.com/chef/chef-vault/issues/127)
 
-* Move compat include into the lazy-load deps
-* Modify open file commands in knife commands to avoid file locking on windows
+**Closed issues:**
 
-## v1.2.3 / 2013-04-30
+- Support pruning of deleted clients from vault access list when rotating keys [\#123](https://github.com/chef/chef-vault/issues/123)
+- knife subcommands fail in cryptic fashion if you don't set --mode [\#117](https://github.com/chef/chef-vault/issues/117)
+- vault commands force -A or knife.rb :vault\_admins [\#89](https://github.com/chef/chef-vault/issues/89)
+- Add RSpec tests for chef-vault/chef/offline.rb [\#13](https://github.com/chef/chef-vault/issues/13)
+- Need theory of operations/architecture documentation [\#109](https://github.com/chef/chef-vault/issues/109)
 
-* Update to use attr_accessor in chef_vault
-* Add rspec tests
+## [v2.4.0](https://github.com/chef/chef-vault/tree/v2.4.0) (2014-12-03)
+[Full Changelog](https://github.com/chef/chef-vault/compare/v2.3.0...v2.4.0)
 
-## v1.2.2 / 2013-04-23
+**Closed issues:**
 
-* Update to create data bag folder if it does not already exist
+- Create, Refresh and Update behaviours [\#118](https://github.com/chef/chef-vault/issues/118)
+- vault refresh remove clients from keys data bag? [\#111](https://github.com/chef/chef-vault/issues/111)
+- There doesnt seem to be a way to remove authorized client from vault\_keys [\#103](https://github.com/chef/chef-vault/issues/103)
+
+**Merged pull requests:**
+
+- Upgrade to RSpec 3.1 and disable monkey-patching [\#122](https://github.com/chef/chef-vault/pull/122) ([dougireton](https://github.com/dougireton))
 
-## v1.2.1 / 2013-04-23
+## [v2.3.0](https://github.com/chef/chef-vault/tree/v2.3.0) (2014-10-22)
+[Full Changelog](https://github.com/chef/chef-vault/compare/v2.2.4...v2.3.0)
 
-* Clarify Readme
+**Closed issues:**
 
-## v1.0.1 / 2013-04-12
-
-* Compatibility with Chef 10/11 (Shef vs Chef-Shell)
-
-## v1.0.0 / 2013-04-08
-
-* Rename from Chef-Keepass to Chef-Vault
-
-## v0.2.1 / 2013-04/05
-
-* Add Certificate class
-
-## v0.2.0 / 2013-04-05
-
-* Add encrypt cert
-
-## v0.1.1 / 2013-03-14
-
-* initial release
+- Please push missing tags \(especially \> 2.2.1\) [\#119](https://github.com/chef/chef-vault/issues/119)
+- Vault subcommands not showing for knife [\#114](https://github.com/chef/chef-vault/issues/114)
+- cannot get client public\_key [\#113](https://github.com/chef/chef-vault/issues/113)
+- Key update methods [\#105](https://github.com/chef/chef-vault/issues/105)
+
+**Merged pull requests:**
+
+- Add a knife vault download command for downloading encrypted files [\#104](https://github.com/chef/chef-vault/pull/104) ([justinlocsei](https://github.com/justinlocsei))
+
+## [v2.2.4](https://github.com/chef/chef-vault/tree/v2.2.4) (2014-07-17)
+[Full Changelog](https://github.com/chef/chef-vault/compare/v2.2.3...v2.2.4)
+
+**Closed issues:**
+
+- Improvement: easier way to update stored search for an item [\#110](https://github.com/chef/chef-vault/issues/110)
+- Missing refresh command  [\#106](https://github.com/chef/chef-vault/issues/106)
+- Add RSpec tests for chef-vault/certificate.rb [\#12](https://github.com/chef/chef-vault/issues/12)
+- Add RSpec tests for chef-vault/user.rb [\#11](https://github.com/chef/chef-vault/issues/11)
+
+**Merged pull requests:**
+
+- Improved tests [\#112](https://github.com/chef/chef-vault/pull/112) ([rastasheep](https://github.com/rastasheep))
+
+## [v2.2.3](https://github.com/chef/chef-vault/tree/v2.2.3) (2014-06-24)
+[Full Changelog](https://github.com/chef/chef-vault/compare/v2.2.2...v2.2.3)
+
+## [v2.2.2](https://github.com/chef/chef-vault/tree/v2.2.2) (2014-06-03)
+[Full Changelog](https://github.com/chef/chef-vault/compare/v2.2.1...v2.2.2)
+
+**Closed issues:**
+
+- cannot load such file -- chef/user [\#102](https://github.com/chef/chef-vault/issues/102)
+- Reapply Search [\#95](https://github.com/chef/chef-vault/issues/95)
+- knife vault create thows "can't convert Array into String \(TypeError\)" [\#94](https://github.com/chef/chef-vault/issues/94)
+- ChefVault::Exceptions::KeysNotFound in test kitchen [\#92](https://github.com/chef/chef-vault/issues/92)
+- Undefined method join for nil class [\#91](https://github.com/chef/chef-vault/issues/91)
+- Purpose of `rotate keys` [\#90](https://github.com/chef/chef-vault/issues/90)
+
+**Merged pull requests:**
+
+- Add gem\_tasks to Rakefile so you can do `rake release` [\#98](https://github.com/chef/chef-vault/pull/98) ([dougireton](https://github.com/dougireton))
+- Fixes \#95 - Adding reapply command [\#96](https://github.com/chef/chef-vault/pull/96) ([pdalinis](https://github.com/pdalinis))
+- knife.rb node name is default admin [\#93](https://github.com/chef/chef-vault/pull/93) ([jgeiger](https://github.com/jgeiger))
+- Fixed minor formatting in README to allow the vault\_admins info to display properly. [\#88](https://github.com/chef/chef-vault/pull/88) ([eklein](https://github.com/eklein))
+- Add a short demo as an easy way in [\#87](https://github.com/chef/chef-vault/pull/87) ([aug24](https://github.com/aug24))
+
+## [v2.2.1](https://github.com/chef/chef-vault/tree/v2.2.1) (2014-02-26)
+**Implemented enhancements:**
+
+- Add a file-content option to the knife commands [\#42](https://github.com/chef/chef-vault/issues/42)
+- Rotate shared secret when you remove nodes or admins [\#38](https://github.com/chef/chef-vault/issues/38)
+
+**Fixed bugs:**
+
+- Fix broken travis ci badge [\#32](https://github.com/chef/chef-vault/issues/32)
+
+**Closed issues:**
+
+- A question about keys. [\#85](https://github.com/chef/chef-vault/issues/85)
+- --ADMINS option must be declared as mandatory when creating vault item [\#83](https://github.com/chef/chef-vault/issues/83)
+- Vault UPDATE fails when vault item is created without any ADMINS specified [\#81](https://github.com/chef/chef-vault/issues/81)
+- Changelog.md has a typo in "Released" date of version "v2.2.0" [\#79](https://github.com/chef/chef-vault/issues/79)
+- Release updated gem to rubygems [\#78](https://github.com/chef/chef-vault/issues/78)
+- knife encrypt allows illegal characters in dabag item ID [\#75](https://github.com/chef/chef-vault/issues/75)
+- knife encrypt should store the search query [\#66](https://github.com/chef/chef-vault/issues/66)
+- Allow for printing standard knife formatted output of the entire chef-vault'ed databag [\#62](https://github.com/chef/chef-vault/issues/62)
+- Is there a way to test recipes using ChefVault with test-kitchen? [\#61](https://github.com/chef/chef-vault/issues/61)
+- When is 2.1.0 scheduled for release? [\#59](https://github.com/chef/chef-vault/issues/59)
+- Getting gem load error on windows 2012 chef solo client. [\#57](https://github.com/chef/chef-vault/issues/57)
+- Typo in readme [\#55](https://github.com/chef/chef-vault/issues/55)
+- JSON::ParserError: Unsupported `json\_class` type 'Chef::WebUIUser' [\#54](https://github.com/chef/chef-vault/issues/54)
+- Improve knife commands and order [\#51](https://github.com/chef/chef-vault/issues/51)
+- decrypt should emit json for the entire item [\#50](https://github.com/chef/chef-vault/issues/50)
+- Use a larger key size for the generated secret by default, and allow keysize setting [\#46](https://github.com/chef/chef-vault/issues/46)
+- Usage text is incorrect for `knife encrypt rotate keys` [\#44](https://github.com/chef/chef-vault/issues/44)
+- Solo mode does not create knife data bag from file valid data bag file [\#40](https://github.com/chef/chef-vault/issues/40)
+- ERROR: ChefVault::Exceptions::AdminNotFound for client admins [\#39](https://github.com/chef/chef-vault/issues/39)
+- Warn when knife encrypt --search returns zero results [\#31](https://github.com/chef/chef-vault/issues/31)
+- Clarify that knife encrypt creates databag and data bag items [\#30](https://github.com/chef/chef-vault/issues/30)
+- Titlecase "chef" in README [\#29](https://github.com/chef/chef-vault/issues/29)
+- knife dumps stack trace with Chef 10.24.0 after installing chef-vault gem [\#27](https://github.com/chef/chef-vault/issues/27)
+- Remove Gemfile.lock from repo per Yehuda Katz and add dev dependencies to Gemspec [\#23](https://github.com/chef/chef-vault/issues/23)
+- Setup project to run with Travis CI [\#18](https://github.com/chef/chef-vault/issues/18)
+- Create Rake file to run tests [\#17](https://github.com/chef/chef-vault/issues/17)
+- Add LICENSE file [\#16](https://github.com/chef/chef-vault/issues/16)
+- Add Contributing guidelines [\#15](https://github.com/chef/chef-vault/issues/15)
+- Add changelog [\#14](https://github.com/chef/chef-vault/issues/14)
+- In `chef-vault.rb`, use data\_bag and chef\_config\_file getters instead of instance vars per POODR guidelines [\#9](https://github.com/chef/chef-vault/issues/9)
+- Add RSpec tests for lib/chef-vault.rb [\#7](https://github.com/chef/chef-vault/issues/7)
+- Splitting `admins` var on comma leaves in extraneous whitespace when --admins has spaces [\#5](https://github.com/chef/chef-vault/issues/5)
+- Show better error message when 'certs' or 'passwords' directory is missing from chef-repo/databags/ directory [\#4](https://github.com/chef/chef-vault/issues/4)
+- Readme should be clarified [\#1](https://github.com/chef/chef-vault/issues/1)
+
+**Merged pull requests:**
+
+- Add ability to use default administrators [\#84](https://github.com/chef/chef-vault/pull/84) ([dafyddcrosby](https://github.com/dafyddcrosby))
+- Wrong year for recent update [\#82](https://github.com/chef/chef-vault/pull/82) ([lamont](https://github.com/lamont))
+- Fixes \#79: "Released" date of version "v2.2.0" [\#80](https://github.com/chef/chef-vault/pull/80) ([techish1](https://github.com/techish1))
+- Validate ID before saving item [\#77](https://github.com/chef/chef-vault/pull/77) ([eklein](https://github.com/eklein))
+- Store search query & print vault admin data [\#74](https://github.com/chef/chef-vault/pull/74) ([eklein](https://github.com/eklein))
+- Missed replacing "decrypt" w/ "show" in README.md [\#73](https://github.com/chef/chef-vault/pull/73) ([eklein](https://github.com/eklein))
+- Rebased PR on top of jgeiger's merged PR [\#72](https://github.com/chef/chef-vault/pull/72) ([eklein](https://github.com/eklein))
+- Add vault commands, deprecate encrypt, add rotate all keys [\#71](https://github.com/chef/chef-vault/pull/71) ([jgeiger](https://github.com/jgeiger))
+- Fix github user name for repository [\#70](https://github.com/chef/chef-vault/pull/70) ([jgeiger](https://github.com/jgeiger))
+- Fix \#51: update knife commands [\#68](https://github.com/chef/chef-vault/pull/68) ([jgeiger](https://github.com/jgeiger))
+- Fix typos in KNIFE\_EXAMPLES.md [\#67](https://github.com/chef/chef-vault/pull/67) ([jgeiger](https://github.com/jgeiger))
+- Issue 50: Use standard chef/knife formatting for all knife decrypt output [\#64](https://github.com/chef/chef-vault/pull/64) ([eklein](https://github.com/eklein))
+- Issue \#62: Allow for printing entire chef-vault'ed databag [\#63](https://github.com/chef/chef-vault/pull/63) ([eklein](https://github.com/eklein))
+- Fixes \#56: Typo in readme [\#56](https://github.com/chef/chef-vault/pull/56) ([bhicks](https://github.com/bhicks))
+- Addresses \#46, use securerandom to generate secret [\#48](https://github.com/chef/chef-vault/pull/48) ([jtimberman](https://github.com/jtimberman))
+- Fixes \#44: Usage text is incorrect for `knife encrypt rotate keys` [\#45](https://github.com/chef/chef-vault/pull/45) ([jer](https://github.com/jer))
+- Fixing typo in command line option and README: vaules -\> values [\#41](https://github.com/chef/chef-vault/pull/41) ([trinitronx](https://github.com/trinitronx))
+- Fix: open locked file on windows during data\_bag update [\#37](https://github.com/chef/chef-vault/pull/37) ([aseresun](https://github.com/aseresun))
+- Allow any client key to act as admin [\#36](https://github.com/chef/chef-vault/pull/36) ([kisoku](https://github.com/kisoku))
+- move the compat include into the lazy-load [\#35](https://github.com/chef/chef-vault/pull/35) ([spheromak](https://github.com/spheromak))
+- Fix \#32: Correct Travis CI link [\#34](https://github.com/chef/chef-vault/pull/34) ([dougireton](https://github.com/dougireton))
+- Fix \#32: Fix broken travis ci badge [\#33](https://github.com/chef/chef-vault/pull/33) ([dougireton](https://github.com/dougireton))
+- Add Version Badge to Readme [\#26](https://github.com/chef/chef-vault/pull/26) ([dougireton](https://github.com/dougireton))
+- Fixes \#18: Add .travis.yml file [\#25](https://github.com/chef/chef-vault/pull/25) ([dougireton](https://github.com/dougireton))
+- Fixes \#23: Remove Gemfile.lock from repo per Yehuda Katz [\#24](https://github.com/chef/chef-vault/pull/24) ([dougireton](https://github.com/dougireton))
+- Fixes \#15: Add Contributing guide [\#22](https://github.com/chef/chef-vault/pull/22) ([dougireton](https://github.com/dougireton))
+- Fixes \#14: Add initial Changelog [\#21](https://github.com/chef/chef-vault/pull/21) ([dougireton](https://github.com/dougireton))
+- Fixes \#16: Add Apache 2.0 license file and source headers [\#20](https://github.com/chef/chef-vault/pull/20) ([dougireton](https://github.com/dougireton))
+- Fixes \#17: Add initial Rakefile to run specs [\#19](https://github.com/chef/chef-vault/pull/19) ([dougireton](https://github.com/dougireton))
+- Fixes \#9: Use getters instead of instance vars [\#10](https://github.com/chef/chef-vault/pull/10) ([dougireton](https://github.com/dougireton))
+- Fixes \#7: Add rspec tests for chef-vault.rb [\#8](https://github.com/chef/chef-vault/pull/8) ([dougireton](https://github.com/dougireton))
+- Fixes \#2: Split --admins string on ',' and whitespace [\#6](https://github.com/chef/chef-vault/pull/6) ([dougireton](https://github.com/dougireton))
+- Update for compatability with chef10/11 [\#3](https://github.com/chef/chef-vault/pull/3) ([spheromak](https://github.com/spheromak))
+- Fixes \#1: Clarify readme [\#2](https://github.com/chef/chef-vault/pull/2) ([dougireton](https://github.com/dougireton))
+
+
+
+\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*

data/Gemfile

@@ -1,5 +1,12 @@
 source "https://rubygems.org/"
 
-gem "chefstyle", git: "https://github.com/chef/chefstyle.git"
+group :development do
+  gem "chefstyle", git: "https://github.com/chef/chefstyle.git"
+end
+if RUBY_VERSION.to_f >= 2.0
+  group :changelog do
+    gem "github_changelog_generator", "1.11.3"
+  end
+end
 
 gemspec

data/Rakefile

@@ -1,4 +1,5 @@
 require "bundler/gem_tasks"
+require_relative "tasks/github_changelog_generator"
 
 # Style Tests
 begin

data/bin/chef-vault

@@ -75,7 +75,7 @@ OptionParser.new do |opts|
 end.parse!
 
 options_config.each do |option, config|
-  raise OptionParser::MissingArgument, option if (options[option].nil? && !config[:optional])
+  raise OptionParser::MissingArgument, option if options[option].nil? && !config[:optional]
 end
 
 options_config.each do |option, config|

data/features/detect_and_warn_v1_vault.feature

@@ -1,12 +1,12 @@
 Feature: Detect and Warn for v1 Vaults
 
   chef-vault can read a v1 vault, but the management commands
-  tend to break when they try to deference v2 fields like
+  tend to break when they try to reference v2 fields like
   clients and admins.  They should detect and warn when trying
   to access a v1 vault
 
   Scenario: Add search query to v1 vault
-    Given a local mode chef repo with nodes 'one,two,three'
+    Given a local mode chef repo with nodes 'one,two,three' with admins 'bob'
     And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three'
     Then the vault item 'test/item' should be encrypted for 'one,two,three'
     And 'one,two,three' should be a client for the vault item 'test/item'

data/features/step_definitions/chef-repo.rb

@@ -8,6 +8,7 @@ Given(/^a local mode chef repo with nodes '(.+?)'(?: with admins '(.+?)')?$/) do
 local_mode true
 chef_repo_path '.'
 chef_zero.enabled true
+knife[:vault_mode] = 'client'
 EOF
   # create the admin users and capture their private key we
   # always create an admin called 'admin' because otherwise subsequent

data/features/step_definitions/chef-vault.rb

@@ -119,6 +119,22 @@ Given(/^I downgrade the vault item '(.+)\/(.+)' to v1 syntax/) do |vault, item|
   # v1 syntax doesn't have the admins, clients and search_query keys
   keysfile = "tmp/aruba/data_bags/#{vault}/#{item}_keys.json"
   data = JSON.parse(IO.read(keysfile))
-  %w{admins clients search_query}.each { |k| data.delete(k) }
+  %w{admins clients search_query}.each { |k| data.key?("raw_data") ? data["raw_data"].delete(k) : data.delete(k) }
   IO.write(keysfile, JSON.generate(data))
 end
+
+Given(/^I can save the JSON object of the encrypted data bag for the vault item '(.+)\/(.+)'$/) do |vault, item|
+  command = "knife data bag show #{vault} #{item} -z -c knife.rb -F json"
+  run_simple(command)
+  output = last_command_started.stdout
+  @saved_encrypted_vault_item = JSON.parse(output)
+end
+
+Given(/^the data bag of the vault item '(.+)\/(.+)' has not been re-encrypted$/) do |vault, item|
+  command = "knife data bag show #{vault} #{item} -z -c knife.rb -F json"
+  run_simple(command)
+  output = last_command_started.stdout
+  encrypted_vault_item = JSON.parse(output)
+
+  expect(encrypted_vault_item).to eq(@saved_encrypted_vault_item)
+end

data/features/vault_update.feature

@@ -1,17 +1,19 @@
 Feature: knife vault update
 
   'knife vault update' is used to add clients, or administrators
-  and to re-run the search query
+  and to re-run the search query and update the vault's item values.
 
   Scenario: add admin to a vault
     Given a local mode chef repo with nodes 'one,two,three' with admins 'alice,bob'
-    And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' with 'alice' as admin
+    When I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three' with 'alice' as admin
     Then the vault item 'test/item' should be encrypted for 'one,two,three'
-    And 'one,two,three' should be a client for the vault item 'test/item'
-    And 'alice' should be an admin for the vault item 'test/item'
-    And I can decrypt the vault item 'test/item' as 'alice'
-    And I can't decrypt the vault item 'test/item' as 'bob'
-    And I add 'bob' as an admin for the vault item 'test/item'
+      And 'one,two,three' should be a client for the vault item 'test/item'
+      And 'alice' should be an admin for the vault item 'test/item'
+      And I can decrypt the vault item 'test/item' as 'alice'
+      But I can't decrypt the vault item 'test/item' as 'bob'
+      And I can save the JSON object of the encrypted data bag for the vault item 'test/item'
+    When I add 'bob' as an admin for the vault item 'test/item'
     Then 'alice,bob' should be an admin for the vault item 'test/item'
-    And I can decrypt the vault item 'test/item' as 'alice'
-    And I can decrypt the vault item 'test/item' as 'bob'
+      And I can decrypt the vault item 'test/item' as 'alice'
+      And I can decrypt the vault item 'test/item' as 'bob'
+      And the data bag of the vault item 'test/item' has not been re-encrypted

data/lib/chef-vault/item.rb

@@ -196,25 +196,7 @@ class ChefVault
     end
 
     def save(item_id = @raw_data["id"])
-      # validate the format of the id before attempting to save
-      validate_id!(item_id)
-
-      # ensure that the ID of the vault hasn't changed since the keys
-      # data bag item was created
-      keys_id = keys["id"].match(/^(.+)_keys/)[1]
-      if keys_id != item_id
-        raise ChefVault::Exceptions::IdMismatch,
-          "id mismatch - input JSON has id '#{item_id}' but vault item has id '#{keys_id}'"
-      end
-
-      # save the keys first, raising an error if no keys were defined
-      if keys.admins.empty? && keys.clients.empty?
-        raise ChefVault::Exceptions::NoKeysDefined,
-          "No keys defined for #{item_id}"
-      end
-
-      keys.save
-
+      save_keys(item_id)
       # Make sure the item is encrypted before saving
       encrypt! unless @encrypted
 
@@ -236,6 +218,27 @@ class ChefVault
       end
     end
 
+    def save_keys(item_id = @raw_data["id"])
+      # validate the format of the id before attempting to save
+      validate_id!(item_id)
+
+      # ensure that the ID of the vault hasn't changed since the keys
+      # data bag item was created
+      keys_id = keys["id"].match(/^(.+)_keys/)[1]
+      if keys_id != item_id
+        raise ChefVault::Exceptions::IdMismatch,
+          "id mismatch - input JSON has id '#{item_id}' but vault item has id '#{keys_id}'"
+      end
+
+      # save the keys first, raising an error if no keys were defined
+      if keys.admins.empty? && keys.clients.empty?
+        raise ChefVault::Exceptions::NoKeysDefined,
+          "No keys defined for #{item_id}"
+      end
+
+      keys.save
+    end
+
     def to_json(*a)
       json = super
       json.gsub(self.class.name, self.class.superclass.name)
@@ -346,8 +349,8 @@ class ChefVault
       # re-process the search query to add new clients
       clients(search)
 
-      # save the updated vault
-      save
+      # save the updated keys only
+      save_keys(@raw_data["id"])
     end
 
     private

data/lib/chef-vault/version.rb

@@ -15,6 +15,6 @@
 # limitations under the License.
 
 class ChefVault
-  VERSION = "2.8.0"
+  VERSION = "2.9.0"
   MAJOR, MINOR, TINY = VERSION.split(".")
 end

data/lib/chef/knife/vault_create.rb

@@ -61,7 +61,8 @@ class Chef
               "use 'knife vault remove' 'knife vault update' "\
               "or 'knife vault edit' to make changes."
           rescue ChefVault::Exceptions::KeysNotFound,
-                 ChefVault::Exceptions::ItemNotFound
+                 ChefVault::Exceptions::ItemNotFound,
+                 Chef::Exceptions::InvalidDataBagItemID
             vault_item = ChefVault::Item.new(vault, item)
             if values || json_file || file
               merge_values(values, json_file).each do |key, value|

data/lib/chef/knife/vault_rotate_all_keys.rb

@@ -47,7 +47,7 @@ class Chef
 
       def vault_items(vault)
         Chef::DataBag.load(vault).keys.each_with_object([]) do |key, array|
-          array << key.sub("_keys", "") if key.match(/.+_keys$/)
+          array << key.sub("_keys", "") if key =~ /.+_keys$/
         end
       end
 

data/lib/chef/knife/vault_update.rb

@@ -62,15 +62,7 @@ class Chef
           begin
             vault_item = ChefVault::Item.load(vault, item)
 
-            merge_values(values, json_file).each do |key, value|
-              vault_item[key] = value
-            end
-
-            if file
-              vault_item["file-name"] = File.basename(file)
-              vault_item["file-content"] = File.open(file) { |f| f.read() }
-            end
-
+            # Keys management first
             if clean
               clients = vault_item.clients().clone().sort()
               clients.each do |client|
@@ -78,11 +70,27 @@ class Chef
                 vault_item.keys.delete(client, "clients")
               end
             end
+
             vault_item.search(search) if search
             vault_item.clients(search) if search
             vault_item.admins(admins) if admins
 
-            vault_item.save
+            # Save only the keys if no value is provided, otherwise save the item
+            if values || json_file || file
+              merge_values(values, json_file).each do |key, value|
+                vault_item[key] = value
+              end
+
+              if file
+                vault_item["file-name"] = File.basename(file)
+                vault_item["file-content"] = File.open(file) { |f| f.read() }
+              end
+
+              vault_item.save
+            else
+              vault_item.save_keys
+            end
+
           rescue ChefVault::Exceptions::KeysNotFound,
                  ChefVault::Exceptions::ItemNotFound
             raise ChefVault::Exceptions::ItemNotFound,

data/spec/chef-vault/item_spec.rb

@@ -198,7 +198,7 @@ RSpec.describe ChefVault::Item do
       allow(OpenSSL::PKey::RSA).to receive(:new).and_return(privkey)
       allow(Chef::EncryptedDataBagItem).to receive(:load).and_return(
         "id" => "bar",
-        "password" => "12345",
+        "password" => "12345"
       )
       item = ChefVault::Item.load(
         "foo", "bar",
@@ -227,6 +227,35 @@ RSpec.describe ChefVault::Item do
     end
   end
 
+  describe '#refresh' do
+
+    it "saves only the keys" do
+      keys = double("keys",
+                    search_query: "*:*",
+                    add: nil,
+                    admins: [],
+                    clients: ["testnode"])
+      allow(keys).to receive(:[]).with("id").and_return("bar_keys")
+      allow(ChefVault::ItemKeys).to receive(:new).and_return(keys)
+
+      item = ChefVault::Item.new("foo", "bar")
+
+      node  = double("node", name: "testnode")
+      query = double("query")
+      allow(Chef::Search::Query).to receive(:new).and_return(query)
+      allow(query).to receive(:search).and_yield(node)
+
+      client = double("client",
+                     name: "testclient",
+                     public_key: OpenSSL::PKey::RSA.new(1024).public_key)
+      allow(ChefVault::ChefPatch::ApiClient).to receive(:load).and_return(client)
+
+      expect(item).not_to receive(:save)
+      expect(keys).to receive(:save)
+      item.refresh
+    end
+  end
+
   describe '#clients' do
     include BorkedNodeWithoutPublicKey
 

data/tasks/github_changelog_generator.rb

@@ -0,0 +1,31 @@
+#
+# Copyright:: Copyright (c) 2016 Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "chef-vault/version"
+
+begin
+  require "github_changelog_generator/task"
+
+  GitHubChangelogGenerator::RakeTask.new :changelog do |config|
+    config.future_release = ChefVault::VERSION
+    config.enhancement_labels = "enhancement,Enhancement,New Feature,Feature".split(",")
+    config.bug_labels = "bug,Bug,Improvement,Upstream Bug".split(",")
+    config.exclude_labels = "duplicate,question,invalid,wontfix,no_changelog,Exclude From Changelog,Question,Discussion".split(",")
+  end
+rescue LoadError
+  puts "github_changelog_generator is not available. gem install github_changelog_generator to generate changelogs"
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: chef-vault
 version: !ruby/object:Gem::Version
-  version: 2.8.0
+  version: 2.9.0
 platform: ruby
 authors:
 - Kevin Moser
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-02-09 00:00:00.000000000 Z
+date: 2016-04-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -192,6 +192,7 @@ files:
 - spec/chef-vault/user_spec.rb
 - spec/chef-vault_spec.rb
 - spec/spec_helper.rb
+- tasks/github_changelog_generator.rb
 homepage: https://github.com/chef/chef-vault
 licenses:
 - Apache License, v2.0