chef-vault 3.0.3 → 3.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 41d30528b3f19c62a98a3f8de9bca62aae938558
4
- data.tar.gz: b145884ac5edef7217845114c11b3a6ff522d17b
3
+ metadata.gz: 416703868d576d9b4d982942231ade93be3275ab
4
+ data.tar.gz: 9e979c65cca7f7135597858631f7eef97c5abb3e
5
5
  SHA512:
6
- metadata.gz: 1576f97fdbf10afbfad93d17bd1dd073e41c30ebc3e00832d55c1d08e18d39dc905db733de55c049ef7d949b0956ac912cd72f6c7c5a34d9c478bcccd55cb068
7
- data.tar.gz: d8c37f6d60d65ee966ed26759c4cbf8b35719abcd19f8d4126f55dcf781b8d85d2eea910743c94ae842b43d20e816b6a30768f024d39b8b994efd4d0cd2d7879
6
+ metadata.gz: 55a98786c9b1329d75645d9ec2e092079cd929a08c72a3c8af82f0bac0575fea2a64f2ed8a0fd5e2b2637fcf6ae97467db6650945cc87b06984bcad7401fb869
7
+ data.tar.gz: 7099c41898ca19a7e37850a9dc773ef1543a000b8ffc2ba712e4614d07b1ddcb5f377f22fdb930c64869c9ee534759526cb6211422d46ad8952cbb6f3ff92286
@@ -1,10 +1,19 @@
1
1
  language: ruby
2
2
  branches:
3
3
  only:
4
- - master
4
+ - master
5
5
  rvm:
6
- - "2.2.5"
7
- - "2.3.1"
6
+ - 2.2.5
7
+ - 2.3.1
8
+ - 2.4.1
8
9
  install: bundle install --binstubs --without changelog
9
10
  before_install: gem install bundler
10
11
  env: TRAVIS_BUILD=true
12
+ deploy:
13
+ provider: rubygems
14
+ api_key:
15
+ secure: NNbOEQWaX+67bsMd1A/BB5lxd2dDzx+4uYsKxSvhVvx34UixKoLRmPhGJr0WapndsXdnG+crPpx3gpseOfJ3u42uNHQI9ASsgOOgmEiJKcW/MO/IQReRI998+XH2A4QLfLQ4JIWjpl8KNZCJSCp7w1LnDV6imy7FSM0mWS+3Lzk=
16
+ gem: chef-vault
17
+ on:
18
+ repo: chef/chef-vault
19
+ branch: master
@@ -1,11 +1,37 @@
1
1
  # Change Log
2
2
 
3
+ ## [v3.1.0](https://github.com/chef/chef-vault/tree/v3.1.0) (2017-07-04)
4
+ [Full
5
+ Changelog](https://github.com/chef/chef-vault/compare/v3.0.3...v3.1.0)
6
+
7
+ **Implemented enhancements:**
8
+
9
+ - Assume all nodes matching the search query are valid nodes [\#272](https://github.com/chef/chef-vault/pull/272) ([kamaradclimber](https://github.com/kamaradclimber))
10
+ - Avoid re-encrypting key for all existing clients [\#269](https://github.com/chef/chef-vault/pull/269) ([kamaradclimber](https://github.com/kamaradclimber))
11
+
12
+ **Fixed bugs:**
13
+
14
+ - Fix fatal error during create [\#281](https://github.com/chef/chef-vault/pull/281) ([neclimdul](https://github.com/neclimdul))
15
+ - Avoid sparse key read for non sparse secrets [\#280](https://github.com/chef/chef-vault/pull/280) ([kamaradclimber](https://github.com/kamaradclimber))
16
+ - Make sure sparse mode is used on secrets where it is explicit [\#271](https://github.com/chef/chef-vault/pull/271) ([kamaradclimber](https://github.com/kamaradclimber))
17
+
18
+ ## [v3.0.3](https://github.com/chef/chef-vault/tree/v3.0.3) (2017-05-03)
19
+ [Full Changelog](https://github.com/chef/chef-vault/compare/v3.0.2...v3.0.3)
20
+
21
+ **Fixed bugs:**
22
+
23
+ - Reduce the search response limit from 100k to 10k [\#275](https://github.com/chef/chef-vault/pull/275) ([btm](https://github.com/btm))
24
+ - Replace edit\_data\(\) with edit\_hash\(\) in vault\_edit.rb [\#274](https://github.com/chef/chef-vault/pull/274) ([tmaczukin](https://github.com/tmaczukin))
25
+
26
+ ## [v3.0.2](https://github.com/chef/chef-vault/tree/v3.0.2) (2017-04-20)
27
+ [Full Changelog](https://github.com/chef/chef-vault/compare/v3.0.1...v3.0.2)
28
+
3
29
  ## [v3.0.1](https://github.com/chef/chef-vault/tree/v3.0.1) (2017-04-11)
4
30
  [Full Changelog](https://github.com/chef/chef-vault/compare/v3.0.0...v3.0.1)
5
31
 
6
32
  **Fixed bugs:**
7
33
 
8
- - Only have a development dependency on Chef.
34
+ - Change the chef dependency to development only [\#266](https://github.com/chef/chef-vault/pull/266) ([thommay](https://github.com/thommay))
9
35
 
10
36
  ## [v3.0.0](https://github.com/chef/chef-vault/tree/v3.0.0) (2017-04-10)
11
37
  [Full Changelog](https://github.com/chef/chef-vault/compare/v2.9.1...v3.0.0)
@@ -13,22 +39,34 @@
13
39
  **Implemented enhancements:**
14
40
 
15
41
  - Vault creation, list, and destruction in sparse mode [\#252](https://github.com/chef/chef-vault/pull/252) ([rveznaver](https://github.com/rveznaver))
42
+
43
+ ## [v2.9.1](https://github.com/chef/chef-vault/tree/v2.9.1) (2017-01-19)
44
+ [Full Changelog](https://github.com/chef/chef-vault/compare/v3.0.0.rc2...v2.9.1)
45
+
46
+ ## [v3.0.0.rc2](https://github.com/chef/chef-vault/tree/v3.0.0.rc2) (2016-12-05)
47
+ [Full Changelog](https://github.com/chef/chef-vault/compare/v3.0.0.rc1...v3.0.0.rc2)
48
+
49
+ **Implemented enhancements:**
50
+
16
51
  - Add feature to save each key in different data bag item [\#246](https://github.com/chef/chef-vault/pull/246) ([rveznaver](https://github.com/rveznaver))
17
52
  - Enable testing with Chef Zero [\#244](https://github.com/chef/chef-vault/pull/244) ([rveznaver](https://github.com/rveznaver))
18
53
  - Minimize the number of searches [\#243](https://github.com/chef/chef-vault/pull/243) ([thommay](https://github.com/thommay))
19
54
  - Optimise queries when finding nodes [\#240](https://github.com/chef/chef-vault/pull/240) ([thommay](https://github.com/thommay))
20
- - Removed deprecated knife commands [\#236](https://github.com/chef/chef-vault/pull/236) ([thommay](https://github.com/thommay))
21
- - rename ChefKey to Actor [\#234](https://github.com/chef/chef-vault/pull/234) ([thommay](https://github.com/thommay))
22
- - Move to using a logger for all user output [\#232](https://github.com/chef/chef-vault/pull/232) ([thommay](https://github.com/thommay))
23
- - Add support for clients [\#227](https://github.com/chef/chef-vault/pull/227) ([svanharmelen](https://github.com/svanharmelen))
24
55
 
25
56
  **Fixed bugs:**
26
57
 
27
58
  - Use solo\_legacy\_mode fully [\#242](https://github.com/chef/chef-vault/pull/242) ([thommay](https://github.com/thommay))
28
59
  - Use legacy solo mode [\#241](https://github.com/chef/chef-vault/pull/241) ([thommay](https://github.com/thommay))
29
60
 
30
- ## [v2.9.1](https://github.com/chef/chef-vault/tree/v2.9.1) (2017-01-19)
31
- [Full Changelog](https://github.com/chef/chef-vault/compare/v3.0.0.rc2...v2.9.1)
61
+ ## [v3.0.0.rc1](https://github.com/chef/chef-vault/tree/v3.0.0.rc1) (2016-10-21)
62
+ [Full Changelog](https://github.com/chef/chef-vault/compare/v2.9.0...v3.0.0.rc1)
63
+
64
+ **Implemented enhancements:**
65
+
66
+ - Removed deprecated knife commands [\#236](https://github.com/chef/chef-vault/pull/236) ([thommay](https://github.com/thommay))
67
+ - rename ChefKey to Actor [\#234](https://github.com/chef/chef-vault/pull/234) ([thommay](https://github.com/thommay))
68
+ - Move to using a logger for all user output [\#232](https://github.com/chef/chef-vault/pull/232) ([thommay](https://github.com/thommay))
69
+ - Add support for clients [\#227](https://github.com/chef/chef-vault/pull/227) ([svanharmelen](https://github.com/svanharmelen))
32
70
 
33
71
  ## [v2.9.0](https://github.com/chef/chef-vault/tree/v2.9.0) (2016-04-08)
34
72
  [Full Changelog](https://github.com/chef/chef-vault/compare/v2.8.0...v2.9.0)
@@ -46,271 +84,42 @@
46
84
  ## [v2.8.0](https://github.com/chef/chef-vault/tree/v2.8.0) (2016-02-09)
47
85
  [Full Changelog](https://github.com/chef/chef-vault/compare/v2.8.0.rc1...v2.8.0)
48
86
 
49
- **Merged pull requests:**
50
-
51
- - UPGRADE: fixed a typo [\#198](https://github.com/chef/chef-vault/pull/198) ([joonas](https://github.com/joonas))
52
- - adds link to Chef Vault blog post to README [\#197](https://github.com/chef/chef-vault/pull/197) ([nellshamrell](https://github.com/nellshamrell))
53
-
54
87
  ## [v2.8.0.rc1](https://github.com/chef/chef-vault/tree/v2.8.0.rc1) (2016-01-29)
55
88
  [Full Changelog](https://github.com/chef/chef-vault/compare/v2.7.1...v2.8.0.rc1)
56
89
 
57
- **Merged pull requests:**
58
-
59
- - Deal with more than 1000 nodes [\#196](https://github.com/chef/chef-vault/pull/196) ([thommay](https://github.com/thommay))
60
-
61
90
  ## [v2.7.1](https://github.com/chef/chef-vault/tree/v2.7.1) (2016-01-25)
62
91
  [Full Changelog](https://github.com/chef/chef-vault/compare/v2.7.0...v2.7.1)
63
92
 
64
93
  ## [v2.7.0](https://github.com/chef/chef-vault/tree/v2.7.0) (2016-01-25)
65
94
  [Full Changelog](https://github.com/chef/chef-vault/compare/v2.6.1...v2.7.0)
66
95
 
67
- **Fixed bugs:**
68
-
69
- - Should warn/error when modifying 1.x items [\#52](https://github.com/chef/chef-vault/issues/52)
70
-
71
- **Closed issues:**
72
-
73
- - Support data\_bag\_path arrays [\#191](https://github.com/chef/chef-vault/issues/191)
74
- - Refresh fails if no search expression is set [\#188](https://github.com/chef/chef-vault/issues/188)
75
- - knife vault create is failing [\#187](https://github.com/chef/chef-vault/issues/187)
76
- - Issues with knife bootstrap --bootstrap-vault-item [\#185](https://github.com/chef/chef-vault/issues/185)
77
- - Can't create anything. [\#183](https://github.com/chef/chef-vault/issues/183)
78
- - knife vault refresh broken - chefdk0.7.0/chef11.1.1 [\#182](https://github.com/chef/chef-vault/issues/182)
79
- - Environment Permissions [\#181](https://github.com/chef/chef-vault/issues/181)
80
- - Knife vault stopped working after chefdk & chef-client upgrade [\#180](https://github.com/chef/chef-vault/issues/180)
81
- - Chef 12.4.0 breaks user patch [\#176](https://github.com/chef/chef-vault/issues/176)
82
- - vault refresh broken with chef 12.4.0 [\#175](https://github.com/chef/chef-vault/issues/175)
83
-
84
- **Merged pull requests:**
85
-
86
- - Correctly handle an array of data\_bag paths [\#192](https://github.com/chef/chef-vault/pull/192) ([thommay](https://github.com/thommay))
87
- - add recognition of 'name' in response [\#184](https://github.com/chef/chef-vault/pull/184) ([lhandl](https://github.com/lhandl))
88
- - typo in THEORY.md [\#179](https://github.com/chef/chef-vault/pull/179) ([mindyor](https://github.com/mindyor))
89
- - Detect when trying to manage a v1 vault [\#173](https://github.com/chef/chef-vault/pull/173) ([jf647](https://github.com/jf647))
90
-
91
96
  ## [v2.6.1](https://github.com/chef/chef-vault/tree/v2.6.1) (2015-05-28)
92
97
  [Full Changelog](https://github.com/chef/chef-vault/compare/v2.6.0...v2.6.1)
93
98
 
94
- **Closed issues:**
95
-
96
- - Permission Issue - Missing Read Permission [\#171](https://github.com/chef/chef-vault/issues/171)
97
- - undefined method `vault' for Chef::Resource::User [\#170](https://github.com/chef/chef-vault/issues/170)
98
- - ChefVault::Item.refresh [\#168](https://github.com/chef/chef-vault/issues/168)
99
-
100
- **Merged pull requests:**
101
-
102
- - Only load the parts of chef we actually use [\#172](https://github.com/chef/chef-vault/pull/172) ([danielsdeleo](https://github.com/danielsdeleo))
103
- - Remove dependency on rspec-its gem [\#169](https://github.com/chef/chef-vault/pull/169) ([dougireton](https://github.com/dougireton))
104
- - Add gitter.im [\#167](https://github.com/chef/chef-vault/pull/167) ([jf647](https://github.com/jf647))
105
-
106
99
  ## [v2.6.0](https://github.com/chef/chef-vault/tree/v2.6.0) (2015-05-13)
107
100
  [Full Changelog](https://github.com/chef/chef-vault/compare/v2.5.0...v2.6.0)
108
101
 
109
- **Implemented enhancements:**
110
-
111
- - `ChefVault::Item` should not define `\#keys` method. [\#158](https://github.com/chef/chef-vault/issues/158)
112
- - Add --clean to refresh option [\#151](https://github.com/chef/chef-vault/issues/151)
113
- - Allow clients \(without a node\) to be returned via searches. [\#150](https://github.com/chef/chef-vault/issues/150)
114
- - Need validation for item id: property [\#149](https://github.com/chef/chef-vault/issues/149)
115
- - Add helper to get the keys of a vault item [\#142](https://github.com/chef/chef-vault/issues/142)
116
- - Add knife vault show vaultname [\#141](https://github.com/chef/chef-vault/issues/141)
117
- - Knife Vault Refresh Not Running on Server 2012R2 [\#129](https://github.com/chef/chef-vault/issues/129)
118
-
119
- **Closed issues:**
120
-
121
- - knife vault create examples using node/client names? [\#157](https://github.com/chef/chef-vault/issues/157)
122
- - Unable to create a chef vault secret from a recipe [\#154](https://github.com/chef/chef-vault/issues/154)
123
- - knife boostrap not picking up nodes from search query of vaults [\#148](https://github.com/chef/chef-vault/issues/148)
124
- - Cannot update vault item [\#116](https://github.com/chef/chef-vault/issues/116)
125
- - Refresh did not re-encrypt for an admin's new key [\#145](https://github.com/chef/chef-vault/issues/145)
126
- - Chef 12.1.0 warning [\#143](https://github.com/chef/chef-vault/issues/143)
127
-
128
- **Merged pull requests:**
129
-
130
- - Add vault probing predicates [\#165](https://github.com/chef/chef-vault/pull/165) ([jf647](https://github.com/jf647))
131
- - Allow the node name and path to the client key to be specified [\#163](https://github.com/chef/chef-vault/pull/163) ([jf647](https://github.com/jf647))
132
- - Add a \#raw\_keys method to ChefVault::Item [\#162](https://github.com/chef/chef-vault/pull/162) ([jf647](https://github.com/jf647))
133
- - Enhance 'knife vault show' to list vault items [\#161](https://github.com/chef/chef-vault/pull/161) ([jf647](https://github.com/jf647))
134
- - Validate that the vault id hasn't changed since the \_keys item was created [\#160](https://github.com/chef/chef-vault/pull/160) ([jf647](https://github.com/jf647))
135
- - Add --clean-unknown-clients to 'knife vault refresh' [\#159](https://github.com/chef/chef-vault/pull/159) ([jf647](https://github.com/jf647))
136
- - Let ChefVault::Item\#clients accept a Chef::ApiClient instead of a search... [\#156](https://github.com/chef/chef-vault/pull/156) ([jf647](https://github.com/jf647))
137
- - Allow ruby 1.9.3 to fail on Travis [\#155](https://github.com/chef/chef-vault/pull/155) ([jf647](https://github.com/jf647))
138
- - Update docs to reflect the new compile\_time attribute of chef\_gem [\#144](https://github.com/chef/chef-vault/pull/144) ([jf647](https://github.com/jf647))
139
- - very minor correction to typo [\#139](https://github.com/chef/chef-vault/pull/139) ([Dispader](https://github.com/Dispader))
140
- - Release 2.6.0 [\#164](https://github.com/chef/chef-vault/pull/164) ([jf647](https://github.com/jf647))
141
-
142
102
  ## [v2.5.0](https://github.com/chef/chef-vault/tree/v2.5.0) (2015-02-09)
143
103
  [Full Changelog](https://github.com/chef/chef-vault/compare/v2.4.0...v2.5.0)
144
104
 
145
- **Implemented enhancements:**
146
-
147
- - knife vault list [\#97](https://github.com/chef/chef-vault/issues/97)
148
- - Add chef-vault.bat to bin for windows users [\#60](https://github.com/chef/chef-vault/issues/60)
149
- - OpenSSL error if private key does not match used public key [\#43](https://github.com/chef/chef-vault/issues/43)
150
- - Skip missing/invalid client rather than raising exception [\#127](https://github.com/chef/chef-vault/issues/127)
151
-
152
- **Fixed bugs:**
153
-
154
- - 2.4.0 was not tagged in github [\#128](https://github.com/chef/chef-vault/issues/128)
155
- - clean\_unknown\_clients not working [\#133](https://github.com/chef/chef-vault/issues/133)
156
- - Skip missing/invalid client rather than raising exception [\#127](https://github.com/chef/chef-vault/issues/127)
157
-
158
- **Closed issues:**
159
-
160
- - Support pruning of deleted clients from vault access list when rotating keys [\#123](https://github.com/chef/chef-vault/issues/123)
161
- - knife subcommands fail in cryptic fashion if you don't set --mode [\#117](https://github.com/chef/chef-vault/issues/117)
162
- - vault commands force -A or knife.rb :vault\_admins [\#89](https://github.com/chef/chef-vault/issues/89)
163
- - Add RSpec tests for chef-vault/chef/offline.rb [\#13](https://github.com/chef/chef-vault/issues/13)
164
- - Need theory of operations/architecture documentation [\#109](https://github.com/chef/chef-vault/issues/109)
165
-
166
105
  ## [v2.4.0](https://github.com/chef/chef-vault/tree/v2.4.0) (2014-12-03)
167
106
  [Full Changelog](https://github.com/chef/chef-vault/compare/v2.3.0...v2.4.0)
168
107
 
169
- **Closed issues:**
170
-
171
- - Create, Refresh and Update behaviours [\#118](https://github.com/chef/chef-vault/issues/118)
172
- - vault refresh remove clients from keys data bag? [\#111](https://github.com/chef/chef-vault/issues/111)
173
- - There doesnt seem to be a way to remove authorized client from vault\_keys [\#103](https://github.com/chef/chef-vault/issues/103)
174
-
175
- **Merged pull requests:**
176
-
177
- - Upgrade to RSpec 3.1 and disable monkey-patching [\#122](https://github.com/chef/chef-vault/pull/122) ([dougireton](https://github.com/dougireton))
178
-
179
108
  ## [v2.3.0](https://github.com/chef/chef-vault/tree/v2.3.0) (2014-10-22)
180
109
  [Full Changelog](https://github.com/chef/chef-vault/compare/v2.2.4...v2.3.0)
181
110
 
182
- **Closed issues:**
183
-
184
- - Please push missing tags \(especially \> 2.2.1\) [\#119](https://github.com/chef/chef-vault/issues/119)
185
- - Vault subcommands not showing for knife [\#114](https://github.com/chef/chef-vault/issues/114)
186
- - cannot get client public\_key [\#113](https://github.com/chef/chef-vault/issues/113)
187
- - Key update methods [\#105](https://github.com/chef/chef-vault/issues/105)
188
-
189
- **Merged pull requests:**
190
-
191
- - Add a knife vault download command for downloading encrypted files [\#104](https://github.com/chef/chef-vault/pull/104) ([justinlocsei](https://github.com/justinlocsei))
192
-
193
111
  ## [v2.2.4](https://github.com/chef/chef-vault/tree/v2.2.4) (2014-07-17)
194
112
  [Full Changelog](https://github.com/chef/chef-vault/compare/v2.2.3...v2.2.4)
195
113
 
196
- **Closed issues:**
197
-
198
- - Improvement: easier way to update stored search for an item [\#110](https://github.com/chef/chef-vault/issues/110)
199
- - Missing refresh command [\#106](https://github.com/chef/chef-vault/issues/106)
200
- - Add RSpec tests for chef-vault/certificate.rb [\#12](https://github.com/chef/chef-vault/issues/12)
201
- - Add RSpec tests for chef-vault/user.rb [\#11](https://github.com/chef/chef-vault/issues/11)
202
-
203
- **Merged pull requests:**
204
-
205
- - Improved tests [\#112](https://github.com/chef/chef-vault/pull/112) ([rastasheep](https://github.com/rastasheep))
206
-
207
114
  ## [v2.2.3](https://github.com/chef/chef-vault/tree/v2.2.3) (2014-06-24)
208
115
  [Full Changelog](https://github.com/chef/chef-vault/compare/v2.2.2...v2.2.3)
209
116
 
210
117
  ## [v2.2.2](https://github.com/chef/chef-vault/tree/v2.2.2) (2014-06-03)
211
118
  [Full Changelog](https://github.com/chef/chef-vault/compare/v2.2.1...v2.2.2)
212
119
 
213
- **Closed issues:**
214
-
215
- - cannot load such file -- chef/user [\#102](https://github.com/chef/chef-vault/issues/102)
216
- - Reapply Search [\#95](https://github.com/chef/chef-vault/issues/95)
217
- - knife vault create thows "can't convert Array into String \(TypeError\)" [\#94](https://github.com/chef/chef-vault/issues/94)
218
- - ChefVault::Exceptions::KeysNotFound in test kitchen [\#92](https://github.com/chef/chef-vault/issues/92)
219
- - Undefined method join for nil class [\#91](https://github.com/chef/chef-vault/issues/91)
220
- - Purpose of `rotate keys` [\#90](https://github.com/chef/chef-vault/issues/90)
221
-
222
- **Merged pull requests:**
223
-
224
- - Add gem\_tasks to Rakefile so you can do `rake release` [\#98](https://github.com/chef/chef-vault/pull/98) ([dougireton](https://github.com/dougireton))
225
- - Fixes \#95 - Adding reapply command [\#96](https://github.com/chef/chef-vault/pull/96) ([pdalinis](https://github.com/pdalinis))
226
- - knife.rb node name is default admin [\#93](https://github.com/chef/chef-vault/pull/93) ([jgeiger](https://github.com/jgeiger))
227
- - Fixed minor formatting in README to allow the vault\_admins info to display properly. [\#88](https://github.com/chef/chef-vault/pull/88) ([eklein](https://github.com/eklein))
228
- - Add a short demo as an easy way in [\#87](https://github.com/chef/chef-vault/pull/87) ([aug24](https://github.com/aug24))
229
-
230
120
  ## [v2.2.1](https://github.com/chef/chef-vault/tree/v2.2.1) (2014-02-26)
231
- **Implemented enhancements:**
121
+ [Full Changelog](https://github.com/chef/chef-vault/compare/e7d75c65441989ce915a30fc28782748c8a1ed1e...v2.2.1)
232
122
 
233
- - Add a file-content option to the knife commands [\#42](https://github.com/chef/chef-vault/issues/42)
234
- - Rotate shared secret when you remove nodes or admins [\#38](https://github.com/chef/chef-vault/issues/38)
235
123
 
236
- **Fixed bugs:**
237
124
 
238
- - Fix broken travis ci badge [\#32](https://github.com/chef/chef-vault/issues/32)
239
-
240
- **Closed issues:**
241
-
242
- - A question about keys. [\#85](https://github.com/chef/chef-vault/issues/85)
243
- - --ADMINS option must be declared as mandatory when creating vault item [\#83](https://github.com/chef/chef-vault/issues/83)
244
- - Vault UPDATE fails when vault item is created without any ADMINS specified [\#81](https://github.com/chef/chef-vault/issues/81)
245
- - Changelog.md has a typo in "Released" date of version "v2.2.0" [\#79](https://github.com/chef/chef-vault/issues/79)
246
- - Release updated gem to rubygems [\#78](https://github.com/chef/chef-vault/issues/78)
247
- - knife encrypt allows illegal characters in dabag item ID [\#75](https://github.com/chef/chef-vault/issues/75)
248
- - knife encrypt should store the search query [\#66](https://github.com/chef/chef-vault/issues/66)
249
- - Allow for printing standard knife formatted output of the entire chef-vault'ed databag [\#62](https://github.com/chef/chef-vault/issues/62)
250
- - Is there a way to test recipes using ChefVault with test-kitchen? [\#61](https://github.com/chef/chef-vault/issues/61)
251
- - When is 2.1.0 scheduled for release? [\#59](https://github.com/chef/chef-vault/issues/59)
252
- - Getting gem load error on windows 2012 chef solo client. [\#57](https://github.com/chef/chef-vault/issues/57)
253
- - Typo in readme [\#55](https://github.com/chef/chef-vault/issues/55)
254
- - JSON::ParserError: Unsupported `json\_class` type 'Chef::WebUIUser' [\#54](https://github.com/chef/chef-vault/issues/54)
255
- - Improve knife commands and order [\#51](https://github.com/chef/chef-vault/issues/51)
256
- - decrypt should emit json for the entire item [\#50](https://github.com/chef/chef-vault/issues/50)
257
- - Use a larger key size for the generated secret by default, and allow keysize setting [\#46](https://github.com/chef/chef-vault/issues/46)
258
- - Usage text is incorrect for `knife encrypt rotate keys` [\#44](https://github.com/chef/chef-vault/issues/44)
259
- - Solo mode does not create knife data bag from file valid data bag file [\#40](https://github.com/chef/chef-vault/issues/40)
260
- - ERROR: ChefVault::Exceptions::AdminNotFound for client admins [\#39](https://github.com/chef/chef-vault/issues/39)
261
- - Warn when knife encrypt --search returns zero results [\#31](https://github.com/chef/chef-vault/issues/31)
262
- - Clarify that knife encrypt creates databag and data bag items [\#30](https://github.com/chef/chef-vault/issues/30)
263
- - Titlecase "chef" in README [\#29](https://github.com/chef/chef-vault/issues/29)
264
- - knife dumps stack trace with Chef 10.24.0 after installing chef-vault gem [\#27](https://github.com/chef/chef-vault/issues/27)
265
- - Remove Gemfile.lock from repo per Yehuda Katz and add dev dependencies to Gemspec [\#23](https://github.com/chef/chef-vault/issues/23)
266
- - Setup project to run with Travis CI [\#18](https://github.com/chef/chef-vault/issues/18)
267
- - Create Rake file to run tests [\#17](https://github.com/chef/chef-vault/issues/17)
268
- - Add LICENSE file [\#16](https://github.com/chef/chef-vault/issues/16)
269
- - Add Contributing guidelines [\#15](https://github.com/chef/chef-vault/issues/15)
270
- - Add changelog [\#14](https://github.com/chef/chef-vault/issues/14)
271
- - In `chef-vault.rb`, use data\_bag and chef\_config\_file getters instead of instance vars per POODR guidelines [\#9](https://github.com/chef/chef-vault/issues/9)
272
- - Add RSpec tests for lib/chef-vault.rb [\#7](https://github.com/chef/chef-vault/issues/7)
273
- - Splitting `admins` var on comma leaves in extraneous whitespace when --admins has spaces [\#5](https://github.com/chef/chef-vault/issues/5)
274
- - Show better error message when 'certs' or 'passwords' directory is missing from chef-repo/databags/ directory [\#4](https://github.com/chef/chef-vault/issues/4)
275
- - Readme should be clarified [\#1](https://github.com/chef/chef-vault/issues/1)
276
-
277
- **Merged pull requests:**
278
-
279
- - Add ability to use default administrators [\#84](https://github.com/chef/chef-vault/pull/84) ([dafyddcrosby](https://github.com/dafyddcrosby))
280
- - Wrong year for recent update [\#82](https://github.com/chef/chef-vault/pull/82) ([lamont](https://github.com/lamont))
281
- - Fixes \#79: "Released" date of version "v2.2.0" [\#80](https://github.com/chef/chef-vault/pull/80) ([techish1](https://github.com/techish1))
282
- - Validate ID before saving item [\#77](https://github.com/chef/chef-vault/pull/77) ([eklein](https://github.com/eklein))
283
- - Store search query & print vault admin data [\#74](https://github.com/chef/chef-vault/pull/74) ([eklein](https://github.com/eklein))
284
- - Missed replacing "decrypt" w/ "show" in README.md [\#73](https://github.com/chef/chef-vault/pull/73) ([eklein](https://github.com/eklein))
285
- - Rebased PR on top of jgeiger's merged PR [\#72](https://github.com/chef/chef-vault/pull/72) ([eklein](https://github.com/eklein))
286
- - Add vault commands, deprecate encrypt, add rotate all keys [\#71](https://github.com/chef/chef-vault/pull/71) ([jgeiger](https://github.com/jgeiger))
287
- - Fix github user name for repository [\#70](https://github.com/chef/chef-vault/pull/70) ([jgeiger](https://github.com/jgeiger))
288
- - Fix \#51: update knife commands [\#68](https://github.com/chef/chef-vault/pull/68) ([jgeiger](https://github.com/jgeiger))
289
- - Fix typos in KNIFE\_EXAMPLES.md [\#67](https://github.com/chef/chef-vault/pull/67) ([jgeiger](https://github.com/jgeiger))
290
- - Issue 50: Use standard chef/knife formatting for all knife decrypt output [\#64](https://github.com/chef/chef-vault/pull/64) ([eklein](https://github.com/eklein))
291
- - Issue \#62: Allow for printing entire chef-vault'ed databag [\#63](https://github.com/chef/chef-vault/pull/63) ([eklein](https://github.com/eklein))
292
- - Fixes \#56: Typo in readme [\#56](https://github.com/chef/chef-vault/pull/56) ([bhicks](https://github.com/bhicks))
293
- - Addresses \#46, use securerandom to generate secret [\#48](https://github.com/chef/chef-vault/pull/48) ([jtimberman](https://github.com/jtimberman))
294
- - Fixes \#44: Usage text is incorrect for `knife encrypt rotate keys` [\#45](https://github.com/chef/chef-vault/pull/45) ([jer](https://github.com/jer))
295
- - Fixing typo in command line option and README: vaules -\> values [\#41](https://github.com/chef/chef-vault/pull/41) ([trinitronx](https://github.com/trinitronx))
296
- - Fix: open locked file on windows during data\_bag update [\#37](https://github.com/chef/chef-vault/pull/37) ([aseresun](https://github.com/aseresun))
297
- - Allow any client key to act as admin [\#36](https://github.com/chef/chef-vault/pull/36) ([kisoku](https://github.com/kisoku))
298
- - move the compat include into the lazy-load [\#35](https://github.com/chef/chef-vault/pull/35) ([spheromak](https://github.com/spheromak))
299
- - Fix \#32: Correct Travis CI link [\#34](https://github.com/chef/chef-vault/pull/34) ([dougireton](https://github.com/dougireton))
300
- - Fix \#32: Fix broken travis ci badge [\#33](https://github.com/chef/chef-vault/pull/33) ([dougireton](https://github.com/dougireton))
301
- - Add Version Badge to Readme [\#26](https://github.com/chef/chef-vault/pull/26) ([dougireton](https://github.com/dougireton))
302
- - Fixes \#18: Add .travis.yml file [\#25](https://github.com/chef/chef-vault/pull/25) ([dougireton](https://github.com/dougireton))
303
- - Fixes \#23: Remove Gemfile.lock from repo per Yehuda Katz [\#24](https://github.com/chef/chef-vault/pull/24) ([dougireton](https://github.com/dougireton))
304
- - Fixes \#15: Add Contributing guide [\#22](https://github.com/chef/chef-vault/pull/22) ([dougireton](https://github.com/dougireton))
305
- - Fixes \#14: Add initial Changelog [\#21](https://github.com/chef/chef-vault/pull/21) ([dougireton](https://github.com/dougireton))
306
- - Fixes \#16: Add Apache 2.0 license file and source headers [\#20](https://github.com/chef/chef-vault/pull/20) ([dougireton](https://github.com/dougireton))
307
- - Fixes \#17: Add initial Rakefile to run specs [\#19](https://github.com/chef/chef-vault/pull/19) ([dougireton](https://github.com/dougireton))
308
- - Fixes \#9: Use getters instead of instance vars [\#10](https://github.com/chef/chef-vault/pull/10) ([dougireton](https://github.com/dougireton))
309
- - Fixes \#7: Add rspec tests for chef-vault.rb [\#8](https://github.com/chef/chef-vault/pull/8) ([dougireton](https://github.com/dougireton))
310
- - Fixes \#2: Split --admins string on ',' and whitespace [\#6](https://github.com/chef/chef-vault/pull/6) ([dougireton](https://github.com/dougireton))
311
- - Update for compatability with chef10/11 [\#3](https://github.com/chef/chef-vault/pull/3) ([spheromak](https://github.com/spheromak))
312
- - Fixes \#1: Clarify readme [\#2](https://github.com/chef/chef-vault/pull/2) ([dougireton](https://github.com/dougireton))
313
-
314
-
315
-
316
- \* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*
125
+ \* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*
@@ -0,0 +1,33 @@
1
+ version: "master-{build}"
2
+
3
+ os: Windows Server 2012 R2
4
+ platform:
5
+ - x64
6
+
7
+ clone_depth: 1
8
+ skip_tags: true
9
+ skip_branch_with_pr: true
10
+ branches:
11
+ only:
12
+ - master
13
+
14
+ # caching vendor/bundle appears to break horribly in the face of gems checked out of git
15
+ # cache:
16
+ # - vendor/bundle
17
+
18
+ install:
19
+ - ps: iex (irm https://omnitruck.chef.io/install.ps1); Install-Project -Project chefdk -channel stable
20
+ - bundle config --local path vendor/bundle
21
+ - SET CI=true
22
+ - SET BUNDLE_WITHOUT=changelog:style
23
+
24
+ build_script:
25
+ - ps: c:\opscode\chefdk\bin\chef.bat shell-init powershell | iex
26
+ - bundle install || bundle install || bundle install
27
+
28
+ test_script:
29
+ - SET SPEC_OPTS=--format progress
30
+ - c:\opscode\chefdk\bin\chef.bat exec bundle exec rake spec
31
+ # aruba on windows seems pretty terribadly broken: https://github.com/cucumber/aruba/pull/422
32
+ # - c:\opscode\chefdk\bin\chef.bat exec bundle exec cucumber
33
+ - c:\opscode\chefdk\bin\chef.bat exec bundle exec rake style
@@ -17,9 +17,14 @@
17
17
  $:.push File.expand_path("../lib", __FILE__)
18
18
  require "chef-vault/version"
19
19
 
20
+ def prerelease?
21
+ ENV["TRAVIS"] && !ENV["TRAVIS_TAG"]
22
+ end
23
+
20
24
  Gem::Specification.new do |s|
21
25
  s.name = "chef-vault"
22
26
  s.version = ChefVault::VERSION
27
+ s.version = "#{s.version}-pre#{ENV['TRAVIS_BUILD_NUMBER']}" if prerelease?
23
28
  s.has_rdoc = true
24
29
  s.authors = ["Thom May"]
25
30
  s.email = ["thom@chef.io"]
@@ -18,7 +18,7 @@ Feature: clean unknown clients on vault refresh
18
18
  Given a local mode chef repo with nodes 'one,two,three'
19
19
  And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three'
20
20
  Then the vault item 'test/item' should be encrypted for 'one,two,three'
21
- And I delete client 'one' from the Chef server
21
+ And I delete node 'one' from the Chef server
22
22
  And I refresh the vault item 'test/item' with the 'clean-unknown-clients' option
23
23
  Then the output should contain "Removing unknown client 'one'"
24
24
  And the vault item 'test/item' should be encrypted for 'two,three'
@@ -1,29 +1,17 @@
1
1
  Feature: clean unknown clients on key rotation
2
2
  When removing a client from a vault item, chef-vault normally
3
- removes the key and then rotates the key. If a client has been
3
+ removes the key and then rotates the key. If a node has been
4
4
  deleted in the meantime from the Chef server but not the vault,
5
5
  the rotation will fail due to that client's public key missing.
6
6
  Using the --clean-unknown-clients switch will cause any clients
7
7
  that have been removed to be removed from the vault item's
8
8
  access list as well
9
9
 
10
- Scenario: Prune clients when removing a client
11
- Given a local mode chef repo with nodes 'one,two,three'
12
- And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three'
13
- Then the vault item 'test/item' should be encrypted for 'one,two,three'
14
- And I delete client 'one' from the Chef server
15
- And I remove client 'two' from vault item 'test/item' with the 'clean-unknown-clients' option
16
- Then the output should contain "Removing unknown client 'one'"
17
- And the vault item 'test/item' should be encrypted for 'three'
18
- And the vault item 'test/item' should not be encrypted for 'one,two'
19
- And 'three' should be a client for the vault item 'test/item'
20
- And 'one,two' should not be a client for the vault item 'test/item'
21
-
22
10
  Scenario: Prune clients when rotating keys
23
11
  Given a local mode chef repo with nodes 'one,two,three'
24
12
  And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three'
25
13
  Then the vault item 'test/item' should be encrypted for 'one,two,three'
26
- And I delete client 'one' from the Chef server
14
+ And I delete node 'one' from the Chef server
27
15
  And I rotate the keys for vault item 'test/item' with the 'clean-unknown-clients' option
28
16
  Then the output should contain "Removing unknown client 'one'"
29
17
  And the vault item 'test/item' should be encrypted for 'two,three'
@@ -35,7 +23,7 @@ Feature: clean unknown clients on key rotation
35
23
  Given a local mode chef repo with nodes 'one,two,three'
36
24
  And I create a vault item 'test/item' containing the JSON '{"foo": "bar"}' encrypted for 'one,two,three'
37
25
  Then the vault item 'test/item' should be encrypted for 'one,two,three'
38
- And I delete clients 'one,two' from the Chef server
26
+ And I delete nodes 'one,two' from the Chef server
39
27
  And I rotate all keys with the 'clean-unknown-clients' option
40
28
  Then the output should contain "Removing unknown client 'one'"
41
29
  And the output should contain "Removing unknown client 'two'"
@@ -172,6 +172,9 @@ class ChefVault
172
172
  def rotate_keys!(clean_unknown_clients = false)
173
173
  @secret = generate_secret
174
174
 
175
+ # clean existing encrypted data for clients/admins
176
+ keys.clear_encrypted
177
+
175
178
  unless get_clients.empty?
176
179
  # a bit of a misnomer; this doesn't remove unknown
177
180
  # admins, just clients which are nodes
@@ -411,15 +414,11 @@ class ChefVault
411
414
 
412
415
  # checks if a node exists on the Chef server by performing
413
416
  # a search against the node index. If the search returns no
414
- # results, the node does not exist. If it does return results,
415
- # check if there is a matching client
417
+ # results, the node does not exist.
416
418
  # @param nodename [String] the name of the node
417
419
  # @return [Boolean] whether the node exists or not
418
420
  def node_exists?(nodename)
419
- # if we don't have a client it really doesn't matter if we have a node.
420
- if client_exists?(nodename)
421
- search_results.include?(nodename)
422
- end
421
+ search_results.include?(nodename)
423
422
  end
424
423
 
425
424
  # checks if a client exists on the Chef server. If we get back
@@ -39,7 +39,7 @@ class ChefVault
39
39
  ckey = @cache[key]
40
40
  return ckey unless ckey.nil?
41
41
  # check if the key is saved in sparse mode
42
- skey = sparse_key(sparse_id(key))
42
+ skey = sparse_key(sparse_id(key)) if sparse?
43
43
  if skey
44
44
  skey[key]
45
45
  else
@@ -53,7 +53,7 @@ class ChefVault
53
53
  ckey = @cache[key]
54
54
  return (ckey ? true : false) unless ckey.nil?
55
55
  # check if the key is saved in sparse mode
56
- return true unless sparse_key(sparse_id(key)).nil?
56
+ return true if sparse? && sparse_key(sparse_id(key))
57
57
  # fallback to non-sparse mode if sparse key is not found
58
58
  @raw_data.keys.include?(key)
59
59
  end
@@ -64,14 +64,21 @@ class ChefVault
64
64
  raise ChefVault::Exceptions::V1Format,
65
65
  "cannot manage a v1 vault. See UPGRADE.md for help"
66
66
  end
67
- @cache[chef_key.name] = ChefVault::ItemKeys.encode_key(chef_key.key, data_bag_shared_secret)
67
+ @cache[chef_key.name] = self[chef_key.name] || ChefVault::ItemKeys.encode_key(chef_key.key, data_bag_shared_secret)
68
68
  @raw_data[type] << chef_key.name unless @raw_data[type].include?(chef_key.name)
69
69
  @raw_data[type]
70
70
  end
71
71
 
72
+ def clear_encrypted
73
+ @cache.clear
74
+ self["clients"].each { |client| @raw_data.delete(client) }
75
+ self["admins"].each { |admin| @raw_data.delete(admin) }
76
+ end
77
+
72
78
  def delete(chef_key)
73
79
  @cache[chef_key.name] = false
74
80
  raw_data[chef_key.type].delete(chef_key.name)
81
+ raw_data.delete(chef_key.name)
75
82
  end
76
83
 
77
84
  def mode(mode = nil)
@@ -213,6 +220,10 @@ class ChefVault
213
220
 
214
221
  # @private
215
222
 
223
+ def sparse?
224
+ @raw_data["mode"] == "sparse"
225
+ end
226
+
216
227
  def sparse_id(key, item_id = @raw_data["id"])
217
228
  "#{item_id.chomp("_keys")}_key_#{key}"
218
229
  end
@@ -15,6 +15,6 @@
15
15
  # limitations under the License.
16
16
 
17
17
  class ChefVault
18
- VERSION = "3.0.3"
18
+ VERSION = "3.1.0"
19
19
  MAJOR, MINOR, TINY = VERSION.split(".")
20
20
  end
@@ -87,7 +87,7 @@ class Chef
87
87
  vault_item["file-content"] = File.open(file) { |f| f.read() }
88
88
  end
89
89
  else
90
- vault_json = edit_data({})
90
+ vault_json = edit_hash({})
91
91
  vault_json.each do |key, value|
92
92
  vault_item[key] = value
93
93
  end
@@ -36,12 +36,27 @@ RSpec.describe ChefVault::ItemKeys do
36
36
  keys.delete(chef_key)
37
37
  end
38
38
 
39
- it "stores the encoded key in the data bag item under the actor's name and the name in the raw data" do
40
- expect(described_class).to receive(:encode_key).with(public_key_string, shared_secret).and_return("encrypted_result")
41
- keys.add(chef_key, shared_secret)
42
- expect(keys[name]).to eq("encrypted_result")
43
- expect(keys[type].include?(name)).to eq(true)
44
- expect(keys.include?(name)).to eq(true)
39
+ context "when key is already there" do
40
+ it "keeps the encoded key in the data bag item under the actor's name and the name in the raw data" do
41
+ expect(described_class).not_to receive(:encode_key).with(public_key_string, shared_secret)
42
+ keys.add(chef_key, shared_secret)
43
+ expect(keys[name]).not_to be_empty
44
+ expect(keys[type].include?(name)).to eq(true)
45
+ expect(keys.include?(name)).to eq(true)
46
+ end
47
+ end
48
+
49
+ context "when keys not already there" do
50
+ before do
51
+ keys.delete(chef_key)
52
+ end
53
+ it "stores the encoded key in the data bag item under the actor's name and the name in the raw data" do
54
+ expect(described_class).to receive(:encode_key).with(public_key_string, shared_secret).and_return("encrypted_result")
55
+ keys.add(chef_key, shared_secret)
56
+ expect(keys[name]).to eq("encrypted_result")
57
+ expect(keys[type].include?(name)).to eq(true)
58
+ expect(keys.include?(name)).to eq(true)
59
+ end
45
60
  end
46
61
  end
47
62
 
@@ -5,6 +5,11 @@ RSpec.describe ChefVault::Item do
5
5
 
6
6
  before do
7
7
  item["foo"] = "bar"
8
+ http_response = double("http_response")
9
+ allow(http_response).to receive(:code).and_return("404")
10
+ non_existing = Net::HTTPServerException.new("http error message", http_response)
11
+
12
+ allow(Chef::DataBagItem).to receive(:load).with(anything, /_key_/).and_raise(non_existing)
8
13
  end
9
14
 
10
15
  describe "vault probe predicates" do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: chef-vault
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.3
4
+ version: 3.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Thom May
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-05-03 00:00:00.000000000 Z
11
+ date: 2017-07-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake
@@ -116,6 +116,7 @@ files:
116
116
  - Rakefile
117
117
  - THEORY.md
118
118
  - UPGRADE.md
119
+ - appveyor.yml
119
120
  - bin/chef-vault
120
121
  - chef-vault.gemspec
121
122
  - features/clean.feature
@@ -193,7 +194,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
193
194
  version: '0'
194
195
  requirements: []
195
196
  rubyforge_project:
196
- rubygems_version: 2.4.8
197
+ rubygems_version: 2.6.11
197
198
  signing_key:
198
199
  specification_version: 4
199
200
  summary: Data encryption support for Chef using data bags