chef-vault 3.4.0.pre.pre430 → 3.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/chef-vault/chef_api.rb +4 -4
- data/lib/chef-vault/item.rb +2 -2
- data/lib/chef/knife/vault_base.rb +4 -4
- data/lib/chef/knife/vault_create.rb +17 -17
- data/lib/chef/knife/vault_edit.rb +3 -3
- data/lib/chef/knife/vault_isvault.rb +3 -3
- data/lib/chef/knife/vault_itemtype.rb +3 -3
- data/lib/chef/knife/vault_list.rb +3 -3
- data/lib/chef/knife/vault_refresh.rb +4 -4
- data/lib/chef/knife/vault_remove.rb +13 -13
- data/lib/chef/knife/vault_rotate_all_keys.rb +2 -2
- data/lib/chef/knife/vault_rotate_keys.rb +2 -2
- data/lib/chef/knife/vault_show.rb +6 -6
- data/lib/chef/knife/vault_update.rb +16 -16
- metadata +5 -89
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b2393b696dd0505b83769e01e744b50a0514f507a3398e03bd4bb0a0cb26c53b
|
4
|
+
data.tar.gz: e91d4be1450033a65bfa10ea433b888d3edb2170682e0c705b35f5ceff591df4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: bf36f5d7612489eb89789c7e98c71ce6b0c74de063341c99e05f7fb7b98a1037ce492979809e242e907ed289aac6ebc43c466915b3d1a43c076724655396e268
|
7
|
+
data.tar.gz: 2eb39a0b5cc7c75beb17f092feb6d30a32ebfd37346ab898852e7037fd1aaab9172bc4c797c0919f67049183f163cffdd285250dfc3ba5878d77cd649e0a605d
|
data/lib/chef-vault/chef_api.rb
CHANGED
@@ -20,19 +20,19 @@ class ChefVault
|
|
20
20
|
class ChefApi
|
21
21
|
|
22
22
|
def rest_v0
|
23
|
-
@rest_v0 ||= Chef::ServerAPI.new(Chef::Config[:chef_server_root], { :
|
23
|
+
@rest_v0 ||= Chef::ServerAPI.new(Chef::Config[:chef_server_root], { api_version: "0" })
|
24
24
|
end
|
25
25
|
|
26
26
|
def rest_v1
|
27
|
-
@rest_v1 ||= Chef::ServerAPI.new(Chef::Config[:chef_server_root], { :
|
27
|
+
@rest_v1 ||= Chef::ServerAPI.new(Chef::Config[:chef_server_root], { api_version: "1" })
|
28
28
|
end
|
29
29
|
|
30
30
|
def org_scoped_rest_v0
|
31
|
-
@org_scoped_rest_v0 ||= Chef::ServerAPI.new(Chef::Config[:chef_server_url], { :
|
31
|
+
@org_scoped_rest_v0 ||= Chef::ServerAPI.new(Chef::Config[:chef_server_url], { api_version: "0" })
|
32
32
|
end
|
33
33
|
|
34
34
|
def org_scoped_rest_v1
|
35
|
-
@org_scoped_rest_v1 ||= Chef::ServerAPI.new(Chef::Config[:chef_server_url], { :
|
35
|
+
@org_scoped_rest_v1 ||= Chef::ServerAPI.new(Chef::Config[:chef_server_url], { api_version: "1" })
|
36
36
|
end
|
37
37
|
|
38
38
|
end
|
data/lib/chef-vault/item.rb
CHANGED
@@ -66,8 +66,8 @@ class ChefVault
|
|
66
66
|
@secret = generate_secret
|
67
67
|
@encrypted = false
|
68
68
|
opts = {
|
69
|
-
:
|
70
|
-
:
|
69
|
+
node_name: Chef::Config[:node_name],
|
70
|
+
client_key_path: Chef::Config[:client_key],
|
71
71
|
}.merge(opts)
|
72
72
|
@node_name = opts[:node_name]
|
73
73
|
@client_key_path = opts[:client_key_path]
|
@@ -28,10 +28,10 @@ class Chef
|
|
28
28
|
end
|
29
29
|
|
30
30
|
option :vault_mode,
|
31
|
-
:
|
32
|
-
:
|
33
|
-
:
|
34
|
-
:
|
31
|
+
short: "-M MODE",
|
32
|
+
long: "--mode MODE",
|
33
|
+
description: "Chef mode to run in default - solo",
|
34
|
+
proc: proc { |i| Chef::Config[:knife][:vault_mode] = i }
|
35
35
|
end
|
36
36
|
end
|
37
37
|
|
@@ -27,33 +27,33 @@ class Chef
|
|
27
27
|
banner "knife vault create VAULT ITEM VALUES (options)"
|
28
28
|
|
29
29
|
option :keys_mode,
|
30
|
-
:
|
31
|
-
:
|
32
|
-
:
|
30
|
+
short: "-K KEYS_MODE",
|
31
|
+
long: "--keys-mode KEYS_MODE",
|
32
|
+
description: "Mode in which to save vault keys"
|
33
33
|
|
34
34
|
option :search,
|
35
|
-
:
|
36
|
-
:
|
37
|
-
:
|
35
|
+
short: "-S SEARCH",
|
36
|
+
long: "--search SEARCH",
|
37
|
+
description: "Chef SOLR search for clients"
|
38
38
|
|
39
39
|
option :clients,
|
40
|
-
:
|
41
|
-
:
|
42
|
-
:
|
40
|
+
short: "-C CLIENTS",
|
41
|
+
long: "--clients CLIENTS",
|
42
|
+
description: "Chef clients to be added as clients"
|
43
43
|
|
44
44
|
option :admins,
|
45
|
-
:
|
46
|
-
:
|
47
|
-
:
|
45
|
+
short: "-A ADMINS",
|
46
|
+
long: "--admins ADMINS",
|
47
|
+
description: "Chef users to be added as admins"
|
48
48
|
|
49
49
|
option :json,
|
50
|
-
:
|
51
|
-
:
|
52
|
-
:
|
50
|
+
short: "-J FILE",
|
51
|
+
long: "--json FILE",
|
52
|
+
description: "File containing JSON data to encrypt"
|
53
53
|
|
54
54
|
option :file,
|
55
|
-
:
|
56
|
-
:
|
55
|
+
long: "--file FILE",
|
56
|
+
description: "File to be added to vault item as file-content"
|
57
57
|
|
58
58
|
def run
|
59
59
|
vault = @name_args[0]
|
@@ -23,9 +23,9 @@ class Chef
|
|
23
23
|
banner "knife vault edit VAULT ITEM (options)"
|
24
24
|
|
25
25
|
option :mode,
|
26
|
-
:
|
27
|
-
:
|
28
|
-
:
|
26
|
+
short: "-M MODE",
|
27
|
+
long: "--mode MODE",
|
28
|
+
description: "Chef mode to run in default - solo"
|
29
29
|
|
30
30
|
def run
|
31
31
|
vault = @name_args[0]
|
@@ -23,9 +23,9 @@ class Chef
|
|
23
23
|
banner "knife vault isvault VAULT ITEM (options)"
|
24
24
|
|
25
25
|
option :mode,
|
26
|
-
:
|
27
|
-
:
|
28
|
-
:
|
26
|
+
short: "-M MODE",
|
27
|
+
long: "--mode MODE",
|
28
|
+
description: "Chef mode to run in default - solo"
|
29
29
|
|
30
30
|
def run
|
31
31
|
vault = @name_args[0]
|
@@ -23,9 +23,9 @@ class Chef
|
|
23
23
|
banner "knife vault itemtype VAULT ITEM (options)"
|
24
24
|
|
25
25
|
option :mode,
|
26
|
-
:
|
27
|
-
:
|
28
|
-
:
|
26
|
+
short: "-M MODE",
|
27
|
+
long: "--mode MODE",
|
28
|
+
description: "Chef mode to run in default - solo"
|
29
29
|
|
30
30
|
def run
|
31
31
|
vault = @name_args[0]
|
@@ -23,9 +23,9 @@ class Chef
|
|
23
23
|
banner "knife vault list (options)"
|
24
24
|
|
25
25
|
option :mode,
|
26
|
-
:
|
27
|
-
:
|
28
|
-
:
|
26
|
+
short: "-M MODE",
|
27
|
+
long: "--mode MODE",
|
28
|
+
description: "Chef mode to run in default - solo"
|
29
29
|
|
30
30
|
def run
|
31
31
|
set_mode(config[:vault_mode])
|
@@ -23,12 +23,12 @@ class Chef
|
|
23
23
|
banner "knife vault refresh VAULT ITEM"
|
24
24
|
|
25
25
|
option :clean_unknown_clients,
|
26
|
-
:
|
27
|
-
:
|
26
|
+
long: "--clean-unknown-clients",
|
27
|
+
description: "Remove unknown clients during refresh"
|
28
28
|
|
29
29
|
option :skip_reencryption,
|
30
|
-
:
|
31
|
-
:
|
30
|
+
long: "--skip-reencryption",
|
31
|
+
description: "Skip reencrypt symetrical key for existing clients/admins."
|
32
32
|
|
33
33
|
def run
|
34
34
|
vault = @name_args[0]
|
@@ -25,23 +25,23 @@ class Chef
|
|
25
25
|
banner "knife vault remove VAULT ITEM VALUES (options)"
|
26
26
|
|
27
27
|
option :search,
|
28
|
-
:
|
29
|
-
:
|
30
|
-
:
|
28
|
+
short: "-S SEARCH",
|
29
|
+
long: "--search SEARCH",
|
30
|
+
description: "Chef SOLR search for clients"
|
31
31
|
|
32
32
|
option :clients,
|
33
|
-
:
|
34
|
-
:
|
35
|
-
:
|
33
|
+
short: "-C CLIENTS",
|
34
|
+
long: "--clients CLIENTS",
|
35
|
+
description: "Chef clients to be added as clients"
|
36
36
|
|
37
37
|
option :admins,
|
38
|
-
:
|
39
|
-
:
|
40
|
-
:
|
38
|
+
short: "-A ADMINS",
|
39
|
+
long: "--admins ADMINS",
|
40
|
+
description: "Chef users to be added as admins"
|
41
41
|
|
42
42
|
option :clean_unknown_clients,
|
43
|
-
:
|
44
|
-
:
|
43
|
+
long: "--clean-unknown-clients",
|
44
|
+
description: "Remove unknown clients during key rotation"
|
45
45
|
|
46
46
|
def run
|
47
47
|
vault = @name_args[0]
|
@@ -70,8 +70,8 @@ class Chef
|
|
70
70
|
end
|
71
71
|
|
72
72
|
remove_items.each do |key|
|
73
|
-
key.
|
74
|
-
vault_item.remove(key)
|
73
|
+
key = key.dup
|
74
|
+
vault_item.remove(key.strip)
|
75
75
|
end
|
76
76
|
end
|
77
77
|
|
@@ -23,8 +23,8 @@ class Chef
|
|
23
23
|
banner "knife vault rotate all keys"
|
24
24
|
|
25
25
|
option :clean_unknown_clients,
|
26
|
-
:
|
27
|
-
:
|
26
|
+
long: "--clean-unknown-clients",
|
27
|
+
description: "Remove unknown clients during key rotation"
|
28
28
|
|
29
29
|
def run
|
30
30
|
clean_unknown_clients = config[:clean_unknown_clients]
|
@@ -23,8 +23,8 @@ class Chef
|
|
23
23
|
banner "knife vault rotate keys VAULT ITEM (options)"
|
24
24
|
|
25
25
|
option :clean_unknown_clients,
|
26
|
-
:
|
27
|
-
:
|
26
|
+
long: "--clean-unknown-clients",
|
27
|
+
description: "Remove unknown clients during key rotation"
|
28
28
|
|
29
29
|
def run
|
30
30
|
vault = @name_args[0]
|
@@ -23,14 +23,14 @@ class Chef
|
|
23
23
|
banner "knife vault show VAULT [ITEM] [VALUES] (options)"
|
24
24
|
|
25
25
|
option :mode,
|
26
|
-
:
|
27
|
-
:
|
28
|
-
:
|
26
|
+
short: "-M MODE",
|
27
|
+
long: "--mode MODE",
|
28
|
+
description: "Chef mode to run in default - solo"
|
29
29
|
|
30
30
|
option :print,
|
31
|
-
:
|
32
|
-
:
|
33
|
-
:
|
31
|
+
short: "-p TYPE",
|
32
|
+
long: "--print TYPE",
|
33
|
+
description: "Print extra vault data, can be search, admins, clients or all"
|
34
34
|
|
35
35
|
def run
|
36
36
|
vault = @name_args[0]
|
@@ -27,32 +27,32 @@ class Chef
|
|
27
27
|
banner "knife vault update VAULT ITEM VALUES (options)"
|
28
28
|
|
29
29
|
option :search,
|
30
|
-
:
|
31
|
-
:
|
32
|
-
:
|
30
|
+
short: "-S SEARCH",
|
31
|
+
long: "--search SEARCH",
|
32
|
+
description: "Chef SOLR search for clients"
|
33
33
|
|
34
34
|
option :clients,
|
35
|
-
:
|
36
|
-
:
|
37
|
-
:
|
35
|
+
short: "-C CLIENTS",
|
36
|
+
long: "--clients CLIENTS",
|
37
|
+
description: "Chef clients to be added as clients"
|
38
38
|
|
39
39
|
option :admins,
|
40
|
-
:
|
41
|
-
:
|
42
|
-
:
|
40
|
+
short: "-A ADMINS",
|
41
|
+
long: "--admins ADMINS",
|
42
|
+
description: "Chef users to be added as admins"
|
43
43
|
|
44
44
|
option :json,
|
45
|
-
:
|
46
|
-
:
|
47
|
-
:
|
45
|
+
short: "-J FILE",
|
46
|
+
long: "--json FILE",
|
47
|
+
description: "File containing JSON data to encrypt"
|
48
48
|
|
49
49
|
option :file,
|
50
|
-
:
|
51
|
-
:
|
50
|
+
long: "--file FILE",
|
51
|
+
description: "File to be added to vault item as file-content"
|
52
52
|
|
53
53
|
option :clean,
|
54
|
-
:
|
55
|
-
:
|
54
|
+
long: "--clean",
|
55
|
+
description: "Clean clients before performing search"
|
56
56
|
|
57
57
|
def run
|
58
58
|
vault = @name_args[0]
|
metadata
CHANGED
@@ -1,99 +1,15 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: chef-vault
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.4.0
|
4
|
+
version: 3.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Thom May
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-
|
12
|
-
dependencies:
|
13
|
-
- !ruby/object:Gem::Dependency
|
14
|
-
name: rake
|
15
|
-
requirement: !ruby/object:Gem::Requirement
|
16
|
-
requirements:
|
17
|
-
- - "~>"
|
18
|
-
- !ruby/object:Gem::Version
|
19
|
-
version: '11.0'
|
20
|
-
type: :development
|
21
|
-
prerelease: false
|
22
|
-
version_requirements: !ruby/object:Gem::Requirement
|
23
|
-
requirements:
|
24
|
-
- - "~>"
|
25
|
-
- !ruby/object:Gem::Version
|
26
|
-
version: '11.0'
|
27
|
-
- !ruby/object:Gem::Dependency
|
28
|
-
name: rspec
|
29
|
-
requirement: !ruby/object:Gem::Requirement
|
30
|
-
requirements:
|
31
|
-
- - "~>"
|
32
|
-
- !ruby/object:Gem::Version
|
33
|
-
version: '3.4'
|
34
|
-
type: :development
|
35
|
-
prerelease: false
|
36
|
-
version_requirements: !ruby/object:Gem::Requirement
|
37
|
-
requirements:
|
38
|
-
- - "~>"
|
39
|
-
- !ruby/object:Gem::Version
|
40
|
-
version: '3.4'
|
41
|
-
- !ruby/object:Gem::Dependency
|
42
|
-
name: aruba
|
43
|
-
requirement: !ruby/object:Gem::Requirement
|
44
|
-
requirements:
|
45
|
-
- - "~>"
|
46
|
-
- !ruby/object:Gem::Version
|
47
|
-
version: '0.6'
|
48
|
-
type: :development
|
49
|
-
prerelease: false
|
50
|
-
version_requirements: !ruby/object:Gem::Requirement
|
51
|
-
requirements:
|
52
|
-
- - "~>"
|
53
|
-
- !ruby/object:Gem::Version
|
54
|
-
version: '0.6'
|
55
|
-
- !ruby/object:Gem::Dependency
|
56
|
-
name: simplecov
|
57
|
-
requirement: !ruby/object:Gem::Requirement
|
58
|
-
requirements:
|
59
|
-
- - "~>"
|
60
|
-
- !ruby/object:Gem::Version
|
61
|
-
version: '0.9'
|
62
|
-
type: :development
|
63
|
-
prerelease: false
|
64
|
-
version_requirements: !ruby/object:Gem::Requirement
|
65
|
-
requirements:
|
66
|
-
- - "~>"
|
67
|
-
- !ruby/object:Gem::Version
|
68
|
-
version: '0.9'
|
69
|
-
- !ruby/object:Gem::Dependency
|
70
|
-
name: simplecov-console
|
71
|
-
requirement: !ruby/object:Gem::Requirement
|
72
|
-
requirements:
|
73
|
-
- - "~>"
|
74
|
-
- !ruby/object:Gem::Version
|
75
|
-
version: '0.2'
|
76
|
-
type: :development
|
77
|
-
prerelease: false
|
78
|
-
version_requirements: !ruby/object:Gem::Requirement
|
79
|
-
requirements:
|
80
|
-
- - "~>"
|
81
|
-
- !ruby/object:Gem::Version
|
82
|
-
version: '0.2'
|
83
|
-
- !ruby/object:Gem::Dependency
|
84
|
-
name: chef
|
85
|
-
requirement: !ruby/object:Gem::Requirement
|
86
|
-
requirements:
|
87
|
-
- - ">="
|
88
|
-
- !ruby/object:Gem::Version
|
89
|
-
version: '0'
|
90
|
-
type: :development
|
91
|
-
prerelease: false
|
92
|
-
version_requirements: !ruby/object:Gem::Requirement
|
93
|
-
requirements:
|
94
|
-
- - ">="
|
95
|
-
- !ruby/object:Gem::Version
|
96
|
-
version: '0'
|
11
|
+
date: 2018-09-19 00:00:00.000000000 Z
|
12
|
+
dependencies: []
|
97
13
|
description: Data encryption support for Chef using data bags
|
98
14
|
email:
|
99
15
|
- thom@chef.io
|
@@ -146,9 +62,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
146
62
|
version: 2.2.0
|
147
63
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
148
64
|
requirements:
|
149
|
-
- - "
|
65
|
+
- - ">="
|
150
66
|
- !ruby/object:Gem::Version
|
151
|
-
version:
|
67
|
+
version: '0'
|
152
68
|
requirements: []
|
153
69
|
rubyforge_project:
|
154
70
|
rubygems_version: 2.7.6
|