cheffish 16.0.12 → 16.0.26
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +1 -1
- data/lib/chef/resource/chef_data_bag_item.rb +16 -20
- data/lib/chef/resource/private_key.rb +13 -15
- data/lib/chef/resource/public_key.rb +2 -2
- data/lib/cheffish.rb +15 -7
- data/lib/cheffish/chef_actor_base.rb +29 -31
- data/lib/cheffish/recipe_dsl.rb +5 -7
- data/lib/cheffish/version.rb +1 -1
- data/spec/integration/private_key_spec.rb +1 -1
- data/spec/integration/rspec/converge_spec.rb +5 -1
- data/spec/support/key_support.rb +4 -4
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 91e2132a23578c15fe42a8603cf3cd4d72eee69a671f853c273a5a61788f9a31
|
|
4
|
+
data.tar.gz: 75a4e43250b1b53eb3fd10aee2af0dd5e62e3ee5a6bcede10792691d77080d7c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 93706f7357daca264cbdd1ca1a6b3d2912597968e68f58ae376fc71284a3d7f4c92bbf91d31a9fdd3450d317e1961ea91372c3f348a77465a27d8f73a40d45ab
|
|
7
|
+
data.tar.gz: 3e47fb9564110ced0731b2c19f00af626482fc9fc4daa6be1e7c056a583c22f43a6aae8a64489899ffd7ceef10c17f7d12b942240cf65a8331fd34ee48ec020f
|
data/Gemfile
CHANGED
|
@@ -196,17 +196,15 @@ class Chef
|
|
|
196
196
|
end
|
|
197
197
|
|
|
198
198
|
def new_secret
|
|
199
|
-
@new_secret ||=
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
end
|
|
209
|
-
end
|
|
199
|
+
@new_secret ||= if new_resource.secret
|
|
200
|
+
new_resource.secret
|
|
201
|
+
elsif new_resource.secret_path
|
|
202
|
+
Chef::EncryptedDataBagItem.load_secret(new_resource.secret_path)
|
|
203
|
+
elsif new_resource.encrypt.nil?
|
|
204
|
+
current_resource.secret
|
|
205
|
+
else
|
|
206
|
+
raise "Data bag item #{new_resource.name} has encryption on but no secret or secret_path is specified"
|
|
207
|
+
end
|
|
210
208
|
end
|
|
211
209
|
|
|
212
210
|
def decrypt(json, secret)
|
|
@@ -238,15 +236,13 @@ class Chef
|
|
|
238
236
|
|
|
239
237
|
# Get the current json decrypted, for comparison purposes
|
|
240
238
|
def current_decrypted
|
|
241
|
-
@current_decrypted ||=
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
|
|
245
|
-
|
|
246
|
-
|
|
247
|
-
|
|
248
|
-
end
|
|
249
|
-
end
|
|
239
|
+
@current_decrypted ||= if current_resource.secret
|
|
240
|
+
decrypt(current_resource.raw_data || { "id" => new_resource.id }, current_resource.secret)
|
|
241
|
+
elsif current_resource.encrypt
|
|
242
|
+
raise "Could not decrypt current data bag item #{current_resource.name}"
|
|
243
|
+
else
|
|
244
|
+
current_resource.raw_data || { "id" => new_resource.id }
|
|
245
|
+
end
|
|
250
246
|
end
|
|
251
247
|
|
|
252
248
|
# Figure out the differences between new and current
|
|
@@ -78,7 +78,7 @@ class Chef
|
|
|
78
78
|
desired_output = encode_private_key(new_source_key)
|
|
79
79
|
if current_resource.path == :none || desired_output != IO.read(new_path)
|
|
80
80
|
converge_by "reformat key at #{new_resource.source_key_path} to #{new_resource.format} private key #{new_path} (#{new_resource.pass_phrase ? ", #{new_resource.cipher} password" : ""})" do
|
|
81
|
-
IO.
|
|
81
|
+
IO.binwrite(new_path, desired_output)
|
|
82
82
|
end
|
|
83
83
|
end
|
|
84
84
|
|
|
@@ -137,7 +137,7 @@ class Chef
|
|
|
137
137
|
converge_by "change format of #{new_resource.type} private key #{new_path} from #{current_resource.format} to #{new_resource.format}" do
|
|
138
138
|
write_private_key(current_private_key)
|
|
139
139
|
end
|
|
140
|
-
elsif (@current_file_mode & 0077) != 0
|
|
140
|
+
elsif RUBY_PLATFORM !~ /mswin|mingw32|windows/ && (@current_file_mode & 0077) != 0
|
|
141
141
|
new_mode = @current_file_mode & 07700
|
|
142
142
|
converge_by "change mode of private key #{new_path} to #{new_mode.to_s(8)}" do
|
|
143
143
|
::File.chmod(new_mode, new_path)
|
|
@@ -171,25 +171,23 @@ class Chef
|
|
|
171
171
|
end
|
|
172
172
|
|
|
173
173
|
def write_private_key(key)
|
|
174
|
-
::File.open(new_path, "
|
|
174
|
+
::File.open(new_path, "wb") do |file|
|
|
175
175
|
file.chmod(0600)
|
|
176
176
|
file.write(encode_private_key(key))
|
|
177
177
|
end
|
|
178
178
|
end
|
|
179
179
|
|
|
180
180
|
def new_source_key
|
|
181
|
-
@new_source_key ||=
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
nil
|
|
192
|
-
end
|
|
181
|
+
@new_source_key ||= if new_resource.source_key.is_a?(String)
|
|
182
|
+
source_key, _source_key_format = Cheffish::KeyFormatter.decode(new_resource.source_key, new_resource.source_key_pass_phrase)
|
|
183
|
+
source_key
|
|
184
|
+
elsif new_resource.source_key
|
|
185
|
+
new_resource.source_key
|
|
186
|
+
elsif new_resource.source_key_path
|
|
187
|
+
source_key, _source_key_format = Cheffish::KeyFormatter.decode(IO.read(new_resource.source_key_path), new_resource.source_key_pass_phrase, new_resource.source_key_path)
|
|
188
|
+
source_key
|
|
189
|
+
else
|
|
190
|
+
nil
|
|
193
191
|
end
|
|
194
192
|
end
|
|
195
193
|
|
|
@@ -31,7 +31,7 @@ class Chef
|
|
|
31
31
|
desired_output = encode_public_key(new_source_key)
|
|
32
32
|
if Array(current_resource.action) == [ :delete ] || desired_output != IO.read(new_resource.path)
|
|
33
33
|
converge_by "write #{new_resource.format} public key #{new_resource.path} from #{new_source_key_publicity} key #{new_resource.source_key_path}" do
|
|
34
|
-
IO.
|
|
34
|
+
IO.binwrite(new_resource.path, desired_output)
|
|
35
35
|
# TODO permissions on file?
|
|
36
36
|
end
|
|
37
37
|
end
|
|
@@ -62,7 +62,7 @@ class Chef
|
|
|
62
62
|
elsif new_resource.source_key
|
|
63
63
|
source_key = new_resource.source_key
|
|
64
64
|
elsif new_resource.source_key_path
|
|
65
|
-
source_key, _source_key_format = Cheffish::KeyFormatter.decode(IO.
|
|
65
|
+
source_key, _source_key_format = Cheffish::KeyFormatter.decode(IO.binread(new_resource.source_key_path), new_resource.source_key_pass_phrase, new_resource.source_key_path)
|
|
66
66
|
else
|
|
67
67
|
return nil
|
|
68
68
|
end
|
data/lib/cheffish.rb
CHANGED
|
@@ -32,11 +32,13 @@ module Cheffish
|
|
|
32
32
|
end
|
|
33
33
|
|
|
34
34
|
def self.load_chef_config(chef_config = Chef::Config)
|
|
35
|
-
if ::Gem::Version.new(::Chef::VERSION) >= ::Gem::Version.new("12.0.0")
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
35
|
+
chef_config.config_file = if ::Gem::Version.new(::Chef::VERSION) >= ::Gem::Version.new("12.0.0")
|
|
36
|
+
require "chef/workstation_config_loader"
|
|
37
|
+
Chef::WorkstationConfigLoader.new(nil, Chef::Log).chef_config_dir
|
|
38
|
+
else
|
|
39
|
+
require "chef/knife"
|
|
40
|
+
Chef::Knife.locate_config_file
|
|
41
|
+
end
|
|
40
42
|
config_fetcher = Chef::ConfigFetcher.new(chef_config.config_file, chef_config.config_file_jail)
|
|
41
43
|
if chef_config.config_file.nil?
|
|
42
44
|
Chef::Log.warn("No config file found or specified on command line, using command line options.")
|
|
@@ -120,11 +122,17 @@ module Cheffish
|
|
|
120
122
|
end
|
|
121
123
|
|
|
122
124
|
# Include all recipe objects so require 'cheffish' brings in the whole recipe DSL
|
|
123
|
-
|
|
124
125
|
require "chef/run_list/run_list_item"
|
|
125
126
|
require_relative "cheffish/basic_chef_client"
|
|
126
127
|
require_relative "cheffish/server_api"
|
|
127
|
-
|
|
128
|
+
|
|
129
|
+
# Starting with the version below, knife is no longer in the chef gem and is
|
|
130
|
+
# not available during a chef-client run. We'll keep it here for older versions
|
|
131
|
+
# to retain backward-compatibility.
|
|
132
|
+
if ::Gem::Version.new(::Chef::VERSION) < ::Gem::Version.new("17.0.178")
|
|
133
|
+
require "chef/knife"
|
|
134
|
+
end
|
|
135
|
+
|
|
128
136
|
require "chef/config_fetcher"
|
|
129
137
|
require "chef/log"
|
|
130
138
|
require "chef/application"
|
|
@@ -74,38 +74,36 @@ module Cheffish
|
|
|
74
74
|
end
|
|
75
75
|
|
|
76
76
|
def new_public_key
|
|
77
|
-
@new_public_key ||=
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
key, _key_format = Cheffish::KeyFormatter.decode(new_resource.source_key)
|
|
77
|
+
@new_public_key ||= if new_resource.source_key
|
|
78
|
+
if new_resource.source_key.is_a?(String)
|
|
79
|
+
key, _key_format = Cheffish::KeyFormatter.decode(new_resource.source_key)
|
|
81
80
|
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
end
|
|
81
|
+
if key.private?
|
|
82
|
+
key.public_key
|
|
83
|
+
else
|
|
84
|
+
key
|
|
85
|
+
end
|
|
86
|
+
elsif new_resource.source_key.private?
|
|
87
|
+
new_resource.source_key.public_key
|
|
88
|
+
else
|
|
89
|
+
new_resource.source_key
|
|
90
|
+
end
|
|
91
|
+
elsif new_resource.source_key_path
|
|
92
|
+
source_key_path = new_resource.source_key_path
|
|
93
|
+
if Pathname.new(source_key_path).relative?
|
|
94
|
+
source_key_str, source_key_path = Cheffish.get_private_key_with_path(source_key_path, run_context.config)
|
|
95
|
+
else
|
|
96
|
+
source_key_str = IO.read(source_key_path)
|
|
97
|
+
end
|
|
98
|
+
source_key, _source_key_format = Cheffish::KeyFormatter.decode(source_key_str, new_resource.source_key_pass_phrase, source_key_path)
|
|
99
|
+
if source_key.private?
|
|
100
|
+
source_key.public_key
|
|
101
|
+
else
|
|
102
|
+
source_key
|
|
103
|
+
end
|
|
104
|
+
else
|
|
105
|
+
nil
|
|
106
|
+
end
|
|
109
107
|
end
|
|
110
108
|
|
|
111
109
|
def augment_new_json(json)
|
data/lib/cheffish/recipe_dsl.rb
CHANGED
|
@@ -62,13 +62,11 @@ class Chef
|
|
|
62
62
|
string_key = "#{type}_path"
|
|
63
63
|
symbol_key = "#{type}_path".to_sym
|
|
64
64
|
|
|
65
|
-
options[symbol_key] ||=
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
end
|
|
71
|
-
end
|
|
65
|
+
options[symbol_key] ||= if options[:chef_repo_path].is_a?(String)
|
|
66
|
+
Chef::Util::PathHelper.join(options[:chef_repo_path], "#{type}s")
|
|
67
|
+
else
|
|
68
|
+
options[:chef_repo_path].map { |path| Chef::Util::PathHelper.join(path, "#{type}s") }
|
|
69
|
+
end
|
|
72
70
|
|
|
73
71
|
# Copy over to string keys for things that use string keys (ChefFS)...
|
|
74
72
|
# TODO: Fix ChefFS to take symbols or use something that is insensitive to the difference
|
data/lib/cheffish/version.rb
CHANGED
|
@@ -224,7 +224,7 @@ describe Chef::Resource::PrivateKey do
|
|
|
224
224
|
end
|
|
225
225
|
end.to have_updated "private_key[#{repo_path}/blah]", :create
|
|
226
226
|
expect(IO.read("#{repo_path}/blah")).not_to start_with("-----BEGIN")
|
|
227
|
-
expect(OpenSSL::PKey.read(IO.
|
|
227
|
+
expect(OpenSSL::PKey.read(IO.binread("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
|
|
228
228
|
end
|
|
229
229
|
end
|
|
230
230
|
|
|
@@ -4,7 +4,11 @@ require "cheffish/rspec/chef_run_support"
|
|
|
4
4
|
describe "Cheffish::RSpec::ChefRunSupport" do
|
|
5
5
|
extend Cheffish::RSpec::ChefRunSupport
|
|
6
6
|
|
|
7
|
-
let(:temp_file)
|
|
7
|
+
let(:temp_file) do
|
|
8
|
+
f = Tempfile.new("test")
|
|
9
|
+
f.close
|
|
10
|
+
f
|
|
11
|
+
end
|
|
8
12
|
|
|
9
13
|
context "#recipe" do
|
|
10
14
|
it "recipe { file ... } updates the file" do
|
data/spec/support/key_support.rb
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
RSpec::Matchers.define :be_public_key_for do |private_key, pass_phrase|
|
|
2
2
|
match do |public_key|
|
|
3
3
|
if public_key.is_a?(String)
|
|
4
|
-
public_key, _public_key_format = Cheffish::KeyFormatter.decode(IO.
|
|
4
|
+
public_key, _public_key_format = Cheffish::KeyFormatter.decode(IO.binread(File.expand_path(public_key)), pass_phrase, public_key)
|
|
5
5
|
end
|
|
6
6
|
if private_key.is_a?(String)
|
|
7
|
-
private_key, _private_key_format = Cheffish::KeyFormatter.decode(IO.
|
|
7
|
+
private_key, _private_key_format = Cheffish::KeyFormatter.decode(IO.binread(File.expand_path(private_key)), pass_phrase, private_key)
|
|
8
8
|
end
|
|
9
9
|
|
|
10
10
|
encrypted = public_key.public_encrypt("hi there")
|
|
@@ -15,10 +15,10 @@ end
|
|
|
15
15
|
RSpec::Matchers.define :match_private_key do |expected, pass_phrase|
|
|
16
16
|
match do |actual|
|
|
17
17
|
if expected.is_a?(String)
|
|
18
|
-
expected, _format = Cheffish::KeyFormatter.decode(IO.
|
|
18
|
+
expected, _format = Cheffish::KeyFormatter.decode(IO.binread(File.expand_path(expected)), pass_phrase, expected)
|
|
19
19
|
end
|
|
20
20
|
if actual.is_a?(String)
|
|
21
|
-
actual, _format = Cheffish::KeyFormatter.decode(IO.
|
|
21
|
+
actual, _format = Cheffish::KeyFormatter.decode(IO.binread(File.expand_path(actual)), pass_phrase, actual)
|
|
22
22
|
end
|
|
23
23
|
|
|
24
24
|
encrypted = actual.public_encrypt("hi there")
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cheffish
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 16.0.
|
|
4
|
+
version: 16.0.26
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chef Software Inc.
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-04-02 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: chef-zero
|
|
@@ -127,7 +127,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
127
127
|
- !ruby/object:Gem::Version
|
|
128
128
|
version: '0'
|
|
129
129
|
requirements: []
|
|
130
|
-
rubygems_version: 3.
|
|
130
|
+
rubygems_version: 3.1.4
|
|
131
131
|
signing_key:
|
|
132
132
|
specification_version: 4
|
|
133
133
|
summary: A set of Chef resources for configuring Chef Infra.
|