cheffish 16.0.12 → 16.0.26
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +1 -1
- data/lib/chef/resource/chef_data_bag_item.rb +16 -20
- data/lib/chef/resource/private_key.rb +13 -15
- data/lib/chef/resource/public_key.rb +2 -2
- data/lib/cheffish.rb +15 -7
- data/lib/cheffish/chef_actor_base.rb +29 -31
- data/lib/cheffish/recipe_dsl.rb +5 -7
- data/lib/cheffish/version.rb +1 -1
- data/spec/integration/private_key_spec.rb +1 -1
- data/spec/integration/rspec/converge_spec.rb +5 -1
- data/spec/support/key_support.rb +4 -4
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 91e2132a23578c15fe42a8603cf3cd4d72eee69a671f853c273a5a61788f9a31
|
|
4
|
+
data.tar.gz: 75a4e43250b1b53eb3fd10aee2af0dd5e62e3ee5a6bcede10792691d77080d7c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 93706f7357daca264cbdd1ca1a6b3d2912597968e68f58ae376fc71284a3d7f4c92bbf91d31a9fdd3450d317e1961ea91372c3f348a77465a27d8f73a40d45ab
|
|
7
|
+
data.tar.gz: 3e47fb9564110ced0731b2c19f00af626482fc9fc4daa6be1e7c056a583c22f43a6aae8a64489899ffd7ceef10c17f7d12b942240cf65a8331fd34ee48ec020f
|
data/Gemfile
CHANGED
|
@@ -196,17 +196,15 @@ class Chef
|
|
|
196
196
|
end
|
|
197
197
|
|
|
198
198
|
def new_secret
|
|
199
|
-
@new_secret ||=
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
end
|
|
209
|
-
end
|
|
199
|
+
@new_secret ||= if new_resource.secret
|
|
200
|
+
new_resource.secret
|
|
201
|
+
elsif new_resource.secret_path
|
|
202
|
+
Chef::EncryptedDataBagItem.load_secret(new_resource.secret_path)
|
|
203
|
+
elsif new_resource.encrypt.nil?
|
|
204
|
+
current_resource.secret
|
|
205
|
+
else
|
|
206
|
+
raise "Data bag item #{new_resource.name} has encryption on but no secret or secret_path is specified"
|
|
207
|
+
end
|
|
210
208
|
end
|
|
211
209
|
|
|
212
210
|
def decrypt(json, secret)
|
|
@@ -238,15 +236,13 @@ class Chef
|
|
|
238
236
|
|
|
239
237
|
# Get the current json decrypted, for comparison purposes
|
|
240
238
|
def current_decrypted
|
|
241
|
-
@current_decrypted ||=
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
|
|
245
|
-
|
|
246
|
-
|
|
247
|
-
|
|
248
|
-
end
|
|
249
|
-
end
|
|
239
|
+
@current_decrypted ||= if current_resource.secret
|
|
240
|
+
decrypt(current_resource.raw_data || { "id" => new_resource.id }, current_resource.secret)
|
|
241
|
+
elsif current_resource.encrypt
|
|
242
|
+
raise "Could not decrypt current data bag item #{current_resource.name}"
|
|
243
|
+
else
|
|
244
|
+
current_resource.raw_data || { "id" => new_resource.id }
|
|
245
|
+
end
|
|
250
246
|
end
|
|
251
247
|
|
|
252
248
|
# Figure out the differences between new and current
|
|
@@ -78,7 +78,7 @@ class Chef
|
|
|
78
78
|
desired_output = encode_private_key(new_source_key)
|
|
79
79
|
if current_resource.path == :none || desired_output != IO.read(new_path)
|
|
80
80
|
converge_by "reformat key at #{new_resource.source_key_path} to #{new_resource.format} private key #{new_path} (#{new_resource.pass_phrase ? ", #{new_resource.cipher} password" : ""})" do
|
|
81
|
-
IO.
|
|
81
|
+
IO.binwrite(new_path, desired_output)
|
|
82
82
|
end
|
|
83
83
|
end
|
|
84
84
|
|
|
@@ -137,7 +137,7 @@ class Chef
|
|
|
137
137
|
converge_by "change format of #{new_resource.type} private key #{new_path} from #{current_resource.format} to #{new_resource.format}" do
|
|
138
138
|
write_private_key(current_private_key)
|
|
139
139
|
end
|
|
140
|
-
elsif (@current_file_mode & 0077) != 0
|
|
140
|
+
elsif RUBY_PLATFORM !~ /mswin|mingw32|windows/ && (@current_file_mode & 0077) != 0
|
|
141
141
|
new_mode = @current_file_mode & 07700
|
|
142
142
|
converge_by "change mode of private key #{new_path} to #{new_mode.to_s(8)}" do
|
|
143
143
|
::File.chmod(new_mode, new_path)
|
|
@@ -171,25 +171,23 @@ class Chef
|
|
|
171
171
|
end
|
|
172
172
|
|
|
173
173
|
def write_private_key(key)
|
|
174
|
-
::File.open(new_path, "
|
|
174
|
+
::File.open(new_path, "wb") do |file|
|
|
175
175
|
file.chmod(0600)
|
|
176
176
|
file.write(encode_private_key(key))
|
|
177
177
|
end
|
|
178
178
|
end
|
|
179
179
|
|
|
180
180
|
def new_source_key
|
|
181
|
-
@new_source_key ||=
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
nil
|
|
192
|
-
end
|
|
181
|
+
@new_source_key ||= if new_resource.source_key.is_a?(String)
|
|
182
|
+
source_key, _source_key_format = Cheffish::KeyFormatter.decode(new_resource.source_key, new_resource.source_key_pass_phrase)
|
|
183
|
+
source_key
|
|
184
|
+
elsif new_resource.source_key
|
|
185
|
+
new_resource.source_key
|
|
186
|
+
elsif new_resource.source_key_path
|
|
187
|
+
source_key, _source_key_format = Cheffish::KeyFormatter.decode(IO.read(new_resource.source_key_path), new_resource.source_key_pass_phrase, new_resource.source_key_path)
|
|
188
|
+
source_key
|
|
189
|
+
else
|
|
190
|
+
nil
|
|
193
191
|
end
|
|
194
192
|
end
|
|
195
193
|
|
|
@@ -31,7 +31,7 @@ class Chef
|
|
|
31
31
|
desired_output = encode_public_key(new_source_key)
|
|
32
32
|
if Array(current_resource.action) == [ :delete ] || desired_output != IO.read(new_resource.path)
|
|
33
33
|
converge_by "write #{new_resource.format} public key #{new_resource.path} from #{new_source_key_publicity} key #{new_resource.source_key_path}" do
|
|
34
|
-
IO.
|
|
34
|
+
IO.binwrite(new_resource.path, desired_output)
|
|
35
35
|
# TODO permissions on file?
|
|
36
36
|
end
|
|
37
37
|
end
|
|
@@ -62,7 +62,7 @@ class Chef
|
|
|
62
62
|
elsif new_resource.source_key
|
|
63
63
|
source_key = new_resource.source_key
|
|
64
64
|
elsif new_resource.source_key_path
|
|
65
|
-
source_key, _source_key_format = Cheffish::KeyFormatter.decode(IO.
|
|
65
|
+
source_key, _source_key_format = Cheffish::KeyFormatter.decode(IO.binread(new_resource.source_key_path), new_resource.source_key_pass_phrase, new_resource.source_key_path)
|
|
66
66
|
else
|
|
67
67
|
return nil
|
|
68
68
|
end
|
data/lib/cheffish.rb
CHANGED
|
@@ -32,11 +32,13 @@ module Cheffish
|
|
|
32
32
|
end
|
|
33
33
|
|
|
34
34
|
def self.load_chef_config(chef_config = Chef::Config)
|
|
35
|
-
if ::Gem::Version.new(::Chef::VERSION) >= ::Gem::Version.new("12.0.0")
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
35
|
+
chef_config.config_file = if ::Gem::Version.new(::Chef::VERSION) >= ::Gem::Version.new("12.0.0")
|
|
36
|
+
require "chef/workstation_config_loader"
|
|
37
|
+
Chef::WorkstationConfigLoader.new(nil, Chef::Log).chef_config_dir
|
|
38
|
+
else
|
|
39
|
+
require "chef/knife"
|
|
40
|
+
Chef::Knife.locate_config_file
|
|
41
|
+
end
|
|
40
42
|
config_fetcher = Chef::ConfigFetcher.new(chef_config.config_file, chef_config.config_file_jail)
|
|
41
43
|
if chef_config.config_file.nil?
|
|
42
44
|
Chef::Log.warn("No config file found or specified on command line, using command line options.")
|
|
@@ -120,11 +122,17 @@ module Cheffish
|
|
|
120
122
|
end
|
|
121
123
|
|
|
122
124
|
# Include all recipe objects so require 'cheffish' brings in the whole recipe DSL
|
|
123
|
-
|
|
124
125
|
require "chef/run_list/run_list_item"
|
|
125
126
|
require_relative "cheffish/basic_chef_client"
|
|
126
127
|
require_relative "cheffish/server_api"
|
|
127
|
-
|
|
128
|
+
|
|
129
|
+
# Starting with the version below, knife is no longer in the chef gem and is
|
|
130
|
+
# not available during a chef-client run. We'll keep it here for older versions
|
|
131
|
+
# to retain backward-compatibility.
|
|
132
|
+
if ::Gem::Version.new(::Chef::VERSION) < ::Gem::Version.new("17.0.178")
|
|
133
|
+
require "chef/knife"
|
|
134
|
+
end
|
|
135
|
+
|
|
128
136
|
require "chef/config_fetcher"
|
|
129
137
|
require "chef/log"
|
|
130
138
|
require "chef/application"
|
|
@@ -74,38 +74,36 @@ module Cheffish
|
|
|
74
74
|
end
|
|
75
75
|
|
|
76
76
|
def new_public_key
|
|
77
|
-
@new_public_key ||=
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
key, _key_format = Cheffish::KeyFormatter.decode(new_resource.source_key)
|
|
77
|
+
@new_public_key ||= if new_resource.source_key
|
|
78
|
+
if new_resource.source_key.is_a?(String)
|
|
79
|
+
key, _key_format = Cheffish::KeyFormatter.decode(new_resource.source_key)
|
|
81
80
|
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
end
|
|
81
|
+
if key.private?
|
|
82
|
+
key.public_key
|
|
83
|
+
else
|
|
84
|
+
key
|
|
85
|
+
end
|
|
86
|
+
elsif new_resource.source_key.private?
|
|
87
|
+
new_resource.source_key.public_key
|
|
88
|
+
else
|
|
89
|
+
new_resource.source_key
|
|
90
|
+
end
|
|
91
|
+
elsif new_resource.source_key_path
|
|
92
|
+
source_key_path = new_resource.source_key_path
|
|
93
|
+
if Pathname.new(source_key_path).relative?
|
|
94
|
+
source_key_str, source_key_path = Cheffish.get_private_key_with_path(source_key_path, run_context.config)
|
|
95
|
+
else
|
|
96
|
+
source_key_str = IO.read(source_key_path)
|
|
97
|
+
end
|
|
98
|
+
source_key, _source_key_format = Cheffish::KeyFormatter.decode(source_key_str, new_resource.source_key_pass_phrase, source_key_path)
|
|
99
|
+
if source_key.private?
|
|
100
|
+
source_key.public_key
|
|
101
|
+
else
|
|
102
|
+
source_key
|
|
103
|
+
end
|
|
104
|
+
else
|
|
105
|
+
nil
|
|
106
|
+
end
|
|
109
107
|
end
|
|
110
108
|
|
|
111
109
|
def augment_new_json(json)
|
data/lib/cheffish/recipe_dsl.rb
CHANGED
|
@@ -62,13 +62,11 @@ class Chef
|
|
|
62
62
|
string_key = "#{type}_path"
|
|
63
63
|
symbol_key = "#{type}_path".to_sym
|
|
64
64
|
|
|
65
|
-
options[symbol_key] ||=
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
end
|
|
71
|
-
end
|
|
65
|
+
options[symbol_key] ||= if options[:chef_repo_path].is_a?(String)
|
|
66
|
+
Chef::Util::PathHelper.join(options[:chef_repo_path], "#{type}s")
|
|
67
|
+
else
|
|
68
|
+
options[:chef_repo_path].map { |path| Chef::Util::PathHelper.join(path, "#{type}s") }
|
|
69
|
+
end
|
|
72
70
|
|
|
73
71
|
# Copy over to string keys for things that use string keys (ChefFS)...
|
|
74
72
|
# TODO: Fix ChefFS to take symbols or use something that is insensitive to the difference
|
data/lib/cheffish/version.rb
CHANGED
|
@@ -224,7 +224,7 @@ describe Chef::Resource::PrivateKey do
|
|
|
224
224
|
end
|
|
225
225
|
end.to have_updated "private_key[#{repo_path}/blah]", :create
|
|
226
226
|
expect(IO.read("#{repo_path}/blah")).not_to start_with("-----BEGIN")
|
|
227
|
-
expect(OpenSSL::PKey.read(IO.
|
|
227
|
+
expect(OpenSSL::PKey.read(IO.binread("#{repo_path}/blah"))).to be_kind_of(OpenSSL::PKey::RSA)
|
|
228
228
|
end
|
|
229
229
|
end
|
|
230
230
|
|
|
@@ -4,7 +4,11 @@ require "cheffish/rspec/chef_run_support"
|
|
|
4
4
|
describe "Cheffish::RSpec::ChefRunSupport" do
|
|
5
5
|
extend Cheffish::RSpec::ChefRunSupport
|
|
6
6
|
|
|
7
|
-
let(:temp_file)
|
|
7
|
+
let(:temp_file) do
|
|
8
|
+
f = Tempfile.new("test")
|
|
9
|
+
f.close
|
|
10
|
+
f
|
|
11
|
+
end
|
|
8
12
|
|
|
9
13
|
context "#recipe" do
|
|
10
14
|
it "recipe { file ... } updates the file" do
|
data/spec/support/key_support.rb
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
RSpec::Matchers.define :be_public_key_for do |private_key, pass_phrase|
|
|
2
2
|
match do |public_key|
|
|
3
3
|
if public_key.is_a?(String)
|
|
4
|
-
public_key, _public_key_format = Cheffish::KeyFormatter.decode(IO.
|
|
4
|
+
public_key, _public_key_format = Cheffish::KeyFormatter.decode(IO.binread(File.expand_path(public_key)), pass_phrase, public_key)
|
|
5
5
|
end
|
|
6
6
|
if private_key.is_a?(String)
|
|
7
|
-
private_key, _private_key_format = Cheffish::KeyFormatter.decode(IO.
|
|
7
|
+
private_key, _private_key_format = Cheffish::KeyFormatter.decode(IO.binread(File.expand_path(private_key)), pass_phrase, private_key)
|
|
8
8
|
end
|
|
9
9
|
|
|
10
10
|
encrypted = public_key.public_encrypt("hi there")
|
|
@@ -15,10 +15,10 @@ end
|
|
|
15
15
|
RSpec::Matchers.define :match_private_key do |expected, pass_phrase|
|
|
16
16
|
match do |actual|
|
|
17
17
|
if expected.is_a?(String)
|
|
18
|
-
expected, _format = Cheffish::KeyFormatter.decode(IO.
|
|
18
|
+
expected, _format = Cheffish::KeyFormatter.decode(IO.binread(File.expand_path(expected)), pass_phrase, expected)
|
|
19
19
|
end
|
|
20
20
|
if actual.is_a?(String)
|
|
21
|
-
actual, _format = Cheffish::KeyFormatter.decode(IO.
|
|
21
|
+
actual, _format = Cheffish::KeyFormatter.decode(IO.binread(File.expand_path(actual)), pass_phrase, actual)
|
|
22
22
|
end
|
|
23
23
|
|
|
24
24
|
encrypted = actual.public_encrypt("hi there")
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cheffish
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 16.0.
|
|
4
|
+
version: 16.0.26
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chef Software Inc.
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-04-02 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: chef-zero
|
|
@@ -127,7 +127,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
127
127
|
- !ruby/object:Gem::Version
|
|
128
128
|
version: '0'
|
|
129
129
|
requirements: []
|
|
130
|
-
rubygems_version: 3.
|
|
130
|
+
rubygems_version: 3.1.4
|
|
131
131
|
signing_key:
|
|
132
132
|
specification_version: 4
|
|
133
133
|
summary: A set of Chef resources for configuring Chef Infra.
|