kitchen-encrypt-databags 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/lib/kitchen/provisioner/chef_zero_encrypt_databags.rb +64 -0
- metadata +73 -0
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: 25b93aca796f28856145603d1d03ecf927c19326
|
|
4
|
+
data.tar.gz: 46db614a82b4435bad0c6d32f5f92f6591d3d7c8
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: 570d86d80b452e54e5b8244f63e004127367e5e0d66ad7c109f2f8897faca5e85ce97e8279d057ea357c73280921aadf058f6322cd26e9a057bde52461df9b54
|
|
7
|
+
data.tar.gz: 979392efe2163dc96bb8a90f4c72795ea82d194399e20cb6ea8007614566a750c5bd600487fadb043c45460bbbdadb1802fc168b951d288cf9fe03eb780f85f0
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
require "kitchen"
|
|
3
|
+
require "kitchen/provisioner/chef_zero"
|
|
4
|
+
require "chef/encrypted_data_bag_item"
|
|
5
|
+
|
|
6
|
+
module Kitchen
|
|
7
|
+
module Provisioner
|
|
8
|
+
# This gem aims to extend the ChefZero provisioner from test-kitchen to automatically
|
|
9
|
+
# encrypt data bags when provisioning the test sandbox.
|
|
10
|
+
class ChefZeroEncryptDatabags < ChefZero
|
|
11
|
+
class DataBagEncryptionException < StandardError
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def create_sandbox
|
|
15
|
+
super # call the original, which will insert databags
|
|
16
|
+
encrypt_data_bags
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
private
|
|
20
|
+
|
|
21
|
+
# Take the data bags that we have copied to the box, and encrypt each with the
|
|
22
|
+
# provided data bag secret key. This allows users to create unencrypted data bags
|
|
23
|
+
# for their tests that they can then use via Chef::EncryptedDataBagItem.load
|
|
24
|
+
#
|
|
25
|
+
# This will only target data bags at sandbox/data_bags/**/*.json, and will need to
|
|
26
|
+
# be run after the data bags have been copied into place.
|
|
27
|
+
def encrypt_data_bags
|
|
28
|
+
unless secret_key
|
|
29
|
+
raise DataBagEncryptionException, <<-MSG
|
|
30
|
+
Encrypting data bags requires an encrypted_data_bag_secret_key_path!
|
|
31
|
+
MSG
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
data_bag_files.each do |data_bag_file|
|
|
35
|
+
data_bag_enc = encrypt_data_bag(data_bag_file, secret_key)
|
|
36
|
+
File.write(data_bag_file, JSON.pretty_generate(data_bag_enc))
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
def data_bag_files
|
|
41
|
+
data_bags_glob = File.join(sandbox_path, "data_bags", "**", "*.json")
|
|
42
|
+
Dir.glob(data_bags_glob)
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
def encrypt_data_bag(data_bag_path, secret_key)
|
|
46
|
+
data_bag = JSON.parse(File.read(data_bag_path))
|
|
47
|
+
::Chef::EncryptedDataBagItem.encrypt_data_bag_item(data_bag, secret_key)
|
|
48
|
+
rescue StandardError => err
|
|
49
|
+
raise DataBagEncryptionException, <<-MSG
|
|
50
|
+
Failed to encrypt data bag at #{data_bag_path} with error "#{err}"
|
|
51
|
+
MSG
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
def secret_key
|
|
55
|
+
@secret_key ||= begin
|
|
56
|
+
secret_key_path = config[:encrypted_data_bag_secret_key_path] || ""
|
|
57
|
+
# The strip is important- this is how Chef reads the secret file, and we'll need
|
|
58
|
+
# to do the same if Chef is to decrypt anything with this key
|
|
59
|
+
File.read(secret_key_path).strip if File.exist?(secret_key_path)
|
|
60
|
+
end
|
|
61
|
+
end
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,73 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: kitchen-encrypt-databags
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.1.0
|
|
5
|
+
platform: ruby
|
|
6
|
+
authors:
|
|
7
|
+
- Lawrence Jones
|
|
8
|
+
autorequire:
|
|
9
|
+
bindir: bin
|
|
10
|
+
cert_chain: []
|
|
11
|
+
date: 2017-01-14 00:00:00.000000000 Z
|
|
12
|
+
dependencies:
|
|
13
|
+
- !ruby/object:Gem::Dependency
|
|
14
|
+
name: chef
|
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirements:
|
|
17
|
+
- - "~>"
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: '12.17'
|
|
20
|
+
type: :runtime
|
|
21
|
+
prerelease: false
|
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
+
requirements:
|
|
24
|
+
- - "~>"
|
|
25
|
+
- !ruby/object:Gem::Version
|
|
26
|
+
version: '12.17'
|
|
27
|
+
- !ruby/object:Gem::Dependency
|
|
28
|
+
name: test-kitchen
|
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
|
30
|
+
requirements:
|
|
31
|
+
- - "~>"
|
|
32
|
+
- !ruby/object:Gem::Version
|
|
33
|
+
version: '1.13'
|
|
34
|
+
type: :runtime
|
|
35
|
+
prerelease: false
|
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
+
requirements:
|
|
38
|
+
- - "~>"
|
|
39
|
+
- !ruby/object:Gem::Version
|
|
40
|
+
version: '1.13'
|
|
41
|
+
description: test-kitchen add-on
|
|
42
|
+
email:
|
|
43
|
+
- lawrjone@gmail.com
|
|
44
|
+
executables: []
|
|
45
|
+
extensions: []
|
|
46
|
+
extra_rdoc_files: []
|
|
47
|
+
files:
|
|
48
|
+
- lib/kitchen/provisioner/chef_zero_encrypt_databags.rb
|
|
49
|
+
homepage: https://github.com/lawrencejones/kitchen-encrypt-databags
|
|
50
|
+
licenses:
|
|
51
|
+
- MIT
|
|
52
|
+
metadata: {}
|
|
53
|
+
post_install_message:
|
|
54
|
+
rdoc_options: []
|
|
55
|
+
require_paths:
|
|
56
|
+
- lib
|
|
57
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
58
|
+
requirements:
|
|
59
|
+
- - ">="
|
|
60
|
+
- !ruby/object:Gem::Version
|
|
61
|
+
version: '0'
|
|
62
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
63
|
+
requirements:
|
|
64
|
+
- - ">="
|
|
65
|
+
- !ruby/object:Gem::Version
|
|
66
|
+
version: '0'
|
|
67
|
+
requirements: []
|
|
68
|
+
rubyforge_project:
|
|
69
|
+
rubygems_version: 2.6.8
|
|
70
|
+
signing_key:
|
|
71
|
+
specification_version: 4
|
|
72
|
+
summary: automatically encrypt databags when provisioning sandbox
|
|
73
|
+
test_files: []
|