kitchen-encrypt-databags 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/lib/kitchen/provisioner/chef_zero_encrypt_databags.rb +64 -0
- metadata +73 -0
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: 25b93aca796f28856145603d1d03ecf927c19326
|
|
4
|
+
data.tar.gz: 46db614a82b4435bad0c6d32f5f92f6591d3d7c8
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: 570d86d80b452e54e5b8244f63e004127367e5e0d66ad7c109f2f8897faca5e85ce97e8279d057ea357c73280921aadf058f6322cd26e9a057bde52461df9b54
|
|
7
|
+
data.tar.gz: 979392efe2163dc96bb8a90f4c72795ea82d194399e20cb6ea8007614566a750c5bd600487fadb043c45460bbbdadb1802fc168b951d288cf9fe03eb780f85f0
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
require "kitchen"
|
|
3
|
+
require "kitchen/provisioner/chef_zero"
|
|
4
|
+
require "chef/encrypted_data_bag_item"
|
|
5
|
+
|
|
6
|
+
module Kitchen
|
|
7
|
+
module Provisioner
|
|
8
|
+
# This gem aims to extend the ChefZero provisioner from test-kitchen to automatically
|
|
9
|
+
# encrypt data bags when provisioning the test sandbox.
|
|
10
|
+
class ChefZeroEncryptDatabags < ChefZero
|
|
11
|
+
class DataBagEncryptionException < StandardError
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def create_sandbox
|
|
15
|
+
super # call the original, which will insert databags
|
|
16
|
+
encrypt_data_bags
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
private
|
|
20
|
+
|
|
21
|
+
# Take the data bags that we have copied to the box, and encrypt each with the
|
|
22
|
+
# provided data bag secret key. This allows users to create unencrypted data bags
|
|
23
|
+
# for their tests that they can then use via Chef::EncryptedDataBagItem.load
|
|
24
|
+
#
|
|
25
|
+
# This will only target data bags at sandbox/data_bags/**/*.json, and will need to
|
|
26
|
+
# be run after the data bags have been copied into place.
|
|
27
|
+
def encrypt_data_bags
|
|
28
|
+
unless secret_key
|
|
29
|
+
raise DataBagEncryptionException, <<-MSG
|
|
30
|
+
Encrypting data bags requires an encrypted_data_bag_secret_key_path!
|
|
31
|
+
MSG
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
data_bag_files.each do |data_bag_file|
|
|
35
|
+
data_bag_enc = encrypt_data_bag(data_bag_file, secret_key)
|
|
36
|
+
File.write(data_bag_file, JSON.pretty_generate(data_bag_enc))
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
def data_bag_files
|
|
41
|
+
data_bags_glob = File.join(sandbox_path, "data_bags", "**", "*.json")
|
|
42
|
+
Dir.glob(data_bags_glob)
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
def encrypt_data_bag(data_bag_path, secret_key)
|
|
46
|
+
data_bag = JSON.parse(File.read(data_bag_path))
|
|
47
|
+
::Chef::EncryptedDataBagItem.encrypt_data_bag_item(data_bag, secret_key)
|
|
48
|
+
rescue StandardError => err
|
|
49
|
+
raise DataBagEncryptionException, <<-MSG
|
|
50
|
+
Failed to encrypt data bag at #{data_bag_path} with error "#{err}"
|
|
51
|
+
MSG
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
def secret_key
|
|
55
|
+
@secret_key ||= begin
|
|
56
|
+
secret_key_path = config[:encrypted_data_bag_secret_key_path] || ""
|
|
57
|
+
# The strip is important- this is how Chef reads the secret file, and we'll need
|
|
58
|
+
# to do the same if Chef is to decrypt anything with this key
|
|
59
|
+
File.read(secret_key_path).strip if File.exist?(secret_key_path)
|
|
60
|
+
end
|
|
61
|
+
end
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,73 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: kitchen-encrypt-databags
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.1.0
|
|
5
|
+
platform: ruby
|
|
6
|
+
authors:
|
|
7
|
+
- Lawrence Jones
|
|
8
|
+
autorequire:
|
|
9
|
+
bindir: bin
|
|
10
|
+
cert_chain: []
|
|
11
|
+
date: 2017-01-14 00:00:00.000000000 Z
|
|
12
|
+
dependencies:
|
|
13
|
+
- !ruby/object:Gem::Dependency
|
|
14
|
+
name: chef
|
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirements:
|
|
17
|
+
- - "~>"
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: '12.17'
|
|
20
|
+
type: :runtime
|
|
21
|
+
prerelease: false
|
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
+
requirements:
|
|
24
|
+
- - "~>"
|
|
25
|
+
- !ruby/object:Gem::Version
|
|
26
|
+
version: '12.17'
|
|
27
|
+
- !ruby/object:Gem::Dependency
|
|
28
|
+
name: test-kitchen
|
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
|
30
|
+
requirements:
|
|
31
|
+
- - "~>"
|
|
32
|
+
- !ruby/object:Gem::Version
|
|
33
|
+
version: '1.13'
|
|
34
|
+
type: :runtime
|
|
35
|
+
prerelease: false
|
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
+
requirements:
|
|
38
|
+
- - "~>"
|
|
39
|
+
- !ruby/object:Gem::Version
|
|
40
|
+
version: '1.13'
|
|
41
|
+
description: test-kitchen add-on
|
|
42
|
+
email:
|
|
43
|
+
- lawrjone@gmail.com
|
|
44
|
+
executables: []
|
|
45
|
+
extensions: []
|
|
46
|
+
extra_rdoc_files: []
|
|
47
|
+
files:
|
|
48
|
+
- lib/kitchen/provisioner/chef_zero_encrypt_databags.rb
|
|
49
|
+
homepage: https://github.com/lawrencejones/kitchen-encrypt-databags
|
|
50
|
+
licenses:
|
|
51
|
+
- MIT
|
|
52
|
+
metadata: {}
|
|
53
|
+
post_install_message:
|
|
54
|
+
rdoc_options: []
|
|
55
|
+
require_paths:
|
|
56
|
+
- lib
|
|
57
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
58
|
+
requirements:
|
|
59
|
+
- - ">="
|
|
60
|
+
- !ruby/object:Gem::Version
|
|
61
|
+
version: '0'
|
|
62
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
63
|
+
requirements:
|
|
64
|
+
- - ">="
|
|
65
|
+
- !ruby/object:Gem::Version
|
|
66
|
+
version: '0'
|
|
67
|
+
requirements: []
|
|
68
|
+
rubyforge_project:
|
|
69
|
+
rubygems_version: 2.6.8
|
|
70
|
+
signing_key:
|
|
71
|
+
specification_version: 4
|
|
72
|
+
summary: automatically encrypt databags when provisioning sandbox
|
|
73
|
+
test_files: []
|