knife-annex 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,15 @@
1
+ ---
2
+ !binary "U0hBMQ==":
3
+ metadata.gz: !binary |-
4
+ NjYxZjc4ZjhhNzViZGZhZTA1YTc1MWZlNTFjMWU4ZDg4YjkyNTU2Nw==
5
+ data.tar.gz: !binary |-
6
+ MWI2YjEyOTkwMGRjYTUzNWZiMDdjNzQ5OWExMWUzNzg3YmM3ZDk1Ng==
7
+ !binary "U0hBNTEy":
8
+ metadata.gz: !binary |-
9
+ ZmE2OTNkZTY3MzY5ZTg0NGQ0NWY2YjE1ZmNiYmJjOGQ0NTllY2U5MzE0OTMx
10
+ ODJiYTZlZmIxOTlkY2MyZmZkMzQyYWRkMjUzZTY5MjM5NzNhOWEyZDg1MDQ3
11
+ NzUyN2ZiMDFiMGYxZDIyNzFjOTE4NThjOWFhM2NlNjM1OWNkODc=
12
+ data.tar.gz: !binary |-
13
+ M2M2NTQ3YzFiMmI0Njk5MTY0NjRiNTNlM2Q2YzhmZDI1ZGYwMGY4NGQ1MGVi
14
+ MjM4YzYyNDJhODFhYjk3ZTM3NzNmNDE5ZTcyNGYyNDgzZWNjNDc4NWQ0NTI3
15
+ MGIxNjA1OWEwNDAxY2NjY2VjZmQ0ZTFiYzI1NzA4NWRiYjhmMjQ=
@@ -0,0 +1,17 @@
1
+ *.gem
2
+ *.rbc
3
+ *~
4
+ .*.swp
5
+ .DS_Store
6
+ /.bundle
7
+ /.config
8
+ /.yardoc
9
+ /Gemfile.lock
10
+ /InstalledFiles
11
+ /coverage
12
+ /doc/public
13
+ /lib/bundler/man
14
+ /pkg
15
+ /spec/reports
16
+ /tmp
17
+ /vendor/cache
@@ -0,0 +1,6 @@
1
+ # Changes
2
+
3
+ ## 0.0.1
4
+
5
+ * Initial release
6
+ * Created on Saturday, 2013-09-28
@@ -0,0 +1,8 @@
1
+ # Contributing
2
+
3
+ 1. Fork the repository on GitHub
4
+ 2. Create your feature branch (`git checkout -b feature/awesomeness`)
5
+ 3. Create your changes, document them.
6
+ 4. Commit your changes (`git commit -am 'Add more awesomeness'`)
7
+ 5. Push to the branch (`git push -u origin feature/awesomeness`)
8
+ 6. Create new Pull Request on GitHub
data/Gemfile ADDED
@@ -0,0 +1,13 @@
1
+ source 'https://rubygems.org'
2
+
3
+ gemspec
4
+
5
+ # Helpers used with development, but not needed in runtime, build
6
+ # time, or for tests.
7
+ group :developer_workstation do
8
+ gem 'awesome_print'
9
+ gem 'pry'
10
+ gem 'pry-debugger'
11
+ gem 'pry-rescue'
12
+ gem 'pry-stack_explorer'
13
+ end
data/LICENSE ADDED
@@ -0,0 +1,20 @@
1
+ Copyright (C) 2013 Maciej Pasternacki <maciej@3ofcoins.net>
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining
4
+ a copy of this software and associated documentation files (the
5
+ "Software"), to deal in the Software without restriction, including
6
+ without limitation the rights to use, copy, modify, merge, publish,
7
+ distribute, sublicense, and/or sell copies of the Software, and to
8
+ permit persons to whom the Software is furnished to do so, subject to
9
+ the following conditions:
10
+
11
+ The above copyright notice and this permission notice shall be
12
+ included in all copies or substantial portions of the Software.
13
+
14
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
@@ -0,0 +1,59 @@
1
+ # Knife Annex
2
+
3
+ Knife plugin that implements git-annex hook backend for chef-vault.
4
+
5
+ - [git-annex](http://git-annex.branchable.com/)
6
+ - [git-annex hook](http://git-annex.branchable.com/special_remotes/hook/)
7
+ - [chef-vault](https://github.com/Nordstrom/chef-vault/)
8
+
9
+
10
+ This plugin uses a data bag named `annex` to store
11
+ items encrypted by chef-vault for admin chef users (except the
12
+ `admin` user created by default) available as git-annex files.
13
+
14
+ This allows keeping shared secret files (such as access keys - think
15
+ Amazon Web Services - or passwords) out of Git repository, store them
16
+ securely encrypted, and still keep convenient git-based access.
17
+
18
+ ## Installation
19
+
20
+ Add this line to your chef repo's Gemfile:
21
+
22
+ gem 'knife-annex'
23
+
24
+ And then execute:
25
+
26
+ $ bundle
27
+
28
+ Or install it yourself as:
29
+
30
+ $ gem install knife-annex
31
+
32
+ ## Usage
33
+
34
+ Configure the hook type for git-annex:
35
+
36
+ $ git config annex.chef-vault-hook 'knife annex'
37
+
38
+ If you use Bundler with your chef repo, you may need this form:
39
+
40
+ $ git config annex.chef-vault-hook 'bundle exec knife annex'
41
+
42
+ Then, initialise the special remote:
43
+
44
+ $ git annex initremote chef-server type=hook hooktype=chef-vault encryption=none
45
+
46
+ If you're extra paranoid, you can have double encryption by specifying
47
+ `encryption=shared` in the special remote's options.
48
+
49
+ After that, you can use `chef-server` remote normally with
50
+ git-annex.
51
+
52
+ When your admin user list changes, you can rekey the data by
53
+ running:
54
+
55
+ $ knife annex --rotate-keys
56
+
57
+ ## Contributing
58
+
59
+ See the [CONTRIBUTING.md](CONTRIBUTING.md) file
@@ -0,0 +1,32 @@
1
+ $:.push File.expand_path('../lib', __FILE__)
2
+ require 'rubygems'
3
+
4
+ require 'bundler/setup'
5
+
6
+ require 'rake/testtask'
7
+ require 'thor/rake_compat'
8
+
9
+ class Default < Thor
10
+ class Gem < Thor
11
+ namespace :gem
12
+
13
+ include Thor::RakeCompat
14
+ Bundler::GemHelper.install_tasks
15
+
16
+ desc "build", "Build knife-annex-#{KnifeAnnex::VERSION}.gem into the pkg directory"
17
+ def build
18
+ Rake::Task["build"].execute
19
+ end
20
+
21
+ desc "release", "Create tag v#{KnifeAnnex::VERSION} and build and push knife-annex-#{KnifeAnnex::VERSION}.gem to Rubygems"
22
+ def release
23
+ Rake::Task["release"].execute
24
+ end
25
+
26
+ desc "install", "Build and install knife-annex-#{KnifeAnnex::VERSION}.gem into system gems"
27
+ def install
28
+ Rake::Task["install"].execute
29
+ end
30
+ end
31
+ end
32
+
@@ -0,0 +1,24 @@
1
+ # -*- mode: ruby; coding: utf-8 -*-
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'knife-annex/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "knife-annex"
8
+ spec.version = KnifeAnnex::VERSION
9
+ spec.authors = ["Maciej Pasternacki"]
10
+ spec.email = ["maciej@3ofcoins.net"]
11
+ spec.description = 'Knife plugin implementing a git-annex backend in chef-vault'
12
+ spec.summary = 'Knife plugin implementing a git-annex backend in chef-vault'
13
+ spec.homepage = "https://github.com/3ofcoins/knife-annex/"
14
+ spec.license = "MIT"
15
+
16
+ spec.files = `git ls-files`.split($/)
17
+ spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
18
+ spec.require_paths = ["lib"]
19
+
20
+ spec.add_dependency 'chef-vault', '>= 2.0.0'
21
+
22
+ spec.add_development_dependency "bundler", "~> 1.3"
23
+ spec.add_development_dependency "thor", "~> 0.18.1"
24
+ end
@@ -0,0 +1,80 @@
1
+ require 'chef/knife'
2
+
3
+ class Chef
4
+ class Knife
5
+ class Annex < Knife
6
+ DATA_BAG = 'annex'
7
+ IGNORE_USERS = ['admin']
8
+
9
+ deps do
10
+ require 'chef/user'
11
+ require 'chef-vault'
12
+ end
13
+
14
+ banner "knife annex (options)"
15
+
16
+ option :rotate_keys,
17
+ :long => '--rotate-keys',
18
+ :description => 'Update admin keys on items'
19
+
20
+ def admins
21
+ @admins ||= Chef::User.list.
22
+ keys.
23
+ select { |u| !IGNORE_USERS.include?(u) && Chef::User.load(u).admin }
24
+ end
25
+
26
+ def annex_key
27
+ ENV['ANNEX_KEY'].gsub(/[^[:alnum:]_\-]+/, '_')
28
+ end
29
+
30
+ def annex_file
31
+ ENV['ANNEX_FILE']
32
+ end
33
+
34
+ def run
35
+ case ENV['ANNEX_ACTION']
36
+ when 'store'
37
+ begin
38
+ item = ChefVault::Item.load(DATA_BAG, annex_key)
39
+ rescue ChefVault::Exceptions::KeysNotFound,
40
+ ChefVault::Exceptions::ItemNotFound
41
+ item = ChefVault::Item.new(DATA_BAG, annex_key)
42
+ end
43
+ item['data'] = File.read(annex_file)
44
+ item.admins(admins.join(','))
45
+ item.save
46
+ when 'retrieve'
47
+ item = ChefVault::Item.load(DATA_BAG, annex_key)
48
+ if annex_file
49
+ File.write(annex_file, item['data'])
50
+ else
51
+ puts item['data']
52
+ end
53
+ when 'remove'
54
+ delete_object(ChefVault::Item, "#{vault}/#{item}", "chef_vault_item") do
55
+ ChefVault::Item.load(DATA_BAG, annex_key).destroy
56
+ end
57
+ when 'checkpresent'
58
+ begin
59
+ ChefVault::Item.load(DATA_BAG, annex_key)
60
+ rescue ChefVault::Exceptions::KeysNotFound,
61
+ ChefVault::Exceptions::ItemNotFound
62
+ # not found, we do nothing
63
+ else
64
+ # found
65
+ puts annex_key
66
+ end
67
+ else
68
+ items = ( @name_args.empty? ?
69
+ Chef::DataBag.load(DATA_BAG).keys.reject { |k| k =~ /_keys$/ } :
70
+ @name_args )
71
+ if config[:rotate_keys]
72
+ p rotate: items
73
+ else
74
+ puts "Use this command as git-annex hook"
75
+ end
76
+ end
77
+ end
78
+ end
79
+ end
80
+ end
@@ -0,0 +1,2 @@
1
+ require "knife-annex/version"
2
+
@@ -0,0 +1,3 @@
1
+ module KnifeAnnex
2
+ VERSION = "0.0.1"
3
+ end
metadata ADDED
@@ -0,0 +1,97 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: knife-annex
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ platform: ruby
6
+ authors:
7
+ - Maciej Pasternacki
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2013-09-28 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: chef-vault
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ! '>='
18
+ - !ruby/object:Gem::Version
19
+ version: 2.0.0
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ! '>='
25
+ - !ruby/object:Gem::Version
26
+ version: 2.0.0
27
+ - !ruby/object:Gem::Dependency
28
+ name: bundler
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ~>
32
+ - !ruby/object:Gem::Version
33
+ version: '1.3'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ~>
39
+ - !ruby/object:Gem::Version
40
+ version: '1.3'
41
+ - !ruby/object:Gem::Dependency
42
+ name: thor
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ~>
46
+ - !ruby/object:Gem::Version
47
+ version: 0.18.1
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ~>
53
+ - !ruby/object:Gem::Version
54
+ version: 0.18.1
55
+ description: Knife plugin implementing a git-annex backend in chef-vault
56
+ email:
57
+ - maciej@3ofcoins.net
58
+ executables: []
59
+ extensions: []
60
+ extra_rdoc_files: []
61
+ files:
62
+ - .gitignore
63
+ - CHANGELOG.md
64
+ - CONTRIBUTING.md
65
+ - Gemfile
66
+ - LICENSE
67
+ - README.md
68
+ - Thorfile
69
+ - knife-annex.gemspec
70
+ - lib/chef/knife/annex.rb
71
+ - lib/knife-annex.rb
72
+ - lib/knife-annex/version.rb
73
+ homepage: https://github.com/3ofcoins/knife-annex/
74
+ licenses:
75
+ - MIT
76
+ metadata: {}
77
+ post_install_message:
78
+ rdoc_options: []
79
+ require_paths:
80
+ - lib
81
+ required_ruby_version: !ruby/object:Gem::Requirement
82
+ requirements:
83
+ - - ! '>='
84
+ - !ruby/object:Gem::Version
85
+ version: '0'
86
+ required_rubygems_version: !ruby/object:Gem::Requirement
87
+ requirements:
88
+ - - ! '>='
89
+ - !ruby/object:Gem::Version
90
+ version: '0'
91
+ requirements: []
92
+ rubyforge_project:
93
+ rubygems_version: 2.0.5
94
+ signing_key:
95
+ specification_version: 4
96
+ summary: Knife plugin implementing a git-annex backend in chef-vault
97
+ test_files: []