knife-annex 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +15 -0
- data/.gitignore +17 -0
- data/CHANGELOG.md +6 -0
- data/CONTRIBUTING.md +8 -0
- data/Gemfile +13 -0
- data/LICENSE +20 -0
- data/README.md +59 -0
- data/Thorfile +32 -0
- data/knife-annex.gemspec +24 -0
- data/lib/chef/knife/annex.rb +80 -0
- data/lib/knife-annex.rb +2 -0
- data/lib/knife-annex/version.rb +3 -0
- metadata +97 -0
checksums.yaml
ADDED
@@ -0,0 +1,15 @@
|
|
1
|
+
---
|
2
|
+
!binary "U0hBMQ==":
|
3
|
+
metadata.gz: !binary |-
|
4
|
+
NjYxZjc4ZjhhNzViZGZhZTA1YTc1MWZlNTFjMWU4ZDg4YjkyNTU2Nw==
|
5
|
+
data.tar.gz: !binary |-
|
6
|
+
MWI2YjEyOTkwMGRjYTUzNWZiMDdjNzQ5OWExMWUzNzg3YmM3ZDk1Ng==
|
7
|
+
!binary "U0hBNTEy":
|
8
|
+
metadata.gz: !binary |-
|
9
|
+
ZmE2OTNkZTY3MzY5ZTg0NGQ0NWY2YjE1ZmNiYmJjOGQ0NTllY2U5MzE0OTMx
|
10
|
+
ODJiYTZlZmIxOTlkY2MyZmZkMzQyYWRkMjUzZTY5MjM5NzNhOWEyZDg1MDQ3
|
11
|
+
NzUyN2ZiMDFiMGYxZDIyNzFjOTE4NThjOWFhM2NlNjM1OWNkODc=
|
12
|
+
data.tar.gz: !binary |-
|
13
|
+
M2M2NTQ3YzFiMmI0Njk5MTY0NjRiNTNlM2Q2YzhmZDI1ZGYwMGY4NGQ1MGVi
|
14
|
+
MjM4YzYyNDJhODFhYjk3ZTM3NzNmNDE5ZTcyNGYyNDgzZWNjNDc4NWQ0NTI3
|
15
|
+
MGIxNjA1OWEwNDAxY2NjY2VjZmQ0ZTFiYzI1NzA4NWRiYjhmMjQ=
|
data/.gitignore
ADDED
data/CHANGELOG.md
ADDED
data/CONTRIBUTING.md
ADDED
@@ -0,0 +1,8 @@
|
|
1
|
+
# Contributing
|
2
|
+
|
3
|
+
1. Fork the repository on GitHub
|
4
|
+
2. Create your feature branch (`git checkout -b feature/awesomeness`)
|
5
|
+
3. Create your changes, document them.
|
6
|
+
4. Commit your changes (`git commit -am 'Add more awesomeness'`)
|
7
|
+
5. Push to the branch (`git push -u origin feature/awesomeness`)
|
8
|
+
6. Create new Pull Request on GitHub
|
data/Gemfile
ADDED
@@ -0,0 +1,13 @@
|
|
1
|
+
source 'https://rubygems.org'
|
2
|
+
|
3
|
+
gemspec
|
4
|
+
|
5
|
+
# Helpers used with development, but not needed in runtime, build
|
6
|
+
# time, or for tests.
|
7
|
+
group :developer_workstation do
|
8
|
+
gem 'awesome_print'
|
9
|
+
gem 'pry'
|
10
|
+
gem 'pry-debugger'
|
11
|
+
gem 'pry-rescue'
|
12
|
+
gem 'pry-stack_explorer'
|
13
|
+
end
|
data/LICENSE
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright (C) 2013 Maciej Pasternacki <maciej@3ofcoins.net>
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,59 @@
|
|
1
|
+
# Knife Annex
|
2
|
+
|
3
|
+
Knife plugin that implements git-annex hook backend for chef-vault.
|
4
|
+
|
5
|
+
- [git-annex](http://git-annex.branchable.com/)
|
6
|
+
- [git-annex hook](http://git-annex.branchable.com/special_remotes/hook/)
|
7
|
+
- [chef-vault](https://github.com/Nordstrom/chef-vault/)
|
8
|
+
|
9
|
+
|
10
|
+
This plugin uses a data bag named `annex` to store
|
11
|
+
items encrypted by chef-vault for admin chef users (except the
|
12
|
+
`admin` user created by default) available as git-annex files.
|
13
|
+
|
14
|
+
This allows keeping shared secret files (such as access keys - think
|
15
|
+
Amazon Web Services - or passwords) out of Git repository, store them
|
16
|
+
securely encrypted, and still keep convenient git-based access.
|
17
|
+
|
18
|
+
## Installation
|
19
|
+
|
20
|
+
Add this line to your chef repo's Gemfile:
|
21
|
+
|
22
|
+
gem 'knife-annex'
|
23
|
+
|
24
|
+
And then execute:
|
25
|
+
|
26
|
+
$ bundle
|
27
|
+
|
28
|
+
Or install it yourself as:
|
29
|
+
|
30
|
+
$ gem install knife-annex
|
31
|
+
|
32
|
+
## Usage
|
33
|
+
|
34
|
+
Configure the hook type for git-annex:
|
35
|
+
|
36
|
+
$ git config annex.chef-vault-hook 'knife annex'
|
37
|
+
|
38
|
+
If you use Bundler with your chef repo, you may need this form:
|
39
|
+
|
40
|
+
$ git config annex.chef-vault-hook 'bundle exec knife annex'
|
41
|
+
|
42
|
+
Then, initialise the special remote:
|
43
|
+
|
44
|
+
$ git annex initremote chef-server type=hook hooktype=chef-vault encryption=none
|
45
|
+
|
46
|
+
If you're extra paranoid, you can have double encryption by specifying
|
47
|
+
`encryption=shared` in the special remote's options.
|
48
|
+
|
49
|
+
After that, you can use `chef-server` remote normally with
|
50
|
+
git-annex.
|
51
|
+
|
52
|
+
When your admin user list changes, you can rekey the data by
|
53
|
+
running:
|
54
|
+
|
55
|
+
$ knife annex --rotate-keys
|
56
|
+
|
57
|
+
## Contributing
|
58
|
+
|
59
|
+
See the [CONTRIBUTING.md](CONTRIBUTING.md) file
|
data/Thorfile
ADDED
@@ -0,0 +1,32 @@
|
|
1
|
+
$:.push File.expand_path('../lib', __FILE__)
|
2
|
+
require 'rubygems'
|
3
|
+
|
4
|
+
require 'bundler/setup'
|
5
|
+
|
6
|
+
require 'rake/testtask'
|
7
|
+
require 'thor/rake_compat'
|
8
|
+
|
9
|
+
class Default < Thor
|
10
|
+
class Gem < Thor
|
11
|
+
namespace :gem
|
12
|
+
|
13
|
+
include Thor::RakeCompat
|
14
|
+
Bundler::GemHelper.install_tasks
|
15
|
+
|
16
|
+
desc "build", "Build knife-annex-#{KnifeAnnex::VERSION}.gem into the pkg directory"
|
17
|
+
def build
|
18
|
+
Rake::Task["build"].execute
|
19
|
+
end
|
20
|
+
|
21
|
+
desc "release", "Create tag v#{KnifeAnnex::VERSION} and build and push knife-annex-#{KnifeAnnex::VERSION}.gem to Rubygems"
|
22
|
+
def release
|
23
|
+
Rake::Task["release"].execute
|
24
|
+
end
|
25
|
+
|
26
|
+
desc "install", "Build and install knife-annex-#{KnifeAnnex::VERSION}.gem into system gems"
|
27
|
+
def install
|
28
|
+
Rake::Task["install"].execute
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
data/knife-annex.gemspec
ADDED
@@ -0,0 +1,24 @@
|
|
1
|
+
# -*- mode: ruby; coding: utf-8 -*-
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require 'knife-annex/version'
|
5
|
+
|
6
|
+
Gem::Specification.new do |spec|
|
7
|
+
spec.name = "knife-annex"
|
8
|
+
spec.version = KnifeAnnex::VERSION
|
9
|
+
spec.authors = ["Maciej Pasternacki"]
|
10
|
+
spec.email = ["maciej@3ofcoins.net"]
|
11
|
+
spec.description = 'Knife plugin implementing a git-annex backend in chef-vault'
|
12
|
+
spec.summary = 'Knife plugin implementing a git-annex backend in chef-vault'
|
13
|
+
spec.homepage = "https://github.com/3ofcoins/knife-annex/"
|
14
|
+
spec.license = "MIT"
|
15
|
+
|
16
|
+
spec.files = `git ls-files`.split($/)
|
17
|
+
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
18
|
+
spec.require_paths = ["lib"]
|
19
|
+
|
20
|
+
spec.add_dependency 'chef-vault', '>= 2.0.0'
|
21
|
+
|
22
|
+
spec.add_development_dependency "bundler", "~> 1.3"
|
23
|
+
spec.add_development_dependency "thor", "~> 0.18.1"
|
24
|
+
end
|
@@ -0,0 +1,80 @@
|
|
1
|
+
require 'chef/knife'
|
2
|
+
|
3
|
+
class Chef
|
4
|
+
class Knife
|
5
|
+
class Annex < Knife
|
6
|
+
DATA_BAG = 'annex'
|
7
|
+
IGNORE_USERS = ['admin']
|
8
|
+
|
9
|
+
deps do
|
10
|
+
require 'chef/user'
|
11
|
+
require 'chef-vault'
|
12
|
+
end
|
13
|
+
|
14
|
+
banner "knife annex (options)"
|
15
|
+
|
16
|
+
option :rotate_keys,
|
17
|
+
:long => '--rotate-keys',
|
18
|
+
:description => 'Update admin keys on items'
|
19
|
+
|
20
|
+
def admins
|
21
|
+
@admins ||= Chef::User.list.
|
22
|
+
keys.
|
23
|
+
select { |u| !IGNORE_USERS.include?(u) && Chef::User.load(u).admin }
|
24
|
+
end
|
25
|
+
|
26
|
+
def annex_key
|
27
|
+
ENV['ANNEX_KEY'].gsub(/[^[:alnum:]_\-]+/, '_')
|
28
|
+
end
|
29
|
+
|
30
|
+
def annex_file
|
31
|
+
ENV['ANNEX_FILE']
|
32
|
+
end
|
33
|
+
|
34
|
+
def run
|
35
|
+
case ENV['ANNEX_ACTION']
|
36
|
+
when 'store'
|
37
|
+
begin
|
38
|
+
item = ChefVault::Item.load(DATA_BAG, annex_key)
|
39
|
+
rescue ChefVault::Exceptions::KeysNotFound,
|
40
|
+
ChefVault::Exceptions::ItemNotFound
|
41
|
+
item = ChefVault::Item.new(DATA_BAG, annex_key)
|
42
|
+
end
|
43
|
+
item['data'] = File.read(annex_file)
|
44
|
+
item.admins(admins.join(','))
|
45
|
+
item.save
|
46
|
+
when 'retrieve'
|
47
|
+
item = ChefVault::Item.load(DATA_BAG, annex_key)
|
48
|
+
if annex_file
|
49
|
+
File.write(annex_file, item['data'])
|
50
|
+
else
|
51
|
+
puts item['data']
|
52
|
+
end
|
53
|
+
when 'remove'
|
54
|
+
delete_object(ChefVault::Item, "#{vault}/#{item}", "chef_vault_item") do
|
55
|
+
ChefVault::Item.load(DATA_BAG, annex_key).destroy
|
56
|
+
end
|
57
|
+
when 'checkpresent'
|
58
|
+
begin
|
59
|
+
ChefVault::Item.load(DATA_BAG, annex_key)
|
60
|
+
rescue ChefVault::Exceptions::KeysNotFound,
|
61
|
+
ChefVault::Exceptions::ItemNotFound
|
62
|
+
# not found, we do nothing
|
63
|
+
else
|
64
|
+
# found
|
65
|
+
puts annex_key
|
66
|
+
end
|
67
|
+
else
|
68
|
+
items = ( @name_args.empty? ?
|
69
|
+
Chef::DataBag.load(DATA_BAG).keys.reject { |k| k =~ /_keys$/ } :
|
70
|
+
@name_args )
|
71
|
+
if config[:rotate_keys]
|
72
|
+
p rotate: items
|
73
|
+
else
|
74
|
+
puts "Use this command as git-annex hook"
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|
78
|
+
end
|
79
|
+
end
|
80
|
+
end
|
data/lib/knife-annex.rb
ADDED
metadata
ADDED
@@ -0,0 +1,97 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: knife-annex
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Maciej Pasternacki
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2013-09-28 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: chef-vault
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ! '>='
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: 2.0.0
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ! '>='
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: 2.0.0
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: bundler
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - ~>
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '1.3'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - ~>
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '1.3'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: thor
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ~>
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: 0.18.1
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - ~>
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: 0.18.1
|
55
|
+
description: Knife plugin implementing a git-annex backend in chef-vault
|
56
|
+
email:
|
57
|
+
- maciej@3ofcoins.net
|
58
|
+
executables: []
|
59
|
+
extensions: []
|
60
|
+
extra_rdoc_files: []
|
61
|
+
files:
|
62
|
+
- .gitignore
|
63
|
+
- CHANGELOG.md
|
64
|
+
- CONTRIBUTING.md
|
65
|
+
- Gemfile
|
66
|
+
- LICENSE
|
67
|
+
- README.md
|
68
|
+
- Thorfile
|
69
|
+
- knife-annex.gemspec
|
70
|
+
- lib/chef/knife/annex.rb
|
71
|
+
- lib/knife-annex.rb
|
72
|
+
- lib/knife-annex/version.rb
|
73
|
+
homepage: https://github.com/3ofcoins/knife-annex/
|
74
|
+
licenses:
|
75
|
+
- MIT
|
76
|
+
metadata: {}
|
77
|
+
post_install_message:
|
78
|
+
rdoc_options: []
|
79
|
+
require_paths:
|
80
|
+
- lib
|
81
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
82
|
+
requirements:
|
83
|
+
- - ! '>='
|
84
|
+
- !ruby/object:Gem::Version
|
85
|
+
version: '0'
|
86
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
87
|
+
requirements:
|
88
|
+
- - ! '>='
|
89
|
+
- !ruby/object:Gem::Version
|
90
|
+
version: '0'
|
91
|
+
requirements: []
|
92
|
+
rubyforge_project:
|
93
|
+
rubygems_version: 2.0.5
|
94
|
+
signing_key:
|
95
|
+
specification_version: 4
|
96
|
+
summary: Knife plugin implementing a git-annex backend in chef-vault
|
97
|
+
test_files: []
|