knife-annex 0.0.1

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,15 @@
1
+ ---
2
+ !binary "U0hBMQ==":
3
+ metadata.gz: !binary |-
4
+ NjYxZjc4ZjhhNzViZGZhZTA1YTc1MWZlNTFjMWU4ZDg4YjkyNTU2Nw==
5
+ data.tar.gz: !binary |-
6
+ MWI2YjEyOTkwMGRjYTUzNWZiMDdjNzQ5OWExMWUzNzg3YmM3ZDk1Ng==
7
+ !binary "U0hBNTEy":
8
+ metadata.gz: !binary |-
9
+ ZmE2OTNkZTY3MzY5ZTg0NGQ0NWY2YjE1ZmNiYmJjOGQ0NTllY2U5MzE0OTMx
10
+ ODJiYTZlZmIxOTlkY2MyZmZkMzQyYWRkMjUzZTY5MjM5NzNhOWEyZDg1MDQ3
11
+ NzUyN2ZiMDFiMGYxZDIyNzFjOTE4NThjOWFhM2NlNjM1OWNkODc=
12
+ data.tar.gz: !binary |-
13
+ M2M2NTQ3YzFiMmI0Njk5MTY0NjRiNTNlM2Q2YzhmZDI1ZGYwMGY4NGQ1MGVi
14
+ MjM4YzYyNDJhODFhYjk3ZTM3NzNmNDE5ZTcyNGYyNDgzZWNjNDc4NWQ0NTI3
15
+ MGIxNjA1OWEwNDAxY2NjY2VjZmQ0ZTFiYzI1NzA4NWRiYjhmMjQ=
@@ -0,0 +1,17 @@
1
+ *.gem
2
+ *.rbc
3
+ *~
4
+ .*.swp
5
+ .DS_Store
6
+ /.bundle
7
+ /.config
8
+ /.yardoc
9
+ /Gemfile.lock
10
+ /InstalledFiles
11
+ /coverage
12
+ /doc/public
13
+ /lib/bundler/man
14
+ /pkg
15
+ /spec/reports
16
+ /tmp
17
+ /vendor/cache
@@ -0,0 +1,6 @@
1
+ # Changes
2
+
3
+ ## 0.0.1
4
+
5
+ * Initial release
6
+ * Created on Saturday, 2013-09-28
@@ -0,0 +1,8 @@
1
+ # Contributing
2
+
3
+ 1. Fork the repository on GitHub
4
+ 2. Create your feature branch (`git checkout -b feature/awesomeness`)
5
+ 3. Create your changes, document them.
6
+ 4. Commit your changes (`git commit -am 'Add more awesomeness'`)
7
+ 5. Push to the branch (`git push -u origin feature/awesomeness`)
8
+ 6. Create new Pull Request on GitHub
data/Gemfile ADDED
@@ -0,0 +1,13 @@
1
+ source 'https://rubygems.org'
2
+
3
+ gemspec
4
+
5
+ # Helpers used with development, but not needed in runtime, build
6
+ # time, or for tests.
7
+ group :developer_workstation do
8
+ gem 'awesome_print'
9
+ gem 'pry'
10
+ gem 'pry-debugger'
11
+ gem 'pry-rescue'
12
+ gem 'pry-stack_explorer'
13
+ end
data/LICENSE ADDED
@@ -0,0 +1,20 @@
1
+ Copyright (C) 2013 Maciej Pasternacki <maciej@3ofcoins.net>
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining
4
+ a copy of this software and associated documentation files (the
5
+ "Software"), to deal in the Software without restriction, including
6
+ without limitation the rights to use, copy, modify, merge, publish,
7
+ distribute, sublicense, and/or sell copies of the Software, and to
8
+ permit persons to whom the Software is furnished to do so, subject to
9
+ the following conditions:
10
+
11
+ The above copyright notice and this permission notice shall be
12
+ included in all copies or substantial portions of the Software.
13
+
14
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
@@ -0,0 +1,59 @@
1
+ # Knife Annex
2
+
3
+ Knife plugin that implements git-annex hook backend for chef-vault.
4
+
5
+ - [git-annex](http://git-annex.branchable.com/)
6
+ - [git-annex hook](http://git-annex.branchable.com/special_remotes/hook/)
7
+ - [chef-vault](https://github.com/Nordstrom/chef-vault/)
8
+
9
+
10
+ This plugin uses a data bag named `annex` to store
11
+ items encrypted by chef-vault for admin chef users (except the
12
+ `admin` user created by default) available as git-annex files.
13
+
14
+ This allows keeping shared secret files (such as access keys - think
15
+ Amazon Web Services - or passwords) out of Git repository, store them
16
+ securely encrypted, and still keep convenient git-based access.
17
+
18
+ ## Installation
19
+
20
+ Add this line to your chef repo's Gemfile:
21
+
22
+ gem 'knife-annex'
23
+
24
+ And then execute:
25
+
26
+ $ bundle
27
+
28
+ Or install it yourself as:
29
+
30
+ $ gem install knife-annex
31
+
32
+ ## Usage
33
+
34
+ Configure the hook type for git-annex:
35
+
36
+ $ git config annex.chef-vault-hook 'knife annex'
37
+
38
+ If you use Bundler with your chef repo, you may need this form:
39
+
40
+ $ git config annex.chef-vault-hook 'bundle exec knife annex'
41
+
42
+ Then, initialise the special remote:
43
+
44
+ $ git annex initremote chef-server type=hook hooktype=chef-vault encryption=none
45
+
46
+ If you're extra paranoid, you can have double encryption by specifying
47
+ `encryption=shared` in the special remote's options.
48
+
49
+ After that, you can use `chef-server` remote normally with
50
+ git-annex.
51
+
52
+ When your admin user list changes, you can rekey the data by
53
+ running:
54
+
55
+ $ knife annex --rotate-keys
56
+
57
+ ## Contributing
58
+
59
+ See the [CONTRIBUTING.md](CONTRIBUTING.md) file
@@ -0,0 +1,32 @@
1
+ $:.push File.expand_path('../lib', __FILE__)
2
+ require 'rubygems'
3
+
4
+ require 'bundler/setup'
5
+
6
+ require 'rake/testtask'
7
+ require 'thor/rake_compat'
8
+
9
+ class Default < Thor
10
+ class Gem < Thor
11
+ namespace :gem
12
+
13
+ include Thor::RakeCompat
14
+ Bundler::GemHelper.install_tasks
15
+
16
+ desc "build", "Build knife-annex-#{KnifeAnnex::VERSION}.gem into the pkg directory"
17
+ def build
18
+ Rake::Task["build"].execute
19
+ end
20
+
21
+ desc "release", "Create tag v#{KnifeAnnex::VERSION} and build and push knife-annex-#{KnifeAnnex::VERSION}.gem to Rubygems"
22
+ def release
23
+ Rake::Task["release"].execute
24
+ end
25
+
26
+ desc "install", "Build and install knife-annex-#{KnifeAnnex::VERSION}.gem into system gems"
27
+ def install
28
+ Rake::Task["install"].execute
29
+ end
30
+ end
31
+ end
32
+
@@ -0,0 +1,24 @@
1
+ # -*- mode: ruby; coding: utf-8 -*-
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'knife-annex/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "knife-annex"
8
+ spec.version = KnifeAnnex::VERSION
9
+ spec.authors = ["Maciej Pasternacki"]
10
+ spec.email = ["maciej@3ofcoins.net"]
11
+ spec.description = 'Knife plugin implementing a git-annex backend in chef-vault'
12
+ spec.summary = 'Knife plugin implementing a git-annex backend in chef-vault'
13
+ spec.homepage = "https://github.com/3ofcoins/knife-annex/"
14
+ spec.license = "MIT"
15
+
16
+ spec.files = `git ls-files`.split($/)
17
+ spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
18
+ spec.require_paths = ["lib"]
19
+
20
+ spec.add_dependency 'chef-vault', '>= 2.0.0'
21
+
22
+ spec.add_development_dependency "bundler", "~> 1.3"
23
+ spec.add_development_dependency "thor", "~> 0.18.1"
24
+ end
@@ -0,0 +1,80 @@
1
+ require 'chef/knife'
2
+
3
+ class Chef
4
+ class Knife
5
+ class Annex < Knife
6
+ DATA_BAG = 'annex'
7
+ IGNORE_USERS = ['admin']
8
+
9
+ deps do
10
+ require 'chef/user'
11
+ require 'chef-vault'
12
+ end
13
+
14
+ banner "knife annex (options)"
15
+
16
+ option :rotate_keys,
17
+ :long => '--rotate-keys',
18
+ :description => 'Update admin keys on items'
19
+
20
+ def admins
21
+ @admins ||= Chef::User.list.
22
+ keys.
23
+ select { |u| !IGNORE_USERS.include?(u) && Chef::User.load(u).admin }
24
+ end
25
+
26
+ def annex_key
27
+ ENV['ANNEX_KEY'].gsub(/[^[:alnum:]_\-]+/, '_')
28
+ end
29
+
30
+ def annex_file
31
+ ENV['ANNEX_FILE']
32
+ end
33
+
34
+ def run
35
+ case ENV['ANNEX_ACTION']
36
+ when 'store'
37
+ begin
38
+ item = ChefVault::Item.load(DATA_BAG, annex_key)
39
+ rescue ChefVault::Exceptions::KeysNotFound,
40
+ ChefVault::Exceptions::ItemNotFound
41
+ item = ChefVault::Item.new(DATA_BAG, annex_key)
42
+ end
43
+ item['data'] = File.read(annex_file)
44
+ item.admins(admins.join(','))
45
+ item.save
46
+ when 'retrieve'
47
+ item = ChefVault::Item.load(DATA_BAG, annex_key)
48
+ if annex_file
49
+ File.write(annex_file, item['data'])
50
+ else
51
+ puts item['data']
52
+ end
53
+ when 'remove'
54
+ delete_object(ChefVault::Item, "#{vault}/#{item}", "chef_vault_item") do
55
+ ChefVault::Item.load(DATA_BAG, annex_key).destroy
56
+ end
57
+ when 'checkpresent'
58
+ begin
59
+ ChefVault::Item.load(DATA_BAG, annex_key)
60
+ rescue ChefVault::Exceptions::KeysNotFound,
61
+ ChefVault::Exceptions::ItemNotFound
62
+ # not found, we do nothing
63
+ else
64
+ # found
65
+ puts annex_key
66
+ end
67
+ else
68
+ items = ( @name_args.empty? ?
69
+ Chef::DataBag.load(DATA_BAG).keys.reject { |k| k =~ /_keys$/ } :
70
+ @name_args )
71
+ if config[:rotate_keys]
72
+ p rotate: items
73
+ else
74
+ puts "Use this command as git-annex hook"
75
+ end
76
+ end
77
+ end
78
+ end
79
+ end
80
+ end
@@ -0,0 +1,2 @@
1
+ require "knife-annex/version"
2
+
@@ -0,0 +1,3 @@
1
+ module KnifeAnnex
2
+ VERSION = "0.0.1"
3
+ end
metadata ADDED
@@ -0,0 +1,97 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: knife-annex
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ platform: ruby
6
+ authors:
7
+ - Maciej Pasternacki
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2013-09-28 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: chef-vault
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ! '>='
18
+ - !ruby/object:Gem::Version
19
+ version: 2.0.0
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ! '>='
25
+ - !ruby/object:Gem::Version
26
+ version: 2.0.0
27
+ - !ruby/object:Gem::Dependency
28
+ name: bundler
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ~>
32
+ - !ruby/object:Gem::Version
33
+ version: '1.3'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ~>
39
+ - !ruby/object:Gem::Version
40
+ version: '1.3'
41
+ - !ruby/object:Gem::Dependency
42
+ name: thor
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ~>
46
+ - !ruby/object:Gem::Version
47
+ version: 0.18.1
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ~>
53
+ - !ruby/object:Gem::Version
54
+ version: 0.18.1
55
+ description: Knife plugin implementing a git-annex backend in chef-vault
56
+ email:
57
+ - maciej@3ofcoins.net
58
+ executables: []
59
+ extensions: []
60
+ extra_rdoc_files: []
61
+ files:
62
+ - .gitignore
63
+ - CHANGELOG.md
64
+ - CONTRIBUTING.md
65
+ - Gemfile
66
+ - LICENSE
67
+ - README.md
68
+ - Thorfile
69
+ - knife-annex.gemspec
70
+ - lib/chef/knife/annex.rb
71
+ - lib/knife-annex.rb
72
+ - lib/knife-annex/version.rb
73
+ homepage: https://github.com/3ofcoins/knife-annex/
74
+ licenses:
75
+ - MIT
76
+ metadata: {}
77
+ post_install_message:
78
+ rdoc_options: []
79
+ require_paths:
80
+ - lib
81
+ required_ruby_version: !ruby/object:Gem::Requirement
82
+ requirements:
83
+ - - ! '>='
84
+ - !ruby/object:Gem::Version
85
+ version: '0'
86
+ required_rubygems_version: !ruby/object:Gem::Requirement
87
+ requirements:
88
+ - - ! '>='
89
+ - !ruby/object:Gem::Version
90
+ version: '0'
91
+ requirements: []
92
+ rubyforge_project:
93
+ rubygems_version: 2.0.5
94
+ signing_key:
95
+ specification_version: 4
96
+ summary: Knife plugin implementing a git-annex backend in chef-vault
97
+ test_files: []