knife-briefcase 0.0.1 → 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,15 +1,15 @@
1
1
  ---
2
2
  !binary "U0hBMQ==":
3
3
  metadata.gz: !binary |-
4
- MjI5YTE4YzQ3OTk0ZTA2MjA5OGFhMTFkODJmNTAxYzk0ZWUwMTY2MA==
4
+ ZWQ0YjU2M2ZhNTliNmQ3OTgyZGIyMDQ2ZTFlMDFlM2Y5MGE1OTgyNA==
5
5
  data.tar.gz: !binary |-
6
- YTVmMGZiMGRkYTAwYjg1NzBjNzhiZGFhYmFjNmE5ZmE1NDc2ODk2Yw==
6
+ OTMyYjlmOTEzNmU2NTNjY2E0MmE4N2I2MTIxODc5YzliMWMyOTliOQ==
7
7
  !binary "U0hBNTEy":
8
8
  metadata.gz: !binary |-
9
- NDRkMmJkMWFlNDFjM2Q3YzcyNGQ5MGUyZDA2MDYxNzU0MDg0ZDVjNDhiNzM1
10
- YTU2OWRmNDMyMThhOGQzMTgzYTA4NTMzMzE0MTlhOWM4OWJiZDBjNDRjYmUz
11
- YTg5YjJjZDA0OGQ1NDJjZmUwZjgzYWRhZmM3YTdmZmM2MGE1YWU=
9
+ NGU3YzA0NmMwZjI3YjQ1ZDkwYWVkNjE2YTRmZmU0OGFiYTg1NzRkYjEzMDUz
10
+ YjVlNmRkNTBiYWIzMjY0M2I5NjlkNjI1N2ViYmUxMzcxOWU2N2Y4OWUzMDdj
11
+ MWZkNDFhYWIzNDI4YTIxMmQyZTUyNjM0MTQyYTFkYzc0OGFmZjY=
12
12
  data.tar.gz: !binary |-
13
- MDE5Zjk0Y2ZiNWZmMTY4MjNhZGM1NWM0YzI4MjFkY2M4OTdlZjVhZDgwYmEy
14
- NmY1YWVjYzdlNTBmY2Q2ZmMxM2ZlNDM1MWE5MjQ0MDMyZDYyOGI3MWRiNjYx
15
- NzdmYjU0NGY3MDZhODY5OGVlZjQ4Yzk2MzRmYTlhODY4ODY1NTI=
13
+ YTkyYmRlNjc2ZGQ1ZWZmZGE3M2YxNTczMGFhYjE5MGM3OTFjN2NjOTczMDRl
14
+ ZDZjZmRjNjVmOTM3NTZkMDg1OWUwMDI3Y2ExY2QzZGJjNjhiMjIxMDE3YTBi
15
+ ZWU4NjI5YzJiZTE0NjVhNGQxNzFmNjE5NTU1MWYyMjQ4OGY0M2Y=
@@ -1,6 +1,14 @@
1
- # Changes
1
+ Changes
2
+ =======
2
3
 
3
- ## 0.0.1
4
+ 0.1.0
5
+ -----
6
+
7
+ * Bugfixes
8
+ * Add git-annex hook
9
+
10
+ 0.0.1
11
+ -----
4
12
 
5
13
  * Initial release
6
14
  * Created on Monday, 2013-06-17
data/README.md CHANGED
@@ -49,6 +49,26 @@ re-encrypted. This should be called when briefcase holders list is
49
49
  changed, to allow added user to decrypt bag - or to prevent further
50
50
  access by removed user.
51
51
 
52
+ ## Git Annex support
53
+
54
+ The briefcase is a perfect storage backend for
55
+ [git-annex](http://git-annex.branchable.com/). This combination lets
56
+ you pretend-store secret files in the repository, sync them over
57
+ git-annex, and have the content safely encrypted on the Chef server.
58
+
59
+ To use briefcase as a git-annex special repo, configure a
60
+ [hook](http://git-annex.branchable.com/special_remotes/hook/):
61
+
62
+ ```
63
+ $ git config annex.briefcase-hook 'knife briefcase annex hook'
64
+ $ git annex initremote briefcase type=hook hooktype=briefcase encryption=none
65
+ ```
66
+
67
+ By default, annex content will be stored in the `annex` data bag; you
68
+ can pass `--data-bag=NAME` argument to `knife briefcase annex hook` or
69
+ configure `briefcase_annex_data_bag` in `knife.rb` to use a different
70
+ data bag.
71
+
52
72
  ## Configuration
53
73
 
54
74
  Following `knife.rb` settings are used:
@@ -61,6 +81,10 @@ Following `knife.rb` settings are used:
61
81
  default to hold encrypted content. If not provided, `briefcase`
62
82
  data bag will be used. The data bag name can be overriden on
63
83
  command line.
84
+ - `briefcase_annex_data_bag` -- name of the data bag that will be
85
+ used by default by `knife briefcase annex hook`. If not provided,
86
+ `annex` data bag will be used. The data bag name can be overriden
87
+ on command line.
64
88
 
65
89
  ### Example configuration
66
90
 
@@ -0,0 +1,45 @@
1
+ require 'knife-briefcase/knife'
2
+
3
+ class Chef::Knife::BriefcaseAnnexHook < KnifeBriefcase::Knife
4
+ banner "knife briefcase annex hook"
5
+
6
+ def run
7
+ item_id = ENV['ANNEX_KEY'].gsub(/[^[:alnum:]_\-]+/, '_')
8
+
9
+ case ENV['ANNEX_ACTION']
10
+ when 'store'
11
+ require 'chef/knife/briefcase_put'
12
+ run_subcommand BriefcasePut, item_id, ENV['ANNEX_FILE']
13
+ when 'retrieve'
14
+ require 'chef/knife/briefcase_get'
15
+ run_subcommand BriefcaseGet, item_id, ENV['ANNEX_FILE']
16
+ when 'remove'
17
+ delete_object(Chef::DataBagItem, item_id, 'briefcase_item') do
18
+ rest.delete_rest("data/#{data_bag_name}/#{item_name}")
19
+ end
20
+ when 'checkpresent'
21
+ begin
22
+ data_bag = Chef::DataBag.load(data_bag_name)
23
+ puts ENV['ANNEX_KEY'] if data_bag.include?(item_id)
24
+ rescue Net::HTTPServerException => e
25
+ # Ignore 404 - checkpresent should succeed and *not* print the
26
+ # key when not found.
27
+ raise unless Net::HTTPNotFound === e.data
28
+ end
29
+ else
30
+ raise RuntimeError, "Unknown ANNEX_ACTION #{ENV['ANNEX_ACTION'].inspect}"
31
+ end
32
+ end
33
+
34
+ def run_subcommand(cls, *args)
35
+ subcmd = cls.new
36
+ subcmd.ui = ui
37
+ subcmd.name_args = args
38
+ subcmd.config[:data_bag] = data_bag_name
39
+ subcmd.run
40
+ end
41
+
42
+ def data_bag_name
43
+ config[:data_bag] || Chef::Config[:briefcase_annex_data_bag] || 'annex'
44
+ end
45
+ end
@@ -1,7 +1,6 @@
1
1
  require 'knife-briefcase/knife'
2
2
 
3
- class Chef::Knife::BriefcaseDelete < Chef::Knife
4
- include KnifeBriefcase::Knife
3
+ class Chef::Knife::BriefcaseDelete < KnifeBriefcase::Knife
5
4
  banner "knife briefcase delete NAME [NAME [...]]"
6
5
 
7
6
  def run
@@ -1,7 +1,6 @@
1
1
  require 'knife-briefcase/knife'
2
2
 
3
- class Chef::Knife::BriefcaseGet < Chef::Knife
4
- include KnifeBriefcase::Knife
3
+ class Chef::Knife::BriefcaseGet < KnifeBriefcase::Knife
5
4
  banner "knife briefcase get NAME [FILE]"
6
5
 
7
6
  def run
@@ -1,7 +1,6 @@
1
1
  require 'knife-briefcase/knife'
2
2
 
3
- class Chef::Knife::BriefcaseList < Chef::Knife
4
- include KnifeBriefcase::Knife
3
+ class Chef::Knife::BriefcaseList < KnifeBriefcase::Knife
5
4
  banner "knife briefcase list"
6
5
 
7
6
  def run
@@ -1,7 +1,6 @@
1
1
  require 'knife-briefcase/knife'
2
2
 
3
- class Chef::Knife::BriefcasePut < Chef::Knife
4
- include KnifeBriefcase::Knife
3
+ class Chef::Knife::BriefcasePut < KnifeBriefcase::Knife
5
4
  banner "knife briefcase put NAME [FILE]"
6
5
 
7
6
  def run
@@ -1,7 +1,6 @@
1
1
  require 'knife-briefcase/knife'
2
2
 
3
- class Chef::Knife::BriefcaseReload < Chef::Knife
4
- include KnifeBriefcase::Knife
3
+ class Chef::Knife::BriefcaseReload < KnifeBriefcase::Knife
5
4
  banner "knife briefcase reload [NAME [NAME [...]]]"
6
5
 
7
6
  def run
@@ -1,9 +1,14 @@
1
1
  require 'chef/knife'
2
2
 
3
3
  module KnifeBriefcase
4
- module Knife
4
+ class Knife < Chef::Knife
5
+
5
6
  def self.deps
6
7
  super do
8
+ require 'chef/data_bag'
9
+ require 'chef/data_bag_item'
10
+ require 'gpgme'
11
+ require 'highline'
7
12
  yield if block_given?
8
13
  end
9
14
  end
@@ -11,19 +16,14 @@ module KnifeBriefcase
11
16
  def self.inherited(c)
12
17
  super
13
18
 
14
- c.class_eval do
15
- deps do
16
- require 'chef/data_bag'
17
- require 'chef/data_bag_item'
18
- require 'gpgme'
19
- require 'highline'
20
- end
19
+ # Ensure we always get to do our includes, whether subclass calls deps or not
20
+ c.deps do
21
+ end
21
22
 
22
- category 'briefcase'
23
- option :data_bag,
23
+ c.category 'briefcase'
24
+ c.option :data_bag,
24
25
  :long => '--data-bag DATA_BAG_NAME',
25
26
  :description => 'Name of the data bag'
26
- end
27
27
  end
28
28
 
29
29
  def data_bag_name
@@ -1,3 +1,3 @@
1
1
  module KnifeBriefcase
2
- VERSION = "0.0.1"
2
+ VERSION = "0.1.0"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: knife-briefcase
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
4
+ version: 0.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Maciej Pasternacki
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2013-07-17 00:00:00.000000000 Z
11
+ date: 2013-07-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: chef
@@ -180,6 +180,7 @@ files:
180
180
  - README.md
181
181
  - Thorfile
182
182
  - knife-briefcase.gemspec
183
+ - lib/chef/knife/briefcase_annex_hook.rb
183
184
  - lib/chef/knife/briefcase_delete.rb
184
185
  - lib/chef/knife/briefcase_get.rb
185
186
  - lib/chef/knife/briefcase_list.rb