knife-briefcase 0.0.1 → 0.1.0

checksums.yaml

@@ -1,15 +1,15 @@
 ---
 !binary "U0hBMQ==":
   metadata.gz: !binary |-
-    MjI5YTE4YzQ3OTk0ZTA2MjA5OGFhMTFkODJmNTAxYzk0ZWUwMTY2MA==
+    ZWQ0YjU2M2ZhNTliNmQ3OTgyZGIyMDQ2ZTFlMDFlM2Y5MGE1OTgyNA==
   data.tar.gz: !binary |-
-    YTVmMGZiMGRkYTAwYjg1NzBjNzhiZGFhYmFjNmE5ZmE1NDc2ODk2Yw==
+    OTMyYjlmOTEzNmU2NTNjY2E0MmE4N2I2MTIxODc5YzliMWMyOTliOQ==
 !binary "U0hBNTEy":
   metadata.gz: !binary |-
-    NDRkMmJkMWFlNDFjM2Q3YzcyNGQ5MGUyZDA2MDYxNzU0MDg0ZDVjNDhiNzM1
-    YTU2OWRmNDMyMThhOGQzMTgzYTA4NTMzMzE0MTlhOWM4OWJiZDBjNDRjYmUz
-    YTg5YjJjZDA0OGQ1NDJjZmUwZjgzYWRhZmM3YTdmZmM2MGE1YWU=
+    NGU3YzA0NmMwZjI3YjQ1ZDkwYWVkNjE2YTRmZmU0OGFiYTg1NzRkYjEzMDUz
+    YjVlNmRkNTBiYWIzMjY0M2I5NjlkNjI1N2ViYmUxMzcxOWU2N2Y4OWUzMDdj
+    MWZkNDFhYWIzNDI4YTIxMmQyZTUyNjM0MTQyYTFkYzc0OGFmZjY=
   data.tar.gz: !binary |-
-    MDE5Zjk0Y2ZiNWZmMTY4MjNhZGM1NWM0YzI4MjFkY2M4OTdlZjVhZDgwYmEy
-    NmY1YWVjYzdlNTBmY2Q2ZmMxM2ZlNDM1MWE5MjQ0MDMyZDYyOGI3MWRiNjYx
-    NzdmYjU0NGY3MDZhODY5OGVlZjQ4Yzk2MzRmYTlhODY4ODY1NTI=
+    YTkyYmRlNjc2ZGQ1ZWZmZGE3M2YxNTczMGFhYjE5MGM3OTFjN2NjOTczMDRl
+    ZDZjZmRjNjVmOTM3NTZkMDg1OWUwMDI3Y2ExY2QzZGJjNjhiMjIxMDE3YTBi
+    ZWU4NjI5YzJiZTE0NjVhNGQxNzFmNjE5NTU1MWYyMjQ4OGY0M2Y=

data/CHANGELOG.md

@@ -1,6 +1,14 @@
-# Changes
+Changes
+=======
 
-## 0.0.1
+0.1.0
+-----
+
+ * Bugfixes
+ * Add git-annex hook
+
+0.0.1
+-----
 
  * Initial release
  * Created on Monday, 2013-06-17

data/README.md

@@ -49,6 +49,26 @@ re-encrypted. This should be called when briefcase holders list is
 changed, to allow added user to decrypt bag - or to prevent further
 access by removed user.
 
+## Git Annex support
+
+The briefcase is a perfect storage backend for
+[git-annex](http://git-annex.branchable.com/). This combination lets
+you pretend-store secret files in the repository, sync them over
+git-annex, and have the content safely encrypted on the Chef server.
+
+To use briefcase as a git-annex special repo, configure a
+[hook](http://git-annex.branchable.com/special_remotes/hook/):
+
+```
+$ git config annex.briefcase-hook 'knife briefcase annex hook'
+$ git annex initremote briefcase type=hook hooktype=briefcase encryption=none
+```
+
+By default, annex content will be stored in the `annex` data bag; you
+can pass `--data-bag=NAME` argument to `knife briefcase annex hook` or
+configure `briefcase_annex_data_bag` in `knife.rb` to use a different
+data bag.
+
 ## Configuration
 
 Following `knife.rb` settings are used:
@@ -61,6 +81,10 @@ Following `knife.rb` settings are used:
    default to hold encrypted content. If not provided, `briefcase`
    data bag will be used. The data bag name can be overriden on
    command line.
+ - `briefcase_annex_data_bag` -- name of the data bag that will be
+   used by default by `knife briefcase annex hook`. If not provided,
+   `annex` data bag will be used. The data bag name can be overriden
+   on command line.
 
 ### Example configuration
 

data/lib/chef/knife/briefcase_annex_hook.rb

@@ -0,0 +1,45 @@
+require 'knife-briefcase/knife'
+
+class Chef::Knife::BriefcaseAnnexHook < KnifeBriefcase::Knife
+  banner "knife briefcase annex hook"
+
+  def run
+    item_id = ENV['ANNEX_KEY'].gsub(/[^[:alnum:]_\-]+/, '_')
+
+    case ENV['ANNEX_ACTION']
+    when 'store'
+      require 'chef/knife/briefcase_put'
+      run_subcommand BriefcasePut, item_id, ENV['ANNEX_FILE']
+    when 'retrieve'
+      require 'chef/knife/briefcase_get'
+      run_subcommand BriefcaseGet, item_id, ENV['ANNEX_FILE']
+    when 'remove'
+      delete_object(Chef::DataBagItem, item_id, 'briefcase_item') do
+        rest.delete_rest("data/#{data_bag_name}/#{item_name}")
+      end
+    when 'checkpresent'
+      begin
+        data_bag = Chef::DataBag.load(data_bag_name)
+        puts ENV['ANNEX_KEY'] if data_bag.include?(item_id)
+      rescue Net::HTTPServerException => e
+        # Ignore 404 - checkpresent should succeed and *not* print the
+        # key when not found.
+        raise unless Net::HTTPNotFound === e.data
+      end
+    else
+      raise RuntimeError, "Unknown ANNEX_ACTION #{ENV['ANNEX_ACTION'].inspect}"
+    end
+  end
+
+  def run_subcommand(cls, *args)
+    subcmd = cls.new
+    subcmd.ui = ui
+    subcmd.name_args = args
+    subcmd.config[:data_bag] = data_bag_name
+    subcmd.run
+  end
+
+  def data_bag_name
+    config[:data_bag] || Chef::Config[:briefcase_annex_data_bag] || 'annex'
+  end
+end

data/lib/chef/knife/briefcase_delete.rb

@@ -1,7 +1,6 @@
 require 'knife-briefcase/knife'
 
-class Chef::Knife::BriefcaseDelete < Chef::Knife
-  include KnifeBriefcase::Knife
+class Chef::Knife::BriefcaseDelete < KnifeBriefcase::Knife
   banner "knife briefcase delete NAME [NAME [...]]"
 
   def run

data/lib/chef/knife/briefcase_get.rb

@@ -1,7 +1,6 @@
 require 'knife-briefcase/knife'
 
-class Chef::Knife::BriefcaseGet < Chef::Knife
-  include KnifeBriefcase::Knife
+class Chef::Knife::BriefcaseGet < KnifeBriefcase::Knife
   banner "knife briefcase get NAME [FILE]"
 
   def run

data/lib/chef/knife/briefcase_list.rb

@@ -1,7 +1,6 @@
 require 'knife-briefcase/knife'
 
-class Chef::Knife::BriefcaseList < Chef::Knife
-  include KnifeBriefcase::Knife
+class Chef::Knife::BriefcaseList < KnifeBriefcase::Knife
   banner "knife briefcase list"
 
   def run

data/lib/chef/knife/briefcase_put.rb

@@ -1,7 +1,6 @@
 require 'knife-briefcase/knife'
 
-class Chef::Knife::BriefcasePut < Chef::Knife
-  include KnifeBriefcase::Knife
+class Chef::Knife::BriefcasePut < KnifeBriefcase::Knife
   banner "knife briefcase put NAME [FILE]"
 
   def run

data/lib/chef/knife/briefcase_reload.rb

@@ -1,7 +1,6 @@
 require 'knife-briefcase/knife'
 
-class Chef::Knife::BriefcaseReload < Chef::Knife
-  include KnifeBriefcase::Knife
+class Chef::Knife::BriefcaseReload < KnifeBriefcase::Knife
   banner "knife briefcase reload [NAME [NAME [...]]]"
 
   def run

data/lib/knife-briefcase/knife.rb

@@ -1,9 +1,14 @@
 require 'chef/knife'
 
 module KnifeBriefcase
-  module Knife
+  class Knife < Chef::Knife
+
     def self.deps
       super do
+        require 'chef/data_bag'
+        require 'chef/data_bag_item'
+        require 'gpgme'
+        require 'highline'
         yield if block_given?
       end
     end
@@ -11,19 +16,14 @@ module KnifeBriefcase
     def self.inherited(c)
       super
 
-      c.class_eval do
-        deps do
-          require 'chef/data_bag'
-          require 'chef/data_bag_item'
-          require 'gpgme'
-          require 'highline'
-        end
+      # Ensure we always get to do our includes, whether subclass calls deps or not
+      c.deps do
+      end
 
-        category 'briefcase'
-        option :data_bag,
+      c.category 'briefcase'
+      c.option :data_bag,
                :long => '--data-bag DATA_BAG_NAME',
                :description => 'Name of the data bag'
-      end
     end
 
     def data_bag_name

data/lib/knife-briefcase/version.rb

@@ -1,3 +1,3 @@
 module KnifeBriefcase
-  VERSION = "0.0.1"
+  VERSION = "0.1.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: knife-briefcase
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.1.0
 platform: ruby
 authors:
 - Maciej Pasternacki
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-07-17 00:00:00.000000000 Z
+date: 2013-07-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef
@@ -180,6 +180,7 @@ files:
 - README.md
 - Thorfile
 - knife-briefcase.gemspec
+- lib/chef/knife/briefcase_annex_hook.rb
 - lib/chef/knife/briefcase_delete.rb
 - lib/chef/knife/briefcase_get.rb
 - lib/chef/knife/briefcase_list.rb