RubyGems - ridley - Versions diffs - 0.4.1 → 0.5.0 - Mend

ridley 0.4.1 → 0.5.0

Files changed (10) hide show

data/lib/ridley/bootstrapper/context.rb +1 -1
data/lib/ridley/connection.rb +13 -0
data/lib/ridley/resources/data_bag.rb +12 -4
data/lib/ridley/resources/data_bag_item.rb +19 -0
data/lib/ridley/resources/encrypted_data_bag_item.rb +54 -0
data/lib/ridley/version.rb +1 -1
data/spec/fixtures/encrypted_data_bag_secret +1 -0
data/spec/unit/ridley/connection_spec.rb +31 -1
data/spec/unit/ridley/resources/data_bag_item_spec.rb +11 -0
metadata +6 -3

data/lib/ridley/bootstrapper/context.rb CHANGED Viewed

@@ -151,7 +151,7 @@ CONFIG
         IO.read(encrypted_data_bag_secret_path).chomp
       rescue Errno::ENOENT => encrypted_data_bag_secret
-        raise Errors::EncryptedDataBagSecretNotFound, "Error bootstrapping: Encrypted data bag secret provided but not found at '#{encrypted_data_bag_secret_path}"
+        raise Errors::EncryptedDataBagSecretNotFound, "Error bootstrapping: Encrypted data bag secret provided but not found at '#{encrypted_data_bag_secret_path}'"
       end
       private

data/lib/ridley/connection.rb CHANGED Viewed

@@ -156,6 +156,19 @@ module Ridley
       self.url_prefix.to_s
     end
+    # The encrypted data bag secret for this connection.
+    #
+    # @raise [Ridley::Errors::EncryptedDataBagSecretNotFound]
+    #
+    # @return [String, nil]
+    def encrypted_data_bag_secret
+      return nil if encrypted_data_bag_secret_path.nil?
+      IO.read(encrypted_data_bag_secret_path).chomp
+    rescue Errno::ENOENT => e
+      raise Errors::EncryptedDataBagSecretNotFound, "Encrypted data bag secret provided but not found at '#{encrypted_data_bag_secret_path}'"
+    end
     private
       attr_reader :conn

data/lib/ridley/resources/data_bag.rb CHANGED Viewed

@@ -4,19 +4,23 @@ module Ridley
   class DBIChainLink
     attr_reader :data_bag
     attr_reader :connection
+    attr_reader :klass
     # @param [Ridley::DataBag] data_bag
-    def initialize(data_bag, connection)
+    def initialize(data_bag, connection, options = {})
+      options[:encrypted] ||= false
       @data_bag = data_bag
       @connection = connection
+      @klass = options[:encrypted] ? Ridley::EncryptedDataBagItem : Ridley::DataBagItem
     end
     def new(*args)
-      Ridley::DataBagItem.send(:new, connection, data_bag, *args)
+      klass.send(:new, connection, data_bag, *args)
     end
     def method_missing(fun, *args, &block)
-      Ridley::DataBagItem.send(fun, connection, data_bag, *args, &block)
+      klass.send(fun, connection, data_bag, *args, &block)
     end
   end
@@ -56,7 +60,11 @@ module Ridley
     validates_presence_of :name
     def item
-      @dbi_link ||= DBIChainLink.new(self, connection)
+      DBIChainLink.new(self, connection)
+    end
+    def encrypted_item
+      DBIChainLink.new(self, connection, encrypted: true)
     end
   end

data/lib/ridley/resources/data_bag_item.rb CHANGED Viewed

@@ -164,6 +164,25 @@ module Ridley
       true
     end
+    # Decrypts this data bag item.
+    #
+    # @return [Hash] decrypted attributes
+    def decrypt
+      decrypted_hash = Hash[attributes.map { |key, value| [key, decrypt_value(value)] }]
+      self.attributes = HashWithIndifferentAccess.new(decrypted_hash)
+    end
+    def decrypt_value(value)
+      decoded_value = Base64.decode64(value)
+      cipher = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
+      cipher.decrypt
+      cipher.pkcs5_keyivgen(connection.encrypted_data_bag_secret)
+      decrypted_value = cipher.update(decoded_value) + cipher.final
+      YAML.load(decrypted_value)
+    end
     # @param [#to_hash] hash
     #
     # @return [Object]

data/lib/ridley/resources/encrypted_data_bag_item.rb ADDED Viewed

@@ -0,0 +1,54 @@
+module Ridley
+  class EncryptedDataBagItem
+    class << self
+      # Finds a data bag item and decrypts it.
+      #
+      # @param [Ridley::Connection] connection
+      # @param [Ridley::DataBag] data_bag
+      # @param [String, #chef_id] object
+      #
+      # @return [nil, Ridley::DataBagItem]
+      def find(connection, data_bag, object)
+        find!(connection, data_bag, object)
+      rescue Errors::HTTPNotFound
+        nil
+      end
+      # Finds a data bag item and decrypts it. Throws an exception if the item doesn't exist.
+      #
+      # @param [Ridley::Connection] connection
+      # @param [Ridley::DataBag] data_bag
+      # @param [String, #chef_id] object
+      #
+      # @raise [Errors::HTTPNotFound]
+      #   if a resource with the given chef_id is not found
+      #
+      # @return [nil, Ridley::DataBagItem]
+      def find!(connection, data_bag, object)
+        data_bag_item = DataBagItem.find!(connection, data_bag, object)
+        data_bag_item.decrypt
+        new(connection, data_bag, data_bag_item.attributes)
+      end
+    end
+    attr_reader :data_bag
+    attr_reader :attributes
+    # @param [Ridley::Connection] connection
+    # @param [Ridley::DataBag] data_bag
+    # @param [#to_hash] attributes
+    def initialize(connection, data_bag, attributes = {})
+      @connection = connection
+      @data_bag = data_bag
+      @attributes = attributes
+    end
+    def to_s
+      self.attributes
+    end
+    private
+      attr_reader :connection
+  end
+end

data/lib/ridley/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Ridley
-  VERSION = "0.4.1"
+  VERSION = "0.5.0"
 end

data/spec/fixtures/encrypted_data_bag_secret ADDED Viewed

@@ -0,0 +1 @@

+ NTE5C5gzbe3F7fGBlrT/YTuMQuHlxaOWhY81KsgYXJ0mzDsDMFvCpfi4CUXu5M7n/Umgsf8jdHw/IIkJLZcXgk+Ll75kDU/VI5FyRzib0U0SX4JB8JLM7wRFgRpuk3GD27LnYR1APmLncE7R6ZSJc6iaFHcEL2MdR+hv0nhUZPUqITxYHyrYvqNSfroyxldQ/cvnrIMBS8JrpjIsLdYhcgL6mPJiakl4fM36cFk6Wl2Mxw7vOvGXRSR5l+t42pGDhtOjE3os5reLVoWkYoiQ1fpx3NrOdxsVuz17+3jMLBlmni2SGf2wncui2r9PqCrVbUbaCi6aNV1+SRbeh5kxBxjWSzw59BNXtna4vSK6hFPsT6tfXlOi67Q2vwjjAqltAVStGas/VZyU7DRzxMkbnPPtue+7Pajqe/TfSNWA5SX2cHtkG2X3EqZ8ftOa9p+b/VJlUnnnV2ilVfgjCW2q6XXMbC0C5yIbrDZm+aCJyhueA0j+ZHWM4k07OAuB7FRcuJJBs8H2StEx2o22OdAYUBcN5PRGlOAEBemL+sZAztbex2NjjOYV90806UFvSJLPixVWJgDTSA5OvXtNvUQYDYSGRQ/BmH86aA5gJ60AM9vEVB0BfPi946m9D4LZ/2uK6fqq3zVIV1s0EgfYHYUVz0oaf3srofc5YUAP3Ge/VLE=

data/spec/unit/ridley/connection_spec.rb CHANGED Viewed

@@ -5,13 +5,15 @@ describe Ridley::Connection do
   let(:client_name) { "reset" }
   let(:client_key) { fixtures_path.join("reset.pem").to_s }
   let(:organization) { "vialstudios" }
+  let(:encrypted_data_bag_secret_path) { fixtures_path.join("reset.pem").to_s }
   let(:config) do
     {
       server_url: server_url,
       client_name: client_name,
       client_key: client_key,
-      organization: organization
+      organization: organization,
+      encrypted_data_bag_secret_path: encrypted_data_bag_secret_path
     }
   end
@@ -195,4 +197,32 @@ describe Ridley::Connection do
       end
     end
   end
+  describe "#encrypted_data_bag_secret" do
+    it "returns a string" do
+      subject.encrypted_data_bag_secret.should be_a(String)
+    end
+    context "when a encrypted_data_bag_secret_path is not provided" do
+      before(:each) do
+        subject.stub(:encrypted_data_bag_secret_path) { nil }
+      end
+      it "returns nil" do
+        subject.encrypted_data_bag_secret.should be_nil
+      end
+    end
+    context "when the file is not found at the given encrypted_data_bag_secret_path" do
+      before(:each) do
+        subject.stub(:encrypted_data_bag_secret_path) { fixtures_path.join("not.txt").to_s }
+      end
+      it "raises an EncryptedDataBagSecretNotFound erorr" do
+        lambda {
+          subject.encrypted_data_bag_secret
+        }.should raise_error(Ridley::Errors::EncryptedDataBagSecretNotFound)
+      end
+    end
+  end
 end

data/spec/unit/ridley/resources/data_bag_item_spec.rb CHANGED Viewed

@@ -39,4 +39,15 @@ describe Ridley::DataBagItem do
       end
     end
   end
+  describe "#decrypt" do
+    it "decrypts an encrypted item" do
+      encrypted_data_bag_secret = File.read(fixtures_path.join("encrypted_data_bag_secret").to_s)
+      connection.stub(:encrypted_data_bag_secret).and_return(encrypted_data_bag_secret)
+      subject.attributes[:test] = "Xk0E8lV9r4BhZzcg4wal0X4w9ZexN3azxMjZ9r1MCZc="
+      subject.decrypt
+      subject.attributes[:test][:database][:username].should == "test"
+    end
+  end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ridley
 version: !ruby/object:Gem::Version
-  version: 0.4.1
+  version: 0.5.0
   prerelease:
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-11-07 00:00:00.000000000 Z
+date: 2012-11-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json
@@ -237,6 +237,7 @@ files:
 - lib/ridley/resources/cookbook.rb
 - lib/ridley/resources/data_bag.rb
 - lib/ridley/resources/data_bag_item.rb
+- lib/ridley/resources/encrypted_data_bag_item.rb
 - lib/ridley/resources/environment.rb
 - lib/ridley/resources/node.rb
 - lib/ridley/resources/role.rb
@@ -258,6 +259,7 @@ files:
 - spec/acceptance/role_resource_spec.rb
 - spec/acceptance/sandbox_resource_spec.rb
 - spec/acceptance/search_resource_spec.rb
+- spec/fixtures/encrypted_data_bag_secret
 - spec/fixtures/recipe_one.rb
 - spec/fixtures/recipe_two.rb
 - spec/fixtures/reset.pem
@@ -303,7 +305,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -2376654314041873047
+      hash: -1699037666768544565
 requirements: []
 rubyforge_project:
 rubygems_version: 1.8.23
@@ -321,6 +323,7 @@ test_files:
 - spec/acceptance/role_resource_spec.rb
 - spec/acceptance/sandbox_resource_spec.rb
 - spec/acceptance/search_resource_spec.rb
+- spec/fixtures/encrypted_data_bag_secret
 - spec/fixtures/recipe_one.rb
 - spec/fixtures/recipe_two.rb
 - spec/fixtures/reset.pem