RubyGems - ridley - Versions diffs - 0.4.1 → 0.5.0 - Mend

ridley 0.4.1 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

data/lib/ridley/bootstrapper/context.rb +1 -1
data/lib/ridley/connection.rb +13 -0
data/lib/ridley/resources/data_bag.rb +12 -4
data/lib/ridley/resources/data_bag_item.rb +19 -0
data/lib/ridley/resources/encrypted_data_bag_item.rb +54 -0
data/lib/ridley/version.rb +1 -1
data/spec/fixtures/encrypted_data_bag_secret +1 -0
data/spec/unit/ridley/connection_spec.rb +31 -1
data/spec/unit/ridley/resources/data_bag_item_spec.rb +11 -0
metadata +6 -3

data/lib/ridley/bootstrapper/context.rb CHANGED Viewed

@@ -151,7 +151,7 @@ CONFIG
         IO.read(encrypted_data_bag_secret_path).chomp
       rescue Errno::ENOENT => encrypted_data_bag_secret
-        raise Errors::EncryptedDataBagSecretNotFound, "Error bootstrapping: Encrypted data bag secret provided but not found at '#{encrypted_data_bag_secret_path}"
+        raise Errors::EncryptedDataBagSecretNotFound, "Error bootstrapping: Encrypted data bag secret provided but not found at '#{encrypted_data_bag_secret_path}'"
       end
       private

data/lib/ridley/connection.rb CHANGED Viewed

@@ -156,6 +156,19 @@ module Ridley
       self.url_prefix.to_s
     end
+    # The encrypted data bag secret for this connection.
+    #
+    # @raise [Ridley::Errors::EncryptedDataBagSecretNotFound]
+    #
+    # @return [String, nil]
+    def encrypted_data_bag_secret
+      return nil if encrypted_data_bag_secret_path.nil?
+      IO.read(encrypted_data_bag_secret_path).chomp
+    rescue Errno::ENOENT => e
+      raise Errors::EncryptedDataBagSecretNotFound, "Encrypted data bag secret provided but not found at '#{encrypted_data_bag_secret_path}'"
+    end
     private
       attr_reader :conn

data/lib/ridley/resources/data_bag.rb CHANGED Viewed

@@ -4,19 +4,23 @@ module Ridley
   class DBIChainLink
     attr_reader :data_bag
     attr_reader :connection
+    attr_reader :klass
     # @param [Ridley::DataBag] data_bag
-    def initialize(data_bag, connection)
+    def initialize(data_bag, connection, options = {})
+      options[:encrypted] ||= false
       @data_bag = data_bag
       @connection = connection
+      @klass = options[:encrypted] ? Ridley::EncryptedDataBagItem : Ridley::DataBagItem
     end
     def new(*args)
-      Ridley::DataBagItem.send(:new, connection, data_bag, *args)
+      klass.send(:new, connection, data_bag, *args)
     end
     def method_missing(fun, *args, &block)
-      Ridley::DataBagItem.send(fun, connection, data_bag, *args, &block)
+      klass.send(fun, connection, data_bag, *args, &block)
     end
   end
@@ -56,7 +60,11 @@ module Ridley
     validates_presence_of :name
     def item
-      @dbi_link ||= DBIChainLink.new(self, connection)
+      DBIChainLink.new(self, connection)
+    end
+    def encrypted_item
+      DBIChainLink.new(self, connection, encrypted: true)
     end
   end

data/lib/ridley/resources/data_bag_item.rb CHANGED Viewed

@@ -164,6 +164,25 @@ module Ridley
       true
     end
+    # Decrypts this data bag item.
+    #
+    # @return [Hash] decrypted attributes
+    def decrypt
+      decrypted_hash = Hash[attributes.map { |key, value| [key, decrypt_value(value)] }]
+      self.attributes = HashWithIndifferentAccess.new(decrypted_hash)
+    end
+    def decrypt_value(value)
+      decoded_value = Base64.decode64(value)
+      cipher = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
+      cipher.decrypt
+      cipher.pkcs5_keyivgen(connection.encrypted_data_bag_secret)
+      decrypted_value = cipher.update(decoded_value) + cipher.final
+      YAML.load(decrypted_value)
+    end
     # @param [#to_hash] hash
     #
     # @return [Object]

data/lib/ridley/resources/encrypted_data_bag_item.rb ADDED Viewed

@@ -0,0 +1,54 @@
+module Ridley
+  class EncryptedDataBagItem
+    class << self
+      # Finds a data bag item and decrypts it.
+      #
+      # @param [Ridley::Connection] connection
+      # @param [Ridley::DataBag] data_bag
+      # @param [String, #chef_id] object
+      #
+      # @return [nil, Ridley::DataBagItem]
+      def find(connection, data_bag, object)
+        find!(connection, data_bag, object)
+      rescue Errors::HTTPNotFound
+        nil
+      end
+      # Finds a data bag item and decrypts it. Throws an exception if the item doesn't exist.
+      #
+      # @param [Ridley::Connection] connection
+      # @param [Ridley::DataBag] data_bag
+      # @param [String, #chef_id] object
+      #
+      # @raise [Errors::HTTPNotFound]
+      #   if a resource with the given chef_id is not found
+      #
+      # @return [nil, Ridley::DataBagItem]
+      def find!(connection, data_bag, object)
+        data_bag_item = DataBagItem.find!(connection, data_bag, object)
+        data_bag_item.decrypt
+        new(connection, data_bag, data_bag_item.attributes)
+      end
+    end
+    attr_reader :data_bag
+    attr_reader :attributes
+    # @param [Ridley::Connection] connection
+    # @param [Ridley::DataBag] data_bag
+    # @param [#to_hash] attributes
+    def initialize(connection, data_bag, attributes = {})
+      @connection = connection
+      @data_bag = data_bag
+      @attributes = attributes
+    end
+    def to_s
+      self.attributes
+    end
+    private
+      attr_reader :connection
+  end
+end

data/lib/ridley/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Ridley
-  VERSION = "0.4.1"
+  VERSION = "0.5.0"
 end

data/spec/fixtures/encrypted_data_bag_secret ADDED Viewed

@@ -0,0 +1 @@

+ NTE5C5gzbe3F7fGBlrT/YTuMQuHlxaOWhY81KsgYXJ0mzDsDMFvCpfi4CUXu5M7n/Umgsf8jdHw/IIkJLZcXgk+Ll75kDU/VI5FyRzib0U0SX4JB8JLM7wRFgRpuk3GD27LnYR1APmLncE7R6ZSJc6iaFHcEL2MdR+hv0nhUZPUqITxYHyrYvqNSfroyxldQ/cvnrIMBS8JrpjIsLdYhcgL6mPJiakl4fM36cFk6Wl2Mxw7vOvGXRSR5l+t42pGDhtOjE3os5reLVoWkYoiQ1fpx3NrOdxsVuz17+3jMLBlmni2SGf2wncui2r9PqCrVbUbaCi6aNV1+SRbeh5kxBxjWSzw59BNXtna4vSK6hFPsT6tfXlOi67Q2vwjjAqltAVStGas/VZyU7DRzxMkbnPPtue+7Pajqe/TfSNWA5SX2cHtkG2X3EqZ8ftOa9p+b/VJlUnnnV2ilVfgjCW2q6XXMbC0C5yIbrDZm+aCJyhueA0j+ZHWM4k07OAuB7FRcuJJBs8H2StEx2o22OdAYUBcN5PRGlOAEBemL+sZAztbex2NjjOYV90806UFvSJLPixVWJgDTSA5OvXtNvUQYDYSGRQ/BmH86aA5gJ60AM9vEVB0BfPi946m9D4LZ/2uK6fqq3zVIV1s0EgfYHYUVz0oaf3srofc5YUAP3Ge/VLE=

data/spec/unit/ridley/connection_spec.rb CHANGED Viewed

@@ -5,13 +5,15 @@ describe Ridley::Connection do
   let(:client_name) { "reset" }
   let(:client_key) { fixtures_path.join("reset.pem").to_s }
   let(:organization) { "vialstudios" }
+  let(:encrypted_data_bag_secret_path) { fixtures_path.join("reset.pem").to_s }
   let(:config) do
     {
       server_url: server_url,
       client_name: client_name,
       client_key: client_key,
-      organization: organization
+      organization: organization,
+      encrypted_data_bag_secret_path: encrypted_data_bag_secret_path
     }
   end
@@ -195,4 +197,32 @@ describe Ridley::Connection do
       end
     end
   end
+  describe "#encrypted_data_bag_secret" do
+    it "returns a string" do
+      subject.encrypted_data_bag_secret.should be_a(String)
+    end
+    context "when a encrypted_data_bag_secret_path is not provided" do
+      before(:each) do
+        subject.stub(:encrypted_data_bag_secret_path) { nil }
+      end
+      it "returns nil" do
+        subject.encrypted_data_bag_secret.should be_nil
+      end
+    end
+    context "when the file is not found at the given encrypted_data_bag_secret_path" do
+      before(:each) do
+        subject.stub(:encrypted_data_bag_secret_path) { fixtures_path.join("not.txt").to_s }
+      end
+      it "raises an EncryptedDataBagSecretNotFound erorr" do
+        lambda {
+          subject.encrypted_data_bag_secret
+        }.should raise_error(Ridley::Errors::EncryptedDataBagSecretNotFound)
+      end
+    end
+  end
 end

data/spec/unit/ridley/resources/data_bag_item_spec.rb CHANGED Viewed

@@ -39,4 +39,15 @@ describe Ridley::DataBagItem do
       end
     end
   end
+  describe "#decrypt" do
+    it "decrypts an encrypted item" do
+      encrypted_data_bag_secret = File.read(fixtures_path.join("encrypted_data_bag_secret").to_s)
+      connection.stub(:encrypted_data_bag_secret).and_return(encrypted_data_bag_secret)
+      subject.attributes[:test] = "Xk0E8lV9r4BhZzcg4wal0X4w9ZexN3azxMjZ9r1MCZc="
+      subject.decrypt
+      subject.attributes[:test][:database][:username].should == "test"
+    end
+  end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ridley
 version: !ruby/object:Gem::Version
-  version: 0.4.1
+  version: 0.5.0
   prerelease:
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-11-07 00:00:00.000000000 Z
+date: 2012-11-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json
@@ -237,6 +237,7 @@ files:
 - lib/ridley/resources/cookbook.rb
 - lib/ridley/resources/data_bag.rb
 - lib/ridley/resources/data_bag_item.rb
+- lib/ridley/resources/encrypted_data_bag_item.rb
 - lib/ridley/resources/environment.rb
 - lib/ridley/resources/node.rb
 - lib/ridley/resources/role.rb
@@ -258,6 +259,7 @@ files:
 - spec/acceptance/role_resource_spec.rb
 - spec/acceptance/sandbox_resource_spec.rb
 - spec/acceptance/search_resource_spec.rb
+- spec/fixtures/encrypted_data_bag_secret
 - spec/fixtures/recipe_one.rb
 - spec/fixtures/recipe_two.rb
 - spec/fixtures/reset.pem
@@ -303,7 +305,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -2376654314041873047
+      hash: -1699037666768544565
 requirements: []
 rubyforge_project:
 rubygems_version: 1.8.23
@@ -321,6 +323,7 @@ test_files:
 - spec/acceptance/role_resource_spec.rb
 - spec/acceptance/sandbox_resource_spec.rb
 - spec/acceptance/search_resource_spec.rb
+- spec/fixtures/encrypted_data_bag_secret
 - spec/fixtures/recipe_one.rb
 - spec/fixtures/recipe_two.rb
 - spec/fixtures/reset.pem