RubyGems - secure_data_bag - Versions diffs - 2.0.4 → 2.0.5 - Mend

secure_data_bag 2.0.4 → 2.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/lib/chef/dsl/data_query.rb +14 -7
data/lib/chef/knife/secure_bag_base.rb +1 -3
data/lib/chef/knife/secure_bag_edit.rb +3 -3
data/lib/secure_data_bag/secure_data_bag_item.rb +40 -57
data/lib/secure_data_bag/version.rb +1 -1
data/secure_data_bag.gemspec +0 -1
metadata +16 -29

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5c12099bd9de1dda5011734704f397022b720870
-  data.tar.gz: 52a927d0976bc275341a3427b96731ef6d6e044a
+  metadata.gz: 522b8fe343d5737a23a7aaf50782a1e0f4bd968e
+  data.tar.gz: c2a238e518368f46d30118707b71bb22092cdb9f
 SHA512:
-  metadata.gz: a87e3397134cf0f2b59ed7cec40d5b1af67e535e06c7455b6886a4977ad150047168bb10a08966525101c8005b6122e8652c8321650e6ab1e077123069d5ab04
-  data.tar.gz: d2a407dcdee44011752c6fb46ea1c383aa1ced91821171d4f420d5af3c300a92de446faa13ac5cac9781190c5a6d970d9712d3a4e1f8e56ab71da9838813674d
+  metadata.gz: 6d7669cef00a0f2b610e02c270c947e2e3d6ee4de1c6a314bee2e1c2e4486f4483ee0303afabfc39de444d62959a46fd6dfc92a7ef31b698d59307aab1a42c90
+  data.tar.gz: b679cb3217f193b905c599121cd2fa7030a6ade4d678f195ca5973fe08945c88379a75fb01ff503b4ce3fa82a8739c70f1b741e47fa3490b7efde6fc2d95cdd6

data/lib/chef/dsl/data_query.rb CHANGED Viewed

@@ -2,13 +2,20 @@
 class Chef
   module DSL
     module DataQuery
-      def secure_data_bag_item(bag, item)
-        DataBag.validate_name!(bag.to_s)
-        SecureDataBag::Item.validate_id!(item)
-        SecureDataBag::Item.load(bag, item)
-      rescue Exception
-        Log.error("Failed to load secure data bag item: #{bag.inspect} #{item.inspect}")
-        raise
+      def secure_data_bag_item(bag, item, cache: false)
+        data_bag_item = begin
+          node.run_state[:secure_data_bag][bag] || {}
+          node.run_state[:secure_bag_item][bag][item]
+        end if cache
+        data_bag_item ||= begin
+          DataBag.validate_name!(bag.to_s)
+          SecureDataBag::Item.validate_id!(item)
+          SecureDataBag::Item.load(bag, item)
+        rescue Exception
+          Log.error("Failed to load secure data bag item: #{bag.inspect} #{item.inspect}")
+          raise
+        end
       end
       def secure_data_bag_item!(item, fields=[])

data/lib/chef/knife/secure_bag_base.rb CHANGED Viewed

@@ -39,9 +39,7 @@ class Chef
       end
       def secret_file
-        config[:secret] ||
-          Chef::Config[:knife][:secure_data_bag][:secret_file] ||
-          Chef::Config[:encrypted_data_bag_secret]
+        config[:secret] || SecureDataBag::Item.secret_path
       end
       def use_encryption

data/lib/chef/knife/secure_bag_edit.rb CHANGED Viewed

@@ -14,17 +14,17 @@ class Chef
         item = Chef::DataBagItem.load(bag, item_name)
         @raw_data = item.to_hash
-        item = SecureDataBag::Item.from_item(item, key:read_secret)
+        item = SecureDataBag::Item.from_item(item)
         hash = item.to_hash(encoded: false)
         hash = data_for_edit(hash)
         hash
       end
-      def edit_item(item)
+      def edit_data(data, *args)
         output = super
         output = data_for_save(output)
-        item = SecureDataBag::Item.from_hash(output, key:read_secret)
+        item = SecureDataBag::Item.from_hash(output)
         item.encoded_fields encoded_fields
         item.to_hash encoded:true
       end

data/lib/secure_data_bag/secure_data_bag_item.rb CHANGED Viewed

@@ -1,6 +1,7 @@
 require 'open-uri'
 require 'chef/data_bag_item'
+require 'chef/encrypted_data_bag_item'
 require 'chef/encrypted_data_bag_item/encryptor'
 require 'chef/encrypted_data_bag_item/decryptor'
@@ -15,71 +16,53 @@ module SecureDataBag
   class Item < Chef::DataBagItem
     def initialize(opts={})
-      super()
-      @secret = Chef::Config[:encrypted_data_bag_secret]
-      @key = opts[:key]
-      unless opts[:data].nil?
-        self.raw_data = opts[:data]
+      # Chef 12.3 introduced the new option
+      begin super(chef_server_rest: opts.delete(:chef_server_rest))
+      rescue ArgumentError; super()
       end
-      encoded_fields(
-        opts[:fields] ||
-        Chef::Config[:knife][:secure_data_bag][:fields] ||
-        ["password"]
-      )
+      secret_path     opts[:secret_path] if opts[:secret_path]
+      secret          opts[:secret] if opts[:secret]
+      encoded_fields  opts[:fields] if opts[:fields]
+      self.raw_data = opts[:data] if opts[:data]
+      self
     end
     #
-    # Methods for encryption key
+    # Path to encryption key file
     #
+    def secret_path(arg=nil)
+      set_or_return :secret_path, arg,
+        kind_of: String,
+        default: self.class.secret_path
+    end
-    def secret(arg=nil)
-      set_or_return(:secret, arg, kind_of: String)
+    def self.secret_path(arg=nil)
+      arg ||
+      Chef::Config[:knife][:secure_data_bag][:secret_file] ||
+      Chef::Config[:encrypted_data_bag_secret]
     end
-    def key(arg=nil)
-      @key = arg unless arg.nil?
-      @key ||= load_key
+    #
+    # Content of encryption secret
+    #
+    def secret(arg=nil)
+      @secret = arg unless arg.nil?
+      @secret ||= load_secret
     end
-    def load_key
-      @key = self.class.load_secret(secret)
+    def load_secret
+      @secret = self.class.load_secret(secret_path)
     end
     def self.load_secret(path=nil)
-      path ||=
-        Chef::Config[:knife][:secure_data_bag][:secret_file] ||
-        Chef::Config[:encrypted_data_bag_secret]
-      unless path
-       raise ArgumentError, "No secret specified and no secret found."
-      end
-      key = case path
-            when /^\w+:\/\// # Remove key
-              begin
-                Kernel.open(path).read.strip
-              rescue Errno::ECONNREFUSED
-                raise ArgumentError, "Remove key not available from '#{path}'"
-              rescue OpenURI::HTTPError
-                raise ArgumentError, "Remove key not found at '#{path}'"
-              end
-            else
-              unless File.exist?(path)
-                raise Errno::ENOENT, "file not found '#{path}'"
-              end
-              IO.read(path).strip
-            end
-      if key.size < 1
-        raise ArgumentError, "invalid zero length path in '#{path}'"
-      end
-      key
+      Chef::EncryptedDataBagItem.load_secret(secret_path(path))
     end
+    #
+    # Fetch databag item via DataBagItem and then optionally decrypt
+    #
     def self.load(data_bag, name, opts={})
       data = super(data_bag, name)
       new(opts.merge(data:data.to_hash))
@@ -92,7 +75,6 @@ module SecureDataBag
     # - ensure the data has the encryption hash
     # - decode the data
     #
     def raw_data=(data)
       data = Mash.new(data)
       super(data)
@@ -102,16 +84,17 @@ module SecureDataBag
     #
     # Fields we wish to encode
     #
     def encoded_fields(arg=nil)
       arg = arg.uniq if arg.is_a?(Array)
-      set_or_return(:encoded_fields, arg, kind_of: Array, default:[]).uniq
+      set_or_return(:encoded_fields, arg,
+        kind_of: Array,
+        default: Chef::Config[:knife][:secure_data_bag][:fields]
+      ).uniq
     end
     #
     # Raw Data decoder methods
     #
     def decode_data!
       @raw_data = decoded_data
       @raw_data
@@ -135,7 +118,8 @@ module SecureDataBag
     end
     def decode_value(value)
-      Chef::EncryptedDataBagItem::Decryptor.for(value, key).for_decrypted_item
+      Chef::EncryptedDataBagItem::Decryptor.
+        for(value, secret).for_decrypted_item
     end
     def encoded_value?(value)
@@ -145,7 +129,6 @@ module SecureDataBag
     #
     # Raw Data encoded methods
     #
     def encode_data!
       @raw_data = encoded_data
       @raw_data
@@ -167,13 +150,13 @@ module SecureDataBag
     end
     def encode_value(value)
-      Chef::EncryptedDataBagItem::Encryptor.new(value, key).for_encrypted_item
+      Chef::EncryptedDataBagItem::Encryptor.
+        new(value, secret).for_encrypted_item
     end
     #
     # Transitions
     #
     def self.from_hash(h, opts={})
       item = new(opts.merge(data:h))
       item

data/lib/secure_data_bag/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module SecureDataBag
-  VERSION = "2.0.4"
+  VERSION = "2.0.5"
 end

data/secure_data_bag.gemspec CHANGED Viewed

@@ -23,5 +23,4 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "bundler", "~> 1.6"
   spec.add_development_dependency "rake"
   spec.add_development_dependency "rspec"
-  spec.add_development_dependency "chef"
 end

metadata CHANGED Viewed

@@ -1,83 +1,69 @@
 --- !ruby/object:Gem::Specification
 name: secure_data_bag
 version: !ruby/object:Gem::Version
-  version: 2.0.4
+  version: 2.0.5
 platform: ruby
 authors:
 - Jonathan Serafini
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-10-24 00:00:00.000000000 Z
+date: 2015-05-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.6'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.6'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: chef
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: Provides a mechanism to partially encrypt data bag items and therefore
@@ -88,8 +74,8 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .rspec
+- ".gitignore"
+- ".rspec"
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -117,20 +103,21 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.1.11
+rubygems_version: 2.4.5
 signing_key:
 specification_version: 4
 summary: Per-field data bag item encryption
 test_files:
 - spec/item_spec.rb
 - spec/spec_helper.rb
+has_rdoc: