secure_data_bag 2.0.4 → 2.0.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/lib/chef/dsl/data_query.rb +14 -7
  3. data/lib/chef/knife/secure_bag_base.rb +1 -3
  4. data/lib/chef/knife/secure_bag_edit.rb +3 -3
  5. data/lib/secure_data_bag/secure_data_bag_item.rb +40 -57
  6. data/lib/secure_data_bag/version.rb +1 -1
  7. data/secure_data_bag.gemspec +0 -1
  8. metadata +16 -29
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 5c12099bd9de1dda5011734704f397022b720870
4
- data.tar.gz: 52a927d0976bc275341a3427b96731ef6d6e044a
3
+ metadata.gz: 522b8fe343d5737a23a7aaf50782a1e0f4bd968e
4
+ data.tar.gz: c2a238e518368f46d30118707b71bb22092cdb9f
5
5
  SHA512:
6
- metadata.gz: a87e3397134cf0f2b59ed7cec40d5b1af67e535e06c7455b6886a4977ad150047168bb10a08966525101c8005b6122e8652c8321650e6ab1e077123069d5ab04
7
- data.tar.gz: d2a407dcdee44011752c6fb46ea1c383aa1ced91821171d4f420d5af3c300a92de446faa13ac5cac9781190c5a6d970d9712d3a4e1f8e56ab71da9838813674d
6
+ metadata.gz: 6d7669cef00a0f2b610e02c270c947e2e3d6ee4de1c6a314bee2e1c2e4486f4483ee0303afabfc39de444d62959a46fd6dfc92a7ef31b698d59307aab1a42c90
7
+ data.tar.gz: b679cb3217f193b905c599121cd2fa7030a6ade4d678f195ca5973fe08945c88379a75fb01ff503b4ce3fa82a8739c70f1b741e47fa3490b7efde6fc2d95cdd6
data/lib/chef/dsl/data_query.rb CHANGED
@@ -2,13 +2,20 @@
2
2
  class Chef
3
3
  module DSL
4
4
  module DataQuery
5
- def secure_data_bag_item(bag, item)
6
- DataBag.validate_name!(bag.to_s)
7
- SecureDataBag::Item.validate_id!(item)
8
- SecureDataBag::Item.load(bag, item)
9
- rescue Exception
10
- Log.error("Failed to load secure data bag item: #{bag.inspect} #{item.inspect}")
11
- raise
5
+ def secure_data_bag_item(bag, item, cache: false)
6
+ data_bag_item = begin
7
+ node.run_state[:secure_data_bag][bag] || {}
8
+ node.run_state[:secure_bag_item][bag][item]
9
+ end if cache
10
+
11
+ data_bag_item ||= begin
12
+ DataBag.validate_name!(bag.to_s)
13
+ SecureDataBag::Item.validate_id!(item)
14
+ SecureDataBag::Item.load(bag, item)
15
+ rescue Exception
16
+ Log.error("Failed to load secure data bag item: #{bag.inspect} #{item.inspect}")
17
+ raise
18
+ end
12
19
  end
13
20
 
14
21
  def secure_data_bag_item!(item, fields=[])
data/lib/chef/knife/secure_bag_base.rb CHANGED
@@ -39,9 +39,7 @@ class Chef
39
39
  end
40
40
 
41
41
  def secret_file
42
- config[:secret] ||
43
- Chef::Config[:knife][:secure_data_bag][:secret_file] ||
44
- Chef::Config[:encrypted_data_bag_secret]
42
+ config[:secret] || SecureDataBag::Item.secret_path
45
43
  end
46
44
 
47
45
  def use_encryption
data/lib/chef/knife/secure_bag_edit.rb CHANGED
@@ -14,17 +14,17 @@ class Chef
14
14
  item = Chef::DataBagItem.load(bag, item_name)
15
15
  @raw_data = item.to_hash
16
16
 
17
- item = SecureDataBag::Item.from_item(item, key:read_secret)
17
+ item = SecureDataBag::Item.from_item(item)
18
18
  hash = item.to_hash(encoded: false)
19
19
  hash = data_for_edit(hash)
20
20
  hash
21
21
  end
22
22
 
23
- def edit_item(item)
23
+ def edit_data(data, *args)
24
24
  output = super
25
25
  output = data_for_save(output)
26
26
 
27
- item = SecureDataBag::Item.from_hash(output, key:read_secret)
27
+ item = SecureDataBag::Item.from_hash(output)
28
28
  item.encoded_fields encoded_fields
29
29
  item.to_hash encoded:true
30
30
  end
data/lib/secure_data_bag/secure_data_bag_item.rb CHANGED
@@ -1,6 +1,7 @@
1
1
 
2
2
  require 'open-uri'
3
3
  require 'chef/data_bag_item'
4
+ require 'chef/encrypted_data_bag_item'
4
5
  require 'chef/encrypted_data_bag_item/encryptor'
5
6
  require 'chef/encrypted_data_bag_item/decryptor'
6
7
 
@@ -15,71 +16,53 @@ module SecureDataBag
15
16
 
16
17
  class Item < Chef::DataBagItem
17
18
  def initialize(opts={})
18
- super()
19
-
20
- @secret = Chef::Config[:encrypted_data_bag_secret]
21
- @key = opts[:key]
22
-
23
- unless opts[:data].nil?
24
- self.raw_data = opts[:data]
19
+ # Chef 12.3 introduced the new option
20
+ begin super(chef_server_rest: opts.delete(:chef_server_rest))
21
+ rescue ArgumentError; super()
25
22
  end
26
23
 
27
- encoded_fields(
28
- opts[:fields] ||
29
- Chef::Config[:knife][:secure_data_bag][:fields] ||
30
- ["password"]
31
- )
24
+ secret_path opts[:secret_path] if opts[:secret_path]
25
+ secret opts[:secret] if opts[:secret]
26
+ encoded_fields opts[:fields] if opts[:fields]
27
+
28
+ self.raw_data = opts[:data] if opts[:data]
29
+ self
32
30
  end
33
31
 
34
32
  #
35
- # Methods for encryption key
33
+ # Path to encryption key file
36
34
  #
35
+ def secret_path(arg=nil)
36
+ set_or_return :secret_path, arg,
37
+ kind_of: String,
38
+ default: self.class.secret_path
39
+ end
37
40
 
38
- def secret(arg=nil)
39
- set_or_return(:secret, arg, kind_of: String)
41
+ def self.secret_path(arg=nil)
42
+ arg ||
43
+ Chef::Config[:knife][:secure_data_bag][:secret_file] ||
44
+ Chef::Config[:encrypted_data_bag_secret]
40
45
  end
41
46
 
42
- def key(arg=nil)
43
- @key = arg unless arg.nil?
44
- @key ||= load_key
47
+ #
48
+ # Content of encryption secret
49
+ #
50
+ def secret(arg=nil)
51
+ @secret = arg unless arg.nil?
52
+ @secret ||= load_secret
45
53
  end
46
54
 
47
- def load_key
48
- @key = self.class.load_secret(secret)
55
+ def load_secret
56
+ @secret = self.class.load_secret(secret_path)
49
57
  end
50
58
 
51
59
  def self.load_secret(path=nil)
52
- path ||=
53
- Chef::Config[:knife][:secure_data_bag][:secret_file] ||
54
- Chef::Config[:encrypted_data_bag_secret]
55
-
56
- unless path
57
- raise ArgumentError, "No secret specified and no secret found."
58
- end
59
-
60
- key = case path
61
- when /^\w+:\/\// # Remove key
62
- begin
63
- Kernel.open(path).read.strip
64
- rescue Errno::ECONNREFUSED
65
- raise ArgumentError, "Remove key not available from '#{path}'"
66
- rescue OpenURI::HTTPError
67
- raise ArgumentError, "Remove key not found at '#{path}'"
68
- end
69
- else
70
- unless File.exist?(path)
71
- raise Errno::ENOENT, "file not found '#{path}'"
72
- end
73
- IO.read(path).strip
74
- end
75
-
76
- if key.size < 1
77
- raise ArgumentError, "invalid zero length path in '#{path}'"
78
- end
79
-
80
- key
60
+ Chef::EncryptedDataBagItem.load_secret(secret_path(path))
81
61
  end
82
62
 
63
+ #
64
+ # Fetch databag item via DataBagItem and then optionally decrypt
65
+ #
83
66
  def self.load(data_bag, name, opts={})
84
67
  data = super(data_bag, name)
85
68
  new(opts.merge(data:data.to_hash))
@@ -92,7 +75,6 @@ module SecureDataBag
92
75
  # - ensure the data has the encryption hash
93
76
  # - decode the data
94
77
  #
95
-
96
78
  def raw_data=(data)
97
79
  data = Mash.new(data)
98
80
  super(data)
@@ -102,16 +84,17 @@ module SecureDataBag
102
84
  #
103
85
  # Fields we wish to encode
104
86
  #
105
-
106
87
  def encoded_fields(arg=nil)
107
88
  arg = arg.uniq if arg.is_a?(Array)
108
- set_or_return(:encoded_fields, arg, kind_of: Array, default:[]).uniq
89
+ set_or_return(:encoded_fields, arg,
90
+ kind_of: Array,
91
+ default: Chef::Config[:knife][:secure_data_bag][:fields]
92
+ ).uniq
109
93
  end
110
94
 
111
95
  #
112
96
  # Raw Data decoder methods
113
97
  #
114
-
115
98
  def decode_data!
116
99
  @raw_data = decoded_data
117
100
  @raw_data
@@ -135,7 +118,8 @@ module SecureDataBag
135
118
  end
136
119
 
137
120
  def decode_value(value)
138
- Chef::EncryptedDataBagItem::Decryptor.for(value, key).for_decrypted_item
121
+ Chef::EncryptedDataBagItem::Decryptor.
122
+ for(value, secret).for_decrypted_item
139
123
  end
140
124
 
141
125
  def encoded_value?(value)
@@ -145,7 +129,6 @@ module SecureDataBag
145
129
  #
146
130
  # Raw Data encoded methods
147
131
  #
148
-
149
132
  def encode_data!
150
133
  @raw_data = encoded_data
151
134
  @raw_data
@@ -167,13 +150,13 @@ module SecureDataBag
167
150
  end
168
151
 
169
152
  def encode_value(value)
170
- Chef::EncryptedDataBagItem::Encryptor.new(value, key).for_encrypted_item
153
+ Chef::EncryptedDataBagItem::Encryptor.
154
+ new(value, secret).for_encrypted_item
171
155
  end
172
156
 
173
157
  #
174
158
  # Transitions
175
159
  #
176
-
177
160
  def self.from_hash(h, opts={})
178
161
  item = new(opts.merge(data:h))
179
162
  item
data/lib/secure_data_bag/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
 
2
2
  module SecureDataBag
3
- VERSION = "2.0.4"
3
+ VERSION = "2.0.5"
4
4
  end
5
5
 
data/secure_data_bag.gemspec CHANGED
@@ -23,5 +23,4 @@ Gem::Specification.new do |spec|
23
23
  spec.add_development_dependency "bundler", "~> 1.6"
24
24
  spec.add_development_dependency "rake"
25
25
  spec.add_development_dependency "rspec"
26
- spec.add_development_dependency "chef"
27
26
  end
metadata CHANGED
@@ -1,83 +1,69 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: secure_data_bag
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.4
4
+ version: 2.0.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jonathan Serafini
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-10-24 00:00:00.000000000 Z
11
+ date: 2015-05-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: chef
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - '>='
17
+ - - ">="
18
18
  - !ruby/object:Gem::Version
19
19
  version: '0'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
- - - '>='
24
+ - - ">="
25
25
  - !ruby/object:Gem::Version
26
26
  version: '0'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: bundler
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
- - - ~>
31
+ - - "~>"
32
32
  - !ruby/object:Gem::Version
33
33
  version: '1.6'
34
34
  type: :development
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
- - - ~>
38
+ - - "~>"
39
39
  - !ruby/object:Gem::Version
40
40
  version: '1.6'
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: rake
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - '>='
45
+ - - ">="
46
46
  - !ruby/object:Gem::Version
47
47
  version: '0'
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
- - - '>='
52
+ - - ">="
53
53
  - !ruby/object:Gem::Version
54
54
  version: '0'
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: rspec
57
57
  requirement: !ruby/object:Gem::Requirement
58
58
  requirements:
59
- - - '>='
59
+ - - ">="
60
60
  - !ruby/object:Gem::Version
61
61
  version: '0'
62
62
  type: :development
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
- - - '>='
67
- - !ruby/object:Gem::Version
68
- version: '0'
69
- - !ruby/object:Gem::Dependency
70
- name: chef
71
- requirement: !ruby/object:Gem::Requirement
72
- requirements:
73
- - - '>='
74
- - !ruby/object:Gem::Version
75
- version: '0'
76
- type: :development
77
- prerelease: false
78
- version_requirements: !ruby/object:Gem::Requirement
79
- requirements:
80
- - - '>='
66
+ - - ">="
81
67
  - !ruby/object:Gem::Version
82
68
  version: '0'
83
69
  description: Provides a mechanism to partially encrypt data bag items and therefore
@@ -88,8 +74,8 @@ executables: []
88
74
  extensions: []
89
75
  extra_rdoc_files: []
90
76
  files:
91
- - .gitignore
92
- - .rspec
77
+ - ".gitignore"
78
+ - ".rspec"
93
79
  - Gemfile
94
80
  - LICENSE.txt
95
81
  - README.md
@@ -117,20 +103,21 @@ require_paths:
117
103
  - lib
118
104
  required_ruby_version: !ruby/object:Gem::Requirement
119
105
  requirements:
120
- - - '>='
106
+ - - ">="
121
107
  - !ruby/object:Gem::Version
122
108
  version: '0'
123
109
  required_rubygems_version: !ruby/object:Gem::Requirement
124
110
  requirements:
125
- - - '>='
111
+ - - ">="
126
112
  - !ruby/object:Gem::Version
127
113
  version: '0'
128
114
  requirements: []
129
115
  rubyforge_project:
130
- rubygems_version: 2.1.11
116
+ rubygems_version: 2.4.5
131
117
  signing_key:
132
118
  specification_version: 4
133
119
  summary: Per-field data bag item encryption
134
120
  test_files:
135
121
  - spec/item_spec.rb
136
122
  - spec/spec_helper.rb
123
+ has_rdoc: