secure_data_bag 2.0.5 → 2.0.6

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +1 -2
  3. data/lib/chef/knife/secure_bag_base.rb +13 -21
  4. data/lib/chef/knife/secure_bag_edit.rb +3 -2
  5. data/lib/chef/knife/secure_bag_from_file.rb +7 -10
  6. data/lib/chef/knife/secure_bag_show.rb +3 -6
  7. data/lib/secure_data_bag/secure_data_bag_item.rb +9 -7
  8. data/lib/secure_data_bag/version.rb +1 -1
  9. metadata +1 -2
  10. data/lib/chef/knife/secure_bag_create.rb +0 -65
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 522b8fe343d5737a23a7aaf50782a1e0f4bd968e
4
- data.tar.gz: c2a238e518368f46d30118707b71bb22092cdb9f
3
+ metadata.gz: b133e4df759b1b058628bd387f4a4566be99d622
4
+ data.tar.gz: 21f1b95ca23250d77797e0e19c5d37f24c32d44d
5
5
  SHA512:
6
- metadata.gz: 6d7669cef00a0f2b610e02c270c947e2e3d6ee4de1c6a314bee2e1c2e4486f4483ee0303afabfc39de444d62959a46fd6dfc92a7ef31b698d59307aab1a42c90
7
- data.tar.gz: b679cb3217f193b905c599121cd2fa7030a6ade4d678f195ca5973fe08945c88379a75fb01ff503b4ce3fa82a8739c70f1b741e47fa3490b7efde6fc2d95cdd6
6
+ metadata.gz: f78a72b2f5cf9fbef6598dc3eb4e5abe6d607ddbf6dbcf9d985067cd29751e3dd287009844456fcc4e84e589ecaa91227d5cfd4b78a7084c6ac122a252608d90
7
+ data.tar.gz: ea726ff84786d71b9344a36786b372c5aeb81161a8802077e19a7b68cf658aa05d51fd4216443aa93a73bb781000342bebdab8bea61b40ccdee87cca7a76a923
data/README.md CHANGED
@@ -55,12 +55,11 @@ SecureDataBagItem is also built on Mash rather than Hash so you'll find it more
55
55
  }
56
56
  ```
57
57
 
58
- A few knife commands are also provided which allow you to create / edit / show / from file any DataBagItem or EncryptedDataBagItem and convert them to SecureDataBag::Item format.
58
+ A few knife commands are also provided which allow you to edit / show / from file any DataBagItem or EncryptedDataBagItem and convert them to SecureDataBag::Item format.
59
59
 
60
60
  ```
61
61
  knife secure bag --help
62
62
  ** SECURE BAG COMMANDS **
63
- knife secure bag create BAG [ITEM] (options)
64
63
  knife secure bag edit BAG [ITEM] (options)
65
64
  knife secure bag from file BAG FILE|FLDR [FILE|FLDR] (options)
66
65
  knife secure bag show BAG [ITEM] (options)
data/lib/chef/knife/secure_bag_base.rb CHANGED
@@ -13,33 +13,31 @@ class Chef
13
13
  option :secret,
14
14
  short: "-s SECRET",
15
15
  long: "--secret",
16
- description: "The secret key to use to encrypt data bag item values",
17
- proc: Proc.new { |s| Chef::Config[:knife][:secret] = s }
16
+ description: "The secret key to use to encrypt data bag item values"
18
17
 
19
18
  option :secret_file,
20
19
  long: "--secret-file SECRET_FILE",
21
- description: "A file containing a secret key to use to encrypt data bag item values",
22
- proc: Proc.new { |sf|
23
- Chef::Config[:encrypted_data_bag_secret] = sf
24
- }
20
+ description: "A file containing a secret key to use to encrypt data bag item values"
25
21
 
26
- option :secure_data_bag_fields,
22
+ option :encoded_fields,
27
23
  long: "--encoded-fields FIELD1,FIELD2,FIELD3",
28
24
  description: "List of attribute keys for which to encode values",
29
- proc: Proc.new { |o|
30
- Chef::Config[:knife][:secure_data_bag][:fields] = o.split(",")
31
- }
25
+ proc: Proc.new { |s| s.split(',') }
32
26
  end
33
27
  end
34
28
 
35
- def encoded_fields(arg=nil)
36
- config[:secure_data_bag_fields] = arg unless arg.nil?
37
- config[:secure_data_bag_fields] ||
29
+ def encoded_fields
30
+ config[:encoded_fields] ||
38
31
  Chef::Config[:knife][:secure_data_bag][:fields]
39
32
  end
40
33
 
41
34
  def secret_file
42
- config[:secret] || SecureDataBag::Item.secret_path
35
+ config[:secret_file] ||
36
+ SecureDataBag::Item.secret_path
37
+ end
38
+
39
+ def secret
40
+ @secret ||= read_secret
43
41
  end
44
42
 
45
43
  def use_encryption
@@ -53,7 +51,7 @@ class Chef
53
51
  end
54
52
 
55
53
  def require_secret
56
- if not config[:secret] and not secret_file
54
+ if not secret
57
55
  show_usage
58
56
  ui.fatal("A secret or secret_file must be specified")
59
57
  exit 1
@@ -62,12 +60,6 @@ class Chef
62
60
 
63
61
  def data_for_create(hash={})
64
62
  hash[:id] = @data_bag_item_name
65
- hash = data_for_edit(hash)
66
- hash
67
- end
68
-
69
- def data_for_edit(hash)
70
- hash[:_encoded_fields] = encoded_fields
71
63
  hash
72
64
  end
73
65
 
data/lib/chef/knife/secure_bag_edit.rb CHANGED
@@ -16,7 +16,7 @@ class Chef
16
16
 
17
17
  item = SecureDataBag::Item.from_item(item)
18
18
  hash = item.to_hash(encoded: false)
19
- hash = data_for_edit(hash)
19
+ hash["_encoded_fields"] = item.encoded_fields
20
20
  hash
21
21
  end
22
22
 
@@ -25,7 +25,8 @@ class Chef
25
25
  output = data_for_save(output)
26
26
 
27
27
  item = SecureDataBag::Item.from_hash(output)
28
- item.encoded_fields encoded_fields
28
+ item.encoded_fields item.delete("_encoded_fields")
29
+ raise Exception.new item.encoded_fields
29
30
  item.to_hash encoded:true
30
31
  end
31
32
  end
data/lib/chef/knife/secure_bag_from_file.rb CHANGED
@@ -24,10 +24,10 @@ class Chef
24
24
  description: "Upload all data bags or all items for specified databag"
25
25
 
26
26
  def load_data_bag_hash(hash)
27
- @raw_data = hash
28
-
29
- item = SecureDataBag::Item.from_hash(hash, secret:read_secret)
30
- item.to_hash
27
+ item = SecureDataBag::Item.from_hash hash,
28
+ fields: encoded_fields,
29
+ secret: secret
30
+ item
31
31
  end
32
32
 
33
33
  def load_data_bag_items(data_bag, items=nil)
@@ -36,12 +36,9 @@ class Chef
36
36
  item_paths.each do |item_path|
37
37
  item = loader.load_from("#{data_bags_path}", data_bag, item_path)
38
38
  item = load_data_bag_hash(item)
39
- dbag = SecureDataBag::Item.new(secret:read_secret)
40
- dbag.encoded_fields encoded_fields
41
- dbag.raw_data = item
42
- dbag.data_bag(data_bag)
43
- dbag.save
44
- ui.info("Updated data_bag_item[#{dbag.data_bag}::#{dbag.id}]")
39
+ item.data_bag(data_bag)
40
+ item.save
41
+ ui.info("Updated data_bag_item[#{item.data_bag}::#{item.id}]")
45
42
  end
46
43
  end
47
44
  end
data/lib/chef/knife/secure_bag_show.rb CHANGED
@@ -17,15 +17,12 @@ class Chef
17
17
  default: false
18
18
 
19
19
  def load_item(bag, item_name)
20
- item = SecureDataBag::Item.load(
21
- bag, item_name,
20
+ item = SecureDataBag::Item.load bag, item_name,
22
21
  key: read_secret,
23
22
  fields: encoded_fields
24
- )
25
- item.encoded_fields(encoded_fields)
26
23
 
27
- data = item.to_hash(encoded:config[:encoded])
28
- data = data_for_edit(data) unless config[:encoded]
24
+ data = item.to_hash
25
+ data["_encoded_fields"] = item.encoded_fields
29
26
  data
30
27
  end
31
28
 
data/lib/secure_data_bag/secure_data_bag_item.rb CHANGED
@@ -85,11 +85,9 @@ module SecureDataBag
85
85
  # Fields we wish to encode
86
86
  #
87
87
  def encoded_fields(arg=nil)
88
- arg = arg.uniq if arg.is_a?(Array)
89
- set_or_return(:encoded_fields, arg,
90
- kind_of: Array,
91
- default: Chef::Config[:knife][:secure_data_bag][:fields]
92
- ).uniq
88
+ @encoded_fields = Array(arg).map{|s|s.to_s}.uniq if arg
89
+ @encoded_fields ||= Chef::Config[:knife][:secure_data_bag][:fields] ||
90
+ Array.new
93
91
  end
94
92
 
95
93
  #
@@ -108,8 +106,11 @@ module SecureDataBag
108
106
 
109
107
  def decode_hash(hash)
110
108
  hash.each do |k,v|
111
- v = if encoded_value?(v) then decode_value(v)
112
- elsif v.is_a?(Hash) then decode_hash(v)
109
+ v = if encoded_value?(v)
110
+ encoded_fields encoded_fields << k
111
+ decode_value(v)
112
+ elsif v.is_a?(Hash)
113
+ decode_hash(v)
113
114
  else v
114
115
  end
115
116
  hash[k] = v
@@ -165,6 +166,7 @@ module SecureDataBag
165
166
  def self.from_item(h, opts={})
166
167
  item = self.from_hash(h.to_hash, opts)
167
168
  item.data_bag h.data_bag
169
+ item.encoded_fields h.encoded_fields
168
170
  item
169
171
  end
170
172
 
data/lib/secure_data_bag/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
 
2
2
  module SecureDataBag
3
- VERSION = "2.0.5"
3
+ VERSION = "2.0.6"
4
4
  end
5
5
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: secure_data_bag
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.5
4
+ version: 2.0.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jonathan Serafini
@@ -83,7 +83,6 @@ files:
83
83
  - lib/chef/config.rb
84
84
  - lib/chef/dsl/data_query.rb
85
85
  - lib/chef/knife/secure_bag_base.rb
86
- - lib/chef/knife/secure_bag_create.rb
87
86
  - lib/chef/knife/secure_bag_edit.rb
88
87
  - lib/chef/knife/secure_bag_from_file.rb
89
88
  - lib/chef/knife/secure_bag_show.rb
data/lib/chef/knife/secure_bag_create.rb DELETED
@@ -1,65 +0,0 @@
1
-
2
- require 'chef/knife/secure_bag_base'
3
- require 'chef/knife/data_bag_create'
4
-
5
- class Chef
6
- class Knife
7
- class SecureBagCreate < Knife::DataBagCreate
8
- include Knife::SecureBagBase
9
-
10
- banner "knife secure bag create BAG [ITEM] (options)"
11
- category "secure bag"
12
-
13
- def create_databag
14
- begin
15
- rest.post_rest("data", { name: @data_bag_name })
16
- ui.info("Created data_bag[#{@data_bag_name}]")
17
- rescue Net::HTTPServerException => e
18
- raise unless e.to_s =~ /^409/
19
- ui.info("Data bag #{@data_bag_name} already exists")
20
- end
21
- end
22
-
23
- def create_databag_item
24
- create_object(initial_data,
25
- "data_bag_item[#{@data_bag_item_name}]") do |output|
26
-
27
- @raw_data = data_for_save(output)
28
-
29
- item = SecureDataBag::Item.from_hash(@raw_data, read_secret)
30
- item.encoded_fields(encoded_fields)
31
- item.data_bag(@data_bag_name)
32
-
33
- rest.post_rest("data/#{@data_bag_name}", item.to_hash)
34
- end
35
- end
36
-
37
- def run
38
- @data_bag_name, @data_bag_item_name = @name_args
39
-
40
- if @data_bag_name.nil?
41
- show_usage
42
- ui.fatal("You must specify a data bag name")
43
- exit 1
44
- end
45
-
46
- require_secret
47
-
48
- begin
49
- Chef::DataBag.validate_name!(@data_bag_name)
50
- rescue Chef::Exceptions::InvalidDataBagName => e
51
- ui.fatal(e.message)
52
- exit(1)
53
- end
54
-
55
- # create the data bag
56
- create_databag
57
-
58
- if @data_bag_item_name
59
- create_databag_item
60
- end
61
- end
62
- end
63
- end
64
- end
65
-