secure_data_bag 2.0.5 → 2.0.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 522b8fe343d5737a23a7aaf50782a1e0f4bd968e
-  data.tar.gz: c2a238e518368f46d30118707b71bb22092cdb9f
+  metadata.gz: b133e4df759b1b058628bd387f4a4566be99d622
+  data.tar.gz: 21f1b95ca23250d77797e0e19c5d37f24c32d44d
 SHA512:
-  metadata.gz: 6d7669cef00a0f2b610e02c270c947e2e3d6ee4de1c6a314bee2e1c2e4486f4483ee0303afabfc39de444d62959a46fd6dfc92a7ef31b698d59307aab1a42c90
-  data.tar.gz: b679cb3217f193b905c599121cd2fa7030a6ade4d678f195ca5973fe08945c88379a75fb01ff503b4ce3fa82a8739c70f1b741e47fa3490b7efde6fc2d95cdd6
+  metadata.gz: f78a72b2f5cf9fbef6598dc3eb4e5abe6d607ddbf6dbcf9d985067cd29751e3dd287009844456fcc4e84e589ecaa91227d5cfd4b78a7084c6ac122a252608d90
+  data.tar.gz: ea726ff84786d71b9344a36786b372c5aeb81161a8802077e19a7b68cf658aa05d51fd4216443aa93a73bb781000342bebdab8bea61b40ccdee87cca7a76a923

data/README.md

@@ -55,12 +55,11 @@ SecureDataBagItem is also built on Mash rather than Hash so you'll find it more
 }
 ```
 
-A few knife commands are also provided which allow you to create / edit / show / from file any DataBagItem or EncryptedDataBagItem and convert them to SecureDataBag::Item format.
+A few knife commands are also provided which allow you to edit / show / from file any DataBagItem or EncryptedDataBagItem and convert them to SecureDataBag::Item format.
 
 ```
 knife secure bag --help
 ** SECURE BAG COMMANDS **
-knife secure bag create BAG [ITEM] (options)
 knife secure bag edit BAG [ITEM] (options)
 knife secure bag from file BAG FILE|FLDR [FILE|FLDR] (options)
 knife secure bag show BAG [ITEM] (options)

data/lib/chef/knife/secure_bag_base.rb

@@ -13,33 +13,31 @@ class Chef
           option :secret,
             short:  "-s SECRET",
             long:   "--secret",
-            description: "The secret key to use to encrypt data bag item values",
-            proc: Proc.new { |s| Chef::Config[:knife][:secret] = s }
+            description: "The secret key to use to encrypt data bag item values"
 
           option :secret_file,
             long: "--secret-file SECRET_FILE",
-            description: "A file containing a secret key to use to encrypt data bag item values",
-            proc: Proc.new { |sf| 
-              Chef::Config[:encrypted_data_bag_secret] = sf 
-            }
+            description: "A file containing a secret key to use to encrypt data bag item values"
 
-          option :secure_data_bag_fields,
+          option :encoded_fields,
             long: "--encoded-fields FIELD1,FIELD2,FIELD3",
             description: "List of attribute keys for which to encode values",
-            proc: Proc.new { |o|
-              Chef::Config[:knife][:secure_data_bag][:fields] = o.split(",")
-            }
+            proc: Proc.new { |s| s.split(',') }
         end
       end
 
-      def encoded_fields(arg=nil)
-        config[:secure_data_bag_fields] = arg unless arg.nil?
-        config[:secure_data_bag_fields] || 
+      def encoded_fields
+        config[:encoded_fields] || 
           Chef::Config[:knife][:secure_data_bag][:fields]
       end
 
       def secret_file
-        config[:secret] || SecureDataBag::Item.secret_path
+        config[:secret_file] ||
+          SecureDataBag::Item.secret_path
+      end
+
+      def secret
+        @secret ||= read_secret
       end
 
       def use_encryption
@@ -53,7 +51,7 @@ class Chef
       end
 
       def require_secret
-        if not config[:secret] and not secret_file
+        if not secret
           show_usage
           ui.fatal("A secret or secret_file must be specified")
           exit 1
@@ -62,12 +60,6 @@ class Chef
 
       def data_for_create(hash={})
         hash[:id] = @data_bag_item_name
-        hash = data_for_edit(hash)
-        hash
-      end
-
-      def data_for_edit(hash)
-        hash[:_encoded_fields] = encoded_fields
         hash
       end
 

data/lib/chef/knife/secure_bag_edit.rb

@@ -16,7 +16,7 @@ class Chef
 
         item = SecureDataBag::Item.from_item(item)
         hash = item.to_hash(encoded: false)
-        hash = data_for_edit(hash)
+        hash["_encoded_fields"] = item.encoded_fields
         hash
       end
 
@@ -25,7 +25,8 @@ class Chef
         output = data_for_save(output)
 
         item = SecureDataBag::Item.from_hash(output)
-        item.encoded_fields encoded_fields
+        item.encoded_fields item.delete("_encoded_fields")
+        raise Exception.new item.encoded_fields
         item.to_hash encoded:true
       end
     end

data/lib/chef/knife/secure_bag_from_file.rb

@@ -24,10 +24,10 @@ class Chef
         description: "Upload all data bags or all items for specified databag"
 
       def load_data_bag_hash(hash)
-        @raw_data = hash
-
-        item = SecureDataBag::Item.from_hash(hash, secret:read_secret)
-        item.to_hash
+        item = SecureDataBag::Item.from_hash hash, 
+          fields: encoded_fields,
+          secret: secret
+        item
       end
 
       def load_data_bag_items(data_bag, items=nil)
@@ -36,12 +36,9 @@ class Chef
         item_paths.each do |item_path|
           item = loader.load_from("#{data_bags_path}", data_bag, item_path)
           item = load_data_bag_hash(item)
-          dbag = SecureDataBag::Item.new(secret:read_secret)
-          dbag.encoded_fields encoded_fields
-          dbag.raw_data = item
-          dbag.data_bag(data_bag)
-          dbag.save
-          ui.info("Updated data_bag_item[#{dbag.data_bag}::#{dbag.id}]")
+          item.data_bag(data_bag)
+          item.save
+          ui.info("Updated data_bag_item[#{item.data_bag}::#{item.id}]")
         end
       end
     end

data/lib/chef/knife/secure_bag_show.rb

@@ -17,15 +17,12 @@ class Chef
         default: false
 
       def load_item(bag, item_name)
-        item = SecureDataBag::Item.load(
-          bag, item_name, 
+        item = SecureDataBag::Item.load bag, item_name, 
           key: read_secret,
           fields: encoded_fields
-        )
-        item.encoded_fields(encoded_fields)
 
-        data = item.to_hash(encoded:config[:encoded])
-        data = data_for_edit(data) unless config[:encoded]
+        data = item.to_hash
+        data["_encoded_fields"] = item.encoded_fields
         data
       end
 

data/lib/secure_data_bag/secure_data_bag_item.rb

@@ -85,11 +85,9 @@ module SecureDataBag
     # Fields we wish to encode
     #
     def encoded_fields(arg=nil)
-      arg = arg.uniq if arg.is_a?(Array)
-      set_or_return(:encoded_fields, arg, 
-        kind_of: Array, 
-        default: Chef::Config[:knife][:secure_data_bag][:fields]
-      ).uniq
+      @encoded_fields = Array(arg).map{|s|s.to_s}.uniq if arg
+      @encoded_fields ||= Chef::Config[:knife][:secure_data_bag][:fields] ||
+                          Array.new
     end
 
     #
@@ -108,8 +106,11 @@ module SecureDataBag
 
     def decode_hash(hash)
       hash.each do |k,v|
-        v = if encoded_value?(v) then decode_value(v)
-            elsif v.is_a?(Hash) then decode_hash(v)
+        v = if encoded_value?(v)
+              encoded_fields encoded_fields << k
+              decode_value(v)
+            elsif v.is_a?(Hash)
+              decode_hash(v)
             else v
             end
         hash[k] = v
@@ -165,6 +166,7 @@ module SecureDataBag
     def self.from_item(h, opts={})
       item = self.from_hash(h.to_hash, opts)
       item.data_bag h.data_bag
+      item.encoded_fields h.encoded_fields
       item
     end
 

data/lib/secure_data_bag/version.rb

@@ -1,5 +1,5 @@
 
 module SecureDataBag
-  VERSION = "2.0.5"
+  VERSION = "2.0.6"
 end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: secure_data_bag
 version: !ruby/object:Gem::Version
-  version: 2.0.5
+  version: 2.0.6
 platform: ruby
 authors:
 - Jonathan Serafini
@@ -83,7 +83,6 @@ files:
 - lib/chef/config.rb
 - lib/chef/dsl/data_query.rb
 - lib/chef/knife/secure_bag_base.rb
-- lib/chef/knife/secure_bag_create.rb
 - lib/chef/knife/secure_bag_edit.rb
 - lib/chef/knife/secure_bag_from_file.rb
 - lib/chef/knife/secure_bag_show.rb

data/lib/chef/knife/secure_bag_create.rb

@@ -1,65 +0,0 @@
-
-require 'chef/knife/secure_bag_base'
-require 'chef/knife/data_bag_create'
-
-class Chef
-  class Knife
-    class SecureBagCreate < Knife::DataBagCreate
-      include Knife::SecureBagBase
-
-      banner "knife secure bag create BAG [ITEM] (options)"
-      category "secure bag"
-
-      def create_databag
-        begin
-          rest.post_rest("data", { name: @data_bag_name })
-          ui.info("Created data_bag[#{@data_bag_name}]")
-        rescue Net::HTTPServerException => e
-          raise unless e.to_s =~ /^409/
-          ui.info("Data bag #{@data_bag_name} already exists")
-        end
-      end
-
-      def create_databag_item
-        create_object(initial_data, 
-                      "data_bag_item[#{@data_bag_item_name}]") do |output|
-
-          @raw_data = data_for_save(output)
-
-          item = SecureDataBag::Item.from_hash(@raw_data, read_secret)
-          item.encoded_fields(encoded_fields)
-          item.data_bag(@data_bag_name)
-
-          rest.post_rest("data/#{@data_bag_name}", item.to_hash)
-        end
-      end
-
-      def run
-        @data_bag_name, @data_bag_item_name = @name_args
-
-        if @data_bag_name.nil?
-          show_usage
-          ui.fatal("You must specify a data bag name")
-          exit 1
-        end
-
-        require_secret
-
-        begin
-          Chef::DataBag.validate_name!(@data_bag_name)
-        rescue Chef::Exceptions::InvalidDataBagName => e
-          ui.fatal(e.message)
-          exit(1)
-        end
-
-        # create the data bag
-        create_databag
-
-        if @data_bag_item_name
-          create_databag_item
-        end
-      end
-    end
-  end
-end
-