secure_data_bag 2.1.2 → 2.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/chef/dsl/data_query.rb +2 -29
- data/lib/chef/knife/secure_bag_edit.rb +37 -12
- data/lib/chef/knife/secure_bag_show.rb +3 -2
- data/lib/secure_data_bag.rb +4 -4
- data/lib/secure_data_bag/dsl/data_query.rb +31 -0
- data/lib/secure_data_bag/{secure_data_bag_item.rb → item.rb} +1 -1
- data/lib/secure_data_bag/version.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1a9feeb1dfc414c24ff0245dd5942cef163e5d4c
|
4
|
+
data.tar.gz: 89258e6b058db11c62d7dbd39af9eba58eef2700
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0d2aceb5f872a953842a29d00351bd2474696925dad5dda15bf6b09844b09652196f8fcb9e0c8e79f2ec5cb4e07aac152a48813eac87edce6ffea53983995465
|
7
|
+
data.tar.gz: d07e7e41cad38f400f64a84892ee03b089a49c88328c812d73433a5d711b067b533de271ae06ffa389db96c4f777f1c8bc72bc68069ee42f76c8a874088c2516
|
data/lib/chef/dsl/data_query.rb
CHANGED
@@ -1,31 +1,4 @@
|
|
1
1
|
|
2
|
-
|
3
|
-
|
4
|
-
module SecureDataBag
|
5
|
-
def secure_data_bag_item(bag, item, cache: false)
|
6
|
-
data_bag_item = begin
|
7
|
-
node.run_state[:secure_data_bag] ||= {}
|
8
|
-
node.run_state[:secure_data_bag][bag] ||= {}
|
9
|
-
node.run_state[:secure_data_bag][bag][item]
|
10
|
-
end if cache
|
11
|
-
|
12
|
-
data_bag_item ||= begin
|
13
|
-
DataBag.validate_name!(bag.to_s)
|
14
|
-
::SecureDataBag::Item.validate_id!(item)
|
15
|
-
::SecureDataBag::Item.load(bag, item)
|
16
|
-
rescue Exception
|
17
|
-
Log.error("Failed to load secure data bag item: #{bag.inspect} #{item.inspect}")
|
18
|
-
raise
|
19
|
-
end
|
20
|
-
end
|
21
|
-
|
22
|
-
def secure_data_bag_item!(item, fields=[])
|
23
|
-
secure = ::SecureDataBag::Item.from_item item
|
24
|
-
secure.encoded_fields.concat(Array(fields))
|
25
|
-
secure
|
26
|
-
end
|
27
|
-
end
|
28
|
-
end
|
29
|
-
end
|
30
|
-
|
2
|
+
require "chef/dsl/data_query"
|
3
|
+
Chef::DSL::DataQuery.send(:include, SecureDataBag::DSL::DataQuery)
|
31
4
|
|
@@ -11,23 +11,48 @@ class Chef
|
|
11
11
|
category "secure bag"
|
12
12
|
|
13
13
|
def load_item(bag, item_name)
|
14
|
-
item =
|
15
|
-
@raw_data = item.to_hash
|
16
|
-
|
17
|
-
item = SecureDataBag::Item.from_item(item)
|
14
|
+
item = SecureDataBag::Item.load(bag, item_name)
|
18
15
|
hash = item.to_hash(encoded: false)
|
19
16
|
hash["_encoded_fields"] = item.encoded_fields
|
20
17
|
hash
|
21
18
|
end
|
22
19
|
|
23
|
-
def
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
20
|
+
def run
|
21
|
+
if @name_args.length != 2
|
22
|
+
stdout.puts "You must supply the data bag and an item to edit!"
|
23
|
+
stdout.puts opt_parser
|
24
|
+
exit 1
|
25
|
+
end
|
26
|
+
|
27
|
+
# Load the SecureBagItem, EncryptedDataBagItem or DataBagItem
|
28
|
+
item = load_item(@name_args[0], @name_args[1])
|
29
|
+
|
30
|
+
# Allow the user to modify the content
|
31
|
+
edited_item = edit_hash(item)
|
32
|
+
|
33
|
+
# Fetch the fields that are to be encoded
|
34
|
+
fields_to_encode = edited_item.delete("_encoded_fields")
|
35
|
+
if fields_to_encode and not fields_to_encode.empty?
|
36
|
+
ui.info("Saving with secure fields: #{fields_to_encode.join(", ")}")
|
37
|
+
else
|
38
|
+
ui.info("Saving without any secure fields")
|
39
|
+
end
|
40
|
+
|
41
|
+
# Generate a new SecureBagItem
|
42
|
+
item_to_save = SecureDataBag::Item.new(
|
43
|
+
data: edited_item,
|
44
|
+
fields: fields_to_encode
|
45
|
+
)
|
46
|
+
item_to_save.data_bag @name_args[0] # Set data_bag to match initial
|
47
|
+
item_to_save["id"] = @name_args[1] # Ensure id was not changed
|
48
|
+
item_to_save.save
|
49
|
+
|
50
|
+
stdout.puts("Saved data_bag_item[#{@name_args[1]}]")
|
51
|
+
|
52
|
+
if config[:print_after]
|
53
|
+
data_to_print = item_to_save.to_hash(encoded: true)
|
54
|
+
ui.output(Chef::JSONCompat.to_json_pretty(data_to_print))
|
55
|
+
end
|
31
56
|
end
|
32
57
|
end
|
33
58
|
end
|
@@ -17,11 +17,12 @@ class Chef
|
|
17
17
|
default: false
|
18
18
|
|
19
19
|
def load_item(bag, item_name)
|
20
|
-
item = SecureDataBag::Item.load
|
20
|
+
item = SecureDataBag::Item.load(bag, item_name,
|
21
21
|
key: read_secret,
|
22
22
|
fields: encoded_fields
|
23
|
+
)
|
23
24
|
|
24
|
-
data = item.to_hash
|
25
|
+
data = item.to_hash(encoded: config[:encoded])
|
25
26
|
data["_encoded_fields"] = item.encoded_fields
|
26
27
|
data
|
27
28
|
end
|
data/lib/secure_data_bag.rb
CHANGED
@@ -1,8 +1,8 @@
|
|
1
1
|
|
2
|
-
require_relative "chef/config"
|
3
|
-
require_relative "chef/dsl/data_query"
|
4
2
|
require "secure_data_bag/version"
|
5
|
-
require "secure_data_bag/
|
3
|
+
require "secure_data_bag/item"
|
4
|
+
require "secure_data_bag/dsl/data_query"
|
6
5
|
|
7
|
-
|
6
|
+
require_relative "chef/config"
|
7
|
+
require_relative "chef/dsl/data_query"
|
8
8
|
|
@@ -0,0 +1,31 @@
|
|
1
|
+
|
2
|
+
module SecureDataBag
|
3
|
+
module DSL
|
4
|
+
module DataQuery
|
5
|
+
def secure_data_bag_item(bag, item, cache: false)
|
6
|
+
data_bag_item = begin
|
7
|
+
node.run_state[:secure_data_bag] ||= {}
|
8
|
+
node.run_state[:secure_data_bag][bag] ||= {}
|
9
|
+
node.run_state[:secure_data_bag][bag][item]
|
10
|
+
end if cache
|
11
|
+
|
12
|
+
data_bag_item ||= begin
|
13
|
+
Chef::DataBag.validate_name!(bag.to_s)
|
14
|
+
SecureDataBag::Item.validate_id!(item)
|
15
|
+
SecureDataBag::Item.load(bag, item)
|
16
|
+
rescue Exception
|
17
|
+
Chef::Log.error("Failed to load secure data bag item: #{bag.inspect} #{item.inspect}")
|
18
|
+
raise
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
def secure_data_bag_item!(item, fields=[])
|
23
|
+
secure = SecureDataBag::Item.from_item item
|
24
|
+
secure.encoded_fields.concat(Array(fields))
|
25
|
+
secure
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: secure_data_bag
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jonathan Serafini
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2016-03-26 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: chef
|
@@ -87,7 +87,8 @@ files:
|
|
87
87
|
- lib/chef/knife/secure_bag_from_file.rb
|
88
88
|
- lib/chef/knife/secure_bag_show.rb
|
89
89
|
- lib/secure_data_bag.rb
|
90
|
-
- lib/secure_data_bag/
|
90
|
+
- lib/secure_data_bag/dsl/data_query.rb
|
91
|
+
- lib/secure_data_bag/item.rb
|
91
92
|
- lib/secure_data_bag/version.rb
|
92
93
|
- secure_data_bag.gemspec
|
93
94
|
- spec/item_spec.rb
|
@@ -112,11 +113,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
112
113
|
version: '0'
|
113
114
|
requirements: []
|
114
115
|
rubyforge_project:
|
115
|
-
rubygems_version: 2.4.5
|
116
|
+
rubygems_version: 2.4.5.1
|
116
117
|
signing_key:
|
117
118
|
specification_version: 4
|
118
119
|
summary: Per-field data bag item encryption
|
119
120
|
test_files:
|
120
121
|
- spec/item_spec.rb
|
121
122
|
- spec/spec_helper.rb
|
122
|
-
has_rdoc:
|