secure_data_bag 2.1.2 → 2.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/chef/dsl/data_query.rb +2 -29
- data/lib/chef/knife/secure_bag_edit.rb +37 -12
- data/lib/chef/knife/secure_bag_show.rb +3 -2
- data/lib/secure_data_bag.rb +4 -4
- data/lib/secure_data_bag/dsl/data_query.rb +31 -0
- data/lib/secure_data_bag/{secure_data_bag_item.rb → item.rb} +1 -1
- data/lib/secure_data_bag/version.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1a9feeb1dfc414c24ff0245dd5942cef163e5d4c
|
|
4
|
+
data.tar.gz: 89258e6b058db11c62d7dbd39af9eba58eef2700
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0d2aceb5f872a953842a29d00351bd2474696925dad5dda15bf6b09844b09652196f8fcb9e0c8e79f2ec5cb4e07aac152a48813eac87edce6ffea53983995465
|
|
7
|
+
data.tar.gz: d07e7e41cad38f400f64a84892ee03b089a49c88328c812d73433a5d711b067b533de271ae06ffa389db96c4f777f1c8bc72bc68069ee42f76c8a874088c2516
|
data/lib/chef/dsl/data_query.rb
CHANGED
|
@@ -1,31 +1,4 @@
|
|
|
1
1
|
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
module SecureDataBag
|
|
5
|
-
def secure_data_bag_item(bag, item, cache: false)
|
|
6
|
-
data_bag_item = begin
|
|
7
|
-
node.run_state[:secure_data_bag] ||= {}
|
|
8
|
-
node.run_state[:secure_data_bag][bag] ||= {}
|
|
9
|
-
node.run_state[:secure_data_bag][bag][item]
|
|
10
|
-
end if cache
|
|
11
|
-
|
|
12
|
-
data_bag_item ||= begin
|
|
13
|
-
DataBag.validate_name!(bag.to_s)
|
|
14
|
-
::SecureDataBag::Item.validate_id!(item)
|
|
15
|
-
::SecureDataBag::Item.load(bag, item)
|
|
16
|
-
rescue Exception
|
|
17
|
-
Log.error("Failed to load secure data bag item: #{bag.inspect} #{item.inspect}")
|
|
18
|
-
raise
|
|
19
|
-
end
|
|
20
|
-
end
|
|
21
|
-
|
|
22
|
-
def secure_data_bag_item!(item, fields=[])
|
|
23
|
-
secure = ::SecureDataBag::Item.from_item item
|
|
24
|
-
secure.encoded_fields.concat(Array(fields))
|
|
25
|
-
secure
|
|
26
|
-
end
|
|
27
|
-
end
|
|
28
|
-
end
|
|
29
|
-
end
|
|
30
|
-
|
|
2
|
+
require "chef/dsl/data_query"
|
|
3
|
+
Chef::DSL::DataQuery.send(:include, SecureDataBag::DSL::DataQuery)
|
|
31
4
|
|
|
@@ -11,23 +11,48 @@ class Chef
|
|
|
11
11
|
category "secure bag"
|
|
12
12
|
|
|
13
13
|
def load_item(bag, item_name)
|
|
14
|
-
item =
|
|
15
|
-
@raw_data = item.to_hash
|
|
16
|
-
|
|
17
|
-
item = SecureDataBag::Item.from_item(item)
|
|
14
|
+
item = SecureDataBag::Item.load(bag, item_name)
|
|
18
15
|
hash = item.to_hash(encoded: false)
|
|
19
16
|
hash["_encoded_fields"] = item.encoded_fields
|
|
20
17
|
hash
|
|
21
18
|
end
|
|
22
19
|
|
|
23
|
-
def
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
20
|
+
def run
|
|
21
|
+
if @name_args.length != 2
|
|
22
|
+
stdout.puts "You must supply the data bag and an item to edit!"
|
|
23
|
+
stdout.puts opt_parser
|
|
24
|
+
exit 1
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
# Load the SecureBagItem, EncryptedDataBagItem or DataBagItem
|
|
28
|
+
item = load_item(@name_args[0], @name_args[1])
|
|
29
|
+
|
|
30
|
+
# Allow the user to modify the content
|
|
31
|
+
edited_item = edit_hash(item)
|
|
32
|
+
|
|
33
|
+
# Fetch the fields that are to be encoded
|
|
34
|
+
fields_to_encode = edited_item.delete("_encoded_fields")
|
|
35
|
+
if fields_to_encode and not fields_to_encode.empty?
|
|
36
|
+
ui.info("Saving with secure fields: #{fields_to_encode.join(", ")}")
|
|
37
|
+
else
|
|
38
|
+
ui.info("Saving without any secure fields")
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
# Generate a new SecureBagItem
|
|
42
|
+
item_to_save = SecureDataBag::Item.new(
|
|
43
|
+
data: edited_item,
|
|
44
|
+
fields: fields_to_encode
|
|
45
|
+
)
|
|
46
|
+
item_to_save.data_bag @name_args[0] # Set data_bag to match initial
|
|
47
|
+
item_to_save["id"] = @name_args[1] # Ensure id was not changed
|
|
48
|
+
item_to_save.save
|
|
49
|
+
|
|
50
|
+
stdout.puts("Saved data_bag_item[#{@name_args[1]}]")
|
|
51
|
+
|
|
52
|
+
if config[:print_after]
|
|
53
|
+
data_to_print = item_to_save.to_hash(encoded: true)
|
|
54
|
+
ui.output(Chef::JSONCompat.to_json_pretty(data_to_print))
|
|
55
|
+
end
|
|
31
56
|
end
|
|
32
57
|
end
|
|
33
58
|
end
|
|
@@ -17,11 +17,12 @@ class Chef
|
|
|
17
17
|
default: false
|
|
18
18
|
|
|
19
19
|
def load_item(bag, item_name)
|
|
20
|
-
item = SecureDataBag::Item.load
|
|
20
|
+
item = SecureDataBag::Item.load(bag, item_name,
|
|
21
21
|
key: read_secret,
|
|
22
22
|
fields: encoded_fields
|
|
23
|
+
)
|
|
23
24
|
|
|
24
|
-
data = item.to_hash
|
|
25
|
+
data = item.to_hash(encoded: config[:encoded])
|
|
25
26
|
data["_encoded_fields"] = item.encoded_fields
|
|
26
27
|
data
|
|
27
28
|
end
|
data/lib/secure_data_bag.rb
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
|
|
2
|
-
require_relative "chef/config"
|
|
3
|
-
require_relative "chef/dsl/data_query"
|
|
4
2
|
require "secure_data_bag/version"
|
|
5
|
-
require "secure_data_bag/
|
|
3
|
+
require "secure_data_bag/item"
|
|
4
|
+
require "secure_data_bag/dsl/data_query"
|
|
6
5
|
|
|
7
|
-
|
|
6
|
+
require_relative "chef/config"
|
|
7
|
+
require_relative "chef/dsl/data_query"
|
|
8
8
|
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
|
|
2
|
+
module SecureDataBag
|
|
3
|
+
module DSL
|
|
4
|
+
module DataQuery
|
|
5
|
+
def secure_data_bag_item(bag, item, cache: false)
|
|
6
|
+
data_bag_item = begin
|
|
7
|
+
node.run_state[:secure_data_bag] ||= {}
|
|
8
|
+
node.run_state[:secure_data_bag][bag] ||= {}
|
|
9
|
+
node.run_state[:secure_data_bag][bag][item]
|
|
10
|
+
end if cache
|
|
11
|
+
|
|
12
|
+
data_bag_item ||= begin
|
|
13
|
+
Chef::DataBag.validate_name!(bag.to_s)
|
|
14
|
+
SecureDataBag::Item.validate_id!(item)
|
|
15
|
+
SecureDataBag::Item.load(bag, item)
|
|
16
|
+
rescue Exception
|
|
17
|
+
Chef::Log.error("Failed to load secure data bag item: #{bag.inspect} #{item.inspect}")
|
|
18
|
+
raise
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def secure_data_bag_item!(item, fields=[])
|
|
23
|
+
secure = SecureDataBag::Item.from_item item
|
|
24
|
+
secure.encoded_fields.concat(Array(fields))
|
|
25
|
+
secure
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: secure_data_bag
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jonathan Serafini
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2016-03-26 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: chef
|
|
@@ -87,7 +87,8 @@ files:
|
|
|
87
87
|
- lib/chef/knife/secure_bag_from_file.rb
|
|
88
88
|
- lib/chef/knife/secure_bag_show.rb
|
|
89
89
|
- lib/secure_data_bag.rb
|
|
90
|
-
- lib/secure_data_bag/
|
|
90
|
+
- lib/secure_data_bag/dsl/data_query.rb
|
|
91
|
+
- lib/secure_data_bag/item.rb
|
|
91
92
|
- lib/secure_data_bag/version.rb
|
|
92
93
|
- secure_data_bag.gemspec
|
|
93
94
|
- spec/item_spec.rb
|
|
@@ -112,11 +113,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
112
113
|
version: '0'
|
|
113
114
|
requirements: []
|
|
114
115
|
rubyforge_project:
|
|
115
|
-
rubygems_version: 2.4.5
|
|
116
|
+
rubygems_version: 2.4.5.1
|
|
116
117
|
signing_key:
|
|
117
118
|
specification_version: 4
|
|
118
119
|
summary: Per-field data bag item encryption
|
|
119
120
|
test_files:
|
|
120
121
|
- spec/item_spec.rb
|
|
121
122
|
- spec/spec_helper.rb
|
|
122
|
-
has_rdoc:
|