Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

RSS

encrypted_attributes (9) Versions 0.1.0

Installs and enables chef-encrypted-attributes gem: Chef plugin to add Node encrypted attributes support using client keys.

Berkshelf/Librarian
Policyfile
Knife
cookbook 'encrypted_attributes', '= 0.1.0'
cookbook 'encrypted_attributes', '= 0.1.0', :supermarket
knife cookbook site install encrypted_attributes
knife cookbook site download encrypted_attributes
README
Dependencies
Quality

Description

Cookbook Version Build Status

Installs and enables chef-encrypted-attributes gem: Chef plugin to add Node encrypted attributes support using client keys.

Requirements

No special requirements.

Attributes

<table> <tr> <th>Attribute</th> <th>Description</th> <th>Default</th> </tr> <tr> <td><code>node["encrypted_attributes"]["version"]</code></td> <td>chef-encrypted-attributes gem version to install. The latest stable version is installed by default.</td> <td><em>calculated</em></td> </tr> <tr> <td><code>node["encrypted_attributes"]["mirror"]</code></td> <td>chef-encrypted-attributes mirror to download the gem from. For cases where you do not want to use rubygems.</td> <td><code>nil</code></td> </tr> <tr> <td><code>node["encrypted_attributes"]["data_bag"]["name"]</code></td> <td>chef-encrypted-attributes user keys data bag item name.</td> <td><code>"global"</code></td> </tr> <tr> <td><code>node["encrypted_attributes"]["data_bag"]["item"]</code></td> <td>chef-encrypted-attributes user keys data bag item name.</td> <td><code>"chef_users"</code></td> </tr> </table>

Recipes

encrypted_attributes::default

Installs and loads the chef-encrypted-attributes gem.

encrypted_attributes::users_data_bag

Configures chef-encrypted-attributes Chef User keys reading them from a data bag. This is a workaround for the Chef Users Limitation problem.

Usage Examples

Including in a Cookbook Recipe

You can simply include it in a recipe:

include_recipe "encrypted_attributes"

Don't forget to include the encrypted_attributes cookbook as a dependency in the metadata.

# metadata.rb
[...]

depends "encrypted_attributes"

Including in the Run List

Another alternative is to include the default recipe in your Run List:

{
  "name": "ftp.onddo.com",
  [...]
  "run_list": [
    [...]
    "recipe[encrypted_attributes]"
  ]
}

encrypted_attributes::default Recipe Usage Example

include_recipe "encrypted_attributes"

Chef::Recipe.send(:include, Opscode::OpenSSL::Password) # include the #secure_password method

if Chef::EncryptedAttribute.exists?(node["myapp"]["ftp_password"])
  # update with the new keys
  Chef::EncryptedAttribute.update(node.set["myapp"]["ftp_password"])

  # read the password
  ftp_pass = Chef::EncryptedAttribute.load(node["myapp"]["ftp_password"])
else
  # create the password and save it
  ftp_pass = secure_password
  node.set["myapp"]["ftp_password"] = Chef::EncryptedAttribute.create(ftp_pass)
end

# use `ftp_pass` for something here ...

Note: This example requires the openssl cookbook.

See the chef-encrypted-attributes gem Usage section for more examples.

encrypted_attributes::users_data_bag Recipe Usage Example

Before using this recipe, you must create the required data bag:

$ knife data bag create global_data chef_users

You should create a data bag item with the following format:

{
  "id": "chef_users",
  "bob": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFA...",
  "alice": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFA..."
}

The keys can be set in array of strings format if you prefer:

{
  "id": "chef_users",
  "bob": [
    "-----BEGIN PUBLIC KEY-----",
    "MIIBIjANBgkqhkiG9w0BAQEFA...",
    ...
  ],
  "alice": [
    "-----BEGIN PUBLIC KEY-----",
    "MIIBIjANBgkqhkiG9w0BAQEFA...",
    ...
  ]
}

You can retrieve user public keys with knife user show USER -a public_key -f json.

Then, you can use this data bag to configure the Chef::Config[:encrypted_attributes][:keys] chef-encrypted-attributes configuration only by calling the recipe:

node.default["encrypted_attributes"]["data_bag"]["name"] = "global_data"
include_recipe "encrypted_attributes::users_data_bag"

# if Chef::EncryptedAttribute.exists_on_node?(...)
#   Chef::EncryptedAttribute.update(...)
# else
#   node.set[...][...] = Chef::EncryptedAttribute.create(...)
# ...

Note: This data bag does not need to be encrypted, because it only stores public keys.

Testing

Requirements

  • vagrant
  • foodcritic ~> 3.0
  • berkshelf >= 2.0
  • chefspec ~> 3.2
  • test-kitchen >= 1.2
  • kitchen-vagrant >= 0.10

Running the Syntax Style Tests

$ rake style

Running the Unit Tests

$ rake unit

Or:

$ rspec

Running the Integration Tests

$ rake integration

Or:

$ kitchen test
$ kitchen verify

Running Integration Tests in the Cloud

Requirements

  • kitchen-vagrant >= 0.10
  • kitchen-digitalocean >= 0.5
  • kitchen-ec2 >= 0.8

You can run the tests in the cloud instead of using vagrant. First, you must set the following environment variables:

  • AWS_ACCESS_KEY_ID
  • AWS_SECRET_ACCESS_KEY
  • AWS_KEYPAIR_NAME: EC2 SSH public key name. This is the name used in Amazon EC2 Console's Key Pars section.
  • EC2_SSH_KEY_PATH: EC2 SSH private key local full path. Only when you are not using an SSH Agent.
  • DIGITAL_OCEAN_CLIENT_ID
  • DIGITAL_OCEAN_API_KEY
  • DIGITAL_OCEAN_SSH_KEY_IDS: DigitalOcean SSH numeric key IDs.
  • DIGITAL_OCEAN_SSH_KEY_PATH: DigitalOcean SSH private key local full path. Only when you are not using an SSH Agent.

Then, you must configure test-kitchen to use .kitchen.cloud.yml configuration file:

$ export KITCHEN_LOCAL_YAML=".kitchen.cloud.yml"
$ kitchen list
[...]

Contributing

  1. Fork the repository on Github
  2. Create a named feature branch (like add_component_x)
  3. Write your change
  4. Write tests for your change (if applicable)
  5. Run the tests, ensuring they all pass
  6. Submit a Pull Request using Github

License and Author

Author: Xabier de Zuazo (xabier@onddo.com)
Copyright: Copyright (c) 2014, Onddo Labs, SL. (www.onddo.com)
License: Apache License, Version 2.0
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

No quality metric results found