Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Encrypted databags update #1

Merged
merged 31 commits into from
Sep 5, 2018
Merged

Encrypted databags update #1

merged 31 commits into from
Sep 5, 2018

Conversation

fpedrini
Copy link

@fpedrini fpedrini commented Sep 4, 2018
edited
Loading

Hello @kamilbednarz.

I'm opening this PR to your repository as you're the original author for the encrypted databag patches you submitted back in 2014 to the upstream repo in coderanger#27.

I've recently had the need to work with pychef and encrypted databags and your code was immensely helpful (and btw, thank you!), but I had to work a bit around a few issues (mostly around Python 3 compat).

If you're interested, it would be nice to get the changes merged to your fork and the PR to the upstream repo updated, it might increase the chances of getting it merged.

As you can see this PR can't be merged directly with your master branch (as i targeted the upstream HEAD) but it should be possible to work around the issue (the easiest thing, i think, would be to revert the commit on your master branch, update from upstream and then merge this PR, which will restore your commit+the changes needed to apply cleanly against the new HEAD).

Let me know if you're not interested, and I'll open a new PR directly to master (but the attribution in the commits will still be yours).

Also, compared to your original code, I added a new parameter to the ChefApi object that allows to pass the encryption key as a string instead of having it loaded from a file. In case both secret_file and secret_key are passed, the latter takes precedence.

Thanks,
Francesco

kamilbednarz and others added 30 commits September 4, 2018 16:41
@kamilbednarz @fpedrini
Extend ChefAPI with the secret_file option
06c69d9
@kamilbednarz @fpedrini
Add encryption exceptions
9e5a2f2
@fpedrini
Add a class for encrypted data bag item
5fc609d
@kamilbednarz @fpedrini
Add data bag decryptor for version 2
ee1035c
@kamilbednarz @fpedrini
Add Encryptor version 1
97c6372
@kamilbednarz @fpedrini
Add support for choosing encryption version
2aad60a
@kamilbednarz @fpedrini
Add Encryptor version 2
98c0944
@kamilbednarz @fpedrini
Remove reading secret_file knife config from knife.rb
e8cc248
@kamilbednarz @fpedrini
Update encryption get_version method to support both string and int p…
86b8761 
…arams
@kamilbednarz @fpedrini
Add EncryptedDataBagItem to chef module
61a4629
@kamilbednarz @fpedrini
Add test for reading data bag encryption version from config file
1e42daa
@kamilbednarz @fpedrini
Add specs for EncryptedDataBagItem class
cda71f0
@kamilbednarz @fpedrini
Fix issue with failing Api test
61e039a
@kamilbednarz @fpedrini
Fix paths to files in specs for EncryptedDataBagItem
11ecdf7
@kamilbednarz @fpedrini
Remove trash file
9863d29
@kamilbednarz @fpedrini
Reworked AES implementation - use ctypes instead of m2crypto
8468559
@kamilbednarz @fpedrini
Refactored aes cipher class
08980f5
@kamilbednarz @fpedrini
Replaced encrypted_data_bag_item AES encryption method to AES256Cipher
8add770
@kamilbednarz @fpedrini
Replace direct usage of simplejson with the one from chef.utils
ef9962a
@kamilbednarz @fpedrini
Import needed class instead of the whole module
347d9ad
@kamilbednarz @fpedrini
Removed stripping padding chars in decrypted strings
30621ed
@kamilbednarz @fpedrini
Use itertools for HMAC validation
6157360
@kamilbednarz @fpedrini
Add error messages for decryption exceptions
a019733
@kamilbednarz @fpedrini
AES256Cipher inherits from object
4a17b79
@kamilbednarz @fpedrini
Remove manuall deleting encryptors/decryptors
a40bb6f
@kamilbednarz @fpedrini
Refactor HMAC validation
8f792a4
@kamilbednarz @fpedrini
encrypted_data_bag_item module refactored. Removed nested classes
12f2969
@fpedrini
Py3 support for encrypted databags code
5a94382
@fpedrini
Add docs for encrypted_databag
1801c55
@fpedrini
Add ability to pass encryption key as string to ChefApi
ef67bc0
@kamilbednarz
Copy link
Owner

Hey Francesco (@fpedrini),

Ha, I'm happy that my code have been useful for you!

I promise to do some cleaning on my fork: make it up to date with the upstream's master, then try to rebase my code. Eventually we should be able to put your changes on top of all of it and we end up with a clean pull request to the upstream.

Although - I know it's still useful to refresh this branch, so more people can use that. But I don't expect the changes to be merged anyway to the upstream repo, because it wasn't updated for 2 years as for now and I'm not sure if the author (@coderanger) still maintains it.

Stay tuned!

Best,
Kamil

@kamilbednarz kamilbednarz changed the base branch from master to feature/encrypted-data-bags September 5, 2018 21:37
@kamilbednarz kamilbednarz merged commit f6a6773 into kamilbednarz:feature/encrypted-data-bags Sep 5, 2018
@kamilbednarz
Copy link
Owner

Hey @fpedrini , I merged your code in a clunky way, but it seems to work fine.

Also, I cleaned up my branch, kept all the code on kamilbednarz:feature/encrypted-data-bags and I'll try to submit another PR to the upstream.

Thank you!

@fpedrini
Copy link
Author

fpedrini commented Sep 6, 2018

Thank you very much!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fpedrini @kamilbednarz