From 541c443a7bb15ef9d61019878d5b106bcdfef172 Mon Sep 17 00:00:00 2001 From: Kirill Lyubchenko Date: Mon, 16 Nov 2020 15:26:24 -0800 Subject: [PATCH 1/2] Fix multiple requests to Chef server Signed-off-by: Kirill Lyubchenko --- lib/chef-vault/item.rb | 5 +++-- lib/chef-vault/item_keys.rb | 5 +++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/lib/chef-vault/item.rb b/lib/chef-vault/item.rb index b032c69b..9640005b 100644 --- a/lib/chef-vault/item.rb +++ b/lib/chef-vault/item.rb @@ -160,10 +160,11 @@ def remove(key) end def secret - if @keys.include?(@node_name) && !@keys[@node_name].nil? + t = @keys[@node_name] + if !t.nil? private_key = OpenSSL::PKey::RSA.new(File.open(@client_key_path).read) begin - private_key.private_decrypt(Base64.decode64(@keys[@node_name])) + private_key.private_decrypt(Base64.decode64(t)) rescue OpenSSL::PKey::RSAError raise ChefVault::Exceptions::SecretDecryption, "#{data_bag}/#{id} is encrypted for you, but your private key failed to decrypt the contents. "\ diff --git a/lib/chef-vault/item_keys.rb b/lib/chef-vault/item_keys.rb index 8c3cfd27..27282e51 100644 --- a/lib/chef-vault/item_keys.rb +++ b/lib/chef-vault/item_keys.rb @@ -34,9 +34,12 @@ def initialize(vault, name) @raw_data["search_query"] = [] @raw_data["mode"] = "default" @cache = {} # write-back cache for keys + @tmpcache = nil end def [](key) + # return if cache contents is not empty + return @tmpcache unless @tmpcache.nil? # return options immediately return @raw_data[key] if %w{id admins clients search_query mode}.include?(key) @@ -47,6 +50,7 @@ def [](key) # check if the key is saved in sparse mode skey = sparse_key(sparse_id(key)) if sparse? if skey + @tmpcache = skey[key] skey[key] else # fallback to raw data @@ -89,6 +93,7 @@ def clear_encrypted def delete(chef_key) @cache[chef_key.name] = false + @tmpcache = nil raw_data[chef_key.type].delete(chef_key.name) raw_data.delete(chef_key.name) end From cfeccd324fb5f7530731921deb268e0de3a950d3 Mon Sep 17 00:00:00 2001 From: Kirill Lyubchenko Date: Mon, 14 Dec 2020 18:55:49 -0800 Subject: [PATCH 2/2] Convert tmpcache to hash (#1) * Converted tmpcache to hash, renamed variable * Re-initialize hash in delete method Signed-off-by: Kirill Lyubchenko --- lib/chef-vault/item.rb | 6 +++--- lib/chef-vault/item_keys.rb | 10 +++++----- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/lib/chef-vault/item.rb b/lib/chef-vault/item.rb index 9640005b..aa574678 100644 --- a/lib/chef-vault/item.rb +++ b/lib/chef-vault/item.rb @@ -160,11 +160,11 @@ def remove(key) end def secret - t = @keys[@node_name] - if !t.nil? + data_bag_key = @keys[@node_name] + if !data_bag_key.nil? private_key = OpenSSL::PKey::RSA.new(File.open(@client_key_path).read) begin - private_key.private_decrypt(Base64.decode64(t)) + private_key.private_decrypt(Base64.decode64(data_bag_key)) rescue OpenSSL::PKey::RSAError raise ChefVault::Exceptions::SecretDecryption, "#{data_bag}/#{id} is encrypted for you, but your private key failed to decrypt the contents. "\ diff --git a/lib/chef-vault/item_keys.rb b/lib/chef-vault/item_keys.rb index 27282e51..4787acfe 100644 --- a/lib/chef-vault/item_keys.rb +++ b/lib/chef-vault/item_keys.rb @@ -34,12 +34,12 @@ def initialize(vault, name) @raw_data["search_query"] = [] @raw_data["mode"] = "default" @cache = {} # write-back cache for keys - @tmpcache = nil + @tmpcache = {} end def [](key) - # return if cache contents is not empty - return @tmpcache unless @tmpcache.nil? + # return if cache contains client key + return @tmpcache[key] if @tmpcache.key?(key) # return options immediately return @raw_data[key] if %w{id admins clients search_query mode}.include?(key) @@ -50,7 +50,7 @@ def [](key) # check if the key is saved in sparse mode skey = sparse_key(sparse_id(key)) if sparse? if skey - @tmpcache = skey[key] + @tmpcache[key] = skey[key] skey[key] else # fallback to raw data @@ -93,7 +93,7 @@ def clear_encrypted def delete(chef_key) @cache[chef_key.name] = false - @tmpcache = nil + @tmpcache = {} raw_data[chef_key.type].delete(chef_key.name) raw_data.delete(chef_key.name) end