rot13 Chef cookbook, please don't use this for reals...

Author: fnichol

.gitignore

@@ -0,0 +1,7 @@
+Gemfile.lock
+Cheffile.lock
+.librarian/
+tmp/
+.kitchen/
+.kitchen.local.yml
+.bundle/

.kitchen.yml

@@ -0,0 +1,19 @@
+---
+driver:
+  name: docker
+  socket: <%= ENV['DOCKER_HOST'] %>
+
+kitchen:
+  test_base_path: spec/integration
+
+provisioner:
+  name: chef_solo
+
+platforms:
+  - name: ubuntu-12.04
+  - name: centos-6.4
+
+suites:
+  - name: default
+    run_list:
+      - recipe[test]

.travis.yml

@@ -0,0 +1,4 @@
+language: ruby
+rvm:
+  - 2.1
+bundler_args: --without integration development

Cheffile

@@ -0,0 +1,8 @@
+#!/usr/bin/env ruby
+#^syntax detection
+
+site "http://community.opscode.com/api/v1"
+
+cookbook "rot13", path: "."
+cookbook "fixtures", path: "spec/unit/fixtures"
+cookbook "test", path: "spec/integration/cookbooks/test"

Gemfile

@@ -0,0 +1,15 @@
+source "https://rubygems.org"
+
+gem "chefspec"
+gem "emeril"
+gem "foodcritic", "~> 3.0"
+gem "librarian-chef"
+
+group :development do
+  gem "guard-rspec"
+end
+
+group :integration do
+  gem "test-kitchen"
+  gem "kitchen-docker"
+end

Guardfile

@@ -0,0 +1,5 @@
+guard :rspec do
+  watch(%r{^spec/unit/.+_spec\.rb$})
+  watch(%r{^(libraries|providers|recipes|resources)/(.+)\.rb$}) { |m| "spec/unit/#{m[1]}/#{m[2]}_spec.rb" }
+  watch("spec/unit/spec_helper.rb")  { "spec/unit" }
+end

README.md

@@ -0,0 +1,111 @@
+# <a name="title"></a> Rot13 Chef Cookbook
+
+[![Build Status](https://secure.travis-ci.org/ut-cookbooks/rot13.png?branch=master)](http://travis-ci.org/ut-cookbooks/rot13)
+
+## <a name="description"></a> Description
+
+Chef cookbook for securing sensitive payloads on nodes using a classic Caesar cipher. You know, 'cause it had to be done.
+
+* Source Code: https://github.com/ut-cookbooks/rot13
+* Community Site: http://community.opscode.com/cookbooks/rot13
+
+## <a name="usage"></a> Usage
+
+Simply add a `depends "rot13"` in one of your cookbooks or include `recipe[rot13]` in your run\_list and you will have access to the `rot13_vault` [lwrp](#lwrps).
+
+## <a name="requirements"></a> Requirements
+
+### <a name="requirements-chef"></a> Chef
+
+Tested on 11.10.4 but newer and older versions should work just fine.
+File an [issue][issues] if this isn't the case.
+
+### <a name="requirements-platform"></a> Platform
+
+The following platforms have been tested with this cookbook, meaning that the
+recipes run on these platforms without error:
+
+* ubuntu (12.04)
+* centos (6.4)
+
+Please [report][issues] any additional platforms so they can be added.
+
+### <a name="requirements-cookbooks"></a> Cookbooks
+
+This cookbook has **no** cookbook dependencies.
+
+## <a name="recipes"></a> Recipes
+
+### <a name="recipes-default"></a> default
+
+This recipe, gloriously, does nothing.
+
+## <a name="attributes"></a> Attributes
+
+This cookbook depends on **no** attributes.
+
+## <a name="lwrps"></a> Resources and Providers
+
+### <a name="lwrps-rot13-vault"></a> rot13\_vault
+
+### <a name="lwrps-rot13-vault-actions"></a> Actions
+
+| Action | Description               | Default |
+|--------|---------------------------|---------|
+| create | Creates the encoded file. | Yes     |
+
+### <a name="lwrps-rot13-vault-attributes"></a> Attributes
+
+| Attribute | Description               | Default Value |
+|-----------|---------------------------|---------------|
+| path      | **Name attribute:** The path for the file. | `nil` |
+| owner     | The owner of the file. | `nil` |
+| group     | The group ownership of the file. | `nil` |
+| mode      | The permissions of the file. | `nil` |
+| payload   | The content that is to be encoded in the file. | `nil` |
+
+#### <a name="lwrps-rot13-vault-examples"></a> Examples
+
+    rot13_vault "lockdown" do
+      path    "/etc/private/nopeek"
+      owner   "root"
+      group   "root"
+      mode    "0400"
+      payload "please don't decode this"
+    end
+
+    rot13_vault "/tmp/nothin" do
+      payload <<-PAYLOAD
+    once upon a time, ...
+    PAYLOAD
+    end
+
+## <a name="development"></a> Development
+
+* Source hosted at [GitHub][repo]
+* Report issues/Questions/Feature requests on [GitHub Issues][issues]
+
+Pull requests are very welcome! Make sure your patches are well tested.
+Ideally create a topic branch for every separate change you make.
+
+## <a name="license"></a> License and Author
+
+Author:: [Fletcher Nichol][fnichol] (<[email protected]>) [![endorse](http://api.coderwall.com/fnichol/endorsecount.png)](http://coderwall.com/fnichol)
+
+Copyright 2014, Fletcher Nichol
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+[fnichol]:      https://github.com/fnichol
+[repo]:         https://github.com/ut-cookbooks/rot13
+[issues]:       https://github.com/ut-cookbooks/rot13/issues

Rakefile

@@ -0,0 +1,27 @@
+#!/usr/bin/env rake
+
+begin
+  require 'emeril/rake'
+rescue LoadError
+  puts ">>>>> Emeril gem not loaded, omitting tasks" unless ENV['CI']
+end
+
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:unit) do |t|
+  t.rspec_opts = "--color --format documentation"
+  t.pattern = ["spec/unit/**/*_spec.rb"]
+end
+
+require 'foodcritic'
+FoodCritic::Rake::LintTask.new do |t|
+  t.options = { :fail_tags => ['any'] }
+end
+
+begin
+  require 'kitchen/rake_tasks'
+  Kitchen::RakeTasks.new
+rescue LoadError
+  puts ">>>>> Kitchen gem not loaded, omitting tasks" unless ENV['CI']
+end
+
+task :default => [:foodcritic, :unit]

libraries/matchers.rb

@@ -0,0 +1,28 @@
+#
+# Cookbook Name:: rot13
+# Library:: matchers
+#
+# Copyright 2014, Fletcher Nichol
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+if defined?(ChefSpec)
+  def create_rot13_vault(name)
+    ChefSpec::Matchers::ResourceMatcher.new(:rot13_vault, :create, name)
+  end
+
+  def delete_rot13_vault(name)
+    ChefSpec::Matchers::ResourceMatcher.new(:rot13_vault, :delete, name)
+  end
+end

libraries/rot13.rb

@@ -0,0 +1,35 @@
+#
+# Cookbook Name:: rot13
+# Library:: rot13
+#
+# Copyright 2014, Fletcher Nichol
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+module Rot13
+  def self.encode(string)
+    return nil if string.nil?
+
+    string.each_char.map { |ch|
+      case ch
+      when /^[a-z]$/
+        (((ch.ord - "a".ord + 13) % 26) + "a".ord).chr
+      when /^[A-Z]$/
+        (((ch.ord - "A".ord + 13) % 26) + "A".ord).chr
+      else
+        ch
+      end
+    }.join
+  end
+end

metadata.rb

@@ -0,0 +1,2 @@
+name "rot13"
+version "1.0.0"

providers/vault.rb

@@ -0,0 +1,34 @@
+#
+# Cookbook Name:: rot13
+# Provider:: rot13_vault
+#
+# Copyright 2014, Fletcher Nichol
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+def whyrun_supported?
+  true
+end
+
+use_inline_resources
+
+action :create do
+  f = file new_resource.path do
+    owner new_resource.owner
+    group new_resource.group
+    mode new_resource.mode
+    content new_resource.encoded
+  end
+  new_resource.updated_by_last_action(f.updated_by_last_action?)
+end

resources/vault.rb

@@ -0,0 +1,33 @@
+#
+# Cookbook Name:: rot13
+# Resource:: vault
+#
+# Copyright 2014, Fletcher Nichol
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+actions :create
+default_action :create
+
+attribute :path, :kind_of => String, :name_attribute => true
+attribute :owner, :kind_of => String
+attribute :group, :kind_of => String
+attribute :mode, :kind_of => [String, Integer]
+attribute :payload, :kind_of => String
+
+include Rot13
+
+def encoded
+  Rot13.encode(payload)
+end

spec/integration/cookbooks/test/metadata.rb

@@ -0,0 +1,4 @@
+name "test"
+version "1.0.0"
+
+depends "rot13"

spec/integration/cookbooks/test/recipes/default.rb

@@ -0,0 +1,11 @@
+protectme = <<-SECRETS
+Men Wanted: For hazardous journey. Small wages, bitter cold, long months of
+complete darkness, constant danger, safe return doubtful. Honour and
+recognition in case of success.
+
+  - Earnest Shackleton
+SECRETS
+
+rot13_vault "/tmp/thevault" do
+  payload protectme
+end

spec/integration/default/serverspec/protection_spec.rb

@@ -0,0 +1,17 @@
+require "serverspec"
+
+include Serverspec::Helper::Exec
+include Serverspec::Helper::DetectOS
+
+RSpec.configure do |c|
+  c.before :all do
+    c.path = "/sbin:/usr/sbin"
+  end
+end
+
+describe "Rot13" do
+
+  it "encodes a file, leading to pretty secure protection, probably" do
+    expect(file("/tmp/thevault").content).to match(%r{- Rnearfg Funpxyrgba})
+  end
+end

spec/unit/fixtures/metadata.rb

@@ -0,0 +1,4 @@
+name "fixtures"
+version "9.0.210"
+
+depends "rot13"

spec/unit/fixtures/recipes/rot13_vault.rb

@@ -0,0 +1,9 @@
+rot13_vault "create-full" do
+  path "/tmp/vault"
+  owner "frank"
+  group "winners"
+  mode "0400"
+  payload "Whoops"
+end
+
+rot13_vault "/another/store"