Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Only save keys on refresh operation #194

Merged
merged 1 commit into from
Feb 24, 2016
Merged

Only save keys on refresh operation #194

merged 1 commit into from
Feb 24, 2016

Conversation

kamaradclimber
Copy link
Contributor

When doing a refresh, saving the encrypted secret is useless since
neither the secret, neither the shared key has changed.

Before this patch, the IV was not reused and the encrypted data changed
on each refresh operation.

This improves partially #193 .

@kamaradclimber
Copy link
Contributor Author

@thommay any thoughs regarding this PR ?

@thommay
Copy link
Contributor

thommay commented Feb 8, 2016

I think it's fine, but I've not had a chance to test it. I'd also like to see some tests, to confirm that we only write the things we need to write, and to confirm that we do write the right things.

@kamaradclimber
Copy link
Contributor Author

@thommay I've added specs (and rebased against master).

@thommay thommay closed this Feb 17, 2016
@thommay thommay reopened this Feb 17, 2016
@thommay
Copy link
Contributor

thommay commented Feb 17, 2016

(closed just to get travis to build it)

@kamaradclimber
Copy link
Contributor Author

tests are failing except on ruby 1.9.3, I am investigating but I doubt this is linked to this patch.

Edit: the features testing fails without my patch.Issue can be tracked down to chef/chef#4602.

@thommay
Copy link
Contributor

thommay commented Feb 23, 2016

Ok, so I fixed the feature tests :) But sadly your tests are still red.

The issue is that ChefVault::Item is a subclass of Chef::DataBagItem, and the #save method calls super(). ( https://github.com/chef/chef-vault/pull/194/files#diff-c71d5d0431f46d4369cef31fe2fef5e2R242 ). With your patch, you're now effectively calling super() on #save_keys and #save_item, neither of which exist in the super class.

@kamaradclimber
Only save keys on refresh operation
e87c70c 
When doing a refresh, saving the encrypted secret is useless since
neither the secret, neither the shared key has changed.

Before this patch, the IV was not reused and the encrypted data changed
on each refresh operation.
@kamaradclimber
Copy link
Contributor Author

fixed, thanks for your advices

thommay added a commit that referenced this pull request Feb 24, 2016
@thommay
Merge pull request #194 from criteo-forks/master
eaf529f 
Only save keys on refresh operation
@thommay thommay merged commit eaf529f into chef:master Feb 24, 2016
@thommay
Copy link
Contributor

thommay commented Feb 24, 2016

Awesome, thanks

@kamaradclimber kamaradclimber mentioned this pull request Apr 5, 2016
Closed
@jkeiser jkeiser added the bug label Apr 6, 2016
@thommay thommay added Type: Bug Does not work as expected. and removed bug labels Jan 25, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Type: Bug Does not work as expected.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kamaradclimber @thommay @jkeiser