Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

knife vault refresh always updates the data bag item #193

Closed
kamaradclimber opened this issue Jan 27, 2016 · 1 comment
Closed

knife vault refresh always updates the data bag item #193

kamaradclimber opened this issue Jan 27, 2016 · 1 comment
Labels
Type: Bug Does not work as expected.

Comments

@kamaradclimber
Copy link
Contributor

When running knife vault refresh, both data bag item are always pushed.

I expect them to be pushed only if there are changes.
(We run refresh automatically every minute to have an up to date client list).

This is an issue for us since we compare automatically the data bag files in git (encrypted) with the one on the chef server to decide which object to push to the chef-server.
The frequent refresh actually modifies the encrypted item at each run, thus our comparison does not work correctly.

Examples:

  • local (encrypted) version of site-data_bags/secrets/aboten_chef_key.json:
{
  "id": "aboten_chef_key",
  "file-name": {
    "encrypted_data": "FCTqs2sCtEWmRA2XXfV2+zDL23QpJ5LEiGceQOcD60M=\n",
    "iv": "Uk+U83josbwY4dtWkLKsfA==\n",
    "version": 1,
    "cipher": "aes-256-cbc"
  },
  "file-content": {
    "encrypted_data": "CQtfYjkA3v+EVfMdUvR8ZLtYS0T/NzhxSvvgMiKbw6BVmQLCIX1Fdmxvo4kD\nJ7ZlACFw9tzNFAX/JZXk/MnmrGIGHhFqgd90McIleLh48wKs/KL9CN9QQ/ce\nevuT+6Htvj6p7uFSaRnpgfeFTbbRJAI8qZg2V5yc/MuY89ZLGt6ooAn0fFDn\ng83L0/iGEGbQ6/J+QRhx+/kfuQRXCb+c5c8jfySULv9uz8EFF1HMk32nvfZ4\nE7JCHU3EJzWHf7aHAgNvaiX+riVs4QE6LajL02PH9lg3BJO3XTmXXFOolvRE\ncRtNvydrPeE8HY171Pc4NND18OGsYfj08lcwErd9e0ElU5bsKHXrHVP83Oof\n54Pq//mAC9yM+yuOJCvyDdwzyh2yEpoi3YRk0Mfc7Cx3BQZ8wcDAmN4nfLdl\nyQX38uwL7db4qENFANi2t9QlrRzfqspdGTGMsoi799DTCGmIBd+xe9pkqbgx\nTVDjVSiQJY7L3cdmzCERDi91HD3PSAg8igrOmVOHbL4Zp59RUdh7qlfSgRH6\nlhenuJiUe9YxLySMC+RoBwKgSDbf8JcWGgHooLHaPa5mCZqt5Z/64g9k6e1x\nsCrkmUcnNfc8NO4JzpmctAQL+8l3tuXUyfhA2tKKCXX1EVZPCyyP7S4ISBV3\n8RLhg+7QjqlUZ63fJ/5tKFnVFXhV+bO47eEhBzpmsqX3VbfkdztsL4gNaICF\nLdYwHNkIhaGu2K9X22Jhc2IqWXRGXQRxUnuD3DMLSO7FFCMjtjgn+2wIh1j2\nfww8+JvqNFPu4XdC6D1zVgX+gbv8XocoIwHuZK6+vJ/9nYKpiVHvX+3xq52S\nBTEqb4q9in186uQqmBadVfDnV/P3pMGZlFBT4BAoNvsmVMiWMu1vcD+Nern3\nYM/ChnP5DsFyGU5g0GWi+dsJBLBejRH8smBo7BxQo8uLW4sm0SxE+xw99uAB\nRnszlOzM/J3RcLHsa746PKQbes2S8wJM8lt5j3mXVZLtGAiVJZdvY9MCoj2+\ng1BvXIO2MkMWABGDZIlGGuAia67VWCag0e0ddNCPxrNpuoV7p07jnfYWP/LL\nnrDF8tNz+GtagDRv5i9ueDH7zfLQK2cDwAwSscEDCf5i+ix5VBbhdmbsU7UO\nhKzj5xqNt9DYsDJDyHLdanuXze8OmuziQdoDz4Xyj58kxTHx9OEseTEXKUC7\nqs8JxO7bN/FJeP1r8iVmUXAYGjnJaVCotwlp9Y1wSkSxFaf0kGuYGjUHSWcw\nJ0ePVDzHlQAvLzNMm0CqLqhKg7V1QbzKzieguM45A9RLX2P++UeJGWDXyEMm\n/cScp8VuherSq4TzwxIG7qhz57mG9hYWM9mtgY0/naacqniIZs/ulpgnKch1\nwJhwubg3yNuJ4wD4/TI0GIQPd+y9shUqRi9BgwbZJM8qKSwMfjlwwRhx1Vba\nUGTWxjQd8ffax1So2gX04betpdo0m9y95DUfh+Ya5F86npDF2GBfkYHM3d2i\n7VbVRWJW+tiOs8bmxW7WgT55NYt8cpKugxoFiKc9SdeRz1XbsJZDFqwXWERe\nrZP72Rms1BOv3TTYRcOAvIU94o0BSrB4Dd+NsojFh7DzQVM59NMwrarVQKlL\nw8pt0dqYnEgwzG9kpoajJov9hKTd4zGzY4ZdqptWi9e5IBRp0C41AqzdxfYj\nkfP+MdqSgSzHQ0I/1EPDzWr3bc7nplwAowq57ZBbK1W/mwHXSNRzucUfZxFO\n2oYvA1QYnyPwhgR58Ua6iZR5bnuLa1MelfRAvU24mloIxFP+xL1X8JyTzC+B\nqtdx1GZEqwNif7DUEu+pQl2W4rKxkFHG+OT3cUUO0kpWuXSnmcUGq2GjmmOZ\nYR9P7c9KfkPfcdNTRQ0gxC5VKRgT8HSjpigpJ1asTs+uejElEkCrhpM1LPOT\nxr+5H/8g2E+owY9QL4EYv85TcSvH7f+cOZxJqZo9ulz2p+1NQGo7ctl8NNN/\nJl7fZ2ul5ImeM+nz1HWiq0WkSLPwWQ63/mB8kQrmKbxMaE0Utb2k78FvEI58\nEItLqZqmUpOp9UQuTzUceWvKVhl71zUaxSpzUXU+JUX8LG+mfjM85MPCwaTB\nXEoJ5JMXlkkPMc2WS9v6IoucYgIpty+9Z017zfiPGY6KDm73dr9iDfblLFAZ\n1zMkL8POnvolRF19mjAN6vI1ckmd2pyrDky2jy2da4oSFStebWmzKgSecciZ\niJQc6K7I2EMI4zKvjHTHHcM3ejkoXa4S4hLr2uxgJqwg9vA2amiQjQuYXns1\nwarmYxI2M4446YKBrfTzPWho\n",
    "iv": "zXos8hKCtq/wJ8d0pOADvw==\n",
    "version": 1,
    "cipher": "aes-256-cbc"
  }
}

after one minute, knife data bag show secrets aboten_chef_key -F json:

{
  "id": "aboten_chef_key",
  "file-name": {
    "encrypted_data": "vdIy0niOnCguIMnUYuVAK7ipBhxGrKpqabXnljO63vY=\n",
    "iv": "ENC3vm4U25nJjzsE2rRdrA==\n",
    "version": 1,
    "cipher": "aes-256-cbc"
  },
  "file-content": {
    "encrypted_data": "/e7LBKia+34Kwa5n3gvLMZyuKsjRrRRFzqc55L2hfkAHn1hjNErrx+l2ChdU\nWEMY+CNFAZZAUkE1zt+fnQWXjcwZtWFO/nfTgpB9fZdb1i3+tKkEOTqtipKY\n7dbGuyJq2Y8g0AU8Jv5iPJpeZZCKP6DGt356Efp1eiuFx4Uw/JetevWtk8Rk\nk2hYKFB9si3p/rWDD+AHHXyGpMQpYUI7GNJZQk8jzhYM85cY2nUDKYVwwrYr\nBoUO2wxDQjss3GCzIDHVJspYCRBfl9P5Kx7Vy4YjU1IxLjmzIb1tKvoaV9+6\nYq3mYAM1sAU2IeXJEu9mvw5jNOfmiBUNZFG1QZmn+syd6pMbB3FvUbjGgQ42\ndK1EBKzbRX2LU4jIxHEq0rtKAm1wtnY8yJuG5uGjaLv8RkYmViABr9MK9FZY\nSGSiG9qZqov7kxIRf6kyHiqz8MP9FAnJn96jOsQaT/i1FDwSuZofUVW9TB+x\n82JBG8bQxCuAUF97y+HxdJMZOWWbd49CZRXE6ygb47rPQ6eqDut51X/on9b3\nfMxjk9W4PSMNmkVRKgr+Cky3tdABe/IJTZPi86HrZ4RlfQ3lMuIk5r/RFmo8\n6EzQcUmLbP/6WtRnxJzzDE+Eagrh0L63zJQ7/Xd46JvMLYBlkCZaDGWEC3ec\nQ3z8HXo8f92vaa89lS3hP2r6qOHCHxtvXuAV9Hqin1vBX7fkPtk0PrfAHgGg\n3nFcKV+tNPpuuqLcIGDB+w7Rq3DLMvwFrQmFA1CgOsQAkWTWzB06fmnJAnCJ\nNmo2Iy4ypagHrGms/TgcQHnOrSHODDc14FUY/Fqn1xcxHjGUyDV2DMXYNWrD\n7ZtmgkXS1qxYh+G35pOQJsDFRkYLvkMDd/OOBHy7HPwpC1aGeevKi+AIw06x\nUXaDmiuBScE//4d2Cf6WZYksReDvLMPQo5cGSnvWTmJqBoHIEvsLGB8gs754\nyBFpSwUjwbvpQp7tzfm5sPHlzmVhY6X/3Py+3fA5fkDQDOxgz3xHM4HALxNa\nDoYwq3tEEChd5fgRkdsbKHLhbcBRpQqcxI0NPexUiFYyMagY1h/L1Hi235p8\nGV/aTgnxahrMZw6isdqh+RKWwuCri1xaaTWMLBZ+81chfaETt4z/cdAZzfnE\nDhvUEQubf9MmCwmRA4OjsHAmqYKoBahX/lTVhgMtG4wDHK0vwmi3y5vMf/ro\nnInCZNpdVYW21SpFRDnRtVjdLp5tYAVQS7KrNw7eErlqxYfzQI1rcfgyDt6r\n1vNwTQVBY8GR8dUDi13bav5ynDeoyK9JFjLLM8t1eTw0O1NLLqRmbw0hl0Uq\nG6d9a1l9/bmKZHh3qL3zzivvc7WfrIcujgzk7Ye5ZANQqR8uq35o0QcbspLj\nxZS4Vfp3kuPAIrlUVyp6PDLxpEQRLkOykTUgTwaZITJwe1Oj7wMuAmhI08N6\n8x1EENMtYuJpHTPVoBc+n0qLkItF7z/pvNl0HqtmlMmPek/ap2gIdVCY3qxE\nRBOxM5DUpZDhLNLU4JmRJgdAjZarNTFN2Tiq3ZJL0j/bqGVilS6074zAdnHg\nzEZrpZ92Xqrw7FTGXfV7GDfXb+J846dP/y3eyXVv0kIZHJOecGojv/36n6RX\ngUTvvMwsXoWTJhYyRFeuEApmMUHq0oK0lzdXG4oEkMZ0FCZXMPRKagcH0yWR\n8dcqyHn3nGuitng3XCjJIQldAL2CV0GELhhdp1ty987UtixU/NEfprBtZKdk\nHbw4myGLM2br1OjMUFvehuAGMD5Pdgpk9SB8RnjQPh5HL8avpLjivVzdRkza\nUJxV7ezcrE6HMApyQJcEJyFiaYfU5EV0vLdCB1azv11qymI6S3mkDVjV9v+L\nknQJMrXfOx5tE0mbOaOe/Yar98qjzbVaKqxYcSV961hvZO6+5PzyC3mWmrRz\npdGaq5F1IRjemavJhFFn8qvqajrenNWlyLm8I0b3NjGi1Julyu1XY8O5fjMr\nK0Q+sVeIR4HArIVfJT9zjstIXUHtgDKv9lA9m3hWRBD2lY8y8pKmz1xvnG16\ngUZAIfBYI1N6CWrj/u8WZ/5NhHBtn2Ml+8MXAz9dvV0F+HHX37k8MaelpTAx\nhtHBYn70IWP64pJ5pYQExujlk1ADBs8plhqBtAeE4VOoxa6+lgr9v+dBzozM\n//QLVJrl69JxUbwbW2YPetFvQ/V2VKnbd8rxVmQOi5RtV3wQPO+GKJ8RIN1+\nyMkL+rP7Pe4ixDXW30dd22GYld/SXhbR0CjSr4zF9yOAfMWaWkxPc0PR241O\nplKCIZXCq+tIVi2LkJowZhy5\n",
    "iv": "NoYMZhRNMNhBL+7nnAnoFg==\n",
    "version": 1,
    "cipher": "aes-256-cbc"
  }
}

The IV and encrypted data are different.
@kamaradclimber kamaradclimber mentioned this issue Jan 27, 2016
Merged
This was referenced Mar 4, 2016
Closed
Merged
@kamaradclimber
Copy link
Contributor Author

I think this issue is partially resolved thanks to #194 #202. I close it since the current state works for us. You can reopen it if you think it still requires work.

@jkeiser jkeiser added the bug label Apr 6, 2016
@thommay thommay added Type: Bug Does not work as expected. and removed bug labels Jan 25, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type: Bug Does not work as expected.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@thommay @kamaradclimber @jkeiser