bolt 2.6.0 → 2.11.0

data/lib/bolt/boltdir.rb

@@ -1,54 +0,0 @@
-# frozen_string_literal: true
-
-require 'pathname'
-
-module Bolt
-  class Boltdir
-    BOLTDIR_NAME = 'Boltdir'
-
-    attr_reader :path, :config_file, :inventory_file, :modulepath, :hiera_config,
-                :puppetfile, :rerunfile, :type, :resource_types
-
-    def self.default_boltdir
-      Boltdir.new(File.join('~', '.puppetlabs', 'bolt'), 'user')
-    end
-
-    # Search recursively up the directory hierarchy for the Boltdir. Look for a
-    # directory called Boltdir or a file called bolt.yaml (for a control repo
-    # type Boltdir). Otherwise, repeat the check on each directory up the
-    # hierarchy, falling back to the default if we reach the root.
-    def self.find_boltdir(dir)
-      dir = Pathname.new(dir)
-      if (dir + BOLTDIR_NAME).directory?
-        new(dir + BOLTDIR_NAME, 'embedded')
-      elsif (dir + 'bolt.yaml').file?
-        new(dir, 'local')
-      elsif dir.root?
-        default_boltdir
-      else
-        find_boltdir(dir.parent)
-      end
-    end
-
-    def initialize(path, type = 'option')
-      @path = Pathname.new(path).expand_path
-      @config_file = @path + 'bolt.yaml'
-      @inventory_file = @path + 'inventory.yaml'
-      @modulepath = [(@path + 'modules').to_s, (@path + 'site-modules').to_s, (@path + 'site').to_s]
-      @hiera_config = @path + 'hiera.yaml'
-      @puppetfile = @path + 'Puppetfile'
-      @rerunfile = @path + '.rerun.json'
-      @resource_types = @path + '.resource_types'
-      @type = type
-    end
-
-    def to_s
-      @path.to_s
-    end
-
-    def eql?(other)
-      path == other.path
-    end
-    alias == eql?
-  end
-end

data/lib/bolt/plugin/pkcs7.rb

@@ -1,104 +0,0 @@
-# frozen_string_literal: true
-
-require 'bolt/secret/base'
-require 'fileutils'
-
-module Bolt
-  class Plugin
-    class Pkcs7 < Bolt::Secret::Base
-      def self.validate_config(config = {})
-        known_keys = %w[private-key public-key keysize]
-        known_keys.each do |key|
-          unless key.is_a? String
-            raise Bolt::ValidationError, "Invalid config for pkcs7 plugin: '#{key}' is not a String"
-          end
-        end
-
-        config.each_key do |key|
-          unless known_keys.include?(key)
-            raise Bolt::ValidationError, "Unpexpected key in pkcs7 plugin config: #{key}"
-          end
-        end
-      end
-
-      def name
-        'pkcs7'
-      end
-
-      def initialize(config:, context:, **_opts)
-        self.class.validate_config(config)
-        require 'openssl'
-        @context = context
-        @options = config || {}
-        @logger = Logging.logger[self]
-      end
-
-      def boltdir
-        @context.boltdir
-      end
-
-      def private_key_path
-        path = @options['private-key'] || 'keys/private_key.pkcs7.pem'
-        path = File.expand_path(path, boltdir)
-        @logger.debug("Using private-key: #{path}")
-        path
-      end
-
-      def private_key
-        @private_key ||= OpenSSL::PKey::RSA.new(File.read(private_key_path))
-      end
-
-      def public_key_path
-        path = @options['public-key'] || 'keys/public_key.pkcs7.pem'
-        path = File.expand_path(path, boltdir)
-        @logger.debug("Using public-key: #{path}")
-        path
-      end
-
-      def public_key
-        @public_key ||= OpenSSL::X509::Certificate.new(File.read(public_key_path))
-      end
-
-      def keysize
-        @options['keysize'] || 2048
-      end
-
-      # The following implementations are intended to be compatible with hiera-eyaml
-      def encrypt_value(plaintext)
-        cipher = OpenSSL::Cipher::AES.new(256, :CBC)
-        OpenSSL::PKCS7.encrypt([public_key], plaintext, cipher, OpenSSL::PKCS7::BINARY).to_der
-      end
-
-      def decrypt_value(ciphertext)
-        pkcs7 = OpenSSL::PKCS7.new(ciphertext)
-        pkcs7.decrypt(private_key, public_key)
-      end
-
-      def secret_createkeys
-        key = OpenSSL::PKey::RSA.new(keysize)
-
-        cert = OpenSSL::X509::Certificate.new
-        cert.subject = OpenSSL::X509::Name.parse('/')
-        cert.serial = 1
-        cert.version = 2
-        cert.not_before = Time.now
-        cert.not_after = Time.now + 50 * 365 * 24 * 60 * 60
-        cert.public_key = key.public_key
-        cert.sign(key, OpenSSL::Digest.new('SHA512'))
-
-        @logger.warn("Overwriting private-key '#{private_key_path}'") if File.exist?(private_key_path)
-        @logger.warn("Overwriting public-key '#{public_key_path}'") if File.exist?(public_key_path)
-
-        private_keydir = File.dirname(private_key_path)
-        FileUtils.mkdir_p(private_keydir) unless File.exist?(private_keydir)
-        FileUtils.touch(private_key_path)
-        File.chmod(0o600, private_key_path)
-        File.write(private_key_path, key.to_pem)
-
-        public_keydir = File.dirname(public_key_path)
-        FileUtils.mkdir_p(public_keydir) unless File.exist?(public_keydir)
-        File.write(public_key_path, cert.to_pem)
-      end
-    end
-  end
-end

data/lib/bolt/secret/base.rb

@@ -1,41 +0,0 @@
-# frozen_string_literal: true
-
-module Bolt
-  class Secret
-    class Base
-      def hooks
-        %i[resolve_reference secret_encrypt secret_decrypt secret_createkeys validate_resolve_reference]
-      end
-
-      def encode(raw)
-        coded = Base64.encode64(raw).strip
-        "ENC[#{name.upcase},#{coded}]"
-      end
-
-      def decode(code)
-        format = %r{\AENC\[(?<plugin>\w+),(?<encoded>[\w\s+-=/]+)\]\s*\z}
-        match = format.match(code)
-
-        raise Bolt::ValidationError, "Could not parse as an encrypted value: #{code}" unless match
-
-        raw = Base64.decode64(match[:encoded])
-        [raw, match[:plugin]]
-      end
-
-      def secret_encrypt(opts)
-        encrypted = encrypt_value(opts['plaintext_value'])
-        encode(encrypted)
-      end
-
-      def secret_decrypt(opts)
-        raw, _plugin = decode(opts['encrypted_value'])
-        decrypt_value(raw)
-      end
-      alias resolve_reference secret_decrypt
-
-      def validate_resolve_reference(opts)
-        decode(opts['encrypted_value'])
-      end
-    end
-  end
-end