RubyGems - bosh-openssl - Versions diffs - 0.0.1 - Mend

bosh-openssl 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

checksums.yaml +7 -0
data/.gitignore +36 -0
data/.rspec +3 -0
data/Gemfile +4 -0
data/Gemfile.lock +114 -0
data/README.md +40 -0
data/Rakefile +5 -0
data/bosh-openssl.gemspec +35 -0
data/bosh_manifest.yml +109 -0
data/bosh_manifest_without_secrets.yml +52 -0
data/lib/bosh/cli/commands/certificate.rb +22 -0
data/lib/bosh/cli/commands/password.rb +15 -0
data/lib/bosh/cli/commands/private_key.rb +17 -0
data/lib/bosh/cli/commands/public_key.rb +17 -0
data/lib/bosh/cli/commands/yaml_extensions.rb +39 -0
data/lib/bosh/openssl.rb +15 -0
data/lib/bosh/openssl/helpers.rb +127 -0
data/lib/bosh/openssl/version.rb +5 -0
metadata +214 -0

checksums.yaml ADDED

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: fb368cec57f2a28a6ed2e9205bad6c8c682c9c08
+  data.tar.gz: 939491a09ad00e6c050401568ccd135bb538effa
+SHA512:
+  metadata.gz: ce2ad8dfc82e2ee44fe18cd4b6cc8873dd510cc6c14fca09e33141f39fa47604e5b5b1c0f04ea737880a1f147ee4ecc95d6337916c16d9bd5270be5b61fc6879
+  data.tar.gz: ac8cb71df383625ccb2318a843e2cb76536e6ccd052424586c691eeb480bc00e2e535fa6ad212b578b25830a48c0d7f2236d666fb6e325414aaab7a452ebc030

data/.gitignore ADDED

@@ -0,0 +1,36 @@
+*.gem
+*.rbc
+/.config
+/coverage/
+/InstalledFiles
+/pkg/
+/spec/reports/
+/test/tmp/
+/test/version_tmp/
+/tmp/
+## Specific to RubyMotion:
+.dat*
+.repl_history
+build/
+## Documentation cache and generated files:
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+## Environment normalisation:
+/.bundle/
+/lib/bundler/man/
+# for a library or gem, you might want to ignore these files since the code is
+# intended to run in multiple environments; otherwise, check them in:
+# Gemfile.lock
+# .ruby-version
+# .ruby-gemset
+# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
+.rvmrc
+.ruby-gemset
+.ruby-version

data/.rspec ADDED

@@ -0,0 +1,3 @@
+--format progress
+--color
+--require spec_helper

data/Gemfile ADDED

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+# Specify your gem's dependencies in bosh-plugin.gemspec
+gemspec

data/Gemfile.lock ADDED

@@ -0,0 +1,114 @@
+PATH
+  remote: .
+  specs:
+    bosh-openssl (0.0.1)
+      bosh_cli (>= 1.2682.0)
+      bosh_common (>= 1.2682.0)
+      git (~> 1.2.6)
+      membrane (~> 1.1.0)
+      semi_semantic (~> 1.1.0)
+      vault (~> 0.1)
+GEM
+  remote: https://rubygems.org/
+  specs:
+    ast (2.2.0)
+    aws-sdk-core (2.2.0)
+      jmespath (~> 1.0)
+    aws-sdk-resources (2.2.0)
+      aws-sdk-core (= 2.2.0)
+    blobstore_client (1.3232.0)
+      aws-sdk-resources (= 2.2.0)
+      bosh_common (~> 1.3232.0)
+      httpclient (= 2.7.1)
+      multi_json (~> 1.1)
+    bosh-template (1.3232.0)
+      semi_semantic (~> 1.1.0)
+    bosh_cli (1.3232.0)
+      blobstore_client (~> 1.3232.0)
+      bosh-template (~> 1.3232.0)
+      bosh_common (~> 1.3232.0)
+      cf-uaa-lib (~> 3.2.1)
+      highline (~> 1.6.2)
+      httpclient (= 2.7.1)
+      json_pure (~> 1.7)
+      minitar (~> 0.5.4)
+      net-scp (~> 1.1.0)
+      net-ssh (= 2.9.2)
+      net-ssh-gateway (~> 1.2.0)
+      netaddr (~> 1.5.0)
+      progressbar (~> 0.9.0)
+      sshkey (~> 1.7.0)
+      terminal-table (~> 1.4.3)
+    bosh_common (1.3232.0)
+      logging (~> 1.8.2)
+      semi_semantic (~> 1.1.0)
+    cf-uaa-lib (3.2.5)
+      multi_json
+    diff-lcs (1.2.5)
+    git (1.2.9.1)
+    highline (1.6.21)
+    httpclient (2.7.1)
+    jmespath (1.2.4)
+      json_pure (>= 1.8.1)
+    json_pure (1.8.3)
+    little-plugger (1.1.4)
+    logging (1.8.2)
+      little-plugger (>= 1.1.3)
+      multi_json (>= 1.8.4)
+    membrane (1.1.0)
+    minitar (0.5.4)
+    multi_json (1.12.0)
+    net-scp (1.1.2)
+      net-ssh (>= 2.6.5)
+    net-ssh (2.9.2)
+    net-ssh-gateway (1.2.0)
+      net-ssh (>= 2.6.5)
+    netaddr (1.5.1)
+    parser (2.3.1.0)
+      ast (~> 2.2)
+    powerpack (0.1.1)
+    progressbar (0.9.2)
+    rainbow (2.1.0)
+    rake (11.1.2)
+    rspec (3.1.0)
+      rspec-core (~> 3.1.0)
+      rspec-expectations (~> 3.1.0)
+      rspec-mocks (~> 3.1.0)
+    rspec-core (3.1.7)
+      rspec-support (~> 3.1.0)
+    rspec-expectations (3.1.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.1.0)
+    rspec-its (1.1.0)
+      rspec-core (>= 3.0.0)
+      rspec-expectations (>= 3.0.0)
+    rspec-mocks (3.1.3)
+      rspec-support (~> 3.1.0)
+    rspec-support (3.1.2)
+    rubocop (0.39.0)
+      parser (>= 2.3.0.7, < 3.0)
+      powerpack (~> 0.1)
+      rainbow (>= 1.99.1, < 3.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (~> 1.0, >= 1.0.1)
+    ruby-progressbar (1.8.0)
+    semi_semantic (1.1.0)
+    sshkey (1.7.0)
+    terminal-table (1.4.5)
+    unicode-display_width (1.0.5)
+    vault (0.4.0)
+PLATFORMS
+  ruby
+DEPENDENCIES
+  bosh-openssl!
+  bundler (~> 1.6)
+  rake
+  rspec (~> 3.1.0)
+  rspec-its (~> 1.1.0)
+  rubocop
+BUNDLED WITH
+   1.12.2

data/README.md ADDED

@@ -0,0 +1,40 @@
+# Bosh OpenSSL plugin
+Bosh CLI plugin to retrieve, or generate and store, RSA keys, self-signed certificates, and random password at deploy time.
+## What is BOSH?
+BOSH orchestrates initial deployments and ongoing updates that are: predictable, repeatable, reliable, self-healing, infrastructure-agnostic. You can take a look on [BOSH project on GitHub](https://github.com/cloudfoundry/bosh) and read more details in [docs](http://docs.cloudfoundry.org/bosh/).
+## How to install
+```
+gem install bosh-openssl
+```
+## How to use
+In your BOSH manifest, use the `get_*` helpers to fetch openssl "secrets" from the `~/.bosh/openssl` folder.
+The first time `get_*` is called it will generate and store the "secret".
+If you have a valid `VAULT_ADDR` environment variable defined; secrets will be stored
+in your [Vault](https://www.vaultproject.io/) rather than on your file system
+```yaml
+  properties:
+    my_secret: <%= get_password 'my_password' %>
+    private_key: <%= get_private_key 'my_key' %>
+    public_key: <%= get_public_key 'my_key' %>
+    cert: <%= get_certificate 'my_cert', 'my_key', '*.example.com' %>
+    cert_with_key: <%= get_certificate_and_key 'my_cert', 'my_key', '*.example.com' %>
+```
+## Contributing
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request
+## Notes
+Generated by [BOSH plugin generator](https://github.com/Altoros/bosh-plugin-generator)

data/Rakefile ADDED

@@ -0,0 +1,5 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+task :default => :spec
+RSpec::Core::RakeTask.new

data/bosh-openssl.gemspec ADDED

@@ -0,0 +1,35 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'bosh/openssl/version'
+Gem::Specification.new do |spec|
+  spec.name          = "bosh-openssl"
+  spec.version       = Bosh::Openssl::VERSION
+  spec.authors       = ["Stev Witzel"]
+  spec.email         = ["switzel@pivotal.io"]
+  spec.description   = %q{Short description.}
+  spec.summary       = %q{Short description.}
+  spec.homepage      = "https://github.com/cloudfoundry/bosh"
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+  spec.required_ruby_version = '>= 2.0.0'
+  spec.add_runtime_dependency "bosh_cli",  ">= 1.2682.0"
+  spec.add_runtime_dependency "bosh_common",  ">= 1.2682.0"
+  spec.add_runtime_dependency "semi_semantic", "~> 1.1.0"
+  spec.add_runtime_dependency "membrane", "~> 1.1.0"
+  spec.add_runtime_dependency "git", "~> 1.2.6"
+  spec.add_runtime_dependency "vault", "~> 0.1"
+  spec.add_development_dependency "bundler", "~> 1.6"
+  spec.add_development_dependency "rspec", "~> 3.1.0"
+  spec.add_development_dependency "rspec-its", '~> 1.1.0'
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "rubocop"
+end

data/bosh_manifest.yml ADDED

@@ -0,0 +1,109 @@
+---
+name: learn-bosh
+director_uuid: 510ac165-ee99-4c45-8274-1b989e5d5697
+releases:
+- name: learn-bosh
+  version: latest
+networks:
+- name: default
+  subnets:
+  - range: 10.244.0.0/28
+    reserved: [10.244.0.1]
+    static: [10.244.0.2,10.244.0.6,10.244.0.10]
+    cloud_properties:
+      name: random
+resource_pools:
+- name: default
+  stemcell:
+    name: bosh-warden-boshlite-ubuntu-trusty-go_agent
+    version: latest
+  network: default
+  cloud_properties: {}
+compilation:
+  workers: 2
+  network: default
+  cloud_properties: {}
+update:
+  canaries: 1
+  canary_watch_time: 60000
+  update_watch_time: 60000
+  max_in_flight: 2
+jobs:
+- name: app
+  templates:
+  - name: app
+  instances: 1
+  resource_pool: default
+  networks:
+  - name: default
+    static_ips:
+    - 10.244.0.2
+  properties:
+properties:
+  admin_password: TXCn0Vv3QWQFn1Ik+8IIfw==
+  private_key: |
+    -----BEGIN RSA PRIVATE KEY-----
+    MIIEpAIBAAKCAQEA05YhPcD7+FWysWeKFXSHnqmWnL+hKUbhkWFoIm6xpfFb1AvZ
+    /rNGcVKhsKZqabHCEuMoK75WFGQ/qf5cTYTD6Sw2UT88tfh6L6ArS+N5EGo6olZc
+    yx0rO4Lx6doEGWo69dZCrCNl320zEi0wtztMtrhAy/2PftZSlmGmIB2I9KXGsvH/
+    wDtOD4PtvpS9l+Tncb+taRCsfaKLqKafN0FFP/SSJb1Gz5D6pqNuofHfYgv6sgXc
+    1wgt0xHAPdicSq6MRft23HDK7cIbs7H/s01q/eIDadM0emS6kw8k/3VqoXJlphrp
+    wSjS/J95G+DiBcTbIvqSE5HQQ0jToa6Dz0h8vwIDAQABAoIBAQDMdTl/9BlH+n/n
+    YDcVznoy/ouUwrRYL69PDcJT64Vs5lMnD6DCt7gtT30BN36CzgvMtocd5hpGMC04
+    9pt5KP8rNdbzIdlnuklP9kWAWrqk+xHXxv56I6CgLEPaBxuI95cr8bSRpM8PXPVJ
+    7jMyDHJv6pJqzIW6Oh6qRIgEZqXuSPUoRTpnNKTUhmXHvoF3v/5hNEHtDhlz4D/X
+    CYpoByHT442m+JkJcl9w9F6SXpmjda5vgBxnRrF2/PPR0bW/kZwFpVRij4fHiSO4
+    XWlRGqv3YSc678YTuDWbIdB90CsHhbZL7jDPUaSptIWgwd8i+qe+G1c2eLM3PL3F
+    7Xc59BSpAoGBAPE2MPFlhlxbAFrU0h1lhrTOUviS0DYB6QSEWjvcXCTuFIdaUP+N
+    xKv5aC0+X3klrF0yU9kH68twHWDywW/36UiA7jAlB8sXEBqiaHnThIOT7wGFbplG
+    Nqinqp/FDeoe1b1pS9YMasiZ42IJyzy902J2aFv3CHNb++2EM6cdX7VVAoGBAOCO
+    +Lmbqu5YYQrpIOSsdUmQ40LGm5Fm0I75imNr5i6QqfgVmHpLw9KkmQMmQqe/Fi+P
+    u7uv9LJ/79AuioQjjuJcA2BWZsM2/DWKJlwLqSzOIIe9Nc2zAzgs23okMmPIQVD1
+    vOEUyqL/DpLVylg1pv3a+jNKZ+Sr1DvW2K9l++nDAoGAfniFbOxoaGAmbXmMuXEU
+    EhTkGAUSOl8CCCZFEYHWpl5WUSmfsn5okirw3lgHwwNnvm223OJ0VXRxUvW1SrnX
+    jPZc7M1dqrRq8ywYT1gB8ONNu6R0etT/r6pJof+17f1A4FEnPBHCo29cc3jjIPP+
+    s2+WBDIgMiwWiVB5rLOQDQkCgYEAmGlRdaCrPkQr8VzTn4FRxdGZ/duRAPoYecHy
+    5JH6VAaJ5kC6Ed9UlKZ02Adi3Dm81CEpGTVOzsw4t0Kvbwo3U3mCLSPXcY3jVm9i
+    o7yiYS+yMo8AcpGakMkZWegxbzoe4tU3EkmrUz/r40tJn98ibU/v21oX88OQM+EZ
+    hsqgVUMCgYAH9LKtpfBfK8Zl3itBr1dpCVt1h2WqL9c4VTwdoAa3hmlTOLm1d+b0
+    aZHnWt5QwHJpu8diFNnPNx/BINAv6A7AvAcjWOjQeI93VkvHPx6LsPrf11oau8ui
+    8bzZ+lr23d8tY+PNM7vXJx2fGT32hoqOw0blXsHikUMz7DWHhsh1nQ==
+    -----END RSA PRIVATE KEY-----
+  public_key: |
+    -----BEGIN PUBLIC KEY-----
+    MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA05YhPcD7+FWysWeKFXSH
+    nqmWnL+hKUbhkWFoIm6xpfFb1AvZ/rNGcVKhsKZqabHCEuMoK75WFGQ/qf5cTYTD
+    6Sw2UT88tfh6L6ArS+N5EGo6olZcyx0rO4Lx6doEGWo69dZCrCNl320zEi0wtztM
+    trhAy/2PftZSlmGmIB2I9KXGsvH/wDtOD4PtvpS9l+Tncb+taRCsfaKLqKafN0FF
+    P/SSJb1Gz5D6pqNuofHfYgv6sgXc1wgt0xHAPdicSq6MRft23HDK7cIbs7H/s01q
+    /eIDadM0emS6kw8k/3VqoXJlphrpwSjS/J95G+DiBcTbIvqSE5HQQ0jToa6Dz0h8
+    vwIDAQAB
+    -----END PUBLIC KEY-----
+  cert: |
+    -----BEGIN CERTIFICATE-----
+    MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA6MQswCQYDVQQGEwJCRTEN
+    MAsGA1UECgwEVGVzdDENMAsGA1UECwwEVGVzdDENMAsGA1UEAwwEVGVzdDAeFw0x
+    NjA1MDYxNTUyNDNaFw0yNjA1MDQxNTUyNDNaMDoxCzAJBgNVBAYTAkJFMQ0wCwYD
+    VQQKDARUZXN0MQ0wCwYDVQQLDARUZXN0MQ0wCwYDVQQDDARUZXN0MIIBIjANBgkq
+    hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA05YhPcD7+FWysWeKFXSHnqmWnL+hKUbh
+    kWFoIm6xpfFb1AvZ/rNGcVKhsKZqabHCEuMoK75WFGQ/qf5cTYTD6Sw2UT88tfh6
+    L6ArS+N5EGo6olZcyx0rO4Lx6doEGWo69dZCrCNl320zEi0wtztMtrhAy/2PftZS
+    lmGmIB2I9KXGsvH/wDtOD4PtvpS9l+Tncb+taRCsfaKLqKafN0FFP/SSJb1Gz5D6
+    pqNuofHfYgv6sgXc1wgt0xHAPdicSq6MRft23HDK7cIbs7H/s01q/eIDadM0emS6
+    kw8k/3VqoXJlphrpwSjS/J95G+DiBcTbIvqSE5HQQ0jToa6Dz0h8vwIDAQABo4GX
+    MIGUMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNo5o+5ea0sNMlW/75VgGJCv
+    2AcJMGIGA1UdIwRbMFmAFNo5o+5ea0sNMlW/75VgGJCv2AcJoT6kPDA6MQswCQYD
+    VQQGEwJCRTENMAsGA1UECgwEVGVzdDENMAsGA1UECwwEVGVzdDENMAsGA1UEAwwE
+    VGVzdIIBADANBgkqhkiG9w0BAQUFAAOCAQEAWrxwj2tA4veMfY23h81KmCHNMiWX
+    KLVd+UHGmGx7Io1VHdtB94wc7veakLisHT9GRa+UydCO9z7FzpAhb9N32jg7gZJI
+    ZRSrJkAUiEqo9G83V9e1Gld8bSGUxoAq3QENmYhw+ZRY8Fx0OLwEDFSTCe4u1D63
+    RZQq8n8lbPfchPoK0NXiJPt4JXsqjj1C4wYMQ0CODhkIdAUULHy4k+Xk+/pLP6gP
+    17zRouSlfXDPW8KbvsLWZJ26tGfv95mXC4HhHd2lVfudP+S2ExdU/el/raz5YnNY
+    Fj67XJdeSH805xQYv2fLwiXJPfO6aat+3AcKy6QnQYo1Sl+6LbcwRFsPHw==
+    -----END CERTIFICATE-----

data/bosh_manifest_without_secrets.yml ADDED

@@ -0,0 +1,52 @@
+---
+name: learn-bosh
+director_uuid: 510ac165-ee99-4c45-8274-1b989e5d5697
+releases:
+- name: learn-bosh
+  version: latest
+networks:
+- name: default
+  subnets:
+  - range: 10.244.0.0/28
+    reserved: [10.244.0.1]
+    static: [10.244.0.2,10.244.0.6,10.244.0.10]
+    cloud_properties:
+      name: random
+resource_pools:
+- name: default
+  stemcell:
+    name: bosh-warden-boshlite-ubuntu-trusty-go_agent
+    version: latest
+  network: default
+  cloud_properties: {}
+compilation:
+  workers: 2
+  network: default
+  cloud_properties: {}
+update:
+  canaries: 1
+  canary_watch_time: 60000
+  update_watch_time: 60000
+  max_in_flight: 2
+jobs:
+- name: app
+  templates:
+  - name: app
+  instances: 1
+  resource_pool: default
+  networks:
+  - name: default
+    static_ips:
+    - 10.244.0.2
+  properties:
+    admin_password: <%= get_password 'my_admin_password' %>
+    private_key: <%= get_private_key 'my_key' %>
+    public_key: <%= get_public_key 'my_key' %>
+    cert: <%= get_certificate 'my_cert', 'my_key', '*.example.com' %>
+    cert_for_haproxy: <%= get_certificate_and_key 'my_cert', 'my_key', '*.example.com' %>

data/lib/bosh/cli/commands/certificate.rb ADDED

@@ -0,0 +1,22 @@
+require "bosh/openssl"
+module Bosh::Cli::Command
+  class Certificate < Base
+    include Bosh::Openssl::Helpers
+    usage "certificate"
+    desc "Returns a named self-signed certificate. Generates and signes a new cert if it doesn't already exist."
+    option "--include-key", "include private key in output"
+    option "--no-escape", "don't escape newlines in output"
+    option "--cn <common-name>", String, "common name for certificate"
+    def perform(cert_name, key_name)
+      out = certificate(cert_name, key_name, options[:common_name]).to_s
+      out += private_key(key_name).to_s if options[:include_key]
+      out = out.dump unless options[:no_escape] == false
+      puts out
+    end
+  end
+end

data/lib/bosh/cli/commands/password.rb ADDED

@@ -0,0 +1,15 @@
+require "bosh/openssl"
+module Bosh::Cli::Command
+  class Password < Base
+    include Bosh::Openssl::Helpers
+    usage "password <name>"
+    desc "Generates random password."
+    def perform(name)
+      puts password name
+    end
+  end
+end

data/lib/bosh/cli/commands/private_key.rb ADDED

@@ -0,0 +1,17 @@
+require "bosh/openssl"
+module Bosh::Cli::Command
+  class PrivateKey < Base
+    include Bosh::Openssl::Helpers
+    usage "private key"
+    desc "Returns named private key. Generates new key if it doesn't already exist."
+    option "--no-escape", "don't escape newlines in output"
+    def perform(name)
+      out = private_key(name).to_s
+      out = out.dump unless options[:no_escape] == false
+      puts out
+    end
+  end
+end

data/lib/bosh/cli/commands/public_key.rb ADDED

@@ -0,0 +1,17 @@
+require "bosh/openssl"
+module Bosh::Cli::Command
+  class PublicKey < Base
+    include Bosh::Openssl::Helpers
+    usage "public key"
+    desc "Returns named public key. Generates new key if it doesn't already exist."
+    option "--no-escape", "don't escape newlines in output"
+    def perform(name)
+      out = public_key(name).to_s
+      out = out.dump unless options[:no_escape] == false
+      puts out
+    end
+  end
+end

data/lib/bosh/cli/commands/yaml_extensions.rb ADDED

@@ -0,0 +1,39 @@
+require "bosh/openssl"
+module Bosh::Cli::Command
+  class YamlExtensions < Base
+    ::BoshExtensions.module_eval do
+      def get_password name
+        include ::Bosh::Openssl::Helpers
+        password name
+      end
+      def get_certificate cert_name, key_name, common_name
+        include ::Bosh::Openssl::Helpers
+        out = certificate(cert_name, key_name, common_name).to_s
+        out.dump
+      end
+      def get_certificate_and_key cert_name, key_name, common_name
+        include ::Bosh::Openssl::Helpers
+        out = certificate(cert_name, key_name, common_name).to_s
+        out += private_key(key_name).to_s
+        out.dump
+      end
+      def get_public_key name
+        include ::Bosh::Openssl::Helpers
+        out = public_key(name).to_s
+        out.dump
+      end
+      def get_private_key name
+        include ::Bosh::Openssl::Helpers
+        out = private_key(name).to_s
+        out.dump.to_s
+      end
+    end
+  end
+end

data/lib/bosh/openssl.rb ADDED

@@ -0,0 +1,15 @@
+require "cli/core_ext"
+require "cli/validation"
+module Bosh
+  module Openssl
+    include BoshExtensions
+  end
+end
+require "bosh/openssl/helpers"
+require "bosh/openssl/version"
+require "bosh/cli/commands/private_key"
+require "bosh/cli/commands/public_key"
+require "bosh/cli/commands/password"
+require "bosh/cli/commands/certificate"

data/lib/bosh/openssl/helpers.rb ADDED

@@ -0,0 +1,127 @@
+require 'openssl'
+require 'vault'
+module Bosh
+  module Openssl
+    module Helpers
+      def public_key(name)
+        private_key(name).public_key
+      end
+      def private_key(name)
+        name += ".key"
+        return read_key(name) if exists?(name)
+        key = OpenSSL::PKey::RSA.new(2048)
+        write(name, key)
+        key
+      end
+      def password(name)
+        name += ".passwd"
+        return read(name) if exists?(name)
+        password = Base64.encode64(OpenSSL::Random.random_bytes(16))
+        write(name, password)
+        password
+      end
+      def certificate(cert_name, key_name, common_name)
+        cert_name += ".crt"
+        return read_cert(cert_name) if exists?(cert_name)
+        cert = sign_certificate(generate_certificate(common_name), key_name).to_pem
+        write(cert_name, cert)
+        cert
+      end
+      private
+      SSL_DIR=File.join(File.expand_path('~'), '.bosh', 'openssl')
+      def generate_certificate(common_name)
+        subject = '/C=AU/O=Test/OU=Test'
+        subject += "/CN=#{common_name}" if common_name
+        cert = OpenSSL::X509::Certificate.new
+        cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject)
+        cert.not_before = Time.now
+        cert.not_after = Time.now + 10 * 365 * 24 * 60 * 60
+        cert.serial = 0x0
+        cert.version = 2
+        ef = OpenSSL::X509::ExtensionFactory.new
+        ef.subject_certificate = cert
+        ef.issuer_certificate = cert
+        cert.extensions = [
+          ef.create_extension("basicConstraints","CA:TRUE", true),
+          ef.create_extension("subjectKeyIdentifier", "hash"),
+        ]
+        cert.add_extension ef.create_extension("authorityKeyIdentifier",
+                                               "keyid:always,issuer:always")
+        cert
+      end
+      def sign_certificate(cert, key_name)
+        cert.public_key = public_key(key_name)
+        cert.sign private_key(key_name), OpenSSL::Digest::SHA1.new
+        cert
+      end
+      def read_key(name)
+        OpenSSL::PKey::RSA.new read(name)
+      end
+      def read_cert(name)
+        OpenSSL::X509::Certificate.new read(name)
+      end
+      def read(name)
+        return read_from_vault(name) if vault_backend_available?
+        read_file(name)
+      end
+      def write(name, payload)
+        return write_to_vault(name, payload) if vault_backend_available?
+        write_file(name, payload)
+      end
+      def exists?(name)
+        return read_from_vault(name)!='' if vault_backend_available?
+        File.exists?(path(name))
+      end
+      def vault_backend_available?
+        ENV['VAULT_ADDR'] || false
+      end
+      def read_from_vault(name)
+        secrets = Vault.logical.read("secret/#{name}")
+        return '' if secrets.nil?
+        secrets.data[:value]
+      end
+      def write_to_vault(name, payload)
+        data = {}
+        data[:value] = payload
+        Vault.logical.write("secret/#{name}", data)
+      end
+      def read_file(name)
+        File.read(path(name))
+      end
+      def write_file(name, payload)
+        FileUtils::mkdir_p SSL_DIR
+        File.open(path(name), 'w') { |file| file.write(payload) }
+      end
+      def path(name)
+        File.join(SSL_DIR, name)
+      end
+    end
+  end
+end

data/lib/bosh/openssl/version.rb ADDED

@@ -0,0 +1,5 @@
+module Bosh
+  module Openssl
+    VERSION = "0.0.1"
+  end
+end

metadata ADDED

@@ -0,0 +1,214 @@
+--- !ruby/object:Gem::Specification
+name: bosh-openssl
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Stev Witzel
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2016-05-06 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bosh_cli
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.2682.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.2682.0
+- !ruby/object:Gem::Dependency
+  name: bosh_common
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.2682.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.2682.0
+- !ruby/object:Gem::Dependency
+  name: semi_semantic
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+- !ruby/object:Gem::Dependency
+  name: membrane
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+- !ruby/object:Gem::Dependency
+  name: git
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.2.6
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.2.6
+- !ruby/object:Gem::Dependency
+  name: vault
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.1.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.1.0
+- !ruby/object:Gem::Dependency
+  name: rspec-its
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Short description.
+email:
+- switzel@pivotal.io
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- Gemfile
+- Gemfile.lock
+- README.md
+- Rakefile
+- bosh-openssl.gemspec
+- bosh_manifest.yml
+- bosh_manifest_without_secrets.yml
+- lib/bosh/cli/commands/certificate.rb
+- lib/bosh/cli/commands/password.rb
+- lib/bosh/cli/commands/private_key.rb
+- lib/bosh/cli/commands/public_key.rb
+- lib/bosh/cli/commands/yaml_extensions.rb
+- lib/bosh/openssl.rb
+- lib/bosh/openssl/helpers.rb
+- lib/bosh/openssl/version.rb
+homepage: https://github.com/cloudfoundry/bosh
+licenses: []
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.0.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.4.5
+signing_key:
+specification_version: 4
+summary: Short description.
+test_files: []