RubyGems - bosh-openssl - Versions diffs - 0.0.1 - Mend

bosh-openssl 0.0.1

Files changed (19) hide show

checksums.yaml +7 -0
data/.gitignore +36 -0
data/.rspec +3 -0
data/Gemfile +4 -0
data/Gemfile.lock +114 -0
data/README.md +40 -0
data/Rakefile +5 -0
data/bosh-openssl.gemspec +35 -0
data/bosh_manifest.yml +109 -0
data/bosh_manifest_without_secrets.yml +52 -0
data/lib/bosh/cli/commands/certificate.rb +22 -0
data/lib/bosh/cli/commands/password.rb +15 -0
data/lib/bosh/cli/commands/private_key.rb +17 -0
data/lib/bosh/cli/commands/public_key.rb +17 -0
data/lib/bosh/cli/commands/yaml_extensions.rb +39 -0
data/lib/bosh/openssl.rb +15 -0
data/lib/bosh/openssl/helpers.rb +127 -0
data/lib/bosh/openssl/version.rb +5 -0
metadata +214 -0

checksums.yaml ADDED

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: fb368cec57f2a28a6ed2e9205bad6c8c682c9c08
+  data.tar.gz: 939491a09ad00e6c050401568ccd135bb538effa
+SHA512:
+  metadata.gz: ce2ad8dfc82e2ee44fe18cd4b6cc8873dd510cc6c14fca09e33141f39fa47604e5b5b1c0f04ea737880a1f147ee4ecc95d6337916c16d9bd5270be5b61fc6879
+  data.tar.gz: ac8cb71df383625ccb2318a843e2cb76536e6ccd052424586c691eeb480bc00e2e535fa6ad212b578b25830a48c0d7f2236d666fb6e325414aaab7a452ebc030

data/.gitignore ADDED

@@ -0,0 +1,36 @@
+*.gem
+*.rbc
+/.config
+/coverage/
+/InstalledFiles
+/pkg/
+/spec/reports/
+/test/tmp/
+/test/version_tmp/
+/tmp/
+## Specific to RubyMotion:
+.dat*
+.repl_history
+build/
+## Documentation cache and generated files:
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+## Environment normalisation:
+/.bundle/
+/lib/bundler/man/
+# for a library or gem, you might want to ignore these files since the code is
+# intended to run in multiple environments; otherwise, check them in:
+# Gemfile.lock
+# .ruby-version
+# .ruby-gemset
+# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
+.rvmrc
+.ruby-gemset
+.ruby-version

data/.rspec ADDED

@@ -0,0 +1,3 @@
+--format progress
+--color
+--require spec_helper

data/Gemfile ADDED

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+# Specify your gem's dependencies in bosh-plugin.gemspec
+gemspec

data/Gemfile.lock ADDED

@@ -0,0 +1,114 @@
+PATH
+  remote: .
+  specs:
+    bosh-openssl (0.0.1)
+      bosh_cli (>= 1.2682.0)
+      bosh_common (>= 1.2682.0)
+      git (~> 1.2.6)
+      membrane (~> 1.1.0)
+      semi_semantic (~> 1.1.0)
+      vault (~> 0.1)
+GEM
+  remote: https://rubygems.org/
+  specs:
+    ast (2.2.0)
+    aws-sdk-core (2.2.0)
+      jmespath (~> 1.0)
+    aws-sdk-resources (2.2.0)
+      aws-sdk-core (= 2.2.0)
+    blobstore_client (1.3232.0)
+      aws-sdk-resources (= 2.2.0)
+      bosh_common (~> 1.3232.0)
+      httpclient (= 2.7.1)
+      multi_json (~> 1.1)
+    bosh-template (1.3232.0)
+      semi_semantic (~> 1.1.0)
+    bosh_cli (1.3232.0)
+      blobstore_client (~> 1.3232.0)
+      bosh-template (~> 1.3232.0)
+      bosh_common (~> 1.3232.0)
+      cf-uaa-lib (~> 3.2.1)
+      highline (~> 1.6.2)
+      httpclient (= 2.7.1)
+      json_pure (~> 1.7)
+      minitar (~> 0.5.4)
+      net-scp (~> 1.1.0)
+      net-ssh (= 2.9.2)
+      net-ssh-gateway (~> 1.2.0)
+      netaddr (~> 1.5.0)
+      progressbar (~> 0.9.0)
+      sshkey (~> 1.7.0)
+      terminal-table (~> 1.4.3)
+    bosh_common (1.3232.0)
+      logging (~> 1.8.2)
+      semi_semantic (~> 1.1.0)
+    cf-uaa-lib (3.2.5)
+      multi_json
+    diff-lcs (1.2.5)
+    git (1.2.9.1)
+    highline (1.6.21)
+    httpclient (2.7.1)
+    jmespath (1.2.4)
+      json_pure (>= 1.8.1)
+    json_pure (1.8.3)
+    little-plugger (1.1.4)
+    logging (1.8.2)
+      little-plugger (>= 1.1.3)
+      multi_json (>= 1.8.4)
+    membrane (1.1.0)
+    minitar (0.5.4)
+    multi_json (1.12.0)
+    net-scp (1.1.2)
+      net-ssh (>= 2.6.5)
+    net-ssh (2.9.2)
+    net-ssh-gateway (1.2.0)
+      net-ssh (>= 2.6.5)
+    netaddr (1.5.1)
+    parser (2.3.1.0)
+      ast (~> 2.2)
+    powerpack (0.1.1)
+    progressbar (0.9.2)
+    rainbow (2.1.0)
+    rake (11.1.2)
+    rspec (3.1.0)
+      rspec-core (~> 3.1.0)
+      rspec-expectations (~> 3.1.0)
+      rspec-mocks (~> 3.1.0)
+    rspec-core (3.1.7)
+      rspec-support (~> 3.1.0)
+    rspec-expectations (3.1.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.1.0)
+    rspec-its (1.1.0)
+      rspec-core (>= 3.0.0)
+      rspec-expectations (>= 3.0.0)
+    rspec-mocks (3.1.3)
+      rspec-support (~> 3.1.0)
+    rspec-support (3.1.2)
+    rubocop (0.39.0)
+      parser (>= 2.3.0.7, < 3.0)
+      powerpack (~> 0.1)
+      rainbow (>= 1.99.1, < 3.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (~> 1.0, >= 1.0.1)
+    ruby-progressbar (1.8.0)
+    semi_semantic (1.1.0)
+    sshkey (1.7.0)
+    terminal-table (1.4.5)
+    unicode-display_width (1.0.5)
+    vault (0.4.0)
+PLATFORMS
+  ruby
+DEPENDENCIES
+  bosh-openssl!
+  bundler (~> 1.6)
+  rake
+  rspec (~> 3.1.0)
+  rspec-its (~> 1.1.0)
+  rubocop
+BUNDLED WITH
+   1.12.2

data/README.md ADDED

@@ -0,0 +1,40 @@
+# Bosh OpenSSL plugin
+Bosh CLI plugin to retrieve, or generate and store, RSA keys, self-signed certificates, and random password at deploy time.
+## What is BOSH?
+BOSH orchestrates initial deployments and ongoing updates that are: predictable, repeatable, reliable, self-healing, infrastructure-agnostic. You can take a look on [BOSH project on GitHub](https://github.com/cloudfoundry/bosh) and read more details in [docs](http://docs.cloudfoundry.org/bosh/).
+## How to install
+```
+gem install bosh-openssl
+```
+## How to use
+In your BOSH manifest, use the `get_*` helpers to fetch openssl "secrets" from the `~/.bosh/openssl` folder.
+The first time `get_*` is called it will generate and store the "secret".
+If you have a valid `VAULT_ADDR` environment variable defined; secrets will be stored
+in your [Vault](https://www.vaultproject.io/) rather than on your file system
+```yaml
+  properties:
+    my_secret: <%= get_password 'my_password' %>
+    private_key: <%= get_private_key 'my_key' %>
+    public_key: <%= get_public_key 'my_key' %>
+    cert: <%= get_certificate 'my_cert', 'my_key', '*.example.com' %>
+    cert_with_key: <%= get_certificate_and_key 'my_cert', 'my_key', '*.example.com' %>
+```
+## Contributing
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request
+## Notes
+Generated by [BOSH plugin generator](https://github.com/Altoros/bosh-plugin-generator)

data/Rakefile ADDED

@@ -0,0 +1,5 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+task :default => :spec
+RSpec::Core::RakeTask.new

data/bosh-openssl.gemspec ADDED

@@ -0,0 +1,35 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'bosh/openssl/version'
+Gem::Specification.new do |spec|
+  spec.name          = "bosh-openssl"
+  spec.version       = Bosh::Openssl::VERSION
+  spec.authors       = ["Stev Witzel"]
+  spec.email         = ["switzel@pivotal.io"]
+  spec.description   = %q{Short description.}
+  spec.summary       = %q{Short description.}
+  spec.homepage      = "https://github.com/cloudfoundry/bosh"
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+  spec.required_ruby_version = '>= 2.0.0'
+  spec.add_runtime_dependency "bosh_cli",  ">= 1.2682.0"
+  spec.add_runtime_dependency "bosh_common",  ">= 1.2682.0"
+  spec.add_runtime_dependency "semi_semantic", "~> 1.1.0"
+  spec.add_runtime_dependency "membrane", "~> 1.1.0"
+  spec.add_runtime_dependency "git", "~> 1.2.6"
+  spec.add_runtime_dependency "vault", "~> 0.1"
+  spec.add_development_dependency "bundler", "~> 1.6"
+  spec.add_development_dependency "rspec", "~> 3.1.0"
+  spec.add_development_dependency "rspec-its", '~> 1.1.0'
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "rubocop"
+end

data/bosh_manifest.yml ADDED

@@ -0,0 +1,109 @@
+---
+name: learn-bosh
+director_uuid: 510ac165-ee99-4c45-8274-1b989e5d5697
+releases:
+- name: learn-bosh
+  version: latest
+networks:
+- name: default
+  subnets:
+  - range: 10.244.0.0/28
+    reserved: [10.244.0.1]
+    static: [10.244.0.2,10.244.0.6,10.244.0.10]
+    cloud_properties:
+      name: random
+resource_pools:
+- name: default
+  stemcell:
+    name: bosh-warden-boshlite-ubuntu-trusty-go_agent
+    version: latest
+  network: default
+  cloud_properties: {}
+compilation:
+  workers: 2
+  network: default
+  cloud_properties: {}
+update:
+  canaries: 1
+  canary_watch_time: 60000
+  update_watch_time: 60000
+  max_in_flight: 2
+jobs:
+- name: app
+  templates:
+  - name: app
+  instances: 1
+  resource_pool: default
+  networks:
+  - name: default
+    static_ips:
+    - 10.244.0.2
+  properties:
+properties:
+  admin_password: TXCn0Vv3QWQFn1Ik+8IIfw==
+  private_key: |
+    -----BEGIN RSA PRIVATE KEY-----
+    MIIEpAIBAAKCAQEA05YhPcD7+FWysWeKFXSHnqmWnL+hKUbhkWFoIm6xpfFb1AvZ
+    /rNGcVKhsKZqabHCEuMoK75WFGQ/qf5cTYTD6Sw2UT88tfh6L6ArS+N5EGo6olZc
+    yx0rO4Lx6doEGWo69dZCrCNl320zEi0wtztMtrhAy/2PftZSlmGmIB2I9KXGsvH/
+    wDtOD4PtvpS9l+Tncb+taRCsfaKLqKafN0FFP/SSJb1Gz5D6pqNuofHfYgv6sgXc
+    1wgt0xHAPdicSq6MRft23HDK7cIbs7H/s01q/eIDadM0emS6kw8k/3VqoXJlphrp
+    wSjS/J95G+DiBcTbIvqSE5HQQ0jToa6Dz0h8vwIDAQABAoIBAQDMdTl/9BlH+n/n
+    YDcVznoy/ouUwrRYL69PDcJT64Vs5lMnD6DCt7gtT30BN36CzgvMtocd5hpGMC04
+    9pt5KP8rNdbzIdlnuklP9kWAWrqk+xHXxv56I6CgLEPaBxuI95cr8bSRpM8PXPVJ
+    7jMyDHJv6pJqzIW6Oh6qRIgEZqXuSPUoRTpnNKTUhmXHvoF3v/5hNEHtDhlz4D/X
+    CYpoByHT442m+JkJcl9w9F6SXpmjda5vgBxnRrF2/PPR0bW/kZwFpVRij4fHiSO4
+    XWlRGqv3YSc678YTuDWbIdB90CsHhbZL7jDPUaSptIWgwd8i+qe+G1c2eLM3PL3F
+    7Xc59BSpAoGBAPE2MPFlhlxbAFrU0h1lhrTOUviS0DYB6QSEWjvcXCTuFIdaUP+N
+    xKv5aC0+X3klrF0yU9kH68twHWDywW/36UiA7jAlB8sXEBqiaHnThIOT7wGFbplG
+    Nqinqp/FDeoe1b1pS9YMasiZ42IJyzy902J2aFv3CHNb++2EM6cdX7VVAoGBAOCO
+    +Lmbqu5YYQrpIOSsdUmQ40LGm5Fm0I75imNr5i6QqfgVmHpLw9KkmQMmQqe/Fi+P
+    u7uv9LJ/79AuioQjjuJcA2BWZsM2/DWKJlwLqSzOIIe9Nc2zAzgs23okMmPIQVD1
+    vOEUyqL/DpLVylg1pv3a+jNKZ+Sr1DvW2K9l++nDAoGAfniFbOxoaGAmbXmMuXEU
+    EhTkGAUSOl8CCCZFEYHWpl5WUSmfsn5okirw3lgHwwNnvm223OJ0VXRxUvW1SrnX
+    jPZc7M1dqrRq8ywYT1gB8ONNu6R0etT/r6pJof+17f1A4FEnPBHCo29cc3jjIPP+
+    s2+WBDIgMiwWiVB5rLOQDQkCgYEAmGlRdaCrPkQr8VzTn4FRxdGZ/duRAPoYecHy
+    5JH6VAaJ5kC6Ed9UlKZ02Adi3Dm81CEpGTVOzsw4t0Kvbwo3U3mCLSPXcY3jVm9i
+    o7yiYS+yMo8AcpGakMkZWegxbzoe4tU3EkmrUz/r40tJn98ibU/v21oX88OQM+EZ
+    hsqgVUMCgYAH9LKtpfBfK8Zl3itBr1dpCVt1h2WqL9c4VTwdoAa3hmlTOLm1d+b0
+    aZHnWt5QwHJpu8diFNnPNx/BINAv6A7AvAcjWOjQeI93VkvHPx6LsPrf11oau8ui
+    8bzZ+lr23d8tY+PNM7vXJx2fGT32hoqOw0blXsHikUMz7DWHhsh1nQ==
+    -----END RSA PRIVATE KEY-----
+  public_key: |
+    -----BEGIN PUBLIC KEY-----
+    MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA05YhPcD7+FWysWeKFXSH
+    nqmWnL+hKUbhkWFoIm6xpfFb1AvZ/rNGcVKhsKZqabHCEuMoK75WFGQ/qf5cTYTD
+    6Sw2UT88tfh6L6ArS+N5EGo6olZcyx0rO4Lx6doEGWo69dZCrCNl320zEi0wtztM
+    trhAy/2PftZSlmGmIB2I9KXGsvH/wDtOD4PtvpS9l+Tncb+taRCsfaKLqKafN0FF
+    P/SSJb1Gz5D6pqNuofHfYgv6sgXc1wgt0xHAPdicSq6MRft23HDK7cIbs7H/s01q
+    /eIDadM0emS6kw8k/3VqoXJlphrpwSjS/J95G+DiBcTbIvqSE5HQQ0jToa6Dz0h8
+    vwIDAQAB
+    -----END PUBLIC KEY-----
+  cert: |
+    -----BEGIN CERTIFICATE-----
+    MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA6MQswCQYDVQQGEwJCRTEN
+    MAsGA1UECgwEVGVzdDENMAsGA1UECwwEVGVzdDENMAsGA1UEAwwEVGVzdDAeFw0x
+    NjA1MDYxNTUyNDNaFw0yNjA1MDQxNTUyNDNaMDoxCzAJBgNVBAYTAkJFMQ0wCwYD
+    VQQKDARUZXN0MQ0wCwYDVQQLDARUZXN0MQ0wCwYDVQQDDARUZXN0MIIBIjANBgkq
+    hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA05YhPcD7+FWysWeKFXSHnqmWnL+hKUbh
+    kWFoIm6xpfFb1AvZ/rNGcVKhsKZqabHCEuMoK75WFGQ/qf5cTYTD6Sw2UT88tfh6
+    L6ArS+N5EGo6olZcyx0rO4Lx6doEGWo69dZCrCNl320zEi0wtztMtrhAy/2PftZS
+    lmGmIB2I9KXGsvH/wDtOD4PtvpS9l+Tncb+taRCsfaKLqKafN0FFP/SSJb1Gz5D6
+    pqNuofHfYgv6sgXc1wgt0xHAPdicSq6MRft23HDK7cIbs7H/s01q/eIDadM0emS6
+    kw8k/3VqoXJlphrpwSjS/J95G+DiBcTbIvqSE5HQQ0jToa6Dz0h8vwIDAQABo4GX
+    MIGUMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNo5o+5ea0sNMlW/75VgGJCv
+    2AcJMGIGA1UdIwRbMFmAFNo5o+5ea0sNMlW/75VgGJCv2AcJoT6kPDA6MQswCQYD
+    VQQGEwJCRTENMAsGA1UECgwEVGVzdDENMAsGA1UECwwEVGVzdDENMAsGA1UEAwwE
+    VGVzdIIBADANBgkqhkiG9w0BAQUFAAOCAQEAWrxwj2tA4veMfY23h81KmCHNMiWX
+    KLVd+UHGmGx7Io1VHdtB94wc7veakLisHT9GRa+UydCO9z7FzpAhb9N32jg7gZJI
+    ZRSrJkAUiEqo9G83V9e1Gld8bSGUxoAq3QENmYhw+ZRY8Fx0OLwEDFSTCe4u1D63
+    RZQq8n8lbPfchPoK0NXiJPt4JXsqjj1C4wYMQ0CODhkIdAUULHy4k+Xk+/pLP6gP
+    17zRouSlfXDPW8KbvsLWZJ26tGfv95mXC4HhHd2lVfudP+S2ExdU/el/raz5YnNY
+    Fj67XJdeSH805xQYv2fLwiXJPfO6aat+3AcKy6QnQYo1Sl+6LbcwRFsPHw==
+    -----END CERTIFICATE-----

data/bosh_manifest_without_secrets.yml ADDED

@@ -0,0 +1,52 @@
+---
+name: learn-bosh
+director_uuid: 510ac165-ee99-4c45-8274-1b989e5d5697
+releases:
+- name: learn-bosh
+  version: latest
+networks:
+- name: default
+  subnets:
+  - range: 10.244.0.0/28
+    reserved: [10.244.0.1]
+    static: [10.244.0.2,10.244.0.6,10.244.0.10]
+    cloud_properties:
+      name: random
+resource_pools:
+- name: default
+  stemcell:
+    name: bosh-warden-boshlite-ubuntu-trusty-go_agent
+    version: latest
+  network: default
+  cloud_properties: {}
+compilation:
+  workers: 2
+  network: default
+  cloud_properties: {}
+update:
+  canaries: 1
+  canary_watch_time: 60000
+  update_watch_time: 60000
+  max_in_flight: 2
+jobs:
+- name: app
+  templates:
+  - name: app
+  instances: 1
+  resource_pool: default
+  networks:
+  - name: default
+    static_ips:
+    - 10.244.0.2
+  properties:
+    admin_password: <%= get_password 'my_admin_password' %>
+    private_key: <%= get_private_key 'my_key' %>
+    public_key: <%= get_public_key 'my_key' %>
+    cert: <%= get_certificate 'my_cert', 'my_key', '*.example.com' %>
+    cert_for_haproxy: <%= get_certificate_and_key 'my_cert', 'my_key', '*.example.com' %>

data/lib/bosh/cli/commands/certificate.rb ADDED

@@ -0,0 +1,22 @@
+require "bosh/openssl"
+module Bosh::Cli::Command
+  class Certificate < Base
+    include Bosh::Openssl::Helpers
+    usage "certificate"
+    desc "Returns a named self-signed certificate. Generates and signes a new cert if it doesn't already exist."
+    option "--include-key", "include private key in output"
+    option "--no-escape", "don't escape newlines in output"
+    option "--cn <common-name>", String, "common name for certificate"
+    def perform(cert_name, key_name)
+      out = certificate(cert_name, key_name, options[:common_name]).to_s
+      out += private_key(key_name).to_s if options[:include_key]
+      out = out.dump unless options[:no_escape] == false
+      puts out
+    end
+  end
+end

data/lib/bosh/cli/commands/password.rb ADDED

@@ -0,0 +1,15 @@
+require "bosh/openssl"
+module Bosh::Cli::Command
+  class Password < Base
+    include Bosh::Openssl::Helpers
+    usage "password <name>"
+    desc "Generates random password."
+    def perform(name)
+      puts password name
+    end
+  end
+end

data/lib/bosh/cli/commands/private_key.rb ADDED

@@ -0,0 +1,17 @@
+require "bosh/openssl"
+module Bosh::Cli::Command
+  class PrivateKey < Base
+    include Bosh::Openssl::Helpers
+    usage "private key"
+    desc "Returns named private key. Generates new key if it doesn't already exist."
+    option "--no-escape", "don't escape newlines in output"
+    def perform(name)
+      out = private_key(name).to_s
+      out = out.dump unless options[:no_escape] == false
+      puts out
+    end
+  end
+end

data/lib/bosh/cli/commands/public_key.rb ADDED

@@ -0,0 +1,17 @@
+require "bosh/openssl"
+module Bosh::Cli::Command
+  class PublicKey < Base
+    include Bosh::Openssl::Helpers
+    usage "public key"
+    desc "Returns named public key. Generates new key if it doesn't already exist."
+    option "--no-escape", "don't escape newlines in output"
+    def perform(name)
+      out = public_key(name).to_s
+      out = out.dump unless options[:no_escape] == false
+      puts out
+    end
+  end
+end

data/lib/bosh/cli/commands/yaml_extensions.rb ADDED

@@ -0,0 +1,39 @@
+require "bosh/openssl"
+module Bosh::Cli::Command
+  class YamlExtensions < Base
+    ::BoshExtensions.module_eval do
+      def get_password name
+        include ::Bosh::Openssl::Helpers
+        password name
+      end
+      def get_certificate cert_name, key_name, common_name
+        include ::Bosh::Openssl::Helpers
+        out = certificate(cert_name, key_name, common_name).to_s
+        out.dump
+      end
+      def get_certificate_and_key cert_name, key_name, common_name
+        include ::Bosh::Openssl::Helpers
+        out = certificate(cert_name, key_name, common_name).to_s
+        out += private_key(key_name).to_s
+        out.dump
+      end
+      def get_public_key name
+        include ::Bosh::Openssl::Helpers
+        out = public_key(name).to_s
+        out.dump
+      end
+      def get_private_key name
+        include ::Bosh::Openssl::Helpers
+        out = private_key(name).to_s
+        out.dump.to_s
+      end
+    end
+  end
+end

data/lib/bosh/openssl.rb ADDED

@@ -0,0 +1,15 @@
+require "cli/core_ext"
+require "cli/validation"
+module Bosh
+  module Openssl
+    include BoshExtensions
+  end
+end
+require "bosh/openssl/helpers"
+require "bosh/openssl/version"
+require "bosh/cli/commands/private_key"
+require "bosh/cli/commands/public_key"
+require "bosh/cli/commands/password"
+require "bosh/cli/commands/certificate"

data/lib/bosh/openssl/helpers.rb ADDED

@@ -0,0 +1,127 @@
+require 'openssl'
+require 'vault'
+module Bosh
+  module Openssl
+    module Helpers
+      def public_key(name)
+        private_key(name).public_key
+      end
+      def private_key(name)
+        name += ".key"
+        return read_key(name) if exists?(name)
+        key = OpenSSL::PKey::RSA.new(2048)
+        write(name, key)
+        key
+      end
+      def password(name)
+        name += ".passwd"
+        return read(name) if exists?(name)
+        password = Base64.encode64(OpenSSL::Random.random_bytes(16))
+        write(name, password)
+        password
+      end
+      def certificate(cert_name, key_name, common_name)
+        cert_name += ".crt"
+        return read_cert(cert_name) if exists?(cert_name)
+        cert = sign_certificate(generate_certificate(common_name), key_name).to_pem
+        write(cert_name, cert)
+        cert
+      end
+      private
+      SSL_DIR=File.join(File.expand_path('~'), '.bosh', 'openssl')
+      def generate_certificate(common_name)
+        subject = '/C=AU/O=Test/OU=Test'
+        subject += "/CN=#{common_name}" if common_name
+        cert = OpenSSL::X509::Certificate.new
+        cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject)
+        cert.not_before = Time.now
+        cert.not_after = Time.now + 10 * 365 * 24 * 60 * 60
+        cert.serial = 0x0
+        cert.version = 2
+        ef = OpenSSL::X509::ExtensionFactory.new
+        ef.subject_certificate = cert
+        ef.issuer_certificate = cert
+        cert.extensions = [
+          ef.create_extension("basicConstraints","CA:TRUE", true),
+          ef.create_extension("subjectKeyIdentifier", "hash"),
+        ]
+        cert.add_extension ef.create_extension("authorityKeyIdentifier",
+                                               "keyid:always,issuer:always")
+        cert
+      end
+      def sign_certificate(cert, key_name)
+        cert.public_key = public_key(key_name)
+        cert.sign private_key(key_name), OpenSSL::Digest::SHA1.new
+        cert
+      end
+      def read_key(name)
+        OpenSSL::PKey::RSA.new read(name)
+      end
+      def read_cert(name)
+        OpenSSL::X509::Certificate.new read(name)
+      end
+      def read(name)
+        return read_from_vault(name) if vault_backend_available?
+        read_file(name)
+      end
+      def write(name, payload)
+        return write_to_vault(name, payload) if vault_backend_available?
+        write_file(name, payload)
+      end
+      def exists?(name)
+        return read_from_vault(name)!='' if vault_backend_available?
+        File.exists?(path(name))
+      end
+      def vault_backend_available?
+        ENV['VAULT_ADDR'] || false
+      end
+      def read_from_vault(name)
+        secrets = Vault.logical.read("secret/#{name}")
+        return '' if secrets.nil?
+        secrets.data[:value]
+      end
+      def write_to_vault(name, payload)
+        data = {}
+        data[:value] = payload
+        Vault.logical.write("secret/#{name}", data)
+      end
+      def read_file(name)
+        File.read(path(name))
+      end
+      def write_file(name, payload)
+        FileUtils::mkdir_p SSL_DIR
+        File.open(path(name), 'w') { |file| file.write(payload) }
+      end
+      def path(name)
+        File.join(SSL_DIR, name)
+      end
+    end
+  end
+end

data/lib/bosh/openssl/version.rb ADDED

@@ -0,0 +1,5 @@
+module Bosh
+  module Openssl
+    VERSION = "0.0.1"
+  end
+end

metadata ADDED

@@ -0,0 +1,214 @@
+--- !ruby/object:Gem::Specification
+name: bosh-openssl
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Stev Witzel
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2016-05-06 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bosh_cli
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.2682.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.2682.0
+- !ruby/object:Gem::Dependency
+  name: bosh_common
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.2682.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.2682.0
+- !ruby/object:Gem::Dependency
+  name: semi_semantic
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+- !ruby/object:Gem::Dependency
+  name: membrane
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+- !ruby/object:Gem::Dependency
+  name: git
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.2.6
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.2.6
+- !ruby/object:Gem::Dependency
+  name: vault
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.1.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.1.0
+- !ruby/object:Gem::Dependency
+  name: rspec-its
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Short description.
+email:
+- switzel@pivotal.io
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- Gemfile
+- Gemfile.lock
+- README.md
+- Rakefile
+- bosh-openssl.gemspec
+- bosh_manifest.yml
+- bosh_manifest_without_secrets.yml
+- lib/bosh/cli/commands/certificate.rb
+- lib/bosh/cli/commands/password.rb
+- lib/bosh/cli/commands/private_key.rb
+- lib/bosh/cli/commands/public_key.rb
+- lib/bosh/cli/commands/yaml_extensions.rb
+- lib/bosh/openssl.rb
+- lib/bosh/openssl/helpers.rb
+- lib/bosh/openssl/version.rb
+homepage: https://github.com/cloudfoundry/bosh
+licenses: []
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.0.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.4.5
+signing_key:
+specification_version: 4
+summary: Short description.
+test_files: []