ccli 0.1.0 → 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +2 -0
- data/.tool-versions +1 -0
- data/CHANGELOG.md +23 -0
- data/README.md +63 -20
- data/bin/cry +1 -1
- data/ccli.gemspec +14 -1
- data/docs/get_login_token.md +18 -0
- data/docs/images/access_user_settings.png +0 -0
- data/docs/images/copy_ccli_login.png +0 -0
- data/lib/adapters/cluster_secret_adapter.rb +1 -1
- data/lib/cli.rb +1 -1
- data/lib/models/ose_secret.rb +14 -0
- data/lib/serializers/account_serializer.rb +1 -1
- data/lib/serializers/ose_secret_serializer.rb +40 -2
- metadata +19 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b808de24e75aa7de88a4fa899401f33b0c07a8bfc056371b6b4dba3037ac4c1c
|
4
|
+
data.tar.gz: 8d6aed4c6a3ddd82c0a9d5d2eaa26d5668b5da7d8ae6b3a1d7bfac473c724158
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 23cdaf53c3e84c90ea7bd8caac55c1c0dc5479e70dbd7d893d31e4c9ef7830cda495f90d5d075c0cce93d242abad23b639c69f337df557b060219d633d8c373a
|
7
|
+
data.tar.gz: eb84e14c287080cecf3b91e08ef7837c1a7e64e923f9e505974f9fc28f5c95fbf0fcc14777663967f8f553cf9c5f39db52fb8094ca5b20207a4d2db105199e2a
|
data/.rubocop.yml
CHANGED
data/.tool-versions
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
ruby 2.6.0
|
data/CHANGELOG.md
ADDED
@@ -0,0 +1,23 @@
|
|
1
|
+
# Changelog
|
2
|
+
|
3
|
+
## 1.0.1
|
4
|
+
|
5
|
+
- Reset api user token after login
|
6
|
+
|
7
|
+
## 1.0.0
|
8
|
+
|
9
|
+
- De- and encode data from secrets
|
10
|
+
|
11
|
+
## 0.1.2
|
12
|
+
|
13
|
+
- Updating docs
|
14
|
+
- Bugfixing
|
15
|
+
|
16
|
+
## 0.1.1
|
17
|
+
|
18
|
+
- Adding MIT license
|
19
|
+
|
20
|
+
## 0.1.0
|
21
|
+
|
22
|
+
- Publish first version
|
23
|
+
- Commands: `login`, `logout`, `account`, `folder`, `{ose,k8s}-secret-pull`, `{ose,k8s}-secret-push`, `teams`, `use`
|
data/README.md
CHANGED
@@ -1,10 +1,10 @@
|
|
1
1
|
# ccli
|
2
2
|
|
3
|
-
|
3
|
+
Command Line Client for [Cryptopus](https://github.com/puzzle/cryptopus)
|
4
4
|
|
5
5
|
## Installation
|
6
6
|
|
7
|
-
`
|
7
|
+
`gem install ccli`
|
8
8
|
|
9
9
|
This will install the `cry` command including its dependencies
|
10
10
|
|
@@ -17,35 +17,74 @@ This will install the `cry` command including its dependencies
|
|
17
17
|
|
18
18
|
## Usage
|
19
19
|
|
20
|
-
|
20
|
+
[Receiving the login token from Cryptopus](docs/get_login_token.md)
|
21
21
|
|
22
|
-
|
22
|
+
### Commands
|
23
23
|
|
24
|
-
|
24
|
+
```
|
25
|
+
Command: Summary:
|
25
26
|
|
27
|
+
account Fetches an account by the given id
|
28
|
+
folder Selects the Cryptopus folder by id
|
29
|
+
help Display global or [command] help documentation
|
30
|
+
k8s-secret-pull Pulls secret from Kubectl to Cryptopus
|
31
|
+
k8s-secret-push Pushes secret from Cryptopus to Kubectl
|
32
|
+
login Logs in to the ccli
|
33
|
+
logout Logs out of the ccli
|
34
|
+
ose-secret-pull Pulls secret from Openshift to Cryptopus
|
35
|
+
ose-secret-push Pushes secret from Cryptopus to Openshift
|
36
|
+
teams Lists all available teams
|
37
|
+
use Select the current folder
|
38
|
+
```
|
26
39
|
|
27
|
-
|
40
|
+
Show more specific documentation by calling `cry help <command>`
|
28
41
|
|
29
|
-
###
|
42
|
+
### Account
|
43
|
+
|
44
|
+
#### Logging in
|
45
|
+
|
46
|
+
Use the ccli login copy button from the UI or do it manually:
|
47
|
+
|
48
|
+
user=<my-user>
|
49
|
+
token=<my-token>
|
50
|
+
url=https://cryptopus.example.com
|
51
|
+
|
52
|
+
cry login $(echo -n "$user:$token" | base64)@$url
|
53
|
+
|
54
|
+
#### Retrieving
|
55
|
+
|
56
|
+
To retreive account data as yaml:
|
30
57
|
|
31
58
|
```
|
32
|
-
|
59
|
+
cry account 42 > account.yaml
|
60
|
+
```
|
61
|
+
Retreiving account's password and assign it to a variable:
|
33
62
|
|
34
|
-
|
35
|
-
|
36
|
-
help Display global or [command] help documentation
|
37
|
-
k8s-secret-pull Pulls secret from Kubectl to Cryptopus
|
38
|
-
k8s-secret-push Pushes secret from Cryptopus to Kubectl
|
39
|
-
login Logs in to the ccli
|
40
|
-
logout Logs out of the ccli
|
41
|
-
ose-secret-pull Pulls secret from Openshift to Cryptopus
|
42
|
-
ose-secret-push Pushes secret from Cryptopus to Openshift
|
43
|
-
teams Lists all available teams
|
44
|
-
use Select the current folder
|
63
|
+
```
|
64
|
+
PASSWORD=$(cry account 42 --password)
|
45
65
|
```
|
46
66
|
|
47
|
-
|
67
|
+
#### Updating
|
68
|
+
|
69
|
+
not supported yet by ccli
|
70
|
+
|
71
|
+
### Kubernetes/Openshift
|
72
|
+
|
73
|
+
#### Required tools
|
74
|
+
|
75
|
+
First you'll have to install either [oc](https://docs.openshift.com/container-platform/4.3/cli_reference/openshift_cli/getting-started-cli.html#installing-the-cli) or [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) depending on your usage
|
76
|
+
|
77
|
+
#### Pulling Kubernetes / Openshift Secrets
|
78
|
+
|
79
|
+
when using the command `{ose|k8s}-secret-pull` after beeing logged in to a k8s/ose project, all secrets labeled with `cryptopus-sync=true` are backed up to cryptopus.
|
48
80
|
|
81
|
+
to label a specific secret do:
|
82
|
+
|
83
|
+
**oc:** `oc label secret <secret-name> cryptopus-sync=true`
|
84
|
+
|
85
|
+
**kubectl:** `kubectl label secret <secret-name> cryptopus-sync=true`
|
86
|
+
|
87
|
+
Restored secrets by `{ose|k8s}-secret-push` are labeled automatically.
|
49
88
|
|
50
89
|
## Development
|
51
90
|
|
@@ -61,3 +100,7 @@ You will need the following things properly installed on your computer:
|
|
61
100
|
- `rvm install 2.6.0`
|
62
101
|
- `gem install bundler`
|
63
102
|
- `bundle install`
|
103
|
+
|
104
|
+
### Running tests
|
105
|
+
|
106
|
+
`bundle exec rspec`
|
data/bin/cry
CHANGED
data/ccli.gemspec
CHANGED
@@ -5,8 +5,15 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |s|
|
7
7
|
s.name = 'ccli'
|
8
|
-
s.
|
8
|
+
s.description = <<-EOF
|
9
|
+
CCLI is the Cryptopus Command Line Interface. It allows to fetch account data and list teams from Cryptopus.
|
10
|
+
One of the main functionality is backing up secrets from cluster services (currently: openshift, kubernetes)
|
11
|
+
to Cryptopus and restoring them as well.
|
12
|
+
EOF
|
13
|
+
s.version = '1.0.1'
|
9
14
|
s.summary = 'Command line client for the opensource password manager Cryptopus'
|
15
|
+
s.license = 'MIT'
|
16
|
+
s.homepage = 'https://github.com/puzzle/ccli'
|
10
17
|
s.authors = ['Nils Rauch']
|
11
18
|
s.email = 'rauch@puzzle.ch'
|
12
19
|
s.require_paths = ['lib']
|
@@ -16,9 +23,15 @@ Gem::Specification.new do |s|
|
|
16
23
|
s.bindir = 'bin'
|
17
24
|
s.executables = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
18
25
|
s.required_ruby_version = Gem::Requirement.new('>= 2.0')
|
26
|
+
s.metadata = {
|
27
|
+
"bug_tracker_uri" => "https://github.com/puzzle/ccli/issues",
|
28
|
+
"changelog_uri" => "https://github.com/puzzle/ccli/blob/master/CHANGELOG.md",
|
29
|
+
"source_code_uri" => "https://github.com/puzzle/ccli"
|
30
|
+
}
|
19
31
|
|
20
32
|
s.add_runtime_dependency 'commander', '~> 4.5', '>= 4.5.2'
|
21
33
|
s.add_runtime_dependency 'tty-command'
|
22
34
|
s.add_runtime_dependency 'tty-exit'
|
23
35
|
s.add_runtime_dependency 'tty-logger'
|
36
|
+
|
24
37
|
end
|
@@ -0,0 +1,18 @@
|
|
1
|
+
# Receiving the Login token from Cryptopus
|
2
|
+
|
3
|
+
To use the CCLI, you'll first have to receive the login token from Cryptopus.
|
4
|
+
|
5
|
+
1. Log in to your instance of Cryptopus
|
6
|
+
2. Navigate to your user settings
|
7
|
+
3. Choose or create the api user you want to use via the ccli (keep the valid time in mind)
|
8
|
+
4. Grant the API user permissions to access the groups you need to use with the ccli
|
9
|
+
5. Use the ccli login copy button
|
10
|
+
6. Copy the command from your clipboard to the terminal
|
11
|
+
|
12
|
+
## Accessing user settings
|
13
|
+
|
14
|
+
![user_settings](images/access_user_settings.png)
|
15
|
+
|
16
|
+
## Copy CCLI Login
|
17
|
+
|
18
|
+
![copy_ccli_login](images/copy_ccli_login.png)
|
Binary file
|
Binary file
|
@@ -35,7 +35,7 @@ class ClusterSecretAdapter
|
|
35
35
|
raise client_not_logged_in_error unless client_logged_in?
|
36
36
|
|
37
37
|
File.open("/tmp/#{secret.name}.yml", 'w') do |file|
|
38
|
-
file.write secret.
|
38
|
+
file.write secret.to_yaml
|
39
39
|
end
|
40
40
|
|
41
41
|
cmd.run("#{client} delete -f /tmp/#{secret.name}.yml --ignore-not-found=true")
|
data/lib/cli.rb
CHANGED
@@ -14,7 +14,7 @@ class CLI
|
|
14
14
|
# rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metric/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/BlockLength
|
15
15
|
def run
|
16
16
|
program :name, 'cry - cryptopus cli'
|
17
|
-
program :version, '1.0.
|
17
|
+
program :version, '1.0.1'
|
18
18
|
program :description, 'CLI tool to manage Openshift Secrets via Cryptopus'
|
19
19
|
program :help, 'Source Code', 'https://www.github.com/puzzle/ccli'
|
20
20
|
program :help, 'Usage', 'cry [flags]'
|
data/lib/models/ose_secret.rb
CHANGED
@@ -16,7 +16,21 @@ class OSESecret
|
|
16
16
|
OSESecretSerializer.to_yaml(self)
|
17
17
|
end
|
18
18
|
|
19
|
+
private
|
20
|
+
|
21
|
+
def encoded_data(data)
|
22
|
+
data.transform_values do |value|
|
23
|
+
Base64.strict_encode64(value)
|
24
|
+
rescue ArgumentError
|
25
|
+
value
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
19
29
|
class << self
|
30
|
+
def from_yaml(yaml)
|
31
|
+
OSESecretSerializer.from_yaml(yaml)
|
32
|
+
end
|
33
|
+
|
20
34
|
def find_by_name(name)
|
21
35
|
OSESecretSerializer.from_yaml(OSEAdapter.new.fetch_secret(name))
|
22
36
|
end
|
@@ -1,16 +1,54 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require 'psych'
|
4
|
+
require 'base64'
|
4
5
|
|
5
6
|
class OSESecretSerializer
|
6
7
|
class << self
|
8
|
+
# rubocop:disable Metrics/MethodLength
|
7
9
|
def from_yaml(yaml)
|
8
|
-
secret_hash = Psych.load(yaml
|
9
|
-
|
10
|
+
secret_hash = Psych.load(yaml)
|
11
|
+
data = {
|
12
|
+
'apiVersion' => secret_hash['apiVersion'],
|
13
|
+
'data' => decoded_data(secret_hash['data']),
|
14
|
+
'kind' => secret_hash['kind'],
|
15
|
+
'metadata' => {
|
16
|
+
'name' => secret_hash['metadata']['name'],
|
17
|
+
'labels' => secret_hash['metadata']['labels']
|
18
|
+
}
|
19
|
+
}.to_yaml
|
20
|
+
OSESecret.new(secret_hash['metadata']['name'], data.to_s)
|
10
21
|
end
|
22
|
+
# rubocop:enable Metrics/MethodLength
|
11
23
|
|
12
24
|
def to_account(secret)
|
13
25
|
Account.new(accountname: secret.name, ose_secret: secret.ose_secret, type: 'ose_secret')
|
14
26
|
end
|
27
|
+
|
28
|
+
def to_yaml(secret)
|
29
|
+
secret_hash = Psych.load(secret.ose_secret)
|
30
|
+
secret_hash['data'] = encoded_data(secret_hash['data'])
|
31
|
+
secret_hash.to_yaml
|
32
|
+
end
|
33
|
+
|
34
|
+
private
|
35
|
+
|
36
|
+
def decoded_data(data)
|
37
|
+
return {} unless data
|
38
|
+
|
39
|
+
data.transform_values do |value|
|
40
|
+
Base64.strict_decode64(value)
|
41
|
+
rescue ArgumentError
|
42
|
+
value
|
43
|
+
end
|
44
|
+
end
|
45
|
+
|
46
|
+
def encoded_data(data)
|
47
|
+
return {} unless data
|
48
|
+
|
49
|
+
data.transform_values do |value|
|
50
|
+
Base64.strict_encode64(value)
|
51
|
+
end
|
52
|
+
end
|
15
53
|
end
|
16
54
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ccli
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1
|
4
|
+
version: 1.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Nils Rauch
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-04-05 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: commander
|
@@ -72,7 +72,10 @@ dependencies:
|
|
72
72
|
- - ">="
|
73
73
|
- !ruby/object:Gem::Version
|
74
74
|
version: '0'
|
75
|
-
description:
|
75
|
+
description: |2
|
76
|
+
CCLI is the Cryptopus Command Line Interface. It allows to fetch account data and list teams from Cryptopus.
|
77
|
+
One of the main functionality is backing up secrets from cluster services (currently: openshift, kubernetes)
|
78
|
+
to Cryptopus and restoring them as well.
|
76
79
|
email: rauch@puzzle.ch
|
77
80
|
executables:
|
78
81
|
- cry
|
@@ -80,12 +83,17 @@ extensions: []
|
|
80
83
|
extra_rdoc_files: []
|
81
84
|
files:
|
82
85
|
- ".rubocop.yml"
|
86
|
+
- ".tool-versions"
|
83
87
|
- ".travis.yml"
|
88
|
+
- CHANGELOG.md
|
84
89
|
- Gemfile
|
85
90
|
- Gemfile.lock
|
86
91
|
- README.md
|
87
92
|
- bin/cry
|
88
93
|
- ccli.gemspec
|
94
|
+
- docs/get_login_token.md
|
95
|
+
- docs/images/access_user_settings.png
|
96
|
+
- docs/images/copy_ccli_login.png
|
89
97
|
- lib/adapters/cluster_secret_adapter.rb
|
90
98
|
- lib/adapters/cryptopus_adapter.rb
|
91
99
|
- lib/adapters/k8s_adapter.rb
|
@@ -103,9 +111,13 @@ files:
|
|
103
111
|
- lib/serializers/folder_serializer.rb
|
104
112
|
- lib/serializers/ose_secret_serializer.rb
|
105
113
|
- lib/serializers/team_serializer.rb
|
106
|
-
homepage:
|
107
|
-
licenses:
|
108
|
-
|
114
|
+
homepage: https://github.com/puzzle/ccli
|
115
|
+
licenses:
|
116
|
+
- MIT
|
117
|
+
metadata:
|
118
|
+
bug_tracker_uri: https://github.com/puzzle/ccli/issues
|
119
|
+
changelog_uri: https://github.com/puzzle/ccli/blob/master/CHANGELOG.md
|
120
|
+
source_code_uri: https://github.com/puzzle/ccli
|
109
121
|
post_install_message:
|
110
122
|
rdoc_options: []
|
111
123
|
require_paths:
|
@@ -121,8 +133,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
121
133
|
- !ruby/object:Gem::Version
|
122
134
|
version: '0'
|
123
135
|
requirements: []
|
124
|
-
|
125
|
-
rubygems_version: 2.7.9
|
136
|
+
rubygems_version: 3.0.8
|
126
137
|
signing_key:
|
127
138
|
specification_version: 4
|
128
139
|
summary: Command line client for the opensource password manager Cryptopus
|