ccli 0.1.0 → 1.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b51dfcdf9a76d67d7bb633b23527d834e1eefeed029b4d8cce842ce1d114126c
-  data.tar.gz: e4aaff7ebd82de60040209ee625b7e4b479d84ffff1f2eeed3f9d919ea48ac83
+  metadata.gz: b808de24e75aa7de88a4fa899401f33b0c07a8bfc056371b6b4dba3037ac4c1c
+  data.tar.gz: 8d6aed4c6a3ddd82c0a9d5d2eaa26d5668b5da7d8ae6b3a1d7bfac473c724158
 SHA512:
-  metadata.gz: c325b131a7eacbee13c0c6caa99288876958ee5a1424a7a14cbff80d13fdc3d8f7886f4f46d57b483fa6ee47c2e019497e72a75d223360698079c59d6db8e138
-  data.tar.gz: ec80bdf42056d9101b64a7eb99ec991b7aef7a7007a9481ab714253455e260c777af1d42b26765c250c3e9343f84a716b86c860c4c6f677fa9682a5a0e198eb3
+  metadata.gz: 23cdaf53c3e84c90ea7bd8caac55c1c0dc5479e70dbd7d893d31e4c9ef7830cda495f90d5d075c0cce93d242abad23b639c69f337df557b060219d633d8c373a
+  data.tar.gz: eb84e14c287080cecf3b91e08ef7837c1a7e64e923f9e505974f9fc28f5c95fbf0fcc14777663967f8f553cf9c5f39db52fb8094ca5b20207a4d2db105199e2a

data/.rubocop.yml

@@ -1,7 +1,9 @@
 AllCops:
   DisplayCopNames: true
+  TargetRubyVersion: 2.5
   Exclude:
     - spec/**/*
+    - ccli.gemspec
 
 Metrics/AbcSize:
   Max: 20

data/.tool-versions

@@ -0,0 +1 @@
+ruby 2.6.0

data/CHANGELOG.md

@@ -0,0 +1,23 @@
+# Changelog
+
+## 1.0.1
+
+- Reset api user token after login
+
+## 1.0.0
+
+- De- and encode data from secrets
+
+## 0.1.2
+
+- Updating docs
+- Bugfixing
+
+## 0.1.1
+
+- Adding MIT license
+
+## 0.1.0
+
+- Publish first version
+- Commands: `login`, `logout`, `account`, `folder`, `{ose,k8s}-secret-pull`, `{ose,k8s}-secret-push`, `teams`, `use`

data/README.md

@@ -1,10 +1,10 @@
 # ccli
 
-Cryptopus Command Line Client
+Command Line Client for [Cryptopus](https://github.com/puzzle/cryptopus)
 
 ## Installation
 
-`sudo gem install ccli`
+`gem install ccli`
 
 This will install the `cry` command including its dependencies
 
@@ -17,35 +17,74 @@ This will install the `cry` command including its dependencies
 
 ## Usage
 
-### Labeling secret to be synced
+[Receiving the login token from Cryptopus](docs/get_login_token.md)
 
-So that a secret even gets considered by the `ccli`, you have to add the `cryptopus-sync=true` label to your secret:
+### Commands
 
-**oc:** `oc label secret <secret-name> cryptopus-sync=true`
+```
+  Command:           Summary:
 
+  account            Fetches an account by the given id
+  folder             Selects the Cryptopus folder by id
+  help               Display global or [command] help documentation
+  k8s-secret-pull    Pulls secret from Kubectl to Cryptopus
+  k8s-secret-push    Pushes secret from Cryptopus to Kubectl
+  login              Logs in to the ccli
+  logout             Logs out of the ccli
+  ose-secret-pull    Pulls secret from Openshift to Cryptopus
+  ose-secret-push    Pushes secret from Cryptopus to Openshift
+  teams              Lists all available teams
+  use                Select the current folder
+```
 
-**kubectl:** `kubectl label secret <secret-name> cryptopus-sync=true`
+Show more specific documentation by calling `cry help <command>`
 
-### Commands
+### Account
+
+#### Logging in
+
+Use the ccli login copy button from the UI or do it manually:
+
+    user=<my-user>
+    token=<my-token>
+    url=https://cryptopus.example.com
+
+    cry login $(echo -n "$user:$token" | base64)@$url
+
+#### Retrieving
+
+To retreive account data as yaml:
 
 ```
-  Command:           Summary:
+cry account 42 > account.yaml
+```
+Retreiving account's password and assign it to a variable:
 
-  account            Fetches an account by the given id          
-  folder             Selects the Cryptopus folder by id          
-  help               Display global or [command] help documentation              
-  k8s-secret-pull    Pulls secret from Kubectl to Cryptopus              
-  k8s-secret-push    Pushes secret from Cryptopus to Kubectl             
-  login              Logs in to the ccli         
-  logout             Logs out of the ccli                
-  ose-secret-pull    Pulls secret from Openshift to Cryptopus            
-  ose-secret-push    Pushes secret from Cryptopus to Openshift           
-  teams              Lists all available teams           
-  use                Select the current folder   
+```
+PASSWORD=$(cry account 42 --password)
 ```
 
-Show more specific documentation by calling `cry help <command>`
+#### Updating
+
+not supported yet by ccli
+
+### Kubernetes/Openshift
+
+#### Required tools
+
+First you'll have to install either [oc](https://docs.openshift.com/container-platform/4.3/cli_reference/openshift_cli/getting-started-cli.html#installing-the-cli) or [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) depending on your usage
+
+#### Pulling Kubernetes / Openshift Secrets
+
+when using the command `{ose|k8s}-secret-pull` after beeing logged in to a k8s/ose project, all secrets labeled with `cryptopus-sync=true` are backed up to cryptopus.
 
+to label a specific secret do:
+
+**oc:** `oc label secret <secret-name> cryptopus-sync=true`
+
+**kubectl:** `kubectl label secret <secret-name> cryptopus-sync=true`
+
+Restored secrets by `{ose|k8s}-secret-push` are labeled automatically.
 
 ## Development
 
@@ -61,3 +100,7 @@ You will need the following things properly installed on your computer:
 - `rvm install 2.6.0`
 - `gem install bundler`
 - `bundle install`
+
+### Running tests
+
+`bundle exec rspec`

data/bin/cry

@@ -1,6 +1,6 @@
 #!/usr/bin/env ruby
 # frozen_string_literal: true
 
-require_relative '../lib/cli'
+require 'cli'
 
 CLI.new.run

data/ccli.gemspec

@@ -5,8 +5,15 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
 Gem::Specification.new do |s|
   s.name          = 'ccli'
-  s.version       = '0.1.0'
+  s.description   = <<-EOF
+    CCLI is the Cryptopus Command Line Interface. It allows to fetch account data and list teams from Cryptopus.
+    One of the main functionality is backing up secrets from cluster services (currently: openshift, kubernetes)
+    to Cryptopus and restoring them as well.
+  EOF
+  s.version       = '1.0.1'
   s.summary       = 'Command line client for the opensource password manager Cryptopus'
+  s.license       = 'MIT'
+  s.homepage      = 'https://github.com/puzzle/ccli'
   s.authors       = ['Nils Rauch']
   s.email         = 'rauch@puzzle.ch'
   s.require_paths = ['lib']
@@ -16,9 +23,15 @@ Gem::Specification.new do |s|
   s.bindir        = 'bin'
   s.executables   = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
   s.required_ruby_version = Gem::Requirement.new('>= 2.0')
+  s.metadata = {
+    "bug_tracker_uri"   => "https://github.com/puzzle/ccli/issues",
+    "changelog_uri"     => "https://github.com/puzzle/ccli/blob/master/CHANGELOG.md",
+    "source_code_uri"   => "https://github.com/puzzle/ccli"
+  }
 
   s.add_runtime_dependency 'commander', '~> 4.5', '>= 4.5.2'
   s.add_runtime_dependency 'tty-command'
   s.add_runtime_dependency 'tty-exit'
   s.add_runtime_dependency 'tty-logger'
+
 end

data/docs/get_login_token.md

@@ -0,0 +1,18 @@
+# Receiving the Login token from Cryptopus
+
+To use the CCLI, you'll first have to receive the login token from Cryptopus.
+
+1. Log in to your instance of Cryptopus
+2. Navigate to your user settings
+3. Choose or create the api user you want to use via the ccli (keep the valid time in mind)
+4. Grant the API user permissions to access the groups you need to use with the ccli
+5. Use the ccli login copy button
+6. Copy the command from your clipboard to the terminal
+
+## Accessing user settings
+
+![user_settings](images/access_user_settings.png)
+
+## Copy CCLI Login
+
+![copy_ccli_login](images/copy_ccli_login.png)

data/lib/adapters/cluster_secret_adapter.rb

@@ -35,7 +35,7 @@ class ClusterSecretAdapter
     raise client_not_logged_in_error unless client_logged_in?
 
     File.open("/tmp/#{secret.name}.yml", 'w') do |file|
-      file.write secret.ose_secret
+      file.write secret.to_yaml
     end
 
     cmd.run("#{client} delete -f /tmp/#{secret.name}.yml --ignore-not-found=true")

data/lib/cli.rb

@@ -14,7 +14,7 @@ class CLI
   # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metric/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/BlockLength
   def run
     program :name, 'cry - cryptopus cli'
-    program :version, '1.0.0'
+    program :version, '1.0.1'
     program :description, 'CLI tool to manage Openshift Secrets via Cryptopus'
     program :help, 'Source Code', 'https://www.github.com/puzzle/ccli'
     program :help, 'Usage', 'cry [flags]'

data/lib/models/ose_secret.rb

@@ -16,7 +16,21 @@ class OSESecret
     OSESecretSerializer.to_yaml(self)
   end
 
+  private
+
+  def encoded_data(data)
+    data.transform_values do |value|
+      Base64.strict_encode64(value)
+    rescue ArgumentError
+      value
+    end
+  end
+
   class << self
+    def from_yaml(yaml)
+      OSESecretSerializer.from_yaml(yaml)
+    end
+
     def find_by_name(name)
       OSESecretSerializer.from_yaml(OSEAdapter.new.fetch_secret(name))
     end

data/lib/serializers/account_serializer.rb

@@ -51,7 +51,7 @@ class AccountSerializer
     end
 
     def to_osesecret(account)
-      OSESecret.new(account.accountname, account.ose_secret)
+      OSESecret.from_yaml(account.ose_secret)
     end
   end
 end

data/lib/serializers/ose_secret_serializer.rb

@@ -1,16 +1,54 @@
 # frozen_string_literal: true
 
 require 'psych'
+require 'base64'
 
 class OSESecretSerializer
   class << self
+    # rubocop:disable Metrics/MethodLength
     def from_yaml(yaml)
-      secret_hash = Psych.load(yaml, symbolize_names: true)
-      OSESecret.new(secret_hash.dig(:metadata, :name), yaml)
+      secret_hash = Psych.load(yaml)
+      data = {
+        'apiVersion' => secret_hash['apiVersion'],
+        'data' => decoded_data(secret_hash['data']),
+        'kind' => secret_hash['kind'],
+        'metadata' => {
+          'name' => secret_hash['metadata']['name'],
+          'labels' => secret_hash['metadata']['labels']
+        }
+      }.to_yaml
+      OSESecret.new(secret_hash['metadata']['name'], data.to_s)
     end
+    # rubocop:enable Metrics/MethodLength
 
     def to_account(secret)
       Account.new(accountname: secret.name, ose_secret: secret.ose_secret, type: 'ose_secret')
     end
+
+    def to_yaml(secret)
+      secret_hash = Psych.load(secret.ose_secret)
+      secret_hash['data'] = encoded_data(secret_hash['data'])
+      secret_hash.to_yaml
+    end
+
+    private
+
+    def decoded_data(data)
+      return {} unless data
+
+      data.transform_values do |value|
+        Base64.strict_decode64(value)
+      rescue ArgumentError
+        value
+      end
+    end
+
+    def encoded_data(data)
+      return {} unless data
+
+      data.transform_values do |value|
+        Base64.strict_encode64(value)
+      end
+    end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ccli
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 1.0.1
 platform: ruby
 authors:
 - Nils Rauch
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-10-16 00:00:00.000000000 Z
+date: 2022-04-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: commander
@@ -72,7 +72,10 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: 
+description: |2
+      CCLI is the Cryptopus Command Line Interface. It allows to fetch account data and list teams from Cryptopus.
+      One of the main functionality is backing up secrets from cluster services (currently: openshift, kubernetes)
+      to Cryptopus and restoring them as well.
 email: rauch@puzzle.ch
 executables:
 - cry
@@ -80,12 +83,17 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".rubocop.yml"
+- ".tool-versions"
 - ".travis.yml"
+- CHANGELOG.md
 - Gemfile
 - Gemfile.lock
 - README.md
 - bin/cry
 - ccli.gemspec
+- docs/get_login_token.md
+- docs/images/access_user_settings.png
+- docs/images/copy_ccli_login.png
 - lib/adapters/cluster_secret_adapter.rb
 - lib/adapters/cryptopus_adapter.rb
 - lib/adapters/k8s_adapter.rb
@@ -103,9 +111,13 @@ files:
 - lib/serializers/folder_serializer.rb
 - lib/serializers/ose_secret_serializer.rb
 - lib/serializers/team_serializer.rb
-homepage: 
-licenses: []
-metadata: {}
+homepage: https://github.com/puzzle/ccli
+licenses:
+- MIT
+metadata:
+  bug_tracker_uri: https://github.com/puzzle/ccli/issues
+  changelog_uri: https://github.com/puzzle/ccli/blob/master/CHANGELOG.md
+  source_code_uri: https://github.com/puzzle/ccli
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -121,8 +133,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.9
+rubygems_version: 3.0.8
 signing_key: 
 specification_version: 4
 summary: Command line client for the opensource password manager Cryptopus