ccli 0.1.0 → 1.0.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b51dfcdf9a76d67d7bb633b23527d834e1eefeed029b4d8cce842ce1d114126c
4
- data.tar.gz: e4aaff7ebd82de60040209ee625b7e4b479d84ffff1f2eeed3f9d919ea48ac83
3
+ metadata.gz: b808de24e75aa7de88a4fa899401f33b0c07a8bfc056371b6b4dba3037ac4c1c
4
+ data.tar.gz: 8d6aed4c6a3ddd82c0a9d5d2eaa26d5668b5da7d8ae6b3a1d7bfac473c724158
5
5
  SHA512:
6
- metadata.gz: c325b131a7eacbee13c0c6caa99288876958ee5a1424a7a14cbff80d13fdc3d8f7886f4f46d57b483fa6ee47c2e019497e72a75d223360698079c59d6db8e138
7
- data.tar.gz: ec80bdf42056d9101b64a7eb99ec991b7aef7a7007a9481ab714253455e260c777af1d42b26765c250c3e9343f84a716b86c860c4c6f677fa9682a5a0e198eb3
6
+ metadata.gz: 23cdaf53c3e84c90ea7bd8caac55c1c0dc5479e70dbd7d893d31e4c9ef7830cda495f90d5d075c0cce93d242abad23b639c69f337df557b060219d633d8c373a
7
+ data.tar.gz: eb84e14c287080cecf3b91e08ef7837c1a7e64e923f9e505974f9fc28f5c95fbf0fcc14777663967f8f553cf9c5f39db52fb8094ca5b20207a4d2db105199e2a
data/.rubocop.yml CHANGED
@@ -1,7 +1,9 @@
1
1
  AllCops:
2
2
  DisplayCopNames: true
3
+ TargetRubyVersion: 2.5
3
4
  Exclude:
4
5
  - spec/**/*
6
+ - ccli.gemspec
5
7
 
6
8
  Metrics/AbcSize:
7
9
  Max: 20
data/.tool-versions ADDED
@@ -0,0 +1 @@
1
+ ruby 2.6.0
data/CHANGELOG.md ADDED
@@ -0,0 +1,23 @@
1
+ # Changelog
2
+
3
+ ## 1.0.1
4
+
5
+ - Reset api user token after login
6
+
7
+ ## 1.0.0
8
+
9
+ - De- and encode data from secrets
10
+
11
+ ## 0.1.2
12
+
13
+ - Updating docs
14
+ - Bugfixing
15
+
16
+ ## 0.1.1
17
+
18
+ - Adding MIT license
19
+
20
+ ## 0.1.0
21
+
22
+ - Publish first version
23
+ - Commands: `login`, `logout`, `account`, `folder`, `{ose,k8s}-secret-pull`, `{ose,k8s}-secret-push`, `teams`, `use`
data/README.md CHANGED
@@ -1,10 +1,10 @@
1
1
  # ccli
2
2
 
3
- Cryptopus Command Line Client
3
+ Command Line Client for [Cryptopus](https://github.com/puzzle/cryptopus)
4
4
 
5
5
  ## Installation
6
6
 
7
- `sudo gem install ccli`
7
+ `gem install ccli`
8
8
 
9
9
  This will install the `cry` command including its dependencies
10
10
 
@@ -17,35 +17,74 @@ This will install the `cry` command including its dependencies
17
17
 
18
18
  ## Usage
19
19
 
20
- ### Labeling secret to be synced
20
+ [Receiving the login token from Cryptopus](docs/get_login_token.md)
21
21
 
22
- So that a secret even gets considered by the `ccli`, you have to add the `cryptopus-sync=true` label to your secret:
22
+ ### Commands
23
23
 
24
- **oc:** `oc label secret <secret-name> cryptopus-sync=true`
24
+ ```
25
+ Command: Summary:
25
26
 
27
+ account Fetches an account by the given id
28
+ folder Selects the Cryptopus folder by id
29
+ help Display global or [command] help documentation
30
+ k8s-secret-pull Pulls secret from Kubectl to Cryptopus
31
+ k8s-secret-push Pushes secret from Cryptopus to Kubectl
32
+ login Logs in to the ccli
33
+ logout Logs out of the ccli
34
+ ose-secret-pull Pulls secret from Openshift to Cryptopus
35
+ ose-secret-push Pushes secret from Cryptopus to Openshift
36
+ teams Lists all available teams
37
+ use Select the current folder
38
+ ```
26
39
 
27
- **kubectl:** `kubectl label secret <secret-name> cryptopus-sync=true`
40
+ Show more specific documentation by calling `cry help <command>`
28
41
 
29
- ### Commands
42
+ ### Account
43
+
44
+ #### Logging in
45
+
46
+ Use the ccli login copy button from the UI or do it manually:
47
+
48
+ user=<my-user>
49
+ token=<my-token>
50
+ url=https://cryptopus.example.com
51
+
52
+ cry login $(echo -n "$user:$token" | base64)@$url
53
+
54
+ #### Retrieving
55
+
56
+ To retreive account data as yaml:
30
57
 
31
58
  ```
32
- Command: Summary:
59
+ cry account 42 > account.yaml
60
+ ```
61
+ Retreiving account's password and assign it to a variable:
33
62
 
34
- account Fetches an account by the given id
35
- folder Selects the Cryptopus folder by id
36
- help Display global or [command] help documentation
37
- k8s-secret-pull Pulls secret from Kubectl to Cryptopus
38
- k8s-secret-push Pushes secret from Cryptopus to Kubectl
39
- login Logs in to the ccli
40
- logout Logs out of the ccli
41
- ose-secret-pull Pulls secret from Openshift to Cryptopus
42
- ose-secret-push Pushes secret from Cryptopus to Openshift
43
- teams Lists all available teams
44
- use Select the current folder
63
+ ```
64
+ PASSWORD=$(cry account 42 --password)
45
65
  ```
46
66
 
47
- Show more specific documentation by calling `cry help <command>`
67
+ #### Updating
68
+
69
+ not supported yet by ccli
70
+
71
+ ### Kubernetes/Openshift
72
+
73
+ #### Required tools
74
+
75
+ First you'll have to install either [oc](https://docs.openshift.com/container-platform/4.3/cli_reference/openshift_cli/getting-started-cli.html#installing-the-cli) or [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) depending on your usage
76
+
77
+ #### Pulling Kubernetes / Openshift Secrets
78
+
79
+ when using the command `{ose|k8s}-secret-pull` after beeing logged in to a k8s/ose project, all secrets labeled with `cryptopus-sync=true` are backed up to cryptopus.
48
80
 
81
+ to label a specific secret do:
82
+
83
+ **oc:** `oc label secret <secret-name> cryptopus-sync=true`
84
+
85
+ **kubectl:** `kubectl label secret <secret-name> cryptopus-sync=true`
86
+
87
+ Restored secrets by `{ose|k8s}-secret-push` are labeled automatically.
49
88
 
50
89
  ## Development
51
90
 
@@ -61,3 +100,7 @@ You will need the following things properly installed on your computer:
61
100
  - `rvm install 2.6.0`
62
101
  - `gem install bundler`
63
102
  - `bundle install`
103
+
104
+ ### Running tests
105
+
106
+ `bundle exec rspec`
data/bin/cry CHANGED
@@ -1,6 +1,6 @@
1
1
  #!/usr/bin/env ruby
2
2
  # frozen_string_literal: true
3
3
 
4
- require_relative '../lib/cli'
4
+ require 'cli'
5
5
 
6
6
  CLI.new.run
data/ccli.gemspec CHANGED
@@ -5,8 +5,15 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = 'ccli'
8
- s.version = '0.1.0'
8
+ s.description = <<-EOF
9
+ CCLI is the Cryptopus Command Line Interface. It allows to fetch account data and list teams from Cryptopus.
10
+ One of the main functionality is backing up secrets from cluster services (currently: openshift, kubernetes)
11
+ to Cryptopus and restoring them as well.
12
+ EOF
13
+ s.version = '1.0.1'
9
14
  s.summary = 'Command line client for the opensource password manager Cryptopus'
15
+ s.license = 'MIT'
16
+ s.homepage = 'https://github.com/puzzle/ccli'
10
17
  s.authors = ['Nils Rauch']
11
18
  s.email = 'rauch@puzzle.ch'
12
19
  s.require_paths = ['lib']
@@ -16,9 +23,15 @@ Gem::Specification.new do |s|
16
23
  s.bindir = 'bin'
17
24
  s.executables = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
18
25
  s.required_ruby_version = Gem::Requirement.new('>= 2.0')
26
+ s.metadata = {
27
+ "bug_tracker_uri" => "https://github.com/puzzle/ccli/issues",
28
+ "changelog_uri" => "https://github.com/puzzle/ccli/blob/master/CHANGELOG.md",
29
+ "source_code_uri" => "https://github.com/puzzle/ccli"
30
+ }
19
31
 
20
32
  s.add_runtime_dependency 'commander', '~> 4.5', '>= 4.5.2'
21
33
  s.add_runtime_dependency 'tty-command'
22
34
  s.add_runtime_dependency 'tty-exit'
23
35
  s.add_runtime_dependency 'tty-logger'
36
+
24
37
  end
@@ -0,0 +1,18 @@
1
+ # Receiving the Login token from Cryptopus
2
+
3
+ To use the CCLI, you'll first have to receive the login token from Cryptopus.
4
+
5
+ 1. Log in to your instance of Cryptopus
6
+ 2. Navigate to your user settings
7
+ 3. Choose or create the api user you want to use via the ccli (keep the valid time in mind)
8
+ 4. Grant the API user permissions to access the groups you need to use with the ccli
9
+ 5. Use the ccli login copy button
10
+ 6. Copy the command from your clipboard to the terminal
11
+
12
+ ## Accessing user settings
13
+
14
+ ![user_settings](images/access_user_settings.png)
15
+
16
+ ## Copy CCLI Login
17
+
18
+ ![copy_ccli_login](images/copy_ccli_login.png)
Binary file
@@ -35,7 +35,7 @@ class ClusterSecretAdapter
35
35
  raise client_not_logged_in_error unless client_logged_in?
36
36
 
37
37
  File.open("/tmp/#{secret.name}.yml", 'w') do |file|
38
- file.write secret.ose_secret
38
+ file.write secret.to_yaml
39
39
  end
40
40
 
41
41
  cmd.run("#{client} delete -f /tmp/#{secret.name}.yml --ignore-not-found=true")
data/lib/cli.rb CHANGED
@@ -14,7 +14,7 @@ class CLI
14
14
  # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metric/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/BlockLength
15
15
  def run
16
16
  program :name, 'cry - cryptopus cli'
17
- program :version, '1.0.0'
17
+ program :version, '1.0.1'
18
18
  program :description, 'CLI tool to manage Openshift Secrets via Cryptopus'
19
19
  program :help, 'Source Code', 'https://www.github.com/puzzle/ccli'
20
20
  program :help, 'Usage', 'cry [flags]'
@@ -16,7 +16,21 @@ class OSESecret
16
16
  OSESecretSerializer.to_yaml(self)
17
17
  end
18
18
 
19
+ private
20
+
21
+ def encoded_data(data)
22
+ data.transform_values do |value|
23
+ Base64.strict_encode64(value)
24
+ rescue ArgumentError
25
+ value
26
+ end
27
+ end
28
+
19
29
  class << self
30
+ def from_yaml(yaml)
31
+ OSESecretSerializer.from_yaml(yaml)
32
+ end
33
+
20
34
  def find_by_name(name)
21
35
  OSESecretSerializer.from_yaml(OSEAdapter.new.fetch_secret(name))
22
36
  end
@@ -51,7 +51,7 @@ class AccountSerializer
51
51
  end
52
52
 
53
53
  def to_osesecret(account)
54
- OSESecret.new(account.accountname, account.ose_secret)
54
+ OSESecret.from_yaml(account.ose_secret)
55
55
  end
56
56
  end
57
57
  end
@@ -1,16 +1,54 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require 'psych'
4
+ require 'base64'
4
5
 
5
6
  class OSESecretSerializer
6
7
  class << self
8
+ # rubocop:disable Metrics/MethodLength
7
9
  def from_yaml(yaml)
8
- secret_hash = Psych.load(yaml, symbolize_names: true)
9
- OSESecret.new(secret_hash.dig(:metadata, :name), yaml)
10
+ secret_hash = Psych.load(yaml)
11
+ data = {
12
+ 'apiVersion' => secret_hash['apiVersion'],
13
+ 'data' => decoded_data(secret_hash['data']),
14
+ 'kind' => secret_hash['kind'],
15
+ 'metadata' => {
16
+ 'name' => secret_hash['metadata']['name'],
17
+ 'labels' => secret_hash['metadata']['labels']
18
+ }
19
+ }.to_yaml
20
+ OSESecret.new(secret_hash['metadata']['name'], data.to_s)
10
21
  end
22
+ # rubocop:enable Metrics/MethodLength
11
23
 
12
24
  def to_account(secret)
13
25
  Account.new(accountname: secret.name, ose_secret: secret.ose_secret, type: 'ose_secret')
14
26
  end
27
+
28
+ def to_yaml(secret)
29
+ secret_hash = Psych.load(secret.ose_secret)
30
+ secret_hash['data'] = encoded_data(secret_hash['data'])
31
+ secret_hash.to_yaml
32
+ end
33
+
34
+ private
35
+
36
+ def decoded_data(data)
37
+ return {} unless data
38
+
39
+ data.transform_values do |value|
40
+ Base64.strict_decode64(value)
41
+ rescue ArgumentError
42
+ value
43
+ end
44
+ end
45
+
46
+ def encoded_data(data)
47
+ return {} unless data
48
+
49
+ data.transform_values do |value|
50
+ Base64.strict_encode64(value)
51
+ end
52
+ end
15
53
  end
16
54
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ccli
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 1.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nils Rauch
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-10-16 00:00:00.000000000 Z
11
+ date: 2022-04-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: commander
@@ -72,7 +72,10 @@ dependencies:
72
72
  - - ">="
73
73
  - !ruby/object:Gem::Version
74
74
  version: '0'
75
- description:
75
+ description: |2
76
+ CCLI is the Cryptopus Command Line Interface. It allows to fetch account data and list teams from Cryptopus.
77
+ One of the main functionality is backing up secrets from cluster services (currently: openshift, kubernetes)
78
+ to Cryptopus and restoring them as well.
76
79
  email: rauch@puzzle.ch
77
80
  executables:
78
81
  - cry
@@ -80,12 +83,17 @@ extensions: []
80
83
  extra_rdoc_files: []
81
84
  files:
82
85
  - ".rubocop.yml"
86
+ - ".tool-versions"
83
87
  - ".travis.yml"
88
+ - CHANGELOG.md
84
89
  - Gemfile
85
90
  - Gemfile.lock
86
91
  - README.md
87
92
  - bin/cry
88
93
  - ccli.gemspec
94
+ - docs/get_login_token.md
95
+ - docs/images/access_user_settings.png
96
+ - docs/images/copy_ccli_login.png
89
97
  - lib/adapters/cluster_secret_adapter.rb
90
98
  - lib/adapters/cryptopus_adapter.rb
91
99
  - lib/adapters/k8s_adapter.rb
@@ -103,9 +111,13 @@ files:
103
111
  - lib/serializers/folder_serializer.rb
104
112
  - lib/serializers/ose_secret_serializer.rb
105
113
  - lib/serializers/team_serializer.rb
106
- homepage:
107
- licenses: []
108
- metadata: {}
114
+ homepage: https://github.com/puzzle/ccli
115
+ licenses:
116
+ - MIT
117
+ metadata:
118
+ bug_tracker_uri: https://github.com/puzzle/ccli/issues
119
+ changelog_uri: https://github.com/puzzle/ccli/blob/master/CHANGELOG.md
120
+ source_code_uri: https://github.com/puzzle/ccli
109
121
  post_install_message:
110
122
  rdoc_options: []
111
123
  require_paths:
@@ -121,8 +133,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
121
133
  - !ruby/object:Gem::Version
122
134
  version: '0'
123
135
  requirements: []
124
- rubyforge_project:
125
- rubygems_version: 2.7.9
136
+ rubygems_version: 3.0.8
126
137
  signing_key:
127
138
  specification_version: 4
128
139
  summary: Command line client for the opensource password manager Cryptopus