ccli 0.1.1 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +2 -0
- data/CHANGELOG.md +19 -0
- data/README.md +9 -1
- data/bin/cry +1 -1
- data/ccli.gemspec +12 -3
- data/docs/get_login_token.md +17 -0
- data/docs/images/access_user_settings.png +0 -0
- data/docs/images/copy_ccli_login.png +0 -0
- data/lib/adapters/cluster_secret_adapter.rb +1 -1
- data/lib/cli.rb +0 -5
- data/lib/models/ose_secret.rb +14 -0
- data/lib/serializers/account_serializer.rb +1 -1
- data/lib/serializers/ose_secret_serializer.rb +40 -2
- metadata +15 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: cd81289d8f1456f22834f09726e3e21275e41ba9eed0770ae6c428b888026e7f
|
4
|
+
data.tar.gz: d568dd0e2761eab159da28682f8ea9cf0ea937c3500ad2d4cc36679ffaff051d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1367531fedc2c9d0536dca82db34472cc55114c1dfb563936fb0f893159c20c6c4e9634fc06e623d9c1be11b58a4edc8a16548d65f91364bdb31a818c6c02e8f
|
7
|
+
data.tar.gz: a65442a27de2040b4e0c9c5d53ca709954dd1fab2555197e01684a76744a7cc6c314fb74a79e69ae78929dd284ce68c0e2262071bd00dcd5e57626b370d1f5fb
|
data/.rubocop.yml
CHANGED
data/CHANGELOG.md
ADDED
@@ -0,0 +1,19 @@
|
|
1
|
+
# Changelog
|
2
|
+
|
3
|
+
## 1.0.0
|
4
|
+
|
5
|
+
- De- and encode data from secrets
|
6
|
+
|
7
|
+
## 0.1.2
|
8
|
+
|
9
|
+
- Updating docs
|
10
|
+
- Bugfixing
|
11
|
+
|
12
|
+
## 0.1.1
|
13
|
+
|
14
|
+
- Adding MIT license
|
15
|
+
|
16
|
+
## 0.1.0
|
17
|
+
|
18
|
+
- Publish first version
|
19
|
+
- Commands: `login`, `logout`, `account`, `folder`, `{ose,k8s}-secret-pull`, `{ose,k8s}-secret-push`, `teams`, `use`
|
data/README.md
CHANGED
@@ -17,7 +17,15 @@ This will install the `cry` command including its dependencies
|
|
17
17
|
|
18
18
|
## Usage
|
19
19
|
|
20
|
-
|
20
|
+
[Receiving the login token from Cryptopus](docs/get_login_token.md)
|
21
|
+
|
22
|
+
### Kubernetes/Openshift
|
23
|
+
|
24
|
+
#### Required tools
|
25
|
+
|
26
|
+
First you'll have to install either [oc](https://docs.openshift.com/container-platform/4.3/cli_reference/openshift_cli/getting-started-cli.html#installing-the-cli) or [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) depending on your usage
|
27
|
+
|
28
|
+
#### Labeling secret to be synced
|
21
29
|
|
22
30
|
So that a secret even gets considered by the `ccli`, you have to add the `cryptopus-sync=true` label to your secret:
|
23
31
|
|
data/bin/cry
CHANGED
data/ccli.gemspec
CHANGED
@@ -5,8 +5,15 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |s|
|
7
7
|
s.name = 'ccli'
|
8
|
-
s.
|
8
|
+
s.description = <<-EOF
|
9
|
+
CCLI is the Cryptopus Command Line Interface. It allows to fetch account data and list teams from Cryptopus.
|
10
|
+
One of the main functionality is backing up secrets from cluster services (currently: openshift, kubernetes)
|
11
|
+
to Cryptopus and restoring them as well.
|
12
|
+
EOF
|
13
|
+
s.version = '1.0.0'
|
9
14
|
s.summary = 'Command line client for the opensource password manager Cryptopus'
|
15
|
+
s.license = 'MIT'
|
16
|
+
s.homepage = 'https://github.com/puzzle/ccli'
|
10
17
|
s.authors = ['Nils Rauch']
|
11
18
|
s.email = 'rauch@puzzle.ch'
|
12
19
|
s.require_paths = ['lib']
|
@@ -17,12 +24,14 @@ Gem::Specification.new do |s|
|
|
17
24
|
s.executables = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
18
25
|
s.required_ruby_version = Gem::Requirement.new('>= 2.0')
|
19
26
|
s.metadata = {
|
20
|
-
"
|
27
|
+
"bug_tracker_uri" => "https://github.com/puzzle/ccli/issues",
|
28
|
+
"changelog_uri" => "https://github.com/puzzle/ccli/blob/master/CHANGELOG.md",
|
29
|
+
"source_code_uri" => "https://github.com/puzzle/ccli"
|
21
30
|
}
|
22
|
-
s.license = 'MIT'
|
23
31
|
|
24
32
|
s.add_runtime_dependency 'commander', '~> 4.5', '>= 4.5.2'
|
25
33
|
s.add_runtime_dependency 'tty-command'
|
26
34
|
s.add_runtime_dependency 'tty-exit'
|
27
35
|
s.add_runtime_dependency 'tty-logger'
|
36
|
+
|
28
37
|
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
# Receiving the Login token from Cryptopus
|
2
|
+
|
3
|
+
To use the CCLI, you'll first have to receive the login token from Cryptopus.
|
4
|
+
|
5
|
+
1. Log in to your instance of Cryptopus
|
6
|
+
2. Navigate to your user settings
|
7
|
+
3. Choose or create the api user you want to use via the ccli (keep the valid time in mind)
|
8
|
+
4. Use the ccli login copy button
|
9
|
+
5. Copy the command from your clipboard to the terminal
|
10
|
+
|
11
|
+
## Accessing user settings
|
12
|
+
|
13
|
+
![user_settings](images/access_user_settings.png)
|
14
|
+
|
15
|
+
## Copy CCLI Login
|
16
|
+
|
17
|
+
![copy_ccli_login](images/copy_ccli_login.png)
|
Binary file
|
Binary file
|
@@ -35,7 +35,7 @@ class ClusterSecretAdapter
|
|
35
35
|
raise client_not_logged_in_error unless client_logged_in?
|
36
36
|
|
37
37
|
File.open("/tmp/#{secret.name}.yml", 'w') do |file|
|
38
|
-
file.write secret.
|
38
|
+
file.write secret.to_yaml
|
39
39
|
end
|
40
40
|
|
41
41
|
cmd.run("#{client} delete -f /tmp/#{secret.name}.yml --ignore-not-found=true")
|
data/lib/cli.rb
CHANGED
@@ -27,7 +27,6 @@ class CLI
|
|
27
27
|
token, url = extract_login_args(args)
|
28
28
|
execute_action do
|
29
29
|
session_adapter.update_session({ encoded_token: token, url: url })
|
30
|
-
renew_auth_token
|
31
30
|
|
32
31
|
# Test authentification by calling teams endpoint
|
33
32
|
Team.all
|
@@ -332,10 +331,6 @@ class CLI
|
|
332
331
|
def k8s_adapter
|
333
332
|
@k8s_adapter ||= K8SAdapter.new
|
334
333
|
end
|
335
|
-
|
336
|
-
def renew_auth_token
|
337
|
-
session_adapter.update_session({ token: cryptopus_adapter.renewed_auth_token })
|
338
|
-
end
|
339
334
|
end
|
340
335
|
# rubocop:enable Metrics/ClassLength
|
341
336
|
|
data/lib/models/ose_secret.rb
CHANGED
@@ -16,7 +16,21 @@ class OSESecret
|
|
16
16
|
OSESecretSerializer.to_yaml(self)
|
17
17
|
end
|
18
18
|
|
19
|
+
private
|
20
|
+
|
21
|
+
def encoded_data(data)
|
22
|
+
data.transform_values do |value|
|
23
|
+
Base64.strict_encode64(value)
|
24
|
+
rescue ArgumentError
|
25
|
+
value
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
19
29
|
class << self
|
30
|
+
def from_yaml(yaml)
|
31
|
+
OSESecretSerializer.from_yaml(yaml)
|
32
|
+
end
|
33
|
+
|
20
34
|
def find_by_name(name)
|
21
35
|
OSESecretSerializer.from_yaml(OSEAdapter.new.fetch_secret(name))
|
22
36
|
end
|
@@ -1,16 +1,54 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require 'psych'
|
4
|
+
require 'base64'
|
4
5
|
|
5
6
|
class OSESecretSerializer
|
6
7
|
class << self
|
8
|
+
# rubocop:disable Metrics/MethodLength
|
7
9
|
def from_yaml(yaml)
|
8
|
-
secret_hash = Psych.load(yaml
|
9
|
-
|
10
|
+
secret_hash = Psych.load(yaml)
|
11
|
+
data = {
|
12
|
+
'apiVersion' => secret_hash['apiVersion'],
|
13
|
+
'data' => decoded_data(secret_hash['data']),
|
14
|
+
'kind' => secret_hash['kind'],
|
15
|
+
'metadata' => {
|
16
|
+
'name' => secret_hash['metadata']['name'],
|
17
|
+
'labels' => secret_hash['metadata']['labels']
|
18
|
+
}
|
19
|
+
}.to_yaml
|
20
|
+
OSESecret.new(secret_hash['metadata']['name'], data.to_s)
|
10
21
|
end
|
22
|
+
# rubocop:enable Metrics/MethodLength
|
11
23
|
|
12
24
|
def to_account(secret)
|
13
25
|
Account.new(accountname: secret.name, ose_secret: secret.ose_secret, type: 'ose_secret')
|
14
26
|
end
|
27
|
+
|
28
|
+
def to_yaml(secret)
|
29
|
+
secret_hash = Psych.load(secret.ose_secret)
|
30
|
+
secret_hash['data'] = encoded_data(secret_hash['data'])
|
31
|
+
secret_hash.to_yaml
|
32
|
+
end
|
33
|
+
|
34
|
+
private
|
35
|
+
|
36
|
+
def decoded_data(data)
|
37
|
+
return {} unless data
|
38
|
+
|
39
|
+
data.transform_values do |value|
|
40
|
+
Base64.strict_decode64(value)
|
41
|
+
rescue ArgumentError
|
42
|
+
value
|
43
|
+
end
|
44
|
+
end
|
45
|
+
|
46
|
+
def encoded_data(data)
|
47
|
+
return {} unless data
|
48
|
+
|
49
|
+
data.transform_values do |value|
|
50
|
+
Base64.strict_encode64(value)
|
51
|
+
end
|
52
|
+
end
|
15
53
|
end
|
16
54
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ccli
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 1.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Nils Rauch
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-12-18 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: commander
|
@@ -72,7 +72,10 @@ dependencies:
|
|
72
72
|
- - ">="
|
73
73
|
- !ruby/object:Gem::Version
|
74
74
|
version: '0'
|
75
|
-
description:
|
75
|
+
description: |2
|
76
|
+
CCLI is the Cryptopus Command Line Interface. It allows to fetch account data and list teams from Cryptopus.
|
77
|
+
One of the main functionality is backing up secrets from cluster services (currently: openshift, kubernetes)
|
78
|
+
to Cryptopus and restoring them as well.
|
76
79
|
email: rauch@puzzle.ch
|
77
80
|
executables:
|
78
81
|
- cry
|
@@ -81,11 +84,15 @@ extra_rdoc_files: []
|
|
81
84
|
files:
|
82
85
|
- ".rubocop.yml"
|
83
86
|
- ".travis.yml"
|
87
|
+
- CHANGELOG.md
|
84
88
|
- Gemfile
|
85
89
|
- Gemfile.lock
|
86
90
|
- README.md
|
87
91
|
- bin/cry
|
88
92
|
- ccli.gemspec
|
93
|
+
- docs/get_login_token.md
|
94
|
+
- docs/images/access_user_settings.png
|
95
|
+
- docs/images/copy_ccli_login.png
|
89
96
|
- lib/adapters/cluster_secret_adapter.rb
|
90
97
|
- lib/adapters/cryptopus_adapter.rb
|
91
98
|
- lib/adapters/k8s_adapter.rb
|
@@ -103,11 +110,13 @@ files:
|
|
103
110
|
- lib/serializers/folder_serializer.rb
|
104
111
|
- lib/serializers/ose_secret_serializer.rb
|
105
112
|
- lib/serializers/team_serializer.rb
|
106
|
-
homepage:
|
113
|
+
homepage: https://github.com/puzzle/ccli
|
107
114
|
licenses:
|
108
115
|
- MIT
|
109
116
|
metadata:
|
110
|
-
|
117
|
+
bug_tracker_uri: https://github.com/puzzle/ccli/issues
|
118
|
+
changelog_uri: https://github.com/puzzle/ccli/blob/master/CHANGELOG.md
|
119
|
+
source_code_uri: https://github.com/puzzle/ccli
|
111
120
|
post_install_message:
|
112
121
|
rdoc_options: []
|
113
122
|
require_paths:
|
@@ -123,8 +132,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
123
132
|
- !ruby/object:Gem::Version
|
124
133
|
version: '0'
|
125
134
|
requirements: []
|
126
|
-
|
127
|
-
rubygems_version: 2.7.9
|
135
|
+
rubygems_version: 3.1.4
|
128
136
|
signing_key:
|
129
137
|
specification_version: 4
|
130
138
|
summary: Command line client for the opensource password manager Cryptopus
|