ccli 0.1.1 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a20c067bb37955bc5db9f0977498c65038f57707e9f9a84cd39a229748daa283
-  data.tar.gz: 888934204b52a9017f4aa8c9d1deea23513c07ca5b08c48831610c2320ed6128
+  metadata.gz: d2f2f0b3d9151f52f911b794e164119054e2d281d3291f06a8e04b3ada1382d0
+  data.tar.gz: 5fef82bab17bf44d9b922c8ef543c89405e8aee145cf98c138c932d42c37bb4a
 SHA512:
-  metadata.gz: 6152b10e88db00f0e7c0c7e9d2baedf9a7446b2695b5aa806b8f195a275c1410d4628df5bac7b8bebcd86390f01e4c9581cf971f7b90e7335326d4433bf21843
-  data.tar.gz: 0f2761c2c6a7059f2ded3ebb3a853d0a2d99bc31e793655519a75696ac15c0c9c3b3156654de094794bf0840387a2f4f9912bf6200d214c8f69f2fb3df15068b
+  metadata.gz: 10b197547309059384bb1fdd65135f5950cbf33cbbb9aed7fb5e871cb436cb493ef8524902e31318dbabd4fd1a98d26a4f769937845e97eb72e5a6c65ad43093
+  data.tar.gz: 6ef9539d2512c4ec66ae63d5eb400bc06fd1d8c33147304dffb2f2527ed3f74ba9e7e64b7b85f2da88806bef4f9be18c41ffd73ebe6cfb3ab04a92be4902fbfa

data/.rubocop.yml

@@ -1,7 +1,9 @@
 AllCops:
   DisplayCopNames: true
+  TargetRubyVersion: 2.5
   Exclude:
     - spec/**/*
+    - ccli.gemspec
 
 Metrics/AbcSize:
   Max: 20

data/.tool-versions

@@ -0,0 +1 @@
+ruby 2.6.0

data/CHANGELOG.md

@@ -0,0 +1,27 @@
+# Changelog
+
+## 1.1.0
+
+- Rename Account to Encryptable to support Cryptopus > 4.2
+
+## 1.0.1
+
+- Reset api user token after login
+
+## 1.0.0
+
+- De- and encode data from secrets
+
+## 0.1.2
+
+- Updating docs
+- Bugfixing
+
+## 0.1.1
+
+- Adding MIT license
+
+## 0.1.0
+
+- Publish first version
+- Commands: `login`, `logout`, `account`, `folder`, `{ose,k8s}-secret-pull`, `{ose,k8s}-secret-push`, `teams`, `use`

data/Gemfile

@@ -5,9 +5,9 @@ source 'https://rubygems.org'
 gem 'commander', '~> 4.5', '>= 4.5.2'
 gem 'rspec', '~> 3.9'
 gem 'rubocop', '~> 0.89.0'
-gem 'tty-command'
-gem 'tty-exit'
-gem 'tty-logger'
+gem 'tty-command', '~> 0.10'
+gem 'tty-exit', '~> 0.1'
+gem 'tty-logger', '~> 0.6'
 
 gem 'pry'
 gem 'pry-byebug'

data/Gemfile.lock

@@ -7,14 +7,12 @@ GEM
     commander (4.5.2)
       highline (~> 2.0.0)
     diff-lcs (1.4.4)
-    equatable (0.6.1)
     highline (2.0.3)
     method_source (1.0.0)
     parallel (1.19.2)
     parser (2.7.1.4)
       ast (~> 2.4.1)
-    pastel (0.7.4)
-      equatable (~> 0.6)
+    pastel (0.8.0)
       tty-color (~> 0.5)
     pry (0.13.1)
       coderay (~> 1.1)
@@ -24,7 +22,7 @@ GEM
       pry (~> 0.13.0)
     rainbow (3.0.0)
     regexp_parser (1.7.1)
-    rexml (3.2.4)
+    rexml (3.2.5)
     rspec (3.9.0)
       rspec-core (~> 3.9.0)
       rspec-expectations (~> 3.9.0)
@@ -50,12 +48,12 @@ GEM
     rubocop-ast (0.3.0)
       parser (>= 2.7.1.4)
     ruby-progressbar (1.10.1)
-    tty-color (0.5.2)
-    tty-command (0.9.0)
-      pastel (~> 0.7.0)
+    tty-color (0.6.0)
+    tty-command (0.10.1)
+      pastel (~> 0.8)
     tty-exit (0.1.0)
-    tty-logger (0.3.0)
-      pastel (~> 0.7.0)
+    tty-logger (0.6.0)
+      pastel (~> 0.8)
     unicode-display_width (1.7.0)
 
 PLATFORMS
@@ -67,9 +65,9 @@ DEPENDENCIES
   pry-byebug
   rspec (~> 3.9)
   rubocop (~> 0.89.0)
-  tty-command
-  tty-exit
-  tty-logger
+  tty-command (~> 0.10)
+  tty-exit (~> 0.1)
+  tty-logger (~> 0.6)
 
 BUNDLED WITH
    2.1.4

data/README.md

@@ -1,6 +1,6 @@
 # ccli
 
-Cryptopus Command Line Client
+Command Line Client for [Cryptopus](https://github.com/puzzle/cryptopus)
 
 ## Installation
 
@@ -10,42 +10,81 @@ This will install the `cry` command including its dependencies
 
 ## Features
 
-- Fetch account data from Cryptopus
+- Fetch encryptable data from Cryptopus
 - List accessable teams in Cryptopus
 - Sync Openshift/Kubernetes Secrets to Cryptopus
 - Sync Secrets from Cryptopus to Openshift/Kubernetes
 
 ## Usage
 
-### Labeling secret to be synced
+[Receiving the login token from Cryptopus](docs/get_login_token.md)
 
-So that a secret even gets considered by the `ccli`, you have to add the `cryptopus-sync=true` label to your secret:
+### Commands
 
-**oc:** `oc label secret <secret-name> cryptopus-sync=true`
+```
+  Command:           Summary:
 
+  encryptable            Fetches an encryptable by the given id
+  folder             Selects the Cryptopus folder by id
+  help               Display global or [command] help documentation
+  k8s-secret-pull    Pulls secret from Kubectl to Cryptopus
+  k8s-secret-push    Pushes secret from Cryptopus to Kubectl
+  login              Logs in to the ccli
+  logout             Logs out of the ccli
+  ose-secret-pull    Pulls secret from Openshift to Cryptopus
+  ose-secret-push    Pushes secret from Cryptopus to Openshift
+  teams              Lists all available teams
+  use                Select the current folder
+```
 
-**kubectl:** `kubectl label secret <secret-name> cryptopus-sync=true`
+Show more specific documentation by calling `cry help <command>`
 
-### Commands
+### Account
+
+#### Logging in
+
+Use the ccli login copy button from the UI or do it manually:
+
+    user=<my-user>
+    token=<my-token>
+    url=https://cryptopus.example.com
+
+    cry login $(echo -n "$user:$token" | base64)@$url
+
+#### Retrieving
+
+To retreive encryptable data as yaml:
 
 ```
-  Command:           Summary:
+cry encryptable 42 > encryptable.yaml
+```
+Retreiving encryptable's password and assign it to a variable:
 
-  account            Fetches an account by the given id          
-  folder             Selects the Cryptopus folder by id          
-  help               Display global or [command] help documentation              
-  k8s-secret-pull    Pulls secret from Kubectl to Cryptopus              
-  k8s-secret-push    Pushes secret from Cryptopus to Kubectl             
-  login              Logs in to the ccli         
-  logout             Logs out of the ccli                
-  ose-secret-pull    Pulls secret from Openshift to Cryptopus            
-  ose-secret-push    Pushes secret from Cryptopus to Openshift           
-  teams              Lists all available teams           
-  use                Select the current folder   
+```
+PASSWORD=$(cry encryptable 42 --password)
 ```
 
-Show more specific documentation by calling `cry help <command>`
+#### Updating
+
+not supported yet by ccli
+
+### Kubernetes/Openshift
+
+#### Required tools
+
+First you'll have to install either [oc](https://docs.openshift.com/container-platform/4.3/cli_reference/openshift_cli/getting-started-cli.html#installing-the-cli) or [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) depending on your usage
+
+#### Pulling Kubernetes / Openshift Secrets
+
+when using the command `{ose|k8s}-secret-pull` after beeing logged in to a k8s/ose project, all secrets labeled with `cryptopus-sync=true` are backed up to cryptopus.
 
+to label a specific secret do:
+
+**oc:** `oc label secret <secret-name> cryptopus-sync=true`
+
+**kubectl:** `kubectl label secret <secret-name> cryptopus-sync=true`
+
+Restored secrets by `{ose|k8s}-secret-push` are labeled automatically.
 
 ## Development
 
@@ -61,3 +100,7 @@ You will need the following things properly installed on your computer:
 - `rvm install 2.6.0`
 - `gem install bundler`
 - `bundle install`
+
+### Running tests
+
+`bundle exec rspec`

data/bin/cry

@@ -1,6 +1,6 @@
 #!/usr/bin/env ruby
 # frozen_string_literal: true
 
-require_relative '../lib/cli'
+require 'cli'
 
 CLI.new.run

data/ccli.gemspec

@@ -5,8 +5,15 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
 Gem::Specification.new do |s|
   s.name          = 'ccli'
-  s.version       = '0.1.1'
+  s.description   = <<-EOF
+    CCLI is the Cryptopus Command Line Interface. It allows to fetch encryptable data and list teams from Cryptopus.
+    One of the main functionality is backing up secrets from cluster services (currently: openshift, kubernetes)
+    to Cryptopus and restoring them as well.
+  EOF
+  s.version       = '1.1.0'
   s.summary       = 'Command line client for the opensource password manager Cryptopus'
+  s.license       = 'MIT'
+  s.homepage      = 'https://github.com/puzzle/ccli'
   s.authors       = ['Nils Rauch']
   s.email         = 'rauch@puzzle.ch'
   s.require_paths = ['lib']
@@ -17,12 +24,14 @@ Gem::Specification.new do |s|
   s.executables   = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
   s.required_ruby_version = Gem::Requirement.new('>= 2.0')
   s.metadata = {
-    "source_code_uri"   => "https://www.github.com/puzzle/ccli"
+    "bug_tracker_uri"   => "https://github.com/puzzle/ccli/issues",
+    "changelog_uri"     => "https://github.com/puzzle/ccli/blob/master/CHANGELOG.md",
+    "source_code_uri"   => "https://github.com/puzzle/ccli"
   }
-  s.license = 'MIT'
 
   s.add_runtime_dependency 'commander', '~> 4.5', '>= 4.5.2'
-  s.add_runtime_dependency 'tty-command'
-  s.add_runtime_dependency 'tty-exit'
-  s.add_runtime_dependency 'tty-logger'
+  s.add_runtime_dependency 'tty-command', '~> 0.10'
+  s.add_runtime_dependency 'tty-exit', '~> 0.1'
+  s.add_runtime_dependency 'tty-logger', '~> 0.6'
+
 end

data/docs/get_login_token.md

@@ -0,0 +1,18 @@
+# Receiving the Login token from Cryptopus
+
+To use the CCLI, you'll first have to receive the login token from Cryptopus.
+
+1. Log in to your instance of Cryptopus
+2. Navigate to your user settings
+3. Choose or create the api user you want to use via the ccli (keep the valid time in mind)
+4. Grant the API user permissions to access the groups you need to use with the ccli
+5. Use the ccli login copy button
+6. Copy the command from your clipboard to the terminal
+
+## Accessing user settings
+
+![user_settings](images/access_user_settings.png)
+
+## Copy CCLI Login
+
+![copy_ccli_login](images/copy_ccli_login.png)

data/lib/adapters/cluster_secret_adapter.rb

@@ -35,7 +35,7 @@ class ClusterSecretAdapter
     raise client_not_logged_in_error unless client_logged_in?
 
     File.open("/tmp/#{secret.name}.yml", 'w') do |file|
-      file.write secret.ose_secret
+      file.write secret.to_yaml
     end
 
     cmd.run("#{client} delete -f /tmp/#{secret.name}.yml --ignore-not-found=true")

data/lib/adapters/cryptopus_adapter.rb

@@ -34,24 +34,23 @@ class CryptopusAdapter
   end
 
   def save_secret(secret)
-    secret_account = secret.to_account
-    secret_account.folder = session_adapter.selected_folder.id
-
-    persisted_secret = Account.find_by_name_and_folder_id(secret.name,
-                                                          session_adapter.selected_folder.id)
+    secret_encryptable = secret.to_encryptable
+    secret_encryptable.folder = session_adapter.selected_folder.id
+    persisted_secret = Encryptable.find_by_name_and_folder_id(secret.name,
+                                                              session_adapter.selected_folder.id)
     if persisted_secret
-      patch("accounts/#{persisted_secret.id}", secret_account.to_json)
+      patch("encryptables/#{persisted_secret.id}", secret_encryptable.to_json)
     else
-      post('accounts', secret_account.to_json)
+      post('encryptables', secret_encryptable.to_json)
     end
   end
 
-  def find_account_by_name(name)
-    secret_account = Account.find_by_name_and_folder_id(name, session_adapter.selected_folder.id)
+  def find_encryptable_by_name(name)
+    secret_encryptable = Encryptable.find_by_name_and_folder_id(name, session_adapter.selected_folder.id)
 
-    raise CryptopusAccountNotFoundError unless secret_account
+    raise CryptopusEncryptableNotFoundError unless secret_encryptable
 
-    secret_account
+    secret_encryptable
   end
 
   def renewed_auth_token

data/lib/cli.rb

@@ -14,7 +14,7 @@ class CLI
   # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metric/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/BlockLength
   def run
     program :name, 'cry - cryptopus cli'
-    program :version, '1.0.0'
+    program :version, '1.1.0'
     program :description, 'CLI tool to manage Openshift Secrets via Cryptopus'
     program :help, 'Source Code', 'https://www.github.com/puzzle/ccli'
     program :help, 'Usage', 'cry [flags]'
@@ -49,20 +49,20 @@ class CLI
       end
     end
 
-    command :account do |c|
-      c.syntax = 'cry account <id> [options]'
-      c.description = 'Fetches an account by the given id'
+    command :encryptable do |c|
+      c.syntax = 'cry encryptable <id> [options]'
+      c.description = 'Fetches an encryptable by the given id'
       c.option '--username', String, 'Only show the username of the user'
       c.option '--password', String, 'Only show the password of the user'
 
       c.action do |args, options|
         exit_with_error(:usage_error, 'id missing') if args.empty?
         execute_action do
-          logger.info 'Fetching account...'
-          account = Account.find(args.first)
-          out = account.username if options.username
-          out = account.password if options.password
-          puts out || account.to_yaml
+          logger.info 'Fetching encryptable...'
+          encryptable = Encryptable.find(args.first)
+          out = encryptable.username if options.username
+          out = encryptable.password if options.password
+          puts out || encryptable.to_yaml
         end
       end
     end
@@ -120,25 +120,25 @@ class CLI
       c.summary = 'Pushes secret from Cryptopus to Openshift'
       c.description = 'Pushes the Secret to Openshift by retrieving it from Cryptopus first. ' \
                       'If a Secret in the selected Openshift project using the name ' \
-                      'of the given accountname is already present, it will be updated accordingly.'
+                      'of the given name is already present, it will be updated accordingly.'
 
       c.action do |args|
         secret_name = args.first
         exit_with_error(:usage_error, 'Only one secret can be pushed') if args.length > 1
         execute_action({ secret_name: secret_name }) do
-          secret_accounts = if secret_name.nil?
-                              logger.info 'Fetching all accounts in folder...'
-                              session_adapter.selected_folder.accounts
+          secret_encryptables = if secret_name.nil?
+                              logger.info 'Fetching all encryptables in folder...'
+                              session_adapter.selected_folder.encryptables
                             else
-                              logger.info "Fetching account #{secret_name}..."
-                              [cryptopus_adapter.find_account_by_name(secret_name)]
+                              logger.info "Fetching encryptable #{secret_name}..."
+                              [cryptopus_adapter.find_encryptable_by_name(secret_name)]
                             end
-          secret_accounts.each do |account|
-            logger.info "Fetching secret #{account.accountname}..."
-            secret_account = Account.find(account.id)
-            logger.info "Inserting secret #{account.accountname}..."
-            ose_adapter.insert_secret(secret_account.to_osesecret)
-            log_success "Secret #{secret_account.accountname} was successfully applied"
+          secret_encryptables.each do |encryptable|
+            logger.info "Fetching secret #{encryptable.name}..."
+            secret_encryptable = Encryptable.find(encryptable.id)
+            logger.info "Inserting secret #{encryptable.name}..."
+            ose_adapter.insert_secret(secret_encryptable.to_osesecret)
+            log_success "Secret #{secret_encryptable.name} was successfully applied"
           end
         end
       end
@@ -148,7 +148,7 @@ class CLI
       c.syntax = 'cry k8s-secret-pull <secret-name>'
       c.summary = 'Pulls secret from Kubectl to Cryptopus'
       c.description = "Pulls the Secret from Kubectl and pushes them to Cryptopus.\n" \
-                      'If a Cryptopus Account in the selected folder using the name ' \
+                      'If a Cryptopus Encryptable in the selected folder using the name ' \
                       "of the given secret is already present, it will be updated accordingly.\n" \
                       'If no name is given, it will pull all secrets inside the selected project.'
 
@@ -180,25 +180,24 @@ class CLI
       c.summary = 'Pushes secret from Cryptopus to Kubectl'
       c.description = 'Pushes the Secret to Kubectl by retrieving it from Cryptopus first. ' \
                       'If a Secret in the selected Kubectl project using the name ' \
-                      'of the given accountname is already present, it will be updated accordingly.'
+                      'of the given name is already present, it will be updated accordingly.'
 
       c.action do |args|
         secret_name = args.first
         exit_with_error(:usage_error, 'Only one secret can be pushed') if args.length > 1
         execute_action({ secret_name: secret_name }) do
-          secret_accounts = if secret_name.nil?
-                              logger.info 'Fetching all accounts in folder...'
-                              session_adapter.selected_folder.accounts
+          secret_encryptables = if secret_name.nil?
+                              logger.info 'Fetching all encryptables in folder...'
+                              session_adapter.selected_folder.encryptables
                             else
-                              logger.info "Fetching account #{secret_name}..."
-                              [cryptopus_adapter.find_account_by_name(secret_name)]
+                              logger.info "Fetching encryptable #{secret_name}..."
+                              [cryptopus_adapter.find_encryptable_by_name(secret_name)]
                             end
-          secret_accounts.each do |account|
-            logger.info "Fetching secret #{account.accountname}..."
-            secret_account = Account.find(account.id)
-            logger.info "Inserting secret #{account.accountname}..."
-            k8s_adapter.insert_secret(secret_account.to_osesecret)
-            log_success "Secret #{secret_account.accountname} was successfully applied"
+          secret_encryptables.each do |encryptable|
+            secret_encryptable = Encryptable.find(encryptable.id)
+            logger.info "Inserting secret #{encryptable.name}..."
+            k8s_adapter.insert_secret(secret_encryptable.to_osesecret)
+            log_success "Secret #{secret_encryptable.name} was successfully applied"
           end
         end
       end
@@ -264,7 +263,7 @@ class CLI
     exit_with_error(:usage_error, 'kubectl is not installed')
   rescue KubernetesClientNotLoggedInError
     exit_with_error(:usage_error, 'kubectl is not logged in')
-  rescue CryptopusAccountNotFoundError
+  rescue CryptopusEncryptableNotFoundError
     exit_with_error(:usage_error, 'Secret with the given name ' \
                                   "#{options[:secret_name]} was not found")
   rescue OpenshiftSecretNotFoundError

data/lib/errors.rb

@@ -30,7 +30,7 @@ end
 class NoFolderSelectedError < Error
 end
 
-class CryptopusAccountNotFoundError < Error
+class CryptopusEncryptableNotFoundError < Error
 end
 
 class TeamNotFoundError < Error

data/lib/models/encryptable.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+class Encryptable
+  attr_reader :id, :name, :username, :password, :type, :ose_secret
+  attr_accessor :folder
+
+  def initialize(name: nil, username: nil, password: nil,
+                 ose_secret: nil, type: nil, id: nil)
+    @id = id
+    @name = name
+    @username = username
+    @password = password
+    @ose_secret = ose_secret
+    @type = type || 'credentials'
+  end
+
+  def to_json(*_args)
+    EncryptableSerializer.to_json(self)
+  end
+
+  def to_yaml
+    EncryptableSerializer.to_yaml(self)
+  end
+
+  def to_osesecret
+    EncryptableSerializer.to_osesecret(self)
+  end
+
+  class << self
+    def find(id)
+      EncryptableSerializer.from_json(CryptopusAdapter.new.get("encryptables/#{id}"))
+    end
+
+    def find_by_name_and_folder_id(name, id)
+      Folder.find(id).encryptables.find do |encryptable|
+        encryptable.name.downcase == name.downcase
+      end
+    end
+
+    def from_json(json)
+      EncryptableSerializer.from_json(json)
+    end
+  end
+end

data/lib/models/folder.rb

@@ -1,12 +1,12 @@
 # frozen_string_literal: true
 
 class Folder
-  attr_reader :name, :id, :accounts
+  attr_reader :name, :id, :encryptables
 
-  def initialize(name: nil, id: nil, accounts: [])
+  def initialize(name: nil, id: nil, encryptables: [])
     @name = name
     @id = id
-    @accounts = accounts
+    @encryptables = encryptables
   end
 
   class << self
@@ -15,11 +15,11 @@ class Folder
                         symbolize_names: true)
       included = json[:included] || []
       name = json[:data][:attributes][:name]
-      accounts = included.map do |record|
-        Account.from_json(record.to_json) if %w[account_ose_secrets
-                                                account_credentials].include? record[:type]
+      encryptables = included.map do |record|
+        Encryptable.from_json(record.to_json) if %w[encryptable_ose_secrets
+                                                encryptable_credentials].include? record[:type]
       end.compact
-      Folder.new(id: id, name: name, accounts: accounts)
+      Folder.new(id: id, name: name, encryptables: encryptables)
     end
   end
 end

data/lib/models/ose_secret.rb

@@ -8,15 +8,29 @@ class OSESecret
     @ose_secret = ose_secret
   end
 
-  def to_account
-    OSESecretSerializer.to_account(self)
+  def to_encryptable
+    OSESecretSerializer.to_encryptable(self)
   end
 
   def to_yaml
     OSESecretSerializer.to_yaml(self)
   end
 
+  private
+
+  def encoded_data(data)
+    data.transform_values do |value|
+      Base64.strict_encode64(value)
+    rescue ArgumentError
+      value
+    end
+  end
+
   class << self
+    def from_yaml(yaml)
+      OSESecretSerializer.from_yaml(yaml)
+    end
+
     def find_by_name(name)
       OSESecretSerializer.from_yaml(OSEAdapter.new.fetch_secret(name))
     end

data/lib/serializers/encryptable_serializer.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+require 'yaml'
+
+class EncryptableSerializer
+  class << self
+    # rubocop:disable Metrics/MethodLength
+    def to_json(encryptable)
+      {
+        data: {
+          type: 'encryptables',
+          id: encryptable.id,
+          attributes: {
+            name: encryptable.name,
+            type: encryptable.type,
+            cleartext_username: encryptable.username,
+            cleartext_password: encryptable.password,
+            cleartext_ose_secret: encryptable.ose_secret
+          },
+          relationships: {
+            folder: {
+              data: {
+                id: encryptable.folder,
+                type: 'folders'
+              }
+            }
+          }
+        }
+      }.compact.to_json
+    end
+    # rubocop:enable Metrics/MethodLength
+
+    def to_yaml(encryptable)
+      { 'id' => encryptable.id,
+        'name' => encryptable.name,
+        'username' => encryptable.username,
+        'password' => encryptable.password,
+        'type' => encryptable.type }.to_yaml
+    end
+
+    def from_json(json)
+      json = JSON.parse(json, symbolize_names: true)
+      data = json[:data] || json
+      attributes = data[:attributes]
+      Encryptable.new(name: attributes[:name],
+                      username: attributes[:cleartext_username],
+                      password: attributes[:cleartext_password],
+                      ose_secret: attributes[:ose_secret],
+                      type: attributes[:type],
+                      id: data[:id])
+    end
+
+    def to_osesecret(account)
+      OSESecret.from_yaml(account.ose_secret)
+    end
+  end
+end

data/lib/serializers/ose_secret_serializer.rb

@@ -1,16 +1,54 @@
 # frozen_string_literal: true
 
 require 'psych'
+require 'base64'
 
 class OSESecretSerializer
   class << self
+    # rubocop:disable Metrics/MethodLength
     def from_yaml(yaml)
-      secret_hash = Psych.load(yaml, symbolize_names: true)
-      OSESecret.new(secret_hash.dig(:metadata, :name), yaml)
+      secret_hash = Psych.load(yaml)
+      data = {
+        'apiVersion' => secret_hash['apiVersion'],
+        'data' => decoded_data(secret_hash['data']),
+        'kind' => secret_hash['kind'],
+        'metadata' => {
+          'name' => secret_hash['metadata']['name'],
+          'labels' => secret_hash['metadata']['labels']
+        }
+      }.to_yaml
+      OSESecret.new(secret_hash['metadata']['name'], data.to_s)
     end
+    # rubocop:enable Metrics/MethodLength
 
-    def to_account(secret)
-      Account.new(accountname: secret.name, ose_secret: secret.ose_secret, type: 'ose_secret')
+    def to_encryptable(secret)
+      Encryptable.new(name: secret.name, ose_secret: secret.ose_secret, type: 'ose_secret')
+    end
+
+    def to_yaml(secret)
+      secret_hash = Psych.load(secret.ose_secret)
+      secret_hash['data'] = encoded_data(secret_hash['data'])
+      secret_hash.to_yaml
+    end
+
+    private
+
+    def decoded_data(data)
+      return {} unless data
+
+      data.transform_values do |value|
+        Base64.strict_decode64(value)
+      rescue ArgumentError
+        value
+      end
+    end
+
+    def encoded_data(data)
+      return {} unless data
+
+      data.transform_values do |value|
+        Base64.strict_encode64(value)
+      end
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ccli
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 1.1.0
 platform: ruby
 authors:
 - Nils Rauch
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-10-22 00:00:00.000000000 Z
+date: 2022-05-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: commander
@@ -34,45 +34,48 @@ dependencies:
   name: tty-command
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.10'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.10'
 - !ruby/object:Gem::Dependency
   name: tty-exit
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.1'
 - !ruby/object:Gem::Dependency
   name: tty-logger
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.6'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
-description: 
+        version: '0.6'
+description: |2
+      CCLI is the Cryptopus Command Line Interface. It allows to fetch encryptable data and list teams from Cryptopus.
+      One of the main functionality is backing up secrets from cluster services (currently: openshift, kubernetes)
+      to Cryptopus and restoring them as well.
 email: rauch@puzzle.ch
 executables:
 - cry
@@ -80,12 +83,17 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".rubocop.yml"
+- ".tool-versions"
 - ".travis.yml"
+- CHANGELOG.md
 - Gemfile
 - Gemfile.lock
 - README.md
 - bin/cry
 - ccli.gemspec
+- docs/get_login_token.md
+- docs/images/access_user_settings.png
+- docs/images/copy_ccli_login.png
 - lib/adapters/cluster_secret_adapter.rb
 - lib/adapters/cryptopus_adapter.rb
 - lib/adapters/k8s_adapter.rb
@@ -93,21 +101,23 @@ files:
 - lib/adapters/session_adapter.rb
 - lib/cli.rb
 - lib/errors.rb
-- lib/models/account.rb
+- lib/models/encryptable.rb
 - lib/models/folder.rb
 - lib/models/k8s_secret.rb
 - lib/models/ose_secret.rb
 - lib/models/team.rb
 - lib/presenters/team_presenter.rb
-- lib/serializers/account_serializer.rb
+- lib/serializers/encryptable_serializer.rb
 - lib/serializers/folder_serializer.rb
 - lib/serializers/ose_secret_serializer.rb
 - lib/serializers/team_serializer.rb
-homepage: 
+homepage: https://github.com/puzzle/ccli
 licenses:
 - MIT
 metadata:
-  source_code_uri: https://www.github.com/puzzle/ccli
+  bug_tracker_uri: https://github.com/puzzle/ccli/issues
+  changelog_uri: https://github.com/puzzle/ccli/blob/master/CHANGELOG.md
+  source_code_uri: https://github.com/puzzle/ccli
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -123,8 +133,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.9
+rubygems_version: 3.0.8
 signing_key: 
 specification_version: 4
 summary: Command line client for the opensource password manager Cryptopus

data/lib/models/account.rb

@@ -1,44 +0,0 @@
-# frozen_string_literal: true
-
-class Account
-  attr_reader :id, :accountname, :username, :password, :type, :ose_secret
-  attr_accessor :folder
-
-  def initialize(accountname: nil, username: nil, password: nil,
-                 ose_secret: nil, type: nil, id: nil)
-    @id = id
-    @accountname = accountname
-    @username = username
-    @password = password
-    @ose_secret = ose_secret
-    @type = type || 'credentials'
-  end
-
-  def to_json(*_args)
-    AccountSerializer.to_json(self)
-  end
-
-  def to_yaml
-    AccountSerializer.to_yaml(self)
-  end
-
-  def to_osesecret
-    AccountSerializer.to_osesecret(self)
-  end
-
-  class << self
-    def find(id)
-      AccountSerializer.from_json(CryptopusAdapter.new.get("accounts/#{id}"))
-    end
-
-    def find_by_name_and_folder_id(name, id)
-      Folder.find(id).accounts.find do |account|
-        account.accountname.downcase == name.downcase
-      end
-    end
-
-    def from_json(json)
-      AccountSerializer.from_json(json)
-    end
-  end
-end

data/lib/serializers/account_serializer.rb

@@ -1,57 +0,0 @@
-# frozen_string_literal: true
-
-require 'yaml'
-
-class AccountSerializer
-  class << self
-    # rubocop:disable Metrics/MethodLength
-    def to_json(account)
-      {
-        data: {
-          type: 'accounts',
-          id: account.id,
-          attributes: {
-            accountname: account.accountname,
-            type: account.type,
-            cleartext_username: account.username,
-            cleartext_password: account.password,
-            ose_secret: account.ose_secret
-          },
-          relationships: {
-            folder: {
-              data: {
-                id: account.folder,
-                type: 'folders'
-              }
-            }
-          }
-        }
-      }.compact.to_json
-    end
-    # rubocop:enable Metrics/MethodLength
-
-    def to_yaml(account)
-      { 'id' => account.id,
-        'accountname' => account.accountname,
-        'username' => account.username,
-        'password' => account.password,
-        'type' => account.type }.to_yaml
-    end
-
-    def from_json(json)
-      json = JSON.parse(json, symbolize_names: true)
-      data = json[:data] || json
-      attributes = data[:attributes]
-      Account.new(accountname: attributes[:accountname],
-                  username: attributes[:cleartext_username],
-                  password: attributes[:cleartext_password],
-                  ose_secret: attributes[:ose_secret],
-                  type: attributes[:type],
-                  id: data[:id])
-    end
-
-    def to_osesecret(account)
-      OSESecret.new(account.accountname, account.ose_secret)
-    end
-  end
-end