ccli 0.1.1 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a20c067bb37955bc5db9f0977498c65038f57707e9f9a84cd39a229748daa283
-  data.tar.gz: 888934204b52a9017f4aa8c9d1deea23513c07ca5b08c48831610c2320ed6128
+  metadata.gz: cd81289d8f1456f22834f09726e3e21275e41ba9eed0770ae6c428b888026e7f
+  data.tar.gz: d568dd0e2761eab159da28682f8ea9cf0ea937c3500ad2d4cc36679ffaff051d
 SHA512:
-  metadata.gz: 6152b10e88db00f0e7c0c7e9d2baedf9a7446b2695b5aa806b8f195a275c1410d4628df5bac7b8bebcd86390f01e4c9581cf971f7b90e7335326d4433bf21843
-  data.tar.gz: 0f2761c2c6a7059f2ded3ebb3a853d0a2d99bc31e793655519a75696ac15c0c9c3b3156654de094794bf0840387a2f4f9912bf6200d214c8f69f2fb3df15068b
+  metadata.gz: 1367531fedc2c9d0536dca82db34472cc55114c1dfb563936fb0f893159c20c6c4e9634fc06e623d9c1be11b58a4edc8a16548d65f91364bdb31a818c6c02e8f
+  data.tar.gz: a65442a27de2040b4e0c9c5d53ca709954dd1fab2555197e01684a76744a7cc6c314fb74a79e69ae78929dd284ce68c0e2262071bd00dcd5e57626b370d1f5fb

data/.rubocop.yml

@@ -1,7 +1,9 @@
 AllCops:
   DisplayCopNames: true
+  TargetRubyVersion: 2.5
   Exclude:
     - spec/**/*
+    - ccli.gemspec
 
 Metrics/AbcSize:
   Max: 20

data/CHANGELOG.md

@@ -0,0 +1,19 @@
+# Changelog
+
+## 1.0.0
+
+- De- and encode data from secrets
+
+## 0.1.2
+
+- Updating docs
+- Bugfixing
+
+## 0.1.1
+
+- Adding MIT license
+
+## 0.1.0
+
+- Publish first version
+- Commands: `login`, `logout`, `account`, `folder`, `{ose,k8s}-secret-pull`, `{ose,k8s}-secret-push`, `teams`, `use`

data/README.md

@@ -17,7 +17,15 @@ This will install the `cry` command including its dependencies
 
 ## Usage
 
-### Labeling secret to be synced
+[Receiving the login token from Cryptopus](docs/get_login_token.md)
+
+### Kubernetes/Openshift
+
+#### Required tools
+
+First you'll have to install either [oc](https://docs.openshift.com/container-platform/4.3/cli_reference/openshift_cli/getting-started-cli.html#installing-the-cli) or [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) depending on your usage
+
+#### Labeling secret to be synced
 
 So that a secret even gets considered by the `ccli`, you have to add the `cryptopus-sync=true` label to your secret:
 

data/bin/cry

@@ -1,6 +1,6 @@
 #!/usr/bin/env ruby
 # frozen_string_literal: true
 
-require_relative '../lib/cli'
+require 'cli'
 
 CLI.new.run

data/ccli.gemspec

@@ -5,8 +5,15 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
 Gem::Specification.new do |s|
   s.name          = 'ccli'
-  s.version       = '0.1.1'
+  s.description   = <<-EOF
+    CCLI is the Cryptopus Command Line Interface. It allows to fetch account data and list teams from Cryptopus.
+    One of the main functionality is backing up secrets from cluster services (currently: openshift, kubernetes)
+    to Cryptopus and restoring them as well.
+  EOF
+  s.version       = '1.0.0'
   s.summary       = 'Command line client for the opensource password manager Cryptopus'
+  s.license       = 'MIT'
+  s.homepage      = 'https://github.com/puzzle/ccli'
   s.authors       = ['Nils Rauch']
   s.email         = 'rauch@puzzle.ch'
   s.require_paths = ['lib']
@@ -17,12 +24,14 @@ Gem::Specification.new do |s|
   s.executables   = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
   s.required_ruby_version = Gem::Requirement.new('>= 2.0')
   s.metadata = {
-    "source_code_uri"   => "https://www.github.com/puzzle/ccli"
+    "bug_tracker_uri"   => "https://github.com/puzzle/ccli/issues",
+    "changelog_uri"     => "https://github.com/puzzle/ccli/blob/master/CHANGELOG.md",
+    "source_code_uri"   => "https://github.com/puzzle/ccli"
   }
-  s.license = 'MIT'
 
   s.add_runtime_dependency 'commander', '~> 4.5', '>= 4.5.2'
   s.add_runtime_dependency 'tty-command'
   s.add_runtime_dependency 'tty-exit'
   s.add_runtime_dependency 'tty-logger'
+
 end

data/docs/get_login_token.md

@@ -0,0 +1,17 @@
+# Receiving the Login token from Cryptopus
+
+To use the CCLI, you'll first have to receive the login token from Cryptopus.
+
+1. Log in to your instance of Cryptopus
+2. Navigate to your user settings
+3. Choose or create the api user you want to use via the ccli (keep the valid time in mind)
+4. Use the ccli login copy button
+5. Copy the command from your clipboard to the terminal
+
+## Accessing user settings
+
+![user_settings](images/access_user_settings.png)
+
+## Copy CCLI Login
+
+![copy_ccli_login](images/copy_ccli_login.png)

data/lib/adapters/cluster_secret_adapter.rb

@@ -35,7 +35,7 @@ class ClusterSecretAdapter
     raise client_not_logged_in_error unless client_logged_in?
 
     File.open("/tmp/#{secret.name}.yml", 'w') do |file|
-      file.write secret.ose_secret
+      file.write secret.to_yaml
     end
 
     cmd.run("#{client} delete -f /tmp/#{secret.name}.yml --ignore-not-found=true")

data/lib/cli.rb

@@ -27,7 +27,6 @@ class CLI
         token, url = extract_login_args(args)
         execute_action do
           session_adapter.update_session({ encoded_token: token, url: url })
-          renew_auth_token
 
           # Test authentification by calling teams endpoint
           Team.all
@@ -332,10 +331,6 @@ class CLI
   def k8s_adapter
     @k8s_adapter ||= K8SAdapter.new
   end
-
-  def renew_auth_token
-    session_adapter.update_session({ token: cryptopus_adapter.renewed_auth_token })
-  end
 end
 # rubocop:enable Metrics/ClassLength
 

data/lib/models/ose_secret.rb

@@ -16,7 +16,21 @@ class OSESecret
     OSESecretSerializer.to_yaml(self)
   end
 
+  private
+
+  def encoded_data(data)
+    data.transform_values do |value|
+      Base64.strict_encode64(value)
+    rescue ArgumentError
+      value
+    end
+  end
+
   class << self
+    def from_yaml(yaml)
+      OSESecretSerializer.from_yaml(yaml)
+    end
+
     def find_by_name(name)
       OSESecretSerializer.from_yaml(OSEAdapter.new.fetch_secret(name))
     end

data/lib/serializers/account_serializer.rb

@@ -51,7 +51,7 @@ class AccountSerializer
     end
 
     def to_osesecret(account)
-      OSESecret.new(account.accountname, account.ose_secret)
+      OSESecret.from_yaml(account.ose_secret)
     end
   end
 end

data/lib/serializers/ose_secret_serializer.rb

@@ -1,16 +1,54 @@
 # frozen_string_literal: true
 
 require 'psych'
+require 'base64'
 
 class OSESecretSerializer
   class << self
+    # rubocop:disable Metrics/MethodLength
     def from_yaml(yaml)
-      secret_hash = Psych.load(yaml, symbolize_names: true)
-      OSESecret.new(secret_hash.dig(:metadata, :name), yaml)
+      secret_hash = Psych.load(yaml)
+      data = {
+        'apiVersion' => secret_hash['apiVersion'],
+        'data' => decoded_data(secret_hash['data']),
+        'kind' => secret_hash['kind'],
+        'metadata' => {
+          'name' => secret_hash['metadata']['name'],
+          'labels' => secret_hash['metadata']['labels']
+        }
+      }.to_yaml
+      OSESecret.new(secret_hash['metadata']['name'], data.to_s)
     end
+    # rubocop:enable Metrics/MethodLength
 
     def to_account(secret)
       Account.new(accountname: secret.name, ose_secret: secret.ose_secret, type: 'ose_secret')
     end
+
+    def to_yaml(secret)
+      secret_hash = Psych.load(secret.ose_secret)
+      secret_hash['data'] = encoded_data(secret_hash['data'])
+      secret_hash.to_yaml
+    end
+
+    private
+
+    def decoded_data(data)
+      return {} unless data
+
+      data.transform_values do |value|
+        Base64.strict_decode64(value)
+      rescue ArgumentError
+        value
+      end
+    end
+
+    def encoded_data(data)
+      return {} unless data
+
+      data.transform_values do |value|
+        Base64.strict_encode64(value)
+      end
+    end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ccli
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 1.0.0
 platform: ruby
 authors:
 - Nils Rauch
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-10-22 00:00:00.000000000 Z
+date: 2020-12-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: commander
@@ -72,7 +72,10 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: 
+description: |2
+      CCLI is the Cryptopus Command Line Interface. It allows to fetch account data and list teams from Cryptopus.
+      One of the main functionality is backing up secrets from cluster services (currently: openshift, kubernetes)
+      to Cryptopus and restoring them as well.
 email: rauch@puzzle.ch
 executables:
 - cry
@@ -81,11 +84,15 @@ extra_rdoc_files: []
 files:
 - ".rubocop.yml"
 - ".travis.yml"
+- CHANGELOG.md
 - Gemfile
 - Gemfile.lock
 - README.md
 - bin/cry
 - ccli.gemspec
+- docs/get_login_token.md
+- docs/images/access_user_settings.png
+- docs/images/copy_ccli_login.png
 - lib/adapters/cluster_secret_adapter.rb
 - lib/adapters/cryptopus_adapter.rb
 - lib/adapters/k8s_adapter.rb
@@ -103,11 +110,13 @@ files:
 - lib/serializers/folder_serializer.rb
 - lib/serializers/ose_secret_serializer.rb
 - lib/serializers/team_serializer.rb
-homepage: 
+homepage: https://github.com/puzzle/ccli
 licenses:
 - MIT
 metadata:
-  source_code_uri: https://www.github.com/puzzle/ccli
+  bug_tracker_uri: https://github.com/puzzle/ccli/issues
+  changelog_uri: https://github.com/puzzle/ccli/blob/master/CHANGELOG.md
+  source_code_uri: https://github.com/puzzle/ccli
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -123,8 +132,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.9
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: Command line client for the opensource password manager Cryptopus