covalence 0.7.9.rc1 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6996b380a260e1574dddef9841685368579573823dd9df81ee8b2e2049b17ad6
-  data.tar.gz: 22b8030ef7c9ae4acd112fe3446958e04de60dc871e8c0582a7478ff972c3837
+  metadata.gz: 5182025f5f5eabe3341b2b1b96414d4392abfc57453018fbce9c4a6887d5a6e1
+  data.tar.gz: 4d0850fbd8211d219254dd585af563c6caed2e5e06605dee272f2e4ef91a7bce
 SHA512:
-  metadata.gz: 432db3aa484713ec86a56970402789b3e3b3b0c71877a16e7d5840b3546a40a56d5246b57b50514b1e85da5504a3f992c06b18f02bc975a33671f2d9654f633a
-  data.tar.gz: 9bd16e47bbab6d00b73c5ef87d61f5720b7e767380a21afdd82a9b31e49c2d02ce28d97d134c157371a0bf2cc2a089c339409e04ce9728d7706bf364b460e276
+  metadata.gz: 23f0b2e254b8f7bfae871be474a9a309fac6e51903e23d341dd060bf73f708e8d4384c57c865733b63f99ada4f739b78bf72f4934adb2c0565b9e1a34b59b8a3
+  data.tar.gz: cf5a2c8e35821c4b086549eede664ade69d610ad18c8cac19404fb92b13b38088832e542f83257590514b94a184ea7aa6587634d80ca0e43fafcbed63c35e2c8

data/README.md

@@ -504,8 +504,11 @@ vpc_id:
 
 Covalence is packaged as a Ruby Gem.
 
+You will probably need the following packages installed locally
+- Terraform
+- Packer
+- Sops
+
 Execute the following to build the gem:
 
 `$ gem build covalence.gemspec`
-
-Gem artifacts are hosted at https://repo.fury.io/unifio/.

data/lib/covalence.rb

@@ -26,6 +26,11 @@ module Covalence
 
   PACKER_CMD = ENV['PACKER_CMD'] || "packer"
 
+  SOPS_CMD = ENV['SOPS_CMD'] || "sops"
+  SOPS_VERSION = ENV['SOPS_VERSION'] || (`#{SOPS_CMD} --version`.gsub(/[^\d\.]/, '') rescue "0.0.0")
+  SOPS_ENCRYPTED_SUFFIX = ENV['SOPS_ENCRYPTED_SUFFIX'] || "-encrypted"
+  SOPS_DECRYPTED_SUFFIX = ENV['SOPS_DECRYPTED_SUFFIX'] || "-decrypted"
+
   # No-op shell command. Should not need to modify for most unix shells.
   DRY_RUN_CMD = (ENV['COVALENCE_DRY_RUN_CMD'] || ":")
   DEBUG_CLI = (ENV['COVALENCE_DEBUG'] || 'false') =~ (/(true|t|yes|y|1)$/i)

data/lib/covalence/consul_tasks.rb

@@ -0,0 +1,27 @@
+require 'rake'
+require 'consul_loader'
+require_relative '../covalence'
+
+module Covalence
+  class ConsulTasks
+    extend Rake::DSL
+
+    def self.run
+      desc 'Load K/V data into Consul service'
+      task 'consul_load' do
+        load_yaml("#{ENV['CONSUL_KV_FILE']}")
+      end
+    end
+
+    class << self
+      private
+      def load_yaml(filename)
+        consul_loader = ConsulLoader::Loader.new(ConsulLoader::ConfigParser.new)
+        consul_server = "http://#{ENV['CONSUL_HTTP_ADDR']}"
+        consul_loader.load_config(filename, consul_server)
+      end
+    end
+  end
+end
+
+Covalence::ConsulTasks.run

data/lib/covalence/core/cli_wrappers/sops_cli.rb

@@ -0,0 +1,82 @@
+require 'semantic'
+require 'fileutils'
+require 'yaml'
+require 'active_support/core_ext/object/blank'
+
+module Covalence
+  class SopsCli
+
+    DIRECTION = {
+      encrypt: {
+        sops_option: "--encrypt",
+        file_search_suffix: "-decrypted",
+        file_replace_suffix: "-encrypted"
+      },
+      decrypt: {
+        sops_option: "--decrypt",
+        file_search_suffix: "-encrypted",
+        file_replace_suffix: "-decrypted"
+      }
+    }
+
+    def self.encrypt_path(path=default_data_dir, extension=".yaml")
+      modify_files(DIRECTION[:encrypt], path, extension)
+    end
+
+    def self.decrypt_path(path=default_data_dir, extension=".yaml")
+      modify_files(DIRECTION[:decrypt], path, extension)
+    end
+
+    # Clean targets all extensions by default, sounds like a more secure way to avoid commiting something accidentally
+    def self.clean_decrypt_path(path, extension="*", dry_run: false, verbose: true)
+      file_path = File.expand_path(path)
+
+      if File.file?(file_path)
+        files = [file_path]
+      else
+        files = Dir.glob(File.join(file_path, "**" , "*#{DIRECTION[:decrypt][:file_replace_suffix]}#{extension}"))
+      end
+
+      unless files.blank?
+        FileUtils.rm_f(files, {
+          noop: dry_run,
+          verbose: verbose
+        })
+      end
+    end
+
+    def self.default_data_dir
+      @default_data_dir ||= File.join(WORKSPACE, YAML.load_file(CONFIG).fetch(:yaml, {}).fetch(:datadir, ""))
+    end
+
+    class << self
+      private
+
+      # Intentionally unified the logic so that encryption and decryption would follow the
+      # same path and avoid logic forking
+      def modify_files(direction_hash, path, extension=".yaml")
+        if Semantic::Version.new(Covalence::SOPS_VERSION) < Semantic::Version.new("3.0.0")
+          raise "Sops v3.0.0 or newer required"
+        end
+
+        files = []
+        file_path = File.expand_path(path)
+        cmd = [Covalence::SOPS_CMD, direction_hash[:sops_option]]
+
+        if File.file?(file_path)
+          files = [file_path]
+        else
+          files = Dir.glob(File.join(file_path, "**" , "*#{direction_hash[:file_search_suffix]}#{extension}"))
+        end
+
+        files.map do |file|
+          dirname, basename =  File.split(file)
+          new_file = File.join(dirname, basename.gsub(direction_hash[:file_search_suffix],direction_hash[:file_replace_suffix]))
+
+          break unless (PopenWrapper.run(cmd, file, "> #{new_file}") == 0)
+          new_file
+        end
+      end
+    end
+  end
+end

data/lib/covalence/helpers/shell_interpolation.rb

@@ -6,7 +6,7 @@ module Covalence
 
       def self.parse_shell(input)
         Covalence::LOGGER.info "Evaluating requested interpolation: \"#{input}\""
-        matches = input.scan(/.?\$\([^)]*\)/)
+        matches = input.scan(/.?\$\([^)]*\)+/)
 
         Covalence::LOGGER.debug "matches: #{matches}"
         matches.each do |cmd|

data/lib/covalence/sops_tasks.rb

@@ -0,0 +1,33 @@
+require 'rake'
+require 'consul_loader'
+require_relative '../covalence'
+require_relative 'core/cli_wrappers/sops_cli'
+
+module Covalence
+  class SopsTasks
+    extend Rake::DSL
+
+    def self.run
+      desc 'Decrypt files in [:path, :extension]'
+      task 'sops:decrypt_path', [:path, :extension] do |t, args|
+        # should have defaults in just one place but rake isn't a terribly great entrypoint to centralize on
+        SopsCli.decrypt_path(args[:path] || SopsCli.default_data_dir,
+                             args[:extension] || ".yaml")
+      end
+
+      desc 'Encrypt files in [:path, :extension]'
+      task 'sops:encrypt_path', [:path, :extension] do |t, args|
+        SopsCli.encrypt_path(args[:path] || SopsCli.default_data_dir,
+                             args[:extension] || ".yaml")
+      end
+
+      desc 'Clean decrypt files in [:path, :extension]'
+      task 'sops:clean_decrypt_path', [:path, :extension] do |t, args|
+        SopsCli.clean_decrypt_path(args[:path] || SopsCli.default_data_dir,
+                                   args[:extension] || "*")
+      end
+    end
+  end
+end
+
+Covalence::SopsTasks.run

data/lib/covalence/version.rb

@@ -1,3 +1,3 @@
 module Covalence
-  VERSION = "0.7.9.rc1"
+  VERSION = "0.8.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: covalence
 version: !ruby/object:Gem::Version
-  version: 0.7.9.rc1
+  version: 0.8.0
 platform: ruby
 authors:
 - Unif.io
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-05-14 00:00:00.000000000 Z
+date: 2018-05-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: deep_merge
@@ -178,6 +178,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 1.7.10
+- !ruby/object:Gem::Dependency
+  name: consul_loader
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.0.0
 - !ruby/object:Gem::Dependency
   name: ci_reporter_rspec
   requirement: !ruby/object:Gem::Requirement
@@ -262,20 +276,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 10.0.2
-- !ruby/object:Gem::Dependency
-  name: serverspec
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 2.41.3
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 2.41.3
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
@@ -290,20 +290,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 3.4.1
-- !ruby/object:Gem::Dependency
-  name: gemfury
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 0.7.0
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 0.7.0
 - !ruby/object:Gem::Dependency
   name: fabrication
   requirement: !ruby/object:Gem::Requirement
@@ -344,10 +330,12 @@ files:
 - README.md
 - TODO.md
 - lib/covalence.rb
+- lib/covalence/consul_tasks.rb
 - lib/covalence/core/bootstrap.rb
 - lib/covalence/core/cli_wrappers/packer.yml
 - lib/covalence/core/cli_wrappers/packer_cli.rb
 - lib/covalence/core/cli_wrappers/popen_wrapper.rb
+- lib/covalence/core/cli_wrappers/sops_cli.rb
 - lib/covalence/core/cli_wrappers/terraform.yml
 - lib/covalence/core/cli_wrappers/terraform_cli.rb
 - lib/covalence/core/data_stores/hiera.rb
@@ -372,6 +360,7 @@ files:
 - lib/covalence/helpers/spec_dependencies.rb
 - lib/covalence/rake/rspec/envs_spec.rb
 - lib/covalence/rake/rspec/yaml_spec.rb
+- lib/covalence/sops_tasks.rb
 - lib/covalence/spec_tasks.rb
 - lib/covalence/version.rb
 homepage: https://unif.io
@@ -389,12 +378,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 2.0.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 2.7.7
 signing_key: 
 specification_version: 4
 summary: A tool for the management and orchestration of data used by HashiCorp infrastructure