grafana-rb 0.17.0 → 0.18.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 97ee4b71f1093f8df1f8f780a0c18db45843fdd0
-  data.tar.gz: ea170777a2eab5af4ccade42826218914ab2f85e
+  metadata.gz: 7157e2f6049795a1400c4fa71c176755b781692d
+  data.tar.gz: 19fa013da17499527d3dc045320aa922c01bccff
 SHA512:
-  metadata.gz: 3af6932643551fe7019e6afe2dc4378c2bde2de33ecddb9a81d12285428ee509dd8b143a5c141939d4f60686e75546fb127e22e7795b920e0d3730520a89ebc9
-  data.tar.gz: bb1e7ab8827c51466afcd74c2e8701e79c74d30f60109793adfe5a034571e058d2cbd0f86585bb577878d3158c3d785390b18f10914393b009dbd49b162c240d
+  metadata.gz: e8e9b4716ebb83a368579cd149127d8d68cf29983eb11561d0c71bbdd736c7a84750cfb21b5fad712dcd74a1b83a5129433bcfcea1b52ecbcdf7354e55c02f04
+  data.tar.gz: ade8147a0a4b82ee7a05e5cc75a5392487206b18b79636ef663b103799efe8999cef07ffc39ad1e8a91718f943da3855712a6c4868ec6775923089497dbb6ad0

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+## Grafana-rb 0.18.0 (April 13, 2017) ##
+
+* Support crypting of sensitive information using vault file as key.
+
 ## Grafana-rb 0.17.0 (April 13, 2017) ##
 
 * Support protocol in `grafana_url`.

data/lib/grafana-rb/cli.rb

@@ -2,6 +2,7 @@ require 'yaml'
 require 'json'
 require 'pp'
 require 'net/http'
+require 'openssl'
 
 module GrafanaRb
   class Cli
@@ -12,11 +13,28 @@ module GrafanaRb
     end
 
     def run
-      if @argv.last == "apply" || @argv.last == "a" || @argv.last == "q"
-        if @argv.size >= 2
-          @workdir = @argv[0]
-        end
+      if File.directory?(@argv[0].to_s)
+        @workdir = @argv.shift
+      end
+
+      if @argv[0] == "--vault" && File.exists?(@argv[1])
+        @argv.shift
+        @vault_file = @argv.shift
+      elsif File.exists?(File.join(Dir.pwd, "vault.key"))
+        @vault_file = File.join(Dir.pwd, "vault.key")
+      else
+        @vault_file = nil
+      end
+
+      if %w[apply a q].index(@argv[0])
         apply
+
+      elsif %w[encrypt en e].index(@argv[0])
+        puts encrypt(@argv[1])
+
+      elsif %w[decrypt de d].index(@argv[0])
+        puts decrypt(@argv[1])
+
       else
         usage
       end
@@ -27,6 +45,35 @@ module GrafanaRb
     DEFAULT_GRAFANA_USER = "admin"
     DEFAULT_GRAFANA_PASSWORD = "admin"
     TAG = "grafana-rb"
+    MARKER = "__VAULT:"
+
+    def bin_to_hex(s)
+      s.unpack('H*').first
+    end
+
+    def hex_to_bin(s)
+      s.scan(/../).map { |x| x.hex }.pack('c*')
+    end
+
+    def encrypt(string)
+      die "missed vault file" unless @vault_file
+      die "string encrypted yet" if string.index(MARKER) == 0
+      cipher = OpenSSL::Cipher::AES256.new :CBC
+      cipher.encrypt
+      iv = cipher.random_iv
+      cipher.key = Digest::SHA256.digest(File.read(@vault_file).strip)
+      MARKER + bin_to_hex(cipher.update(string) + cipher.final) + ":" + bin_to_hex(iv)
+    end
+
+    def decrypt(string)
+      die "missed vault file" unless @vault_file
+      die "string not encrypted" unless string.index(MARKER) == 0
+      cipher = OpenSSL::Cipher::AES256.new :CBC
+      cipher.decrypt
+      cipher.iv = hex_to_bin(string.sub(MARKER, "").split(":")[1])
+      cipher.key = Digest::SHA256.digest(File.read(@vault_file).strip)
+      cipher.update(hex_to_bin(string.sub(MARKER, "").split(":")[0])) + cipher.final
+    end
 
     def config_file 
       @config_file ||= File.join(@workdir, "grafana.yml")
@@ -90,8 +137,23 @@ module GrafanaRb
       end
     end
 
+    def read_yaml(file)
+      unvault = proc { |o|
+        if o.is_a?(Array)
+          o.map { |i| unvault.call(i) }
+        elsif o.is_a?(Hash)
+          o.map { |k, v| [k, unvault.call(v)] }.to_h
+        elsif o.is_a?(String) && o.index(MARKER) == 0
+          decrypt(o)
+        else
+          o
+        end
+      }
+      unvault.call(YAML.load(File.read(file)))
+    end
+
     def config
-      @config ||= YAML.load(File.read(config_file)) || {}
+      @config ||= read_yaml(config_file) || {}
     end
 
     def grafana_user
@@ -110,7 +172,7 @@ module GrafanaRb
 
     def dashboards
       @dashboards ||= require_files.map { |path| 
-        yaml = YAML.load(File.read(path))
+        yaml = read_yaml(path)
         yaml["name"] ||= File.basename(path, File.extname(path))
         yaml
       }
@@ -368,10 +430,15 @@ module GrafanaRb
       puts "Version: #{VERSION}"
       puts ""
       puts "Usage:"
-      puts "  grafana-rb [work-dir] <cmd>"
+      puts "  grafana-rb [work-dir] [options] <cmd>"
+      puts ""
+      puts "Options:"
+      puts "  --vault <vault-file>    - vault file (<pwd>/vault.key by default)"
       puts ""
       puts "Commands:"
-      puts "  apply  - update dashboards"
+      puts "  apply             - update dashboards"
+      puts "  encrypt <string>  - encrypt script using vault-file"
+      puts "  decrypt <string>  - decrypt script using vault-file"
       puts ""
     end
   end

data/lib/grafana-rb/version.rb

@@ -1,3 +1,3 @@
 module GrafanaRb
-  VERSION = "0.17.0"
+  VERSION = "0.18.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: grafana-rb
 version: !ruby/object:Gem::Version
-  version: 0.17.0
+  version: 0.18.0
 platform: ruby
 authors:
 - Alexey Vakhov
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-04-12 00:00:00.000000000 Z
+date: 2017-04-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler