hiera-ehttp 0.0.1 → 0.0.2

data/README.md

@@ -33,6 +33,10 @@ Grab the hiera-ehttp gem and then add this to your hiera config file
 Using the command line utility you can encrypt a value
 
     hiera-ehttp encrypt -c cert.pem -s "secret value"
+    
+The command line utility also supports the rest api that
+couch uses. All the other apis are sad, but I will try to
+make them happier as time permits.
 
 Configuration Parameters
 ------------------------
@@ -82,5 +86,5 @@ make an issue so I know, or create a fix and create a pull request.
 Credits
 -------
 
-* Much of this code comes from the original hiera-http created by Craig Dunn <craig@craigdunn.org>
-* SSL components contributed from Ben Ford <ben.ford@puppetlabs.com>
+ * Much of this code comes from the original hiera-http created by Craig Dunn <craig@craigdunn.org>
+ * SSL components contributed from Ben Ford <ben.ford@puppetlabs.com>

data/Rakefile

@@ -2,11 +2,11 @@ require 'rubygems'
 require 'rubygems/package_task'
 
 spec = Gem::Specification.new do |gem|
-    gem.name         = "hiera-ehttp"
-    gem.version      = "0.0.1"
+    gem.name         = File.basename(`git rev-parse --show-toplevel`).chop
+    gem.version      = `gitver version`
     
-    gem.author       = "Josh Hoover"
-    gem.email        = "floomby@nmt.edu"
+    gem.author       = `git config --get user.name`
+    gem.email        = `git config --get user.email`
     gem.homepage     = "http://github.com/floomby/hiera-ehttp"
     gem.summary      = "HTTP backend for Hiera supporting encrypted entries"
     gem.description  = "Hiera backend for looking up data over HTTP APIs with support for encrypted values"

data/bin/couchrub.rb

@@ -0,0 +1,149 @@
+#!/usr/bin/env ruby
+
+# TODO: ssl, better error handling, option parsing, improve everything
+
+require 'json'
+require 'net/http'
+require 'ostruct'
+
+# I am creating a database class
+# The idea is to grab the database from
+# couch, preform whatever manipulation
+# that you want on it and then sync it back
+# up to couch with a new revision number
+
+# the goal here is to abstract out the revisioning
+# the merge strategy is to go with the most recent
+# version. This introduce races, but I don't care
+# right now in this case
+
+class CouchDocument
+    # all documents will be created by json
+    # either from the database or internaly
+
+    attr_reader :id, :data
+    
+    def initialize json
+    
+        @data = json
+        
+        @rev = @data['_rev']
+        @id  = @data['_id']
+        
+    end
+
+    # If I inherite Hash then I get these for free
+    def [] key
+        @data[key]
+    end
+    
+    def []= key, value
+        @data[key] = value
+    end
+    
+end
+
+class Couch
+        
+    def initialize args
+        
+        # set default host and port
+        @host = '127.0.0.1'
+        @port = '5984'
+        
+        # set all the parameters
+        args.each do |key, val|
+            (instance_variable_set "@#{key}", val) unless val.nil?
+        end
+        
+        @http = Net::HTTP.new @host, @port
+        
+    end
+
+    # The things that I want right here are:
+    #  x create a db
+    #  x delete a db
+    #  - put new a document
+    #  - get a document
+    #  - put an updated document
+    
+    
+    # database manipulation
+    
+    def create_db name
+        
+        req = Net::HTTP::Put.new "/#{name}"
+        ret = @http.request req
+        
+        puts "Creating Database #{name} => #{ret.msg} (#{ret.code})\n"
+        
+    end
+    
+    def delete_db name
+        
+        req = Net::HTTP::Delete.new "/#{name}"
+        ret = @http.request req
+        
+        puts "Deleting Database #{name} => #{ret.msg} (#{ret.code})\n"
+        
+    end
+    
+    def get_doc db_name, doc_name
+        
+        req = Net::HTTP::Get.new "/#{db_name}/#{doc_name}"
+        ret = @http.request req
+        
+        if ret.code == '200'
+            puts "Successfuly Got Document #{db_name}/#{doc_name} => #{ret.msg} (#{ret.code})\n"
+            doc = CouchDocument.new JSON.parse ret.body
+        else
+            puts "Error Getting Document #{db_name}/#{doc_name} => #{ret.msg} (#{ret.code})\n"
+            doc = CouchDocument.new JSON.parse "{}"
+        end
+        
+        doc
+    end
+    
+    def put_doc db_name, doc_name, doc
+        
+        req = Net::HTTP::Put.new "/#{db_name}/#{doc_name}"
+        req.add_field 'Content-Type', 'application/json'
+        req.body = JSON.dump doc.data
+        ret = @http.request req
+        
+        if ret.code == '200'
+            
+            puts "Succesfuly Putting Document #{db_name}/#{doc_name} => #{ret.msg} (#{ret.code})\n"
+            
+            # lets delete the old revsion
+            delete_
+            
+        else
+            puts "Error Putting Document #{db_name}/#{doc_name} => #{ret.msg} (#{ret.code})\n"
+        end
+    end
+    
+    def delete_doc db_name, doc_name, doc
+        
+        
+        
+    end
+end
+
+
+#couch = Couch.new :host => '127.0.0.1', :port => '5984'
+
+
+#couch.delete_db 'blahness'
+#couch.create_db 'blahness'
+
+#test = CouchDocument.new JSON.parse File.read 'blah.json'
+
+#couch.new_doc 'blahness', 'doc', test
+
+#test = couch.get_doc 'testdb', 'dne'
+
+#test['test'] = 'changed value'
+#puts test.data
+
+#couch.put_doc 'blahness', 'doc', test

data/bin/decrypt.rb

@@ -0,0 +1,15 @@
+require 'openssl'
+
+module HieraEhttp
+    class Decrypt
+    
+        def initialize
+    
+    
+    
+    end
+
+
+
+
+end

data/bin/encrypt.rb

@@ -0,0 +1,16 @@
+require 'openssl'
+require 'base64'
+
+module HieraEhttp
+    class Encrypt
+        def initialize cert
+            @cert   = cert
+            # We like AES 128 in CBC mode
+            @cipher = OpenSSL::Cipher.new 'AES-128-CBC'
+        end
+        
+        def encryptPKCS7 value
+            "\"ENC[PKCS7," + (Base64.encode64 (OpenSSL::PKCS7::encrypt [@cert], value, @cipher, OpenSSL::PKCS7::BINARY).to_der).delete("\n\r") + "]\""
+        end
+    end # class Encrypt
+end # module HieraEhttp

data/bin/hiera-ehttp

@@ -7,6 +7,11 @@ require 'ostruct'
 require 'pp'
 require 'time'
 require 'date'
+require 'json'
+
+require_relative 'encrypt.rb'
+require_relative 'hiera-ehttp-couch.rb'
+
 
 class HieraEhttpKeys
     @banner = "Usage: hiera-ehttp keys [options]"
@@ -67,13 +72,14 @@ class HieraEhttpEncrypt
         options = OpenStruct.new
     
         options.strings = []
+        options.jsons   = []
         
         opt_parser = OptionParser.new do |opts|
             opts.banner = @banner
             
-            opts.on("-c", "--certfile <certficate>", "Certificate to encrypt with") do |cert| options.certificate = cert end
-            opts.on("-s", "--string <value>", "String to encrypt") do |str| options.strings << str end
-            #opts.on("-j", "--json <file>", "Encrypt all of the values in a json file") do |file| options.jsons << file end
+            opts.on("-c", "--certfile <certficate>", "Certificate to encrypt with") { |cert| options.certificate = cert }
+            opts.on("-s", "--string <value>", "String to encrypt") { |str| options.strings << str }
+            #opts.on("-j", "--json <file>", "Encrypt all of the values in a json file") { |file| options.jsons << file }
             #opts.on("-y", "--yaml <file>", "Encrypt all of the values in a yaml file") do |file| options.yamls << file end
             
         end
@@ -89,19 +95,28 @@ class HieraEhttpEncrypt
         
         # encrypt strings, jsons, and yamls
         strings options.strings, cert, cipher
-        #jsons   options.jsons,   cert, cipher
+        jsons   options.jsons,   cert, cipher
         #yamls   options.yamls,   cert, cipher
     end
     
     def self.strings(strings, cert, cipher)
         encs = []
-        strings.each do |str|
-            puts ("\"#{str}\":\"ENC[PKCS7," + (Base64.encode64 (OpenSSL::PKCS7::encrypt [cert], str, cipher, OpenSSL::PKCS7::BINARY).to_der).delete("\n\r") + "]\"\n")
+        strings.each do |value|
+            puts "\"#{value}\":" + (enc value, cert, cipher) + "\n"
         end
     end
     
+    def self.enc(value, cert, cipher)
+        ("\"ENC[PKCS7," + (Base64.encode64 (OpenSSL::PKCS7::encrypt [cert], value, cipher, OpenSSL::PKCS7::BINARY).to_der).delete("\n\r") + "]\"")
+    end
+    
     def self.jsons(jsons, cert, cipher)
-        puts "Encryption on json files unimplimented... Skiping"
+        jsons.each do |json|
+            doc = JSON.parse (File.read json)
+            
+            
+            File.open('enc.' + json, 'w') { |file| file.write JSON.dump doc }
+        end
     end
     
     def self.yamls(yamls, cert, cipher)
@@ -113,6 +128,9 @@ class HieraEhttpEncrypt
     end
 end
 
+
+
+
 usage = "Usage: hiera-ehttp <action>"
 
 action, *args = ARGV
@@ -131,7 +149,10 @@ when 'encrypt'
     options = HieraEhttpEncrypt.parse args
     HieraEhttpEncrypt.encrypt options
 
+when 'couch'
+    options = HieraEhttp::HieraEhttpCouch.parse args
+    HieraEhttp::HieraEhttpCouch.go options
 
 else
-    puts 'invalid action (valid actions: keys, encrypt)'
+    puts 'invalid action (valid actions: keys, encrypt, couch)'
 end

data/bin/hiera-ehttp-couch.rb

@@ -0,0 +1,72 @@
+# This is probably outside of the scope that the gem should
+# be doing, but I want this feture so I am putting it in here
+# anyways
+#
+# It will probably be very hacky and barely work but I don't
+# expect anyone but me to use it so no loss there
+
+require 'optparse'
+require 'ostruct'
+require 'json'
+
+require_relative 'couchrub.rb'
+
+module HieraEhttp
+    class HieraEhttpCouch
+        
+        @banner = "Usage: hiera-ehhtp couch [options]"
+        
+        def self.parse args
+            options = OpenStruct.new
+            
+            # The default host and port
+            options.host = '127.0.0.1'
+            options.port = '5984'
+            
+            # The default database and document
+            options.database = 'hiera'
+            options.document = 'defaults'
+            
+            options.items = []
+            
+            opt_parser = OptionParser.new do |opts|
+                opts.banner = @banner
+                
+                opts.on("-i", "--item <\"key\":\"value\">", "Key/value to add") { |item| options.items    << item }
+                opts.on("-h", "--host <host>", "Host (defualt 127.0.0.1)")      { |host| options.host     =  host }
+                opts.on("-p", "--port <port>", "Port (defualt 5984)")           { |port| options.port     =  port }
+                opts.on("-c", "--cert <certificat>", "Encryption certificate")  { |cert| options.cert     =  cert }
+                opts.on("-b", "--database <database>", "Database to use")       { |db|   options.database =  db   }
+                opts.on("-d", "--document <document>", "Document to use")       { |doc|  options.document =  doc  }
+            end
+            
+            opt_parser.parse! args
+            options
+        end
+    
+        def self.go options
+            # Read in the certificate
+            cert = OpenSSL::X509::Certificate.new File.read options.cert
+            
+            # create an encrypter to use
+            encrypter = Encrypt.new cert
+            
+            couch = Couch.new :host => options.host, :port => options.port
+            
+            # We can ensure the db exist by creating it
+            # If it alread exist nothing happens
+            couch.create_db options.database
+            doc = couch.get_doc options.database, options.document
+
+            # Now we update the document
+            options.items.each do |item|
+                a = /^\"(([^\"]|\\\")+)\":\"(([^\"]|\\\")+)\"$/.match item
+                doc[a[1]] = encrypter.encryptPKCS7 a[3]
+            end
+            
+            couch.put_doc options.database, options.document, doc
+        end
+        
+    end # class HieraEhttpCouch
+end # module HieraEhttp
+

data/lib/hiera/backend/ehttp_backend.rb

@@ -8,8 +8,6 @@ class Hiera
 
       def initialize
         
-        Hiera.debug "test"
-        
         @config = Config[:ehttp]
 
         @http = Net::HTTP.new @config[:host], @config[:port]
@@ -43,8 +41,6 @@ class Hiera
 
       def lookup(key, scope, order_override, resolution_type)
 
-        Hiera.debug "test"
-
         answer = nil
 
         paths = @config[:paths].map { |p| Backend.parse_string p, scope, { 'key' => key } }

metadata

@@ -1,15 +1,17 @@
 --- !ruby/object:Gem::Specification
 name: hiera-ehttp
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.2
   prerelease: 
 platform: ruby
 authors:
-- Josh Hoover
+- ! 'floomby
+
+'
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-04-18 00:00:00.000000000 Z
+date: 2014-04-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json
@@ -29,7 +31,9 @@ dependencies:
         version: '0'
 description: Hiera backend for looking up data over HTTP APIs with support for encrypted
   values
-email: floomby@nmt.edu
+email: ! 'floomby@nmt.edu
+
+'
 executables:
 - hiera-ehttp
 extensions: []
@@ -38,7 +42,11 @@ files:
 - .gitignore
 - README.md
 - Rakefile
+- bin/couchrub.rb
+- bin/decrypt.rb
+- bin/encrypt.rb
 - bin/hiera-ehttp
+- bin/hiera-ehttp-couch.rb
 - lib/hiera/backend/ehttp_backend.rb
 homepage: http://github.com/floomby/hiera-ehttp
 licenses: []