hiera-eyaml-gkms 0.0.2 → 0.0.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/.rubocop.yml +83 -0
- data/.travis.yml +19 -0
- data/CHANGELOG.md +3 -0
- data/Gemfile +0 -7
- data/README.md +2 -1
- data/Rakefile +6 -1
- data/hiera-eyaml-gkms.gemspec +18 -14
- data/lib/hiera/backend/eyaml/encryptors/gkms.rb +46 -44
- data/lib/hiera/backend/eyaml/encryptors/gkms/version.rb +11 -0
- metadata +20 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9bc9e778863a8ef92229ce51fd5a941ae5cddc7535f1603e76257c333782ed5d
|
4
|
+
data.tar.gz: baf3e6149681d0b3cd981b170389205d68915d6212b19cf5cabd93c436230d9c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 705157438320d69e2bdc6cdb9be1f449a86746567877bfe0794021d4d8f34a0f572c1bb17e93e62f3098670b9138253414b7a042392ac2d9a474cc22803c79b9
|
7
|
+
data.tar.gz: 9c414947801011758db08925b3f6cbedb832000aeccc421fafb5634f5552c5c9d6f203990ba9849040397ee14c93082b1cf593ee7a8fb95b0ffbf6a8fd993a3f
|
data/.gitignore
CHANGED
data/.rubocop.yml
ADDED
@@ -0,0 +1,83 @@
|
|
1
|
+
---
|
2
|
+
AllCops:
|
3
|
+
DisplayCopNames: true
|
4
|
+
TargetRubyVersion: '2.2'
|
5
|
+
Metrics/LineLength:
|
6
|
+
Description: People have wide screens, use them.
|
7
|
+
Max: 200
|
8
|
+
Style/BlockDelimiters:
|
9
|
+
Description: Prefer braces for chaining. Mostly an aesthetical choice. Better to
|
10
|
+
be consistent then.
|
11
|
+
EnforcedStyle: braces_for_chaining
|
12
|
+
Style/EmptyElse:
|
13
|
+
Description: Enforce against empty else clauses, but allow `nil` for clarity.
|
14
|
+
EnforcedStyle: empty
|
15
|
+
Style/FormatString:
|
16
|
+
Description: Following the main puppet project's style, prefer the % format format.
|
17
|
+
EnforcedStyle: percent
|
18
|
+
Style/FormatStringToken:
|
19
|
+
Description: Following the main puppet project's style, prefer the simpler template
|
20
|
+
tokens over annotated ones.
|
21
|
+
EnforcedStyle: template
|
22
|
+
Style/Lambda:
|
23
|
+
Description: Prefer the keyword for easier discoverability.
|
24
|
+
EnforcedStyle: literal
|
25
|
+
Style/RegexpLiteral:
|
26
|
+
Description: Community preference. See https://github.com/voxpupuli/modulesync_config/issues/168
|
27
|
+
EnforcedStyle: percent_r
|
28
|
+
Style/TernaryParentheses:
|
29
|
+
Description: Checks for use of parentheses around ternary conditions. Enforce parentheses
|
30
|
+
on complex expressions for better readability, but seriously consider breaking
|
31
|
+
it up.
|
32
|
+
EnforcedStyle: require_parentheses_when_complex
|
33
|
+
Style/TrailingCommaInArguments:
|
34
|
+
Description: Prefer always trailing comma on multiline argument lists. This makes
|
35
|
+
diffs, and re-ordering nicer.
|
36
|
+
EnforcedStyleForMultiline: comma
|
37
|
+
Style/TrailingCommaInArrayLiteral:
|
38
|
+
Description: Prefer always trailing comma on multiline literals. This makes diffs,
|
39
|
+
and re-ordering nicer.
|
40
|
+
EnforcedStyleForMultiline: comma
|
41
|
+
Style/SymbolArray:
|
42
|
+
Description: Using percent style obscures symbolic intent of array's contents.
|
43
|
+
EnforcedStyle: brackets
|
44
|
+
Style/Documentation:
|
45
|
+
Exclude:
|
46
|
+
- lib/puppet/parser/functions/**/*
|
47
|
+
- spec/**/*
|
48
|
+
Style/WordArray:
|
49
|
+
EnforcedStyle: brackets
|
50
|
+
Style/ClassAndModuleChildren:
|
51
|
+
Enabled: false
|
52
|
+
Style/CollectionMethods:
|
53
|
+
Enabled: true
|
54
|
+
Style/MethodCalledOnDoEndBlock:
|
55
|
+
Enabled: true
|
56
|
+
Style/StringMethods:
|
57
|
+
Enabled: true
|
58
|
+
Layout/EndOfLine:
|
59
|
+
Enabled: false
|
60
|
+
Layout/IndentHeredoc:
|
61
|
+
Enabled: false
|
62
|
+
Metrics/AbcSize:
|
63
|
+
Enabled: false
|
64
|
+
Metrics/BlockLength:
|
65
|
+
Enabled: false
|
66
|
+
Metrics/ClassLength:
|
67
|
+
Enabled: false
|
68
|
+
Metrics/CyclomaticComplexity:
|
69
|
+
Enabled: false
|
70
|
+
Metrics/MethodLength:
|
71
|
+
Enabled: false
|
72
|
+
Metrics/ModuleLength:
|
73
|
+
Enabled: false
|
74
|
+
Metrics/ParameterLists:
|
75
|
+
Enabled: false
|
76
|
+
Metrics/PerceivedComplexity:
|
77
|
+
Enabled: false
|
78
|
+
Style/AsciiComments:
|
79
|
+
Enabled: false
|
80
|
+
Style/IfUnlessModifier:
|
81
|
+
Enabled: false
|
82
|
+
Style/SymbolProc:
|
83
|
+
Enabled: false
|
data/.travis.yml
ADDED
@@ -0,0 +1,19 @@
|
|
1
|
+
---
|
2
|
+
dist: trusty
|
3
|
+
language: ruby
|
4
|
+
cache: bundler
|
5
|
+
sudo: false
|
6
|
+
before_install:
|
7
|
+
- bundle -v
|
8
|
+
- rm Gemfile.lock || true
|
9
|
+
- gem update --system $RUBYGEMS_VERSION
|
10
|
+
- gem update bundler
|
11
|
+
- gem --version
|
12
|
+
- bundle -v
|
13
|
+
script:
|
14
|
+
bundle exec rake rubocop
|
15
|
+
matrix:
|
16
|
+
include:
|
17
|
+
- rvm: 2.1.9
|
18
|
+
env: RUBYGEMS_VERSION=2.7.8
|
19
|
+
- rvm: 2.4.2
|
data/CHANGELOG.md
CHANGED
@@ -4,6 +4,9 @@ Release notes for the Google Cloud KMS hiera-eyaml plugin.
|
|
4
4
|
|
5
5
|
---------------------------------------------------------
|
6
6
|
|
7
|
+
## 2019-03-11 - 0.0.3
|
8
|
+
* Under the hood testing and style improvements
|
9
|
+
|
7
10
|
## 2019-03-11 - 0.0.2
|
8
11
|
* Version now reports properly to hiera-eyaml core
|
9
12
|
|
data/Gemfile
CHANGED
data/README.md
CHANGED
@@ -1,5 +1,6 @@
|
|
1
|
-
# hiera-eyaml-
|
1
|
+
# hiera-eyaml-gkms
|
2
2
|
|
3
|
+
[![Build Status](https://secure.travis-ci.org/craigwatson/hiera-eyaml-gkms.svg?branch=master)](http://travis-ci.org/craigwatson/hiera-eyaml-gkms)
|
3
4
|
[![Gem Version](https://img.shields.io/gem/v/hiera-eyaml-gkms.svg)](https://rubygems.org/gems/hiera-eyaml-gkms)
|
4
5
|
[![Gem Downloads](https://img.shields.io/gem/dt/hiera-eyaml-gkms.svg)](https://rubygems.org/gems/hiera-eyaml-gkms)
|
5
6
|
|
data/Rakefile
CHANGED
data/hiera-eyaml-gkms.gemspec
CHANGED
@@ -1,21 +1,25 @@
|
|
1
|
-
lib = File.expand_path('
|
1
|
+
lib = File.expand_path('lib', __dir__)
|
2
2
|
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
3
|
-
|
3
|
+
|
4
|
+
require 'hiera/backend/eyaml/encryptors/gkms/version'
|
5
|
+
require 'English'
|
4
6
|
|
5
7
|
Gem::Specification.new do |gem|
|
6
|
-
gem.name =
|
7
|
-
gem.version = Hiera::Backend::Eyaml::Encryptors::
|
8
|
-
gem.description =
|
9
|
-
gem.summary =
|
10
|
-
gem.author =
|
11
|
-
gem.license =
|
8
|
+
gem.name = 'hiera-eyaml-gkms'
|
9
|
+
gem.version = Hiera::Backend::Eyaml::Encryptors::GkmsVersion::VERSION
|
10
|
+
gem.description = 'Google Cloud KMS plugin for Hiera-EYAML'
|
11
|
+
gem.summary = 'Encryption plugin for hiera-eyaml backend for Hiera, using Google Cloud KMS'
|
12
|
+
gem.author = 'Craig Watson'
|
13
|
+
gem.license = 'Apache-2.0'
|
12
14
|
|
13
|
-
gem.homepage =
|
14
|
-
gem.files = `git ls-files`.split(
|
15
|
-
gem.executables = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
|
15
|
+
gem.homepage = 'https://github.com/craigwatson/hiera-eyaml-gkms'
|
16
|
+
gem.files = `git ls-files`.split($RS)
|
17
|
+
gem.executables = gem.files.grep(%r{^bin/}).map { |f| File.basename(f) }
|
16
18
|
gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
|
17
|
-
gem.require_paths = [
|
19
|
+
gem.require_paths = ['lib']
|
20
|
+
|
21
|
+
gem.add_runtime_dependency('hiera-eyaml', '>=1.3.8')
|
18
22
|
|
19
|
-
gem.
|
20
|
-
gem.
|
23
|
+
gem.add_development_dependency('rake')
|
24
|
+
gem.add_development_dependency('rubocop')
|
21
25
|
end
|
@@ -1,88 +1,90 @@
|
|
1
1
|
begin
|
2
2
|
require 'google/cloud/kms'
|
3
3
|
rescue LoadError
|
4
|
-
|
4
|
+
raise StandardError, 'hiera-eyaml-gkms requires the google-cloud-kms gem'
|
5
5
|
end
|
6
6
|
|
7
7
|
require 'hiera/backend/eyaml/encryptor'
|
8
8
|
require 'hiera/backend/eyaml/utils'
|
9
9
|
require 'hiera/backend/eyaml/options'
|
10
|
+
require 'hiera/backend/eyaml/encryptors/gkms/version'
|
10
11
|
|
11
12
|
class Hiera
|
12
13
|
module Backend
|
13
14
|
module Eyaml
|
14
15
|
module Encryptors
|
16
|
+
# Google KMS plugin for hiera-eyaml
|
15
17
|
class Gkms < Encryptor
|
16
|
-
|
17
|
-
|
18
|
-
self.tag = "GKMS"
|
18
|
+
VERSION = Hiera::Backend::Eyaml::Encryptors::GkmsVersion::VERSION
|
19
|
+
self.tag = 'GKMS'
|
19
20
|
self.options = {
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
},
|
25
|
-
:location => {
|
26
|
-
:desc => "GCP Region of the KMS Keyring",
|
27
|
-
:type => :string,
|
28
|
-
:default => "europe-west1"
|
21
|
+
'project' => {
|
22
|
+
'desc' => 'GCP Project',
|
23
|
+
'type' => 'string',
|
24
|
+
'default' => ''
|
29
25
|
},
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
26
|
+
'location' => {
|
27
|
+
'desc' => 'GCP Region of the KMS Keyring',
|
28
|
+
'type' => 'string',
|
29
|
+
'default' => 'europe-west1'
|
34
30
|
},
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
31
|
+
'keyring' => {
|
32
|
+
'desc' => 'GCP KMS Keyring name',
|
33
|
+
'type' => 'string',
|
34
|
+
'default' => ''
|
39
35
|
},
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
36
|
+
'crypto_key' => {
|
37
|
+
'desc' => 'GCP KMS Crypto Key name',
|
38
|
+
'type' => 'string',
|
39
|
+
'default' => ''
|
44
40
|
},
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
41
|
+
'auth_type' => {
|
42
|
+
'desc' => 'Authentication type for GCP SDK',
|
43
|
+
'type' => 'string',
|
44
|
+
'default' => 'serviceaccount'
|
49
45
|
},
|
46
|
+
'credentials' => {
|
47
|
+
'desc' => 'GCP Service Account credentials',
|
48
|
+
'type' => 'string',
|
49
|
+
'default' => ''
|
50
|
+
}
|
50
51
|
}
|
51
52
|
|
52
53
|
def self.kms_client
|
53
|
-
auth_type =
|
54
|
+
auth_type = option('auth_type')
|
55
|
+
|
56
|
+
if auth_type == 'serviceaccount'
|
57
|
+
credentials = option('credentials')
|
58
|
+
raise StandardError, 'gkms_credentials is not defined' unless credentials
|
54
59
|
|
55
|
-
if auth_type == "serviceaccount"
|
56
|
-
credentials = self.option :credentials
|
57
|
-
raise StandardError, "gkms_credentials is not defined" unless credentials
|
58
60
|
client_opts = { version: 'v1', credentials: credentials }
|
59
61
|
else
|
60
62
|
client_opts = { version: 'v1' }
|
61
63
|
end
|
62
64
|
|
63
|
-
|
65
|
+
Google::Cloud::Kms.new(client_opts)
|
64
66
|
end
|
65
67
|
|
66
68
|
def self.key_path
|
67
|
-
project =
|
68
|
-
location =
|
69
|
-
keyring =
|
70
|
-
crypto_key =
|
69
|
+
project = option('project')
|
70
|
+
location = option('location')
|
71
|
+
keyring = option('keyring')
|
72
|
+
crypto_key = option('crypto_key')
|
71
73
|
|
72
|
-
raise StandardError,
|
73
|
-
raise StandardError,
|
74
|
-
raise StandardError,
|
74
|
+
raise StandardError, 'gkms_project is not defined' unless project
|
75
|
+
raise StandardError, 'gkms_keyring is not defined' unless keyring
|
76
|
+
raise StandardError, 'gkms_crypto_key is not defined' unless crypto_key
|
75
77
|
|
76
|
-
|
78
|
+
Google::Cloud::Kms::V1::KeyManagementServiceClient.crypto_key_path(project, location, keyring, crypto_key)
|
77
79
|
end
|
78
80
|
|
79
|
-
def self.encrypt
|
81
|
+
def self.encrypt(plaintext)
|
80
82
|
kms_client = self.kms_client
|
81
83
|
key_path = self.key_path
|
82
84
|
kms_client.encrypt(key_path, plaintext).ciphertext
|
83
85
|
end
|
84
86
|
|
85
|
-
def self.decrypt
|
87
|
+
def self.decrypt(ciphertext)
|
86
88
|
kms_client = self.kms_client
|
87
89
|
key_path = self.key_path
|
88
90
|
kms_client.decrypt(key_path, ciphertext).plaintext
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: hiera-eyaml-gkms
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Craig Watson
|
@@ -25,13 +25,27 @@ dependencies:
|
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: 1.3.8
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
|
-
name:
|
28
|
+
name: rake
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
31
|
- - ">="
|
32
32
|
- !ruby/object:Gem::Version
|
33
33
|
version: '0'
|
34
|
-
type: :
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - ">="
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rubocop
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ">="
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '0'
|
48
|
+
type: :development
|
35
49
|
prerelease: false
|
36
50
|
version_requirements: !ruby/object:Gem::Requirement
|
37
51
|
requirements:
|
@@ -45,6 +59,8 @@ extensions: []
|
|
45
59
|
extra_rdoc_files: []
|
46
60
|
files:
|
47
61
|
- ".gitignore"
|
62
|
+
- ".rubocop.yml"
|
63
|
+
- ".travis.yml"
|
48
64
|
- CHANGELOG.md
|
49
65
|
- Gemfile
|
50
66
|
- LICENSE.txt
|
@@ -53,6 +69,7 @@ files:
|
|
53
69
|
- hiera-eyaml-gkms.gemspec
|
54
70
|
- lib/hiera/backend/eyaml/encryptors/gkms.rb
|
55
71
|
- lib/hiera/backend/eyaml/encryptors/gkms/eyaml_init.rb
|
72
|
+
- lib/hiera/backend/eyaml/encryptors/gkms/version.rb
|
56
73
|
- tools/regem.sh
|
57
74
|
homepage: https://github.com/craigwatson/hiera-eyaml-gkms
|
58
75
|
licenses:
|