hiera-eyaml-gkms 0.0.3 → 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +2 -2
- data/.travis.yml +3 -3
- data/CHANGELOG.md +3 -0
- data/Gemfile +2 -0
- data/Rakefile +2 -0
- data/hiera-eyaml-gkms.gemspec +18 -13
- data/lib/hiera/backend/eyaml/encryptors/gkms.rb +43 -43
- data/lib/hiera/backend/eyaml/encryptors/gkms/eyaml_init.rb +2 -0
- data/lib/hiera/backend/eyaml/encryptors/gkms/version.rb +3 -1
- metadata +48 -20
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e16b1c815e5bc74c2548159c84a9eb448a781d79a20ba1eb16ca4e81e4a3855a
|
4
|
+
data.tar.gz: 20eaf798b3440cd657c1dfb5a677fa3e5bbce156df9d92bea1ad6a78598c5e68
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 565ac939dd8db31c6ba49c6e342666be651de00e08f58b507debfa5b1d851b23edb4952a308a7a08ba45f5c7b2796d3c43cb8fa48f25144061a2886ff477fa98
|
7
|
+
data.tar.gz: 4c94a6f19eeac526f634dc74475179779201fc0f9bf0f36bb7ece6bcd0e9fde6bf03232703fe8196aaa04773a938d1c231a113d6d367db650275a70c088a105d
|
data/.rubocop.yml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
AllCops:
|
3
3
|
DisplayCopNames: true
|
4
|
-
TargetRubyVersion: '2.
|
4
|
+
TargetRubyVersion: '2.4'
|
5
5
|
Metrics/LineLength:
|
6
6
|
Description: People have wide screens, use them.
|
7
7
|
Max: 200
|
@@ -57,7 +57,7 @@ Style/StringMethods:
|
|
57
57
|
Enabled: true
|
58
58
|
Layout/EndOfLine:
|
59
59
|
Enabled: false
|
60
|
-
Layout/
|
60
|
+
Layout/HeredocIndentation:
|
61
61
|
Enabled: false
|
62
62
|
Metrics/AbcSize:
|
63
63
|
Enabled: false
|
data/.travis.yml
CHANGED
data/CHANGELOG.md
CHANGED
@@ -4,6 +4,9 @@ Release notes for the Google Cloud KMS hiera-eyaml plugin.
|
|
4
4
|
|
5
5
|
---------------------------------------------------------
|
6
6
|
|
7
|
+
## 2020-11-18 - 0.1.0
|
8
|
+
* Updated to support google-cloud-kms 2.0.0
|
9
|
+
|
7
10
|
## 2019-03-11 - 0.0.3
|
8
11
|
* Under the hood testing and style improvements
|
9
12
|
|
data/Gemfile
CHANGED
data/Rakefile
CHANGED
data/hiera-eyaml-gkms.gemspec
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
lib = File.expand_path('lib', __dir__)
|
2
4
|
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
3
5
|
|
@@ -5,21 +7,24 @@ require 'hiera/backend/eyaml/encryptors/gkms/version'
|
|
5
7
|
require 'English'
|
6
8
|
|
7
9
|
Gem::Specification.new do |gem|
|
8
|
-
gem.name
|
9
|
-
gem.version
|
10
|
-
gem.description
|
11
|
-
gem.summary
|
12
|
-
gem.author
|
13
|
-
gem.license
|
10
|
+
gem.name = 'hiera-eyaml-gkms'
|
11
|
+
gem.version = Hiera::Backend::Eyaml::Encryptors::GkmsVersion::VERSION
|
12
|
+
gem.description = 'Google Cloud KMS plugin for Hiera-EYAML'
|
13
|
+
gem.summary = 'Encryption plugin for hiera-eyaml backend for Hiera, using Google Cloud KMS'
|
14
|
+
gem.author = 'Craig Watson'
|
15
|
+
gem.license = 'Apache-2.0'
|
16
|
+
gem.required_ruby_version = '>=2.4'
|
14
17
|
|
15
|
-
gem.homepage
|
16
|
-
gem.files
|
17
|
-
gem.executables
|
18
|
-
gem.test_files
|
18
|
+
gem.homepage = 'https://github.com/craigwatson/hiera-eyaml-gkms'
|
19
|
+
gem.files = `git ls-files`.split($RS)
|
20
|
+
gem.executables = gem.files.grep(%r{^bin/}).map { |f| File.basename(f) }
|
21
|
+
gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
|
19
22
|
gem.require_paths = ['lib']
|
20
23
|
|
21
|
-
gem.add_runtime_dependency('
|
24
|
+
gem.add_runtime_dependency('google-cloud-kms', '2.0.0')
|
25
|
+
gem.add_runtime_dependency('google-cloud-kms-v1', '0.3.0')
|
26
|
+
gem.add_runtime_dependency('hiera-eyaml', '3.2.0')
|
22
27
|
|
23
|
-
gem.add_development_dependency('rake')
|
24
|
-
gem.add_development_dependency('rubocop')
|
28
|
+
gem.add_development_dependency('rake', '13.0.1')
|
29
|
+
gem.add_development_dependency('rubocop', '1.3.1')
|
25
30
|
end
|
@@ -1,5 +1,8 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
begin
|
2
4
|
require 'google/cloud/kms'
|
5
|
+
require 'google/cloud/kms/v1'
|
3
6
|
rescue LoadError
|
4
7
|
raise StandardError, 'hiera-eyaml-gkms requires the google-cloud-kms gem'
|
5
8
|
end
|
@@ -15,79 +18,76 @@ class Hiera
|
|
15
18
|
module Encryptors
|
16
19
|
# Google KMS plugin for hiera-eyaml
|
17
20
|
class Gkms < Encryptor
|
18
|
-
VERSION
|
19
|
-
self.tag
|
21
|
+
VERSION = ::Hiera::Backend::Eyaml::Encryptors::GkmsVersion::VERSION
|
22
|
+
self.tag = 'GKMS'
|
20
23
|
self.options = {
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
'default' => ''
|
24
|
+
project: {
|
25
|
+
desc: 'GCP Project',
|
26
|
+
type: :string
|
25
27
|
},
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
28
|
+
location: {
|
29
|
+
desc: 'GCP Region of the KMS Keyring',
|
30
|
+
type: :string,
|
31
|
+
default: 'global'
|
30
32
|
},
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
'default' => ''
|
33
|
+
keyring: {
|
34
|
+
desc: 'GCP KMS Keyring name',
|
35
|
+
type: :string
|
35
36
|
},
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
'default' => ''
|
37
|
+
crypto_key: {
|
38
|
+
desc: 'GCP KMS Crypto Key name',
|
39
|
+
type: :string
|
40
40
|
},
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
41
|
+
auth_type: {
|
42
|
+
desc: 'Authentication type for GCP SDK',
|
43
|
+
type: :string,
|
44
|
+
default: 'serviceaccount'
|
45
45
|
},
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
'default' => ''
|
46
|
+
credentials: {
|
47
|
+
desc: 'GCP Service Account credentials',
|
48
|
+
type: :string
|
50
49
|
}
|
51
50
|
}
|
52
51
|
|
53
52
|
def self.kms_client
|
54
|
-
auth_type = option
|
53
|
+
auth_type = option :auth_type
|
55
54
|
|
56
55
|
if auth_type == 'serviceaccount'
|
57
|
-
credentials = option
|
56
|
+
credentials = option :credentials
|
58
57
|
raise StandardError, 'gkms_credentials is not defined' unless credentials
|
59
58
|
|
60
|
-
|
59
|
+
::Google::Cloud::Kms::V1::KeyManagementService::Client.configure do |config|
|
60
|
+
config.credentials = credentials
|
61
|
+
end
|
61
62
|
else
|
62
|
-
|
63
|
+
ENV['GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS'] = '1'
|
63
64
|
end
|
64
65
|
|
65
|
-
Google::Cloud::Kms.new
|
66
|
+
::Google::Cloud::Kms::V1::KeyManagementService::Client.new
|
66
67
|
end
|
67
68
|
|
68
69
|
def self.key_path
|
69
|
-
project
|
70
|
-
location
|
71
|
-
|
72
|
-
crypto_key
|
70
|
+
project = option :project
|
71
|
+
location = option :location
|
72
|
+
key_ring = option :keyring
|
73
|
+
crypto_key = option :crypto_key
|
73
74
|
|
74
75
|
raise StandardError, 'gkms_project is not defined' unless project
|
75
|
-
raise StandardError, 'gkms_keyring is not defined' unless
|
76
|
+
raise StandardError, 'gkms_keyring is not defined' unless key_ring
|
76
77
|
raise StandardError, 'gkms_crypto_key is not defined' unless crypto_key
|
77
78
|
|
78
|
-
|
79
|
+
kms_client.crypto_key_path project: project,
|
80
|
+
location: location,
|
81
|
+
key_ring: key_ring,
|
82
|
+
crypto_key: crypto_key
|
79
83
|
end
|
80
84
|
|
81
85
|
def self.encrypt(plaintext)
|
82
|
-
kms_client
|
83
|
-
key_path = self.key_path
|
84
|
-
kms_client.encrypt(key_path, plaintext).ciphertext
|
86
|
+
kms_client.encrypt(name: key_path, plaintext: plaintext).ciphertext
|
85
87
|
end
|
86
88
|
|
87
89
|
def self.decrypt(ciphertext)
|
88
|
-
kms_client
|
89
|
-
key_path = self.key_path
|
90
|
-
kms_client.decrypt(key_path, ciphertext).plaintext
|
90
|
+
kms_client.decrypt(name: key_path, ciphertext: ciphertext).plaintext
|
91
91
|
end
|
92
92
|
end
|
93
93
|
end
|
metadata
CHANGED
@@ -1,59 +1,87 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: hiera-eyaml-gkms
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0
|
4
|
+
version: 0.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Craig Watson
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-12-01 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: google-cloud-kms
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - '='
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: 2.0.0
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - '='
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: 2.0.0
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: google-cloud-kms-v1
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - '='
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: 0.3.0
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - '='
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: 0.3.0
|
13
41
|
- !ruby/object:Gem::Dependency
|
14
42
|
name: hiera-eyaml
|
15
43
|
requirement: !ruby/object:Gem::Requirement
|
16
44
|
requirements:
|
17
|
-
- -
|
45
|
+
- - '='
|
18
46
|
- !ruby/object:Gem::Version
|
19
|
-
version:
|
47
|
+
version: 3.2.0
|
20
48
|
type: :runtime
|
21
49
|
prerelease: false
|
22
50
|
version_requirements: !ruby/object:Gem::Requirement
|
23
51
|
requirements:
|
24
|
-
- -
|
52
|
+
- - '='
|
25
53
|
- !ruby/object:Gem::Version
|
26
|
-
version:
|
54
|
+
version: 3.2.0
|
27
55
|
- !ruby/object:Gem::Dependency
|
28
56
|
name: rake
|
29
57
|
requirement: !ruby/object:Gem::Requirement
|
30
58
|
requirements:
|
31
|
-
- -
|
59
|
+
- - '='
|
32
60
|
- !ruby/object:Gem::Version
|
33
|
-
version:
|
61
|
+
version: 13.0.1
|
34
62
|
type: :development
|
35
63
|
prerelease: false
|
36
64
|
version_requirements: !ruby/object:Gem::Requirement
|
37
65
|
requirements:
|
38
|
-
- -
|
66
|
+
- - '='
|
39
67
|
- !ruby/object:Gem::Version
|
40
|
-
version:
|
68
|
+
version: 13.0.1
|
41
69
|
- !ruby/object:Gem::Dependency
|
42
70
|
name: rubocop
|
43
71
|
requirement: !ruby/object:Gem::Requirement
|
44
72
|
requirements:
|
45
|
-
- -
|
73
|
+
- - '='
|
46
74
|
- !ruby/object:Gem::Version
|
47
|
-
version:
|
75
|
+
version: 1.3.1
|
48
76
|
type: :development
|
49
77
|
prerelease: false
|
50
78
|
version_requirements: !ruby/object:Gem::Requirement
|
51
79
|
requirements:
|
52
|
-
- -
|
80
|
+
- - '='
|
53
81
|
- !ruby/object:Gem::Version
|
54
|
-
version:
|
82
|
+
version: 1.3.1
|
55
83
|
description: Google Cloud KMS plugin for Hiera-EYAML
|
56
|
-
email:
|
84
|
+
email:
|
57
85
|
executables: []
|
58
86
|
extensions: []
|
59
87
|
extra_rdoc_files: []
|
@@ -75,7 +103,7 @@ homepage: https://github.com/craigwatson/hiera-eyaml-gkms
|
|
75
103
|
licenses:
|
76
104
|
- Apache-2.0
|
77
105
|
metadata: {}
|
78
|
-
post_install_message:
|
106
|
+
post_install_message:
|
79
107
|
rdoc_options: []
|
80
108
|
require_paths:
|
81
109
|
- lib
|
@@ -83,15 +111,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
83
111
|
requirements:
|
84
112
|
- - ">="
|
85
113
|
- !ruby/object:Gem::Version
|
86
|
-
version: '
|
114
|
+
version: '2.4'
|
87
115
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
88
116
|
requirements:
|
89
117
|
- - ">="
|
90
118
|
- !ruby/object:Gem::Version
|
91
119
|
version: '0'
|
92
120
|
requirements: []
|
93
|
-
rubygems_version: 3.
|
94
|
-
signing_key:
|
121
|
+
rubygems_version: 3.1.4
|
122
|
+
signing_key:
|
95
123
|
specification_version: 4
|
96
124
|
summary: Encryption plugin for hiera-eyaml backend for Hiera, using Google Cloud KMS
|
97
125
|
test_files: []
|