hiera-eyaml-gkms 0.1.1 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 552d587ebe8aa72333f29a12094cb2afa42343b68c3814d827ba1275b9f59744
-  data.tar.gz: c3a3cabb664a4e490898c2fd36645abe5150438f816dc16ede5b8616d1a9dad1
+  metadata.gz: abebb63c34e498568039fc4a7489167332b7f07000420fc097a55ca9c3460158
+  data.tar.gz: ce894e6b529bb05e72adaccb1b57f9391a27c9c5299e10b70ef194064e7b342a
 SHA512:
-  metadata.gz: d5a1dd9d2a644c2c51417b333d75d1dfce07bd2d50ef0bc5e4f46729c6dea8b78807d1295e07cf004bc9fd70f9aad317694d5c8f886573c1687216fd34c30118
-  data.tar.gz: ea0808a4fe08991ed1f2710acdb946d1f23546c0af86e005d4da5a45d68c87c29b0b433365487df228f16ea6dd1e5c8a93929c9127d88eb2d370ad81d1810099
+  metadata.gz: c434a5041678dfb4f8803dca7b411e4c759bfac5222f7fbeb7f6a1a8ad0347703bac8cc706695ddf188cf72754ac6e6f0228b99bfc2a33fa094babd07e5354e1
+  data.tar.gz: ed69bf8d140839cb40c724e44b3f8b19ea1ab6452c6cf5e1b005d6dcec2b1344b2e11bc38b10b26db39d703830188abae230b40ca303f45d0537b30f1a7153bf

data/.github/workflows/release.yml

@@ -0,0 +1,30 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - '*'
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    if: github.repository_owner == 'craigwatson'
+    steps:
+      - uses: actions/checkout@v2
+      - name: Install Ruby 3.1
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '3.1'
+      - name: Build gem
+        run: gem build *.gemspec
+      - name: Publish gem to rubygems.org
+        run: gem push *.gem
+        env:
+          GEM_HOST_API_KEY: '${{ secrets.RUBYGEMS_AUTH_TOKEN }}'
+      - name: Setup GitHub packages access
+        run: |
+          mkdir -p ~/.gem
+          echo ":github: Bearer ${{ secrets.GITHUB_TOKEN }}" >> ~/.gem/credentials
+          chmod 0600 ~/.gem/credentials
+      - name: Publish gem to GitHub packages
+        run: gem push --key github --host https://rubygems.pkg.github.com/craigwatson *.gem

data/.github/workflows/test.yml

@@ -0,0 +1,84 @@
+name: Test
+
+on:
+  - pull_request
+  - push
+
+env:
+  BUNDLE_WITHOUT: release
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby:
+          - "2.5"
+          - "2.6"
+          - "2.7"
+          - "3.0"
+          - "3.1"
+        puppet:
+          - "~> 7.0"
+          - "~> 6.0"
+          - "https://github.com/puppetlabs/puppet.git#main"
+        exclude:
+          - ruby: "2.6"
+            puppet: "~> 7.0"
+          - ruby: "2.5"
+            puppet: "~> 7.0"
+
+          - ruby: "3.1"
+            puppet: "~> 6.0"
+          - ruby: "3.0"
+            puppet: "~> 6.0"
+
+          - ruby: "2.6"
+            puppet: "https://github.com/puppetlabs/puppet.git#main"
+          - ruby: "2.5"
+            puppet: "https://github.com/puppetlabs/puppet.git#main"
+    env:
+      PUPPET_VERSION: ${{ matrix.puppet }}
+      COVERAGE: ${{ matrix.coverage }}
+    name: "Ruby ${{ matrix.ruby }} - Puppet ${{ matrix.puppet }}"
+    steps:
+      - name: Enable coverage reporting on Ruby 3.1
+        if: matrix.puppet == '~> 7.0' && matrix.ruby == '3.1'
+        run: echo 'COVERAGE=yes' >> $GITHUB_ENV
+      - uses: actions/checkout@v2
+      - name: Install Ruby ${{ matrix.ruby }}
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+      - name: Rubocop
+        run: bundle exec rubocop
+      - name: Verify Build
+        run: gem build *.gemspec
+      - name: Integration
+        env:
+          GCP_CREDENTIALS: ${{ secrets.GCP_CREDENTIALS }}
+          GCP_PROJECT: ${{ secrets.GCP_PROJECT }}
+          GCP_LOCATION: ${{ secrets.GCP_LOCATION }}
+          GCP_KEYRING: ${{ secrets.GCP_KEYRING }}
+          GCP_CRYPTO_KEY: ${{ secrets.GCP_CRYPTO_KEY }}
+        run: |
+          echo "${GCP_CREDENTIALS}" > ./credentials.json
+          echo "${GITHUB_SHA}" > ./input.txt
+          bundle exec eyaml encrypt --gkms-project="${GCP_PROJECT}" \
+                                    --gkms-location="${GCP_LOCATION}" \
+                                    --gkms-keyring="${GCP_KEYRING}" \
+                                    --gkms-crypto-key="${GCP_CRYPTO_KEY}" \
+                                    --gkms-credentials=./credentials.json \
+                                    -n gkms -o string -s "${GITHUB_SHA}" > ./cipher.txt
+          bundle exec eyaml decrypt --gkms-project="${GCP_PROJECT}" \
+                                    --gkms-location="${GCP_LOCATION}" \
+                                    --gkms-keyring="${GCP_KEYRING}" \
+                                    --gkms-crypto-key="${GCP_CRYPTO_KEY}" \
+                                    --gkms-credentials=./credentials.json \
+                                    -n gkms -f ./cipher.txt > ./plain.txt
+          echo "Input: ${GITHUB_SHA}"
+          echo "Ciphertext: $(cat ./cipher.txt)"
+          echo "Plaintext: $(cat ./plain.txt)"
+          diff ./input.txt ./plain.txt

data/.gitignore

@@ -6,5 +6,9 @@ pkg/
 tmp/
 .DS_Store
 .ruby-version
-hiera-eyaml-google-kms-*.gem
+*.gem
 Gemfile.lock
+vendor
+.bundle/
+.envrc
+credentials.json

data/.rubocop.yml

@@ -1,14 +1,23 @@
 ---
 AllCops:
   DisplayCopNames: true
-  TargetRubyVersion: '2.4'
-Metrics/LineLength:
+  NewCops: enable
+  SuggestExtensions: false
+Gemspec/RequiredRubyVersion:
+  Enabled: false
+Gemspec/RequireMFA:
+  Enabled: false
+Layout/LineLength:
   Description: People have wide screens, use them.
   Max: 200
+Metrics/MethodLength:
+  Enabled: false
 Style/BlockDelimiters:
   Description: Prefer braces for chaining. Mostly an aesthetical choice. Better to
     be consistent then.
   EnforcedStyle: braces_for_chaining
+Style/HashSyntax:
+  EnforcedShorthandSyntax: either
 Style/EmptyElse:
   Description: Enforce against empty else clauses, but allow `nil` for clarity.
   EnforcedStyle: empty
@@ -47,37 +56,3 @@ Style/Documentation:
   - spec/**/*
 Style/WordArray:
   EnforcedStyle: brackets
-Style/ClassAndModuleChildren:
-  Enabled: false
-Style/CollectionMethods:
-  Enabled: true
-Style/MethodCalledOnDoEndBlock:
-  Enabled: true
-Style/StringMethods:
-  Enabled: true
-Layout/EndOfLine:
-  Enabled: false
-Layout/HeredocIndentation:
-  Enabled: false
-Metrics/AbcSize:
-  Enabled: false
-Metrics/BlockLength:
-  Enabled: false
-Metrics/ClassLength:
-  Enabled: false
-Metrics/CyclomaticComplexity:
-  Enabled: false
-Metrics/MethodLength:
-  Enabled: false
-Metrics/ModuleLength:
-  Enabled: false
-Metrics/ParameterLists:
-  Enabled: false
-Metrics/PerceivedComplexity:
-  Enabled: false
-Style/AsciiComments:
-  Enabled: false
-Style/IfUnlessModifier:
-  Enabled: false
-Style/SymbolProc:
-  Enabled: false

data/CHANGELOG.md

@@ -3,6 +3,9 @@
 Release notes for the Google Cloud KMS hiera-eyaml plugin.
 
 ---------------------------------------------------------
+## 2022-11-13 - 0.2.0
+  * Fully supporting google-cloud-kms 2.0 constructor syntax
+
 ## 2021-06-03 - 0.1.1
   * Loosened dependency version requirement on hiera-eyaml for compatibility with Puppet 7.7
 

data/Gemfile

@@ -1,4 +1,33 @@
 # frozen_string_literal: true
 
 source 'https://rubygems.org/'
+
+# Find a location or specific version for a gem. place_or_version can be a
+# version, which is most often used. It can also be git, which is specified as
+# `git://somewhere.git#branch`. You can also use a file source location, which
+# is specified as `file://some/location/on/disk`.
+def location_for(place_or_version, fake_version = nil)
+  case place_or_version
+  when %r{^(https[:@][^#]*)#(.*)}
+    [fake_version, { git: Regexp.last_match(1), branch: Regexp.last_match(2), require: false }].compact
+  when %r{^file://(.*)}
+    ['>= 0', { path: File.expand_path(Regexp.last_match(1)), require: false }]
+  else
+    [place_or_version, { require: false }]
+  end
+end
+
 gemspec
+
+group :development do
+  gem 'puppet', *location_for(ENV.fetch('PUPPET_VERSION')) if ENV.fetch('PUPPET_VERSION', nil)
+end
+
+group :test do
+  gem 'rubocop'
+end
+
+group :coverage, optional: ENV.fetch('COVERAGE', nil) != 'yes' do
+  gem 'codecov', require: false
+  gem 'simplecov-console', require: false
+end

data/README.md

@@ -1,6 +1,6 @@
 # hiera-eyaml-gkms
 
-[![Build Status](https://secure.travis-ci.org/craigwatson/hiera-eyaml-gkms.svg?branch=master)](http://travis-ci.org/craigwatson/hiera-eyaml-gkms)
+[![Build Status](https://github.com/craigwatson/hiera-eyaml-gkms/actions/workflows/test.yml/badge.svg?branch=master)](https://github.com/craigwatson/hiera-eyaml-gkms/actions/workflows/test.yml?query=branch%3Amaster++)
 [![Gem Version](https://img.shields.io/gem/v/hiera-eyaml-gkms.svg)](https://rubygems.org/gems/hiera-eyaml-gkms)
 [![Gem Downloads](https://img.shields.io/gem/dt/hiera-eyaml-gkms.svg)](https://rubygems.org/gems/hiera-eyaml-gkms)
 
@@ -62,6 +62,8 @@ The plugin can also be run using Google Compute Engine's service account by pass
 
 ## Terraform Example
 
+_Note: Due to changes in Terraform provider syntax and formatting, this code may age!_
+
 ```
 resource "google_kms_key_ring" "keyring" {
   name     = "keyring"
@@ -70,7 +72,7 @@ resource "google_kms_key_ring" "keyring" {
 
 resource "google_kms_crypto_key" "puppet_eyaml" {
   name     = "puppet_eyaml"
-  key_ring = "${google_kms_key_ring.keyring.self_link}"
+  key_ring = google_kms_key_ring.keyring.self_link
 
   lifecycle {
     prevent_destroy = true
@@ -78,7 +80,7 @@ resource "google_kms_crypto_key" "puppet_eyaml" {
 }
 
 resource "google_kms_crypto_key_iam_member" "eyaml" {
-  crypto_key_id = "${google_kms_crypto_key.puppet_eyaml.self_link}"
+  crypto_key_id = google_kms_crypto_key.puppet_eyaml.self_link
   role          = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
   member        = "serviceAccount:${data.google_project.project.number}-compute@developer.gserviceaccount.com"
 }

data/Rakefile

@@ -1,8 +1,30 @@
 # frozen_string_literal: true
 
+begin
+  require 'simplecov'
+  require 'simplecov-console'
+  require 'codecov'
+rescue LoadError
+else
+  SimpleCov.start do
+    track_files 'lib/**/*.rb'
+    add_filter '/spec'
+    enable_coverage :branch
+
+    # do not track vendored files
+    add_filter '/vendor'
+    add_filter '/.vendor'
+  end
+
+  SimpleCov.formatters = [
+    SimpleCov::Formatter::Console,
+    SimpleCov::Formatter::Codecov,
+  ]
+end
+
 require 'bundler/gem_tasks'
-require 'rubocop/rake_task'
 
+require 'rubocop/rake_task'
 RuboCop::RakeTask.new(:rubocop) do |t|
   t.options = ['--display-cop-names']
 end

data/hiera-eyaml-gkms.gemspec

@@ -7,24 +7,21 @@ require 'hiera/backend/eyaml/encryptors/gkms/version'
 require 'English'
 
 Gem::Specification.new do |gem|
-  gem.name = 'hiera-eyaml-gkms'
-  gem.version = Hiera::Backend::Eyaml::Encryptors::GkmsVersion::VERSION
+  gem.name        = 'hiera-eyaml-gkms'
+  gem.version     = Hiera::Backend::Eyaml::Encryptors::GkmsVersion::VERSION
   gem.description = 'Google Cloud KMS plugin for Hiera-EYAML'
-  gem.summary = 'Encryption plugin for hiera-eyaml backend for Hiera, using Google Cloud KMS'
-  gem.author = 'Craig Watson'
-  gem.license = 'Apache-2.0'
-  gem.required_ruby_version = '>=2.4'
+  gem.summary     = 'Encryption plugin for hiera-eyaml backend for Hiera, using Google Cloud KMS'
+  gem.author      = 'Craig Watson'
+  gem.license     = 'Apache-2.0'
+  gem.homepage    = 'https://github.com/craigwatson/hiera-eyaml-gkms'
 
-  gem.homepage = 'https://github.com/craigwatson/hiera-eyaml-gkms'
-  gem.files = `git ls-files`.split($RS)
-  gem.executables = gem.files.grep(%r{^bin/}).map { |f| File.basename(f) }
-  gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
+  gem.files         = `git ls-files`.split($INPUT_RECORD_SEPARATOR).grep_v(%r{/^features.*$/})
+  gem.executables   = gem.files.grep(%r{^bin/}).map { |f| File.basename(f) }
   gem.require_paths = ['lib']
 
-  gem.add_runtime_dependency('google-cloud-kms', '2.0.0')
-  gem.add_runtime_dependency('google-cloud-kms-v1', '0.3.0')
-  gem.add_runtime_dependency('hiera-eyaml', '>= 3.2.0', '< 4.0')
+  gem.add_dependency('google-cloud-kms', '2.0.0')
+  gem.add_dependency('hiera-eyaml', '>= 3.2.0', '< 4.0')
 
-  gem.add_development_dependency('rake', '13.0.1')
-  gem.add_development_dependency('rubocop', '1.3.1')
+  gem.required_ruby_version = '>= 2.5.0', ' < 4'
+  gem.metadata['rubygems_mfa_required'] = 'false'
 end

data/lib/hiera/backend/eyaml/encryptors/gkms/version.rb

@@ -5,7 +5,7 @@ class Hiera
     module Eyaml
       module Encryptors
         module GkmsVersion
-          VERSION = '0.1.1'
+          VERSION = '0.2.0'
         end
       end
     end

data/lib/hiera/backend/eyaml/encryptors/gkms.rb

@@ -56,14 +56,15 @@ class Hiera
               credentials = option :credentials
               raise StandardError, 'gkms_credentials is not defined' unless credentials
 
-              ::Google::Cloud::Kms::V1::KeyManagementService::Client.configure do |config|
+              Google::Cloud::Kms.configure do |config|
                 config.credentials = credentials
+                config.timeout = 10.0
               end
             else
               ENV['GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS'] = '1'
             end
 
-            ::Google::Cloud::Kms::V1::KeyManagementService::Client.new
+            ::Google::Cloud::Kms.key_management_service
           end
 
           def self.key_path

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: hiera-eyaml-gkms
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.0
 platform: ruby
 authors:
 - Craig Watson
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-06-03 00:00:00.000000000 Z
+date: 2022-11-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: google-cloud-kms
@@ -24,20 +24,6 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 2.0.0
-- !ruby/object:Gem::Dependency
-  name: google-cloud-kms-v1
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.3.0
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.3.0
 - !ruby/object:Gem::Dependency
   name: hiera-eyaml
   requirement: !ruby/object:Gem::Requirement
@@ -58,43 +44,16 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '4.0'
-- !ruby/object:Gem::Dependency
-  name: rake
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 13.0.1
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 13.0.1
-- !ruby/object:Gem::Dependency
-  name: rubocop
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 1.3.1
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 1.3.1
 description: Google Cloud KMS plugin for Hiera-EYAML
 email: 
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/release.yml"
+- ".github/workflows/test.yml"
 - ".gitignore"
 - ".rubocop.yml"
-- ".travis.yml"
 - CHANGELOG.md
 - Gemfile
 - LICENSE.txt
@@ -108,7 +67,8 @@ files:
 homepage: https://github.com/craigwatson/hiera-eyaml-gkms
 licenses:
 - Apache-2.0
-metadata: {}
+metadata:
+  rubygems_mfa_required: 'false'
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -117,14 +77,17 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.4'
+      version: 2.5.0
+  - - "<"
+    - !ruby/object:Gem::Version
+      version: '4'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.3.7
 signing_key: 
 specification_version: 4
 summary: Encryption plugin for hiera-eyaml backend for Hiera, using Google Cloud KMS

data/.travis.yml

@@ -1,19 +0,0 @@
----
-dist: trusty
-language: ruby
-cache: bundler
-sudo: false
-before_install:
-  - bundle -v
-  - rm Gemfile.lock || true
-  - gem update --system $RUBYGEMS_VERSION
-  - gem update bundler
-  - gem --version
-  - bundle -v
-script:
-  bundle exec rake rubocop
-matrix:
-  include:
-    - rvm: 2.4.10
-    - rvm: 2.6.6
-    - rvm: 2.7.2