hiera-eyaml-gpg 0.7.rc1 → 0.7.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9a1e340aeafc6de92a8995f984c749e70c80cf4a
-  data.tar.gz: 4190de8d0b44f4a0090ba08639fa647af0329ad0
+  metadata.gz: 2af61d8a176da52612993cbf649a6eafda4e5d6f
+  data.tar.gz: 0a7db420491c2f13023eedea25c003376236ea11
 SHA512:
-  metadata.gz: ba6dbc9e96ec7e9667d026685c56da46e995c9a7753e850b7a457402cd06ac72e3a055da3de0464d6ff9ec629eec7c1082b64842a86b1a9096d7dc40acb4d07b
-  data.tar.gz: 08e384319fe422d1b028571fa91bdc320af8fc337b2cc08721dffca13aaeec50755aeb6c828f1df8a3e1232d6cae90def1918f07940f8d15dbfabda8066f56bd
+  metadata.gz: a827e567460559cbf2d7a5de01322bcc799869c627c9b6307bbefe76ea071955e3bd519268f1b571000f79825f5f90658fa1c42e784a920ad3de6e0a624beea1
+  data.tar.gz: 8b2d4a1f4b87f9a92534200ce3169d5052b12f1a9b2178197768a65e0b39de56a41194ce027f6db34463fa81bb85eae9e0c0d04f1e702fc2a97af2628ad27d1b

data/.gitignore

@@ -5,3 +5,5 @@ keys/*.pem
 pkg/
 tmp/
 .DS_Store
+.ruby-version
+Gemfile.lock

data/.rubocop.yml

@@ -0,0 +1,489 @@
+AllCops:
+  TargetRubyVersion: 1.9
+Lint/ConditionPosition:
+  Enabled: True
+
+Lint/ElseLayout:
+  Enabled: True
+
+Lint/UnreachableCode:
+  Enabled: True
+
+Lint/UselessComparison:
+  Enabled: True
+
+Lint/EnsureReturn:
+  Enabled: True
+
+Lint/HandleExceptions:
+  Enabled: True
+
+Lint/LiteralInCondition:
+  Enabled: True
+
+Lint/ShadowingOuterLocalVariable:
+  Enabled: True
+
+Lint/LiteralInInterpolation:
+  Enabled: True
+
+Style/HashSyntax:
+  Enabled: True
+
+Style/RedundantReturn:
+  Enabled: True
+
+Layout/EndOfLine:
+  Enabled: False
+
+Lint/AmbiguousOperator:
+  Enabled: True
+
+Lint/AssignmentInCondition:
+  Enabled: True
+
+Layout/SpaceBeforeComment:
+  Enabled: True
+
+Style/AndOr:
+  Enabled: True
+
+Style/RedundantSelf:
+  Enabled: True
+
+Metrics/BlockLength:
+  Enabled: False
+
+# Method length is not necessarily an indicator of code quality
+Metrics/MethodLength:
+  Enabled: False
+
+Metrics/ModuleLength:
+  Enabled: True
+
+Style/WhileUntilModifier:
+  Enabled: True
+
+Lint/AmbiguousRegexpLiteral:
+  Enabled: True
+
+Security/Eval:
+  Enabled: True
+
+Lint/BlockAlignment:
+  Enabled: True
+
+Lint/DefEndAlignment:
+  Enabled: True
+
+Lint/EndAlignment:
+  Enabled: True
+
+Lint/DeprecatedClassMethods:
+  Enabled: True
+
+Lint/Loop:
+  Enabled: True
+
+Lint/ParenthesesAsGroupedExpression:
+  Enabled: True
+
+Lint/RescueException:
+  Enabled: True
+
+Lint/StringConversionInInterpolation:
+  Enabled: True
+
+Lint/UnusedBlockArgument:
+  Enabled: True
+
+Lint/UnusedMethodArgument:
+  Enabled: True
+
+Lint/UselessAccessModifier:
+  Enabled: True
+
+Lint/UselessAssignment:
+  Enabled: True
+
+Lint/Void:
+  Enabled: True
+
+Layout/AccessModifierIndentation:
+  Enabled: True
+
+Naming/AccessorMethodName:
+  Enabled: True
+
+Style/Alias:
+  Enabled: True
+
+Layout/AlignArray:
+  Enabled: True
+
+Layout/AlignHash:
+  Enabled: True
+
+Layout/AlignParameters:
+  Enabled: True
+
+Metrics/BlockNesting:
+  Enabled: True
+
+Style/AsciiComments:
+  Enabled: True
+
+Style/Attr:
+  Enabled: True
+
+Style/BracesAroundHashParameters:
+  Enabled: True
+
+Style/CaseEquality:
+  Enabled: True
+
+Layout/CaseIndentation:
+  Enabled: True
+
+Style/CharacterLiteral:
+  Enabled: True
+
+Naming/ClassAndModuleCamelCase:
+  Enabled: True
+
+Style/ClassAndModuleChildren:
+  Enabled: False
+
+Style/ClassCheck:
+  Enabled: True
+
+# Class length is not necessarily an indicator of code quality
+Metrics/ClassLength:
+  Enabled: False
+
+Style/ClassMethods:
+  Enabled: True
+
+Style/ClassVars:
+  Enabled: True
+
+Style/WhenThen:
+  Enabled: True
+
+Style/WordArray:
+  Enabled: True
+
+Style/UnneededPercentQ:
+  Enabled: True
+
+Layout/Tab:
+  Enabled: True
+
+Layout/SpaceBeforeSemicolon:
+  Enabled: True
+
+Layout/TrailingBlankLines:
+  Enabled: True
+
+Layout/SpaceInsideBlockBraces:
+  Enabled: True
+
+Layout/SpaceInsideBrackets:
+  Enabled: True
+
+Layout/SpaceInsideHashLiteralBraces:
+  Enabled: True
+
+Layout/SpaceInsideParens:
+  Enabled: True
+
+Layout/LeadingCommentSpace:
+  Enabled: True
+
+Layout/SpaceBeforeFirstArg:
+  Enabled: True
+
+Layout/SpaceAfterColon:
+  Enabled: True
+
+Layout/SpaceAfterComma:
+  Enabled: True
+
+Layout/SpaceAfterMethodName:
+  Enabled: True
+
+Layout/SpaceAfterNot:
+  Enabled: True
+
+Layout/SpaceAfterSemicolon:
+  Enabled: True
+
+Layout/SpaceAroundEqualsInParameterDefault:
+  Enabled: True
+
+Layout/SpaceAroundOperators:
+  Enabled: True
+
+Layout/SpaceBeforeBlockBraces:
+  Enabled: True
+
+Layout/SpaceBeforeComma:
+  Enabled: True
+
+Style/CollectionMethods:
+  Enabled: True
+
+Layout/CommentIndentation:
+  Enabled: True
+
+Style/ColonMethodCall:
+  Enabled: True
+
+Style/CommentAnnotation:
+  Enabled: True
+
+# 'Complexity' is very relative
+Metrics/CyclomaticComplexity:
+  Enabled: False
+
+Naming/ConstantName:
+  Enabled: True
+
+Style/Documentation:
+  Enabled: False
+
+Style/DefWithParentheses:
+  Enabled: True
+
+Style/PreferredHashMethods:
+  Enabled: True
+
+Layout/DotPosition:
+  EnforcedStyle: trailing
+
+Style/DoubleNegation:
+  Enabled: True
+
+Style/EachWithObject:
+  Enabled: True
+
+Layout/EmptyLineBetweenDefs:
+  Enabled: True
+
+Layout/IndentArray:
+  Enabled: True
+
+Layout/IndentHash:
+  Enabled: True
+
+Layout/IndentationConsistency:
+  Enabled: True
+
+Layout/IndentationWidth:
+  Enabled: True
+
+Layout/EmptyLines:
+  Enabled: True
+
+Layout/EmptyLinesAroundAccessModifier:
+  Enabled: True
+
+Style/EmptyLiteral:
+  Enabled: True
+
+# Configuration parameters: AllowURI, URISchemes.
+Metrics/LineLength:
+  Enabled: False
+
+Style/MethodCallWithoutArgsParentheses:
+  Enabled: True
+
+Style/MethodDefParentheses:
+  Enabled: True
+
+Style/LineEndConcatenation:
+  Enabled: True
+
+Layout/TrailingWhitespace:
+  Enabled: True
+
+Style/StringLiterals:
+  Enabled: True
+
+Style/TrailingCommaInArguments:
+  Enabled: True
+
+Style/TrailingCommaInLiteral:
+  Enabled: True
+
+Style/GlobalVars:
+  Enabled: True
+
+Style/GuardClause:
+  Enabled: True
+
+Style/IfUnlessModifier:
+  Enabled: True
+
+Style/MultilineIfThen:
+  Enabled: True
+
+Style/NegatedIf:
+  Enabled: True
+
+Style/NegatedWhile:
+  Enabled: True
+
+Style/Next:
+  Enabled: True
+
+Style/SingleLineBlockParams:
+  Enabled: True
+
+Style/SingleLineMethods:
+  Enabled: True
+
+Style/SpecialGlobalVars:
+  Enabled: True
+
+Style/TrivialAccessors:
+  Enabled: True
+
+Style/UnlessElse:
+  Enabled: True
+
+Style/VariableInterpolation:
+  Enabled: True
+
+Naming/VariableName:
+  Enabled: True
+
+Style/WhileUntilDo:
+  Enabled: True
+
+Style/EvenOdd:
+  Enabled: True
+
+Naming/FileName:
+  Enabled: True
+
+Style/For:
+  Enabled: True
+
+Style/Lambda:
+  Enabled: True
+
+Naming/MethodName:
+  Enabled: True
+
+Style/MultilineTernaryOperator:
+  Enabled: True
+
+Style/NestedTernaryOperator:
+  Enabled: True
+
+Style/NilComparison:
+  Enabled: True
+
+Style/FormatString:
+  Enabled: True
+
+Style/MultilineBlockChain:
+  Enabled: True
+
+Style/Semicolon:
+  Enabled: True
+
+Style/SignalException:
+  Enabled: True
+
+Style/NonNilCheck:
+  Enabled: True
+
+Style/Not:
+  Enabled: True
+
+Style/NumericLiterals:
+  Enabled: True
+
+Style/OneLineConditional:
+  Enabled: True
+
+Naming/BinaryOperatorParameterName:
+  Enabled: True
+
+Style/ParenthesesAroundCondition:
+  Enabled: True
+
+Style/PercentLiteralDelimiters:
+  Enabled: True
+
+Style/PerlBackrefs:
+  Enabled: True
+
+Naming/PredicateName:
+  Enabled: True
+
+Style/RedundantException:
+  Enabled: True
+
+Style/SelfAssignment:
+  Enabled: True
+
+Style/Proc:
+  Enabled: True
+
+Style/RaiseArgs:
+  Enabled: True
+
+Style/RedundantBegin:
+  Enabled: True
+
+Style/RescueModifier:
+  Enabled: True
+
+# based on https://github.com/voxpupuli/modulesync_config/issues/168
+Style/RegexpLiteral:
+  EnforcedStyle: percent_r
+  Enabled: True
+
+Lint/UnderscorePrefixedVariableName:
+  Enabled: True
+
+Metrics/ParameterLists:
+  Enabled: False
+
+Lint/RequireParentheses:
+  Enabled: True
+
+Style/ModuleFunction:
+  Enabled: True
+
+Lint/Debugger:
+  Enabled: True
+
+Style/IfWithSemicolon:
+  Enabled: True
+
+Style/Encoding:
+  Enabled: True
+
+Style/BlockDelimiters:
+  Enabled: True
+
+Layout/MultilineBlockLayout:
+  Enabled: True
+
+# 'Complexity' is very relative
+Metrics/AbcSize:
+  Enabled: False
+
+# 'Complexity' is very relative
+Metrics/PerceivedComplexity:
+  Enabled: False
+
+Lint/UselessAssignment:
+  Enabled: True
+
+Layout/ClosingParenthesisIndentation:
+  Enabled: True

data/.travis.yml

@@ -0,0 +1,27 @@
+---
+sudo: false
+language: ruby
+cache: bundler
+dist: trusty
+script: 'bundle exec rake test'
+rvm:
+  - 2.4.6
+notifications:
+  email: false
+  irc:
+    on_success: always
+    on_failure: always
+    channels:
+      - "chat.freenode.org#voxpupuli-notifications"
+branches:
+  only:
+    - master
+    - /^v\d/
+deploy:
+  provider: rubygems
+  api_key:
+    secure: 'kGpuGiJSgWXwKoLXXCy7JPBEbDhumaLxQiAn7H74tAN5qYZHE9kVP1aIOet1z5utLLKSu+97ZxH0s/ZL9DoSk/S2ENapIsnsZBPu+nnaN9xW/zWsF/h1xVxbaPhE5QJOqNH8fbIq4HwNoEAgzf/uPK29e75qgChNZyDaaQRTLF1ZFdyLvryEAq9ezEV0GVvIYG4pLxykimKIaR6DOv/4YhtpoFOPADlEIv38r4gqfnPEZm7gXq3yoSLGxDmKzs0NvzAlL2OKwurVArAt042G/y5ZtSe1hP+oJGKFZ/fcL4rcMcU3YTl9sgb12R9q2iCC1MPftZLv4qIC8NrcDUkQ/IxEFMzaJs6KQNIHiFYClS1HL9zYlRH/Aek6wq+N2J2e7SCRvf9TAQb1BmV6vNsDcnAfVaUw6On6E0BIM8boUow1e4sTYSX2bdqO2tWq6PN/eWAXsTfCGNNyec9zPEXDOeiWnQ/x21AcPV7X0ESNhjNQQmmsq/owuBrlrpei9r6moY3IoMCt3JRdzyaMfFia6KuZqvQamd29rK0tqxY/PiCy+QtkxAnH7yAgDCykCGagUn7NrJdmTdc4MXvfJIi3EF2laiQebOn9V85WKIWmjwZkjgBnGWGFHEf9Df8WHyAElp9cghmXZSI/ZeaM6lhn/AnSrdOfyTuSaUQwkCSRAG8='
+  gem: hiera-eyaml-gpg
+  on:
+    tags: true
+    repo: voxpupuli/hiera-eyaml-gpg

data/CHANGELOG.md

@@ -0,0 +1,88 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+## [v0.7.1](https://github.com/voxpupuli/hiera-eyaml-gpg/tree/v0.7.1) (2019-04-24)
+
+[Full Changelog](https://github.com/voxpupuli/hiera-eyaml-gpg/compare/v0.7.0...v0.7.1)
+
+**Merged pull requests:**
+
+- Use correct travis-ci.com secret [\#61](https://github.com/voxpupuli/hiera-eyaml-gpg/pull/61) ([alexjfisher](https://github.com/alexjfisher))
+
+## [v0.7.0](https://github.com/voxpupuli/hiera-eyaml-gpg/tree/v0.7.0) (2019-04-24)
+
+[Full Changelog](https://github.com/voxpupuli/hiera-eyaml-gpg/compare/vp_migration...v0.7.0)
+
+This is the first release of `hiera-eyaml-gpg` since the project was migrated to [Vox Pupuli](https://voxpupuli.org/).  We're pleased to announce that this project should now work with Puppet 6 (jruby 9k puppetserver).  Special thanks to [seanmil](https://github.com/seanmil) for his work on this.
+
+From this point onwards, all releases made to rubygems will have corresponding tags in the github project and a changelog will be maintained with [GitHub Changelog Generator](https://github.com/github-changelog-generator/github-changelog-generator).  The project will use [semantic versioning](https://semver.org/).
+
+**Implemented enhancements:**
+
+- Expose plugin version [\#58](https://github.com/voxpupuli/hiera-eyaml-gpg/pull/58) ([alexjfisher](https://github.com/alexjfisher))
+- Use Puppet::Util::Execution for RubyGpg [\#48](https://github.com/voxpupuli/hiera-eyaml-gpg/pull/48) ([seanmil](https://github.com/seanmil))
+- Allow gnupghome to be set from an environment variable [\#46](https://github.com/voxpupuli/hiera-eyaml-gpg/pull/46) ([seanmil](https://github.com/seanmil))
+
+**Fixed bugs:**
+
+- blank lines in a recipients file results in the first key in the being used to encrypt the secrets [\#37](https://github.com/voxpupuli/hiera-eyaml-gpg/issues/37)
+- Fix `uninitialized constant Puppet \(NameError\)` [\#55](https://github.com/voxpupuli/hiera-eyaml-gpg/pull/55) ([alexjfisher](https://github.com/alexjfisher))
+- Make the list of keys to encrypt with accurate [\#38](https://github.com/voxpupuli/hiera-eyaml-gpg/pull/38) ([grahamhar](https://github.com/grahamhar))
+
+**Merged pull requests:**
+
+- Refactoring and fixing of remaining rubocop violations [\#57](https://github.com/voxpupuli/hiera-eyaml-gpg/pull/57) ([alexjfisher](https://github.com/alexjfisher))
+- Fix `\<module:Encryptors\>: Gpg is not a class \(TypeError\)` [\#56](https://github.com/voxpupuli/hiera-eyaml-gpg/pull/56) ([alexjfisher](https://github.com/alexjfisher))
+- Document installation of gems on puppetserver [\#53](https://github.com/voxpupuli/hiera-eyaml-gpg/pull/53) ([ghoneycutt](https://github.com/ghoneycutt))
+- Document usage with Hiera 5 [\#51](https://github.com/voxpupuli/hiera-eyaml-gpg/pull/51) ([ghoneycutt](https://github.com/ghoneycutt))
+- Document which versions of Puppet this should work with [\#50](https://github.com/voxpupuli/hiera-eyaml-gpg/pull/50) ([ghoneycutt](https://github.com/ghoneycutt))
+
+## v0.6 (2015-09-10)
+
+**Implemented enhancements:**
+
+- Improve GPG home handling [\#30](https://github.com/voxpupuli/hiera-eyaml-gpg/pull/30) ([sihil](https://github.com/sihil))
+- Add support for comments in hiera-eyaml-gpg.recipients file [\#29](https://github.com/voxpupuli/hiera-eyaml-gpg/pull/29) ([tampakrap](https://github.com/tampakrap))
+
+**Fixed bugs:**
+
+- Add missing curly brace. [\#31](https://github.com/voxpupuli/hiera-eyaml-gpg/pull/31) ([danny-cheung](https://github.com/danny-cheung))
+
+## v0.5 (2015-03-21)
+
+**Implemented enhancements:**
+
+- Adapt code for Puppetserver [\#24](https://github.com/voxpupuli/hiera-eyaml-gpg/pull/24) ([raphink](https://github.com/raphink))
+- Set GPG home directory without an environment variable [\#19](https://github.com/voxpupuli/hiera-eyaml-gpg/pull/19) ([mattbostock](https://github.com/mattbostock))
+
+**Closed issues:**
+
+- Support for puppetserver \(jruby\) [\#23](https://github.com/voxpupuli/hiera-eyaml-gpg/issues/23)
+
+## [v0.4](https://github.com/voxpupuli/hiera-eyaml-gpg/tree/v0.4) (2013-11-26)
+
+[Full Changelog](https://github.com/voxpupuli/hiera-eyaml-gpg/compare/v0.3...v0.4)
+
+**Closed issues:**
+
+- Encryption should fail if don't have hiera-gpg key on my keyring [\#7](https://github.com/voxpupuli/hiera-eyaml-gpg/issues/7)
+
+**Merged pull requests:**
+
+- \[FIX\] keys map not being set correctly [\#9](https://github.com/voxpupuli/hiera-eyaml-gpg/pull/9) ([rooprob](https://github.com/rooprob))
+
+## [v0.3](https://github.com/voxpupuli/hiera-eyaml-gpg/tree/v0.3) (2013-11-22)
+
+[Full Changelog](https://github.com/voxpupuli/hiera-eyaml-gpg/compare/709b12bcd637a18672847946c410701d32096e0c...v0.3)
+
+**Implemented enhancements:**
+
+- Use gpg-agent when using the edit option [\#2](https://github.com/voxpupuli/hiera-eyaml-gpg/issues/2)
+
+**Merged pull requests:**
+
+- Fix typo. [\#5](https://github.com/voxpupuli/hiera-eyaml-gpg/pull/5) ([javins](https://github.com/javins))
+
+
+\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*

data/Gemfile

@@ -1,7 +1,8 @@
-source 'https://rubygems.org/'
+source ENV['GEM_SOURCE'] || 'https://rubygems.org'
 
-gem 'hiera-eyaml', ">=1.3.8"
+gemspec
 
 group :development do
-  gem "aruba"
+  gem 'github_changelog_generator', require: false, git: 'https://github.com/github-changelog-generator/github-changelog-generator'
+  gem 'rubocop', '~> 0.50.0'
 end

data/HISTORY.md

@@ -0,0 +1,45 @@
+## v0.6 (2015-09-10)
+
+**Implemented enhancements:**
+
+- Improve GPG home handling [\#30](https://github.com/voxpupuli/hiera-eyaml-gpg/pull/30) ([sihil](https://github.com/sihil))
+- Add support for comments in hiera-eyaml-gpg.recipients file [\#29](https://github.com/voxpupuli/hiera-eyaml-gpg/pull/29) ([tampakrap](https://github.com/tampakrap))
+
+**Fixed bugs:**
+
+- Add missing curly brace. [\#31](https://github.com/voxpupuli/hiera-eyaml-gpg/pull/31) ([danny-cheung](https://github.com/danny-cheung))
+
+## v0.5 (2015-03-21)
+
+**Implemented enhancements:**
+
+- Adapt code for Puppetserver [\#24](https://github.com/voxpupuli/hiera-eyaml-gpg/pull/24) ([raphink](https://github.com/raphink))
+- Set GPG home directory without an environment variable [\#19](https://github.com/voxpupuli/hiera-eyaml-gpg/pull/19) ([mattbostock](https://github.com/mattbostock))
+
+**Closed issues:**
+
+- Support for puppetserver \(jruby\) [\#23](https://github.com/voxpupuli/hiera-eyaml-gpg/issues/23)
+
+## [v0.4](https://github.com/voxpupuli/hiera-eyaml-gpg/tree/v0.4) (2013-11-26)
+
+[Full Changelog](https://github.com/voxpupuli/hiera-eyaml-gpg/compare/v0.3...v0.4)
+
+**Closed issues:**
+
+- Encryption should fail if don't have hiera-gpg key on my keyring [\#7](https://github.com/voxpupuli/hiera-eyaml-gpg/issues/7)
+
+**Merged pull requests:**
+
+- \[FIX\] keys map not being set correctly [\#9](https://github.com/voxpupuli/hiera-eyaml-gpg/pull/9) ([rooprob](https://github.com/rooprob))
+
+## [v0.3](https://github.com/voxpupuli/hiera-eyaml-gpg/tree/v0.3) (2013-11-22)
+
+[Full Changelog](https://github.com/voxpupuli/hiera-eyaml-gpg/compare/709b12bcd637a18672847946c410701d32096e0c...v0.3)
+
+**Implemented enhancements:**
+
+- Use gpg-agent when using the edit option [\#2](https://github.com/voxpupuli/hiera-eyaml-gpg/issues/2)
+
+**Merged pull requests:**
+
+- Fix typo. [\#5](https://github.com/voxpupuli/hiera-eyaml-gpg/pull/5) ([javins](https://github.com/javins))

data/README.md

@@ -1,7 +1,10 @@
 hiera-eyaml-gpg
 ===============
 
-GPG encryption backend for the [hiera-eyaml](https://github.com/TomPoulton/hiera-eyaml) module.
+[![Gem Version](https://img.shields.io/gem/v/hiera-eyaml-gpg.svg)](https://rubygems.org/gems/hiera-eyaml-gpg)
+[![Gem Downloads](https://img.shields.io/gem/dt/hiera-eyaml-gpg.svg)](https://rubygems.org/gems/hiera-eyaml-gpg)
+
+GPG encryption backend for the [hiera-eyaml](https://github.com/voxpupuli/hiera-eyaml) module.
 
 Motivation
 ----------
@@ -37,11 +40,26 @@ Note: you will need to use `ruby_gpg` with the Puppet server as it uses JRuby wh
 make use of native extensions such as `gpgme`.
 
 If you haven't already installed it, this requires and will install the hiera-eyaml gem, which you
-should probably acquint yourself with at https://github.com/TomPoulton/hiera-eyaml.
+should probably acquaint yourself with at https://github.com/TomPoulton/hiera-eyaml.
 
 Note that in order to install the gpgme gem you'll need to have the ruby development package installed
 for your distribution.
 
+For use on puppetserver
+---
+
+As root
+
+```sh
+/opt/puppetlabs/puppet/bin/gem install hiera-eyaml-gpg ruby_gpg
+/opt/puppetlabs/server/bin/puppetserver gem install hiera-eyaml-gpg ruby_gpg
+```
+
+Puppet versions
+---------------
+
+This project supports Puppet 5.5.8 and later.
+
 How to use
 ----------
 
@@ -68,16 +86,52 @@ Use `eyaml --help` for more details or look at the hiera-eyaml docs.
 
 ### Configuring hiera
 
-Assuming you have a working `hiera` and `hiera-eyaml` then the only option you need to add is to
-configure `:gpg_gnupghome:` in your hiera.yaml (under the `:eyaml:` section). This should be the
-directory that contains the keyring etc for the user that can to decrypt the hiera data. Please note
-that the private GPG key must not have a passphrase.
+This assumes you have a working `hiera` and `hiera-eyaml`. Please note that the private GPG key must not
+have a passphrase.
+
+Each level of the hierarchy must specify the `gpg_gnupghome` option with the path to the keyring as well
+as specifying `lookup_key` with the value `eyaml_lookup_key`. The following example shows a simple hierarchy.
+
+```yaml
+---
+version: 5
+defaults:
+hierarchy:
+  - name: "Per-node data (yaml version)"
+    lookup_key: eyaml_lookup_key
+    options:
+      gpg_gnupghome: /opt/puppetlabs/server/data/puppetserver/.gnupg
+    path: "nodes/%{::trusted.certname}.yaml"
+  - name: "Role data"
+    lookup_key: eyaml_lookup_key
+    options:
+      gpg_gnupghome: /opt/puppetlabs/server/data/puppetserver/.gnupg
+    paths:
+      - "role/%{facts.role}.yaml"
+  - name: "Per platform data"
+    lookup_key: eyaml_lookup_key
+    options:
+      gpg_gnupghome: /opt/puppetlabs/server/data/puppetserver/.gnupg
+    paths:
+      - "kernel/%{::kernel}.yaml"
+      - "osfamily/%{::osfamily}.yaml"
+      - "osfamily/%{::osfamily}-%{::operatingsystemmajrelease}.yaml"
+  - name: "Default"
+    lookup_key: eyaml_lookup_key
+    options:
+      gpg_gnupghome: /opt/puppetlabs/server/data/puppetserver/.gnupg
+    paths:
+      - "common.yaml"
+```
+
+For command line uses such as `puppet lookup` where the `gpg_gnupghome` setting in the `hiera.yaml`
+configuration does not match a directory the user has access to, you can override the `gpg_gnupghome`
+setting by setting the path in the environment variable `HIERA_EYAML_GPG_GNUPGHOME` and, if set, that
+will be used instead of `gpg_gnupghome`.
+
+    $ HIERA_EYAML_GPG_GNUPGHOME=~/.gnupg puppet lookup my_key
 
 Authors
 -------
 
- - Simon Hildrew - Initial code
- - Geoff Meakins - Created hiera-eyaml plugin framework that made this possible
-
-### Contributors
- - Walt Javins - Bug fixes
+Thanks to Simon Hildrew for the inital code. Other contributors can be seen at [https://github.com/voxpupuli/hiera-eyaml-gpg/graphs/contributors](https://github.com/voxpupuli/hiera-eyaml-gpg/graphs/contributors)

data/Rakefile

@@ -1 +1,20 @@
-require "bundler/gem_tasks"
+require 'bundler/gem_tasks'
+require 'rubocop/rake_task'
+require 'github_changelog_generator/task'
+
+desc 'Run RuboCop on the lib directory'
+RuboCop::RakeTask.new(:rubocop) do |task|
+  task.patterns = ['lib/**/*.rb']
+end
+
+task test: %w[clean rubocop]
+
+GitHubChangelogGenerator::RakeTask.new :changelog do |config|
+  version = Hiera::Backend::Eyaml::Encryptors::GpgVersion::VERSION
+  config.future_release = "v#{version}" if version =~ %r{^\d+\.\d+.\d+$}
+  config.header = "# Changelog\n\nAll notable changes to this project will be documented in this file."
+  config.exclude_labels = %w[duplicate question invalid wontfix wont-fix skip-changelog]
+  config.user = 'voxpupuli'
+  config.project = 'hiera-eyaml-gpg'
+  config.since_tag = 'vp_migration'
+end

data/hiera-eyaml-gpg.gemspec

@@ -1,21 +1,21 @@
-# -*- encoding: utf-8 -*-
 lib = File.expand_path('../lib', __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'hiera/backend/eyaml/encryptors/gpg/version'
 
 Gem::Specification.new do |gem|
-  gem.name          = "hiera-eyaml-gpg"
-  gem.version       = Hiera::Backend::Eyaml::Encryptors::Gpg::VERSION
-  gem.description   = "GPG encryptor for use with hiera-eyaml"
-  gem.summary       = "Encryption plugin for hiera-eyaml backend for Hiera"
-  gem.author        = "Simon Hildrew"
-  gem.license       = "MIT"
+  gem.name          = 'hiera-eyaml-gpg'
+  gem.version       = Hiera::Backend::Eyaml::Encryptors::GpgVersion::VERSION
+  gem.description   = 'GPG encryptor for use with hiera-eyaml'
+  gem.summary       = 'Encryption plugin for hiera-eyaml backend for Hiera'
+  gem.author        = 'Simon Hildrew'
+  gem.license       = 'MIT'
 
-  gem.homepage      = "http://github.com/sihil/hiera-eyaml-gpg"
-  gem.files         = `git ls-files`.split($/)
-  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.homepage      = 'http://github.com/sihil/hiera-eyaml-gpg'
+  gem.files         = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
+  gem.executables   = gem.files.grep(%r{^bin/}).map { |f| File.basename(f) }
   gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
-  gem.require_paths = ["lib"]
+  gem.require_paths = ['lib']
 
   gem.add_dependency('hiera-eyaml', '>=1.3.8')
+  gem.add_dependency('puppet', '>=5.5.8')
 end

data/lib/hiera/backend/eyaml/encryptors/gpg.rb

@@ -4,8 +4,9 @@ rescue LoadError
   begin
     require 'ruby_gpg'
   rescue LoadError
-    fail "hiera-eyaml-gpg requires either the 'gpgme' or 'ruby_gpg' gem"
+    raise "hiera-eyaml-gpg requires either the 'gpgme' or 'ruby_gpg' gem"
   end
+  require 'hiera/backend/eyaml/encryptors/gpg/puppet_gpg'
 end
 
 require 'base64'
@@ -18,51 +19,52 @@ class Hiera
   module Backend
     module Eyaml
       module Encryptors
-
         class Gpg < Encryptor
-
-          self.tag = "GPG"
+          VERSION = Hiera::Backend::Eyaml::Encryptors::GpgVersion::VERSION
+          self.tag = 'GPG'
 
           self.options = {
-            :gnupghome => { :desc => "Location of your GNUPGHOME directory",
-                            :type => :string,
-                            :default => "#{["HOME", "HOMEPATH"].reject { |h| ENV[h].nil? }.map { |h| ENV[h]+"/.gnupg" }.first || ""}"},
-            :always_trust => { :desc => "Assume that used keys are fully trusted",
-                               :type => :boolean,
-                               :default => false },
-            :recipients => { :desc => "List of recipients (comma separated)",
-                             :type => :string },
-            :recipients_file => { :desc => "File containing a list of recipients (one on each line)",
-                             :type => :string }
+            gnupghome: { desc: 'Location of your GNUPGHOME directory',
+                         type: :string,
+                         default: (%w[HOME HOMEPATH].reject { |h| ENV[h].nil? }.map { |h| ENV[h] + '/.gnupg' }.first || '').to_s },
+            always_trust: { desc: 'Assume that used keys are fully trusted',
+                            type: :boolean,
+                            default: false },
+            recipients: { desc: 'List of recipients (comma separated)',
+                          type: :string },
+            recipients_file: { desc: 'File containing a list of recipients (one on each line)',
+                               type: :string }
           }
 
-          @@passphrase_cache = Hash.new
+          @passphrase_cache = {}
 
-          def self.passfunc(hook, uid_hint, passphrase_info, prev_was_bad, fd)
-            begin
-                system('stty -echo')
+          def self.passfunc(_hook, uid_hint, _passphrase_info, _prev_was_bad, fd)
+            system('stty -echo')
 
-                unless @@passphrase_cache.has_key?(uid_hint)
-                  @@passphrase_cache[uid_hint] = ask("Enter passphrase for #{uid_hint}: ") { |q| q.echo = '' }
-                  $stderr.puts
-                end
-                passphrase = @@passphrase_cache[uid_hint]
-
-                io = IO.for_fd(fd, 'w')
-                io.puts(passphrase)
-                io.flush
-              ensure
-                (0 ... $_.length).each do |i| $_[i] = ?0 end if $_
-                  system('stty echo')
-              end
+            unless @passphrase_cache.key?(uid_hint)
+              @passphrase_cache[uid_hint] = ask("Enter passphrase for #{uid_hint}: ") { |q| q.echo = '' }
+              $stderr.puts
+            end
+            passphrase = @passphrase_cache[uid_hint]
+
+            io = IO.for_fd(fd, 'w')
+            io.puts(passphrase)
+            io.flush
+          ensure
+            (0...$LAST_READ_LINE.length).each { |i| $LAST_READ_LINE[i] = '0' } if $LAST_READ_LINE
+            system('stty echo')
           end
 
           def self.gnupghome
-            gnupghome = self.option :gnupghome
+            gnupghome = if ENV['HIERA_EYAML_GPG_GNUPGHOME'].nil?
+                          option :gnupghome
+                        else
+                          ENV['HIERA_EYAML_GPG_GNUPGHOME']
+                        end
             debug("GNUPGHOME is #{gnupghome}")
             if gnupghome.nil? || gnupghome.empty?
-              warn("No GPG home directory configured, check gpg_gnupghome configuration value is correct")
-              raise ArgumentError, "No GPG home directory configured, check gpg_gnupghome configuration value is correct"
+              warn('No GPG home directory configured, check gpg_gnupghome configuration value is correct')
+              raise ArgumentError, 'No GPG home directory configured, check gpg_gnupghome configuration value is correct'
             elsif !File.directory?(gnupghome)
               warn("Configured GPG home directory #{gnupghome} doesn't exist, check gpg_gnupghome configuration value is correct")
               raise ArgumentError, "Configured GPG home directory #{gnupghome} doesn't exist, check gpg_gnupghome configuration value is correct"
@@ -71,76 +73,30 @@ class Hiera
             end
           end
 
-          def self.find_recipients
-            recipient_option = self.option :recipients
-            recipients = if !recipient_option.nil?
-              debug("Using --recipients option")
-              recipient_option.split(",")
-            else
-              recipient_file_option = self.option :recipients_file
-              recipient_file = if !recipient_file_option.nil?
-                debug("Using --recipients-file option")
-                Pathname.new(recipient_file_option)
-              else
-                debug("Searching for any hiera-eyaml-gpg.recipients files in path")
-                # if we are editing a file, look for a hiera-eyaml-gpg.recipients file
-                filename = case Eyaml::Options[:source]
-                when :file
-                  Eyaml::Options[:file]
-                when :eyaml
-                  Eyaml::Options[:eyaml]
-                else
-                  nil
-                end
-
-                if filename.nil?
-                  nil
-                else
-                  path = Pathname.new(filename).realpath.dirname
-                  selected_file = nil
-                  path.descend{|path| path
-                    potential_file = path.join('hiera-eyaml-gpg.recipients')
-                    selected_file = potential_file if potential_file.exist?
-                  }
-                  debug("Using file at #{selected_file}")
-                  selected_file
-                end
-              end
-
-              unless recipient_file.nil?
-                recipient_file.readlines.map{ |line|
-                  line.strip unless line.start_with? '#' or line.strip.empty?
-                }.compact
-              else
-                []
-              end
-            end
-          end
-
-          def self.encrypt plaintext
+          def self.encrypt(plaintext)
             unless defined?(GPGME)
               raise RecoverableError, "Encryption is only supported when using the 'gpgme' gem"
             end
 
-            GPGME::Engine.home_dir = self.gnupghome
+            GPGME::Engine.home_dir = gnupghome
 
             ctx = GPGME::Ctx.new
 
-            recipients = self.find_recipients
+            recipients = find_recipients
             debug("Recipents are #{recipients}")
 
             raise RecoverableError, 'No recipients provided, don\'t know who to encrypt to' if recipients.empty?
 
-            keys = recipients.map {|r|
+            keys = recipients.map do |r|
               key_to_use = ctx.keys(r).first
               if key_to_use.nil?
                 raise RecoverableError, "No key found on keyring for #{r}"
               end
               key_to_use
-            }
+            end
             debug("Keys: #{keys}")
 
-            always_trust = self.option(:always_trust)
+            always_trust = option(:always_trust)
             unless always_trust
               # check validity of recipients (this is possibly naive, but better than the unhelpful
               # error that it would spit out otherwise)
@@ -152,28 +108,29 @@ class Hiera
             end
 
             data = GPGME::Data.from_str(plaintext)
-            crypto = GPGME::Crypto.new(:always_trust => always_trust)
+            crypto = GPGME::Crypto.new(always_trust: always_trust)
 
-            ciphertext = crypto.encrypt(data, :recipients => keys)
+            ciphertext = crypto.encrypt(data, recipients: keys)
             ciphertext.seek 0
             ciphertext.read
           end
 
-          def self.decrypt ciphertext
+          def self.decrypt(ciphertext)
             gnupghome = self.gnupghome
 
             unless defined?(GPGME)
-              RubyGpg.config.homedir = gnupghome if gnupghome
-              return RubyGpg.decrypt_string(ciphertext)
+              gpg = Hiera::Backend::Eyaml::GpgPuppetserver
+              gpg.config.homedir = gnupghome if gnupghome
+              return gpg.decrypt_string(ciphertext)
             end
 
             GPGME::Engine.home_dir = gnupghome
 
             ctx = if hiera?
-              GPGME::Ctx.new
-            else
-              GPGME::Ctx.new(:passphrase_callback => method(:passfunc))
-            end
+                    GPGME::Ctx.new
+                  else
+                    GPGME::Ctx.new(passphrase_callback: method(:passfunc))
+                  end
 
             if !ctx.keys.empty?
               raw = GPGME::Data.new(ciphertext)
@@ -182,10 +139,10 @@ class Hiera
               begin
                 txt = ctx.decrypt(raw)
               rescue GPGME::Error::DecryptFailed => e
-                warn("Fatal: Failed to decrypt ciphertext (check settings and that you are a recipient)")
+                warn('Fatal: Failed to decrypt ciphertext (check settings and that you are a recipient)')
                 raise e
-              rescue Exception => e
-                warn("Warning: General exception decrypting GPG file")
+              rescue StandardError => e
+                warn('Warning: General exception decrypting GPG file')
                 raise e
               end
 
@@ -198,11 +155,58 @@ class Hiera
           end
 
           def self.create_keys
-            STDERR.puts "The GPG encryptor does not support creation of keys, use the GPG command lines tools instead"
+            STDERR.puts 'The GPG encryptor does not support creation of keys, use the GPG command lines tools instead'
           end
 
-        end
+          class << self
+            private
+
+            def find_recipients
+              recipient_option = option :recipients
+
+              unless recipient_option.nil?
+                debug('Using --recipients option')
+                return recipient_option.split(',')
+              end
+
+              recipient_file_option = option :recipients_file
+              recipient_file = if recipient_file_option.nil?
+                                 debug('Searching for any hiera-eyaml-gpg.recipients files in path')
+                                 find_recipient_file
+                               else
+                                 debug('Using --recipients-file option')
+                                 Pathname.new(recipient_file_option)
+                               end
 
+              return [] if recipient_file.nil?
+
+              recipient_file.readlines.map do |line|
+                line.strip unless line.start_with?('#') || line.strip.empty?
+              end.compact
+            end
+
+            def find_recipient_file
+              # if we are editing a file, look for a hiera-eyaml-gpg.recipients file
+              filename = case Eyaml::Options[:source]
+                         when :file
+                           Eyaml::Options[:file]
+                         when :eyaml
+                           Eyaml::Options[:eyaml]
+                         end
+
+              return if filename.nil?
+
+              root = Pathname.new(filename).realpath.dirname
+              selected_file = nil
+              root.descend do |path|
+                potential_file = path.join('hiera-eyaml-gpg.recipients')
+                selected_file = potential_file if potential_file.exist?
+              end
+              debug("Using file at #{selected_file}")
+              selected_file
+            end
+          end
+        end
       end
     end
   end

data/lib/hiera/backend/eyaml/encryptors/gpg/eyaml_init.rb

@@ -1,3 +1,3 @@
 require 'hiera/backend/eyaml/encryptors/gpg'
 
-Hiera::Backend::Eyaml::Encryptors::Gpg.register
+Hiera::Backend::Eyaml::Encryptors::Gpg.register

data/lib/hiera/backend/eyaml/encryptors/gpg/puppet_gpg.rb

@@ -0,0 +1,30 @@
+require 'puppet'
+require 'puppet/util/execution'
+require 'puppet/file_system/uniquefile'
+
+class Hiera
+  module Backend
+    module Eyaml
+      module GpgPuppetserver
+        extend RubyGpg
+
+        def self.run_command(command, input = nil)
+          tmpfile = Puppet::FileSystem::Uniquefile.new('puppet-eyaml-hiera-gpg-input', modes: File::WRONLY | File::BINARY)
+          tmpfile.write(input)
+          tmpfile.close
+
+          real_command = "#{command} #{tmpfile.path}"
+
+          output = Puppet::Util::Execution.execute(real_command)
+          tmpfile.unlink
+
+          if output.exitstatus != 0
+            raise "GPG command (#{real_command}) failed with status #{output.exitstatus}: '#{output}'"
+          end
+
+          output
+        end
+      end
+    end
+  end
+end

data/lib/hiera/backend/eyaml/encryptors/gpg/version.rb

@@ -2,8 +2,8 @@ class Hiera
   module Backend
     module Eyaml
       module Encryptors
-        module Gpg
-          VERSION = "0.7.rc1"
+        module GpgVersion
+          VERSION = '0.7.1'.freeze
         end
       end
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: hiera-eyaml-gpg
 version: !ruby/object:Gem::Version
-  version: 0.7.rc1
+  version: 0.7.1
 platform: ruby
 authors:
 - Simon Hildrew
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-03-01 00:00:00.000000000 Z
+date: 2019-04-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: hiera-eyaml
@@ -24,6 +24,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 1.3.8
+- !ruby/object:Gem::Dependency
+  name: puppet
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 5.5.8
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 5.5.8
 description: GPG encryptor for use with hiera-eyaml
 email: 
 executables: []
@@ -31,13 +45,18 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
+- ".rubocop.yml"
+- ".travis.yml"
+- CHANGELOG.md
 - Gemfile
+- HISTORY.md
 - LICENSE
 - README.md
 - Rakefile
 - hiera-eyaml-gpg.gemspec
 - lib/hiera/backend/eyaml/encryptors/gpg.rb
 - lib/hiera/backend/eyaml/encryptors/gpg/eyaml_init.rb
+- lib/hiera/backend/eyaml/encryptors/gpg/puppet_gpg.rb
 - lib/hiera/backend/eyaml/encryptors/gpg/version.rb
 - tools/regem.sh
 homepage: http://github.com/sihil/hiera-eyaml-gpg
@@ -55,12 +74,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.6.14.4
 signing_key: 
 specification_version: 4
 summary: Encryption plugin for hiera-eyaml backend for Hiera