hiera-eyaml 2.0.0 → 2.0.1

checksums.yaml

@@ -1,7 +1,7 @@
----
-SHA1:
-  metadata.gz: a8965f033228e9d0c47c6ec9e7b2a399b76ead46
-  data.tar.gz: 222599950c2668eb59e99f42ad0b19cf1693d0c1
-SHA512:
-  metadata.gz: 8ed7968fd5f5cb756bebcdcf82c8e3cc7c2284feb0e10d37e68e03f09daf1935f4fe71c48868b4119fe5b8240661a61c92f13f4bbc2066333508bef6b0b39621
-  data.tar.gz: a586ad0604541e2639c1e20f3fd1d72ac2099df0f57c962350536e43f0a97265456412a926651ca20592bbef1cd5a259488136ad12eaafe1de74924e1e2d6ec7
+--- 
+SHA1: 
+  metadata.gz: 848cae1bca737c5e047b25c5fc409f62e1d4df8d
+  data.tar.gz: 4c9fddfcdc14727770af712e2cbef650b1f1a0b4
+SHA512: 
+  metadata.gz: a982f17533e5edae37c2579b320b6e94eaf15d4523dfa21e23d8e7b540bd7b461a09bac16e43d863c9ffa576f90417303fae25bd3ef7e4fd4b401195ae72b50f
+  data.tar.gz: 2453d8553a3c731033161ce7c8181d210912e20095882e426ae6f5e3b47c6e720d2e8fa6a51f61857cd23dc9384019bf6cee71761547a4b5479268c7107e7298

data/.gitignore

@@ -6,3 +6,5 @@ pkg/
 tmp/
 .DS_Store
 .rvmrc
+.ruby-version
+.ruby-gemset

data/Gemfile.lock

@@ -19,9 +19,9 @@ GEM
     ffi (1.9.3)
     gherkin (2.12.2)
       multi_json (~> 1.3)
-    hiera (1.3.0)
+    hiera (1.2.1)
       json_pure
-    hiera-eyaml-plaintext (0.6)
+    hiera-eyaml-plaintext (0.5)
     highline (1.6.20)
     json_pure (1.8.1)
     multi_json (1.8.2)

data/README.md

@@ -233,6 +233,27 @@ things:
         - nested thing 2.1
 ```
 
+Configuration file for eyaml
+----------------------------
+
+Default parameters for the eyaml command line tool can be provided by creating a configuration YAML file.
+
+The location of the file defaults to `~/.eyaml/config.yaml` but can be overriden by setting `EYAML_CONFIG` environment variable.
+
+The file takes any long form argument that you can provide on the command line. For example, to override the pkcs7 keys:
+```yaml
+---
+pkcs7_private_key: '~/keys/eyaml/private_key.pkcs7.pem'
+pkcs7_public_key: '~/keys/eyaml/public_key.pkcs7.pem'
+```
+
+Or to override to use GPG by default:
+```yaml
+---
+encrypt_method: 'gpg'
+gpg_gnupghome: '~/alternative_gnupghome'
+gpg_recipients: 'sihil@example.com,gtmtech@example.com,tpoulton@example.com'
+```
 
 Pluggable Encryption
 --------------------

data/hiera-eyaml.gemspec

@@ -17,6 +17,7 @@ Gem::Specification.new do |gem|
   gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
   gem.require_paths = ["lib"]
 
-  gem.add_dependency('trollop', '>=2.0')
-  gem.add_dependency('highline', '>=1.6.19')
+  gem.add_dependency('hiera', '>= 1.2.1')
+  gem.add_dependency('trollop', '>= 2.0')
+  gem.add_dependency('highline', '>= 1.6.19')
 end

data/lib/hiera/backend/eyaml.rb

@@ -2,7 +2,7 @@ class Hiera
   module Backend
     module Eyaml
 
-      VERSION = "2.0.0"
+      VERSION = "2.0.1"
       DESCRIPTION = "Hiera-eyaml is a backend for Hiera which provides OpenSSL encryption/decryption for Hiera properties"
 
       class RecoverableError < StandardError
@@ -15,7 +15,7 @@ class Hiera
       def self.subcommand
         @@subcommand
       end
-      
+
       def self.default_encryption_scheme= new_encryption
         @@default_encryption_scheme = new_encryption
       end
@@ -41,7 +41,7 @@ class Hiera
       def self.subcommands
         @@subcommands
       end
-      
+
     end
   end
 end

data/lib/hiera/backend/eyaml/encryptors/pkcs7.rb

@@ -11,12 +11,15 @@ class Hiera
         class Pkcs7 < Encryptor
 
           self.options = {
-            :private_key => { :desc => "Private key directory", 
+            :private_key => { :desc => "Path to private key", 
                               :type => :string, 
                               :default => "./keys/private_key.pkcs7.pem" },
-            :public_key => { :desc => "Public key directory",  
+            :public_key => { :desc => "Path to public key",  
                              :type => :string, 
-                             :default => "./keys/public_key.pkcs7.pem" }
+                             :default => "./keys/public_key.pkcs7.pem" },
+            :subject => { :desc => "Subject to use for certificate when creating keys",
+                          :type => :string,
+                          :default => "/" },
           }
 
           self.tag = "PKCS7"
@@ -59,14 +62,15 @@ class Hiera
 
             public_key = self.option :public_key
             private_key = self.option :private_key
+            subject = self.option :subject
 
             key = OpenSSL::PKey::RSA.new(2048)
             Utils.ensure_key_dir_exists private_key
             Utils.write_important_file :filename => private_key, :content => key.to_pem, :mode => 0600
 
-            name = OpenSSL::X509::Name.parse("/")
             cert = OpenSSL::X509::Certificate.new()
-            cert.serial = 0
+            cert.subject = OpenSSL::X509::Name.parse(subject)
+            cert.serial = 1
             cert.version = 2
             cert.not_before = Time.now
             cert.not_after = if 1.size == 8       # 64bit

data/lib/hiera/backend/eyaml/options.rb

@@ -24,7 +24,7 @@ class Hiera
           Utils::debug "Dump of eyaml tool options dict:"
           Utils::debug "--------------------------------"
           @@options.each do |k, v|
-            Utils::debug sprintf "%18s %-18s = %-18s %-18s", "(#{k.class.name})", k.to_s, v.to_s, "(#{v.class.name})"
+            Utils::debug sprintf "%18s %-18s = %18s %-18s", "(#{k.class.name})", k.to_s, "(#{v.class.name})", v.to_s
           end
           Utils::debug "--------------------------------"
         end

data/lib/hiera/backend/eyaml/parser/encrypted_tokens.rb

@@ -113,7 +113,7 @@ class Hiera
 
         class DecStringTokenType < TokenType
           def initialize
-            @regex = /DEC(\(\d+\))?::(\w+)\[(.+?)\]\!/
+            @regex = /DEC(\(\d+\))?::(\w+)\[(.+?)\]\!/m
           end
           def create_token(string)
             md = @regex.match(string)

data/lib/hiera/backend/eyaml/subcommand.rb

@@ -1,4 +1,5 @@
 require 'base64'
+require 'yaml'
 # require 'hiera/backend/eyaml/subcommands/unknown_command'
 
 class Hiera
@@ -29,10 +30,32 @@ class Hiera
               :short       => 'h'}
           ]
         
+        def self.load_config_file
+          config_file=ENV['EYAML_CONFIG'] || "#{ENV['HOME']}/.eyaml/config.yaml"
+          begin
+            config = YAML.load_file(config_file)
+            Utils::info "Loaded config from #{config_file}"
+            config
+          rescue Errno::ENOENT, IndexError
+            {}
+          end
+        end
+
         def self.all_options 
           options = @@global_options.dup
           options += self.options if self.options
           options += Plugins.options
+          # merge in defaults from configuration file
+          config_file = self.load_config_file
+          options.map!{ | opt| 
+            key_name = "#{opt[:name]}"
+            if config_file.has_key? key_name
+              opt[:default] = config_file[key_name]
+              opt
+            else
+              opt
+            end
+          }
           options
         end
 

data/lib/hiera/backend/eyaml/utils.rb

@@ -140,7 +140,7 @@ class Hiera
           message = self.structure_message messageinfo
           message = "[#{message[:from]}] !!! #{message[:msg]}"
           if self.hiera?
-            Hiera.warn format_message msg
+            Hiera.warn message
           else
             STDERR.puts message
           end

data/lib/hiera/backend/eyaml_backend.rb

@@ -2,123 +2,134 @@ require 'hiera/backend/eyaml/encryptor'
 require 'hiera/backend/eyaml/utils'
 require 'hiera/backend/eyaml/options'
 require 'hiera/backend/eyaml/parser/parser'
+require 'hiera/filecache'
+
 require 'yaml'
 
 class Hiera
   module Backend
     class Eyaml_backend
 
-      def initialize
-        @extension = Config[:eyaml][:extension] ? Config[:eyaml][:extension] : "eyaml"
+      attr_reader :extension
+
+      def initialize(cache = nil)
+        debug("Hiera eYAML backend starting")
+
+        @cache     = cache || Filecache.new
+        @extension = Config[:eyaml][:extension] || "eyaml"
       end
 
       def lookup(key, scope, order_override, resolution_type)
-
-        debug("Lookup called for key #{key}")
         answer = nil
 
-        Backend.datasources(scope, order_override) do |source|
-          eyaml_file = Backend.datafile(:eyaml, scope, source, @extension) || next
+        parse_options(scope)
 
-          debug("Processing datasource: #{eyaml_file}")
+        debug("Looking up #{key} in eYAML backend")
 
-          data = YAML.load(File.read( eyaml_file ))
+        Backend.datasources(scope, order_override) do |source|
+          debug("Looking for data source #{source}")
+          eyaml_file = Backend.datafile(:eyaml, scope, source, extension) || next
 
-          next if data.nil? or data.empty?
-          debug ("Data contains valid YAML")
+          next unless File.exists?(eyaml_file)
 
-          next unless data.include?(key)
-          debug ("Key #{key} found in YAML document")
-
-          parsed_answer = parse_answer(key, data[key], scope)
-
-          begin
-            case resolution_type
-            when :array
-              debug("Appending answer array")
-              raise Exception, "Hiera type mismatch: expected Array and got #{parsed_answer.class}" unless parsed_answer.kind_of? Array or parsed_answer.kind_of? String
-              answer ||= []
-              answer << parsed_answer
-            when :hash
-              debug("Merging answer hash")
-              raise Exception, "Hiera type mismatch: expected Hash and got #{parsed_answer.class}" unless parsed_answer.kind_of? Hash
-              answer ||= {}
-              answer = Backend.merge_answer(parsed_answer,answer)
-            else
-              debug("Assigning answer variable")
-              answer = parsed_answer
-              break
-            end
-          rescue NoMethodError
-            raise Exception, "Resolution type is #{resolution_type} but parsed_answer is a #{parsed_answer.class}"
+          data = @cache.read(eyaml_file, Hash) do |data|
+            YAML.load(data) || {}
           end
-        end
 
-        answer
-      end
+          next if data.empty?
+          next unless data.include?(key)
 
-      def parse_answer(key, data, scope, extra_data={})
-        if data.is_a?(Numeric) or data.is_a?(TrueClass) or data.is_a?(FalseClass)
-          # Can't be encrypted
-          data
-        elsif data.is_a?(String)
-          parsed_string = Backend.parse_string(data, scope)
-          decrypt(key, parsed_string, scope)
-        elsif data.is_a?(Hash)
-          answer = {}
-          data.each_pair do |key, val|
-            answer[key] = parse_answer(key, val, scope, extra_data)
+          # Extra logging that we found the key. This can be outputted
+          # multiple times if the resolution type is array or hash but that
+          # should be expected as the logging will then tell the user ALL the
+          # places where the key is found.
+          debug("Found #{key} in #{source}")
+
+          # for array resolution we just append to the array whatever
+          # we find, we then goes onto the next file and keep adding to
+          # the array
+          #
+          # for priority searches we break after the first found data item
+          new_answer = parse_answer(data[key], scope)
+          case resolution_type
+          when :array
+            raise Exception, "Hiera type mismatch: expected Array and got #{new_answer.class}" unless new_answer.kind_of? Array or new_answer.kind_of? String
+            answer ||= []
+            answer << new_answer
+          when :hash
+            raise Exception, "Hiera type mismatch: expected Hash and got #{new_answer.class}" unless new_answer.kind_of? Hash
+            answer ||= {}
+            answer = Backend.merge_answer(new_answer,answer)
+          else
+            answer = new_answer
+            break
           end
-          answer
-        elsif data.is_a?(Array)
-          answer = []
-          data.each do |item|
-            answer << parse_answer(key, item, scope, extra_data)
-          end
-          answer
         end
-      end
 
-      def deblock block_string
-        block_string.gsub(/[ \n]/, '')
+        return answer
       end
 
-      def decrypt(key, value, scope)
-
-        if encrypted? value
+      private
 
-          debug "Attempting to decrypt: #{key}"
-
-          Config[:eyaml].each do |config_key, config_value|
-            config_value = Backend.parse_string(Config[:eyaml][config_key], scope)
-            debug "Setting: #{config_key} = #{config_value}"
-            Eyaml::Options[config_key] = config_value
-          end
+      def debug(message)
+        Hiera.debug("[eyaml_backend]: #{message}")
+      end
 
-          Eyaml::Options[:source] = "hiera"
+      def decrypt(data)
+        if encrypted?(data)
+          debug("Attempting to decrypt")
 
           parser = Eyaml::Parser::ParserFactory.hiera_backend_parser
-          tokens = parser.parse(value)
+          tokens = parser.parse(data)
           decrypted = tokens.map{ |token| token.to_plain_text }
           plaintext = decrypted.join
 
           plaintext.chomp
-
         else
-          value
+          data
         end
       end
 
-      def encrypted?(value)
-        if value.match(/.*ENC\[.*?\]/) then true else false end
+      def encrypted?(data)
+        /.*ENC\[.*?\]/ =~ data ? true : false
+      end
+
+      def parse_answer(data, scope, extra_data={})
+        if data.is_a?(Numeric) or data.is_a?(TrueClass) or data.is_a?(FalseClass)
+          return data
+        elsif data.is_a?(String)
+          return parse_string(data, scope, extra_data)
+        elsif data.is_a?(Hash)
+          answer = {}
+          data.each_pair do |key, val|
+            interpolated_key = Backend.parse_string(key, scope, extra_data)
+            answer[interpolated_key] = parse_answer(val, scope, extra_data)
+          end
+
+          return answer
+        elsif data.is_a?(Array)
+          answer = []
+          data.each do |item|
+            answer << parse_answer(item, scope, extra_data)
+          end
+
+          return answer
+        end
       end
 
-      def debug(msg)
-        Hiera.debug("[eyaml_backend]: #{msg}")
+      def parse_options(scope)
+        Config[:eyaml].each do |key, value|
+          parsed_value = Backend.parse_string(value, scope)
+          Eyaml::Options[key] = parsed_value
+          debug("Set option: #{key} = #{parsed_value}")
+        end
+
+        Eyaml::Options[:source] = "hiera"
       end
 
-      def warn(msg)
-        Hiera.warn("[eyaml_backend]:  #{msg}")
+      def parse_string(data, scope, extra_data={})
+        decrypted_data = decrypt(data)
+        Backend.parse_string(decrypted_data, scope, extra_data)
       end
     end
   end

metadata

@@ -1,50 +1,55 @@
---- !ruby/object:Gem::Specification
+--- !ruby/object:Gem::Specification 
 name: hiera-eyaml
-version: !ruby/object:Gem::Version
-  version: 2.0.0
+version: !ruby/object:Gem::Version 
+  version: 2.0.1
 platform: ruby
-authors:
+authors: 
 - Tom Poulton
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-12-05 00:00:00.000000000 Z
-dependencies:
-- !ruby/object:Gem::Dependency
-  name: trollop
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
-        version: '2.0'
+
+date: 2014-03-07 00:00:00 Z
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: hiera
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: 1.2.1
   type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: trollop
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
-        version: '2.0'
-- !ruby/object:Gem::Dependency
-  name: highline
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
-        version: 1.6.19
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "2.0"
   type: :runtime
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: highline
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
         version: 1.6.19
+  type: :runtime
+  version_requirements: *id003
 description: Hiera backend for decrypting encrypted yaml properties
 email: 
-executables:
+executables: 
 - eyaml
 extensions: []
+
 extra_rdoc_files: []
-files:
+
+files: 
 - .gitignore
 - .travis.yml
 - Gemfile
@@ -81,27 +86,30 @@ files:
 - sublime_text/eyaml.syntax_definition.json
 - tools/regem.sh
 homepage: http://github.com/TomPoulton/hiera-eyaml
-licenses:
+licenses: 
 - MIT
 metadata: {}
+
 post_install_message: 
 rdoc_options: []
-require_paths:
+
+require_paths: 
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement
-  requirements:
-  - - '>='
-    - !ruby/object:Gem::Version
-      version: '0'
-required_rubygems_version: !ruby/object:Gem::Requirement
-  requirements:
-  - - '>='
-    - !ruby/object:Gem::Version
-      version: '0'
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - &id004 
+    - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - *id004
 requirements: []
+
 rubyforge_project: 
-rubygems_version: 2.0.11
+rubygems_version: 2.0.14
 signing_key: 
 specification_version: 4
 summary: OpenSSL Encryption backend for Hiera
 test_files: []
+