hiera-eyaml 2.1.0 → 3.2.1

data/lib/hiera/backend/eyaml/subcommands/encrypt.rb

@@ -11,12 +11,12 @@ class Hiera
         class Encrypt < Subcommand
 
           def self.options
-            [{:name => :password, 
-              :description => "Source input is a password entered on the terminal", 
+            [{:name => :password,
+              :description => "Source input is a password entered on the terminal",
               :short => 'p'},
              {:name => :string,
               :description => "Source input is a string provided as an argument",
-              :short => 's', 
+              :short => 's',
               :type => :string},
              {:name => :file,
               :description => "Source input is a regular file",
@@ -47,8 +47,8 @@ class Hiera
 
           def self.validate options
             sources = [:password, :string, :file, :stdin, :eyaml].collect {|x| x if options[x]}.compact
-            Trollop::die "You must specify a source" if sources.count.zero?
-            Trollop::die "You can only specify one of (#{sources.join(', ')})" if sources.count > 1
+            Optimist::die "You must specify a source" if sources.count.zero?
+            Optimist::die "You can only specify one of (#{sources.join(', ')})" if sources.count > 1
             options[:source] = sources.first
 
             options[:input_data] = case options[:source]
@@ -78,7 +78,7 @@ class Hiera
               else
                 encryptor = Encryptor.find
                 ciphertext = encryptor.encode( encryptor.encrypt(Eyaml::Options[:input_data]) )
-                token = Parser::EncToken.new(:block, Eyaml::Options[:input_data], encryptor, ciphertext, nil, '    ')
+                token = Parser::EncToken.new(:block, Eyaml::Options[:input_data], encryptor, ciphertext, nil, '  ')
                 case Eyaml::Options[:output]
                   when "block"
                     token.to_encrypted :label => Eyaml::Options[:label], :use_chevron => !Eyaml::Options[:label].nil?, :format => :block

data/lib/hiera/backend/eyaml/subcommands/recrypt.rb

@@ -10,7 +10,12 @@ class Hiera
         class Recrypt < Subcommand
 
           def self.options
-            []
+            [
+                 {:name          => :change_encryption,
+                  :description   => "Specify the new encryption method that should be used for the file",
+                  :short         => 'd',
+                  :default       => "pkcs7"}
+             ]
           end
 
           def self.description
@@ -22,10 +27,11 @@ class Hiera
           end
 
           def self.validate options
-            Trollop::die "You must specify an eyaml file" if ARGV.empty?
+            Optimist::die "You must specify an eyaml file" if ARGV.empty?
             options[:source] = :eyaml
             options[:eyaml] = ARGV.shift
             options[:input_data] = File.read options[:eyaml]
+            @change_encryption = options[:change_encryption]
             options
           end
 
@@ -38,7 +44,7 @@ class Hiera
             decrypted_parser = Parser::ParserFactory.decrypted_parser
             edited_tokens = decrypted_parser.parse(decrypted_input)
 
-            encrypted_output = edited_tokens.map{ |t| t.to_encrypted }.join
+            encrypted_output = edited_tokens.map{ |t| t.to_encrypted({:change_encryption => @change_encryption}) }.join
 
             filename = Eyaml::Options[:eyaml]
             File.open("#{filename}", 'w') { |file|

data/lib/hiera/backend/eyaml/utils.rb

@@ -50,12 +50,21 @@ class Hiera
             candidates << candidate.to_s.split('::').last if parent_class.const_get(candidate).class.to_s == "Class"
           end
           candidates
-        end 
+        end
 
         def self.hiera?
           "hiera".eql? Eyaml::Options[:source]
         end
 
+        def self.convert_to_utf_8 string
+          orig_encoding = string.encoding
+          return string if orig_encoding == Encoding::UTF_8
+
+          return string.dup.force_encoding(Encoding::UTF_8)
+        rescue EncodingError => detail
+          warn "Unable to encode to \"Encoding::UTF_8\" using the original \"#{orig_encoding}\""
+          return string
+        end
       end
     end
   end

data/lib/hiera/backend/eyaml_backend.rb

@@ -15,6 +15,7 @@ class Hiera
       def initialize(cache = nil)
         debug("Hiera eYAML backend starting")
 
+        @decrypted_cache = {}
         @cache     = cache || Filecache.new
         @extension = Config[:eyaml][:extension] || "eyaml"
       end
@@ -78,12 +79,19 @@ class Hiera
       def decrypt(data)
         if encrypted?(data)
           debug("Attempting to decrypt")
+          begin
+            parser = Eyaml::Parser::ParserFactory.hiera_backend_parser
+            tokens = parser.parse(data)
+            decrypted = tokens.map{ |token| token.to_plain_text }
+            plaintext = decrypted.join
+          rescue OpenSSL::PKCS7::PKCS7Error => e
+            debug("Caught exception: #{e.class}, #{e.message}\n"\
+                  "#{e.backtrace.join("\n")}")
+            raise "Hiera-eyaml decryption failed, check the "\
+              "encrypted data matches the key you are using.\n"\
+              "Raw message from system: #{e.message}"
 
-          parser = Eyaml::Parser::ParserFactory.hiera_backend_parser
-          tokens = parser.parse(data)
-          decrypted = tokens.map{ |token| token.to_plain_text }
-          plaintext = decrypted.join
-
+          end
           plaintext.chomp
         else
           data
@@ -91,7 +99,7 @@ class Hiera
       end
 
       def encrypted?(data)
-        /.*ENC\[.*?\]/ =~ data ? true : false
+        /.*ENC\[.*\]/ =~ data ? true : false
       end
 
       def parse_answer(data, scope, extra_data={})
@@ -128,7 +136,19 @@ class Hiera
       end
 
       def parse_string(data, scope, extra_data={})
-        decrypted_data = decrypt(data)
+        if Eyaml::Options[:cache_decrypted]
+          if not @decrypted_cache.include?(data)
+            decrypted_data = decrypt(data)
+            debug("Adding data to decrypted cache")
+            @decrypted_cache[data] = decrypted_data
+          else
+            debug("Retrieving data from decrypted cache")
+            decrypted_data = @decrypted_cache[data]
+          end
+        else
+          decrypted_data = decrypt(data)
+        end
+
         Backend.parse_string(decrypted_data, scope, extra_data)
       end
     end

data/tools/regem.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 
 # ToDo: Remove as 'rake install' task will build and install the latest gem?
 

metadata

@@ -1,43 +1,43 @@
 --- !ruby/object:Gem::Specification
 name: hiera-eyaml
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 3.2.1
 platform: ruby
 authors:
 - Tom Poulton
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-03-02 00:00:00.000000000 Z
+date: 2021-02-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: trollop
+  name: optimist
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: highline
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.6.19
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.6.19
+        version: '0'
 description: Hiera backend for decrypting encrypted yaml properties
 email: 
 executables:
@@ -45,10 +45,12 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/release.yml"
+- ".github/workflows/test.yml"
 - ".gitignore"
-- ".travis.yml"
-- CHANGES.md
+- CHANGELOG.md
 - Gemfile
+- HISTORY.md
 - LICENSE.txt
 - PLUGINS.md
 - README.md
@@ -85,7 +87,7 @@ files:
 - sublime_text/eyaml.syntax_definition.json
 - tools/git_tag_release.rb
 - tools/regem.sh
-homepage: http://github.com/TomPoulton/hiera-eyaml
+homepage: https://github.com/voxpupuli/hiera-eyaml/
 licenses:
 - MIT
 metadata: {}
@@ -104,8 +106,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: OpenSSL Encryption backend for Hiera

data/.travis.yml

@@ -1,30 +0,0 @@
-language: ruby
-rvm:
-  - "1.8.7-p374"
-  - "1.9.3"
-  - "2.0.0"
-  - "2.1.5"
-  - "2.2.3"
-env:
-  - PUPPET_VERSION=3.7.5
-  - PUPPET_VERSION=3.8.4
-  - PUPPET_VERSION=4.2.2
-sudo: false
-addons:
-  apt:
-    packages:
-      - expect
-script:
-  bundle exec cucumber -f progress
-notifications:
-  email: false
-
-matrix:
-  exclude:
-    - rvm: 1.8.7-p374
-      env: PUPPET_VERSION=4.2.2
-    - rvm: 2.2.3
-      env: PUPPET_VERSION=3.7.5
-    - rvm: 2.2.3
-      env: PUPPET_VERSION=3.8.4
-