hiera-eyaml 2.1.0 → 3.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.github/workflows/release.yml +24 -0
- data/.github/workflows/test.yml +31 -0
- data/.gitignore +8 -0
- data/CHANGELOG.md +185 -0
- data/Gemfile +3 -4
- data/{CHANGES.md → HISTORY.md} +9 -15
- data/README.md +205 -29
- data/Rakefile +13 -0
- data/hiera-eyaml.gemspec +3 -3
- data/lib/hiera/backend/eyaml.rb +1 -1
- data/lib/hiera/backend/eyaml/CLI.rb +4 -8
- data/lib/hiera/backend/eyaml/encryptor.rb +3 -4
- data/lib/hiera/backend/eyaml/encryptors/pkcs7.rb +51 -10
- data/lib/hiera/backend/eyaml/parser/encrypted_tokens.rb +45 -7
- data/lib/hiera/backend/eyaml/subcommand.rb +15 -8
- data/lib/hiera/backend/eyaml/subcommands/decrypt.rb +10 -3
- data/lib/hiera/backend/eyaml/subcommands/edit.rb +23 -10
- data/lib/hiera/backend/eyaml/subcommands/encrypt.rb +6 -6
- data/lib/hiera/backend/eyaml/subcommands/recrypt.rb +9 -3
- data/lib/hiera/backend/eyaml/utils.rb +10 -1
- data/lib/hiera/backend/eyaml_backend.rb +27 -7
- data/tools/regem.sh +1 -1
- metadata +17 -16
- data/.travis.yml +0 -30
@@ -11,12 +11,12 @@ class Hiera
|
|
11
11
|
class Encrypt < Subcommand
|
12
12
|
|
13
13
|
def self.options
|
14
|
-
[{:name => :password,
|
15
|
-
:description => "Source input is a password entered on the terminal",
|
14
|
+
[{:name => :password,
|
15
|
+
:description => "Source input is a password entered on the terminal",
|
16
16
|
:short => 'p'},
|
17
17
|
{:name => :string,
|
18
18
|
:description => "Source input is a string provided as an argument",
|
19
|
-
:short => 's',
|
19
|
+
:short => 's',
|
20
20
|
:type => :string},
|
21
21
|
{:name => :file,
|
22
22
|
:description => "Source input is a regular file",
|
@@ -47,8 +47,8 @@ class Hiera
|
|
47
47
|
|
48
48
|
def self.validate options
|
49
49
|
sources = [:password, :string, :file, :stdin, :eyaml].collect {|x| x if options[x]}.compact
|
50
|
-
|
51
|
-
|
50
|
+
Optimist::die "You must specify a source" if sources.count.zero?
|
51
|
+
Optimist::die "You can only specify one of (#{sources.join(', ')})" if sources.count > 1
|
52
52
|
options[:source] = sources.first
|
53
53
|
|
54
54
|
options[:input_data] = case options[:source]
|
@@ -78,7 +78,7 @@ class Hiera
|
|
78
78
|
else
|
79
79
|
encryptor = Encryptor.find
|
80
80
|
ciphertext = encryptor.encode( encryptor.encrypt(Eyaml::Options[:input_data]) )
|
81
|
-
token = Parser::EncToken.new(:block, Eyaml::Options[:input_data], encryptor, ciphertext, nil, '
|
81
|
+
token = Parser::EncToken.new(:block, Eyaml::Options[:input_data], encryptor, ciphertext, nil, ' ')
|
82
82
|
case Eyaml::Options[:output]
|
83
83
|
when "block"
|
84
84
|
token.to_encrypted :label => Eyaml::Options[:label], :use_chevron => !Eyaml::Options[:label].nil?, :format => :block
|
@@ -10,7 +10,12 @@ class Hiera
|
|
10
10
|
class Recrypt < Subcommand
|
11
11
|
|
12
12
|
def self.options
|
13
|
-
[
|
13
|
+
[
|
14
|
+
{:name => :change_encryption,
|
15
|
+
:description => "Specify the new encryption method that should be used for the file",
|
16
|
+
:short => 'd',
|
17
|
+
:default => "pkcs7"}
|
18
|
+
]
|
14
19
|
end
|
15
20
|
|
16
21
|
def self.description
|
@@ -22,10 +27,11 @@ class Hiera
|
|
22
27
|
end
|
23
28
|
|
24
29
|
def self.validate options
|
25
|
-
|
30
|
+
Optimist::die "You must specify an eyaml file" if ARGV.empty?
|
26
31
|
options[:source] = :eyaml
|
27
32
|
options[:eyaml] = ARGV.shift
|
28
33
|
options[:input_data] = File.read options[:eyaml]
|
34
|
+
@change_encryption = options[:change_encryption]
|
29
35
|
options
|
30
36
|
end
|
31
37
|
|
@@ -38,7 +44,7 @@ class Hiera
|
|
38
44
|
decrypted_parser = Parser::ParserFactory.decrypted_parser
|
39
45
|
edited_tokens = decrypted_parser.parse(decrypted_input)
|
40
46
|
|
41
|
-
encrypted_output = edited_tokens.map{ |t| t.to_encrypted }.join
|
47
|
+
encrypted_output = edited_tokens.map{ |t| t.to_encrypted({:change_encryption => @change_encryption}) }.join
|
42
48
|
|
43
49
|
filename = Eyaml::Options[:eyaml]
|
44
50
|
File.open("#{filename}", 'w') { |file|
|
@@ -50,12 +50,21 @@ class Hiera
|
|
50
50
|
candidates << candidate.to_s.split('::').last if parent_class.const_get(candidate).class.to_s == "Class"
|
51
51
|
end
|
52
52
|
candidates
|
53
|
-
end
|
53
|
+
end
|
54
54
|
|
55
55
|
def self.hiera?
|
56
56
|
"hiera".eql? Eyaml::Options[:source]
|
57
57
|
end
|
58
58
|
|
59
|
+
def self.convert_to_utf_8 string
|
60
|
+
orig_encoding = string.encoding
|
61
|
+
return string if orig_encoding == Encoding::UTF_8
|
62
|
+
|
63
|
+
return string.dup.force_encoding(Encoding::UTF_8)
|
64
|
+
rescue EncodingError => detail
|
65
|
+
warn "Unable to encode to \"Encoding::UTF_8\" using the original \"#{orig_encoding}\""
|
66
|
+
return string
|
67
|
+
end
|
59
68
|
end
|
60
69
|
end
|
61
70
|
end
|
@@ -15,6 +15,7 @@ class Hiera
|
|
15
15
|
def initialize(cache = nil)
|
16
16
|
debug("Hiera eYAML backend starting")
|
17
17
|
|
18
|
+
@decrypted_cache = {}
|
18
19
|
@cache = cache || Filecache.new
|
19
20
|
@extension = Config[:eyaml][:extension] || "eyaml"
|
20
21
|
end
|
@@ -78,12 +79,19 @@ class Hiera
|
|
78
79
|
def decrypt(data)
|
79
80
|
if encrypted?(data)
|
80
81
|
debug("Attempting to decrypt")
|
82
|
+
begin
|
83
|
+
parser = Eyaml::Parser::ParserFactory.hiera_backend_parser
|
84
|
+
tokens = parser.parse(data)
|
85
|
+
decrypted = tokens.map{ |token| token.to_plain_text }
|
86
|
+
plaintext = decrypted.join
|
87
|
+
rescue OpenSSL::PKCS7::PKCS7Error => e
|
88
|
+
debug("Caught exception: #{e.class}, #{e.message}\n"\
|
89
|
+
"#{e.backtrace.join("\n")}")
|
90
|
+
raise "Hiera-eyaml decryption failed, check the "\
|
91
|
+
"encrypted data matches the key you are using.\n"\
|
92
|
+
"Raw message from system: #{e.message}"
|
81
93
|
|
82
|
-
|
83
|
-
tokens = parser.parse(data)
|
84
|
-
decrypted = tokens.map{ |token| token.to_plain_text }
|
85
|
-
plaintext = decrypted.join
|
86
|
-
|
94
|
+
end
|
87
95
|
plaintext.chomp
|
88
96
|
else
|
89
97
|
data
|
@@ -91,7 +99,7 @@ class Hiera
|
|
91
99
|
end
|
92
100
|
|
93
101
|
def encrypted?(data)
|
94
|
-
/.*ENC\[
|
102
|
+
/.*ENC\[.*\]/ =~ data ? true : false
|
95
103
|
end
|
96
104
|
|
97
105
|
def parse_answer(data, scope, extra_data={})
|
@@ -128,7 +136,19 @@ class Hiera
|
|
128
136
|
end
|
129
137
|
|
130
138
|
def parse_string(data, scope, extra_data={})
|
131
|
-
|
139
|
+
if Eyaml::Options[:cache_decrypted]
|
140
|
+
if not @decrypted_cache.include?(data)
|
141
|
+
decrypted_data = decrypt(data)
|
142
|
+
debug("Adding data to decrypted cache")
|
143
|
+
@decrypted_cache[data] = decrypted_data
|
144
|
+
else
|
145
|
+
debug("Retrieving data from decrypted cache")
|
146
|
+
decrypted_data = @decrypted_cache[data]
|
147
|
+
end
|
148
|
+
else
|
149
|
+
decrypted_data = decrypt(data)
|
150
|
+
end
|
151
|
+
|
132
152
|
Backend.parse_string(decrypted_data, scope, extra_data)
|
133
153
|
end
|
134
154
|
end
|
data/tools/regem.sh
CHANGED
metadata
CHANGED
@@ -1,43 +1,43 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: hiera-eyaml
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.1
|
4
|
+
version: 3.2.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tom Poulton
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-02-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
|
-
name:
|
14
|
+
name: optimist
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- - "
|
17
|
+
- - ">="
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: '
|
19
|
+
version: '0'
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
|
-
- - "
|
24
|
+
- - ">="
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: '
|
26
|
+
version: '0'
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: highline
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
|
-
- - "
|
31
|
+
- - ">="
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version:
|
33
|
+
version: '0'
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
|
-
- - "
|
38
|
+
- - ">="
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version:
|
40
|
+
version: '0'
|
41
41
|
description: Hiera backend for decrypting encrypted yaml properties
|
42
42
|
email:
|
43
43
|
executables:
|
@@ -45,10 +45,12 @@ executables:
|
|
45
45
|
extensions: []
|
46
46
|
extra_rdoc_files: []
|
47
47
|
files:
|
48
|
+
- ".github/workflows/release.yml"
|
49
|
+
- ".github/workflows/test.yml"
|
48
50
|
- ".gitignore"
|
49
|
-
-
|
50
|
-
- CHANGES.md
|
51
|
+
- CHANGELOG.md
|
51
52
|
- Gemfile
|
53
|
+
- HISTORY.md
|
52
54
|
- LICENSE.txt
|
53
55
|
- PLUGINS.md
|
54
56
|
- README.md
|
@@ -85,7 +87,7 @@ files:
|
|
85
87
|
- sublime_text/eyaml.syntax_definition.json
|
86
88
|
- tools/git_tag_release.rb
|
87
89
|
- tools/regem.sh
|
88
|
-
homepage:
|
90
|
+
homepage: https://github.com/voxpupuli/hiera-eyaml/
|
89
91
|
licenses:
|
90
92
|
- MIT
|
91
93
|
metadata: {}
|
@@ -104,8 +106,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
104
106
|
- !ruby/object:Gem::Version
|
105
107
|
version: '0'
|
106
108
|
requirements: []
|
107
|
-
|
108
|
-
rubygems_version: 2.2.2
|
109
|
+
rubygems_version: 3.1.4
|
109
110
|
signing_key:
|
110
111
|
specification_version: 4
|
111
112
|
summary: OpenSSL Encryption backend for Hiera
|
data/.travis.yml
DELETED
@@ -1,30 +0,0 @@
|
|
1
|
-
language: ruby
|
2
|
-
rvm:
|
3
|
-
- "1.8.7-p374"
|
4
|
-
- "1.9.3"
|
5
|
-
- "2.0.0"
|
6
|
-
- "2.1.5"
|
7
|
-
- "2.2.3"
|
8
|
-
env:
|
9
|
-
- PUPPET_VERSION=3.7.5
|
10
|
-
- PUPPET_VERSION=3.8.4
|
11
|
-
- PUPPET_VERSION=4.2.2
|
12
|
-
sudo: false
|
13
|
-
addons:
|
14
|
-
apt:
|
15
|
-
packages:
|
16
|
-
- expect
|
17
|
-
script:
|
18
|
-
bundle exec cucumber -f progress
|
19
|
-
notifications:
|
20
|
-
email: false
|
21
|
-
|
22
|
-
matrix:
|
23
|
-
exclude:
|
24
|
-
- rvm: 1.8.7-p374
|
25
|
-
env: PUPPET_VERSION=4.2.2
|
26
|
-
- rvm: 2.2.3
|
27
|
-
env: PUPPET_VERSION=3.7.5
|
28
|
-
- rvm: 2.2.3
|
29
|
-
env: PUPPET_VERSION=3.8.4
|
30
|
-
|