hiera-eyaml 3.0.0 → 3.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6fde1d8051eb21831b79c698fd423e9a4a08b824d2360e9ff6812d7992bc0388
4
- data.tar.gz: 51f03df435163ec479f4e843d83c3c5d1c04c0581901bbe0f578d06314e3f625
3
+ metadata.gz: 5b9a21a2c014fd073b1733d4c9c8ac2422b4d011f22f9ceb700834ce13710090
4
+ data.tar.gz: e8672bc02e4f4e9c41c8bba28677a99c06f08b5fd870936b660bb495d6df0e26
5
5
  SHA512:
6
- metadata.gz: 8363cd6de0401411ba832d79e3a7ce5df9e1b3a9a6a9d532d7b3e935e7a98a10ff29be65acd36a953494a3923e090c0cd8cfc594f63ff56d39f38e881553d874
7
- data.tar.gz: 6f34d66445e374ea6c6c7c6d34c50f20a14d76eef48732b661bad86ce793a362564b93538f896d85c219ee415a33b222b0d15e4c770d0ee6013428091c0d1649
6
+ metadata.gz: ac59e7c61933e8db2d074bf267c2d45a8cc3aacc23a2a4b732483529506d9cb089ed144794f1b37e010407646a461ca64cd1fc4f4cb53b9b81a65318d604fbad
7
+ data.tar.gz: f8fe859c0a1a855b0138690362a8e3952f0fa0756540135d314e117668d8936159a3d7862d0bf3e91ce9eba2efa0d30284f301037ecac7683133a5f6dcfb43a8
@@ -2,6 +2,27 @@
2
2
 
3
3
  All notable changes to this project will be documented in this file.
4
4
 
5
+ ## [v3.1.0](https://github.com/voxpupuli/hiera-eyaml/tree/v3.1.0) (2019-11-11)
6
+
7
+ [Full Changelog](https://github.com/voxpupuli/hiera-eyaml/compare/v3.0.0...v3.1.0)
8
+
9
+ **Implemented enhancements:**
10
+
11
+ - Should be able to `edit` a new file [\#84](https://github.com/voxpupuli/hiera-eyaml/issues/84)
12
+ - Cache key strings. [\#191](https://github.com/voxpupuli/hiera-eyaml/pull/191) ([mkulke](https://github.com/mkulke))
13
+
14
+ **Closed issues:**
15
+
16
+ - Decryption errors should return error code. [\#282](https://github.com/voxpupuli/hiera-eyaml/issues/282)
17
+ - Release a new version [\#271](https://github.com/voxpupuli/hiera-eyaml/issues/271)
18
+
19
+ **Merged pull requests:**
20
+
21
+ - \(docs\) Update README with reference to hiera-eyaml-vault [\#287](https://github.com/voxpupuli/hiera-eyaml/pull/287) ([crayfishx](https://github.com/crayfishx))
22
+ - fix: don't handle cli exceptions early [\#283](https://github.com/voxpupuli/hiera-eyaml/pull/283) ([stuart-warren](https://github.com/stuart-warren))
23
+ - Adding doc for Google KMS plugin [\#279](https://github.com/voxpupuli/hiera-eyaml/pull/279) ([craigwatson](https://github.com/craigwatson))
24
+ - catch failed decryption and print a helpful message [\#144](https://github.com/voxpupuli/hiera-eyaml/pull/144) ([GeoffWilliams](https://github.com/GeoffWilliams))
25
+
5
26
  ## [v3.0.0](https://github.com/voxpupuli/hiera-eyaml/tree/v3.0.0) (2019-01-17)
6
27
 
7
28
  [Full Changelog](https://github.com/voxpupuli/hiera-eyaml/compare/v2.1.0...v3.0.0)
data/README.md CHANGED
@@ -365,7 +365,10 @@ This is a list of available plugins:
365
365
  Note that this plugin mandates the user enter a password. It is useful for non-automated scenarios, and is not advised to be used
366
366
  in conjunction with puppet, as it requires entry of a password over a terminal.
367
367
  - [hiera-eyaml-kms](https://github.com/adenot/hiera-eyaml-kms) - Encryption using AWS Key Management Service (KMS)
368
-
368
+ - [hiera-eyaml-gkms](https://github.com/craigwatson/hiera-eyaml-gkms) - Encryption using Google Cloud KMS
369
+ - [hiera-eyaml-vault](https://github.com/crayfishx/hiera-eyaml-vault) - Use the transit secrets engine from Vault for providing encryption.
370
+
371
+
369
372
  ### How-To's:
370
373
 
371
374
  - [How to use different Hiera/Eyaml keys for different environments using the AWS Parameter Store to store the encryption keys for Hiera/Eyaml](https://gist.github.com/FransUrbo/88b26033cb513a8aa569bd5392a427b1).
@@ -2,7 +2,7 @@ class Hiera
2
2
  module Backend
3
3
  module Eyaml
4
4
 
5
- VERSION = "3.0.0"
5
+ VERSION = "3.1.0"
6
6
  DESCRIPTION = "Hiera-eyaml is a backend for Hiera which provides OpenSSL encryption/decryption for Hiera properties"
7
7
 
8
8
  class RecoverableError < StandardError
@@ -42,13 +42,9 @@ class Hiera
42
42
  def self.execute
43
43
 
44
44
  executor = Eyaml::Options[:executor]
45
- begin
46
- result = executor.execute
47
- puts result unless result.nil?
48
- rescue Exception => e
49
- LoggingHelper.warn e.message
50
- LoggingHelper.debug e.backtrace.join("\n")
51
- end
45
+
46
+ result = executor.execute
47
+ puts result unless result.nil?
52
48
 
53
49
  end
54
50
 
@@ -38,8 +38,8 @@ class Hiera
38
38
  public_key = self.option :public_key
39
39
  raise StandardError, "pkcs7_public_key is not defined" unless public_key
40
40
 
41
- public_key_pem = File.read public_key
42
- public_key_x509 = OpenSSL::X509::Certificate.new( public_key_pem )
41
+ @public_key_pem ||= File.read public_key
42
+ public_key_x509 = OpenSSL::X509::Certificate.new( @public_key_pem )
43
43
 
44
44
  cipher = OpenSSL::Cipher::AES.new(256, :CBC)
45
45
  OpenSSL::PKCS7::encrypt([public_key_x509], plaintext, cipher, OpenSSL::PKCS7::BINARY).to_der
@@ -54,11 +54,11 @@ class Hiera
54
54
  raise StandardError, "pkcs7_public_key is not defined" unless public_key
55
55
  raise StandardError, "pkcs7_private_key is not defined" unless private_key
56
56
 
57
- private_key_pem = File.read private_key
58
- private_key_rsa = OpenSSL::PKey::RSA.new( private_key_pem )
57
+ @private_key_pem ||= File.read private_key
58
+ private_key_rsa = OpenSSL::PKey::RSA.new( @private_key_pem )
59
59
 
60
- public_key_pem = File.read public_key
61
- public_key_x509 = OpenSSL::X509::Certificate.new( public_key_pem )
60
+ @public_key_pem ||= File.read public_key
61
+ public_key_x509 = OpenSSL::X509::Certificate.new( @public_key_pem )
62
62
 
63
63
  pkcs7 = OpenSSL::PKCS7.new( ciphertext )
64
64
  pkcs7.decrypt(private_key_rsa, public_key_x509)
@@ -79,12 +79,19 @@ class Hiera
79
79
  def decrypt(data)
80
80
  if encrypted?(data)
81
81
  debug("Attempting to decrypt")
82
+ begin
83
+ parser = Eyaml::Parser::ParserFactory.hiera_backend_parser
84
+ tokens = parser.parse(data)
85
+ decrypted = tokens.map{ |token| token.to_plain_text }
86
+ plaintext = decrypted.join
87
+ rescue OpenSSL::PKCS7::PKCS7Error => e
88
+ debug("Caught exception: #{e.class}, #{e.message}\n"\
89
+ "#{e.backtrace.join("\n")}")
90
+ raise "Hiera-eyaml decryption failed, check the "\
91
+ "encrypted data matches the key you are using.\n"\
92
+ "Raw message from system: #{e.message}"
82
93
 
83
- parser = Eyaml::Parser::ParserFactory.hiera_backend_parser
84
- tokens = parser.parse(data)
85
- decrypted = tokens.map{ |token| token.to_plain_text }
86
- plaintext = decrypted.join
87
-
94
+ end
88
95
  plaintext.chomp
89
96
  else
90
97
  data
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hiera-eyaml
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.0
4
+ version: 3.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tom Poulton
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-01-17 00:00:00.000000000 Z
11
+ date: 2019-11-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: optimist
@@ -105,7 +105,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
105
105
  - !ruby/object:Gem::Version
106
106
  version: '0'
107
107
  requirements: []
108
- rubygems_version: 3.0.2
108
+ rubygems_version: 3.0.6
109
109
  signing_key:
110
110
  specification_version: 4
111
111
  summary: OpenSSL Encryption backend for Hiera