hiera-gpg 0.1.1 → 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/hiera/backend/gpg_backend.rb +72 -42
- metadata +17 -3
@@ -1,60 +1,90 @@
|
|
1
1
|
class Hiera
|
2
2
|
module Backend
|
3
3
|
class Gpg_backend
|
4
|
-
def lookup(key, scope, order_override, resolution_type)
|
5
|
-
Hiera.debug("loaded gpg_backend")
|
6
|
-
answer = Backend.empty_answer(resolution_type)
|
7
4
|
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
Hiera.debug("Loading file #{gpgfile}")
|
5
|
+
def initialize
|
6
|
+
require 'gpgme'
|
7
|
+
debug ("Loaded gpg_backend")
|
8
|
+
end
|
13
9
|
|
14
|
-
|
15
|
-
|
16
|
-
|
10
|
+
def debug (msg)
|
11
|
+
Hiera.debug("[gpg_backend]: #{msg}")
|
12
|
+
end
|
17
13
|
|
18
|
-
|
14
|
+
def warn (msg)
|
15
|
+
Hiera.warn("[gpg_backend]: #{msg}")
|
16
|
+
end
|
19
17
|
|
20
|
-
if plain.empty?
|
21
|
-
Hiera.debug("GPG decrypt returned empty string")
|
22
|
-
next
|
23
|
-
end
|
24
18
|
|
25
|
-
|
19
|
+
def lookup(key, scope, order_override, resolution_type)
|
26
20
|
|
27
|
-
|
28
|
-
|
21
|
+
debug("Lookup called, key #{key} resolution type is #{resolution_type}")
|
22
|
+
answer = Backend.empty_answer(resolution_type)
|
29
23
|
|
24
|
+
Backend.datasources(scope, order_override) do |source|
|
25
|
+
gpgfile = Backend.datafile(:gpg, scope, source, "gpg") || next
|
30
26
|
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
27
|
+
# This should compute ~ on both *nix and *doze
|
28
|
+
homes = ["HOME", "HOMEPATH"]
|
29
|
+
real_home = homes.detect { |h| ENV[h] != nil }
|
30
|
+
|
31
|
+
## key_dir is the location of our GPG private keys
|
32
|
+
## default: ~/.gnupg
|
33
|
+
key_dir = Config[:gpg][:key_dir] || "#{ENV[real_home]}/.gnupg"
|
34
|
+
|
35
|
+
plain = decrypt(gpgfile, key_dir)
|
36
|
+
next if !plain
|
37
|
+
next if plain.empty?
|
43
38
|
|
44
|
-
|
45
|
-
# This should be tied in with the gpgme API, but for now
|
46
|
-
# we just shell this out to the gpg command, a future todo
|
47
|
-
# is to replace this.
|
48
|
-
#
|
39
|
+
data = YAML.load(plain)
|
49
40
|
|
50
|
-
|
51
|
-
|
52
|
-
|
41
|
+
case resolution_type
|
42
|
+
when :array
|
43
|
+
debug("Appending answer array")
|
44
|
+
answer << Backend.parse_answer(data[key], scope)
|
45
|
+
else
|
46
|
+
debug("Assigning answer variable")
|
47
|
+
answer = Backend.parse_answer(data[key], scope)
|
53
48
|
end
|
54
49
|
|
55
|
-
|
56
|
-
|
57
|
-
|
50
|
+
return answer
|
51
|
+
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
def decrypt(file, gnupghome)
|
56
|
+
|
57
|
+
ENV["GNUPGHOME"]=gnupghome
|
58
|
+
debug("GNUPGHOME is #{ENV['GNUPGHOME']}")
|
59
|
+
|
60
|
+
ctx = GPGME::Ctx.new
|
61
|
+
|
62
|
+
open(file) do |cipher|
|
63
|
+
debug("loaded cipher: #{file}")
|
64
|
+
|
65
|
+
ctx = GPGME::Ctx.new
|
66
|
+
|
67
|
+
if !ctx.keys.empty?
|
68
|
+
raw = GPGME::Data.new(cipher)
|
69
|
+
txt = GPGME::Data.new
|
70
|
+
|
71
|
+
begin
|
72
|
+
txt = ctx.decrypt(raw)
|
73
|
+
rescue GPGME::Error::DecryptFailed
|
74
|
+
warn("Warning: GPG Decryption failed, check your GPG settings")
|
75
|
+
rescue
|
76
|
+
warn("Warning: General exception decrypting GPG file")
|
77
|
+
end
|
78
|
+
|
79
|
+
txt.seek 0
|
80
|
+
result = txt.read
|
81
|
+
|
82
|
+
debug("result is a #{result.class} ctx #{ctx} txt #{txt}")
|
83
|
+
return result
|
84
|
+
else
|
85
|
+
warn("No usable keys found in #{gnupghome}. Check :key_dir value in hiera.yaml is correct")
|
86
|
+
end
|
87
|
+
end
|
58
88
|
end
|
59
89
|
end
|
60
90
|
end
|
metadata
CHANGED
@@ -3,10 +3,10 @@ name: hiera-gpg
|
|
3
3
|
version: !ruby/object:Gem::Version
|
4
4
|
prerelease: false
|
5
5
|
segments:
|
6
|
-
- 0
|
7
6
|
- 1
|
7
|
+
- 0
|
8
8
|
- 1
|
9
|
-
version: 0.1
|
9
|
+
version: 1.0.1
|
10
10
|
platform: ruby
|
11
11
|
authors:
|
12
12
|
- Craig Dunn
|
@@ -14,7 +14,7 @@ autorequire:
|
|
14
14
|
bindir: bin
|
15
15
|
cert_chain: []
|
16
16
|
|
17
|
-
date: 2012-03-
|
17
|
+
date: 2012-03-19 00:00:00 +00:00
|
18
18
|
default_executable:
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|
@@ -31,6 +31,20 @@ dependencies:
|
|
31
31
|
version: 0.2.0
|
32
32
|
type: :runtime
|
33
33
|
version_requirements: *id001
|
34
|
+
- !ruby/object:Gem::Dependency
|
35
|
+
name: gpgme
|
36
|
+
prerelease: false
|
37
|
+
requirement: &id002 !ruby/object:Gem::Requirement
|
38
|
+
requirements:
|
39
|
+
- - ">="
|
40
|
+
- !ruby/object:Gem::Version
|
41
|
+
segments:
|
42
|
+
- 2
|
43
|
+
- 0
|
44
|
+
- 0
|
45
|
+
version: 2.0.0
|
46
|
+
type: :runtime
|
47
|
+
version_requirements: *id002
|
34
48
|
description: Hiera backend for storing secret data and decrypting with GPG
|
35
49
|
email: craig@craigdunn.org
|
36
50
|
executables: []
|