hiera-gpg 0.1.1 → 1.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (2) hide show
  1. data/lib/hiera/backend/gpg_backend.rb +72 -42
  2. metadata +17 -3
@@ -1,60 +1,90 @@
1
1
  class Hiera
2
2
  module Backend
3
3
  class Gpg_backend
4
- def lookup(key, scope, order_override, resolution_type)
5
- Hiera.debug("loaded gpg_backend")
6
- answer = Backend.empty_answer(resolution_type)
7
4
 
8
- Backend.datasources(scope, order_override) do |source|
9
- gpgfile = Backend.datafile(:gpg, scope, source, "gpg") || next
10
-
11
-
12
- Hiera.debug("Loading file #{gpgfile}")
5
+ def initialize
6
+ require 'gpgme'
7
+ debug ("Loaded gpg_backend")
8
+ end
13
9
 
14
- ## Homedir is the location of our GPG private keys
15
- ## default: ~/.gnupg
16
- homedir = Config[:gpg][:homedir] || ""
10
+ def debug (msg)
11
+ Hiera.debug("[gpg_backend]: #{msg}")
12
+ end
17
13
 
18
- plain = decrypt(gpgfile, homedir)
14
+ def warn (msg)
15
+ Hiera.warn("[gpg_backend]: #{msg}")
16
+ end
19
17
 
20
- if plain.empty?
21
- Hiera.debug("GPG decrypt returned empty string")
22
- next
23
- end
24
18
 
25
- data = YAML.load(plain)
19
+ def lookup(key, scope, order_override, resolution_type)
26
20
 
27
- next if data.empty?
28
- next unless data.include?(key)
21
+ debug("Lookup called, key #{key} resolution type is #{resolution_type}")
22
+ answer = Backend.empty_answer(resolution_type)
29
23
 
24
+ Backend.datasources(scope, order_override) do |source|
25
+ gpgfile = Backend.datafile(:gpg, scope, source, "gpg") || next
30
26
 
31
- case resolution_type
32
- when :array
33
- answer << Backend.parse_answer(data[key], scope)
34
- else
35
- answer = Backend.parse_answer(data[key], scope)
36
- break
37
- end
38
- end
39
- return answer
40
-
41
- end
42
-
27
+ # This should compute ~ on both *nix and *doze
28
+ homes = ["HOME", "HOMEPATH"]
29
+ real_home = homes.detect { |h| ENV[h] != nil }
30
+
31
+ ## key_dir is the location of our GPG private keys
32
+ ## default: ~/.gnupg
33
+ key_dir = Config[:gpg][:key_dir] || "#{ENV[real_home]}/.gnupg"
34
+
35
+ plain = decrypt(gpgfile, key_dir)
36
+ next if !plain
37
+ next if plain.empty?
43
38
 
44
- def decrypt (file, homedir)
45
- # This should be tied in with the gpgme API, but for now
46
- # we just shell this out to the gpg command, a future todo
47
- # is to replace this.
48
- #
39
+ data = YAML.load(plain)
49
40
 
50
- opts = ["--decrypt"]
51
- if !homedir.empty?
52
- opts << "--homedir #{homedir}"
41
+ case resolution_type
42
+ when :array
43
+ debug("Appending answer array")
44
+ answer << Backend.parse_answer(data[key], scope)
45
+ else
46
+ debug("Assigning answer variable")
47
+ answer = Backend.parse_answer(data[key], scope)
53
48
  end
54
49
 
55
- data = `/usr/bin/env gpg #{opts.join(" ")} < #{file} 2> /dev/null`
56
- Hiera.debug("Return code of gpg command was #{$?}")
57
- return data
50
+ return answer
51
+
52
+ end
53
+ end
54
+
55
+ def decrypt(file, gnupghome)
56
+
57
+ ENV["GNUPGHOME"]=gnupghome
58
+ debug("GNUPGHOME is #{ENV['GNUPGHOME']}")
59
+
60
+ ctx = GPGME::Ctx.new
61
+
62
+ open(file) do |cipher|
63
+ debug("loaded cipher: #{file}")
64
+
65
+ ctx = GPGME::Ctx.new
66
+
67
+ if !ctx.keys.empty?
68
+ raw = GPGME::Data.new(cipher)
69
+ txt = GPGME::Data.new
70
+
71
+ begin
72
+ txt = ctx.decrypt(raw)
73
+ rescue GPGME::Error::DecryptFailed
74
+ warn("Warning: GPG Decryption failed, check your GPG settings")
75
+ rescue
76
+ warn("Warning: General exception decrypting GPG file")
77
+ end
78
+
79
+ txt.seek 0
80
+ result = txt.read
81
+
82
+ debug("result is a #{result.class} ctx #{ctx} txt #{txt}")
83
+ return result
84
+ else
85
+ warn("No usable keys found in #{gnupghome}. Check :key_dir value in hiera.yaml is correct")
86
+ end
87
+ end
58
88
  end
59
89
  end
60
90
  end
metadata CHANGED
@@ -3,10 +3,10 @@ name: hiera-gpg
3
3
  version: !ruby/object:Gem::Version
4
4
  prerelease: false
5
5
  segments:
6
- - 0
7
6
  - 1
7
+ - 0
8
8
  - 1
9
- version: 0.1.1
9
+ version: 1.0.1
10
10
  platform: ruby
11
11
  authors:
12
12
  - Craig Dunn
@@ -14,7 +14,7 @@ autorequire:
14
14
  bindir: bin
15
15
  cert_chain: []
16
16
 
17
- date: 2012-03-01 00:00:00 +00:00
17
+ date: 2012-03-19 00:00:00 +00:00
18
18
  default_executable:
19
19
  dependencies:
20
20
  - !ruby/object:Gem::Dependency
@@ -31,6 +31,20 @@ dependencies:
31
31
  version: 0.2.0
32
32
  type: :runtime
33
33
  version_requirements: *id001
34
+ - !ruby/object:Gem::Dependency
35
+ name: gpgme
36
+ prerelease: false
37
+ requirement: &id002 !ruby/object:Gem::Requirement
38
+ requirements:
39
+ - - ">="
40
+ - !ruby/object:Gem::Version
41
+ segments:
42
+ - 2
43
+ - 0
44
+ - 0
45
+ version: 2.0.0
46
+ type: :runtime
47
+ version_requirements: *id002
34
48
  description: Hiera backend for storing secret data and decrypting with GPG
35
49
  email: craig@craigdunn.org
36
50
  executables: []