hiera-housekeeper 0.5

data/lib/hiera/backend/housekeeper_backend.rb

@@ -0,0 +1,152 @@
+### This file is almost exactly the hiera_gpg module by
+### Craig Dunn (craig@craigdunn.org) (Thanks, mate!)
+### Hopefully, our additions won't embarrass him.
+
+require 'socket'
+
+class Hiera
+    module Backend
+        class Housekeeper_backend
+
+        def initialize
+            require 'gpgme'
+            @data  = Hash.new
+            @cache = Hash.new
+            debug("Loaded housekeeper_backend")
+        end
+
+        def debug (msg)
+            Hiera.debug("[housekeeper_backend]: #{msg}")
+        end
+
+        def warn (msg)
+            Hiera.warn("[housekeeper_backend]:  #{msg}")
+        end
+
+
+        def lookup(key, scope, order_override, resolution_type)
+
+            debug("Lookup called, key #{key} resolution type is #{resolution_type}")
+            answer = nil
+
+            # This should compute ~ on both *nix and *doze
+            homes = ["HOME", "HOMEPATH"]
+            real_home = homes.detect { |h| ENV[h] != nil }
+
+            key_dir = Backend.parse_string(Config[:gpg][:key_dir], scope) || "#{ENV[real_home]}/.gnupg"
+            fqdn    = Socket.gethostbyname(Socket.gethostname).first
+            housekeeper_server = Backend.parse_string(Config[:housekeeper][:url], scope)
+            housekeeper_keyname = Backend.parse_string(Config[:housekeeper][:keyname], scope) || "puppet"
+            housekeeper_branch = Backend.parse_string(Config[:housekeeper][:branch], scope) || "master"
+            housekeeper_identity = "#{housekeeper_keyname}@#{fqdn}"
+
+            seen_sources = []
+
+            Backend.datasources(scope, order_override) do |source|
+                begin
+                    next if seen_sources.include? source
+                    uri = URI.parse("http://#{housekeeper_server}:80/file/#{housekeeper_identity}/branches/#{housekeeper_branch}/hieradata/#{source}.gpg")
+                    seen_sources.push(source)
+                    gpgfile = open(uri).read()
+                rescue OpenURI::HTTPError
+                    next
+                end
+
+                unless @data.has_key?(gpgfile) and !stale?(gpgfile)
+                    plain = decrypt(gpgfile, key_dir)
+
+                    next if !plain
+                    next if !plain.kind_of?(String)
+                    next if plain.empty?
+                    debug("GPG decrypt returned valid data")
+
+                    begin
+                        @data[gpgfile] = YAML.load(plain)
+                    rescue
+                        warn("YAML decoding data in #{gpgfile} failed")
+                        @data[gpgfile] = {}
+                    end
+                end
+
+                data = @data[gpgfile]
+                next if !data
+                next if data.empty?
+                debug ("Data contains valid YAML")
+
+                next unless data.include?(key)
+                debug ("Key #{key} found in YAML document, Passing answer to hiera")
+
+                parsed_answer = Backend.parse_answer(data[key], scope)
+
+                begin
+                    case resolution_type
+                    when :array
+                        debug("Appending answer array")
+                        raise Exception, "Hiera type mismatch: expected Array and got #{parsed_answer.class}" unless parsed_answer.kind_of? Array or parsed_answer.kind_of? String
+                        answer ||= []
+                        answer << parsed_answer
+                    when :hash
+                        debug("Merging answer hash")
+                        raise Exception, "Hiera type mismatch: expected Hash and got #{parsed_answer.class}" unless parsed_answer.kind_of? Hash
+                        answer ||= {}
+                        answer = parsed_answer.merge answer
+                    else
+                        debug("Assigning answer variable")
+                        answer = parsed_answer
+                        break
+                    end
+                rescue NoMethodError
+                    raise Exception, "Resolution type is #{resolution_type} but parsed_answer is a #{parsed_answer.class}"
+                end
+
+            end
+            return answer
+        end
+
+        def decrypt(cipher, gnupghome)
+
+            gnupghome_backup = ENV["GNUPGHOME"]
+            ENV["GNUPGHOME"] = gnupghome
+            debug("GNUPGHOME is #{ENV['GNUPGHOME']}")
+
+            ctx = GPGME::Ctx.new
+
+            if !ctx.keys.empty?
+                raw = GPGME::Data.new(cipher)
+                txt = GPGME::Data.new
+
+                begin
+                    txt = ctx.decrypt(raw)
+                rescue GPGME::Error::DecryptFailed
+                    warn("Warning: GPG Decryption failed, check your GPG settings")
+                rescue
+                    warn("Warning: General exception decrypting GPG file")
+                ensure
+                    ENV["GNUPGHOME"] = gnupghome_backup
+                end
+
+                txt.seek 0
+                result = txt.read
+
+                debug("result is a #{result.class} ctx #{ctx} txt #{txt}")
+                return result
+            else
+                warn("No usable keys found in #{gnupghome}. Check :key_dir value in hiera.yaml is correct")
+                nil
+            end
+        end
+
+        def stale?(gpgfile)
+            # NOTE: The mtime change in a file MUST be > 1 second before being
+            #       recognized as stale. File mtime changes within 1 second will
+            #       not be recognized.
+            stat    = File.stat(gpgfile)
+            current = { 'inode' => stat.ino, 'mtime' => stat.mtime, 'size' => stat.size }
+            return false if @cache[gpgfile] == current
+
+            @cache[gpgfile] = current
+            return true
+        end
+        end
+    end
+end

metadata

@@ -0,0 +1,77 @@
+--- !ruby/object:Gem::Specification
+name: hiera-housekeeper
+version: !ruby/object:Gem::Version
+  version: '0.5'
+  prerelease: 
+platform: ruby
+authors:
+- Neil Houston
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-05-16 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: hiera
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 0.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 0.2.0
+- !ruby/object:Gem::Dependency
+  name: hiera-gpg
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+description: Hiera backend for fetching encrypted data from housekeeper
+email: neil.a.houston@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/hiera/backend/housekeeper_backend.rb
+homepage: http://github.com/ConnectedHomes/housekeeper
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.23
+signing_key: 
+specification_version: 3
+summary: Housekeeper backend for Hiera
+test_files: []