hiera-osxkeychain 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +7 -0
  2. data/LICENSE +20 -0
  3. data/README.md +47 -0
  4. data/lib/hiera/backend/osxkeychain_backend.rb +127 -0
  5. metadata +104 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 5a378388b0c2992570f7666015200c782e1cc5e4
4
+ data.tar.gz: ab9c272d3155ebb4292f32044b774ff3457647fd
5
+ SHA512:
6
+ metadata.gz: 8969e121b047c715db1389ae1ed9912db64bc6bef52066cde62f50d1b5e51d9518f50a2a12aed2088c42a2dd435c9fe186d215d9c5004e9d2439f4240bec0e30
7
+ data.tar.gz: c23ae3ab142962def384b6c847f42574221d72f97b9ced2cc38e67d1173971ba445ea293c086f5e7dfa638cf55ac526a0cecd629cef6774622fb1c9503fe34a2
data/LICENSE ADDED
@@ -0,0 +1,20 @@
1
+ Copyright (c) 2016 Yoshimasa Niwa
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining
4
+ a copy of this software and associated documentation files (the
5
+ "Software"), to deal in the Software without restriction, including
6
+ without limitation the rights to use, copy, modify, merge, publish,
7
+ distribute, sublicense, and/or sell copies of the Software, and to
8
+ permit persons to whom the Software is furnished to do so, subject to
9
+ the following conditions:
10
+
11
+ The above copyright notice and this permission notice shall be
12
+ included in all copies or substantial portions of the Software.
13
+
14
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,47 @@
1
+ Hiera OS X Keychain Backend
2
+ ===========================
3
+
4
+ A simple [Hiera](https://docs.puppet.com/hiera/latest/) backend for looking up OS X keychain.
5
+
6
+ Requirements
7
+ ------------
8
+
9
+ This Hiera backend requires OS X, obviously.
10
+
11
+ Usage
12
+ -----
13
+
14
+ Install `hiera-osxkeychain` gem to the Hiera environment.
15
+
16
+ gem intall hiera-osxkeychain
17
+
18
+ In `hiera.yaml` config file, add `osxkeychain` backend and specify service name used in keychain. By default, service name is `hiera`.
19
+
20
+ :backends:
21
+ - osxkeychain
22
+ ...
23
+ :yaml":
24
+ ...
25
+ :osxkeychain:
26
+ :service: "hiera"
27
+ :hierarchy:
28
+ ...
29
+
30
+ Create generic password items in OS X keychain with specified service name.
31
+ Use account name for each Hiera lookup key.
32
+
33
+ For example, launch _Keychain Access.app_, then use _New Password Item..._ under _File_ menu.
34
+ Give `hiera` (or service name you specified in `hiera.yaml`) to _Keychain Item Name:_,
35
+ Hiera lookup key name to _Account Name:_, then set _Password:_.
36
+
37
+ Try looking up the key from command line.
38
+
39
+ hiera -c /path/to/hiera.yaml key
40
+
41
+ You may see a prompt to approve keychain access from `security` command.
42
+
43
+ Limitation
44
+ ----------
45
+
46
+ Since keychain is a simple flat secure key-value storage, currently it doesn't support hierarchy.
47
+ Also doesn't support interporations on the value, which I believe shouldn't be used in the situation of keychain usage.
data/lib/hiera/backend/osxkeychain_backend.rb ADDED
@@ -0,0 +1,127 @@
1
+ class Hiera
2
+ module Backend
3
+ class Osxkeychain_backend
4
+ class Keychain
5
+ SECURITY_PATH="/usr/bin/security"
6
+
7
+ attr_reader :service
8
+
9
+ def initialize(service = nil)
10
+ @service = service
11
+ end
12
+
13
+ def lookup(options = {})
14
+ # See security(1) for these arguments.
15
+ args = ["-w"]
16
+
17
+ if service
18
+ args += ["-s", service]
19
+ end
20
+
21
+ account = options[:account]
22
+ if account
23
+ args += ["-a", account]
24
+ end
25
+
26
+ label = options[:label]
27
+ if label
28
+ args += ["-l", label]
29
+ end
30
+
31
+ command = [SECURITY_PATH, "find-generic-password"] + args
32
+ status, out, error = run(*command)
33
+ if status.success?
34
+ out.chomp
35
+ else
36
+ Hiera.warn("Fail to lookup #{options}: #{error.chomp}")
37
+ nil
38
+ end
39
+ end
40
+
41
+ private
42
+
43
+ # Fork and exec command, then return stdout, stderr and exit status.
44
+ # There are no such methods working on all ruby versions.
45
+ def run(*cmd)
46
+ Hiera.debug("exec #{cmd.join(" ")}")
47
+
48
+ pipes = [IO.pipe, IO.pipe]
49
+
50
+ stdout_read, stdout_write = pipes[0]
51
+ stderr_read, stderr_write = pipes[1]
52
+
53
+ pid = fork do
54
+ stdout_read.close
55
+ stderr_read.close
56
+ STDOUT.reopen(stdout_write)
57
+ STDERR.reopen(stderr_write)
58
+
59
+ # Close file descriptors on exec(3).
60
+ # This is for ruby prior to 1.9.1.
61
+ set_close_on_exec
62
+
63
+ # Give `:close_others` option for ruby 1.9.x.
64
+ # This is by default on ruby 2.0.x and later.
65
+ exec(*(cmd + [{:close_others => true}]))
66
+ end
67
+ stdout_write.close
68
+ stderr_write.close
69
+ _, status = Process.waitpid2(pid)
70
+
71
+ return [status, stdout_read.read, stderr_read.read]
72
+ ensure
73
+ pipes.flatten.each do |io|
74
+ io.close unless io.closed?
75
+ end
76
+ end
77
+
78
+ def set_close_on_exec
79
+ ObjectSpace.each_object(IO) do |io|
80
+ if ![STDIN, STDOUT, STDERR].include?(io) && !io.closed?
81
+ io.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC) rescue SystemCallError
82
+ end
83
+ end
84
+ end
85
+ end
86
+
87
+ def initialize
88
+ @config = Config[:osxkeychain]
89
+ Hiera.debug("osxkeychain_backend initialized config: #{@config}")
90
+ end
91
+
92
+ def lookup(key, scope, order_override, resolution_type, *args)
93
+ # Ignore order_override since it doesn't not have hierarchy.
94
+ # Ignore scope since no need to interpolate values in anyways.
95
+
96
+ # Use key for account to lookup generic password.
97
+ result = keychain.lookup(:account => key)
98
+
99
+ # Hiera 2 and later, which has 5th argument, require to throw `:no_such_key`
100
+ # when no key found, but Hiera 1 requires to return `nil`.
101
+ if !result && !args.empty?
102
+ throw(:no_such_key)
103
+ end
104
+
105
+ case resolution_type
106
+ when :array
107
+ if result
108
+ [result]
109
+ else
110
+ []
111
+ end
112
+ when :hash
113
+ Hiera.warn("Unexpected resolution type.")
114
+ result
115
+ else
116
+ result
117
+ end
118
+ end
119
+
120
+ private
121
+
122
+ def keychain
123
+ @keychain ||= Keychain.new(@config[:service] || "hiera")
124
+ end
125
+ end
126
+ end
127
+ end
metadata ADDED
@@ -0,0 +1,104 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: hiera-osxkeychain
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Yoshimasa Niwa
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2016-04-17 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: bundler
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '1.3'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '1.3'
27
+ - !ruby/object:Gem::Dependency
28
+ name: rake
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: test-unit
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: mocha
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ description: Hiera backend for looking up OS X keychain
70
+ email:
71
+ - niw@niw.at
72
+ executables: []
73
+ extensions: []
74
+ extra_rdoc_files:
75
+ - LICENSE
76
+ - README.md
77
+ files:
78
+ - LICENSE
79
+ - README.md
80
+ - lib/hiera/backend/osxkeychain_backend.rb
81
+ homepage: https://github.com/niw/hiera-osxkeychain
82
+ licenses: []
83
+ metadata: {}
84
+ post_install_message:
85
+ rdoc_options: []
86
+ require_paths:
87
+ - lib
88
+ required_ruby_version: !ruby/object:Gem::Requirement
89
+ requirements:
90
+ - - ">="
91
+ - !ruby/object:Gem::Version
92
+ version: '0'
93
+ required_rubygems_version: !ruby/object:Gem::Requirement
94
+ requirements:
95
+ - - ">="
96
+ - !ruby/object:Gem::Version
97
+ version: '0'
98
+ requirements: []
99
+ rubyforge_project:
100
+ rubygems_version: 2.5.1
101
+ signing_key:
102
+ specification_version: 4
103
+ summary: Hiera backend for looking up OS X keychain
104
+ test_files: []