kafo 0.0.4 → 0.0.5

data/README.md

@@ -58,7 +58,7 @@ mkdir foreman-installer
 cd foreman-installer
 ```
 
-Now we run +kafofy+ script which will prepare directory structure and
+Now we run ```kafofy``` script which will prepare directory structure and
 optionally create a bin script according to first parameter.
 
 ```bash
@@ -69,7 +69,7 @@ You can see that it created modules directory where your puppet modules
 should live. It also created config and bin directories. If you specified
 argument (foreman-installer in this case) a script in bin was created.
 It's the script you can use to run installer. If you did not specify any
-you can run your installer by +kafo-configure+ which is provided by the gem.
+you can run your installer by ```kafo-configure``` which is provided by the gem.
 All configuration related files are to be found in config directory.
 
 So for example to install foreman you want to
@@ -122,12 +122,13 @@ the lower the item is the higher precedence it has:
 
 ## Testing aka noop etc
 
-You'll probably want to tweak your installer before so you may find --noop
-argument handy. This will run puppet in noop so no change will be done to your
-system. Default value is false!
+You'll probably want to tweak your installer before so you may find
+```--noop``` argument handy (-n for short). This will run puppet in
+noop so no change will be done to your system. Default value is
+false!
 
 Sometimes you may want kafo not to store answers from current run. You can
-disable saving by passing a --dont-save-answers argument (or -d for short).
+disable saving by passing a ```--dont-save-answers``` argument (or -d for short).
 
 ## Parameters prefixes
 
@@ -178,11 +179,52 @@ in puppet manifest documentation like this
                   type:boolean
 ```
 
-Supported types are: string, boolean, integer, array
+Supported types are: string, boolean, integer, array, password
 
 Note that all arguments that are nil (have no value in answers.yaml or you
 set them UNDEF (see below) are translated to ```undef``` in puppet.
 
+## Password arguments
+
+Kafo support password arguments. It's adding some level of protection for you
+passwords. Usually people generate random strings for passwords. However all
+values are stored in config/answers.yaml which introduce some security risk.
+
+If this is something to concern for you, you can use password type. It will
+generate a secure (random) password of decent length (32 chars) and encrypts
+it using AES 256 in CBC mode. It uses a passphrase that is stored in
+config/kafo.yaml so if anyone gets an access to this file, he can read all
+other passwords from answers.yaml. A random password is generated and stored
+if there is none in kafo.yaml yet.
+
+When Kafo runs puppet, puppet will read this password from config/kafo.yaml.
+It runs under the same user so it should have read access by default. Kafo
+puppet module also provides a function that you can use to decrypt such
+parameters. You can use it like this
+
+```erb
+password: <%= scope.function_decrypt([scope.lookupvar("::foreman::db_password"))]) -%>
+```
+
+Also you can take advantage of already encrypted password and store as it is
+(encrypted). Your application can decrypt it as long as it knows the
+passphrase. Passphrase can be obtained as $kafo_configure::password.
+
+Note that we use a bit extraordinary form of encrypted passwords. All our
+encrypted passwords looks like "$1$base64encodeddata". As you can see we
+use $1$ prefix by which we can detect that its encrypted password by us.
+The form has nothing common with Modular Crypt Format. Also our AES output
+is base64 encoded. To get a password from this format you can do something
+like this in your application
+
+```ruby
+require 'base64'
+encrypted = "$1$base64encodeddata"
+encrypted = encrypted[3..-1]           # strip $1$ prefix
+encrypted = Base64.decode64(encrypted) # decode base64 string
+result    = aes_decrypt(encrypted)     # for example how to implement aes_decrypt see lib/kafo/password_manager.rb
+```
+
 ## Array arguments
 
 Some arguments may be Arrays. If you want to specify array values you can
@@ -200,9 +242,9 @@ By default Kafo expects a common module structure. For example if you add
 ```yaml
 foreman: true
 ```
-to you answer file, Kafo expects a +foreman+ subdirectory in +modules/+. Also
+to you answer file, Kafo expects a ```foreman``` subdirectory in ```modules/```. Also
 it expects that there will be init.pp which it will instantiate. If you need
-to change this behavior you can via +mapping+ option in +config/kafo.yaml+.
+to change this behavior you can via ```mapping``` option in ```config/kafo.yaml```.
 
 Suppose we have puppet module and we want to use puppet/server.pp as our init
 file. Also we want to name our module as puppetmaster. We add following mapping

data/bin/kafofy

@@ -21,10 +21,11 @@ if ARGV.size > 0
   puts "... creating #{script_name}"
   content = <<EOS
 #!/usr/bin/env ruby
+require 'rubygems'
 require 'kafo'
 KafoConfigure.run
 EOS
-  File.write script_name, content
+  File.open(script_name, 'w') { |file| file.write(content) }
   FileUtils.chmod 0755, script_name
 end
 

data/lib/kafo/configuration.rb

@@ -10,7 +10,7 @@ class Configuration
   end
 
   def self.save_configuration(configuration)
-    File.write(application_config_file, YAML.dump(configuration))
+    File.open(application_config_file, 'w') { |file| file.write(YAML.dump(configuration)) }
   end
 
   def self.configure_application
@@ -91,7 +91,7 @@ class Configuration
   end
 
   def store(data)
-    File.write(config_file, config_header + YAML.dump(data))
+    File.open(config_file, 'w') { |file| file.write(config_header + YAML.dump(data)) }
   end
 
   private

data/lib/kafo/param_builder.rb

@@ -42,7 +42,7 @@ class ParamBuilder
 
   def get_type(docs)
     type = (get_attributes(docs)[:type] || '').capitalize
-    type.empty? || !Params.const_defined?(type) ? Params::String : Params.const_get(type, false)
+    type.empty? || !Params.const_defined?(type) ? Params::String : Params.const_get(type)
   end
 
   def get_attributes(docs)

data/lib/kafo/version.rb

@@ -1,3 +1,3 @@
 module Kafo
-  VERSION = "0.0.4"
+  VERSION = "0.0.5"
 end

data/modules/kafo_configure/lib/puppet/parser/functions/dump_values.rb

@@ -3,7 +3,7 @@
 module Puppet::Parser::Functions
   newfunction(:dump_values) do |args|
     data = Hash[args.map { |arg| [arg, lookupvar(arg)] }]
-    File.write('config/default_values.yaml', YAML.dump(data))
+    File.open('config/default_values.yaml', 'w') { |file| file.write(YAML.dump(data)) }
   end
 end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: kafo
 version: !ruby/object:Gem::Version
-  version: 0.0.4
+  version: 0.0.5
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-08-27 00:00:00.000000000 Z
+date: 2013-08-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -132,45 +132,42 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- Gemfile
-- LICENSE.txt
-- README.md
-- Rakefile
 - bin/kafo-configure
 - bin/kafofy
-- config/config_header.txt
 - config/kafo.yaml.example
-- kafo.gemspec
-- lib/kafo.rb
+- config/config_header.txt
+- lib/kafo/puppet_module.rb
+- lib/kafo/puppet_module_parser.rb
+- lib/kafo/password_manager.rb
 - lib/kafo/configuration.rb
+- lib/kafo/validator.rb
 - lib/kafo/exceptions.rb
-- lib/kafo/kafo_configure.rb
-- lib/kafo/logger.rb
-- lib/kafo/param.rb
-- lib/kafo/param_builder.rb
-- lib/kafo/params/array.rb
-- lib/kafo/params/boolean.rb
-- lib/kafo/params/integer.rb
+- lib/kafo/system_checker.rb
+- lib/kafo/wizard.rb
 - lib/kafo/params/password.rb
 - lib/kafo/params/string.rb
-- lib/kafo/password_manager.rb
-- lib/kafo/puppet_module.rb
-- lib/kafo/puppet_module_parser.rb
+- lib/kafo/params/boolean.rb
+- lib/kafo/params/array.rb
+- lib/kafo/params/integer.rb
+- lib/kafo/kafo_configure.rb
 - lib/kafo/string_helper.rb
-- lib/kafo/system_checker.rb
-- lib/kafo/validator.rb
+- lib/kafo/logger.rb
+- lib/kafo/param.rb
 - lib/kafo/version.rb
-- lib/kafo/wizard.rb
-- modules/kafo_configure/lib/puppet/parser/functions/class_name.rb
+- lib/kafo/param_builder.rb
+- lib/kafo.rb
 - modules/kafo_configure/lib/puppet/parser/functions/decrypt.rb
-- modules/kafo_configure/lib/puppet/parser/functions/dump_values.rb
-- modules/kafo_configure/lib/puppet/parser/functions/hash_keys.rb
 - modules/kafo_configure/lib/puppet/parser/functions/is_hash.rb
+- modules/kafo_configure/lib/puppet/parser/functions/class_name.rb
+- modules/kafo_configure/lib/puppet/parser/functions/dump_values.rb
 - modules/kafo_configure/lib/puppet/parser/functions/load_kafo_password.rb
+- modules/kafo_configure/lib/puppet/parser/functions/hash_keys.rb
 - modules/kafo_configure/lib/puppet/parser/functions/loadanyyaml.rb
-- modules/kafo_configure/manifests/init.pp
 - modules/kafo_configure/manifests/yaml_to_class.pp
+- modules/kafo_configure/manifests/init.pp
+- LICENSE.txt
+- Rakefile
+- README.md
 homepage: https://github.com/theforeman/kafo
 licenses:
 - GPLv3+

data/.gitignore

@@ -1,18 +0,0 @@
-*.gem
-*.rbc
-.bundle
-.config
-.yardoc
-Gemfile.lock
-InstalledFiles
-_yardoc
-coverage
-doc/
-lib/bundler/man
-pkg
-rdoc
-spec/reports
-test/tmp
-test/version_tmp
-tmp
-.idea

data/Gemfile

@@ -1,4 +0,0 @@
-source 'https://rubygems.org'
-
-# Specify your gem's dependencies in kafo.gemspec
-gemspec

data/kafo.gemspec

@@ -1,36 +0,0 @@
-# coding: utf-8
-lib = File.expand_path('../lib', __FILE__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-$LOAD_PATH.unshift(lib + '/kafo')
-$LOAD_PATH.unshift(lib + '/kafo/params')
-require 'kafo/version'
-
-Gem::Specification.new do |spec|
-  spec.name          = "kafo"
-  spec.version       = Kafo::VERSION
-  spec.authors       = ["Marek Hulan"]
-  spec.email         = ["ares@igloonet.cz"]
-  spec.description   = %q{A gem for making installations based on puppet user friendly}
-  spec.summary       = %q{If you write puppet modules for installing your software, you can use kafo to create powerful installer}
-  spec.homepage      = "https://github.com/theforeman/kafo"
-  spec.license       = "GPLv3+"
-
-  spec.files         = `git ls-files`.split($/)
-  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
-  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
-  spec.require_paths = ["lib"]
-
-  spec.add_development_dependency "bundler", "~> 1.3"
-  spec.add_development_dependency "rake"
-
-  # puppet manifests parsing
-  spec.add_dependency 'puppet'
-  spec.add_dependency 'rdoc', '~> 3.0'
-  # better logging
-  spec.add_dependency 'logging'
-  # CLI interface
-  spec.add_dependency 'clamp'
-  # interactive mode
-  spec.add_dependency 'highline'
-
-end