muchkeys 0.3.3 → 0.3.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3ff8551deefce6e7a842d98364ea5667fa4532e3
-  data.tar.gz: ff2729f7f21a56f51bb9998729c80a7c96d87ec5
+  metadata.gz: 7b1691f5996a3bbe70a2dc689f6168b08859f5a7
+  data.tar.gz: 1d49e1b24e67b72c55adf5ed724e0269e0ac0a0a
 SHA512:
-  metadata.gz: 4d0541d5c159955b22471d808fb2edb0f042e5b3a03fe725deb7ea7c041a3ed5d92f1f5a120223531742da56478976ecde08e833ae0399564a3f4145b26c67e5
-  data.tar.gz: 413f9778cd45d3aed726c7c23c685a032259f870c021c62b2bbd7f72b9f73f1d307ef568ed12263bc873feb3e5dc2524fd5e51d2803012833e6b2fcc947528a2
+  metadata.gz: d4ec21f49f82ce55a894ce5fbfaf8b5a567fe56dd0313576e17d7a1cc553dd08a6895877df76176694e90e890e8d6063ba146f1032e482ed437bbca2c54a9a3c
+  data.tar.gz: c49e8fe3eab027bfe23c032eba3bae91dd54e9320035221a5fac78471150f4f646cb9bd8628730a20298a799ca64dfa8e0fab4d61f2bd97037f721ab6b00c300

data/lib/muchkeys/cli/validation.rb

@@ -0,0 +1,17 @@
+module MuchKeys
+  class CLI
+
+    class Validation
+      attr_accessor :errors
+
+      def initialize
+        @errors = []
+      end
+
+      def valid?
+        errors.length < 1
+      end
+    end
+
+  end
+end

data/lib/muchkeys/cli/validator.rb

@@ -1,4 +1,5 @@
 require_relative "../errors"
+require_relative "./validation"
 
 class MuchKeys::CLI::Validator
 
@@ -6,24 +7,48 @@ class MuchKeys::CLI::Validator
       raise MuchKeys::CLIOptionsError, primary_mode_error_message unless options_has_one_mode?(options)
     end
 
-    def self.validate_encrypt(options)
-      abort "--encrypt needs the --file option passed."        if !options[:file]
-      abort "--encrypt needs the --public_key option passed."  if !options[:public_key]
+    def self.validate_encrypt_options(options)
+      validation = MuchKeys::CLI::Validation.new
+      if !options[:file] || !options[:public_key]
+        validation.errors << "--decrypt needs the --file and --public_key set."
+      end
+
+      validation
     end
 
-    def self.validate_decrypt(options)
+    def self.validate_decrypt_options(options)
+      validation = MuchKeys::CLI::Validation.new
+      if options[:consul_key] && options[:public_key] && options[:private_key]
+        validate_automatic_certificate(validation, options)
+      else
+        validation.errors << "--decrypt needs the --consul_key, --public_key and --private_key set."
+      end
+
+      validation
+    end
+
+    def self.validate_automatic_certificate(chained_validation, options)
+      # i won't mutate chained_validation on principle
+      validation = MuchKeys::CLI::Validation.new
+      validation.errors = chained_validation.errors.dup
       key_name = options[:consul_key]
-      abort "--decrypt needs the --consul_key option passed." if !key_name
 
       if !secret_adapter.auto_certificates_exist_for_key?(key_name)
         certfile_expected = secret_adapter.certfile_name(key_name)
-        abort "--decrypt needs the --public_key option passed or a PEM file needs to be at #{certfile_expected}."  if !options[:public_key]
-        abort "--decrypt needs the --private_key option passed or a PEM file needs to be at #{certfile_expected}." if !options[:private_key]
+        validation.errors << "--decrypt needs the --public_key option passed or a PEM file needs to be at #{certfile_expected}."  if !options[:public_key]
+        validation.errors << "--decrypt needs the --private_key option passed or a PEM file needs to be at #{certfile_expected}." if !options[:private_key]
       end
+
+      validation
     end
 
-    def self.validate_plain(options)
-      abort "--plain needs the --consul_key option passed." if !options[:consul_key]
+    def self.validate_plain_options(options)
+      validation = MuchKeys::CLI::Validation.new
+      if !options[:consul_key]
+        validation.errors << "--plain needs the --consul_key option passed."
+      end
+
+      validation
     end
 
     def self.options_has_one_mode?(options)

data/lib/muchkeys/cli.rb

@@ -8,18 +8,8 @@ module MuchKeys
       # I'd like to not be doing this kind of check
       # But this is tricky because we need to know
       # later if help was invoked so we don't execute run with blank options.
-      @help_invoked = false
+      @cli_should_exit = false
       parsed = parse_options(arguments)
-      return if @help_invoked
-
-      begin
-        set_primary_mode
-      rescue MuchKeys::CLIOptionsError => e
-        puts e.message
-        puts @opts
-      end
-
-      configure_muchkeys
     end
 
     def parse_options(arguments)
@@ -32,14 +22,11 @@ module MuchKeys
         o.string "--private_key", "Location of your private key"
         o.string "--public_key", "Location of your public key"
 
-        # add -f
-        o.string "--file", "File to encrypt"
+        o.string "-f", "--file", "File to encrypt"
         o.string "-c", "--consul_key", "Consul key to decrypt"
 
-        o.on "-h", "--help" do
-          # Save the fact we ran help so when run() runs, it prints help and exits.
-          @help_invoked = true
-        end
+        o.bool "-h", "--help", "Shows usage"
+        o.bool "-v", "--version", "Prints the version number"
       end
     end
 
@@ -58,20 +45,53 @@ module MuchKeys
 
     # this guy figures out the appropriate action to take given CLI options
     def run
-      if @opts[:help]
+
+      check_for_early_exit_actions
+      return if @cli_should_exit
+
+      begin
+        set_primary_mode
+      rescue MuchKeys::CLIOptionsError => e
+        puts e.message
         puts @opts
-        return
       end
 
+      return if @cli_should_exit
+
+      configure_muchkeys
+
       if @opts[:encrypt]
-        MuchKeys::CLI::Validator.validate_encrypt(file: @opts[:file], public_key: @opts[:public_key])
-        encrypt(@opts[:file], @opts[:public_key])
+        options = { file: @opts[:file], public_key: @opts[:public_key] }
+        validation = MuchKeys::CLI::Validator.validate_encrypt_options(options)
+
+        if validation.valid?
+          encrypt(@opts[:file], @opts[:public_key])
+        else
+          puts validation.errors
+          return
+        end
       elsif @opts[:decrypt]
-        MuchKeys::CLI::Validator.validate_decrypt(consul_key: @opts[:consul_key], public_key: @opts[:public_key], private_key: @opts[:private_key])
-        decrypt(@opts[:consul_key], @opts[:public_key], @opts[:private_key])
+        options = { consul_key: @opts[:consul_key], public_key: @opts[:public_key], private_key: @opts[:private_key] }
+        validation = MuchKeys::CLI::Validator.validate_decrypt_options(options)
+
+        if validation.valid?
+          decrypt(@opts[:consul_key], @opts[:public_key], @opts[:private_key])
+        else
+          puts validation.errors
+          return
+        end
       elsif @opts[:plain]
-        plain(@opts[:consul_key])
+        options = { consul_key: @opts[:consul_key] }
+        validation = MuchKeys::CLI::Validator.validate_plain_options(options)
+
+        if validation.valid?
+          plain(@opts[:consul_key])
+        else
+          puts validation.errors
+          return
+        end
       end
+
     end
 
     def encrypt(file, public_key)
@@ -87,6 +107,17 @@ module MuchKeys
       puts MuchKeys.fetch_key(consul_key)
     end
 
+    def print_version_number
+      puts MuchKeys::VERSION
+      @cli_should_exit = true
+    end
+
+    def print_help
+      # this is how the slop gem prints help
+      puts @opts
+      @cli_should_exit = true
+    end
+
 
     private
     def select_primary_mode(options)
@@ -99,5 +130,15 @@ module MuchKeys
       MuchKeys::Secret
     end
 
+    def check_for_early_exit_actions
+      if @opts[:help]
+        print_help
+      end
+
+      if @opts[:version]
+        print_version_number
+      end
+    end
+
   end
 end

data/lib/muchkeys/errors.rb

@@ -1,5 +1,6 @@
 module MuchKeys
-  InvalidKey      = Class.new(StandardError)
-  CLIOptionsError = Class.new(StandardError)
-  NoKeysSet       = Class.new(StandardError)
+  InvalidKey         = Class.new(StandardError)
+  CLIOptionsError    = Class.new(StandardError)
+  NoKeysSet          = Class.new(StandardError)
+  UnknownApplication = Class.new(StandardError)
 end

data/lib/muchkeys/version.rb

@@ -1,3 +1,3 @@
 module MuchKeys
-  VERSION = "0.3.3"
+  VERSION = "0.3.6"
 end

data/lib/muchkeys.rb

@@ -10,6 +10,10 @@ require "net/http"
 
 module MuchKeys
 
+  # revealing intention
+  module BlankKey; false; end
+
+
   class << self
     attr_accessor :configuration
 
@@ -20,37 +24,22 @@ module MuchKeys
       end
     end
 
-    def search_order(application_name, key_name)
-      if MuchKeys.configuration.search_paths
-        search_paths = MuchKeys.configuration.search_paths.collect do |path|
-          "#{path}/#{key_name}"
-        end
-      else
-        search_paths = [
-          "git/#{application_name}/secrets/#{key_name}",
-          "git/#{application_name}/config/#{key_name}",
-          "git/shared/secrets/#{key_name}",
-          "git/shared/config/#{key_name}"
-        ]
-      end
-    end
-
+    # this is the entry point to the ENV-like object that devs will use
     def find_first(key_name)
-      return ENV[key_name] unless ENV[key_name].nil?
-
       unless MuchKeys.configuration.search_paths
-        application_name = detect_app_name
-        return false if !application_name
+        raise MuchKeys::UnknownApplication, "Can't detect app name and application_name isn't set." if !application_name
       end
 
-      consul_paths = search_order(application_name, key_name)
+      consul_paths_to_search = search_order(application_name, key_name)
 
+      # search consul in a specific order until we find something
       response = nil
-      search_order(application_name, key_name).detect do |consul_path|
+      consul_paths_to_search.detect do |consul_path|
         response = fetch_key(consul_path)
+        response if response != MuchKeys::BlankKey
       end
 
-      if !response
+      if response == BlankKey
         raise MuchKeys::NoKeysSet, "Bailing.  Consul isn't set with any keys for #{key_name}."
       end
 
@@ -72,46 +61,47 @@ module MuchKeys
         response = fetch_plain_key(key_name)
       end
 
-      # empty and unset keys from consul are empty strings, so return false
-      # here TODO: UnsetKey would be better here.
-      return false if response == ""
-
       # otherwise, we got consul data so return that
       response
     end
 
-    def consul_url(key_name)
-      URI("#{configuration.consul_url}/v1/kv/#{key_name}?raw")
-    end
-
-    # TODO: inline this
-    def fetch_body(response)
-      response.body
-    end
-
-    def handle_response(response_code)
-      case response_code
-      when (400..599)
-        raise MuchKeys::InvalidKey
+    def search_order(application_name, key_name)
+      if MuchKeys.configuration.search_paths
+        search_paths = MuchKeys.configuration.search_paths.collect do |path|
+          "#{path}/#{key_name}"
+        end
+      else
+        search_paths = [
+          "git/#{application_name}/secrets/#{key_name}",
+          "git/#{application_name}/config/#{key_name}",
+          "git/shared/secrets/#{key_name}",
+          "git/shared/config/#{key_name}"
+        ]
       end
+
+      search_paths
     end
 
 
     private
+    def consul_url(key_name)
+      URI("#{configuration.consul_url}/v1/kv/#{key_name}?raw")
+    end
+
     def fetch_plain_key(key_name)
       url = consul_url(key_name)
       response = Net::HTTP.get_response url
-      handle_response(response)
-      fetch_body(response)
+
+      return MuchKeys::BlankKey if !response.body || response.body.empty?
+      response.body
     end
 
     def fetch_secret_key(key_name, public_pem=nil, private_pem=nil)
       result = fetch_plain_key(key_name)
-      # FIXME: omg use a class like MuchKeys::UnsetKey instead of "" as a
-      # return value -- there are other places like this too.
 
       # we hit a key that doesn't exist, so don't try to decrypt it
-      return "" if !result || result.empty?
+      return MuchKeys::BlankKey if result == MuchKeys::BlankKey
+
       secret_adapter.decrypt_string(result, public_pem, private_pem)
     end
 
@@ -128,18 +118,15 @@ module MuchKeys
     end
 
     # Detecting Rails app names is a known quantity.
-    # TODO: figure out how to detect plain Rack apps.  :(
-    def detect_app_name
+    # Rack apps need to set the name through config.
+    def application_name
       return configuration.application_name if configuration.application_name
 
-      # Rails.application is "Monorail::Application".
       if defined?(Rails)
+        # Rails.application looks something like "Monorail::Application"
         application_name = Rails.application.class.to_s.split("::").first
-      elsif defined?(Rack)
-        application_name = "Asset_Server"
       else
-        $stderr.puts "can't detect app name"
-        return
+        return false
       end
 
       snakecase(application_name)
@@ -164,8 +151,11 @@ MuchKeys.configuration ||= MuchKeys::Configuration.new
 # This interface looks like ENV which is more friendly to devs
 class MUCHKEYS
 
-  def self.[](i)
-    MuchKeys.find_first(i)
+  def self.[](key_name)
+    # if an ENV key is set, use that first
+    return ENV[key_name] unless ENV[key_name].nil?
+
+    MuchKeys.find_first(key_name)
   end
 
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: muchkeys
 version: !ruby/object:Gem::Version
-  version: 0.3.3
+  version: 0.3.6
 platform: ruby
 authors:
 - Pat O'Brien
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2016-04-28 00:00:00.000000000 Z
+date: 2016-05-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: slop
@@ -129,6 +129,7 @@ files:
 - exe/muchkeys
 - lib/muchkeys.rb
 - lib/muchkeys/cli.rb
+- lib/muchkeys/cli/validation.rb
 - lib/muchkeys/cli/validator.rb
 - lib/muchkeys/configuration.rb
 - lib/muchkeys/errors.rb