obscure_yaml 0.1.1 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +27 -2
- data/lib/obscure_yaml.rb +32 -34
- data/lib/obscure_yaml/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e586f3486eb9b5be77a5e103aafa209eed7c4e88
|
|
4
|
+
data.tar.gz: 82a944c7e62989133cb8b50d44cd93bf013daaf0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f1e280e19a6758a0cc1ec1b812f95ed449f3d122fdd50132cdd3e2acbbb551b877f6d54d40911e8edc8c0430aae94add680c95b37c68e36688175624d7909e5d
|
|
7
|
+
data.tar.gz: cb7b03a2c017e20d960ef2a0bdfda64fbbc4ab936bed1282b23e3e12f58e2999aa9e8487f96aa1859aeb8af7cd7690b7d4cd400df49e2581aac894d6316b8208
|
data/README.md
CHANGED
|
@@ -1,4 +1,29 @@
|
|
|
1
|
-
#
|
|
1
|
+
# obscure_yaml
|
|
2
2
|
|
|
3
3
|
This gem contains helper classes for working with Base64 encoded
|
|
4
|
-
Yaml files,
|
|
4
|
+
Yaml files, typically for kubernetes secrets.yml files, the values of which must be base64 encoded. It will either read the value from a specified fle or use yaml value directly, and write the resulting data all to a single yaml file with base64 encoded values under a specfied key ('data' by default) for consistency. Decoding always results in a single file, with escaped values as necessary.
|
|
5
|
+
|
|
6
|
+
Those long/unescaped values can be loaded from files referenced in the source yaml by wrapping in "magic" file/url delimiters, ('@' by default), e.g:
|
|
7
|
+
```yaml
|
|
8
|
+
apiVersion: v1
|
|
9
|
+
kind: ConfigMap
|
|
10
|
+
data:
|
|
11
|
+
long_crazy_indirect_value: '@local_unescaped_file.txt@'
|
|
12
|
+
regular_direct_value_domain: example.com
|
|
13
|
+
```
|
|
14
|
+
|
|
15
|
+
The delimiter can be changed with the env var `MAGIC_FILE` from default value of '@', and the data key can be changed from it's default value of 'data' with env var `DATA_KEY`.
|
|
16
|
+
|
|
17
|
+
Gem install as usual in bundler or directly as `obscure_yaml`, though only CLI usage is intended at present.
|
|
18
|
+
|
|
19
|
+
###Example usage
|
|
20
|
+
```
|
|
21
|
+
$ obscure encode connect.configmap.yml # outputs encoded yaml to stdout
|
|
22
|
+
$ obscure decode connect.secrets.yml # outputs decode yaml to stdout
|
|
23
|
+
$ obscure encode connect.configmap.yml tmp.out # writes encoded yaml to tmp.out file
|
|
24
|
+
$ obscure decode connect.secrets.yml tmp2.out # writes encoded yaml to tmp2.out file
|
|
25
|
+
$ cat file.yml | obscure decode # reads non-base64 input yaml from stdin, writes decoded yamlto stdout
|
|
26
|
+
$ cat file.yml | obscure encode # reads base64 encoded input yaml from stdin, write encoded to stdout
|
|
27
|
+
```
|
|
28
|
+
|
|
29
|
+
A valid url may also be used in place of a file path for input or output. There are no tests at present, because this was just an afternoon project, but pull requests are welcome if you find this useful!
|
data/lib/obscure_yaml.rb
CHANGED
|
@@ -5,48 +5,46 @@ require 'open-uri'
|
|
|
5
5
|
module ObscureYaml
|
|
6
6
|
DEFAULT_DATA_KEY = 'data'
|
|
7
7
|
MAGIC_DELIMITER = '@'
|
|
8
|
-
|
|
8
|
+
class << self
|
|
9
9
|
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
10
|
+
def decode(output, input)
|
|
11
|
+
output << construct_yaml(input, :output)
|
|
12
|
+
end
|
|
13
13
|
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
14
|
+
def encode(output, input)
|
|
15
|
+
output << construct_yaml(input, :input)
|
|
16
|
+
end
|
|
17
17
|
|
|
18
|
-
|
|
18
|
+
private
|
|
19
19
|
|
|
20
|
-
|
|
20
|
+
def construct_yaml(yaml_source, direction)
|
|
21
|
+
YAML::load(yaml_source.read).tap { |hsh|
|
|
22
|
+
data = hsh[obscured_data_key]
|
|
23
|
+
hsh[obscured_data_key] = data.map { |key, value|
|
|
24
|
+
[key, handle_coding(direction, value)]
|
|
25
|
+
}.to_h
|
|
26
|
+
}.to_yaml
|
|
27
|
+
end
|
|
21
28
|
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
hsh[obscured_data_key] = data.map { |key, value|
|
|
26
|
-
[key, handle_coding(direction, value)]
|
|
27
|
-
}.to_h
|
|
28
|
-
}.to_yaml
|
|
29
|
-
end
|
|
29
|
+
def handle_coding(direction, value)
|
|
30
|
+
direction == :output ? Base64.decode64(value) : Base64.encode64(value_or_file_contents(value))
|
|
31
|
+
end
|
|
30
32
|
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
33
|
+
def value_or_file_contents(value)
|
|
34
|
+
return value unless detect_file(value)
|
|
35
|
+
value_contents = open(value.gsub(magic_delimiter, '')) { |f| f.read }
|
|
36
|
+
end
|
|
34
37
|
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
end
|
|
38
|
+
def detect_file(value)
|
|
39
|
+
value.match /\A#{magic_delimiter}(.+)#{magic_delimiter}\z/
|
|
40
|
+
end
|
|
39
41
|
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
def magic_delimiter
|
|
45
|
-
ENV['MAGIC_FILE'] || MAGIC_DELIMITER
|
|
46
|
-
end
|
|
42
|
+
def magic_delimiter
|
|
43
|
+
ENV['MAGIC_FILE'] || MAGIC_DELIMITER
|
|
44
|
+
end
|
|
47
45
|
|
|
48
|
-
|
|
49
|
-
|
|
46
|
+
def obscured_data_key
|
|
47
|
+
ENV['DATA_KEY'] || DEFAULT_DATA_KEY
|
|
48
|
+
end
|
|
50
49
|
end
|
|
51
|
-
|
|
52
50
|
end
|
data/lib/obscure_yaml/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: obscure_yaml
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Brian Glusman
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-09-
|
|
11
|
+
date: 2016-09-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: " There was no call for this really, except we needed it.\n"
|
|
14
14
|
email:
|