obscure_yaml 0.1.1 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +27 -2
- data/lib/obscure_yaml.rb +32 -34
- data/lib/obscure_yaml/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e586f3486eb9b5be77a5e103aafa209eed7c4e88
|
4
|
+
data.tar.gz: 82a944c7e62989133cb8b50d44cd93bf013daaf0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f1e280e19a6758a0cc1ec1b812f95ed449f3d122fdd50132cdd3e2acbbb551b877f6d54d40911e8edc8c0430aae94add680c95b37c68e36688175624d7909e5d
|
7
|
+
data.tar.gz: cb7b03a2c017e20d960ef2a0bdfda64fbbc4ab936bed1282b23e3e12f58e2999aa9e8487f96aa1859aeb8af7cd7690b7d4cd400df49e2581aac894d6316b8208
|
data/README.md
CHANGED
@@ -1,4 +1,29 @@
|
|
1
|
-
#
|
1
|
+
# obscure_yaml
|
2
2
|
|
3
3
|
This gem contains helper classes for working with Base64 encoded
|
4
|
-
Yaml files,
|
4
|
+
Yaml files, typically for kubernetes secrets.yml files, the values of which must be base64 encoded. It will either read the value from a specified fle or use yaml value directly, and write the resulting data all to a single yaml file with base64 encoded values under a specfied key ('data' by default) for consistency. Decoding always results in a single file, with escaped values as necessary.
|
5
|
+
|
6
|
+
Those long/unescaped values can be loaded from files referenced in the source yaml by wrapping in "magic" file/url delimiters, ('@' by default), e.g:
|
7
|
+
```yaml
|
8
|
+
apiVersion: v1
|
9
|
+
kind: ConfigMap
|
10
|
+
data:
|
11
|
+
long_crazy_indirect_value: '@local_unescaped_file.txt@'
|
12
|
+
regular_direct_value_domain: example.com
|
13
|
+
```
|
14
|
+
|
15
|
+
The delimiter can be changed with the env var `MAGIC_FILE` from default value of '@', and the data key can be changed from it's default value of 'data' with env var `DATA_KEY`.
|
16
|
+
|
17
|
+
Gem install as usual in bundler or directly as `obscure_yaml`, though only CLI usage is intended at present.
|
18
|
+
|
19
|
+
###Example usage
|
20
|
+
```
|
21
|
+
$ obscure encode connect.configmap.yml # outputs encoded yaml to stdout
|
22
|
+
$ obscure decode connect.secrets.yml # outputs decode yaml to stdout
|
23
|
+
$ obscure encode connect.configmap.yml tmp.out # writes encoded yaml to tmp.out file
|
24
|
+
$ obscure decode connect.secrets.yml tmp2.out # writes encoded yaml to tmp2.out file
|
25
|
+
$ cat file.yml | obscure decode # reads non-base64 input yaml from stdin, writes decoded yamlto stdout
|
26
|
+
$ cat file.yml | obscure encode # reads base64 encoded input yaml from stdin, write encoded to stdout
|
27
|
+
```
|
28
|
+
|
29
|
+
A valid url may also be used in place of a file path for input or output. There are no tests at present, because this was just an afternoon project, but pull requests are welcome if you find this useful!
|
data/lib/obscure_yaml.rb
CHANGED
@@ -5,48 +5,46 @@ require 'open-uri'
|
|
5
5
|
module ObscureYaml
|
6
6
|
DEFAULT_DATA_KEY = 'data'
|
7
7
|
MAGIC_DELIMITER = '@'
|
8
|
-
|
8
|
+
class << self
|
9
9
|
|
10
|
-
|
11
|
-
|
12
|
-
|
10
|
+
def decode(output, input)
|
11
|
+
output << construct_yaml(input, :output)
|
12
|
+
end
|
13
13
|
|
14
|
-
|
15
|
-
|
16
|
-
|
14
|
+
def encode(output, input)
|
15
|
+
output << construct_yaml(input, :input)
|
16
|
+
end
|
17
17
|
|
18
|
-
|
18
|
+
private
|
19
19
|
|
20
|
-
|
20
|
+
def construct_yaml(yaml_source, direction)
|
21
|
+
YAML::load(yaml_source.read).tap { |hsh|
|
22
|
+
data = hsh[obscured_data_key]
|
23
|
+
hsh[obscured_data_key] = data.map { |key, value|
|
24
|
+
[key, handle_coding(direction, value)]
|
25
|
+
}.to_h
|
26
|
+
}.to_yaml
|
27
|
+
end
|
21
28
|
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
hsh[obscured_data_key] = data.map { |key, value|
|
26
|
-
[key, handle_coding(direction, value)]
|
27
|
-
}.to_h
|
28
|
-
}.to_yaml
|
29
|
-
end
|
29
|
+
def handle_coding(direction, value)
|
30
|
+
direction == :output ? Base64.decode64(value) : Base64.encode64(value_or_file_contents(value))
|
31
|
+
end
|
30
32
|
|
31
|
-
|
32
|
-
|
33
|
-
|
33
|
+
def value_or_file_contents(value)
|
34
|
+
return value unless detect_file(value)
|
35
|
+
value_contents = open(value.gsub(magic_delimiter, '')) { |f| f.read }
|
36
|
+
end
|
34
37
|
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
end
|
38
|
+
def detect_file(value)
|
39
|
+
value.match /\A#{magic_delimiter}(.+)#{magic_delimiter}\z/
|
40
|
+
end
|
39
41
|
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
def magic_delimiter
|
45
|
-
ENV['MAGIC_FILE'] || MAGIC_DELIMITER
|
46
|
-
end
|
42
|
+
def magic_delimiter
|
43
|
+
ENV['MAGIC_FILE'] || MAGIC_DELIMITER
|
44
|
+
end
|
47
45
|
|
48
|
-
|
49
|
-
|
46
|
+
def obscured_data_key
|
47
|
+
ENV['DATA_KEY'] || DEFAULT_DATA_KEY
|
48
|
+
end
|
50
49
|
end
|
51
|
-
|
52
50
|
end
|
data/lib/obscure_yaml/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: obscure_yaml
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Brian Glusman
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-09-
|
11
|
+
date: 2016-09-23 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: " There was no call for this really, except we needed it.\n"
|
14
14
|
email:
|