stack_master 1.6.0-x64-mingw32 → 1.7.0-x64-mingw32
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +17 -0
- data/lib/stack_master.rb +1 -0
- data/lib/stack_master/parameter_resolvers/one_password.rb +85 -0
- data/lib/stack_master/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9d4199278b4ed423d09c699b662ecc7a99c697ee
|
4
|
+
data.tar.gz: 6b69af6fbd70de239ccb3d07e1c9e39ecbf9c263
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 92508145673fd052cb612ddbfa88cb2eb60ed764aba323794731a392f216a131e86603cb9caa42b8cede4b70ff30cc9ff074331502ec1e5519fdfde143c467df
|
7
|
+
data.tar.gz: 47716e152071f601e5b1790719e93aa5eeded7c048ede84053ccd94189b092732dcaf5f0abad34be6a4c5aec809ab6c72eb1a54d01bfb84c98c1232f70fc60a2
|
data/README.md
CHANGED
@@ -256,6 +256,23 @@ you will likely want to set the parameter to NoEcho in your template.
|
|
256
256
|
db_password:
|
257
257
|
parameter_store: ssm_parameter_name
|
258
258
|
```
|
259
|
+
### 1Password Lookup
|
260
|
+
An Alternative to the alternative secret store is accessing 1password secrets using the 1password cli (`op`).
|
261
|
+
You declare a 1password lookup with the following parameters in your parameters file:
|
262
|
+
|
263
|
+
```
|
264
|
+
parameters/database.yml
|
265
|
+
database_password:
|
266
|
+
one_password:
|
267
|
+
title: production database
|
268
|
+
vault: Shared
|
269
|
+
type: password
|
270
|
+
```
|
271
|
+
|
272
|
+
1password stores the name of the secret in the `title`. You can pass the `vault` you expect the secret to be in.
|
273
|
+
Currently we support two types of secrets, `password`s and `secureNote`s. All values must be declared, there are no defaults.
|
274
|
+
|
275
|
+
For more information on 1password cli please see [here](https://support.1password.com/command-line-getting-started/)
|
259
276
|
|
260
277
|
### Security Group
|
261
278
|
|
data/lib/stack_master.rb
CHANGED
@@ -69,6 +69,7 @@ module StackMaster
|
|
69
69
|
autoload :LatestAmi, 'stack_master/parameter_resolvers/latest_ami'
|
70
70
|
autoload :Env, 'stack_master/parameter_resolvers/env'
|
71
71
|
autoload :ParameterStore, 'stack_master/parameter_resolvers/parameter_store'
|
72
|
+
autoload :OnePassword, 'stack_master/parameter_resolvers/one_password'
|
72
73
|
end
|
73
74
|
|
74
75
|
module AwsDriver
|
@@ -0,0 +1,85 @@
|
|
1
|
+
module StackMaster
|
2
|
+
module ParameterResolvers
|
3
|
+
class OnePassword < Resolver
|
4
|
+
OnePasswordNotFound = Class.new(StandardError)
|
5
|
+
OnePasswordNotAbleToAuthenticate = Class.new(StandardError)
|
6
|
+
OnePasswordBinaryNotFound = Class.new(StandardError)
|
7
|
+
OnePasswordInvalidResponse = Class.new(StandardError)
|
8
|
+
|
9
|
+
array_resolver
|
10
|
+
|
11
|
+
def initialize(config, stack_definition)
|
12
|
+
@config = config
|
13
|
+
@stack_definition = stack_definition
|
14
|
+
end
|
15
|
+
|
16
|
+
def resolve(params={})
|
17
|
+
raise OnePasswordNotAbleToAuthenticate, "1password requires the `OP_SESSION_<name>` to be set, (remember to sign in?)" if ENV.keys.grep(/OP_SESSION_\w+$/).empty?
|
18
|
+
get_items(params)
|
19
|
+
end
|
20
|
+
|
21
|
+
private
|
22
|
+
|
23
|
+
def validate_op_installed?
|
24
|
+
%x(op --version)
|
25
|
+
rescue Errno::ENOENT => exception
|
26
|
+
raise OnePasswordBinaryNotFound, "The op cli needs to be installed and in the PATH, #{exception}"
|
27
|
+
end
|
28
|
+
|
29
|
+
def validate_response?(item)
|
30
|
+
item.match(/\[LOG\].+(?<error>\(.+)$/) do |i|
|
31
|
+
raise OnePasswordNotFound, "Failed to return item from 1password, #{i['error']}"
|
32
|
+
end
|
33
|
+
JSON.parse(item)
|
34
|
+
rescue JSON::ParserError => exception
|
35
|
+
raise OnePasswordInvalidResponse, "Failed to parse JSON returned, #{item}: #{exception}"
|
36
|
+
end
|
37
|
+
|
38
|
+
def is_login_item?(data)
|
39
|
+
data.details.password.nil?
|
40
|
+
end
|
41
|
+
|
42
|
+
def password_item(data)
|
43
|
+
data.details.password
|
44
|
+
end
|
45
|
+
|
46
|
+
def login_item(data)
|
47
|
+
data.details.fields[1].value
|
48
|
+
end
|
49
|
+
|
50
|
+
def op_get_item(item, vault)
|
51
|
+
validate_op_installed?
|
52
|
+
item = %x(op get item --vault='#{vault}' '#{item}' 2>&1)
|
53
|
+
item if validate_response?(item)
|
54
|
+
end
|
55
|
+
|
56
|
+
def create_struct(title, vault)
|
57
|
+
JSON.parse(op_get_item(title, vault), object_class: OpenStruct)
|
58
|
+
end
|
59
|
+
|
60
|
+
def get_password(title, vault)
|
61
|
+
# There are two types of password that can be returned.
|
62
|
+
# One is attached to a Login item in 1Password
|
63
|
+
# the other is to a Password item.
|
64
|
+
if is_login_item?(create_struct(title, vault))
|
65
|
+
login_item(create_struct(title, vault))
|
66
|
+
else
|
67
|
+
password_item(create_struct(title, vault))
|
68
|
+
end
|
69
|
+
end
|
70
|
+
|
71
|
+
def get_secure_note(title, vault)
|
72
|
+
create_struct(title, vault).details.notesPlain
|
73
|
+
end
|
74
|
+
|
75
|
+
def get_items(params)
|
76
|
+
case params['type']
|
77
|
+
when 'password'
|
78
|
+
return get_password(params['title'], params['vault'])
|
79
|
+
when 'secureNote'
|
80
|
+
return get_secure_note(params['title'], params['vault'])
|
81
|
+
end
|
82
|
+
end
|
83
|
+
end
|
84
|
+
end
|
85
|
+
end
|
data/lib/stack_master/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: stack_master
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.7.0
|
5
5
|
platform: x64-mingw32
|
6
6
|
authors:
|
7
7
|
- Steve Hodgkiss
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2018-05-
|
12
|
+
date: 2018-05-15 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: bundler
|
@@ -384,6 +384,7 @@ files:
|
|
384
384
|
- lib/stack_master/parameter_resolvers/env.rb
|
385
385
|
- lib/stack_master/parameter_resolvers/latest_ami.rb
|
386
386
|
- lib/stack_master/parameter_resolvers/latest_ami_by_tags.rb
|
387
|
+
- lib/stack_master/parameter_resolvers/one_password.rb
|
387
388
|
- lib/stack_master/parameter_resolvers/parameter_store.rb
|
388
389
|
- lib/stack_master/parameter_resolvers/secret.rb
|
389
390
|
- lib/stack_master/parameter_resolvers/security_group.rb
|