stack_master 1.6.0-x64-mingw32 → 1.7.0-x64-mingw32

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 8047714e53694bdbdc5df17e1251890f837ce9e8
4
- data.tar.gz: 91b1ddd6984d7db56c4f753a30746586d771b044
3
+ metadata.gz: 9d4199278b4ed423d09c699b662ecc7a99c697ee
4
+ data.tar.gz: 6b69af6fbd70de239ccb3d07e1c9e39ecbf9c263
5
5
  SHA512:
6
- metadata.gz: 4e1e69e10b0b9ec16ab50a8d9b8aaebe7cb0ca19e2e8a68c9273e9902106846d66fbb57c2cc6357414c3e9b08759d732335b0bd2cb965c2f714187f4fc7195c9
7
- data.tar.gz: 272c24b02149e636e06f6c4a8f5178e7e7efcd1746eed8b743974c94c6d397233b359989b817b318213235728b350011018168cdd559ab3012e22ed9f9c8ce07
6
+ metadata.gz: 92508145673fd052cb612ddbfa88cb2eb60ed764aba323794731a392f216a131e86603cb9caa42b8cede4b70ff30cc9ff074331502ec1e5519fdfde143c467df
7
+ data.tar.gz: 47716e152071f601e5b1790719e93aa5eeded7c048ede84053ccd94189b092732dcaf5f0abad34be6a4c5aec809ab6c72eb1a54d01bfb84c98c1232f70fc60a2
data/README.md CHANGED
@@ -256,6 +256,23 @@ you will likely want to set the parameter to NoEcho in your template.
256
256
  db_password:
257
257
  parameter_store: ssm_parameter_name
258
258
  ```
259
+ ### 1Password Lookup
260
+ An Alternative to the alternative secret store is accessing 1password secrets using the 1password cli (`op`).
261
+ You declare a 1password lookup with the following parameters in your parameters file:
262
+
263
+ ```
264
+ parameters/database.yml
265
+ database_password:
266
+ one_password:
267
+ title: production database
268
+ vault: Shared
269
+ type: password
270
+ ```
271
+
272
+ 1password stores the name of the secret in the `title`. You can pass the `vault` you expect the secret to be in.
273
+ Currently we support two types of secrets, `password`s and `secureNote`s. All values must be declared, there are no defaults.
274
+
275
+ For more information on 1password cli please see [here](https://support.1password.com/command-line-getting-started/)
259
276
 
260
277
  ### Security Group
261
278
 
data/lib/stack_master.rb CHANGED
@@ -69,6 +69,7 @@ module StackMaster
69
69
  autoload :LatestAmi, 'stack_master/parameter_resolvers/latest_ami'
70
70
  autoload :Env, 'stack_master/parameter_resolvers/env'
71
71
  autoload :ParameterStore, 'stack_master/parameter_resolvers/parameter_store'
72
+ autoload :OnePassword, 'stack_master/parameter_resolvers/one_password'
72
73
  end
73
74
 
74
75
  module AwsDriver
@@ -0,0 +1,85 @@
1
+ module StackMaster
2
+ module ParameterResolvers
3
+ class OnePassword < Resolver
4
+ OnePasswordNotFound = Class.new(StandardError)
5
+ OnePasswordNotAbleToAuthenticate = Class.new(StandardError)
6
+ OnePasswordBinaryNotFound = Class.new(StandardError)
7
+ OnePasswordInvalidResponse = Class.new(StandardError)
8
+
9
+ array_resolver
10
+
11
+ def initialize(config, stack_definition)
12
+ @config = config
13
+ @stack_definition = stack_definition
14
+ end
15
+
16
+ def resolve(params={})
17
+ raise OnePasswordNotAbleToAuthenticate, "1password requires the `OP_SESSION_<name>` to be set, (remember to sign in?)" if ENV.keys.grep(/OP_SESSION_\w+$/).empty?
18
+ get_items(params)
19
+ end
20
+
21
+ private
22
+
23
+ def validate_op_installed?
24
+ %x(op --version)
25
+ rescue Errno::ENOENT => exception
26
+ raise OnePasswordBinaryNotFound, "The op cli needs to be installed and in the PATH, #{exception}"
27
+ end
28
+
29
+ def validate_response?(item)
30
+ item.match(/\[LOG\].+(?<error>\(.+)$/) do |i|
31
+ raise OnePasswordNotFound, "Failed to return item from 1password, #{i['error']}"
32
+ end
33
+ JSON.parse(item)
34
+ rescue JSON::ParserError => exception
35
+ raise OnePasswordInvalidResponse, "Failed to parse JSON returned, #{item}: #{exception}"
36
+ end
37
+
38
+ def is_login_item?(data)
39
+ data.details.password.nil?
40
+ end
41
+
42
+ def password_item(data)
43
+ data.details.password
44
+ end
45
+
46
+ def login_item(data)
47
+ data.details.fields[1].value
48
+ end
49
+
50
+ def op_get_item(item, vault)
51
+ validate_op_installed?
52
+ item = %x(op get item --vault='#{vault}' '#{item}' 2>&1)
53
+ item if validate_response?(item)
54
+ end
55
+
56
+ def create_struct(title, vault)
57
+ JSON.parse(op_get_item(title, vault), object_class: OpenStruct)
58
+ end
59
+
60
+ def get_password(title, vault)
61
+ # There are two types of password that can be returned.
62
+ # One is attached to a Login item in 1Password
63
+ # the other is to a Password item.
64
+ if is_login_item?(create_struct(title, vault))
65
+ login_item(create_struct(title, vault))
66
+ else
67
+ password_item(create_struct(title, vault))
68
+ end
69
+ end
70
+
71
+ def get_secure_note(title, vault)
72
+ create_struct(title, vault).details.notesPlain
73
+ end
74
+
75
+ def get_items(params)
76
+ case params['type']
77
+ when 'password'
78
+ return get_password(params['title'], params['vault'])
79
+ when 'secureNote'
80
+ return get_secure_note(params['title'], params['vault'])
81
+ end
82
+ end
83
+ end
84
+ end
85
+ end
@@ -1,3 +1,3 @@
1
1
  module StackMaster
2
- VERSION = "1.6.0"
2
+ VERSION = "1.7.0"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: stack_master
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.6.0
4
+ version: 1.7.0
5
5
  platform: x64-mingw32
6
6
  authors:
7
7
  - Steve Hodgkiss
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2018-05-11 00:00:00.000000000 Z
12
+ date: 2018-05-15 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: bundler
@@ -384,6 +384,7 @@ files:
384
384
  - lib/stack_master/parameter_resolvers/env.rb
385
385
  - lib/stack_master/parameter_resolvers/latest_ami.rb
386
386
  - lib/stack_master/parameter_resolvers/latest_ami_by_tags.rb
387
+ - lib/stack_master/parameter_resolvers/one_password.rb
387
388
  - lib/stack_master/parameter_resolvers/parameter_store.rb
388
389
  - lib/stack_master/parameter_resolvers/secret.rb
389
390
  - lib/stack_master/parameter_resolvers/security_group.rb