talos 0.1.4 → 0.1.12

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: dab3a4d04cdbaf2341a864339844d4d50f802306
-  data.tar.gz: bd03b9ac3160f2d8fbfe2739ad35a664b603861f
+SHA256:
+  metadata.gz: a8f0efd69cc2ac6c66c14f6eacb00b8aab5728b6f42d075b6434074c0765a8ae
+  data.tar.gz: 81fc691b4ccf9728449262103e748a397d399ca0900c62253c05be2dc612eb8f
 SHA512:
-  metadata.gz: 82674e70f3223c42862fceef23d0a3c3a30624f459b4a992824da9ba0e85064a0f4b0ca7ec78a3608b4fd5798e63fefbd6b10ae4494ca56012cc59ad1f2ed6ad
-  data.tar.gz: 56ca8ed739df572e59ce4ea9f96a9f4a93ca0313c3f5b2d59c2b7c8a8861ebda0119dc438efe67a3d006d24b98e7bb01e79cfed3764c406d516fb00b85c66f16
+  metadata.gz: 96090bf35cdbe9ca0057f13b8c88e6013a5f97c4b4555e49c6e6a6c1c3b66e2780fef4130dea5fd5731a38ddb123cda9b7fa6e26c124aecf5c31c30de388247f
+  data.tar.gz: 8d260417b450c139b2ce9eeed458f0448c5ac49ce273ff42f149e62ac8b1e36b7cd0806266ea14f7f51eb61e30c872c9f572b21ed7be996cbb868fc7506dcc0b

data/.travis.yml

@@ -0,0 +1,17 @@
+language: ruby
+rvm:
+  - 2.4.9
+  - 2.5.3
+  - 2.5.7
+  - 2.6.5
+  - 2.7.0
+  - jruby-19mode
+
+deploy:
+  provider: rubygems
+  on:
+    tags: true
+    rvm: 2.6.5
+  api_key:
+    secure: Y2LlE9bODO/j7iL4ycLKaOo1HjqzRXe8E6fPkjF2lWZvjbmYVZRCKky5+xJYO8OoAweAeEa9rYiujpDfUzBWfC3U3rRMkcxcfPePT169PGvosAsHVEl6FXXvo9ra3NJpXVLkNBpToKktQ7nlWfyj/AQeh3l7aQdW9ttfoAXKAoLpFaJpkGWCB9vFVlncWsM9ND8Gj5CgUjxuVN1TUksghlGFq7hEeFUOLJcy09e6EzaIdLSpy4SgyDnwiJrSkiDDGVqwc0rCoEgRyHKrw3xbrBB/IVKSoFaBAkZgyIBGPIQKhM890/Ho6GkA9R+Qu7P4FBd5HMziCJCKZhq4rbRZkiT1cnq04SIwCxySy31iIUI+M+eHPijECqDP4SkLELpa0uZV6xWU+zTHix/3StXKbIxMGuHcb5kF12wnSK6eCw+BJpZugI27FRsP3oPxX4CVSSMtV9PG14uie6Qnq7CWmAsTKXS983cPLIbhGojSedU8I8bIDF2uHXTwjNInMkpOQuHeGFaI4LAcTHS7byjisc0t4mIaSWn4w966kUUsnJm1IkpS6xQy7DtcLockkzei7+HpyIFnMMce5S1Pwd5wRfLPXOQontVTd5ERZxbAd2Q5Vej2E+zbxxJCKaQdKulFgX6DIs6BBhp3gI8LO+9W5tgtkaHEgxUnEzELqXgM7i4=
+dist: bionic

data/README.md

@@ -4,8 +4,9 @@ Talos
 [![Gem Version](https://badge.fury.io/rb/talos.svg)](http://badge.fury.io/rb/talos)
 [![Build Status](https://travis-ci.org/spotify/talos.png?branch=master)](https://travis-ci.org/spotify/talos)
 
-Talos is a rack application which servers Hiera yaml files over HTTP.
-It authorizes clients based on the SSL certificates issued by the Puppet CA and returns only the files in the Hiera scope.
+Talos is a rack application which serves Hiera yaml files over HTTP.
+It authorizes clients based on the SSL certificates issued by the Puppet CA and returns only the files in the
+[Hiera scope](https://docs.puppetlabs.com/hiera/3.0/command_line.html#json-and-yaml-scopes).
 
 Talos is used to store and distribute secrets via Hiera to the masterless puppet clients.
 
@@ -54,6 +55,7 @@ scopes:
       environment: testing
 
 unsafe_scopes: true
+ssl: true
 ```
 
 When receiving a request, Talos iterates over `scopes` list and matches
@@ -70,6 +72,9 @@ scope on collision.
 If `unsafe_scopes` option is enabled, Talos will also add all the parameters
 passed by the client to the Hiera scope.
 
+The `ssl` option defaults to enabled. When disabled, the `fqdn` query parameter
+is used to determine scopes rather than the client certificate.
+
 Hiera
 -----
 You need to provide `/etc/talos/hiera.yaml` file to configure Hiera
@@ -98,6 +103,11 @@ will return only the files that match the Hiera scope of the clients.
 Installing
 ----------
 
+You can use [spotify/talos](https://github.com/spotify/puppet-talos)
+puppet module to install Talos.
+
+### Manual installation
+
 First, install talos using rubygems:
 
     $ gem install talos
@@ -125,7 +135,7 @@ You can run Talos using Passenger or any other application server. Make
 sure you use Puppet SSL keys to validate the client certificates and to
 forward `SSL_CLIENT_S_DN_CN` header:
 
-```
+```apacheconf
 <VirtualHost *:443>
   DocumentRoot "/var/lib/talos/public"
 
@@ -159,7 +169,7 @@ participating, you are expected to honor this code.
 https://github.com/spotify/code-of-conduct/blob/master/code-of-conduct.md
 
 License
------------------
+-------
 ```text
 Copyright 2013-2016 Spotify AB
 

data/lib/talos.rb

@@ -24,9 +24,11 @@ require 'archive/tar/minitar'
 require 'pathname'
 include Archive::Tar
 
+
 class Talos < Sinatra::Base
   def self.prepare_config(path)
     set :talos, YAML.load_file(path)
+    settings.talos['ssl'] = true if settings.talos['ssl'].nil?
     settings.talos['scopes'].each do |scope_config|
       begin
         scope_config['regexp'] = Regexp.new(scope_config['match'])
@@ -36,7 +38,7 @@ class Talos < Sinatra::Base
     end
   end
 
-  configure :development do
+  configure :development, :test do
     require 'sinatra/reloader'
     register Sinatra::Reloader
     set :hiera, Hiera::Config::load(File.expand_path('spec/fixtures/hiera.yaml'))
@@ -47,6 +49,7 @@ class Talos < Sinatra::Base
   configure :production do
     set :hiera, Hiera::Config::load(File.expand_path('/etc/talos/hiera.yaml'))
     prepare_config('/etc/talos/talos.yaml')
+    warn("SECURITY WARNING: use of ssl is disabled, client requests cannot be authenticated") if !settings.talos['ssl']
     warn("SECURITY WARNING: unsafe_scopes are enabled, SSL authentication bypass is possible") if settings.talos['unsafe_scopes']
   end
 
@@ -97,11 +100,13 @@ class Talos < Sinatra::Base
   end
 
   get '/' do
-    fqdn = settings.development? ? params[:fqdn] : request.env['HTTP_SSL_CLIENT_S_DN_CN']
+    fqdn_env = request.env['HTTP_SSL_CLIENT_S_DN_CN'] ? request.env['HTTP_SSL_CLIENT_S_DN_CN'] : request.env['SSL_CLIENT_S_DN_CN'] 
+    fqdn = (settings.development? || !settings.talos['ssl']) ? params[:fqdn] : fqdn_env
     scope = get_scope(fqdn)
     files_to_pack = files_in_scope(scope)
     archive = compress_files(files_to_pack)
     content_type 'application/x-gzip'
+    headers['content-encoding'] = 'gzip'
     archive.string
   end
 

data/spec/fixtures/master

@@ -0,0 +1 @@
+spec/fixtures/master.3fa3fd97848a72ae539b75bccd6028cd1d4e92e3

data/talos.gemspec

@@ -1,23 +1,24 @@
 Gem::Specification.new do |s|
-  s.version       = '0.1.4'
+  s.version       = '0.1.12'
   s.name          = 'talos'
   s.authors       = ['Alexey Lapitsky', 'Johan Haals']
   s.email         = 'alexey@spotify.com'
   s.summary       = %q{Hiera secrets distribution over HTTP}
   s.description   = %q{Distribute compressed hiera yaml files to authenticated puppet clients over HTTP}
   s.homepage      = 'https://github.com/spotify/talos'
-  s.license       = 'Apache 2.0'
+  s.license       = 'Apache-2.0'
 
   s.files         = `git ls-files`.split($\)
   s.executables   = s.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
   s.test_files    = s.files.grep(%r{^(test|spec|features)/})
   s.require_paths = ['lib']
 
-  s.add_dependency 'rack', '< 1.6'
-  s.add_dependency 'sinatra'
-  s.add_dependency 'hiera'
-  s.add_dependency 'archive-tar-minitar'
+  s.add_dependency 'rack', '2.2.3'
+  s.add_dependency 'sinatra', '~> 2.0.8'
+  s.add_dependency 'hiera', '~> 3.6.0'
+  s.add_dependency 'archive-tar-minitar', '~> 0.5.2'
   s.add_development_dependency 'rake'
+  s.add_development_dependency 'rack-test', '~> 1.1.0'
   s.add_development_dependency 'sinatra-contrib'
   s.add_development_dependency 'rspec', '>= 2.9'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: talos
 version: !ruby/object:Gem::Version
-  version: 0.1.4
+  version: 0.1.12
 platform: ruby
 authors:
 - Alexey Lapitsky
@@ -9,104 +9,118 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-01-07 00:00:00.000000000 Z
+date: 2020-08-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - <
+    - - '='
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: 2.2.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - <
+    - - '='
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: 2.2.3
 - !ruby/object:Gem::Dependency
   name: sinatra
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.0.8
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.0.8
 - !ruby/object:Gem::Dependency
   name: hiera
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 3.6.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 3.6.0
 - !ruby/object:Gem::Dependency
   name: archive-tar-minitar
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.5.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.5.2
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.1.0
 - !ruby/object:Gem::Dependency
   name: sinatra-contrib
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '2.9'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '2.9'
 description: Distribute compressed hiera yaml files to authenticated puppet clients
@@ -116,8 +130,9 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .rspec
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
 - Gemfile
 - LICENSE
 - README.md
@@ -125,6 +140,7 @@ files:
 - config.ru
 - lib/talos.rb
 - spec/fixtures/hiera.yaml
+- spec/fixtures/master
 - spec/fixtures/master.3fa3fd97848a72ae539b75bccd6028cd1d4e92e3/common.yaml
 - spec/fixtures/master.3fa3fd97848a72ae539b75bccd6028cd1d4e92e3/fqdn/foo.bar.yaml
 - spec/fixtures/master.3fa3fd97848a72ae539b75bccd6028cd1d4e92e3/role/foobar/testing.yaml
@@ -137,7 +153,7 @@ files:
 - talos.gemspec
 homepage: https://github.com/spotify/talos
 licenses:
-- Apache 2.0
+- Apache-2.0
 metadata: {}
 post_install_message: 
 rdoc_options: []
@@ -145,22 +161,22 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.0.14
+rubygems_version: 3.0.6
 signing_key: 
 specification_version: 4
 summary: Hiera secrets distribution over HTTP
 test_files:
 - spec/fixtures/hiera.yaml
+- spec/fixtures/master
 - spec/fixtures/master.3fa3fd97848a72ae539b75bccd6028cd1d4e92e3/common.yaml
 - spec/fixtures/master.3fa3fd97848a72ae539b75bccd6028cd1d4e92e3/fqdn/foo.bar.yaml
 - spec/fixtures/master.3fa3fd97848a72ae539b75bccd6028cd1d4e92e3/role/foobar/testing.yaml