talos 0.1.4 → 0.1.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: dab3a4d04cdbaf2341a864339844d4d50f802306
4
- data.tar.gz: bd03b9ac3160f2d8fbfe2739ad35a664b603861f
2
+ SHA256:
3
+ metadata.gz: a8f0efd69cc2ac6c66c14f6eacb00b8aab5728b6f42d075b6434074c0765a8ae
4
+ data.tar.gz: 81fc691b4ccf9728449262103e748a397d399ca0900c62253c05be2dc612eb8f
5
5
  SHA512:
6
- metadata.gz: 82674e70f3223c42862fceef23d0a3c3a30624f459b4a992824da9ba0e85064a0f4b0ca7ec78a3608b4fd5798e63fefbd6b10ae4494ca56012cc59ad1f2ed6ad
7
- data.tar.gz: 56ca8ed739df572e59ce4ea9f96a9f4a93ca0313c3f5b2d59c2b7c8a8861ebda0119dc438efe67a3d006d24b98e7bb01e79cfed3764c406d516fb00b85c66f16
6
+ metadata.gz: 96090bf35cdbe9ca0057f13b8c88e6013a5f97c4b4555e49c6e6a6c1c3b66e2780fef4130dea5fd5731a38ddb123cda9b7fa6e26c124aecf5c31c30de388247f
7
+ data.tar.gz: 8d260417b450c139b2ce9eeed458f0448c5ac49ce273ff42f149e62ac8b1e36b7cd0806266ea14f7f51eb61e30c872c9f572b21ed7be996cbb868fc7506dcc0b
@@ -0,0 +1,17 @@
1
+ language: ruby
2
+ rvm:
3
+ - 2.4.9
4
+ - 2.5.3
5
+ - 2.5.7
6
+ - 2.6.5
7
+ - 2.7.0
8
+ - jruby-19mode
9
+
10
+ deploy:
11
+ provider: rubygems
12
+ on:
13
+ tags: true
14
+ rvm: 2.6.5
15
+ api_key:
16
+ secure: Y2LlE9bODO/j7iL4ycLKaOo1HjqzRXe8E6fPkjF2lWZvjbmYVZRCKky5+xJYO8OoAweAeEa9rYiujpDfUzBWfC3U3rRMkcxcfPePT169PGvosAsHVEl6FXXvo9ra3NJpXVLkNBpToKktQ7nlWfyj/AQeh3l7aQdW9ttfoAXKAoLpFaJpkGWCB9vFVlncWsM9ND8Gj5CgUjxuVN1TUksghlGFq7hEeFUOLJcy09e6EzaIdLSpy4SgyDnwiJrSkiDDGVqwc0rCoEgRyHKrw3xbrBB/IVKSoFaBAkZgyIBGPIQKhM890/Ho6GkA9R+Qu7P4FBd5HMziCJCKZhq4rbRZkiT1cnq04SIwCxySy31iIUI+M+eHPijECqDP4SkLELpa0uZV6xWU+zTHix/3StXKbIxMGuHcb5kF12wnSK6eCw+BJpZugI27FRsP3oPxX4CVSSMtV9PG14uie6Qnq7CWmAsTKXS983cPLIbhGojSedU8I8bIDF2uHXTwjNInMkpOQuHeGFaI4LAcTHS7byjisc0t4mIaSWn4w966kUUsnJm1IkpS6xQy7DtcLockkzei7+HpyIFnMMce5S1Pwd5wRfLPXOQontVTd5ERZxbAd2Q5Vej2E+zbxxJCKaQdKulFgX6DIs6BBhp3gI8LO+9W5tgtkaHEgxUnEzELqXgM7i4=
17
+ dist: bionic
data/README.md CHANGED
@@ -4,8 +4,9 @@ Talos
4
4
  [![Gem Version](https://badge.fury.io/rb/talos.svg)](http://badge.fury.io/rb/talos)
5
5
  [![Build Status](https://travis-ci.org/spotify/talos.png?branch=master)](https://travis-ci.org/spotify/talos)
6
6
 
7
- Talos is a rack application which servers Hiera yaml files over HTTP.
8
- It authorizes clients based on the SSL certificates issued by the Puppet CA and returns only the files in the Hiera scope.
7
+ Talos is a rack application which serves Hiera yaml files over HTTP.
8
+ It authorizes clients based on the SSL certificates issued by the Puppet CA and returns only the files in the
9
+ [Hiera scope](https://docs.puppetlabs.com/hiera/3.0/command_line.html#json-and-yaml-scopes).
9
10
 
10
11
  Talos is used to store and distribute secrets via Hiera to the masterless puppet clients.
11
12
 
@@ -54,6 +55,7 @@ scopes:
54
55
  environment: testing
55
56
 
56
57
  unsafe_scopes: true
58
+ ssl: true
57
59
  ```
58
60
 
59
61
  When receiving a request, Talos iterates over `scopes` list and matches
@@ -70,6 +72,9 @@ scope on collision.
70
72
  If `unsafe_scopes` option is enabled, Talos will also add all the parameters
71
73
  passed by the client to the Hiera scope.
72
74
 
75
+ The `ssl` option defaults to enabled. When disabled, the `fqdn` query parameter
76
+ is used to determine scopes rather than the client certificate.
77
+
73
78
  Hiera
74
79
  -----
75
80
  You need to provide `/etc/talos/hiera.yaml` file to configure Hiera
@@ -98,6 +103,11 @@ will return only the files that match the Hiera scope of the clients.
98
103
  Installing
99
104
  ----------
100
105
 
106
+ You can use [spotify/talos](https://github.com/spotify/puppet-talos)
107
+ puppet module to install Talos.
108
+
109
+ ### Manual installation
110
+
101
111
  First, install talos using rubygems:
102
112
 
103
113
  $ gem install talos
@@ -125,7 +135,7 @@ You can run Talos using Passenger or any other application server. Make
125
135
  sure you use Puppet SSL keys to validate the client certificates and to
126
136
  forward `SSL_CLIENT_S_DN_CN` header:
127
137
 
128
- ```
138
+ ```apacheconf
129
139
  <VirtualHost *:443>
130
140
  DocumentRoot "/var/lib/talos/public"
131
141
 
@@ -159,7 +169,7 @@ participating, you are expected to honor this code.
159
169
  https://github.com/spotify/code-of-conduct/blob/master/code-of-conduct.md
160
170
 
161
171
  License
162
- -----------------
172
+ -------
163
173
  ```text
164
174
  Copyright 2013-2016 Spotify AB
165
175
 
@@ -24,9 +24,11 @@ require 'archive/tar/minitar'
24
24
  require 'pathname'
25
25
  include Archive::Tar
26
26
 
27
+
27
28
  class Talos < Sinatra::Base
28
29
  def self.prepare_config(path)
29
30
  set :talos, YAML.load_file(path)
31
+ settings.talos['ssl'] = true if settings.talos['ssl'].nil?
30
32
  settings.talos['scopes'].each do |scope_config|
31
33
  begin
32
34
  scope_config['regexp'] = Regexp.new(scope_config['match'])
@@ -36,7 +38,7 @@ class Talos < Sinatra::Base
36
38
  end
37
39
  end
38
40
 
39
- configure :development do
41
+ configure :development, :test do
40
42
  require 'sinatra/reloader'
41
43
  register Sinatra::Reloader
42
44
  set :hiera, Hiera::Config::load(File.expand_path('spec/fixtures/hiera.yaml'))
@@ -47,6 +49,7 @@ class Talos < Sinatra::Base
47
49
  configure :production do
48
50
  set :hiera, Hiera::Config::load(File.expand_path('/etc/talos/hiera.yaml'))
49
51
  prepare_config('/etc/talos/talos.yaml')
52
+ warn("SECURITY WARNING: use of ssl is disabled, client requests cannot be authenticated") if !settings.talos['ssl']
50
53
  warn("SECURITY WARNING: unsafe_scopes are enabled, SSL authentication bypass is possible") if settings.talos['unsafe_scopes']
51
54
  end
52
55
 
@@ -97,11 +100,13 @@ class Talos < Sinatra::Base
97
100
  end
98
101
 
99
102
  get '/' do
100
- fqdn = settings.development? ? params[:fqdn] : request.env['HTTP_SSL_CLIENT_S_DN_CN']
103
+ fqdn_env = request.env['HTTP_SSL_CLIENT_S_DN_CN'] ? request.env['HTTP_SSL_CLIENT_S_DN_CN'] : request.env['SSL_CLIENT_S_DN_CN']
104
+ fqdn = (settings.development? || !settings.talos['ssl']) ? params[:fqdn] : fqdn_env
101
105
  scope = get_scope(fqdn)
102
106
  files_to_pack = files_in_scope(scope)
103
107
  archive = compress_files(files_to_pack)
104
108
  content_type 'application/x-gzip'
109
+ headers['content-encoding'] = 'gzip'
105
110
  archive.string
106
111
  end
107
112
 
@@ -0,0 +1 @@
1
+ spec/fixtures/master.3fa3fd97848a72ae539b75bccd6028cd1d4e92e3
@@ -1,23 +1,24 @@
1
1
  Gem::Specification.new do |s|
2
- s.version = '0.1.4'
2
+ s.version = '0.1.12'
3
3
  s.name = 'talos'
4
4
  s.authors = ['Alexey Lapitsky', 'Johan Haals']
5
5
  s.email = 'alexey@spotify.com'
6
6
  s.summary = %q{Hiera secrets distribution over HTTP}
7
7
  s.description = %q{Distribute compressed hiera yaml files to authenticated puppet clients over HTTP}
8
8
  s.homepage = 'https://github.com/spotify/talos'
9
- s.license = 'Apache 2.0'
9
+ s.license = 'Apache-2.0'
10
10
 
11
11
  s.files = `git ls-files`.split($\)
12
12
  s.executables = s.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
13
13
  s.test_files = s.files.grep(%r{^(test|spec|features)/})
14
14
  s.require_paths = ['lib']
15
15
 
16
- s.add_dependency 'rack', '< 1.6'
17
- s.add_dependency 'sinatra'
18
- s.add_dependency 'hiera'
19
- s.add_dependency 'archive-tar-minitar'
16
+ s.add_dependency 'rack', '2.2.3'
17
+ s.add_dependency 'sinatra', '~> 2.0.8'
18
+ s.add_dependency 'hiera', '~> 3.6.0'
19
+ s.add_dependency 'archive-tar-minitar', '~> 0.5.2'
20
20
  s.add_development_dependency 'rake'
21
+ s.add_development_dependency 'rack-test', '~> 1.1.0'
21
22
  s.add_development_dependency 'sinatra-contrib'
22
23
  s.add_development_dependency 'rspec', '>= 2.9'
23
24
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: talos
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.4
4
+ version: 0.1.12
5
5
  platform: ruby
6
6
  authors:
7
7
  - Alexey Lapitsky
@@ -9,104 +9,118 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2016-01-07 00:00:00.000000000 Z
12
+ date: 2020-08-13 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rack
16
16
  requirement: !ruby/object:Gem::Requirement
17
17
  requirements:
18
- - - <
18
+ - - '='
19
19
  - !ruby/object:Gem::Version
20
- version: '1.6'
20
+ version: 2.2.3
21
21
  type: :runtime
22
22
  prerelease: false
23
23
  version_requirements: !ruby/object:Gem::Requirement
24
24
  requirements:
25
- - - <
25
+ - - '='
26
26
  - !ruby/object:Gem::Version
27
- version: '1.6'
27
+ version: 2.2.3
28
28
  - !ruby/object:Gem::Dependency
29
29
  name: sinatra
30
30
  requirement: !ruby/object:Gem::Requirement
31
31
  requirements:
32
- - - '>='
32
+ - - "~>"
33
33
  - !ruby/object:Gem::Version
34
- version: '0'
34
+ version: 2.0.8
35
35
  type: :runtime
36
36
  prerelease: false
37
37
  version_requirements: !ruby/object:Gem::Requirement
38
38
  requirements:
39
- - - '>='
39
+ - - "~>"
40
40
  - !ruby/object:Gem::Version
41
- version: '0'
41
+ version: 2.0.8
42
42
  - !ruby/object:Gem::Dependency
43
43
  name: hiera
44
44
  requirement: !ruby/object:Gem::Requirement
45
45
  requirements:
46
- - - '>='
46
+ - - "~>"
47
47
  - !ruby/object:Gem::Version
48
- version: '0'
48
+ version: 3.6.0
49
49
  type: :runtime
50
50
  prerelease: false
51
51
  version_requirements: !ruby/object:Gem::Requirement
52
52
  requirements:
53
- - - '>='
53
+ - - "~>"
54
54
  - !ruby/object:Gem::Version
55
- version: '0'
55
+ version: 3.6.0
56
56
  - !ruby/object:Gem::Dependency
57
57
  name: archive-tar-minitar
58
58
  requirement: !ruby/object:Gem::Requirement
59
59
  requirements:
60
- - - '>='
60
+ - - "~>"
61
61
  - !ruby/object:Gem::Version
62
- version: '0'
62
+ version: 0.5.2
63
63
  type: :runtime
64
64
  prerelease: false
65
65
  version_requirements: !ruby/object:Gem::Requirement
66
66
  requirements:
67
- - - '>='
67
+ - - "~>"
68
68
  - !ruby/object:Gem::Version
69
- version: '0'
69
+ version: 0.5.2
70
70
  - !ruby/object:Gem::Dependency
71
71
  name: rake
72
72
  requirement: !ruby/object:Gem::Requirement
73
73
  requirements:
74
- - - '>='
74
+ - - ">="
75
75
  - !ruby/object:Gem::Version
76
76
  version: '0'
77
77
  type: :development
78
78
  prerelease: false
79
79
  version_requirements: !ruby/object:Gem::Requirement
80
80
  requirements:
81
- - - '>='
81
+ - - ">="
82
82
  - !ruby/object:Gem::Version
83
83
  version: '0'
84
+ - !ruby/object:Gem::Dependency
85
+ name: rack-test
86
+ requirement: !ruby/object:Gem::Requirement
87
+ requirements:
88
+ - - "~>"
89
+ - !ruby/object:Gem::Version
90
+ version: 1.1.0
91
+ type: :development
92
+ prerelease: false
93
+ version_requirements: !ruby/object:Gem::Requirement
94
+ requirements:
95
+ - - "~>"
96
+ - !ruby/object:Gem::Version
97
+ version: 1.1.0
84
98
  - !ruby/object:Gem::Dependency
85
99
  name: sinatra-contrib
86
100
  requirement: !ruby/object:Gem::Requirement
87
101
  requirements:
88
- - - '>='
102
+ - - ">="
89
103
  - !ruby/object:Gem::Version
90
104
  version: '0'
91
105
  type: :development
92
106
  prerelease: false
93
107
  version_requirements: !ruby/object:Gem::Requirement
94
108
  requirements:
95
- - - '>='
109
+ - - ">="
96
110
  - !ruby/object:Gem::Version
97
111
  version: '0'
98
112
  - !ruby/object:Gem::Dependency
99
113
  name: rspec
100
114
  requirement: !ruby/object:Gem::Requirement
101
115
  requirements:
102
- - - '>='
116
+ - - ">="
103
117
  - !ruby/object:Gem::Version
104
118
  version: '2.9'
105
119
  type: :development
106
120
  prerelease: false
107
121
  version_requirements: !ruby/object:Gem::Requirement
108
122
  requirements:
109
- - - '>='
123
+ - - ">="
110
124
  - !ruby/object:Gem::Version
111
125
  version: '2.9'
112
126
  description: Distribute compressed hiera yaml files to authenticated puppet clients
@@ -116,8 +130,9 @@ executables: []
116
130
  extensions: []
117
131
  extra_rdoc_files: []
118
132
  files:
119
- - .gitignore
120
- - .rspec
133
+ - ".gitignore"
134
+ - ".rspec"
135
+ - ".travis.yml"
121
136
  - Gemfile
122
137
  - LICENSE
123
138
  - README.md
@@ -125,6 +140,7 @@ files:
125
140
  - config.ru
126
141
  - lib/talos.rb
127
142
  - spec/fixtures/hiera.yaml
143
+ - spec/fixtures/master
128
144
  - spec/fixtures/master.3fa3fd97848a72ae539b75bccd6028cd1d4e92e3/common.yaml
129
145
  - spec/fixtures/master.3fa3fd97848a72ae539b75bccd6028cd1d4e92e3/fqdn/foo.bar.yaml
130
146
  - spec/fixtures/master.3fa3fd97848a72ae539b75bccd6028cd1d4e92e3/role/foobar/testing.yaml
@@ -137,7 +153,7 @@ files:
137
153
  - talos.gemspec
138
154
  homepage: https://github.com/spotify/talos
139
155
  licenses:
140
- - Apache 2.0
156
+ - Apache-2.0
141
157
  metadata: {}
142
158
  post_install_message:
143
159
  rdoc_options: []
@@ -145,22 +161,22 @@ require_paths:
145
161
  - lib
146
162
  required_ruby_version: !ruby/object:Gem::Requirement
147
163
  requirements:
148
- - - '>='
164
+ - - ">="
149
165
  - !ruby/object:Gem::Version
150
166
  version: '0'
151
167
  required_rubygems_version: !ruby/object:Gem::Requirement
152
168
  requirements:
153
- - - '>='
169
+ - - ">="
154
170
  - !ruby/object:Gem::Version
155
171
  version: '0'
156
172
  requirements: []
157
- rubyforge_project:
158
- rubygems_version: 2.0.14
173
+ rubygems_version: 3.0.6
159
174
  signing_key:
160
175
  specification_version: 4
161
176
  summary: Hiera secrets distribution over HTTP
162
177
  test_files:
163
178
  - spec/fixtures/hiera.yaml
179
+ - spec/fixtures/master
164
180
  - spec/fixtures/master.3fa3fd97848a72ae539b75bccd6028cd1d4e92e3/common.yaml
165
181
  - spec/fixtures/master.3fa3fd97848a72ae539b75bccd6028cd1d4e92e3/fqdn/foo.bar.yaml
166
182
  - spec/fixtures/master.3fa3fd97848a72ae539b75bccd6028cd1d4e92e3/role/foobar/testing.yaml