talos 0.1.4 → 0.1.12

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +5 -5
  2. data/.travis.yml +17 -0
  3. data/README.md +14 -4
  4. data/lib/talos.rb +7 -2
  5. data/spec/fixtures/master +1 -0
  6. data/talos.gemspec +7 -6
  7. metadata +47 -31
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: dab3a4d04cdbaf2341a864339844d4d50f802306
4
- data.tar.gz: bd03b9ac3160f2d8fbfe2739ad35a664b603861f
2
+ SHA256:
3
+ metadata.gz: a8f0efd69cc2ac6c66c14f6eacb00b8aab5728b6f42d075b6434074c0765a8ae
4
+ data.tar.gz: 81fc691b4ccf9728449262103e748a397d399ca0900c62253c05be2dc612eb8f
5
5
  SHA512:
6
- metadata.gz: 82674e70f3223c42862fceef23d0a3c3a30624f459b4a992824da9ba0e85064a0f4b0ca7ec78a3608b4fd5798e63fefbd6b10ae4494ca56012cc59ad1f2ed6ad
7
- data.tar.gz: 56ca8ed739df572e59ce4ea9f96a9f4a93ca0313c3f5b2d59c2b7c8a8861ebda0119dc438efe67a3d006d24b98e7bb01e79cfed3764c406d516fb00b85c66f16
6
+ metadata.gz: 96090bf35cdbe9ca0057f13b8c88e6013a5f97c4b4555e49c6e6a6c1c3b66e2780fef4130dea5fd5731a38ddb123cda9b7fa6e26c124aecf5c31c30de388247f
7
+ data.tar.gz: 8d260417b450c139b2ce9eeed458f0448c5ac49ce273ff42f149e62ac8b1e36b7cd0806266ea14f7f51eb61e30c872c9f572b21ed7be996cbb868fc7506dcc0b
data/.travis.yml ADDED
@@ -0,0 +1,17 @@
1
+ language: ruby
2
+ rvm:
3
+ - 2.4.9
4
+ - 2.5.3
5
+ - 2.5.7
6
+ - 2.6.5
7
+ - 2.7.0
8
+ - jruby-19mode
9
+
10
+ deploy:
11
+ provider: rubygems
12
+ on:
13
+ tags: true
14
+ rvm: 2.6.5
15
+ api_key:
16
+ secure: Y2LlE9bODO/j7iL4ycLKaOo1HjqzRXe8E6fPkjF2lWZvjbmYVZRCKky5+xJYO8OoAweAeEa9rYiujpDfUzBWfC3U3rRMkcxcfPePT169PGvosAsHVEl6FXXvo9ra3NJpXVLkNBpToKktQ7nlWfyj/AQeh3l7aQdW9ttfoAXKAoLpFaJpkGWCB9vFVlncWsM9ND8Gj5CgUjxuVN1TUksghlGFq7hEeFUOLJcy09e6EzaIdLSpy4SgyDnwiJrSkiDDGVqwc0rCoEgRyHKrw3xbrBB/IVKSoFaBAkZgyIBGPIQKhM890/Ho6GkA9R+Qu7P4FBd5HMziCJCKZhq4rbRZkiT1cnq04SIwCxySy31iIUI+M+eHPijECqDP4SkLELpa0uZV6xWU+zTHix/3StXKbIxMGuHcb5kF12wnSK6eCw+BJpZugI27FRsP3oPxX4CVSSMtV9PG14uie6Qnq7CWmAsTKXS983cPLIbhGojSedU8I8bIDF2uHXTwjNInMkpOQuHeGFaI4LAcTHS7byjisc0t4mIaSWn4w966kUUsnJm1IkpS6xQy7DtcLockkzei7+HpyIFnMMce5S1Pwd5wRfLPXOQontVTd5ERZxbAd2Q5Vej2E+zbxxJCKaQdKulFgX6DIs6BBhp3gI8LO+9W5tgtkaHEgxUnEzELqXgM7i4=
17
+ dist: bionic
data/README.md CHANGED
@@ -4,8 +4,9 @@ Talos
4
4
  [![Gem Version](https://badge.fury.io/rb/talos.svg)](http://badge.fury.io/rb/talos)
5
5
  [![Build Status](https://travis-ci.org/spotify/talos.png?branch=master)](https://travis-ci.org/spotify/talos)
6
6
 
7
- Talos is a rack application which servers Hiera yaml files over HTTP.
8
- It authorizes clients based on the SSL certificates issued by the Puppet CA and returns only the files in the Hiera scope.
7
+ Talos is a rack application which serves Hiera yaml files over HTTP.
8
+ It authorizes clients based on the SSL certificates issued by the Puppet CA and returns only the files in the
9
+ [Hiera scope](https://docs.puppetlabs.com/hiera/3.0/command_line.html#json-and-yaml-scopes).
9
10
 
10
11
  Talos is used to store and distribute secrets via Hiera to the masterless puppet clients.
11
12
 
@@ -54,6 +55,7 @@ scopes:
54
55
  environment: testing
55
56
 
56
57
  unsafe_scopes: true
58
+ ssl: true
57
59
  ```
58
60
 
59
61
  When receiving a request, Talos iterates over `scopes` list and matches
@@ -70,6 +72,9 @@ scope on collision.
70
72
  If `unsafe_scopes` option is enabled, Talos will also add all the parameters
71
73
  passed by the client to the Hiera scope.
72
74
 
75
+ The `ssl` option defaults to enabled. When disabled, the `fqdn` query parameter
76
+ is used to determine scopes rather than the client certificate.
77
+
73
78
  Hiera
74
79
  -----
75
80
  You need to provide `/etc/talos/hiera.yaml` file to configure Hiera
@@ -98,6 +103,11 @@ will return only the files that match the Hiera scope of the clients.
98
103
  Installing
99
104
  ----------
100
105
 
106
+ You can use [spotify/talos](https://github.com/spotify/puppet-talos)
107
+ puppet module to install Talos.
108
+
109
+ ### Manual installation
110
+
101
111
  First, install talos using rubygems:
102
112
 
103
113
  $ gem install talos
@@ -125,7 +135,7 @@ You can run Talos using Passenger or any other application server. Make
125
135
  sure you use Puppet SSL keys to validate the client certificates and to
126
136
  forward `SSL_CLIENT_S_DN_CN` header:
127
137
 
128
- ```
138
+ ```apacheconf
129
139
  <VirtualHost *:443>
130
140
  DocumentRoot "/var/lib/talos/public"
131
141
 
@@ -159,7 +169,7 @@ participating, you are expected to honor this code.
159
169
  https://github.com/spotify/code-of-conduct/blob/master/code-of-conduct.md
160
170
 
161
171
  License
162
- -----------------
172
+ -------
163
173
  ```text
164
174
  Copyright 2013-2016 Spotify AB
165
175
 
data/lib/talos.rb CHANGED
@@ -24,9 +24,11 @@ require 'archive/tar/minitar'
24
24
  require 'pathname'
25
25
  include Archive::Tar
26
26
 
27
+
27
28
  class Talos < Sinatra::Base
28
29
  def self.prepare_config(path)
29
30
  set :talos, YAML.load_file(path)
31
+ settings.talos['ssl'] = true if settings.talos['ssl'].nil?
30
32
  settings.talos['scopes'].each do |scope_config|
31
33
  begin
32
34
  scope_config['regexp'] = Regexp.new(scope_config['match'])
@@ -36,7 +38,7 @@ class Talos < Sinatra::Base
36
38
  end
37
39
  end
38
40
 
39
- configure :development do
41
+ configure :development, :test do
40
42
  require 'sinatra/reloader'
41
43
  register Sinatra::Reloader
42
44
  set :hiera, Hiera::Config::load(File.expand_path('spec/fixtures/hiera.yaml'))
@@ -47,6 +49,7 @@ class Talos < Sinatra::Base
47
49
  configure :production do
48
50
  set :hiera, Hiera::Config::load(File.expand_path('/etc/talos/hiera.yaml'))
49
51
  prepare_config('/etc/talos/talos.yaml')
52
+ warn("SECURITY WARNING: use of ssl is disabled, client requests cannot be authenticated") if !settings.talos['ssl']
50
53
  warn("SECURITY WARNING: unsafe_scopes are enabled, SSL authentication bypass is possible") if settings.talos['unsafe_scopes']
51
54
  end
52
55
 
@@ -97,11 +100,13 @@ class Talos < Sinatra::Base
97
100
  end
98
101
 
99
102
  get '/' do
100
- fqdn = settings.development? ? params[:fqdn] : request.env['HTTP_SSL_CLIENT_S_DN_CN']
103
+ fqdn_env = request.env['HTTP_SSL_CLIENT_S_DN_CN'] ? request.env['HTTP_SSL_CLIENT_S_DN_CN'] : request.env['SSL_CLIENT_S_DN_CN']
104
+ fqdn = (settings.development? || !settings.talos['ssl']) ? params[:fqdn] : fqdn_env
101
105
  scope = get_scope(fqdn)
102
106
  files_to_pack = files_in_scope(scope)
103
107
  archive = compress_files(files_to_pack)
104
108
  content_type 'application/x-gzip'
109
+ headers['content-encoding'] = 'gzip'
105
110
  archive.string
106
111
  end
107
112
 
data/spec/fixtures/master ADDED
@@ -0,0 +1 @@
1
+ spec/fixtures/master.3fa3fd97848a72ae539b75bccd6028cd1d4e92e3
data/talos.gemspec CHANGED
@@ -1,23 +1,24 @@
1
1
  Gem::Specification.new do |s|
2
- s.version = '0.1.4'
2
+ s.version = '0.1.12'
3
3
  s.name = 'talos'
4
4
  s.authors = ['Alexey Lapitsky', 'Johan Haals']
5
5
  s.email = 'alexey@spotify.com'
6
6
  s.summary = %q{Hiera secrets distribution over HTTP}
7
7
  s.description = %q{Distribute compressed hiera yaml files to authenticated puppet clients over HTTP}
8
8
  s.homepage = 'https://github.com/spotify/talos'
9
- s.license = 'Apache 2.0'
9
+ s.license = 'Apache-2.0'
10
10
 
11
11
  s.files = `git ls-files`.split($\)
12
12
  s.executables = s.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
13
13
  s.test_files = s.files.grep(%r{^(test|spec|features)/})
14
14
  s.require_paths = ['lib']
15
15
 
16
- s.add_dependency 'rack', '< 1.6'
17
- s.add_dependency 'sinatra'
18
- s.add_dependency 'hiera'
19
- s.add_dependency 'archive-tar-minitar'
16
+ s.add_dependency 'rack', '2.2.3'
17
+ s.add_dependency 'sinatra', '~> 2.0.8'
18
+ s.add_dependency 'hiera', '~> 3.6.0'
19
+ s.add_dependency 'archive-tar-minitar', '~> 0.5.2'
20
20
  s.add_development_dependency 'rake'
21
+ s.add_development_dependency 'rack-test', '~> 1.1.0'
21
22
  s.add_development_dependency 'sinatra-contrib'
22
23
  s.add_development_dependency 'rspec', '>= 2.9'
23
24
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: talos
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.4
4
+ version: 0.1.12
5
5
  platform: ruby
6
6
  authors:
7
7
  - Alexey Lapitsky
@@ -9,104 +9,118 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2016-01-07 00:00:00.000000000 Z
12
+ date: 2020-08-13 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rack
16
16
  requirement: !ruby/object:Gem::Requirement
17
17
  requirements:
18
- - - <
18
+ - - '='
19
19
  - !ruby/object:Gem::Version
20
- version: '1.6'
20
+ version: 2.2.3
21
21
  type: :runtime
22
22
  prerelease: false
23
23
  version_requirements: !ruby/object:Gem::Requirement
24
24
  requirements:
25
- - - <
25
+ - - '='
26
26
  - !ruby/object:Gem::Version
27
- version: '1.6'
27
+ version: 2.2.3
28
28
  - !ruby/object:Gem::Dependency
29
29
  name: sinatra
30
30
  requirement: !ruby/object:Gem::Requirement
31
31
  requirements:
32
- - - '>='
32
+ - - "~>"
33
33
  - !ruby/object:Gem::Version
34
- version: '0'
34
+ version: 2.0.8
35
35
  type: :runtime
36
36
  prerelease: false
37
37
  version_requirements: !ruby/object:Gem::Requirement
38
38
  requirements:
39
- - - '>='
39
+ - - "~>"
40
40
  - !ruby/object:Gem::Version
41
- version: '0'
41
+ version: 2.0.8
42
42
  - !ruby/object:Gem::Dependency
43
43
  name: hiera
44
44
  requirement: !ruby/object:Gem::Requirement
45
45
  requirements:
46
- - - '>='
46
+ - - "~>"
47
47
  - !ruby/object:Gem::Version
48
- version: '0'
48
+ version: 3.6.0
49
49
  type: :runtime
50
50
  prerelease: false
51
51
  version_requirements: !ruby/object:Gem::Requirement
52
52
  requirements:
53
- - - '>='
53
+ - - "~>"
54
54
  - !ruby/object:Gem::Version
55
- version: '0'
55
+ version: 3.6.0
56
56
  - !ruby/object:Gem::Dependency
57
57
  name: archive-tar-minitar
58
58
  requirement: !ruby/object:Gem::Requirement
59
59
  requirements:
60
- - - '>='
60
+ - - "~>"
61
61
  - !ruby/object:Gem::Version
62
- version: '0'
62
+ version: 0.5.2
63
63
  type: :runtime
64
64
  prerelease: false
65
65
  version_requirements: !ruby/object:Gem::Requirement
66
66
  requirements:
67
- - - '>='
67
+ - - "~>"
68
68
  - !ruby/object:Gem::Version
69
- version: '0'
69
+ version: 0.5.2
70
70
  - !ruby/object:Gem::Dependency
71
71
  name: rake
72
72
  requirement: !ruby/object:Gem::Requirement
73
73
  requirements:
74
- - - '>='
74
+ - - ">="
75
75
  - !ruby/object:Gem::Version
76
76
  version: '0'
77
77
  type: :development
78
78
  prerelease: false
79
79
  version_requirements: !ruby/object:Gem::Requirement
80
80
  requirements:
81
- - - '>='
81
+ - - ">="
82
82
  - !ruby/object:Gem::Version
83
83
  version: '0'
84
+ - !ruby/object:Gem::Dependency
85
+ name: rack-test
86
+ requirement: !ruby/object:Gem::Requirement
87
+ requirements:
88
+ - - "~>"
89
+ - !ruby/object:Gem::Version
90
+ version: 1.1.0
91
+ type: :development
92
+ prerelease: false
93
+ version_requirements: !ruby/object:Gem::Requirement
94
+ requirements:
95
+ - - "~>"
96
+ - !ruby/object:Gem::Version
97
+ version: 1.1.0
84
98
  - !ruby/object:Gem::Dependency
85
99
  name: sinatra-contrib
86
100
  requirement: !ruby/object:Gem::Requirement
87
101
  requirements:
88
- - - '>='
102
+ - - ">="
89
103
  - !ruby/object:Gem::Version
90
104
  version: '0'
91
105
  type: :development
92
106
  prerelease: false
93
107
  version_requirements: !ruby/object:Gem::Requirement
94
108
  requirements:
95
- - - '>='
109
+ - - ">="
96
110
  - !ruby/object:Gem::Version
97
111
  version: '0'
98
112
  - !ruby/object:Gem::Dependency
99
113
  name: rspec
100
114
  requirement: !ruby/object:Gem::Requirement
101
115
  requirements:
102
- - - '>='
116
+ - - ">="
103
117
  - !ruby/object:Gem::Version
104
118
  version: '2.9'
105
119
  type: :development
106
120
  prerelease: false
107
121
  version_requirements: !ruby/object:Gem::Requirement
108
122
  requirements:
109
- - - '>='
123
+ - - ">="
110
124
  - !ruby/object:Gem::Version
111
125
  version: '2.9'
112
126
  description: Distribute compressed hiera yaml files to authenticated puppet clients
@@ -116,8 +130,9 @@ executables: []
116
130
  extensions: []
117
131
  extra_rdoc_files: []
118
132
  files:
119
- - .gitignore
120
- - .rspec
133
+ - ".gitignore"
134
+ - ".rspec"
135
+ - ".travis.yml"
121
136
  - Gemfile
122
137
  - LICENSE
123
138
  - README.md
@@ -125,6 +140,7 @@ files:
125
140
  - config.ru
126
141
  - lib/talos.rb
127
142
  - spec/fixtures/hiera.yaml
143
+ - spec/fixtures/master
128
144
  - spec/fixtures/master.3fa3fd97848a72ae539b75bccd6028cd1d4e92e3/common.yaml
129
145
  - spec/fixtures/master.3fa3fd97848a72ae539b75bccd6028cd1d4e92e3/fqdn/foo.bar.yaml
130
146
  - spec/fixtures/master.3fa3fd97848a72ae539b75bccd6028cd1d4e92e3/role/foobar/testing.yaml
@@ -137,7 +153,7 @@ files:
137
153
  - talos.gemspec
138
154
  homepage: https://github.com/spotify/talos
139
155
  licenses:
140
- - Apache 2.0
156
+ - Apache-2.0
141
157
  metadata: {}
142
158
  post_install_message:
143
159
  rdoc_options: []
@@ -145,22 +161,22 @@ require_paths:
145
161
  - lib
146
162
  required_ruby_version: !ruby/object:Gem::Requirement
147
163
  requirements:
148
- - - '>='
164
+ - - ">="
149
165
  - !ruby/object:Gem::Version
150
166
  version: '0'
151
167
  required_rubygems_version: !ruby/object:Gem::Requirement
152
168
  requirements:
153
- - - '>='
169
+ - - ">="
154
170
  - !ruby/object:Gem::Version
155
171
  version: '0'
156
172
  requirements: []
157
- rubyforge_project:
158
- rubygems_version: 2.0.14
173
+ rubygems_version: 3.0.6
159
174
  signing_key:
160
175
  specification_version: 4
161
176
  summary: Hiera secrets distribution over HTTP
162
177
  test_files:
163
178
  - spec/fixtures/hiera.yaml
179
+ - spec/fixtures/master
164
180
  - spec/fixtures/master.3fa3fd97848a72ae539b75bccd6028cd1d4e92e3/common.yaml
165
181
  - spec/fixtures/master.3fa3fd97848a72ae539b75bccd6028cd1d4e92e3/fqdn/foo.bar.yaml
166
182
  - spec/fixtures/master.3fa3fd97848a72ae539b75bccd6028cd1d4e92e3/role/foobar/testing.yaml