talos 0.1.5 → 0.1.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b90c35ec3dc7403cb4e22821dbef69b585e274d4
-  data.tar.gz: 1bff4ea4d6372fefc7022b975360453780db53e4
+  metadata.gz: 37518a52c1a810d98ff2e1a66e362b13ec057bc5
+  data.tar.gz: 176679ef4e2cc207f099452eb5f10f5cec0fdb35
 SHA512:
-  metadata.gz: 0cadf5930f2b9b1e07c03b23bba3de8da837d1d8521051b47927ac9ccbc8bec33cfa3415b7295b19c679392c72d67e26e03b94e36728ff729fe0518eb7209f54
-  data.tar.gz: 9a3d28f07c8ee1e26a4dae7967c643b324919519116f2b62771a6ec560b8ec922379bd6f9e33fadcac9eb337047e1acd3d4eea5a4ab20c8e983dcce769659e2e
+  metadata.gz: 97fb24dd46855711a92869784ce965ef0f139d7de5dba08068cb58824b54fe0fe104ddc0b3c3aac596a4dabb7622cfbf22af684bc1b242d7baa87df0c383ab9a
+  data.tar.gz: 57b72db876fd7ce56052f5c56a1d2553fd211dcb2e8788a8e34933df7ebf2a0f7ec37936fc9d54839468b2f85415cf0ef0522b6d0b3429ffbfc08f2b175d5703

data/.travis.yml

@@ -3,7 +3,7 @@ rvm:
 - 1.9.3
 - 2.3.0
 - jruby-19mode
-- rbx-3
+
 deploy:
   provider: rubygems
   on:

data/README.md

@@ -4,7 +4,7 @@ Talos
 [![Gem Version](https://badge.fury.io/rb/talos.svg)](http://badge.fury.io/rb/talos)
 [![Build Status](https://travis-ci.org/spotify/talos.png?branch=master)](https://travis-ci.org/spotify/talos)
 
-Talos is a rack application which servers Hiera yaml files over HTTP.
+Talos is a rack application which serves Hiera yaml files over HTTP.
 It authorizes clients based on the SSL certificates issued by the Puppet CA and returns only the files in the
 [Hiera scope](https://docs.puppetlabs.com/hiera/3.0/command_line.html#json-and-yaml-scopes).
 
@@ -55,6 +55,7 @@ scopes:
       environment: testing
 
 unsafe_scopes: true
+ssl: true
 ```
 
 When receiving a request, Talos iterates over `scopes` list and matches
@@ -71,6 +72,9 @@ scope on collision.
 If `unsafe_scopes` option is enabled, Talos will also add all the parameters
 passed by the client to the Hiera scope.
 
+The `ssl` option defaults to enabled. When disabled, the `fqdn` query parameter
+is used to determine scopes rather than the client certificate.
+
 Hiera
 -----
 You need to provide `/etc/talos/hiera.yaml` file to configure Hiera

data/lib/talos.rb

@@ -24,9 +24,11 @@ require 'archive/tar/minitar'
 require 'pathname'
 include Archive::Tar
 
+
 class Talos < Sinatra::Base
   def self.prepare_config(path)
     set :talos, YAML.load_file(path)
+    settings.talos['ssl'] = true if settings.talos['ssl'].nil?
     settings.talos['scopes'].each do |scope_config|
       begin
         scope_config['regexp'] = Regexp.new(scope_config['match'])
@@ -47,6 +49,7 @@ class Talos < Sinatra::Base
   configure :production do
     set :hiera, Hiera::Config::load(File.expand_path('/etc/talos/hiera.yaml'))
     prepare_config('/etc/talos/talos.yaml')
+    warn("SECURITY WARNING: use of ssl is disabled, client requests cannot be authenticated") if !settings.talos['ssl']
     warn("SECURITY WARNING: unsafe_scopes are enabled, SSL authentication bypass is possible") if settings.talos['unsafe_scopes']
   end
 
@@ -97,11 +100,13 @@ class Talos < Sinatra::Base
   end
 
   get '/' do
-    fqdn = settings.development? ? params[:fqdn] : request.env['HTTP_SSL_CLIENT_S_DN_CN']
+    fqdn_env = request.env['HTTP_SSL_CLIENT_S_DN_CN'] ? request.env['HTTP_SSL_CLIENT_S_DN_CN'] : request.env['SSL_CLIENT_S_DN_CN'] 
+    fqdn = (settings.development? || !settings.talos['ssl']) ? params[:fqdn] : fqdn_env
     scope = get_scope(fqdn)
     files_to_pack = files_in_scope(scope)
     archive = compress_files(files_to_pack)
     content_type 'application/x-gzip'
+    headers['content-encoding'] = 'gzip'
     archive.string
   end
 

data/spec/fixtures/master

@@ -1 +1 @@
-spec/fixtures/master.3fa3fd97848a72ae539b75bccd6028cd1d4e92e3
+master.3fa3fd97848a72ae539b75bccd6028cd1d4e92e3

data/talos.gemspec

@@ -1,19 +1,19 @@
 Gem::Specification.new do |s|
-  s.version       = '0.1.5'
+  s.version       = '0.1.7'
   s.name          = 'talos'
   s.authors       = ['Alexey Lapitsky', 'Johan Haals']
   s.email         = 'alexey@spotify.com'
   s.summary       = %q{Hiera secrets distribution over HTTP}
   s.description   = %q{Distribute compressed hiera yaml files to authenticated puppet clients over HTTP}
   s.homepage      = 'https://github.com/spotify/talos'
-  s.license       = 'Apache 2.0'
+  s.license       = 'Apache-2.0'
 
   s.files         = `git ls-files`.split($\)
   s.executables   = s.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
   s.test_files    = s.files.grep(%r{^(test|spec|features)/})
   s.require_paths = ['lib']
 
-  s.add_dependency 'rack', '< 1.6'
+  s.add_dependency 'rack', '1.6.4'
   s.add_dependency 'sinatra', '~> 1.4.7'
   s.add_dependency 'hiera', '~> 3.2.0'
   s.add_dependency 'archive-tar-minitar', '~> 0.5.2'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: talos
 version: !ruby/object:Gem::Version
-  version: 0.1.5
+  version: 0.1.7
 platform: ruby
 authors:
 - Alexey Lapitsky
@@ -9,22 +9,22 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-12-18 00:00:00.000000000 Z
+date: 2019-03-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "<"
+    - - '='
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: 1.6.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "<"
+    - - '='
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: 1.6.4
 - !ruby/object:Gem::Dependency
   name: sinatra
   requirement: !ruby/object:Gem::Requirement
@@ -139,7 +139,7 @@ files:
 - talos.gemspec
 homepage: https://github.com/spotify/talos
 licenses:
-- Apache 2.0
+- Apache-2.0
 metadata: {}
 post_install_message: 
 rdoc_options: []
@@ -157,7 +157,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.8
+rubygems_version: 2.5.2.3
 signing_key: 
 specification_version: 4
 summary: Hiera secrets distribution over HTTP