trocla-ruby2 0.4.0

data/Rakefile

@@ -0,0 +1,53 @@
+# encoding: utf-8
+
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'rake'
+
+
+require 'jeweler'
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), 'lib'))
+require 'trocla'
+Jeweler::Tasks.new do |gem|
+  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
+  gem.name = "trocla"
+  gem.homepage = "https://tech.immerda.ch/2011/12/trocla-get-hashed-passwords-out-of-puppet-manifests/"
+  gem.license = "GPLv3"
+  gem.summary = "Trocla a simple password generator and storage" 
+  gem.description = "Trocla helps you to generate random passwords and to store them in various formats (plain, MD5, bcrypt) for later retrival."
+  gem.email = "mh+trocla@immerda.ch"
+  gem.authors = ["mh"]
+  gem.version = Trocla::VERSION::STRING
+  # dependencies defined in Gemfile
+end
+Jeweler::RubygemsDotOrgTasks.new
+
+require 'rspec/core'
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec) do |spec|
+  spec.pattern = FileList['spec/**/*_spec.rb']
+end
+
+RSpec::Core::RakeTask.new(:rcov) do |spec|
+  spec.pattern = 'spec/**/*_spec.rb'
+  spec.rcov = true
+end
+
+task :default => :spec
+
+gem 'rdoc'
+require 'rdoc/task'
+RDoc::Task.new do |rdoc|
+  version = Trocla::VERSION::STRING
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "trocla #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/bin/trocla

@@ -0,0 +1,148 @@
+#!/usr/bin/env ruby
+# CLI client for Trocla.
+#
+require 'rubygems'
+require 'trocla'
+require 'optparse'
+require 'yaml'
+
+options = { :config_file => nil, :ask_password => true, :trace => false }
+
+OptionParser.new do |opts|
+  opts.on('--version', '-V', 'Version information') do
+    puts Trocla::VERSION::STRING
+    exit
+  end
+
+  opts.on('--config CONFIG', '-c', 'Configuration file') do |v|
+    if File.exist?(v)
+      options[:config_file] = v
+    else
+      STDERR.puts "Cannot find config file: #{v}"
+      exit 1
+    end
+  end
+
+  opts.on('--trace', 'Show stack trace on failure') do
+    options[:trace] = true
+  end
+
+  opts.on('--no-random', 'Do not generate a random password if there is no plain text password available') do
+    options['random'] = false
+  end
+
+  opts.on('--no-format', 'Do not format a password when setting it using `set`') do
+    options['no_format'] = true
+  end
+
+  opts.on('--length LENGTH', 'Length for a randomly created password') do |v|
+    options['length'] = v.to_i
+  end
+
+  opts.on('--password [PASSWORD]', '-p', 'Provide password at command line or STDIN') do |pass|
+    options[:ask_password] = false
+    options[:password] = pass
+  end
+
+end.parse!
+
+def create(options)
+  [ Trocla.new(options.delete(:config_file)).password(
+    options.delete(:trocla_key),
+    options.delete(:trocla_format),
+    options.merge(YAML.load(options.delete(:other_options).shift.to_s)||{})
+  ) , 0 ]
+end
+
+def get(options)
+  res = Trocla.new(options.delete(:config_file)).get_password(
+    options.delete(:trocla_key),
+    options.delete(:trocla_format),
+    options.merge(YAML.load(options.delete(:other_options).shift.to_s)||{})
+  )
+  [ res, res.nil? ? 1 : 0 ]
+end
+def set(options)
+  if options.delete(:ask_password)
+    require 'highline/import'
+    password = ask('Enter your password: ') { |q| q.echo = 'x' }.to_s
+    pwd2 = ask('Repeat password: ') { |q| q.echo = 'x' }.to_s
+    unless password == pwd2
+      STDERR.puts 'Passwords did not match, exiting!'
+      return [ nil, 1 ]
+    end
+  else
+    password = options.delete(:password) || STDIN.read.chomp
+  end
+  format = options.delete(:trocla_format)
+  no_format = options.delete('no_format')
+  trocla = Trocla.new(options.delete(:config_file))
+  value = if no_format
+    password
+  else
+    trocla.formats(format).format(password, (YAML.load(options.delete(:other_options).shift.to_s)||{}))
+  end
+  trocla.set_password(
+    options.delete(:trocla_key),
+    format,
+    value
+  )
+  [ '', 0 ]
+end
+
+def reset(options)
+  [ Trocla.new(options.delete(:config_file)).reset_password(
+    options.delete(:trocla_key),
+    options.delete(:trocla_format),
+    options.merge(YAML.load(options.delete(:other_options).shift.to_s)||{})
+  ), 0 ]
+end
+
+def delete(options)
+  [ Trocla.new(options.delete(:config_file)).delete_password(
+    options.delete(:trocla_key),
+    options.delete(:trocla_format)
+  ), 0 ]
+end
+
+def formats(options)
+  "Available formats: #{Trocla::Formats.all.join(', ')}"
+end
+
+def check_format(format_name)
+  if format_name.nil?
+    STDERR.puts 'Missing format, exiting...'
+    exit 1
+  elsif !Trocla::Formats.available?(format_name)
+    STDERR.puts "Error: The format #{format_name} is not available"
+    exit 1
+  end
+end
+
+actions=['create','get','set','reset','delete', 'formats' ]
+
+if (action=ARGV.shift) && actions.include?(action)
+    options[:trocla_key] = ARGV.shift
+    options[:trocla_format] = ARGV.shift
+    options[:other_options] = ARGV
+    check_format(options[:trocla_format]) unless ['delete','formats'].include?(action)
+    begin
+      result, excode = send(action,options)
+      if result
+        puts result.is_a?(String) ? result : result.inspect
+      end
+    rescue Exception => e
+      unless e.message == 'exit'
+        STDERR.puts "Action failed with the following message: #{e.message}"
+        STDERR.puts '(See full trace by running task with --trace)'
+      end
+      raise e if options[:trace]
+      exit 1
+    end
+    exit excode.nil? ? 0 : excode
+else
+    STDERR.puts "Please supply one of the following actions: #{actions.join(', ')}"
+    STDERR.puts "Use #{$0} --help to get a list of options for these actions"
+    exit 1
+end
+

data/ext/redhat/rubygem-trocla.spec

@@ -0,0 +1,120 @@
+# Generated from trocla-0.1.2.gem by gem2rpm -*- rpm-spec -*-
+%global gem_name trocla
+
+Name: rubygem-%{gem_name}
+Version: 0.3.0
+Release: 1%{?dist}
+Summary: Trocla a simple password generator and storage
+Group: Development/Languages
+License: GPLv3
+URL: https://tech.immerda.ch/2011/12/trocla-get-hashed-passwords-out-of-puppet-manifests/
+Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem
+Requires: rubygem-moneta
+Requires: rubygem-bcrypt
+Requires: rubygem-highline
+BuildRequires: rubygem-moneta = 0.7.20
+BuildRequires: rubygem-bcrypt
+BuildRequires: rubygem-highline
+%if 0%{?rhel} >= 7
+BuildRequires: ruby(release)
+%endif
+BuildRequires: rubygems-devel
+BuildRequires: ruby
+# BuildRequires: rubygem(mocha)
+# BuildRequires: rubygem(rspec) => 2.4
+# BuildRequires: rubygem(rspec) < 3
+# BuildRequires: rubygem(jeweler) => 1.6
+# BuildRequires: rubygem(jeweler) < 2
+BuildArch: noarch
+
+%description
+Trocla helps you to generate random passwords and to store them in various
+formats (plain, MD5, bcrypt) for later retrival.
+
+
+%package doc
+Summary: Documentation for %{name}
+Group: Documentation
+Requires: %{name} = %{version}-%{release}
+BuildArch: noarch
+
+%description doc
+Documentation for %{name}.
+
+%prep
+gem unpack %{SOURCE0}
+
+%setup -q -D -T -n  %{gem_name}-%{version}
+
+gem spec %{SOURCE0} -l --ruby > %{gem_name}.gemspec
+
+%build
+# Create the gem as gem install only works on a gem file
+gem build %{gem_name}.gemspec
+
+# %%gem_install compiles any C extensions and installs the gem into ./%%gem_dir
+# by default, so that we can move it into the buildroot in %%install
+%gem_install
+
+%install
+mkdir -p %{buildroot}%{gem_dir}
+cp -a .%{gem_dir}/* \
+        %{buildroot}%{gem_dir}/
+
+
+mkdir -p %{buildroot}%{_bindir}
+mkdir -p %{buildroot}%{_sysconfdir}
+mkdir -p %{buildroot}/%{_sharedstatedir}/%{gem_name}
+touch %{buildroot}/%{_sharedstatedir}/%{gem_name}/%{gem_name}_data.yaml
+
+cp -pa .%{_bindir}/* \
+        %{buildroot}%{_bindir}/
+
+chmod a+x %{buildroot}%{gem_instdir}/bin/%{gem_name}
+
+cat <<EOF > %{buildroot}/%{_sysconfdir}/%{gem_name}rc.yaml
+---
+store: :moneta
+store_options:
+  adapter: :YAML
+  adapter_options:
+    :file: '%{_sharedstatedir}/%{gem_name}/%{gem_name}_data.yaml'
+EOF
+
+# Run the test suite
+%check
+pushd .%{gem_instdir}
+
+popd
+
+%files
+%dir %{gem_instdir}
+%{_bindir}/trocla
+%{gem_instdir}/.rspec
+%exclude %{gem_instdir}/.travis.yml
+%exclude %{gem_instdir}/.rspec
+%exclude %{gem_instdir}/ext/redhat/%{name}.spec
+%license %{gem_instdir}/LICENSE.txt
+%{gem_instdir}/bin
+%{gem_libdir}
+%exclude %{gem_cache}
+%{gem_spec}
+%config(noreplace) %{_sysconfdir}/%{gem_name}rc.yaml
+%dir %attr(-, -, -) %{_sharedstatedir}/%{gem_name}
+%config(noreplace) %attr(660, root, root) %{_sharedstatedir}/%{gem_name}/%{gem_name}_data.yaml
+
+%files doc
+%doc %{gem_docdir}
+%doc %{gem_instdir}/.document
+%{gem_instdir}/Gemfile
+%doc %{gem_instdir}/README.md
+%doc %{gem_instdir}/CHANGELOG.md
+%{gem_instdir}/Rakefile
+%{gem_instdir}/spec
+%{gem_instdir}/trocla.gemspec
+
+%changelog
+* Mon Dec 21 2015 mh - 0.2.0-1
+- Release of v0.2.0
+* Sun Jun 21 2015 mh - 0.1.2-1
+- Initial package

data/lib/VERSION

@@ -0,0 +1,4 @@
+major:0
+minor:3
+patch:0
+build:

data/lib/trocla.rb

@@ -0,0 +1,162 @@
+require 'trocla/version'
+require 'trocla/util'
+require 'trocla/formats'
+require 'trocla/encryptions'
+require 'trocla/stores'
+
+class Trocla
+  def initialize(config_file=nil)
+    if config_file
+      @config_file = File.expand_path(config_file)
+    elsif File.exists?(def_config_file=File.expand_path('~/.troclarc.yaml')) || File.exists?(def_config_file=File.expand_path('/etc/troclarc.yaml'))
+      @config_file = def_config_file
+    end
+  end
+
+  def self.open(config_file=nil)
+    trocla = Trocla.new(config_file)
+
+    if block_given?
+      yield trocla
+      trocla.close
+    else
+      trocla
+    end
+  end
+
+  def password(key,format,options={})
+    # respect a default profile, but let the
+    # profiles win over the default options
+    options['profiles'] ||= config['options']['profiles']
+    if options['profiles']
+      options = merge_profiles(options['profiles']).merge(options)
+    end
+    options = config['options'].merge(options)
+
+    raise "Format #{format} is not supported! Supported formats: #{Trocla::Formats.all.join(', ')}" unless Trocla::Formats::available?(format)
+
+    unless (password=get_password(key,format,options)).nil?
+      return password
+    end
+
+    plain_pwd = get_password(key,'plain',options)
+    if options['random'] && plain_pwd.nil?
+      plain_pwd = Trocla::Util.random_str(options['length'].to_i,options['charset'])
+      set_password(key,'plain',plain_pwd,options) unless format == 'plain'
+    elsif !options['random'] && plain_pwd.nil?
+      raise "Password must be present as plaintext if you don't want a random password"
+    end
+    pwd = self.formats(format).format(plain_pwd,options)
+    # it's possible that meanwhile another thread/process was faster in
+    # formating the password. But we want todo that second lookup
+    # only for expensive formats
+    if self.formats(format).expensive?
+      get_password(key,format,options) || set_password(key, format, pwd, options)
+    else
+      set_password(key, format, pwd, options)
+    end
+  end
+
+  def get_password(key, format, options={})
+    render(format,decrypt(store.get(key,format)),options)
+  end
+
+  def reset_password(key,format,options={})
+    set_password(key,format,nil,options)
+    password(key,format,options)
+  end
+
+  def delete_password(key,format=nil,options={})
+    v = store.delete(key,format)
+    if v.is_a?(Hash)
+      Hash[*v.map do |f,encrypted_value|
+        [f,render(format,decrypt(encrypted_value),options)]
+      end.flatten]
+    else
+      render(format,decrypt(v),options)
+    end
+  end
+
+  def set_password(key,format,password,options={})
+    store.set(key,format,encrypt(password),options)
+    render(format,password,options)
+  end
+
+  def formats(format)
+    (@format_cache||={})[format] ||= Trocla::Formats[format].new(self)
+  end
+
+  def encryption
+    @encryption ||= Trocla::Encryptions[config['encryption']].new(config['encryption_options'],self)
+  end
+
+  def config
+    @config ||= read_config
+  end
+
+  def close
+    store.close
+  end
+
+  private
+  def store
+    @store ||= build_store
+  end
+
+  def build_store
+    s = config['store']
+    clazz = if s.is_a?(Symbol)
+      Trocla::Stores[s]
+    else
+      require config['store_require'] if config['store_require']
+      eval(s)
+    end
+    clazz.new(config['store_options'],self)
+  end
+
+  def read_config
+    if @config_file.nil?
+      default_config
+    else
+      raise "Configfile #{@config_file} does not exist!" unless File.exists?(@config_file)
+      c = default_config.merge(YAML.load(File.read(@config_file)))
+      c['profiles'] = default_config['profiles'].merge(c['profiles'])
+      # migrate all options to new store options
+      # TODO: remove workaround in 0.3.0
+      c['store_options']['adapter'] = c['adapter'] if c['adapter']
+      c['store_options']['adapter_options'] = c['adapter_options'] if c['adapter_options']
+      c['encryption_options'] = c['ssl_options'] if c['ssl_options']
+      c
+    end
+  end
+
+  def encrypt(value)
+    encryption.encrypt(value)
+  end
+
+  def decrypt(value)
+    return nil if value.nil?
+    encryption.decrypt(value)
+  end
+
+  def render(format,output,options={})
+    if format && output && f=self.formats(format)
+      f.render(output,options['render']||{})
+    else
+      output
+    end
+  end
+
+  def default_config
+    require 'yaml'
+    YAML.load(File.read(File.expand_path(File.join(File.dirname(__FILE__),'trocla','default_config.yaml'))))
+  end
+
+  def merge_profiles(profiles)
+    Array(profiles).inject({}) do |res,profile|
+      raise "No such profile #{profile} defined" unless profile_hash = config['profiles'][profile]
+      profile_hash.merge(res)
+    end
+  end
+
+end