trocla-ruby2 0.4.0

data/spec/trocla_spec.rb

@@ -0,0 +1,248 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+describe "Trocla" do
+
+  before(:each) do
+    expect_any_instance_of(Trocla).to receive(:read_config).and_return(test_config)
+  end
+  context 'in normal usage with' do
+    before(:each) do
+      @trocla = Trocla.new
+      @trocla.password('init','plain')
+    end
+
+    describe "password" do
+      it "generates random passwords by default" do
+        expect(@trocla.password('random1','plain')).not_to eq(@trocla.password('random2','plain'))
+      end
+
+      it "generates passwords of length #{default_config['options']['length']}" do
+        expect(@trocla.password('random1','plain').length).to eq(default_config['options']['length'])
+      end
+
+      Trocla::Formats.all.each do |format|
+        describe "#{format} password format" do
+          it "retursn a password hashed in the #{format} format" do
+            expect(@trocla.password('some_test',format,format_options[format])).not_to be_empty
+          end
+
+          it "returns the same hashed for the #{format} format on multiple invocations" do
+            expect(round1=@trocla.password('some_test',format,format_options[format])).not_to be_empty
+            expect(@trocla.password('some_test',format,format_options[format])).to eq(round1)
+          end
+
+          it "also stores the plain password by default" do
+            pwd = @trocla.password('some_test','plain')
+            expect(pwd).not_to be_empty
+            expect(pwd.length).to eq(16)
+          end
+        end
+      end
+
+      Trocla::Formats.all.reject{|f| f == 'plain' }.each do |format|
+        it "raises an exception if not a random password is asked but plain password is not present for format #{format}" do
+          expect{@trocla.password('not_random',format, 'random' => false)}.to raise_error(/Password must be present as plaintext/)
+        end
+      end
+
+      describe 'with profiles' do
+        it 'raises an exception on unknown profile' do
+          expect{@trocla.password('no profile known','plain',
+            'profiles' => 'unknown_profile') }.to raise_error(/No such profile unknown_profile defined/)
+        end
+
+        it 'takes a profile and merge its options' do
+          pwd = @trocla.password('some_test','plain', 'profiles' => 'rootpw')
+          expect(pwd).not_to be_empty
+          expect(pwd.length).to eq(32)
+          expect(pwd).to_not match(/[={}\[\]\?%\*()&!]+/)
+        end
+
+        it 'is possible to combine profiles but first profile wins' do
+          pwd = @trocla.password('some_test1','plain', 'profiles' => ['rootpw','login'])
+          expect(pwd).not_to be_empty
+          expect(pwd.length).to eq(32)
+          expect(pwd).not_to match(/[={}\[\]\?%\*()&!]+/)
+        end
+        it 'is possible to combine profiles but first profile wins 2' do
+          pwd = @trocla.password('some_test2','plain', 'profiles' => ['login','mysql'])
+          expect(pwd).not_to be_empty
+          expect(pwd.length).to eq(16)
+          expect(pwd).not_to match(/[={}\[\]\?%\*()&!]+/)
+        end
+        it 'is possible to combine profiles but first profile wins 3' do
+          pwd = @trocla.password('some_test3','plain', 'profiles' => ['mysql','login'])
+          expect(pwd).not_to be_empty
+          expect(pwd.length).to eq(32)
+          expect(pwd).to match(/[+%\/@=\?_.,:]+/)
+        end
+      end
+    end
+
+    describe "set_password" do
+      it "resets hashed passwords on a new plain password" do
+        expect(@trocla.password('set_test','mysql')).not_to be_empty
+        expect(@trocla.get_password('set_test','mysql')).not_to be_nil
+        expect(old_plain=@trocla.password('set_test','mysql')).not_to be_empty
+
+        expect(@trocla.set_password('set_test','plain','foobar')).not_to eq(old_plain)
+        expect(@trocla.get_password('set_test','mysql')).to be_nil
+      end
+
+      it "otherwise updates only the hash" do
+        expect(mysql = @trocla.password('set_test2','mysql')).not_to be_empty
+        expect(md5crypt = @trocla.password('set_test2','md5crypt')).not_to be_empty
+        expect(plain = @trocla.get_password('set_test2','plain')).not_to be_empty
+
+        expect(new_mysql = @trocla.set_password('set_test2','mysql','foo')).not_to eql(mysql)
+        expect(@trocla.get_password('set_test2','mysql')).to eq(new_mysql)
+        expect(@trocla.get_password('set_test2','md5crypt')).to eq(md5crypt)
+        expect(@trocla.get_password('set_test2','plain')).to eq(plain)
+      end
+    end
+
+    describe "reset_password" do
+      it "resets a password" do
+        plain1 = @trocla.password('reset_pwd','plain')
+        plain2 = @trocla.reset_password('reset_pwd','plain')
+
+        expect(plain1).not_to eq(plain2)
+      end
+
+      it "does not reset other formats" do
+        expect(mysql = @trocla.password('reset_pwd2','mysql')).not_to be_empty
+        expect(md5crypt1 = @trocla.password('reset_pwd2','md5crypt')).not_to be_empty
+
+        expect(md5crypt2 = @trocla.reset_password('reset_pwd2','md5crypt')).not_to be_empty
+        expect(md5crypt2).not_to eq(md5crypt1)
+
+        expect(@trocla.get_password('reset_pwd2','mysql')).to eq(mysql)
+      end
+    end
+
+    describe "delete_password" do
+      it "deletes all passwords if no format is given" do
+        expect(@trocla.password('delete_test1','mysql')).not_to be_nil
+        expect(@trocla.get_password('delete_test1','plain')).not_to be_nil
+
+        @trocla.delete_password('delete_test1')
+        expect(@trocla.get_password('delete_test1','plain')).to be_nil
+        expect(@trocla.get_password('delete_test1','mysql')).to be_nil
+      end
+
+      it "deletes only a given format" do
+        expect(@trocla.password('delete_test2','mysql')).not_to be_nil
+        expect(@trocla.get_password('delete_test2','plain')).not_to be_nil
+
+        @trocla.delete_password('delete_test2','plain')
+        expect(@trocla.get_password('delete_test2','plain')).to be_nil
+        expect(@trocla.get_password('delete_test2','mysql')).not_to be_nil
+      end
+
+      it "deletes only a given non-plain format" do
+        expect(@trocla.password('delete_test3','mysql')).not_to be_nil
+        expect(@trocla.get_password('delete_test3','plain')).not_to be_nil
+
+        @trocla.delete_password('delete_test3','mysql')
+        expect(@trocla.get_password('delete_test3','mysql')).to be_nil
+        expect(@trocla.get_password('delete_test3','plain')).not_to be_nil
+      end
+    end
+
+    context 'concurrent access' do
+      context 'on expensive flagged formats' do
+        before(:each) do
+          expect(Trocla::Formats).to receive(:[]).with('sleep').at_least(:once).and_return(Trocla::Formats::Sleep)
+          expect(Trocla::Formats::Sleep).to receive(:expensive?).at_least(:once).and_return(true)
+          expect(Trocla::Formats).to receive(:available?).with('sleep').at_least(:once).and_return(true)
+        end
+        it 'should not overwrite a value if it takes longer' do
+          t1 = Thread.new{ @trocla.password('threadpwd','sleep','sleep' => 4) }
+          t2 = Thread.new{ @trocla.password('threadpwd','sleep','sleep' => 1) }
+          pwd1 = t1.value
+          pwd2 = t2.value
+          real_value = @trocla.password('threadpwd','sleep')
+          # as t2 finished first this should win
+          expect(pwd1).to eql(pwd2)
+          expect(real_value).to eql(pwd1)
+          expect(real_value).to eql(pwd2)
+        end
+      end
+      context 'on inexpensive flagged formats' do
+        before(:each) do
+          expect(Trocla::Formats).to receive(:[]).with('sleep').at_least(:once).and_return(Trocla::Formats::Sleep)
+          expect(Trocla::Formats::Sleep).to receive(:expensive?).at_least(:once).and_return(false)
+          expect(Trocla::Formats).to receive(:available?).with('sleep').at_least(:once).and_return(true)
+        end
+        it 'should not overwrite a value if it takes longer' do
+          t1 = Thread.new{ @trocla.password('threadpwd_inexp','sleep','sleep' => 4) }
+          t2 = Thread.new{ @trocla.password('threadpwd_inexp','sleep','sleep' => 1) }
+          pwd1 = t1.value
+          pwd2 = t2.value
+          real_value = @trocla.password('threadpwd_inexp','sleep')
+          # as t2 finished first but the format is inexpensive it gets overwritten
+          expect(pwd1).not_to eql(pwd2)
+          expect(real_value).to eql(pwd1)
+          expect(real_value).not_to eql(pwd2)
+        end
+      end
+      context 'real world example' do
+        it 'should store the quicker one' do
+          t1 = Thread.new{ @trocla.password('threadpwd_real','bcrypt','cost' => 17) }
+          t2 = Thread.new{ @trocla.password('threadpwd_real','bcrypt') }
+          pwd1 = t1.value
+          pwd2 = t2.value
+          real_value = @trocla.password('threadpwd_real','bcrypt')
+          # t2 should still win but both should be the same
+          expect(pwd1).to eql(pwd2)
+          expect(real_value).to eql(pwd1)
+          expect(real_value).to eql(pwd2)
+        end
+        it 'should store the quicker one test 2' do
+          t1 = Thread.new{ @trocla.password('my_shiny_selfsigned_ca', 'x509', {
+            'CN'        => 'This is my self-signed certificate',
+            'become_ca' => false,
+          }) }
+          t2 = Thread.new{ @trocla.password('my_shiny_selfsigned_ca', 'x509', {
+            'CN'        => 'This is my self-signed certificate',
+            'become_ca' => false,
+          }) }
+          cert1 = t1.value
+          cert2 = t2.value
+          real_value = @trocla.password('my_shiny_selfsigned_ca','x509')
+          # t2 should still win but both should be the same
+          expect(cert1).to eql(cert2)
+          expect(real_value).to eql(cert1)
+          expect(real_value).to eql(cert2)
+        end
+      end
+    end
+
+  end
+  context 'with .open' do
+    it 'closes the connection with a block' do
+      expect_any_instance_of(Trocla::Stores::Memory).to receive(:close)
+      Trocla.open{|t|
+        t.password('plain_open','plain')
+      }
+    end
+    it 'keeps the connection without a block' do
+      expect_any_instance_of(Trocla::Stores::Memory).not_to receive(:close)
+      Trocla.open.password('plain_open','plain')
+    end
+  end
+
+  def format_options
+    @format_options ||= Hash.new({}).merge({
+      'pgsql' => { 'username' => 'test' },
+      'x509'  => { 'CN' => 'test' },
+    })
+  end
+
+end
+
+describe "VERSION" do
+  it "returns a version" do
+    expect(Trocla::VERSION::STRING).not_to be_empty
+  end
+end

data/trocla-ruby2.gemspec

@@ -0,0 +1,104 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+# stub: trocla 0.3.0 ruby lib
+
+Gem::Specification.new do |s|
+  s.name = "trocla-ruby2".freeze
+  s.version = "0.4.0"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
+  s.require_paths = ["lib".freeze]
+  s.authors = ["mh".freeze]
+  s.date = "2017-08-04"
+  s.description = "Trocla helps you to generate random passwords and to store them in various formats (plain, MD5, bcrypt) for later retrival.".freeze
+  s.email = "mh+trocla@immerda.ch".freeze
+  s.executables = ["trocla".freeze]
+  s.extra_rdoc_files = [
+    "LICENSE.txt",
+    "README.md"
+  ]
+  s.files = [
+    ".document",
+    ".rspec",
+    ".travis.yml",
+    "CHANGELOG.md",
+    "Gemfile",
+    "LICENSE.txt",
+    "README.md",
+    "Rakefile",
+    "bin/trocla",
+    "ext/redhat/rubygem-trocla.spec",
+    "lib/VERSION",
+    "lib/trocla.rb",
+    "lib/trocla/default_config.yaml",
+    "lib/trocla/encryptions.rb",
+    "lib/trocla/encryptions/none.rb",
+    "lib/trocla/encryptions/ssl.rb",
+    "lib/trocla/formats.rb",
+    "lib/trocla/formats/bcrypt.rb",
+    "lib/trocla/formats/md5crypt.rb",
+    "lib/trocla/formats/mysql.rb",
+    "lib/trocla/formats/pgsql.rb",
+    "lib/trocla/formats/plain.rb",
+    "lib/trocla/formats/sha1.rb",
+    "lib/trocla/formats/sha256crypt.rb",
+    "lib/trocla/formats/sha512crypt.rb",
+    "lib/trocla/formats/ssha.rb",
+    "lib/trocla/formats/sshkey.rb",
+    "lib/trocla/formats/x509.rb",
+    "lib/trocla/store.rb",
+    "lib/trocla/stores.rb",
+    "lib/trocla/stores/memory.rb",
+    "lib/trocla/stores/moneta.rb",
+    "lib/trocla/util.rb",
+    "lib/trocla/version.rb",
+    "spec/data/.keep",
+    "spec/spec_helper.rb",
+    "spec/trocla/encryptions/none_spec.rb",
+    "spec/trocla/encryptions/ssl_spec.rb",
+    "spec/trocla/formats/x509_spec.rb",
+    "spec/trocla/store/memory_spec.rb",
+    "spec/trocla/store/moneta_spec.rb",
+    "spec/trocla/util_spec.rb",
+    "spec/trocla_spec.rb",
+    "trocla-ruby2.gemspec"
+  ]
+  s.homepage = "https://tech.immerda.ch/2011/12/trocla-get-hashed-passwords-out-of-puppet-manifests/".freeze
+  s.licenses = ["GPLv3".freeze]
+  s.rubygems_version = "2.6.11".freeze
+  s.summary = "Trocla a simple password generator and storage".freeze
+
+  if s.respond_to? :specification_version then
+    s.specification_version = 4
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<moneta>.freeze, [">= 0"])
+      s.add_runtime_dependency(%q<highline>.freeze, [">= 0"])
+      s.add_runtime_dependency(%q<bcrypt>.freeze, [">= 0"])
+      s.add_runtime_dependency(%q<sshkey>.freeze, [">= 0"])
+      s.add_development_dependency(%q<rspec>.freeze, [">= 0"])
+      s.add_development_dependency(%q<rdoc>.freeze, [">= 0"])
+      s.add_development_dependency(%q<jeweler>.freeze, [">= 0"])
+      s.add_development_dependency(%q<rspec-pending_for>.freeze, [">= 0"])
+    else
+      s.add_dependency(%q<moneta>.freeze, [">= 0"])
+      s.add_dependency(%q<highline>.freeze, [">= 0"])
+      s.add_dependency(%q<bcrypt>.freeze, [">= 0"])
+      s.add_dependency(%q<rspec>.freeze, [">= 0"])
+      s.add_dependency(%q<rdoc>.freeze, [">= 0"])
+      s.add_dependency(%q<jeweler>.freeze, [">= 0"])
+      s.add_dependency(%q<rspec-pending_for>.freeze, [">= 0"])
+    end
+  else
+    s.add_dependency(%q<moneta>.freeze, [">= 0"])
+    s.add_dependency(%q<highline>.freeze, [">= 0"])
+    s.add_dependency(%q<bcrypt>.freeze, [">= 0"])
+    s.add_dependency(%q<rspec>.freeze, [">= 0"])
+    s.add_dependency(%q<rdoc>.freeze, [">= 0"])
+    s.add_dependency(%q<jeweler>.freeze, [">= 0"])
+    s.add_dependency(%q<rspec-pending_for>.freeze, [">= 0"])
+  end
+end
+

metadata

@@ -0,0 +1,202 @@
+--- !ruby/object:Gem::Specification
+name: trocla-ruby2
+version: !ruby/object:Gem::Version
+  version: 0.4.0
+platform: ruby
+authors:
+- mh
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-08-04 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: moneta
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: highline
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sshkey
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rdoc
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: jeweler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-pending_for
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Trocla helps you to generate random passwords and to store them in various
+  formats (plain, MD5, bcrypt) for later retrival.
+email: mh+trocla@immerda.ch
+executables:
+- trocla
+extensions: []
+extra_rdoc_files:
+- LICENSE.txt
+- README.md
+files:
+- ".document"
+- ".rspec"
+- ".travis.yml"
+- CHANGELOG.md
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/trocla
+- ext/redhat/rubygem-trocla.spec
+- lib/VERSION
+- lib/trocla.rb
+- lib/trocla/default_config.yaml
+- lib/trocla/encryptions.rb
+- lib/trocla/encryptions/none.rb
+- lib/trocla/encryptions/ssl.rb
+- lib/trocla/formats.rb
+- lib/trocla/formats/bcrypt.rb
+- lib/trocla/formats/md5crypt.rb
+- lib/trocla/formats/mysql.rb
+- lib/trocla/formats/pgsql.rb
+- lib/trocla/formats/plain.rb
+- lib/trocla/formats/sha1.rb
+- lib/trocla/formats/sha256crypt.rb
+- lib/trocla/formats/sha512crypt.rb
+- lib/trocla/formats/ssha.rb
+- lib/trocla/formats/sshkey.rb
+- lib/trocla/formats/x509.rb
+- lib/trocla/store.rb
+- lib/trocla/stores.rb
+- lib/trocla/stores/memory.rb
+- lib/trocla/stores/moneta.rb
+- lib/trocla/util.rb
+- lib/trocla/version.rb
+- spec/data/.keep
+- spec/spec_helper.rb
+- spec/trocla/encryptions/none_spec.rb
+- spec/trocla/encryptions/ssl_spec.rb
+- spec/trocla/formats/x509_spec.rb
+- spec/trocla/store/memory_spec.rb
+- spec/trocla/store/moneta_spec.rb
+- spec/trocla/util_spec.rb
+- spec/trocla_spec.rb
+- trocla-ruby2.gemspec
+homepage: https://tech.immerda.ch/2011/12/trocla-get-hashed-passwords-out-of-puppet-manifests/
+licenses:
+- GPLv3
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3
+signing_key: 
+specification_version: 4
+summary: Trocla a simple password generator and storage
+test_files: []