trocla 0.2.0 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.travis.yml +3 -7
- data/CHANGELOG.md +83 -0
- data/Gemfile +7 -16
- data/README.md +63 -50
- data/bin/trocla +35 -14
- data/ext/redhat/rubygem-trocla.spec +120 -0
- data/lib/VERSION +1 -1
- data/lib/trocla.rb +49 -10
- data/lib/trocla/default_config.yaml +10 -0
- data/lib/trocla/formats.rb +14 -0
- data/lib/trocla/formats/bcrypt.rb +2 -1
- data/lib/trocla/formats/sshkey.rb +46 -0
- data/lib/trocla/formats/x509.rb +37 -10
- data/lib/trocla/store.rb +16 -0
- data/lib/trocla/stores/memory.rb +9 -0
- data/lib/trocla/stores/moneta.rb +30 -0
- data/lib/trocla/stores/vault.rb +50 -0
- data/lib/trocla/util.rb +4 -0
- data/spec/spec_helper.rb +19 -1
- data/spec/trocla/formats/sshkey_spec.rb +52 -0
- data/spec/trocla/formats/x509_spec.rb +107 -20
- data/spec/trocla/util_spec.rb +8 -0
- data/spec/trocla_spec.rb +227 -100
- data/trocla.gemspec +39 -38
- metadata +44 -12
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 18cb6a02ca556208840b6370287987e72fc18e01e199b7fe1b5b72c463a91ee4
|
4
|
+
data.tar.gz: d2f8068ab15baf1a5cbbfd3370543ff03ad2f2c1baf564ba43f824589920fcf6
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a5829218248d2d9f7f4f3ddfc5bca4f35f8839871fd18074ede34f9281eae086a79c858987285da7839b5699961b417244fc5d86a696b355a8fd4c96d0145bf8
|
7
|
+
data.tar.gz: fc4c6e7ce2cf53009ee3db4f8791b820dca9c696223567fac1367cc3e80b8558a2b5d430f6a255d0f7e07403f9be06ee3e895310971303dc571be6a82d908404
|
data/.travis.yml
CHANGED
data/CHANGELOG.md
ADDED
@@ -0,0 +1,83 @@
|
|
1
|
+
# Changelog
|
2
|
+
|
3
|
+
## to 0.4.0
|
4
|
+
|
5
|
+
* Add vault backend (#61) - Thank you [Steffy Fort](https://github.com/fe80)
|
6
|
+
* Add sshkey format similar to the OpenSSL - Thank you [Raphaël Rondeau](https://github.com/rrondeau)
|
7
|
+
* format/x509 allow to render 'publickeyonly' (#62) - Thank you [Thomas Weißschuh](https://github.com/t-8ch)
|
8
|
+
* Add a method to search for keys and list all formats of a key (#49) - Thank you - [Steffy Fort](https://github.com/fe80)
|
9
|
+
* Proper return code on cli (#57) - Thank you [Steffy Fort](https://github.com/fe80)
|
10
|
+
* expand search path for sample config file to fix autopkgtest (#64) - Thank you [anarcat](https://github.com/anarcat)
|
11
|
+
* drop support for ruby < 2.7 & update dependencies
|
12
|
+
* skip self-signed cert verification test on newer openssl version (#63)
|
13
|
+
* Fix reseting passwords when using SSL encryption (#52)
|
14
|
+
|
15
|
+
## to 0.3.0
|
16
|
+
|
17
|
+
* Add open method to be able to immediately close a trocla store after using it - thanks martinpfeiffer
|
18
|
+
* Add typesafe charset - thanks hggh
|
19
|
+
* Support cost option for bcrypt
|
20
|
+
* address concurrency corner cases, when 2 concurrent threads or even processes
|
21
|
+
are currently calculating the same (expensive) format.
|
22
|
+
* parse additional options on cli (#39 & #46) - thanks fe80
|
23
|
+
|
24
|
+
## to 0.2.3
|
25
|
+
|
26
|
+
1. Add extended CA validity profiles
|
27
|
+
1. Make it possible to define keyUsage
|
28
|
+
|
29
|
+
## to 0.2.2
|
30
|
+
|
31
|
+
1. Bugfix to render output correctly also on an already existing set
|
32
|
+
1. Fix tests not working around midnight, due to timezone differences
|
33
|
+
|
34
|
+
## to 0.2.1
|
35
|
+
|
36
|
+
1. New Feature: Introduce a way to render specific formats, mainly this allows you to control the output of a specific format. See the x509 format for more information.
|
37
|
+
|
38
|
+
## to 0.2.0
|
39
|
+
|
40
|
+
1. New feature profiles: Introduce profiles to make it easy to have a default set of properties. See the profiles section for more information.
|
41
|
+
1. New feature expiration: Make it possible that keys can have an expiration. See the expiration section for more information.
|
42
|
+
1. Increase default password length to 16.
|
43
|
+
1. Add a console safe password charset. It should provide a subset of chars that are easier to type on a physical keyboard.
|
44
|
+
1. Fix a bug with encryptions while deleting all formats.
|
45
|
+
1. Introduce pluggable stores, so in the future we are able to talk to different backends and not only moneta. For testing and inspiration a simple in memory storage backend was added.
|
46
|
+
1. CHANGE: moneta's configuration for `adapter` & `adapter_options` now live under store_options in the configuration file. Till 0.3.0 old configuration entries will still be accepted.
|
47
|
+
1. CHANGE: ssl_options is now known as encryption_options. Till 0.3.0 old configuration entries will still be accepted.
|
48
|
+
1. Improve randomness when creating a serial number.
|
49
|
+
1. Add a new charset: hexadecimal
|
50
|
+
1. Add support for name constraints within the x509 format
|
51
|
+
1. Clarify documentation of the set action, as well as introduce `--no-format` for the set action.
|
52
|
+
|
53
|
+
## to 0.1.3
|
54
|
+
|
55
|
+
1. CHANGE: Self signed certificates are no longer CAs by default, actually they have never been due to a bug. If you want that a certificate is also a CA, you *must* pass `become_ca: true` to the options hash. But this makes it actually possible, that you can even have certificate chains. Thanks for initial hint to [Adrien Bréfort](https://github.com/abrefort)
|
56
|
+
1. Default keysize is now 4096
|
57
|
+
1. SECURITY: Do not increment serial, rather choose a random one.
|
58
|
+
1. Fixing setting of altnames, was not possible due to bug, till now.
|
59
|
+
1. Add extended tests for the x509 format, that describe all the internal specialities and should give an idea how it can be used.
|
60
|
+
1. Add cli option to list all formats
|
61
|
+
|
62
|
+
## to 0.1.1
|
63
|
+
|
64
|
+
1. fix storing data longer that public Keysize -11. Thanks [Timo Goebel](https://github.com/timogoebel)
|
65
|
+
1. add a numeric only charset. Thanks [Jonas Genannt](https://github.com/hggh)
|
66
|
+
1. fix reading key expire time. Thanks [asquelt](https://github.com/asquelt)
|
67
|
+
|
68
|
+
## to 0.1.0
|
69
|
+
|
70
|
+
1. Supporting encryption of the backends. Many thanks to Thomas Gelf
|
71
|
+
1. Adding a windows safe password charset
|
72
|
+
|
73
|
+
## to 0.0.12
|
74
|
+
|
75
|
+
1. change from sha1 signature for the x509 format to sha2
|
76
|
+
1. Fix an issue where shellsafe characters might have already been initialized with shell-unsafe characters. Plz review any shell-safe character passwords regarding this problem. See the [fix](https://github.com/duritong/trocla/pull/19) for more information. Thanks [asquelt](https://github.com/asquelt) for the fix.
|
77
|
+
|
78
|
+
## to 0.0.8
|
79
|
+
|
80
|
+
1. be sure to update as well the moneta gem, trocla now uses the official moneta releases and supports current avaiable versions.
|
81
|
+
1. Options for moneta's backends have changed. For example, if you are using the yaml-backend you will likely need to change the adapter option `:path:` to `:file:` to match moneta's new API.
|
82
|
+
1. **IMPORTANT:** If you are using the yaml backend you need to migrate the current data *before* using the new trocla version! You can migrate the datastore by using the following two sed commands: `sed -i 's/^\s\{3\}/ /' /PATH/TO/trocla_data.yaml` && `sed -i '/^\s\{2\}value\:/d' /PATH/TO/trocla_data.yaml`.
|
83
|
+
1. **SECURITY:** Previous versions of trocla used quite a simple random generator. Especially in combination with the puppet `fqdn_rand` function, you likely have very predictable random passwords and I recommend you to regenerate all randomly generated passwords! Now!
|
data/Gemfile
CHANGED
@@ -3,30 +3,21 @@ source "http://rubygems.org"
|
|
3
3
|
# Example:
|
4
4
|
# gem "activesupport", ">= 2.3.5"
|
5
5
|
|
6
|
-
|
7
|
-
|
8
|
-
gem "highline"
|
9
|
-
else
|
10
|
-
gem "moneta", "~> 0.7.20"
|
11
|
-
gem "highline", "~> 1.6.2"
|
12
|
-
end
|
6
|
+
gem "moneta", "~> 1.4.0"
|
7
|
+
gem "highline", "~> 2.0.0"
|
13
8
|
|
14
9
|
if defined?(RUBY_ENGINE) && (RUBY_ENGINE == 'jruby')
|
15
10
|
gem 'jruby-openssl'
|
16
11
|
end
|
17
12
|
gem "bcrypt"
|
13
|
+
gem "sshkey"
|
18
14
|
|
19
15
|
# Add dependencies to develop your gem here.
|
20
16
|
# Include everything needed to run rake, tests, features, etc.
|
21
17
|
group :development do
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
else
|
27
|
-
gem "rspec", "~> 2.4"
|
28
|
-
gem "rdoc", "~> 3.8"
|
29
|
-
gem "jeweler", "~> 1.6"
|
30
|
-
end
|
18
|
+
gem "rspec"
|
19
|
+
gem "rdoc"
|
20
|
+
gem "jeweler"
|
21
|
+
gem "addressable"
|
31
22
|
gem 'rspec-pending_for'
|
32
23
|
end
|
data/README.md
CHANGED
@@ -24,7 +24,7 @@ retrieve (by deleting) the plain password and send it to the user. Puppet
|
|
24
24
|
will still simply retrieve the hashed password that is stored in trocla,
|
25
25
|
while the plain password is not anymore stored on the server.
|
26
26
|
|
27
|
-
|
27
|
+
By default trocla uses moneta to store the passwords and can use any kind of
|
28
28
|
key/value based storage supported by moneta for trocla. By default it uses a
|
29
29
|
simple yaml file.
|
30
30
|
However, since version 0.2.0 trocla also supports a pluggable storage backend
|
@@ -69,6 +69,7 @@ Valid global options are:
|
|
69
69
|
* profiles: a profile name or an array of profiles matching a profile_name in your configuration. Learn more about profiles below.
|
70
70
|
* random: boolean - Whether we allow creation of random passwords or we expect a password to be preset. Default: true - or whatever you define in your global settings.
|
71
71
|
* expires: An integer indicating the amount of seconds a value (e.g. password) is available. After expiration a value will not be available anymore and trying to `get` this key will return no value (nil). Meaning that calling create after expiration, would create a new password automatically. There is more about expiration in the storage backends section.
|
72
|
+
* render: A hash providing flags for formats to render the output specifially. This is a global option, but support depends on a per format basis.
|
72
73
|
|
73
74
|
Example:
|
74
75
|
|
@@ -167,6 +168,11 @@ options to work properly. These are documented here:
|
|
167
168
|
Password hashes for PostgreSQL servers. Requires the option `username` to be set
|
168
169
|
to the username to which the password will be assigned.
|
169
170
|
|
171
|
+
### bcrypt
|
172
|
+
|
173
|
+
You are able to tune the [cost factor of bcrypt](https://github.com/codahale/bcrypt-ruby#cost-factors) by passing the option `cost`.
|
174
|
+
Note: ruby bcrypt does not support a [cost > 31](https://github.com/codahale/bcrypt-ruby/blob/master/lib/bcrypt/password.rb#L45).
|
175
|
+
|
170
176
|
### x509
|
171
177
|
|
172
178
|
This format takes a set of additional options. Required are:
|
@@ -191,6 +197,9 @@ Additional options are:
|
|
191
197
|
O instead within the subject string
|
192
198
|
OU instead within the subject string
|
193
199
|
emailAddress instead within the subject string
|
200
|
+
key_usages Any specific key_usages different than the default ones. If you specify
|
201
|
+
any, you must specify all that you want. If you don't want to have any,
|
202
|
+
you must specify an empty array.
|
194
203
|
altnames An array of subjectAltNames. By default for non CA certificates we
|
195
204
|
ensure that the CN ends up here as well. If you don't want that.
|
196
205
|
You need to pass an empty array.
|
@@ -201,9 +210,33 @@ Additional options are:
|
|
201
210
|
openssl versions have a bug with [leading dots](https://rt.openssl.org/Ticket/Display.html?id=3562) for name
|
202
211
|
constraints. So using them might not work everywhere as expected.
|
203
212
|
|
213
|
+
Output render options are:
|
214
|
+
|
215
|
+
certonly If set to true the x509 format will return only the certificate
|
216
|
+
keyonly If set to true the x509 format will return only the private key
|
217
|
+
publickeyonly If set to true the x509 format will return only the public key
|
218
|
+
|
219
|
+
### sshkey
|
220
|
+
|
221
|
+
This format generate a ssh keypair
|
222
|
+
|
223
|
+
Additional options are:
|
224
|
+
|
225
|
+
type The ssh key type (rsa, dsa). Default: rsa
|
226
|
+
bits Specifies the number of bits in the key to create. Default: 2048
|
227
|
+
comment Specifies a comment.
|
228
|
+
passphrase Specifies a passphrase.
|
229
|
+
|
230
|
+
Output render options are:
|
231
|
+
|
232
|
+
pubonly If set to true the sshkey format will return only the ssh public key
|
233
|
+
privonly If set to true the sshkey format will return only the ssh private key
|
234
|
+
|
204
235
|
## Installation
|
205
236
|
|
206
|
-
|
237
|
+
* Debian has trocla within its sid-release: `apt-get install trocla`
|
238
|
+
* For RHEL/CentOS 7 there is a [copr reporisotry](https://copr.fedoraproject.org/coprs/duritong/trocla/). Follow the help there to integrate the repository and install trocla.
|
239
|
+
* Trocla is also distributed as gem: `gem install trocla`
|
207
240
|
|
208
241
|
## Configuration
|
209
242
|
|
@@ -240,6 +273,7 @@ Such a store is a simple class that implements Trocla::Store and at the moment t
|
|
240
273
|
|
241
274
|
* Moneta - the default store using [moneta](https://rubygems.org/gems/moneta) to delegate storing the values
|
242
275
|
* Memory - simple inmemory backend. Mainly used for testing.
|
276
|
+
* Vault - modern secrets storage by HashiCorp, require the ruby gem [vault](https://github.com/hashicorp/vault-ruby)
|
243
277
|
|
244
278
|
The backend is chosen based on the `store` configuration option. If it is a symbol, we expect it to be a store that we ship with trocla. Otherwise, we assume it to be a fully qualified ruby class name, that inherits from Trocla::Store. If trocla should load an additional library to be able to find your custom store class, you can set `store_require` to whatever should be passed to a ruby require statement.
|
245
279
|
|
@@ -282,6 +316,31 @@ store_options:
|
|
282
316
|
|
283
317
|
These examples are by no way complete, moneta has much more to offer. Please have a look at [moneta's documentation](https://github.com/minad/moneta/blob/master/README.md) for further information.
|
284
318
|
|
319
|
+
#### Vault backend
|
320
|
+
|
321
|
+
[Vault](https://www.vaultproject.io/) is a modern secret storage supported by HashiCorp, which works with a REST API. You can create multiple storage engine.
|
322
|
+
|
323
|
+
To use vault with trocla you need to create a kv (key/value) storage engine on the vault side. Trocla can use [v1](https://www.vaultproject.io/docs/secrets/kv/kv-v1) and [v2](https://www.vaultproject.io/docs/secrets/kv/kv-v2) API endpoints, but it's recommended to use the v2 (native hash object, history, acl...).
|
324
|
+
|
325
|
+
You need to install the `vault` gem to be able to use the vault backend, which is not included in the default dependencies for trocla.
|
326
|
+
|
327
|
+
With vault storage, the terminology changes:
|
328
|
+
* `mount`, this is the name of your kv engine
|
329
|
+
* `key`, this is the biggest change. As usual with trocla, the key is a simple string. With the vault kv engine, the key map to a path, so you can have a key like `my/path/key` for structured your data
|
330
|
+
* `secret`, is the data content of your key. This is a simple hash with key (format) and value (the secret content of your format)
|
331
|
+
|
332
|
+
The trocla mapping works the same way as with a moneta or file backend.
|
333
|
+
|
334
|
+
The `store_options` are a dynamic argument for initializer [Vault::Client](https://github.com/hashicorp/vault-ruby/blob/master/lib/vault/client.rb) class (except `:mount`, used to defined the kv name). You can define only one kv mount.
|
335
|
+
|
336
|
+
```YAML
|
337
|
+
store: :vault
|
338
|
+
store_options:
|
339
|
+
:mount: kv
|
340
|
+
:token: s.Tok3n
|
341
|
+
:address: https://vault.local
|
342
|
+
```
|
343
|
+
|
285
344
|
### Backend encryption
|
286
345
|
|
287
346
|
By default trocla does not encrypt anything it stores. You might want to let Trocla encrypt all your passwords, at the moment the only supported way is SSL.
|
@@ -300,56 +359,10 @@ encryption_options:
|
|
300
359
|
|
301
360
|
## Update & Changes
|
302
361
|
|
303
|
-
|
304
|
-
|
305
|
-
1. New feature profiles: Introduce profiles to make it easy to have a default set of properties. See the profiles section for more information.
|
306
|
-
1. New feature expiration: Make it possible that keys can have an expiration. See the expiration section for more information.
|
307
|
-
1. Increase default password length to 16.
|
308
|
-
1. Add a console safe password charset. It should provide a subset of chars that are easier to type on a physical keyboard.
|
309
|
-
1. Fix a bug with encryptions while deleting all formats.
|
310
|
-
1. Introduce pluggable stores, so in the future we are able to talk to different backends and not only moneta. For testing and inspiration a simple in memory storage backend was added.
|
311
|
-
1. CHANGE: moneta's configuration for `adapter` & `adapter_options` now live under store_options in the configuration file. Till 0.3.0 old configuration entries will still be accepted.
|
312
|
-
1. CHANGE: ssl_options is now known as encryption_options. Till 0.3.0 old configuration entries will still be accepted.
|
313
|
-
1. Improve randomness when creating a serial number.
|
314
|
-
1. Add a new charset: hexadecimal
|
315
|
-
1. Add support for name constraints within the x509 format
|
316
|
-
1. Clarify documentation of the set action, as well as introduce `--no-format` for the set action.
|
317
|
-
|
318
|
-
### to 0.1.3
|
319
|
-
|
320
|
-
1. CHANGE: Self signed certificates are no longer CAs by default, actually they have never been due to a bug. If you want that a certificate is also a CA, you *must* pass `become_ca: true` to the options hash. But this makes it actually possible, that you can even have certificate chains. Thanks for initial hint to [Adrien Bréfort](https://github.com/abrefort)
|
321
|
-
1. Default keysize is now 4096
|
322
|
-
1. SECURITY: Do not increment serial, rather choose a random one.
|
323
|
-
1. Fixing setting of altnames, was not possible due to bug, till now.
|
324
|
-
1. Add extended tests for the x509 format, that describe all the internal specialities and should give an idea how it can be used.
|
325
|
-
1. Add cli option to list all formats
|
326
|
-
|
327
|
-
### to 0.1.1
|
328
|
-
|
329
|
-
1. fix storing data longer that public Keysize -11. Thanks [Timo Goebel](https://github.com/timogoebel)
|
330
|
-
1. add a numeric only charset. Thanks [Jonas Genannt](https://github.com/hggh)
|
331
|
-
1. fix reading key expire time. Thanks [asquelt](https://github.com/asquelt)
|
332
|
-
|
333
|
-
### to 0.1.0
|
334
|
-
|
335
|
-
1. Supporting encryption of the backends. Many thanks to Thomas Gelf
|
336
|
-
1. Adding a windows safe password charset
|
337
|
-
|
338
|
-
### to 0.0.12
|
339
|
-
|
340
|
-
1. change from sha1 signature for the x509 format to sha2
|
341
|
-
1. Fix an issue where shellsafe characters might have already been initialized with shell-unsafe characters. Plz review any shell-safe character passwords regarding this problem. See the [fix](https://github.com/duritong/trocla/pull/19) for more information. Thanks [asquelt](https://github.com/asquelt) for the fix.
|
342
|
-
|
343
|
-
### to 0.0.8
|
344
|
-
|
345
|
-
1. be sure to update as well the moneta gem, trocla now uses the official moneta releases and supports current avaiable versions.
|
346
|
-
1. Options for moneta's backends have changed. For example, if you are using the yaml-backend you will likely need to change the adapter option `:path:` to `:file:` to match moneta's new API.
|
347
|
-
1. **IMPORTANT:** If you are using the yaml backend you need to migrate the current data *before* using the new trocla version! You can migrate the datastore by using the following two sed commands: `sed -i 's/^\s\{3\}/ /' /PATH/TO/trocla_data.yaml` && `sed -i '/^\s\{2\}value\:/d' /PATH/TO/trocla_data.yaml`.
|
348
|
-
1. **SECURITY:** Previous versions of trocla used quite a simple random generator. Especially in combination with the puppet `fqdn_rand` function, you likely have very predictable random passwords and I recommend you to regenerate all randomly generated passwords! Now!
|
349
|
-
1. We now support reading passwords from files, which means that you can now also easily add multi-line passwords. Have a look at the documentation above.
|
362
|
+
See [Changelog](CHANGELOG.md)
|
350
363
|
|
351
364
|
## Contributing to trocla
|
352
|
-
|
365
|
+
|
353
366
|
* Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet
|
354
367
|
* Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it
|
355
368
|
* Fork the project
|
data/bin/trocla
CHANGED
@@ -47,18 +47,20 @@ OptionParser.new do |opts|
|
|
47
47
|
end.parse!
|
48
48
|
|
49
49
|
def create(options)
|
50
|
-
Trocla.new(options.delete(:config_file)).password(
|
50
|
+
[ Trocla.new(options.delete(:config_file)).password(
|
51
51
|
options.delete(:trocla_key),
|
52
52
|
options.delete(:trocla_format),
|
53
53
|
options.merge(YAML.load(options.delete(:other_options).shift.to_s)||{})
|
54
|
-
)
|
54
|
+
) , 0 ]
|
55
55
|
end
|
56
56
|
|
57
57
|
def get(options)
|
58
|
-
Trocla.new(options.delete(:config_file)).get_password(
|
58
|
+
res = Trocla.new(options.delete(:config_file)).get_password(
|
59
59
|
options.delete(:trocla_key),
|
60
|
-
options.delete(:trocla_format)
|
60
|
+
options.delete(:trocla_format),
|
61
|
+
options.merge(YAML.load(options.delete(:other_options).shift.to_s)||{})
|
61
62
|
)
|
63
|
+
[ res, res.nil? ? 1 : 0 ]
|
62
64
|
end
|
63
65
|
def set(options)
|
64
66
|
if options.delete(:ask_password)
|
@@ -67,7 +69,7 @@ def set(options)
|
|
67
69
|
pwd2 = ask('Repeat password: ') { |q| q.echo = 'x' }.to_s
|
68
70
|
unless password == pwd2
|
69
71
|
STDERR.puts 'Passwords did not match, exiting!'
|
70
|
-
|
72
|
+
return [ nil, 1 ]
|
71
73
|
end
|
72
74
|
else
|
73
75
|
password = options.delete(:password) || STDIN.read.chomp
|
@@ -78,33 +80,50 @@ def set(options)
|
|
78
80
|
value = if no_format
|
79
81
|
password
|
80
82
|
else
|
81
|
-
trocla.formats(format).format(password, options.delete(:other_options).shift.to_s)
|
83
|
+
trocla.formats(format).format(password, (YAML.load(options.delete(:other_options).shift.to_s)||{}))
|
82
84
|
end
|
83
85
|
trocla.set_password(
|
84
86
|
options.delete(:trocla_key),
|
85
87
|
format,
|
86
88
|
value
|
87
89
|
)
|
88
|
-
''
|
90
|
+
[ '', 0 ]
|
89
91
|
end
|
90
92
|
|
91
93
|
def reset(options)
|
92
|
-
Trocla.new(options.delete(:config_file)).reset_password(
|
94
|
+
[ Trocla.new(options.delete(:config_file)).reset_password(
|
93
95
|
options.delete(:trocla_key),
|
94
96
|
options.delete(:trocla_format),
|
95
97
|
options.merge(YAML.load(options.delete(:other_options).shift.to_s)||{})
|
96
|
-
)
|
98
|
+
), 0 ]
|
97
99
|
end
|
98
100
|
|
99
101
|
def delete(options)
|
100
|
-
Trocla.new(options.delete(:config_file)).delete_password(
|
102
|
+
res = Trocla.new(options.delete(:config_file)).delete_password(
|
101
103
|
options.delete(:trocla_key),
|
102
104
|
options.delete(:trocla_format)
|
103
105
|
)
|
106
|
+
[ res, res.nil? ? 1 : 0 ]
|
104
107
|
end
|
105
108
|
|
106
109
|
def formats(options)
|
107
|
-
|
110
|
+
key = (options.delete(:trocla_key) || '' )
|
111
|
+
if key.empty?
|
112
|
+
"Available formats: #{Trocla::Formats.all.join(', ')}"
|
113
|
+
else
|
114
|
+
res = Trocla.new(options.delete(:config_file)).available_format(
|
115
|
+
key,
|
116
|
+
options.merge(YAML.load(options.delete(:other_options).shift.to_s)||{})
|
117
|
+
)
|
118
|
+
[ res.nil? ? res : res.join(', '), res.nil? ? 1 : 0 ]
|
119
|
+
end
|
120
|
+
end
|
121
|
+
|
122
|
+
def search(options)
|
123
|
+
res = Trocla.new(options.delete(:config_file)).search_key(
|
124
|
+
options.delete(:trocla_key)
|
125
|
+
)
|
126
|
+
[ res.nil? ? res : res.join("\n"), res.nil? ? 1 : 0 ]
|
108
127
|
end
|
109
128
|
|
110
129
|
def check_format(format_name)
|
@@ -117,15 +136,16 @@ def check_format(format_name)
|
|
117
136
|
end
|
118
137
|
end
|
119
138
|
|
120
|
-
actions=['create','get','set','reset','delete',
|
139
|
+
actions=['create','get','set','reset','delete','formats','search']
|
121
140
|
|
122
141
|
if (action=ARGV.shift) && actions.include?(action)
|
123
142
|
options[:trocla_key] = ARGV.shift
|
124
143
|
options[:trocla_format] = ARGV.shift
|
125
144
|
options[:other_options] = ARGV
|
126
|
-
check_format(options[:trocla_format]) unless ['delete','formats'].include?(action)
|
145
|
+
check_format(options[:trocla_format]) unless ['delete','formats','search'].include?(action)
|
127
146
|
begin
|
128
|
-
|
147
|
+
result, excode = send(action,options)
|
148
|
+
if result
|
129
149
|
puts result.is_a?(String) ? result : result.inspect
|
130
150
|
end
|
131
151
|
rescue Exception => e
|
@@ -136,6 +156,7 @@ if (action=ARGV.shift) && actions.include?(action)
|
|
136
156
|
raise e if options[:trace]
|
137
157
|
exit 1
|
138
158
|
end
|
159
|
+
exit excode.nil? ? 0 : excode
|
139
160
|
else
|
140
161
|
STDERR.puts "Please supply one of the following actions: #{actions.join(', ')}"
|
141
162
|
STDERR.puts "Use #{$0} --help to get a list of options for these actions"
|
@@ -0,0 +1,120 @@
|
|
1
|
+
# Generated from trocla-0.1.2.gem by gem2rpm -*- rpm-spec -*-
|
2
|
+
%global gem_name trocla
|
3
|
+
|
4
|
+
Name: rubygem-%{gem_name}
|
5
|
+
Version: 0.3.0
|
6
|
+
Release: 1%{?dist}
|
7
|
+
Summary: Trocla a simple password generator and storage
|
8
|
+
Group: Development/Languages
|
9
|
+
License: GPLv3
|
10
|
+
URL: https://tech.immerda.ch/2011/12/trocla-get-hashed-passwords-out-of-puppet-manifests/
|
11
|
+
Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem
|
12
|
+
Requires: rubygem-moneta
|
13
|
+
Requires: rubygem-bcrypt
|
14
|
+
Requires: rubygem-highline
|
15
|
+
BuildRequires: rubygem-moneta = 0.7.20
|
16
|
+
BuildRequires: rubygem-bcrypt
|
17
|
+
BuildRequires: rubygem-highline
|
18
|
+
%if 0%{?rhel} >= 7
|
19
|
+
BuildRequires: ruby(release)
|
20
|
+
%endif
|
21
|
+
BuildRequires: rubygems-devel
|
22
|
+
BuildRequires: ruby
|
23
|
+
# BuildRequires: rubygem(mocha)
|
24
|
+
# BuildRequires: rubygem(rspec) => 2.4
|
25
|
+
# BuildRequires: rubygem(rspec) < 3
|
26
|
+
# BuildRequires: rubygem(jeweler) => 1.6
|
27
|
+
# BuildRequires: rubygem(jeweler) < 2
|
28
|
+
BuildArch: noarch
|
29
|
+
|
30
|
+
%description
|
31
|
+
Trocla helps you to generate random passwords and to store them in various
|
32
|
+
formats (plain, MD5, bcrypt) for later retrival.
|
33
|
+
|
34
|
+
|
35
|
+
%package doc
|
36
|
+
Summary: Documentation for %{name}
|
37
|
+
Group: Documentation
|
38
|
+
Requires: %{name} = %{version}-%{release}
|
39
|
+
BuildArch: noarch
|
40
|
+
|
41
|
+
%description doc
|
42
|
+
Documentation for %{name}.
|
43
|
+
|
44
|
+
%prep
|
45
|
+
gem unpack %{SOURCE0}
|
46
|
+
|
47
|
+
%setup -q -D -T -n %{gem_name}-%{version}
|
48
|
+
|
49
|
+
gem spec %{SOURCE0} -l --ruby > %{gem_name}.gemspec
|
50
|
+
|
51
|
+
%build
|
52
|
+
# Create the gem as gem install only works on a gem file
|
53
|
+
gem build %{gem_name}.gemspec
|
54
|
+
|
55
|
+
# %%gem_install compiles any C extensions and installs the gem into ./%%gem_dir
|
56
|
+
# by default, so that we can move it into the buildroot in %%install
|
57
|
+
%gem_install
|
58
|
+
|
59
|
+
%install
|
60
|
+
mkdir -p %{buildroot}%{gem_dir}
|
61
|
+
cp -a .%{gem_dir}/* \
|
62
|
+
%{buildroot}%{gem_dir}/
|
63
|
+
|
64
|
+
|
65
|
+
mkdir -p %{buildroot}%{_bindir}
|
66
|
+
mkdir -p %{buildroot}%{_sysconfdir}
|
67
|
+
mkdir -p %{buildroot}/%{_sharedstatedir}/%{gem_name}
|
68
|
+
touch %{buildroot}/%{_sharedstatedir}/%{gem_name}/%{gem_name}_data.yaml
|
69
|
+
|
70
|
+
cp -pa .%{_bindir}/* \
|
71
|
+
%{buildroot}%{_bindir}/
|
72
|
+
|
73
|
+
chmod a+x %{buildroot}%{gem_instdir}/bin/%{gem_name}
|
74
|
+
|
75
|
+
cat <<EOF > %{buildroot}/%{_sysconfdir}/%{gem_name}rc.yaml
|
76
|
+
---
|
77
|
+
store: :moneta
|
78
|
+
store_options:
|
79
|
+
adapter: :YAML
|
80
|
+
adapter_options:
|
81
|
+
:file: '%{_sharedstatedir}/%{gem_name}/%{gem_name}_data.yaml'
|
82
|
+
EOF
|
83
|
+
|
84
|
+
# Run the test suite
|
85
|
+
%check
|
86
|
+
pushd .%{gem_instdir}
|
87
|
+
|
88
|
+
popd
|
89
|
+
|
90
|
+
%files
|
91
|
+
%dir %{gem_instdir}
|
92
|
+
%{_bindir}/trocla
|
93
|
+
%{gem_instdir}/.rspec
|
94
|
+
%exclude %{gem_instdir}/.travis.yml
|
95
|
+
%exclude %{gem_instdir}/.rspec
|
96
|
+
%exclude %{gem_instdir}/ext/redhat/%{name}.spec
|
97
|
+
%license %{gem_instdir}/LICENSE.txt
|
98
|
+
%{gem_instdir}/bin
|
99
|
+
%{gem_libdir}
|
100
|
+
%exclude %{gem_cache}
|
101
|
+
%{gem_spec}
|
102
|
+
%config(noreplace) %{_sysconfdir}/%{gem_name}rc.yaml
|
103
|
+
%dir %attr(-, -, -) %{_sharedstatedir}/%{gem_name}
|
104
|
+
%config(noreplace) %attr(660, root, root) %{_sharedstatedir}/%{gem_name}/%{gem_name}_data.yaml
|
105
|
+
|
106
|
+
%files doc
|
107
|
+
%doc %{gem_docdir}
|
108
|
+
%doc %{gem_instdir}/.document
|
109
|
+
%{gem_instdir}/Gemfile
|
110
|
+
%doc %{gem_instdir}/README.md
|
111
|
+
%doc %{gem_instdir}/CHANGELOG.md
|
112
|
+
%{gem_instdir}/Rakefile
|
113
|
+
%{gem_instdir}/spec
|
114
|
+
%{gem_instdir}/trocla.gemspec
|
115
|
+
|
116
|
+
%changelog
|
117
|
+
* Mon Dec 21 2015 mh - 0.2.0-1
|
118
|
+
- Release of v0.2.0
|
119
|
+
* Sun Jun 21 2015 mh - 0.1.2-1
|
120
|
+
- Initial package
|