vagrant-ca-certificates 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (35) hide show
  1. checksums.yaml +7 -0
  2. checksums.yaml.gz.sig +0 -0
  3. data.tar.gz.sig +1 -0
  4. data/.gitignore +17 -0
  5. data/.rspec +2 -0
  6. data/CONTRIBUTING.md +8 -0
  7. data/Gemfile +7 -0
  8. data/LICENSE +23 -0
  9. data/README.md +134 -0
  10. data/Rakefile +1 -0
  11. data/bin/rspec +16 -0
  12. data/certs/jbellone.pem +21 -0
  13. data/lib/vagrant-ca-certificates.rb +2 -0
  14. data/lib/vagrant-ca-certificates/action/install_certificates.rb +89 -0
  15. data/lib/vagrant-ca-certificates/cap/debian/certificate_file_bundle.rb +13 -0
  16. data/lib/vagrant-ca-certificates/cap/debian/certificate_upload_path.rb +13 -0
  17. data/lib/vagrant-ca-certificates/cap/debian/update_certificate_bundle.rb +19 -0
  18. data/lib/vagrant-ca-certificates/cap/redhat/certificate_file_bundle.rb +13 -0
  19. data/lib/vagrant-ca-certificates/cap/redhat/certificate_upload_path.rb +18 -0
  20. data/lib/vagrant-ca-certificates/cap/redhat/helpers.rb +15 -0
  21. data/lib/vagrant-ca-certificates/cap/redhat/update_certificate_bundle.rb +30 -0
  22. data/lib/vagrant-ca-certificates/config.rb +45 -0
  23. data/lib/vagrant-ca-certificates/plugin.rb +63 -0
  24. data/lib/vagrant-ca-certificates/version.rb +5 -0
  25. data/locales/en.yml +17 -0
  26. data/spec/spec_helper.rb +10 -0
  27. data/spec/unit/vagrant-ca-certificates/action/install_certificates_spec.rb +5 -0
  28. data/spec/unit/vagrant-ca-certificates/cap/debian/certificate_upload_path_spec.rb +5 -0
  29. data/spec/unit/vagrant-ca-certificates/cap/debian/update_certificate_bundle_spec.rb +5 -0
  30. data/spec/unit/vagrant-ca-certificates/cap/redhat/certificate_upload_path_spec.rb +5 -0
  31. data/spec/unit/vagrant-ca-certificates/cap/redhat/update_certificate_bundle_spec.rb +5 -0
  32. data/spec/unit/vagrant-ca-certificates/config_spec.rb +5 -0
  33. data/vagrant-ca-certificates.gemspec +29 -0
  34. metadata +136 -0
  35. metadata.gz.sig +1 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 13f28ce48957caf1ac8f6764accb93894c078361
4
+ data.tar.gz: 071b70a0e7c56e3e4c773cc0b6578892e472995c
5
+ SHA512:
6
+ metadata.gz: a741ba2983ea44394b07bbb4b2826ea5c2e51ce4ff7c9de62ebb32e715d68228ee629b083fa3f74ae06318db6c683a4c367cedc85b7c2289908e0e4029073952
7
+ data.tar.gz: ce5c627e8b10bb92b32301458c97df2ce6f6ca7bf491570d39520835b95f0f928b2384b8b9f0f888addfa9e7ff7e34c2037af4d3c55d5c94a7c6d08e0f471d87
checksums.yaml.gz.sig ADDED
Binary file
data.tar.gz.sig ADDED
@@ -0,0 +1 @@
1
+ +T�Y��>���tZb�r���"irI��n���A�׉@���Z\6�1��4%�}��/���p�����~��b!e��:/�ӕR��ir?��J/˹)A��23�'1����o|���+�I�bIG��:;8R�����ѥ��c*��U�cgyJ{G��C������]��L%?�>��OL�j��0��~<�A Z)΁g���" NgQ���!?F��Y|s0'�Z�q�h�!�{=˔�xs�q��F&�V�Y&'�;}���lrD�
data/.gitignore ADDED
@@ -0,0 +1,17 @@
1
+ *.gem
2
+ *.rbc
3
+ .bundle
4
+ .config
5
+ .yardoc
6
+ Gemfile.lock
7
+ InstalledFiles
8
+ _yardoc
9
+ coverage
10
+ doc/
11
+ lib/bundler/man
12
+ pkg
13
+ rdoc
14
+ spec/reports
15
+ test/tmp
16
+ test/version_tmp
17
+ tmp
data/.rspec ADDED
@@ -0,0 +1,2 @@
1
+ --color
2
+ --require spec_helper
data/CONTRIBUTING.md ADDED
@@ -0,0 +1,8 @@
1
+ ## Contributing
2
+
3
+ 1. Fork the repository on Github
4
+ 2. Create a named feature branch (i.e. `add-new-recipe`)
5
+ 3. Write your change
6
+ 4. Write tests for your change (if applicable)
7
+ 5. Run the tests, ensuring they all pass
8
+ 6. Submit a Pull Request
data/Gemfile ADDED
@@ -0,0 +1,7 @@
1
+ source 'https://rubygems.org'
2
+ gemspec
3
+
4
+ group :development, :test do
5
+ gem 'rspec'
6
+ gem 'vagrant', git: 'https://github.com/mitchellh/vagrant.git'
7
+ end
data/LICENSE ADDED
@@ -0,0 +1,23 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2014 William Bailey (<mail@williambailey.org.uk>)
4
+ Copyright (c) 2014, 2015 John Bellone (<jbellone@bloomberg.net>)
5
+ Copyright (c) 2014, 2015 Bloomberg Finance L.P.
6
+
7
+ Permission is hereby granted, free of charge, to any person obtaining a copy
8
+ of this software and associated documentation files (the "Software"), to deal
9
+ in the Software without restriction, including without limitation the rights
10
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11
+ copies of the Software, and to permit persons to whom the Software is
12
+ furnished to do so, subject to the following conditions:
13
+
14
+ The above copyright notice and this permission notice shall be included in all
15
+ copies or substantial portions of the Software.
16
+
17
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23
+ SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,134 @@
1
+ # CA Certificate Plugin for Vagrant
2
+ <span class="badges">
3
+ ![Gem Version](https://img.shields.io/gem/v/vagrant-ca-certificates.svg)
4
+ ![Build Status](https://img.shields.io/travis/williambailey/vagrant-ca-certificates.svg)
5
+ ![License](https://img.shields.io/github/license/williambailey/vagrant-ca-certificates.svg)
6
+ </span>
7
+
8
+ A [Vagrant][4] plugin which configures the virtual machine to inject the
9
+ specified certificates into the guest's root bundle. This is useful, for example,
10
+ if your enterprise network has a firewall (or appliance) which utilizes
11
+ [SSL interception][5].
12
+
13
+ _Warning:_ This plugin adds certificates to the guest operating
14
+ system's [root certificate bundle][6]. You should only use this if you know
15
+ *exactly* what you are doing. This should *never* be used on a
16
+ production machine.
17
+
18
+ ## Installation
19
+ The latest stable version of this plugin can be installed using the
20
+ standard `vagrant plugin install` with the `vagrant-ca-certificates`
21
+ argument. If you're looking to hack on the plugin or test a
22
+ development release you'll need to checkout the branch and build the
23
+ gem yourself. That's pretty easy.
24
+
25
+ The following set of commands checks out the master branch, uses
26
+ bundler to install all of the Ruby dependencies and finally creates
27
+ the gem locally. Once the gem is built we use the Vagrant command-line
28
+ tool to install it.
29
+ ```sh
30
+ git clone https://github.com/williambailey/vagrant-ca-certificates ~/Projects/vagrant-ca-certificates
31
+ cd ~/Projects/vagrant-ca-certificates
32
+ bundle install
33
+ rake build
34
+ vagrant plugin install pkg/vagrant-ca-certificates-*.gem
35
+ ```
36
+
37
+ ## Using with Test Kitchen
38
+ ### Writing a Vagrantfile.rb
39
+ In order to be able to use [test kitchen][2] within an environment that
40
+ has a HTTP proxy with SSL interception we need to ensure that we set
41
+ both the proxies and inject in our new certificate bundles.
42
+
43
+ If you're following the complete tutorial here we're going to save
44
+ this file in a newly created directory
45
+ `~/.kitchen/Vagrantfile.rb`. This will be merged into the final
46
+ Vagrantfile configuration that the test-kitchen run will use to
47
+ provision a new instance.
48
+ ```ruby
49
+ # These are requirements for this base Vagrantfile. If they are not
50
+ # installed there will be a warning message with Vagrant/test-kitchen.
51
+ %w(vagrant-ca-certificates vagrant-proxyconf).each do |name|
52
+ fail "Please install the '#{name}' plugin!" unless Vagrant.has_plugin?(name)
53
+ end
54
+
55
+ Vagrant.configure('2') do |config|
56
+ config.proxy.enabled = true
57
+ config.ca_certificates.enabled = true
58
+ config.ca_certificates.certs = [
59
+ '/etc/pki/ca-trust/source/anchors/root.crt',
60
+ '/etc/pki/ca-trust/source/anchors/sub.crt'
61
+ ]
62
+ end
63
+ ```
64
+ ### Writing a .kitchen.local.yml
65
+ One goal that we set out when creating internal cookbooks is if that
66
+ they can be open sourced we want to be easily able to do so in the
67
+ future. That means we try to keep out as much of our environment
68
+ specific variables, such as proxy configuration, from the repository's
69
+ base kitchen configuration. Luckily test-kitchen merges in a local
70
+ file, if it exists, at the time of the run.
71
+
72
+ Here is an example of the local configuration file that we use to
73
+ merge in the Vagrantfile that we've created in the above example. This
74
+ can be saved into `$HOME/.kitchen/config.yml` to be applied to *all*
75
+ test-kitchen runs for this user (on this host machine).
76
+ ```yaml
77
+ ---
78
+ driver:
79
+ provision: true
80
+ vagrantfiles:
81
+ - "/home/jbellone/.kitchen/Vagrantfile"
82
+ http_proxy: "http://proxy.corporate.com:80"
83
+ https_proxy: "http://proxy.corporate.com:80"
84
+ ftp_proxy: "http://proxy.corporate.com:80"
85
+ no_proxy: "localhost,127.0.0.1"
86
+ ```
87
+
88
+ ## Vagrant Configuration
89
+ If you're just looking to inject the certificate *only for a single
90
+ Vagrantfile* then you can simply use the following block anywhere
91
+ within the Vagrant configuration. This enables the plugin and injects
92
+ the specified certificates.
93
+
94
+ ```ruby
95
+ Vagrant.configure('2') do |config|
96
+ config.ca_certificates.enabled = true
97
+ config.ca_certificates.certs = Dir.glob('/etc/pki/ca-trust/source/anchors/*.crt')
98
+ end
99
+ ```
100
+ ### System Wide
101
+ At [Bloomberg][1] we often find ourselves in a situation where we do
102
+ not want to make modifications to open source tools, but we need them
103
+ to work within our enterprise network. Using this default base configuration
104
+ for Vagrant we're able to ensure that all runs will inject the appropriate
105
+ certificates into the guest.
106
+
107
+ Additionally if you need proxies modified in the guest as well an
108
+ excellent choice is the [Vagrant Proxyconf plugin][2] which should
109
+ handle everything you'll run into on a daily basis. Finally, we add the
110
+ [Vagrant cachier plugin][7] so that we are not continually going out to the Internet
111
+ on successive [Test Kitchen][3] and Vagrant runs.
112
+
113
+ This file should be saved to `$HOME/.kitchen/Vagrantfile.rb`.
114
+ ```ruby
115
+ # These are requirements for this base Vagrantfile. If they are not
116
+ # installed there will be a warning message with Vagrant/test-kitchen.
117
+ %w(vagrant-ca-certificates vagrant-proxyconf vagrant-cachier).each do |name|
118
+ fail "Please install the '#{name}' plugin!" unless Vagrant.has_plugin?(name)
119
+ end
120
+
121
+ Vagrant.configure('2') do |config|
122
+ config.cache.scope = :box
123
+ config.proxy.enabled = true
124
+ config.ca_certificates.enabled = true
125
+ config.ca_certificates.certs = Dir.glob('/etc/pki/ca-trust/source/anchors/*.crt')
126
+ end
127
+ ```
128
+ [1]: https://careers.bloomberg.com
129
+ [2]: https://github.com/tmatilai/vagrant-proxyconf
130
+ [3]: https://github.com/test-kitchen/test-kitchen
131
+ [4]: https://github.com/mitchellh/vagrant
132
+ [5]: http://en.wikipedia.org/wiki/Man-in-the-middle_attack
133
+ [6]: http://en.wikipedia.org/wiki/Root_certificate
134
+ [7]: https://github.com/fgrehm/vagrant-cachier
data/Rakefile ADDED
@@ -0,0 +1 @@
1
+ require 'bundler/gem_tasks'
data/bin/rspec ADDED
@@ -0,0 +1,16 @@
1
+ #!/usr/bin/env ruby
2
+ #
3
+ # This file was generated by Bundler.
4
+ #
5
+ # The application 'rspec' is installed as part of a gem, and
6
+ # this file is here to facilitate running it.
7
+ #
8
+
9
+ require 'pathname'
10
+ ENV['BUNDLE_GEMFILE'] ||= File.expand_path("../../Gemfile",
11
+ Pathname.new(__FILE__).realpath)
12
+
13
+ require 'rubygems'
14
+ require 'bundler/setup'
15
+
16
+ load Gem.bin_path('rspec-core', 'rspec')
@@ -0,0 +1,21 @@
1
+ -----BEGIN CERTIFICATE-----
2
+ MIIDgDCCAmigAwIBAgIBATANBgkqhkiG9w0BAQUFADBDMREwDwYDVQQDDAhqYmVs
3
+ bG9uZTEZMBcGCgmSJomT8ixkARkWCWJsb29tYmVyZzETMBEGCgmSJomT8ixkARkW
4
+ A25ldDAeFw0xNTA1MTIxMTQ4MDBaFw0xNjA1MTExMTQ4MDBaMEMxETAPBgNVBAMM
5
+ CGpiZWxsb25lMRkwFwYKCZImiZPyLGQBGRYJYmxvb21iZXJnMRMwEQYKCZImiZPy
6
+ LGQBGRYDbmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx80/n6+x
7
+ 5RI+ugGdqXig+hULz8KlkE5VbEetK00aeeaMKlcWcHSd1bSAHEmiNsLtLyvpJDOg
8
+ 8s9tJhRgb34HokvDeXBnHJGWMr5cS4dMJhLqKuVzslxxcqfxBp3UeIjpWWlSix4H
9
+ QdNE9voUcZ+EhlARCoVScZRlGONt/Vx4zGA/Z259Mv0BMwNkR1zMYejSBJ2k/yip
10
+ qOqEoCxR7n1CtXlFkHuIVdS/cdqFMHs2aKjcWknWn0sgEuaoXoySZ3NKlRUm9oER
11
+ eufdhsTJrqO0N7WACPNyVKPCEFByYV+VsMY4JkD2P4LLa8dZ5ZHAysMLwsuTXLoP
12
+ YwfNJXVwfnOcrwIDAQABo38wfTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNV
13
+ HQ4EFgQUY9aHNhMeBN0eUu5BCTQlwYcyiS0wIQYDVR0RBBowGIEWamJlbGxvbmVA
14
+ Ymxvb21iZXJnLm5ldDAhBgNVHRIEGjAYgRZqYmVsbG9uZUBibG9vbWJlcmcubmV0
15
+ MA0GCSqGSIb3DQEBBQUAA4IBAQCE38N8KnGIdcPSSogX7cMk20tgP57i5kB2Ahwh
16
+ q9RM5bVyWlYyRiqN9C1EtMjrpwYrImmlDVJjqcL5cVF8KbAFxL4rMZkOcWnINxE7
17
+ ieN0JbYiH7gfXNKHAF6DOZD3k3RgGpQpYMjqSduTTXd+mTZ90DGww7zUXONZEkW+
18
+ 5FZzj2l3YNQUqohN9LtgnwZBhFo9LPrUkRdtvgw74FM/h4tsToI2buSKN1nGTWBW
19
+ cKcRBHKYVo5pQ0zs2WJv6Qwa8KhCS5HlABy/3x2Mqt6reHGppi7nVC4nUt/B1y/9
20
+ e2Nj035zG32VLvxrvP4OKOJJlV2dnn0CyZeQYgpZ5+d1C/lz
21
+ -----END CERTIFICATE-----
@@ -0,0 +1,2 @@
1
+ require_relative 'vagrant-ca-certificates/version'
2
+ require_relative 'vagrant-ca-certificates/plugin'
@@ -0,0 +1,89 @@
1
+ require 'vagrant/util/downloader'
2
+ require 'digest/md5'
3
+ require 'log4r'
4
+
5
+ module VagrantPlugins
6
+ module CaCertificates
7
+ module Action
8
+ class InstallCertificates
9
+ attr_accessor :logger
10
+
11
+ def initialize(app, env)
12
+ @app = app
13
+ @machine = env[:machine]
14
+ @logger = Log4r::Logger.new('vagrant::ca-certificates')
15
+ end
16
+
17
+ def call(env)
18
+ @app.call(env)
19
+ return unless @machine.config.ca_certificates.enabled?
20
+
21
+ create_certificates_directory
22
+ @machine.ui.info(I18n.t('vagrant_ca_certificates.certificate.upload.message'))
23
+ @machine.config.ca_certificates.certs.each do |file|
24
+ to = File.join(certs_path, File.basename(file))
25
+ upload_certificate(file, to)
26
+ end
27
+ @machine.guest.capability(:update_certificate_bundle)
28
+ modify_etc_environment
29
+ end
30
+
31
+ def certs_path
32
+ @machine.guest.capability(:certificate_upload_path)
33
+ end
34
+
35
+ def modify_etc_environment
36
+ bundle_path = @machine.guest.capability(:certificate_file_bundle)
37
+ @logger.debug("Private certificate path: <#{bundle_path}>")
38
+ @machine.communicate.tap do |sh|
39
+ if sh.test("grep -q 'SSL_CERT_FILE' /etc/environment", shell: '/bin/bash')
40
+ sh.sudo(%{sed "s#^SSL_CERT_FILE=.*#SSL_CERT_FILE=#{bundle_path}#" -i /etc/environment})
41
+ else
42
+ sh.sudo(%{echo "SSL_CERT_FILE=#{bundle_path}" >> /etc/environment})
43
+ end
44
+ end
45
+ end
46
+
47
+ def create_certificates_directory
48
+ @logger.debug('Checking if private certificate directory is created...')
49
+ @machine.communicate.tap do |sh|
50
+ return if sh.test("test -d #{certs_path}")
51
+ @logger.info("Creating #{certs_path} for private certificates.")
52
+ sh.sudo("mkdir -p #{certs_path} && chmod 0744 #{certs_path}")
53
+ end
54
+ end
55
+
56
+ def upload_certificate(from, to)
57
+ @logger.debug("Uploading certificates #{from} -> #{to}")
58
+ remote = Tempfile.new('vagrant-ca-certificates')
59
+ if from =~ /^http[s]?/
60
+ Vagrant::Util::Downloader.new(from, remote.path).download!
61
+ from = remote.path
62
+ end
63
+
64
+ @machine.communicate.tap do |sh|
65
+ unless certificate_matches?(from, to)
66
+ remote = Tempfile.new('vagrant')
67
+ @machine.ui.info(I18n.t('vagrant_ca_certificates.certificate.upload.file', from: from, to: to))
68
+ sh.upload(from, remote.path)
69
+ sh.sudo("mv #{remote.path} #{to} && chown root: #{to} && chmod 0644 #{to}")
70
+ end
71
+ end
72
+ end
73
+
74
+ def certificate_matches?(from, to)
75
+ md5sum = Digest::MD5.file(from)
76
+ @logger.debug("Verifying #{from} md5sum in guest...")
77
+ @machine.communicate.tap do |sh|
78
+ return false unless sh.test("test -f #{from}")
79
+ if sh.test(%{test '#{md5sum}' = '$(md5sum "#{to}")'}, shell: '/bin/bash')
80
+ @logger.debug('Certificate md5sum in guest matches!')
81
+ return true
82
+ end
83
+ end
84
+ false
85
+ end
86
+ end
87
+ end
88
+ end
89
+ end
@@ -0,0 +1,13 @@
1
+ module VagrantPlugins
2
+ module CaCertificates
3
+ module Cap
4
+ module Debian
5
+ module CertificateFileBundle
6
+ def self.certificate_file_bundle(m)
7
+ '/etc/ssl/certs/ca-certificates.crt'
8
+ end
9
+ end
10
+ end
11
+ end
12
+ end
13
+ end
@@ -0,0 +1,13 @@
1
+ module VagrantPlugins
2
+ module CaCertificates
3
+ module Cap
4
+ module Debian
5
+ module CertificateUploadPath
6
+ def self.certificate_upload_path(m)
7
+ '/usr/share/ca-certificates/private'
8
+ end
9
+ end
10
+ end
11
+ end
12
+ end
13
+ end
@@ -0,0 +1,19 @@
1
+ module VagrantPlugins
2
+ module CaCertificates
3
+ module Cap
4
+ module Debian
5
+ # Capability for configuring the certificate bundle on Debian.
6
+ module UpdateCertificateBundle
7
+ def self.update_certificate_bundle(m)
8
+ m.communicate.sudo('update-ca-certificates') do |type, data|
9
+ if [:stderr, :stdout].include?(type)
10
+ next if data =~ /stdin: is not a tty/
11
+ m.env.ui.info data
12
+ end
13
+ end
14
+ end
15
+ end
16
+ end
17
+ end
18
+ end
19
+ end
@@ -0,0 +1,13 @@
1
+ module VagrantPlugins
2
+ module CaCertificates
3
+ module Cap
4
+ module Redhat
5
+ module CertificateFileBundle
6
+ def self.certificate_file_bundle(m)
7
+ '/etc/pki/tls/cert.pem'
8
+ end
9
+ end
10
+ end
11
+ end
12
+ end
13
+ end
@@ -0,0 +1,18 @@
1
+ require_relative 'helpers'
2
+
3
+ module VagrantPlugins
4
+ module CaCertificates
5
+ module Cap
6
+ module Redhat
7
+ module CertificateUploadPath
8
+ def self.certificate_upload_path(m)
9
+ m.communicate.tap do |sh|
10
+ return '/etc/pki/tls/private' if Redhat.legacy_certificate_bundle?(sh)
11
+ end
12
+ '/etc/pki/ca-trust/source/anchors'
13
+ end
14
+ end
15
+ end
16
+ end
17
+ end
18
+ end
@@ -0,0 +1,15 @@
1
+ module VagrantPlugins
2
+ module CaCertificates
3
+ module Cap
4
+ module Redhat
5
+ # HACK: All versions of EL5 and below EL6.5 do not have
6
+ # support for the `update-ca-trust` command and thus the
7
+ # bundles must be managed manually.
8
+ def self.legacy_certificate_bundle?(sh)
9
+ command = %q(R=$(sed -E "s/.* ([0-9])\.([0-9]+) .*/\\1.\\2/" /etc/redhat-release))
10
+ sh.test(%Q(#{command} && [[ $R =~ ^5 || $R =~ ^6\.[0-4]+ ]]), shell: '/bin/bash')
11
+ end
12
+ end
13
+ end
14
+ end
15
+ end
@@ -0,0 +1,30 @@
1
+ require_relative 'helpers'
2
+
3
+ module VagrantPlugins
4
+ module CaCertificates
5
+ module Cap
6
+ module Redhat
7
+ # Capability for configuring the certificate bundle on Redhat.
8
+ module UpdateCertificateBundle
9
+ def self.update_certificate_bundle(m)
10
+ m.communicate.tap do |sh|
11
+ if Redhat.legacy_certificate_bundle?(sh)
12
+ sh.sudo('find /etc/pki/tls/private -type f -exec cat {} \; | cat /etc/pki/tls/certs/ca-bundle.crt - > /etc/pki/tls/ca.private.crt')
13
+ sh.sudo('/bin/ln -fsn /etc/pki/tls/ca.private.crt /etc/pki/tls/cert.pem')
14
+ sh.execute(<<-SCRIPT, shell: '/bin/bash', sudo: true)
15
+ [ ! -z "$JAVA_HOME" ] && \
16
+ find /etc/pki/tls/private -type f -exec $JAVA_HOME/bin/keytool -importcert \
17
+ -trustcacerts -noprompt -storepass changeit \
18
+ -keystore $JAVA_HOME/jre/lib/security/cacerts -file {} \\;
19
+ SCRIPT
20
+ else
21
+ sh.sudo('update-ca-trust enable')
22
+ sh.sudo('update-ca-trust extract')
23
+ end
24
+ end
25
+ end
26
+ end
27
+ end
28
+ end
29
+ end
30
+ end
@@ -0,0 +1,45 @@
1
+ require 'vagrant'
2
+
3
+ module VagrantPlugins
4
+ module CaCertificates
5
+ class Config < Vagrant.plugin('2', :config)
6
+ attr_accessor :certs, :enabled
7
+
8
+ def initialize
9
+ @certs = UNSET_VALUE
10
+ @enabled = UNSET_VALUE
11
+ end
12
+
13
+ def enabled?
14
+ @enabled == true
15
+ end
16
+
17
+ def disabled?
18
+ !enabled?
19
+ end
20
+
21
+ def disable!
22
+ @enabled = false
23
+ end
24
+
25
+ def validate(machine)
26
+ errors = []
27
+ if enabled?
28
+ # If the certificates specified do not exist on the host
29
+ # disk we should error out very loudly. Because this will
30
+ # likely affect guest operation.
31
+ @certs.reject { |f| f =~ /^http[s]?/ || File.exist?(f) }.each do |f|
32
+ errors << I18n.t('vagrant_ca_certificates.certificate.not_found', filepath: f)
33
+ end
34
+ end
35
+
36
+ { 'vagrant-ca-certificates' => errors }
37
+ end
38
+
39
+ def finalize!
40
+ @enabled = false if @enabled == UNSET_VALUE
41
+ @certs = [] if @certs == UNSET_VALUE
42
+ end
43
+ end
44
+ end
45
+ end
@@ -0,0 +1,63 @@
1
+ I18n.load_path << File.expand_path('../../../locales/en.yml', __FILE__)
2
+
3
+ unless Gem::Requirement.new('>= 1.5').satisfied_by?(Gem::Version.new(Vagrant::VERSION))
4
+ fail I18n.t('vagrant_ca_certificates.unsupported.vagrant_version', requirement: '>= 1.5')
5
+ end
6
+
7
+ module VagrantPlugins
8
+ module CaCertificates
9
+ class Plugin < Vagrant.plugin('2')
10
+ name 'vagrant-ca-certificates'
11
+ description <<-DESC
12
+ Installs root certificates into guest operating system's trusted bundle.
13
+ DESC
14
+
15
+ config(:ca_certificates) do
16
+ require_relative 'config'
17
+ Config
18
+ end
19
+
20
+ action_hook(Plugin::ALL_ACTIONS) do |hook|
21
+ require_relative 'action/install_certificates'
22
+ hook.after(Vagrant::Action::Builtin::Provision, Action::InstallCertificates)
23
+ end
24
+
25
+ action_hook(:install_ca_certificates) do |hook|
26
+ require_relative 'action/install_certificates'
27
+ hook.after(:run_provisioner, Action::InstallCertificates)
28
+ end
29
+
30
+ # All supported guest systems must have these capabilities
31
+ # implemented. If any of them aren't config validate will fail.
32
+ guest_capability('debian', 'update_certificate_bundle') do
33
+ require_relative 'cap/debian/update_certificate_bundle'
34
+ Cap::Debian::UpdateCertificateBundle
35
+ end
36
+
37
+ guest_capability('redhat', 'update_certificate_bundle') do
38
+ require_relative 'cap/redhat/update_certificate_bundle'
39
+ Cap::Redhat::UpdateCertificateBundle
40
+ end
41
+
42
+ guest_capability('debian', 'certificate_upload_path') do
43
+ require_relative 'cap/debian/certificate_upload_path'
44
+ Cap::Debian::CertificateUploadPath
45
+ end
46
+
47
+ guest_capability('redhat', 'certificate_upload_path') do
48
+ require_relative 'cap/redhat/certificate_upload_path'
49
+ Cap::Redhat::CertificateUploadPath
50
+ end
51
+
52
+ guest_capability('debian', 'certificate_file_bundle') do
53
+ require_relative 'cap/debian/certificate_file_bundle'
54
+ Cap::Debian::CertificateFileBundle
55
+ end
56
+
57
+ guest_capability('redhat', 'certificate_file_bundle') do
58
+ require_relative 'cap/redhat/certificate_file_bundle'
59
+ Cap::Redhat::CertificateFileBundle
60
+ end
61
+ end
62
+ end
63
+ end
@@ -0,0 +1,5 @@
1
+ module VagrantPlugins
2
+ module CaCertificates
3
+ VERSION = '1.0.0'
4
+ end
5
+ end
data/locales/en.yml ADDED
@@ -0,0 +1,17 @@
1
+ en:
2
+ vagrant_ca_certificates:
3
+ unsupported:
4
+ guest_system: |
5
+ Plugin does not support guest operating system.
6
+ vagrant_version: |
7
+ Plugin does not support Vagrant version less than '%{requirement}'.
8
+ not_enabled: |
9
+ Plugin is not enabled.
10
+ certificate:
11
+ not_found: |
12
+ Certificate '%{filepath}' not found on host system.
13
+ upload:
14
+ message: |
15
+ Uploading root certificates to guest instance...
16
+ file: |
17
+ -- %{from} => %{to}
@@ -0,0 +1,10 @@
1
+ require 'rspec/its'
2
+ require 'vagrant-ca-certificates'
3
+
4
+ RSpec.configure do |config|
5
+ config.expect_with :rspec do |c|
6
+ c.syntax = :expect
7
+ end
8
+ config.color = true
9
+ config.tty = true
10
+ end
@@ -0,0 +1,5 @@
1
+ require 'vagrant-ca-certificates/action/install_certificates'
2
+ require 'spec_helper'
3
+
4
+ describe VagrantPlugins::CaCertificates::Action::InstallCertificates do
5
+ end
@@ -0,0 +1,5 @@
1
+ require 'vagrant-ca-certificates/cap/debian/certificate_upload_path'
2
+ require 'spec_helper'
3
+
4
+ describe VagrantPlugins::CaCertificates::Cap::Debian::CertificateUploadPath do
5
+ end
@@ -0,0 +1,5 @@
1
+ require 'vagrant-ca-certificates/cap/debian/update_certificate_bundle'
2
+ require 'spec_helper'
3
+
4
+ describe VagrantPlugins::CaCertificates::Cap::Debian::UpdateCertificateBundle do
5
+ end
@@ -0,0 +1,5 @@
1
+ require 'vagrant-ca-certificates/cap/redhat/certificate_upload_path'
2
+ require 'spec_helper'
3
+
4
+ describe VagrantPlugins::CaCertificates::Cap::Redhat::CertificateUploadPath do
5
+ end
@@ -0,0 +1,5 @@
1
+ require 'vagrant-ca-certificates/cap/redhat/update_certificate_bundle'
2
+ require 'spec_helper'
3
+
4
+ describe VagrantPlugins::CaCertificates::Cap::Redhat::UpdateCertificateBundle do
5
+ end
@@ -0,0 +1,5 @@
1
+ require 'vagrant-ca-certificates/config'
2
+ require 'spec_helper'
3
+
4
+ describe VagrantPlugins::CaCertificates::Config do
5
+ end
@@ -0,0 +1,29 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'vagrant-ca-certificates/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = 'vagrant-ca-certificates'
8
+ spec.version = VagrantPlugins::CaCertificates::VERSION
9
+ spec.authors = ['William Bailey', 'John Bellone']
10
+ spec.email = ['mail@williambailey.org.uk', 'jbellone@bloomberg.net']
11
+ spec.summary = 'A Vagrant plugin that installs CA certificates onto the virtual machine.'
12
+ spec.description = <<-EOF
13
+ A Vagrant plugin that installs CA certificates onto the virtual machine.
14
+ This is useful, for example, in the case where you are behind a corporate proxy
15
+ server that injects its own self signed SSL certificates when you visit https sites.
16
+ EOF
17
+ spec.homepage = 'https://github.com/williambailey/vagrant-ca-certificates'
18
+ spec.license = 'MIT'
19
+
20
+ spec.files = `git ls-files`.split($/)
21
+ spec.test_files = spec.files.grep(/^(test|spec|features)\//)
22
+ spec.require_paths = %w(lib)
23
+
24
+ spec.cert_chain = ['certs/jbellone.pem']
25
+ spec.signing_key = File.expand_path(File.join(Dir.home, '.gem', 'gem-private_key.pem')) if $0 =~ /gem\z/
26
+
27
+ spec.add_development_dependency 'bundler', '~> 1.7'
28
+ spec.add_development_dependency 'rake'
29
+ end
metadata ADDED
@@ -0,0 +1,136 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: vagrant-ca-certificates
3
+ version: !ruby/object:Gem::Version
4
+ version: 1.0.0
5
+ platform: ruby
6
+ authors:
7
+ - William Bailey
8
+ - John Bellone
9
+ autorequire:
10
+ bindir: bin
11
+ cert_chain:
12
+ - |
13
+ -----BEGIN CERTIFICATE-----
14
+ MIIDgDCCAmigAwIBAgIBATANBgkqhkiG9w0BAQUFADBDMREwDwYDVQQDDAhqYmVs
15
+ bG9uZTEZMBcGCgmSJomT8ixkARkWCWJsb29tYmVyZzETMBEGCgmSJomT8ixkARkW
16
+ A25ldDAeFw0xNTA1MTIxMTQ4MDBaFw0xNjA1MTExMTQ4MDBaMEMxETAPBgNVBAMM
17
+ CGpiZWxsb25lMRkwFwYKCZImiZPyLGQBGRYJYmxvb21iZXJnMRMwEQYKCZImiZPy
18
+ LGQBGRYDbmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx80/n6+x
19
+ 5RI+ugGdqXig+hULz8KlkE5VbEetK00aeeaMKlcWcHSd1bSAHEmiNsLtLyvpJDOg
20
+ 8s9tJhRgb34HokvDeXBnHJGWMr5cS4dMJhLqKuVzslxxcqfxBp3UeIjpWWlSix4H
21
+ QdNE9voUcZ+EhlARCoVScZRlGONt/Vx4zGA/Z259Mv0BMwNkR1zMYejSBJ2k/yip
22
+ qOqEoCxR7n1CtXlFkHuIVdS/cdqFMHs2aKjcWknWn0sgEuaoXoySZ3NKlRUm9oER
23
+ eufdhsTJrqO0N7WACPNyVKPCEFByYV+VsMY4JkD2P4LLa8dZ5ZHAysMLwsuTXLoP
24
+ YwfNJXVwfnOcrwIDAQABo38wfTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNV
25
+ HQ4EFgQUY9aHNhMeBN0eUu5BCTQlwYcyiS0wIQYDVR0RBBowGIEWamJlbGxvbmVA
26
+ Ymxvb21iZXJnLm5ldDAhBgNVHRIEGjAYgRZqYmVsbG9uZUBibG9vbWJlcmcubmV0
27
+ MA0GCSqGSIb3DQEBBQUAA4IBAQCE38N8KnGIdcPSSogX7cMk20tgP57i5kB2Ahwh
28
+ q9RM5bVyWlYyRiqN9C1EtMjrpwYrImmlDVJjqcL5cVF8KbAFxL4rMZkOcWnINxE7
29
+ ieN0JbYiH7gfXNKHAF6DOZD3k3RgGpQpYMjqSduTTXd+mTZ90DGww7zUXONZEkW+
30
+ 5FZzj2l3YNQUqohN9LtgnwZBhFo9LPrUkRdtvgw74FM/h4tsToI2buSKN1nGTWBW
31
+ cKcRBHKYVo5pQ0zs2WJv6Qwa8KhCS5HlABy/3x2Mqt6reHGppi7nVC4nUt/B1y/9
32
+ e2Nj035zG32VLvxrvP4OKOJJlV2dnn0CyZeQYgpZ5+d1C/lz
33
+ -----END CERTIFICATE-----
34
+ date: 2015-05-12 00:00:00.000000000 Z
35
+ dependencies:
36
+ - !ruby/object:Gem::Dependency
37
+ name: bundler
38
+ requirement: !ruby/object:Gem::Requirement
39
+ requirements:
40
+ - - ~>
41
+ - !ruby/object:Gem::Version
42
+ version: '1.7'
43
+ type: :development
44
+ prerelease: false
45
+ version_requirements: !ruby/object:Gem::Requirement
46
+ requirements:
47
+ - - ~>
48
+ - !ruby/object:Gem::Version
49
+ version: '1.7'
50
+ - !ruby/object:Gem::Dependency
51
+ name: rake
52
+ requirement: !ruby/object:Gem::Requirement
53
+ requirements:
54
+ - - '>='
55
+ - !ruby/object:Gem::Version
56
+ version: '0'
57
+ type: :development
58
+ prerelease: false
59
+ version_requirements: !ruby/object:Gem::Requirement
60
+ requirements:
61
+ - - '>='
62
+ - !ruby/object:Gem::Version
63
+ version: '0'
64
+ description: |2
65
+ A Vagrant plugin that installs CA certificates onto the virtual machine.
66
+ This is useful, for example, in the case where you are behind a corporate proxy
67
+ server that injects its own self signed SSL certificates when you visit https sites.
68
+ email:
69
+ - mail@williambailey.org.uk
70
+ - jbellone@bloomberg.net
71
+ executables: []
72
+ extensions: []
73
+ extra_rdoc_files: []
74
+ files:
75
+ - .gitignore
76
+ - .rspec
77
+ - CONTRIBUTING.md
78
+ - Gemfile
79
+ - LICENSE
80
+ - README.md
81
+ - Rakefile
82
+ - bin/rspec
83
+ - certs/jbellone.pem
84
+ - lib/vagrant-ca-certificates.rb
85
+ - lib/vagrant-ca-certificates/action/install_certificates.rb
86
+ - lib/vagrant-ca-certificates/cap/debian/certificate_file_bundle.rb
87
+ - lib/vagrant-ca-certificates/cap/debian/certificate_upload_path.rb
88
+ - lib/vagrant-ca-certificates/cap/debian/update_certificate_bundle.rb
89
+ - lib/vagrant-ca-certificates/cap/redhat/certificate_file_bundle.rb
90
+ - lib/vagrant-ca-certificates/cap/redhat/certificate_upload_path.rb
91
+ - lib/vagrant-ca-certificates/cap/redhat/helpers.rb
92
+ - lib/vagrant-ca-certificates/cap/redhat/update_certificate_bundle.rb
93
+ - lib/vagrant-ca-certificates/config.rb
94
+ - lib/vagrant-ca-certificates/plugin.rb
95
+ - lib/vagrant-ca-certificates/version.rb
96
+ - locales/en.yml
97
+ - spec/spec_helper.rb
98
+ - spec/unit/vagrant-ca-certificates/action/install_certificates_spec.rb
99
+ - spec/unit/vagrant-ca-certificates/cap/debian/certificate_upload_path_spec.rb
100
+ - spec/unit/vagrant-ca-certificates/cap/debian/update_certificate_bundle_spec.rb
101
+ - spec/unit/vagrant-ca-certificates/cap/redhat/certificate_upload_path_spec.rb
102
+ - spec/unit/vagrant-ca-certificates/cap/redhat/update_certificate_bundle_spec.rb
103
+ - spec/unit/vagrant-ca-certificates/config_spec.rb
104
+ - vagrant-ca-certificates.gemspec
105
+ homepage: https://github.com/williambailey/vagrant-ca-certificates
106
+ licenses:
107
+ - MIT
108
+ metadata: {}
109
+ post_install_message:
110
+ rdoc_options: []
111
+ require_paths:
112
+ - lib
113
+ required_ruby_version: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - '>='
116
+ - !ruby/object:Gem::Version
117
+ version: '0'
118
+ required_rubygems_version: !ruby/object:Gem::Requirement
119
+ requirements:
120
+ - - '>='
121
+ - !ruby/object:Gem::Version
122
+ version: '0'
123
+ requirements: []
124
+ rubyforge_project:
125
+ rubygems_version: 2.0.14
126
+ signing_key:
127
+ specification_version: 4
128
+ summary: A Vagrant plugin that installs CA certificates onto the virtual machine.
129
+ test_files:
130
+ - spec/spec_helper.rb
131
+ - spec/unit/vagrant-ca-certificates/action/install_certificates_spec.rb
132
+ - spec/unit/vagrant-ca-certificates/cap/debian/certificate_upload_path_spec.rb
133
+ - spec/unit/vagrant-ca-certificates/cap/debian/update_certificate_bundle_spec.rb
134
+ - spec/unit/vagrant-ca-certificates/cap/redhat/certificate_upload_path_spec.rb
135
+ - spec/unit/vagrant-ca-certificates/cap/redhat/update_certificate_bundle_spec.rb
136
+ - spec/unit/vagrant-ca-certificates/config_spec.rb
metadata.gz.sig ADDED
@@ -0,0 +1 @@
1
+ /߅���3���|������$���t�m��6�w�<��g�Q��+S�8՛�_��Dp���ڇ�Z��(]FR�7x ji {&�9km�!2o�{���l��e8��`G+WS0��u{�BE�>��H �_��n����l۔�������P_TM%@0�<E�&�6y��'%��'xU{�����9s�31tnV�č^۞�g۶ɁԽ8Y�&�����P���f���?��ɭpVK��w�#zc��qebǜPn�֭�