zanzibar 0.1.13 → 0.1.15
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +8 -8
- data/.gitignore +3 -0
- data/.rspec +1 -1
- data/.rubocop.yml +5 -0
- data/Gemfile +0 -13
- data/README.md +68 -6
- data/Rakefile +11 -11
- data/bin/zamioculcas +3 -1
- data/bin/zanzibar +2 -68
- data/lib/zanzibar/actions/base.rb +27 -0
- data/lib/zanzibar/actions/bundle.rb +119 -0
- data/lib/zanzibar/actions/get.rb +61 -0
- data/lib/zanzibar/actions/init.rb +40 -0
- data/lib/zanzibar/actions.rb +3 -0
- data/lib/zanzibar/cli.rb +126 -0
- data/lib/zanzibar/defaults.rb +14 -0
- data/lib/zanzibar/error.rb +6 -0
- data/lib/zanzibar/ui.rb +42 -0
- data/lib/zanzibar/version.rb +4 -3
- data/lib/zanzibar.rb +190 -190
- data/spec/files/.gitignore +1 -0
- data/spec/files/Zanzifile +11 -0
- data/spec/files/scrt.wsdl +629 -0
- data/spec/lib/zanzibar/actions/bundle_spec.rb +95 -0
- data/spec/lib/zanzibar/actions/get_spec.rb +64 -0
- data/spec/lib/zanzibar/actions/init_spec.rb +53 -0
- data/spec/lib/zanzibar/version_spec.rb +12 -0
- data/spec/{zanzibar_spec.rb → lib/zanzibar_spec.rb} +116 -123
- data/spec/spec_helper.rb +37 -0
- data/templates/Zanzifile.erb +11 -0
- data/zanzibar.gemspec +12 -4
- metadata +142 -19
- data/spec/spec/spec_helper.rb +0 -95
data/lib/zanzibar/ui.rb
ADDED
@@ -0,0 +1,42 @@
|
|
1
|
+
require 'rubygems/user_interaction'
|
2
|
+
|
3
|
+
module Zanzibar
|
4
|
+
# Prints messages out to stdout
|
5
|
+
class Shell
|
6
|
+
attr_writer :shell
|
7
|
+
|
8
|
+
def initialize(shell)
|
9
|
+
@shell = shell
|
10
|
+
@quiet = false
|
11
|
+
@debug = ENV['DEBUG']
|
12
|
+
end
|
13
|
+
|
14
|
+
def debug(message = nil)
|
15
|
+
@shell.say(message || yield) if @debug && !@quiet
|
16
|
+
end
|
17
|
+
|
18
|
+
def info(message = nil)
|
19
|
+
@shell.say(message || yield) unless @quiet
|
20
|
+
end
|
21
|
+
|
22
|
+
def confirm(message = nil)
|
23
|
+
@shell.say(message || yield, :green) unless @quiet
|
24
|
+
end
|
25
|
+
|
26
|
+
def warn(message = nil)
|
27
|
+
@shell.say(message || yield, :yellow)
|
28
|
+
end
|
29
|
+
|
30
|
+
def error(message = nil)
|
31
|
+
@shell.say(message || yield, :red)
|
32
|
+
end
|
33
|
+
|
34
|
+
def be_quiet!
|
35
|
+
@quiet = true
|
36
|
+
end
|
37
|
+
|
38
|
+
def debug!
|
39
|
+
@debug = true
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
data/lib/zanzibar/version.rb
CHANGED
@@ -1,3 +1,4 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
1
|
+
# The version of the gem
|
2
|
+
module Zanzibar
|
3
|
+
VERSION = '0.1.15'
|
4
|
+
end
|
data/lib/zanzibar.rb
CHANGED
@@ -1,190 +1,190 @@
|
|
1
|
-
require 'zanzibar/version'
|
2
|
-
require 'savon'
|
3
|
-
require 'io/console'
|
4
|
-
require 'fileutils'
|
5
|
-
|
6
|
-
module Zanzibar
|
7
|
-
##
|
8
|
-
# Class for interacting with Secret Server
|
9
|
-
class Zanzibar
|
10
|
-
##
|
11
|
-
# @param args{:domain, :wsdl, :pwd, :username, :globals{}}
|
12
|
-
|
13
|
-
def initialize(args = {})
|
14
|
-
if args[:username]
|
15
|
-
@@username = args[:username]
|
16
|
-
elsif ENV['ZANZIBAR_USER']
|
17
|
-
@@username = ENV['ZANZIBAR_USER']
|
18
|
-
else
|
19
|
-
@@username = ENV['USER']
|
20
|
-
end
|
21
|
-
|
22
|
-
if args[:wsdl]
|
23
|
-
@@wsdl = args[:wsdl]
|
24
|
-
else
|
25
|
-
@@wsdl = get_wsdl_location
|
26
|
-
end
|
27
|
-
|
28
|
-
if args[:pwd]
|
29
|
-
@@password = args[:pwd]
|
30
|
-
elsif ENV['ZANZIBAR_PASSWORD']
|
31
|
-
@@password = ENV['ZANZIBAR_PASSWORD']
|
32
|
-
else
|
33
|
-
@@password = prompt_for_password
|
34
|
-
end
|
35
|
-
|
36
|
-
if args[:domain]
|
37
|
-
@@domain = args[:domain]
|
38
|
-
else
|
39
|
-
@@domain = prompt_for_domain
|
40
|
-
end
|
41
|
-
args[:globals] = {} unless args[:globals]
|
42
|
-
init_client(args[:globals])
|
43
|
-
end
|
44
|
-
|
45
|
-
def get_client_username
|
46
|
-
@@username
|
47
|
-
end
|
48
|
-
|
49
|
-
def get_client_password
|
50
|
-
@@password
|
51
|
-
end
|
52
|
-
|
53
|
-
## Initializes the Savon client class variable with the wdsl document location and optional global variables
|
54
|
-
# @param globals{}, optional
|
55
|
-
|
56
|
-
def init_client(globals = {})
|
57
|
-
globals = {} if globals.nil?
|
58
|
-
@@client = Savon.client(globals) do
|
59
|
-
wsdl @@wsdl
|
60
|
-
end
|
61
|
-
end
|
62
|
-
|
63
|
-
## Gets the user's password if none is provided in the constructor.
|
64
|
-
# @return [String] the password for the current user
|
65
|
-
|
66
|
-
def prompt_for_password
|
67
|
-
puts "Please enter password for #{@@username}:"
|
68
|
-
STDIN.noecho(&:gets).chomp
|
69
|
-
end
|
70
|
-
|
71
|
-
## Gets the wsdl document location if none is provided in the constructor
|
72
|
-
# @return [String] the location of the WDSL document
|
73
|
-
|
74
|
-
def prompt_for_wsdl_location
|
75
|
-
puts 'Enter the URL of the Secret Server WSDL:'
|
76
|
-
STDIN.gets.chomp
|
77
|
-
end
|
78
|
-
|
79
|
-
## Gets the domain of the Secret Server installation if none is provided in the constructor
|
80
|
-
# @return [String] the domain of the secret server installation
|
81
|
-
|
82
|
-
def prompt_for_domain
|
83
|
-
puts 'Enter the domain of your Secret Server:'
|
84
|
-
STDIN.gets.chomp
|
85
|
-
end
|
86
|
-
|
87
|
-
## Get an authentication token for interacting with Secret Server. These are only good for about 10 minutes so just get a new one each time.
|
88
|
-
# Will raise an error if there is an issue with the authentication.
|
89
|
-
# @return the authentication token for the current user.
|
90
|
-
|
91
|
-
def get_token
|
92
|
-
response = @@client.call(:authenticate, message: { username: @@username, password: @@password, organization: '', domain: @@domain })
|
93
|
-
.hash[:envelope][:body][:authenticate_response][:authenticate_result]
|
94
|
-
fail "Error generating the authentication token for user #{@@username}: #{response[:errors][:string]}" if response[:errors]
|
95
|
-
response[:token]
|
96
|
-
rescue Savon::Error => err
|
97
|
-
raise "There was an error generating the authentiaton token for user #{@@username}: #{err}"
|
98
|
-
end
|
99
|
-
|
100
|
-
## Get a secret returned as a hash
|
101
|
-
# Will raise an error if there was an issue getting the secret
|
102
|
-
# @param [Integer] the secret id
|
103
|
-
# @return [Hash] the secret hash retrieved from the wsdl
|
104
|
-
|
105
|
-
def get_secret(scrt_id, token = nil)
|
106
|
-
secret = @@client.call(:get_secret, message: { token: token || get_token, secretId: scrt_id }).hash[:envelope][:body][:get_secret_response][:get_secret_result]
|
107
|
-
fail "There was an error getting secret #{scrt_id}: #{secret[:errors][:string]}" if secret[:errors]
|
108
|
-
return secret
|
109
|
-
rescue Savon::Error => err
|
110
|
-
raise "There was an error getting the secret with id #{scrt_id}: #{err}"
|
111
|
-
end
|
112
|
-
|
113
|
-
## Retrieve a simple password from a secret
|
114
|
-
# Will raise an error if there are any issues
|
115
|
-
# @param [Integer] the secret id
|
116
|
-
# @return [String] the password for the given secret
|
117
|
-
|
118
|
-
def get_password(scrt_id)
|
119
|
-
secret = get_secret(scrt_id)
|
120
|
-
secret_items = secret[:secret][:items][:secret_item]
|
121
|
-
return get_secret_item_by_field_name(secret_items, 'Password')[:value]
|
122
|
-
rescue Savon::Error => err
|
123
|
-
raise "There was an error getting the password for secret #{scrt_id}: #{err}"
|
124
|
-
end
|
125
|
-
|
126
|
-
def write_secret_to_file(path, secret_response)
|
127
|
-
File.open(File.join(path, secret_response[:file_name]), 'wb') do |file|
|
128
|
-
file.puts Base64.decode64(secret_response[:file_attachment])
|
129
|
-
end
|
130
|
-
end
|
131
|
-
|
132
|
-
def get_secret_item_by_field_name(secret_items, field_name)
|
133
|
-
secret_items.each do |item|
|
134
|
-
return item if item[:field_name] == field_name
|
135
|
-
end
|
136
|
-
end
|
137
|
-
|
138
|
-
## Get the secret item id that relates to a key file or attachment.
|
139
|
-
# Will raise on error
|
140
|
-
# @param [Integer] the secret id
|
141
|
-
# @param [String] the type of secret item to get, one of privatekey, publickey, attachment
|
142
|
-
# @return [Integer] the secret item id
|
143
|
-
|
144
|
-
def get_scrt_item_id(scrt_id, type, token)
|
145
|
-
secret = get_secret(scrt_id, token)
|
146
|
-
secret_items = secret[:secret][:items][:secret_item]
|
147
|
-
begin
|
148
|
-
return get_secret_item_by_field_name(secret_items, type)[:id]
|
149
|
-
rescue
|
150
|
-
raise "Unknown type, #{type}."
|
151
|
-
end
|
152
|
-
end
|
153
|
-
|
154
|
-
## Downloads a file for a secret and places it where Zanzibar is running, or :path if specified
|
155
|
-
# Raise on error
|
156
|
-
# @param [Hash] args, :scrt_id, :type (one of "Private Key", "Public Key", "Attachment"), :scrt_item_id - optional, :path - optional
|
157
|
-
|
158
|
-
def download_secret_file(args = {})
|
159
|
-
token = get_token
|
160
|
-
FileUtils.mkdir_p(args[:path]) if args[:path]
|
161
|
-
path = args[:path] ? args[:path] : '.' ## The File.join below doesn't handle nils well, so let's take that possibility away.
|
162
|
-
begin
|
163
|
-
response = @@client.call(:download_file_attachment_by_item_id, message:
|
164
|
-
{ token: token, secretId: args[:scrt_id], secretItemId: args[:scrt_item_id] || get_scrt_item_id(args[:scrt_id], args[:type], token) })
|
165
|
-
.hash[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result]
|
166
|
-
fail "There was an error getting the #{args[:type]} for secret #{args[:scrt_id]}: #{response[:errors][:string]}" if response[:errors]
|
167
|
-
write_secret_to_file(path, response)
|
168
|
-
return File.join(path, response[:file_name])
|
169
|
-
rescue Savon::Error => err
|
170
|
-
raise "There was an error getting the #{args[:type]} for secret #{args[:scrt_id]}: #{err}"
|
171
|
-
end
|
172
|
-
end
|
173
|
-
|
174
|
-
## Methods to maintain backwards compatibility
|
175
|
-
def download_private_key(args = {})
|
176
|
-
args[:type] = 'Private Key'
|
177
|
-
download_secret_file(args)
|
178
|
-
end
|
179
|
-
|
180
|
-
def download_public_key(args = {})
|
181
|
-
args[:type] = 'Public Key'
|
182
|
-
download_secret_file(args)
|
183
|
-
end
|
184
|
-
|
185
|
-
def download_attachment(args = {})
|
186
|
-
args[:type] = 'Attachment'
|
187
|
-
download_secret_file(args)
|
188
|
-
end
|
189
|
-
end
|
190
|
-
end
|
1
|
+
require 'zanzibar/version'
|
2
|
+
require 'savon'
|
3
|
+
require 'io/console'
|
4
|
+
require 'fileutils'
|
5
|
+
|
6
|
+
module Zanzibar
|
7
|
+
##
|
8
|
+
# Class for interacting with Secret Server
|
9
|
+
class Zanzibar
|
10
|
+
##
|
11
|
+
# @param args{:domain, :wsdl, :pwd, :username, :globals{}}
|
12
|
+
|
13
|
+
def initialize(args = {})
|
14
|
+
if args[:username]
|
15
|
+
@@username = args[:username]
|
16
|
+
elsif ENV['ZANZIBAR_USER']
|
17
|
+
@@username = ENV['ZANZIBAR_USER']
|
18
|
+
else
|
19
|
+
@@username = ENV['USER']
|
20
|
+
end
|
21
|
+
|
22
|
+
if args[:wsdl]
|
23
|
+
@@wsdl = args[:wsdl]
|
24
|
+
else
|
25
|
+
@@wsdl = get_wsdl_location
|
26
|
+
end
|
27
|
+
|
28
|
+
if args[:pwd]
|
29
|
+
@@password = args[:pwd]
|
30
|
+
elsif ENV['ZANZIBAR_PASSWORD']
|
31
|
+
@@password = ENV['ZANZIBAR_PASSWORD']
|
32
|
+
else
|
33
|
+
@@password = prompt_for_password
|
34
|
+
end
|
35
|
+
|
36
|
+
if args[:domain]
|
37
|
+
@@domain = args[:domain]
|
38
|
+
else
|
39
|
+
@@domain = prompt_for_domain
|
40
|
+
end
|
41
|
+
args[:globals] = {} unless args[:globals]
|
42
|
+
init_client(args[:globals])
|
43
|
+
end
|
44
|
+
|
45
|
+
def get_client_username
|
46
|
+
@@username
|
47
|
+
end
|
48
|
+
|
49
|
+
def get_client_password
|
50
|
+
@@password
|
51
|
+
end
|
52
|
+
|
53
|
+
## Initializes the Savon client class variable with the wdsl document location and optional global variables
|
54
|
+
# @param globals{}, optional
|
55
|
+
|
56
|
+
def init_client(globals = {})
|
57
|
+
globals = {} if globals.nil?
|
58
|
+
@@client = Savon.client(globals) do
|
59
|
+
wsdl @@wsdl
|
60
|
+
end
|
61
|
+
end
|
62
|
+
|
63
|
+
## Gets the user's password if none is provided in the constructor.
|
64
|
+
# @return [String] the password for the current user
|
65
|
+
|
66
|
+
def prompt_for_password
|
67
|
+
puts "Please enter password for #{@@username}:"
|
68
|
+
STDIN.noecho(&:gets).chomp
|
69
|
+
end
|
70
|
+
|
71
|
+
## Gets the wsdl document location if none is provided in the constructor
|
72
|
+
# @return [String] the location of the WDSL document
|
73
|
+
|
74
|
+
def prompt_for_wsdl_location
|
75
|
+
puts 'Enter the URL of the Secret Server WSDL:'
|
76
|
+
STDIN.gets.chomp
|
77
|
+
end
|
78
|
+
|
79
|
+
## Gets the domain of the Secret Server installation if none is provided in the constructor
|
80
|
+
# @return [String] the domain of the secret server installation
|
81
|
+
|
82
|
+
def prompt_for_domain
|
83
|
+
puts 'Enter the domain of your Secret Server:'
|
84
|
+
STDIN.gets.chomp
|
85
|
+
end
|
86
|
+
|
87
|
+
## Get an authentication token for interacting with Secret Server. These are only good for about 10 minutes so just get a new one each time.
|
88
|
+
# Will raise an error if there is an issue with the authentication.
|
89
|
+
# @return the authentication token for the current user.
|
90
|
+
|
91
|
+
def get_token
|
92
|
+
response = @@client.call(:authenticate, message: { username: @@username, password: @@password, organization: '', domain: @@domain })
|
93
|
+
.hash[:envelope][:body][:authenticate_response][:authenticate_result]
|
94
|
+
fail "Error generating the authentication token for user #{@@username}: #{response[:errors][:string]}" if response[:errors]
|
95
|
+
response[:token]
|
96
|
+
rescue Savon::Error => err
|
97
|
+
raise "There was an error generating the authentiaton token for user #{@@username}: #{err}"
|
98
|
+
end
|
99
|
+
|
100
|
+
## Get a secret returned as a hash
|
101
|
+
# Will raise an error if there was an issue getting the secret
|
102
|
+
# @param [Integer] the secret id
|
103
|
+
# @return [Hash] the secret hash retrieved from the wsdl
|
104
|
+
|
105
|
+
def get_secret(scrt_id, token = nil)
|
106
|
+
secret = @@client.call(:get_secret, message: { token: token || get_token, secretId: scrt_id }).hash[:envelope][:body][:get_secret_response][:get_secret_result]
|
107
|
+
fail "There was an error getting secret #{scrt_id}: #{secret[:errors][:string]}" if secret[:errors]
|
108
|
+
return secret
|
109
|
+
rescue Savon::Error => err
|
110
|
+
raise "There was an error getting the secret with id #{scrt_id}: #{err}"
|
111
|
+
end
|
112
|
+
|
113
|
+
## Retrieve a simple password from a secret
|
114
|
+
# Will raise an error if there are any issues
|
115
|
+
# @param [Integer] the secret id
|
116
|
+
# @return [String] the password for the given secret
|
117
|
+
|
118
|
+
def get_password(scrt_id)
|
119
|
+
secret = get_secret(scrt_id)
|
120
|
+
secret_items = secret[:secret][:items][:secret_item]
|
121
|
+
return get_secret_item_by_field_name(secret_items, 'Password')[:value]
|
122
|
+
rescue Savon::Error => err
|
123
|
+
raise "There was an error getting the password for secret #{scrt_id}: #{err}"
|
124
|
+
end
|
125
|
+
|
126
|
+
def write_secret_to_file(path, secret_response)
|
127
|
+
File.open(File.join(path, secret_response[:file_name]), 'wb') do |file|
|
128
|
+
file.puts Base64.decode64(secret_response[:file_attachment])
|
129
|
+
end
|
130
|
+
end
|
131
|
+
|
132
|
+
def get_secret_item_by_field_name(secret_items, field_name)
|
133
|
+
secret_items.each do |item|
|
134
|
+
return item if item[:field_name] == field_name
|
135
|
+
end
|
136
|
+
end
|
137
|
+
|
138
|
+
## Get the secret item id that relates to a key file or attachment.
|
139
|
+
# Will raise on error
|
140
|
+
# @param [Integer] the secret id
|
141
|
+
# @param [String] the type of secret item to get, one of privatekey, publickey, attachment
|
142
|
+
# @return [Integer] the secret item id
|
143
|
+
|
144
|
+
def get_scrt_item_id(scrt_id, type, token)
|
145
|
+
secret = get_secret(scrt_id, token)
|
146
|
+
secret_items = secret[:secret][:items][:secret_item]
|
147
|
+
begin
|
148
|
+
return get_secret_item_by_field_name(secret_items, type)[:id]
|
149
|
+
rescue
|
150
|
+
raise "Unknown type, #{type}."
|
151
|
+
end
|
152
|
+
end
|
153
|
+
|
154
|
+
## Downloads a file for a secret and places it where Zanzibar is running, or :path if specified
|
155
|
+
# Raise on error
|
156
|
+
# @param [Hash] args, :scrt_id, :type (one of "Private Key", "Public Key", "Attachment"), :scrt_item_id - optional, :path - optional
|
157
|
+
|
158
|
+
def download_secret_file(args = {})
|
159
|
+
token = get_token
|
160
|
+
FileUtils.mkdir_p(args[:path]) if args[:path]
|
161
|
+
path = args[:path] ? args[:path] : '.' ## The File.join below doesn't handle nils well, so let's take that possibility away.
|
162
|
+
begin
|
163
|
+
response = @@client.call(:download_file_attachment_by_item_id, message:
|
164
|
+
{ token: token, secretId: args[:scrt_id], secretItemId: args[:scrt_item_id] || get_scrt_item_id(args[:scrt_id], args[:type], token) })
|
165
|
+
.hash[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result]
|
166
|
+
fail "There was an error getting the #{args[:type]} for secret #{args[:scrt_id]}: #{response[:errors][:string]}" if response[:errors]
|
167
|
+
write_secret_to_file(path, response)
|
168
|
+
return File.join(path, response[:file_name])
|
169
|
+
rescue Savon::Error => err
|
170
|
+
raise "There was an error getting the #{args[:type]} for secret #{args[:scrt_id]}: #{err}"
|
171
|
+
end
|
172
|
+
end
|
173
|
+
|
174
|
+
## Methods to maintain backwards compatibility
|
175
|
+
def download_private_key(args = {})
|
176
|
+
args[:type] = 'Private Key'
|
177
|
+
download_secret_file(args)
|
178
|
+
end
|
179
|
+
|
180
|
+
def download_public_key(args = {})
|
181
|
+
args[:type] = 'Public Key'
|
182
|
+
download_secret_file(args)
|
183
|
+
end
|
184
|
+
|
185
|
+
def download_attachment(args = {})
|
186
|
+
args[:type] = 'Attachment'
|
187
|
+
download_secret_file(args)
|
188
|
+
end
|
189
|
+
end
|
190
|
+
end
|
@@ -0,0 +1 @@
|
|
1
|
+
!Zanzifile
|