TerribleDev/zanzibar
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

making zanzibar bin a thor app with bundler/librarian type capability

Browse Source
This commit is contained in:
Norm MacLennan
2015-02-01 00:34:35 -05:00
parent d91b418963
commit 184b0b443c
29 changed files with 1747 additions and 515 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
README.md
View File

@@ -21,7 +21,11 @@ Or install it yourself as:
## Usage
In your ruby project, rakefile, etc., create a new Zanzibar object. The constructor takes a hash of optional parameters for the WSDL location, the domain of the Secret Server, a hash of global variables to pass to savon (necessary for windows environments with self-signed certs) and a password for the current user (intended to be passed in through some encryption method, unless you really want a plaintext password there.). All of these parameters are optional and the user will be prompted to enter them if they are missing.
In your ruby project, rakefile, etc., create a new Zanzibar object.
The constructor takes a hash of optional parameters for the WSDL location, the domain of the Secret Server, a hash of global variables to pass to savon (necessary for windows environments with self-signed certs) and a password for the current user (intended to be passed in through some encryption method, unless you really want a plaintext password there).
All of these parameters are optional and the user will be prompted to enter them if they are missing.
```ruby
my_object = Zanzibar::Zanzibar.new(:domain => 'my.domain.net', :wsdl => 'my.scrt.srvr.com/webservices/sswebservice.asmx?wdsl', :pwd => get_encrypted_password_from_somewhere)
@@ -51,20 +55,78 @@ secrets.download_secret_file(:scrt_id => 2345, :path => 'secrets/', :type => "At
```
### Providing Credentials
Zanzibar has several ways of finding Secret Server credentials. It will use credentials
discovered in this order:
* Credentials passed to the initializer
* `Zanzibar::Zanzibar.new(:username=>'auser', :password=>'itsmyPassword')`
* Credentials discovered via the environment
* If `ZANZIBAR_USER` exists, it will use that.
* If not, it will try `USER`
* If `ZANZIBAR_PASSWORD` exists, it will use that.
* Credentials entered by the user
* Zanzibar will prompt the user to enter their password on STDIN
### Command Line
Zanzibar comes bundled with the `zanzibar` command-line utility that can be used for fetching passwords and downloading keys from outside of Ruby.
Zanzibar comes bundled with the `zanzibar` command-line utility that can be used
for fetching passwords and downloading keys from outside of Ruby scripts.
`zanzibar` supports most actions provided by Zanzibar itself. Because it operates on the command-line, it can be used as part of a pipeline or within a bash script.
`zanzibar` supports most actions provided by Zanzibar itself. Because it operates
on the command-line, it can be used as part of a pipeline or within a bash script.
```bash
# if you don't pipe in a password, you will be prompted to enter one.
# if ZANZIBAR_PASSWORD is not set, you will be prompted to enter your password.
# this will download the private key from secret 1984 to the current directory
cat ./local-password | zanzibar 1984 -s server.example.com -d example.com -t privatekey
$ ZANZIBAR_PASSWORD=`gpg -d secretpasswd.txt.gpg` zanzibar get 1984 -s server.example.com -d example.com -f "Private Key"
ssh user@someremote -i ./private_key
$ ssh user@someremote -i ./private_key
```
#### Zanzifiles
The `zanzibar` command can also perform [bundler](http://bundler.io)-like actions.
Running `zanzibar init` will generate a `Zanzifile` in the current directory.
Information about Secret Server and the necessary secret files to be downloaded
can be added here.
Then `zanzibar bundle` will try to download the secrets named in the file.
When it downloads a file, it gets added to `Zanzifile.resolved`. And next time
`zanzibar bundle` is run, if the file exists and the hash matches the one in the
`resolved` file, it will not attempt to re-download. `zanzibar update` will attempt
to re-download all secrets.
Note: `zanzibar get` can fetch passwords or files, but `zanzibar bundle` can
only operate on secret files.
Sample `Zanzifile`:
```yaml
---
settings:
wsdl: my.scrt.srvr.com/webservices/sswebservice.asmx?wdsl
domain: my.domain.net
secret_dir: secrets/
ignore_ssl: true
secrets:
ssh_key:
id: 249
label: Private Key
encryption_key:
id: 483
label: Attachment
cert_pem:
id: 123
label: Certificate
cert_key:
id: 986
label: Misc Attachment
```
Run `zanzibar help` or `zanzibar help [command]` for more information.
## Contributing
1. Fork it ( https://github.com/Cimpress-MCP/zanzibar/fork )