From ed496bd41639ff0e3e52ddeb6aeb47382be643f1 Mon Sep 17 00:00:00 2001 From: Jason Davis-Cooke Date: Wed, 25 Feb 2015 14:28:43 -0500 Subject: [PATCH 1/6] Save zanzifile passwords to file --- lib/zanzibar.rb | 16 +++++++++++++++- lib/zanzibar/actions/bundle.rb | 23 +++++++++++++++++------ lib/zanzibar/cli.rb | 1 + 3 files changed, 33 insertions(+), 7 deletions(-) diff --git a/lib/zanzibar.rb b/lib/zanzibar.rb index 8a2f2ae..7a040a9 100644 --- a/lib/zanzibar.rb +++ b/lib/zanzibar.rb @@ -110,7 +110,7 @@ module Zanzibar raise "There was an error getting the secret with id #{scrt_id}: #{err}" end - ## Retrieve a simple password from a secret + ## Retrieve a simple password from a secret, and save it to a file if requested # Will raise an error if there are any issues # @param [Integer] the secret id # @return [String] the password for the given secret @@ -123,12 +123,26 @@ module Zanzibar raise "There was an error getting the password for secret #{scrt_id}: #{err}" end + ## Get the password, save it to a file, and return the path to the file. + def get_password_and_save(scrt_id, path, name) + password = get_password(scrt_id) + save_password_to_file(password, path, name) + return File.join(path, name) + end + def write_secret_to_file(path, secret_response) File.open(File.join(path, secret_response[:file_name]), 'wb') do |file| file.puts Base64.decode64(secret_response[:file_attachment]) end end + ## Write the password to a file. Intended for use with a Zanzifile + def save_password_to_file(password, path, name) + File.open(File.join(path, name), 'wb') do |file| + file.puts password + end + end + def get_secret_item_by_field_name(secret_items, field_name) secret_items.each do |item| return item if item[:field_name] == field_name diff --git a/lib/zanzibar/actions/bundle.rb b/lib/zanzibar/actions/bundle.rb index 082d897..998c239 100644 --- a/lib/zanzibar/actions/bundle.rb +++ b/lib/zanzibar/actions/bundle.rb @@ -20,6 +20,7 @@ module Zanzibar def run ensure_zanzifile load_required_secrets + ensure_secrets_path validate_environment load_resolved_secrets if resolved_file? validate_local_secrets unless @update @@ -42,6 +43,10 @@ module Zanzibar debug { "#{ZANZIFILE_NAME} located..." } end + def ensure_secrets_path + FileUtils.mkdir_p(@settings['secret_dir']) + end + def resolved_file? File.exist? RESOLVED_NAME end @@ -80,23 +85,29 @@ module Zanzibar downloaded_secrets = {} remote_secrets.each do |key, secret| + puts "Downloading #{key} - #{secret['id']}" downloaded_secrets[key] = download_one_secret(secret['id'], secret['label'], @settings['secret_dir'], - args) + args, + secret['name'] || "#{secret['id']}_password") - debug { "Downloaded secret: #{key} to #{path}..." } + debug { "Downloaded secret: #{key} to #{secret['path']}..." } end downloaded_secrets end - def download_one_secret(scrt_id, label, path, args) - path = zanzibar(args).download_secret_file(scrt_id: scrt_id, + def download_one_secret(scrt_id, label, path, args, name = nil) + if label == 'Password' + path = zanzibar(args).get_password_and_save(scrt_id, path, name) + { path: path, hash: Digest::MD5.file(path).hexdigest } + else + path = zanzibar(args).download_secret_file(scrt_id: scrt_id, type: label, path: path) - - { path: path, hash: Digest::MD5.file(path).hexdigest } + { path: path, hash: Digest::MD5.file(path).hexdigest } + end end def update_resolved_file(new_secrets) diff --git a/lib/zanzibar/cli.rb b/lib/zanzibar/cli.rb index 890d645..61d4942 100644 --- a/lib/zanzibar/cli.rb +++ b/lib/zanzibar/cli.rb @@ -53,6 +53,7 @@ module Zanzibar end desc 'plunder', "Alias to `#{APPLICATION_NAME} bundle`", :hide => true + option 'verbose', type: :boolean, default: false, aliases: :v alias_method :plunder, :bundle desc 'install', "Alias to `#{APPLICATION_NAME} bundle`" From 179fa24ab9f231634139a3facc290eedb00a322d Mon Sep 17 00:00:00 2001 From: Jason Davis-Cooke Date: Thu, 26 Feb 2015 08:56:43 -0500 Subject: [PATCH 2/6] Save zanzifile passwords to disk --- lib/zanzibar.rb | 2 +- lib/zanzibar/actions/bundle.rb | 5 ++--- spec/lib/zanzibar_spec.rb | 11 +++++++++++ 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/lib/zanzibar.rb b/lib/zanzibar.rb index 7a040a9..fa01f6f 100644 --- a/lib/zanzibar.rb +++ b/lib/zanzibar.rb @@ -139,7 +139,7 @@ module Zanzibar ## Write the password to a file. Intended for use with a Zanzifile def save_password_to_file(password, path, name) File.open(File.join(path, name), 'wb') do |file| - file.puts password + file.print Base64.strict_encode64(password) end end diff --git a/lib/zanzibar/actions/bundle.rb b/lib/zanzibar/actions/bundle.rb index 998c239..4ef1f81 100644 --- a/lib/zanzibar/actions/bundle.rb +++ b/lib/zanzibar/actions/bundle.rb @@ -44,7 +44,7 @@ module Zanzibar end def ensure_secrets_path - FileUtils.mkdir_p(@settings['secret_dir']) + FileUtils.mkdir_p(@settings['secret_dir']) unless @settings['secret_dir'] == nil end def resolved_file? @@ -85,14 +85,13 @@ module Zanzibar downloaded_secrets = {} remote_secrets.each do |key, secret| - puts "Downloading #{key} - #{secret['id']}" downloaded_secrets[key] = download_one_secret(secret['id'], secret['label'], @settings['secret_dir'], args, secret['name'] || "#{secret['id']}_password") - debug { "Downloaded secret: #{key} to #{secret['path']}..." } + debug { "Downloaded secret: #{key} to #{@settings['secret_dir']}..." } end downloaded_secrets diff --git a/spec/lib/zanzibar_spec.rb b/spec/lib/zanzibar_spec.rb index 27d9bd6..00a4a31 100644 --- a/spec/lib/zanzibar_spec.rb +++ b/spec/lib/zanzibar_spec.rb @@ -104,6 +104,17 @@ describe 'Zanzibar Test' do File.delete('attachment.txt') end + it 'should save a password to a file' do + stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx') + .to_return(body: AUTH_XML, status: 200).then + .to_return(body: SECRET_XML, status: 200) + + client.get_password_and_save(1234, '.', 'zanziTestPassword') + expect(File.exist? 'zanziTestPassword') + expect(File.read('zanziTestPassword')).to eq(Base64.strict_encode64('zanziUserPassword')) + File.delete('zanziTestPassword') + end + it 'should use environment variables for credentials' do ENV['ZANZIBAR_USER'] = 'environment_user' ENV['ZANZIBAR_PASSWORD'] = 'environment_password' From 431c86bb0ee1171578b744c45051bbac6d3278d0 Mon Sep 17 00:00:00 2001 From: Jason Davis-Cooke Date: Thu, 26 Feb 2015 08:57:47 -0500 Subject: [PATCH 3/6] remove incorrect code documentation --- lib/zanzibar.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/zanzibar.rb b/lib/zanzibar.rb index fa01f6f..2faab8e 100644 --- a/lib/zanzibar.rb +++ b/lib/zanzibar.rb @@ -110,7 +110,7 @@ module Zanzibar raise "There was an error getting the secret with id #{scrt_id}: #{err}" end - ## Retrieve a simple password from a secret, and save it to a file if requested + ## Retrieve a simple password from a secret # Will raise an error if there are any issues # @param [Integer] the secret id # @return [String] the password for the given secret From 8778c7b27dbc62f185ece418ebff2d98b5c1cbd1 Mon Sep 17 00:00:00 2001 From: Jason Davis-Cooke Date: Thu, 26 Feb 2015 09:35:09 -0500 Subject: [PATCH 4/6] remove base64 encoding --- lib/zanzibar.rb | 2 +- spec/lib/zanzibar_spec.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/zanzibar.rb b/lib/zanzibar.rb index 2faab8e..39d6f73 100644 --- a/lib/zanzibar.rb +++ b/lib/zanzibar.rb @@ -139,7 +139,7 @@ module Zanzibar ## Write the password to a file. Intended for use with a Zanzifile def save_password_to_file(password, path, name) File.open(File.join(path, name), 'wb') do |file| - file.print Base64.strict_encode64(password) + file.print password end end diff --git a/spec/lib/zanzibar_spec.rb b/spec/lib/zanzibar_spec.rb index 00a4a31..0ac50f3 100644 --- a/spec/lib/zanzibar_spec.rb +++ b/spec/lib/zanzibar_spec.rb @@ -111,7 +111,7 @@ describe 'Zanzibar Test' do client.get_password_and_save(1234, '.', 'zanziTestPassword') expect(File.exist? 'zanziTestPassword') - expect(File.read('zanziTestPassword')).to eq(Base64.strict_encode64('zanziUserPassword')) + expect(File.read('zanziTestPassword')).to eq('zanziUserPassword') File.delete('zanziTestPassword') end From 2ee47c2210ea1d48eebbe83d6dbe8935e2857bca Mon Sep 17 00:00:00 2001 From: Jason Davis-Cooke Date: Thu, 26 Feb 2015 11:53:48 -0500 Subject: [PATCH 5/6] Save username and password to a Normariffic yaml file --- lib/zanzibar.rb | 14 +++++++++----- lib/zanzibar/actions/bundle.rb | 2 +- spec/lib/zanzibar_spec.rb | 10 +++++----- 3 files changed, 15 insertions(+), 11 deletions(-) diff --git a/lib/zanzibar.rb b/lib/zanzibar.rb index 39d6f73..f8886bd 100644 --- a/lib/zanzibar.rb +++ b/lib/zanzibar.rb @@ -2,6 +2,7 @@ require 'zanzibar/version' require 'savon' require 'io/console' require 'fileutils' +require 'yaml' module Zanzibar ## @@ -124,9 +125,11 @@ module Zanzibar end ## Get the password, save it to a file, and return the path to the file. - def get_password_and_save(scrt_id, path, name) - password = get_password(scrt_id) - save_password_to_file(password, path, name) + def get_username_and_password_and_save(scrt_id, path, name) + secret_items = get_secret(scrt_id)[:secret][:items][:secret_item] + password = get_secret_item_by_field_name(secret_items, 'Password')[:value] + username = get_secret_item_by_field_name(secret_items, 'Username')[:value] + save_username_and_password_to_file(password, username, path, name) return File.join(path, name) end @@ -137,9 +140,10 @@ module Zanzibar end ## Write the password to a file. Intended for use with a Zanzifile - def save_password_to_file(password, path, name) + def save_username_and_password_to_file(password, username, path, name) + user_pass = {'username' => username.to_s, 'password' => password.to_s}.to_yaml File.open(File.join(path, name), 'wb') do |file| - file.print password + file.print user_pass end end diff --git a/lib/zanzibar/actions/bundle.rb b/lib/zanzibar/actions/bundle.rb index 4ef1f81..ef64c56 100644 --- a/lib/zanzibar/actions/bundle.rb +++ b/lib/zanzibar/actions/bundle.rb @@ -99,7 +99,7 @@ module Zanzibar def download_one_secret(scrt_id, label, path, args, name = nil) if label == 'Password' - path = zanzibar(args).get_password_and_save(scrt_id, path, name) + path = zanzibar(args).get_username_and_password_and_save(scrt_id, path, name) { path: path, hash: Digest::MD5.file(path).hexdigest } else path = zanzibar(args).download_secret_file(scrt_id: scrt_id, diff --git a/spec/lib/zanzibar_spec.rb b/spec/lib/zanzibar_spec.rb index 0ac50f3..fd7c43d 100644 --- a/spec/lib/zanzibar_spec.rb +++ b/spec/lib/zanzibar_spec.rb @@ -104,15 +104,15 @@ describe 'Zanzibar Test' do File.delete('attachment.txt') end - it 'should save a password to a file' do + it 'should save credentials to a file' do stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx') .to_return(body: AUTH_XML, status: 200).then .to_return(body: SECRET_XML, status: 200) - client.get_password_and_save(1234, '.', 'zanziTestPassword') - expect(File.exist? 'zanziTestPassword') - expect(File.read('zanziTestPassword')).to eq('zanziUserPassword') - File.delete('zanziTestPassword') + client.get_username_and_password_and_save(1234, '.', 'zanziTestCreds') + expect(File.exist? 'zanziTestCreds') + expect(File.read('zanziTestCreds')).to eq({'username' => 'ZanziUser', 'password' => 'zanziUserPassword'}.to_yaml) + File.delete('zanziTestCreds') end it 'should use environment variables for credentials' do From 3969d508f85580ff02fdb076e6f58f5adf5708d8 Mon Sep 17 00:00:00 2001 From: Jason Davis-Cooke Date: Thu, 26 Feb 2015 13:46:32 -0500 Subject: [PATCH 6/6] version bump --- lib/zanzibar/version.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/zanzibar/version.rb b/lib/zanzibar/version.rb index f264a1d..8eac486 100644 --- a/lib/zanzibar/version.rb +++ b/lib/zanzibar/version.rb @@ -1,4 +1,4 @@ # The version of the gem module Zanzibar - VERSION = '0.1.16' + VERSION = '0.1.17' end