From ed496bd41639ff0e3e52ddeb6aeb47382be643f1 Mon Sep 17 00:00:00 2001 From: Jason Davis-Cooke Date: Wed, 25 Feb 2015 14:28:43 -0500 Subject: [PATCH] Save zanzifile passwords to file --- lib/zanzibar.rb | 16 +++++++++++++++- lib/zanzibar/actions/bundle.rb | 23 +++++++++++++++++------ lib/zanzibar/cli.rb | 1 + 3 files changed, 33 insertions(+), 7 deletions(-) diff --git a/lib/zanzibar.rb b/lib/zanzibar.rb index 8a2f2ae..7a040a9 100644 --- a/lib/zanzibar.rb +++ b/lib/zanzibar.rb @@ -110,7 +110,7 @@ module Zanzibar raise "There was an error getting the secret with id #{scrt_id}: #{err}" end - ## Retrieve a simple password from a secret + ## Retrieve a simple password from a secret, and save it to a file if requested # Will raise an error if there are any issues # @param [Integer] the secret id # @return [String] the password for the given secret @@ -123,12 +123,26 @@ module Zanzibar raise "There was an error getting the password for secret #{scrt_id}: #{err}" end + ## Get the password, save it to a file, and return the path to the file. + def get_password_and_save(scrt_id, path, name) + password = get_password(scrt_id) + save_password_to_file(password, path, name) + return File.join(path, name) + end + def write_secret_to_file(path, secret_response) File.open(File.join(path, secret_response[:file_name]), 'wb') do |file| file.puts Base64.decode64(secret_response[:file_attachment]) end end + ## Write the password to a file. Intended for use with a Zanzifile + def save_password_to_file(password, path, name) + File.open(File.join(path, name), 'wb') do |file| + file.puts password + end + end + def get_secret_item_by_field_name(secret_items, field_name) secret_items.each do |item| return item if item[:field_name] == field_name diff --git a/lib/zanzibar/actions/bundle.rb b/lib/zanzibar/actions/bundle.rb index 082d897..998c239 100644 --- a/lib/zanzibar/actions/bundle.rb +++ b/lib/zanzibar/actions/bundle.rb @@ -20,6 +20,7 @@ module Zanzibar def run ensure_zanzifile load_required_secrets + ensure_secrets_path validate_environment load_resolved_secrets if resolved_file? validate_local_secrets unless @update @@ -42,6 +43,10 @@ module Zanzibar debug { "#{ZANZIFILE_NAME} located..." } end + def ensure_secrets_path + FileUtils.mkdir_p(@settings['secret_dir']) + end + def resolved_file? File.exist? RESOLVED_NAME end @@ -80,23 +85,29 @@ module Zanzibar downloaded_secrets = {} remote_secrets.each do |key, secret| + puts "Downloading #{key} - #{secret['id']}" downloaded_secrets[key] = download_one_secret(secret['id'], secret['label'], @settings['secret_dir'], - args) + args, + secret['name'] || "#{secret['id']}_password") - debug { "Downloaded secret: #{key} to #{path}..." } + debug { "Downloaded secret: #{key} to #{secret['path']}..." } end downloaded_secrets end - def download_one_secret(scrt_id, label, path, args) - path = zanzibar(args).download_secret_file(scrt_id: scrt_id, + def download_one_secret(scrt_id, label, path, args, name = nil) + if label == 'Password' + path = zanzibar(args).get_password_and_save(scrt_id, path, name) + { path: path, hash: Digest::MD5.file(path).hexdigest } + else + path = zanzibar(args).download_secret_file(scrt_id: scrt_id, type: label, path: path) - - { path: path, hash: Digest::MD5.file(path).hexdigest } + { path: path, hash: Digest::MD5.file(path).hexdigest } + end end def update_resolved_file(new_secrets) diff --git a/lib/zanzibar/cli.rb b/lib/zanzibar/cli.rb index 890d645..61d4942 100644 --- a/lib/zanzibar/cli.rb +++ b/lib/zanzibar/cli.rb @@ -53,6 +53,7 @@ module Zanzibar end desc 'plunder', "Alias to `#{APPLICATION_NAME} bundle`", :hide => true + option 'verbose', type: :boolean, default: false, aliases: :v alias_method :plunder, :bundle desc 'install', "Alias to `#{APPLICATION_NAME} bundle`"