version

Get fieldlabel value

.travis.yml

@@ -1,7 +1,10 @@
+sudo: false
 language: ruby
 rvm:
   - 1.9.3
   - 2.0.0
+  - 2.1.7
+  - 2.2.3
 addons:
   code_climate:
     repo_token:

README.md

@@ -98,6 +98,8 @@ When it downloads a file, it gets added to `Zanzifile.resolved`. And next time
 `resolved` file, it will not attempt to re-download. `zanzibar update` will attempt
 to re-download all secrets.
 
+Subdirectories under the root directory `secret_dir` can be created for individual keys by specifying a `prefix` path for that secret. Secrets will default to be downloaded to the root `secret_dir` directory otherwise. 
+
 Note: `zanzibar get` can fetch passwords or files, but `zanzibar bundle` can
 only operate on secret files.
 
@@ -106,7 +108,7 @@ Sample `Zanzifile`:
 ```yaml
 ---
 settings:
-  wsdl: my.scrt.srvr.com/webservices/sswebservice.asmx?wdsl
+  wsdl: my.scrt.srvr.com/webservices/sswebservice.asmx?wsdl
   domain: my.domain.net
   secret_dir: secrets/
   ignore_ssl: true
@@ -114,6 +116,7 @@ secrets:
   ssh_key:
     id: 249
     label: Private Key
+    prefix: ssh/
   encryption_key:
     id: 483
     label: Attachment

lib/zanzibar.rb

@@ -2,6 +2,7 @@ require 'zanzibar/version'
 require 'savon'
 require 'io/console'
 require 'fileutils'
+require 'yaml'
 
 module Zanzibar
   ##
@@ -65,7 +66,9 @@ module Zanzibar
 
     def prompt_for_password
       puts "Please enter password for #{@@username}:"
-      STDIN.noecho(&:gets).chomp
+      STDIN.noecho(&:gets).chomp.tap do
+        puts "Using password to login..."
+      end
     end
 
     ## Gets the wsdl document location if none is provided in the constructor
@@ -110,17 +113,34 @@ module Zanzibar
       raise "There was an error getting the secret with id #{scrt_id}: #{err}"
     end
 
-    ## Retrieve a simple password from a secret
+    ## Retrieve the value from a field label of a secret
     # Will raise an error if there are any issues
     # @param [Integer] the secret id
-    # @return [String] the password for the given secret
+    # @param [String] the field label to get, defaults to Password
-
+    # @return [String] the value for the given field label
-    def get_password(scrt_id)
+    def get_fieldlabel_value(scrt_id, fieldlabel = 'Password')
       secret = get_secret(scrt_id)
       secret_items = secret[:secret][:items][:secret_item]
-      return get_secret_item_by_field_name(secret_items, 'Password')[:value]
+      return get_secret_item_by_field_name(secret_items, fieldlabel)[:value]
     rescue Savon::Error => err
-      raise "There was an error getting the password for secret #{scrt_id}: #{err}"
+      raise "There was an error getting '#{fieldlabel}' for secret #{scrt_id}: #{err}"
+    end
+
+    ## Retrieve a simple password from a secret
+    # Calls get get_fieldlabel_value()
+    # @param [Integer] the secret id
+    # @return [String] the password for the given secret
+    def get_password(scrt_id)
+      return get_fieldlabel_value(scrt_id)
+    end
+
+    ## Get the password, save it to a file, and return the path to the file.
+    def get_username_and_password_and_save(scrt_id, path, name)
+      secret_items = get_secret(scrt_id)[:secret][:items][:secret_item]
+      password = get_secret_item_by_field_name(secret_items, 'Password')[:value]
+      username = get_secret_item_by_field_name(secret_items, 'Username')[:value]
+      save_username_and_password_to_file(password, username, path, name)
+      return File.join(path, name)
     end
 
     def write_secret_to_file(path, secret_response)
@@ -129,6 +149,14 @@ module Zanzibar
       end
     end
 
+    ## Write the password to a file. Intended for use with a Zanzifile
+    def save_username_and_password_to_file(password, username, path, name)
+      user_pass = {'username' => username.to_s, 'password' => password.to_s}.to_yaml
+      File.open(File.join(path, name), 'wb') do |file|
+        file.print user_pass
+      end
+    end
+
     def get_secret_item_by_field_name(secret_items, field_name)
       secret_items.each do |item|
         return item if item[:field_name] == field_name

lib/zanzibar/actions/bundle.rb

@@ -20,6 +20,7 @@ module Zanzibar
       def run
         ensure_zanzifile
         load_required_secrets
+        ensure_secrets_path
         validate_environment
         load_resolved_secrets if resolved_file?
         validate_local_secrets unless @update
@@ -42,6 +43,19 @@ module Zanzibar
         debug { "#{ZANZIFILE_NAME} located..." }
       end
 
+      def ensure_secrets_path
+        ## Make sure the directory exists and that a .gitignore is there to ignore it
+        if @settings['secret_dir']
+          FileUtils.mkdir_p(@settings['secret_dir'])
+          if !File.exist? "#{@settings['secret_dir']}/.gitignore"
+            File.open("#{@settings['secret_dir']}/.gitignore", 'w') do |file|
+              file.puts '*'
+              file.puts '!.gitignore'
+            end
+          end
+        end
+      end
+
       def resolved_file?
         File.exist? RESOLVED_NAME
       end
@@ -80,24 +94,30 @@ module Zanzibar
 
         downloaded_secrets = {}
         remote_secrets.each do |key, secret|
+          full_path = secret.has_key?('prefix') ? File.join(@settings['secret_dir'], secret['prefix']) : @settings['secret_dir']
           downloaded_secrets[key] = download_one_secret(secret['id'],
                                                         secret['label'],
-                                                        @settings['secret_dir'],
+                                                        full_path,
-                                                        args)
+                                                        args,
+                                                        secret['name'] || "#{secret['id']}_password")
 
-          debug { "Downloaded secret: #{key} to #{path}..." }
+          debug { "Downloaded secret: #{key} to #{@settings['secret_dir']}..." }
         end
 
         downloaded_secrets
       end
 
-      def download_one_secret(scrt_id, label, path, args)
+      def download_one_secret(scrt_id, label, path, args, name = nil)
+        if label == 'Password'
+          path = zanzibar(args).get_username_and_password_and_save(scrt_id, path, name)
+          { path: path, hash: Digest::MD5.file(path).hexdigest }
+        else
           path = zanzibar(args).download_secret_file(scrt_id: scrt_id,
                                                    type: label,
                                                    path: path)
-
           { path: path, hash: Digest::MD5.file(path).hexdigest }
         end
+      end
 
       def update_resolved_file(new_secrets)
         @local_secrets.merge! new_secrets

lib/zanzibar/actions/get.rb

@@ -20,20 +20,19 @@ module Zanzibar
         construct_options
         ensure_options
 
-        fetch_secret(@scrt_id, options['filelabel'])
+        fetch_secret(@scrt_id)
       end
 
-      def fetch_secret(scrt_id, label = nil)
+      def fetch_secret(scrt_id)
         scrt = ::Zanzibar::Zanzibar.new(@zanzibar_options)
 
-        puts @zanzibar_options
+        if @zanzibar_options[:filelabel]
-
-        if label
           scrt.download_secret_file(scrt_id: scrt_id,
-                                    type: label)
+                                    type: @zanzibar_options[:filelabel])
         else
-          scrt.get_password(scrt_id)
+          scrt.get_fieldlabel_value(scrt_id, @zanzibar_options[:fieldlabel])
         end
+
       end
 
       def construct_options
@@ -42,6 +41,8 @@ module Zanzibar
         @zanzibar_options[:domain] = options['domain']
         @zanzibar_options[:username] = options['username'] unless options['username'].nil?
         @zanzibar_options[:domain] = options['domain'] ? options['domain'] : 'local'
+        @zanzibar_options[:fieldlabel] = options['fieldlabel'] || 'Password'
+        @zanzibar_options[:filelabel] = options['filelabel'] if options['filelabel']
       end
 
       def construct_wsdl

lib/zanzibar/cli.rb

@@ -53,6 +53,7 @@ module Zanzibar
     end
 
     desc 'plunder', "Alias to `#{APPLICATION_NAME} bundle`", :hide => true
+    option 'verbose', type: :boolean, default: false, aliases: :v
     alias_method :plunder, :bundle
 
     desc 'install', "Alias to `#{APPLICATION_NAME} bundle`"
@@ -75,6 +76,8 @@ module Zanzibar
                         desc: 'Don\'t verify Secret Server\'s SSL certificate'
     option 'filelabel', type: :string, aliases: :f,
                         desc: 'Specify a file (by label) to download'
+    option 'fieldlabel', type: :string, aliases: :l,
+                         desc: 'Specify a field (by label) to get'
     option 'username', type: :string, aliases: :u
     option 'password', type: :string, aliases: :p
     def get(scrt_id)

lib/zanzibar/version.rb

@@ -1,4 +1,4 @@
 # The version of the gem
 module Zanzibar
-  VERSION = '0.1.16'
+  VERSION = '0.1.27'
 end

spec/files/Zanzifile

@@ -4,8 +4,11 @@ settings:
   domain: zanzitest.net
   secret_dir: secrets/
   ignore_ssl: true
-secrets:
 secrets:
   ssh_key:
     id: 2345
     label: Private Key
+  prefix_ssh_key:
+    id: 2345
+    label: Private Key
+    prefix: ssh/

spec/lib/zanzibar/actions/bundle_spec.rb

@@ -24,9 +24,12 @@ describe Zanzibar::Cli do
         FakeFS::FileSystem.clone files
 
         stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
-          .to_return(body: AUTH_XML, status: 200).then
+          .to_return({body: AUTH_XML, status: 200}).then
-          .to_return(body: SECRET_WITH_KEY_XML, status: 200).then
+          .to_return({body: SECRET_WITH_KEY_XML, status: 200}).then
-          .to_return(body: PRIVATE_KEY_XML, status: 200)
+          .to_return({body: PRIVATE_KEY_XML, status: 200}).then
+          .to_return({body: AUTH_XML, status: 200}).then
+          .to_return({body: SECRET_WITH_KEY_XML, status: 200}).then
+          .to_return({body: PRIVATE_KEY_XML, status: 200})
 
         Dir.chdir File.join(source_root, 'spec', 'files')
       end
@@ -50,6 +53,18 @@ describe Zanzibar::Cli do
         expect(FakeFS::FileTest.file? File.join('secrets', 'zanzi_key')).to be(true)
       end
 
+      it 'should download a file to a prefix' do
+        expect(FakeFS::FileTest.file? File.join('secrets/ssh', 'zanzi_key')).to be(false)
+        expect { subject.bundle }.to output(/Finished downloading secrets/).to_stdout
+        expect(FakeFS::FileTest.file? File.join('secrets/ssh', 'zanzi_key')).to be(true)
+      end
+
+      it 'should create a .gitignore' do
+        expect(FakeFS::FileTest.file? File.join('secrets', '.gitignore')).to be(false)
+        expect { subject.bundle }.to output(/Finished downloading secrets/).to_stdout
+        expect(FakeFS::FileTest.file? File.join('secrets', '.gitignore')).to be(true)
+      end
+
       it 'should create a resolved file' do
         expect(FakeFS::FileTest.file? Zanzibar::RESOLVED_NAME).to be(false)
         expect { subject.bundle }.to output(/Finished downloading secrets/).to_stdout
@@ -58,7 +73,7 @@ describe Zanzibar::Cli do
 
       it 'should not redownload files it already has' do
         expect { subject.bundle }.to output(/Finished downloading secrets/).to_stdout
-        expect(WebMock).to have_requested(:post, 'https://www.zanzitest.net/webservices/sswebservice.asmx').times(3)
+        expect(WebMock).to have_requested(:post, 'https://www.zanzitest.net/webservices/sswebservice.asmx').times(6)
 
         WebMock.reset!
 
@@ -68,16 +83,19 @@ describe Zanzibar::Cli do
 
       it 'should redownload on update action' do
         expect { subject.bundle }.to output(/Finished downloading secrets/).to_stdout
-        expect(WebMock).to have_requested(:post, 'https://www.zanzitest.net/webservices/sswebservice.asmx').times(3)
+        expect(WebMock).to have_requested(:post, 'https://www.zanzitest.net/webservices/sswebservice.asmx').times(6)
 
         WebMock.reset!
         stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
+          .to_return({body: AUTH_XML, status: 200}).then
+          .to_return({body: SECRET_WITH_KEY_XML, status: 200}).then
+          .to_return({body: PRIVATE_KEY_XML, status: 200}).then
           .to_return(body: AUTH_XML, status: 200).then
           .to_return(body: SECRET_WITH_KEY_XML, status: 200).then
           .to_return(body: PRIVATE_KEY_XML, status: 200)
 
         expect { subject.update }.to output(/Finished downloading secrets/).to_stdout
-        expect(WebMock).to have_requested(:post, 'https://www.zanzitest.net/webservices/sswebservice.asmx').times(3)
+        expect(WebMock).to have_requested(:post, 'https://www.zanzitest.net/webservices/sswebservice.asmx').times(6)
       end
 
       it 'should reject a malformed Zanzifile' do

spec/lib/zanzibar/actions/get_spec.rb

@@ -47,6 +47,11 @@ describe Zanzibar::Cli do
       expect { subject.get(1234) }.to raise_error.with_message(/#{Zanzibar::NO_WSDL_ERROR}/)
     end
 
+    it 'should be able to get a field value' do
+      subject.options = { 'domain' => 'zanzitest.net', 'wsdl' => 'scrt.wsdl', 'fieldlabel' => 'Username' }
+      expect { subject.get(1234) }.to output(/ZanziUser/).to_stdout
+    end
+
     it 'should be able to download files' do
       WebMock.reset!
       stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')

spec/lib/zanzibar_spec.rb

@@ -104,6 +104,17 @@ describe 'Zanzibar Test' do
     File.delete('attachment.txt')
   end
 
+  it 'should save credentials to a file' do
+    stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
+      .to_return(body: AUTH_XML, status: 200).then
+      .to_return(body: SECRET_XML, status: 200)
+
+      client.get_username_and_password_and_save(1234, '.', 'zanziTestCreds')
+      expect(File.exist? 'zanziTestCreds')
+      expect(File.read('zanziTestCreds')).to eq({'username' => 'ZanziUser', 'password' => 'zanziUserPassword'}.to_yaml)
+      File.delete('zanziTestCreds')
+  end
+
   it 'should use environment variables for credentials' do
     ENV['ZANZIBAR_USER'] = 'environment_user'
     ENV['ZANZIBAR_PASSWORD'] = 'environment_password'

zanzibar.gemspec

@@ -28,7 +28,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'fakefs', '~> 0.6.4'
   spec.add_development_dependency 'simplecov', '~> 0.9.1'
 
-  spec.add_runtime_dependency 'savon', '~> 2.8.0'
+  spec.add_runtime_dependency 'savon', '~> 2.10.0'
   spec.add_runtime_dependency 'rubyntlm', '~> 0.4.0'
   spec.add_runtime_dependency 'thor', '~> 0.19.0'
 end