TerribleDev/zanzibar
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: TerribleDev:0.1.16
Branches Tags
TerribleDev:master
TerribleDev:v0.2.0 TerribleDev:v0.1.27 TerribleDev:v0.1.24 TerribleDev:v0.1.23 TerribleDev:v0.1.22 TerribleDev:v0.1.21 TerribleDev:0.1.20 TerribleDev:0.1.19 TerribleDev:0.1.18 TerribleDev:0.1.17 TerribleDev:0.1.16 TerribleDev:0.1.15 TerribleDev:0.1.13 TerribleDev:0.1.12 TerribleDev:0.1.11 TerribleDev:0.1.10 TerribleDev:0.1.9 TerribleDev:v0.0.8
..
compare: TerribleDev:v0.1.21
Branches Tags
TerribleDev:master
TerribleDev:v0.2.0 TerribleDev:v0.1.27 TerribleDev:v0.1.24 TerribleDev:v0.1.23 TerribleDev:v0.1.22 TerribleDev:v0.1.21 TerribleDev:0.1.20 TerribleDev:0.1.19 TerribleDev:0.1.18 TerribleDev:0.1.17 TerribleDev:0.1.16 TerribleDev:0.1.15 TerribleDev:0.1.13 TerribleDev:0.1.12 TerribleDev:0.1.11 TerribleDev:0.1.10 TerribleDev:0.1.9 TerribleDev:v0.0.8

23 Commits
0.1.16 ... v0.1.21

Author SHA1 Message Date
Norm MacLennan
49ea9ab9fa version bump 2015-07-28 10:22:00 -04:00
Norm MacLennan
60e0d52ab4 Merge pull request #12 from thedillonb/patch-1 
Update get.rb to remove 'puts'
 2015-07-28 10:21:34 -04:00
Dillon Buchanan
e3ec56210b Update get.rb to remove 'puts' 
Remove the 'puts' dump of the options as it makes piping the output more difficult. Maybe better to add a verbosity flag and debug prints?
 2015-07-28 08:55:54 -04:00
Jason Davis-Cooke
315d3d6499 don't write gitignore if one exists already 2015-06-29 08:50:13 -04:00
Calvin Leung Huang
0763265be1 Update README.md 2015-06-05 11:19:08 -04:00
Jason Davis-Cooke
8126deded5 Version bump 2015-06-05 10:00:37 -04:00
Jason Davis-Cooke
60545c5b7b Merge pull request #10 from Cimpress-MCP/feature/prefix_dir 
Feature/prefix dir
 2015-06-05 09:59:28 -04:00
Calvin Leung Huang
8b06192aa1 Update test 2015-06-04 14:55:00 -04:00
Calvin Leung Huang
244b9178b8 Add optional prefix option 2015-06-04 13:05:22 -04:00
Jason Davis-Cooke
4951f13e4f version bump 2015-06-03 16:42:16 -04:00
Ryan Breen
3e2c07defc Merge pull request #8 from Cimpress-MCP/addgitignore 
Add a gitignore to secrets_dir
 2015-06-03 16:33:29 -04:00
Jason Davis-Cooke
73b939808e Update bundle.rb 
we need to puts so we get the requisite newlines
 2015-06-03 16:27:03 -04:00
Jason Davis-Cooke
867e14214c Update bundle.rb 
*, not .
 2015-06-03 16:26:19 -04:00
Jason Davis-Cooke
ff99246b46 Update bundle.rb 
Don't gitignore the gitignore
 2015-06-03 16:24:40 -04:00
Jason Davis-Cooke
e6ec5e6dbd Add a gitignore to secrets_dir 2015-06-03 16:16:56 -04:00
Norm MacLennan
85b8c66d3d readme - wdsl->wsdl 2015-05-19 21:53:45 -04:00
Jason Davis-Cooke
e0e5bfd276 Merge pull request #6 from Cimpress-MCP/savepasswords 
Savepasswords
 2015-02-26 19:00:35 +00:00
Jason Davis-Cooke
3969d508f8 version bump 2015-02-26 13:46:32 -05:00
Jason Davis-Cooke
2ee47c2210 Save username and password to a Normariffic yaml file 2015-02-26 11:53:48 -05:00
Jason Davis-Cooke
8778c7b27d remove base64 encoding 2015-02-26 09:35:09 -05:00
Jason Davis-Cooke
431c86bb0e remove incorrect code documentation 2015-02-26 08:57:47 -05:00
Jason Davis-Cooke
179fa24ab9 Save zanzifile passwords to disk 2015-02-26 08:56:43 -05:00
Jason Davis-Cooke
ed496bd416 Save zanzifile passwords to file 2015-02-25 14:28:43 -05:00
9 changed files with 90 additions and 18 deletions
Expand all files Collapse all files

5
README.md
View File

@@ -98,6 +98,8 @@ When it downloads a file, it gets added to `Zanzifile.resolved`. And next time
`resolved` file, it will not attempt to re-download. `zanzibar update` will attempt
to re-download all secrets.
Subdirectories under the root directory `secret_dir` can be created for individual keys by specifying a `prefix` path for that secret. Secrets will default to be downloaded to the root `secret_dir` directory otherwise.
Note: `zanzibar get` can fetch passwords or files, but `zanzibar bundle` can
only operate on secret files.
@@ -106,7 +108,7 @@ Sample `Zanzifile`:
```yaml
---
settings:
wsdl: my.scrt.srvr.com/webservices/sswebservice.asmx?wdsl
wsdl: my.scrt.srvr.com/webservices/sswebservice.asmx?wsdl
domain: my.domain.net
secret_dir: secrets/
ignore_ssl: true
@@ -114,6 +116,7 @@ secrets:
ssh_key:
id: 249
label: Private Key
prefix: ssh/
encryption_key:
id: 483
label: Attachment

18
lib/zanzibar.rb
View File

@@ -2,6 +2,7 @@ require 'zanzibar/version'
require 'savon'
require 'io/console'
require 'fileutils'
require 'yaml'
module Zanzibar
##
@@ -123,12 +124,29 @@ module Zanzibar
raise "There was an error getting the password for secret #{scrt_id}: #{err}"
end
## Get the password, save it to a file, and return the path to the file.
def get_username_and_password_and_save(scrt_id, path, name)
secret_items = get_secret(scrt_id)[:secret][:items][:secret_item]
password = get_secret_item_by_field_name(secret_items, 'Password')[:value]
username = get_secret_item_by_field_name(secret_items, 'Username')[:value]
save_username_and_password_to_file(password, username, path, name)
return File.join(path, name)
end
def write_secret_to_file(path, secret_response)
File.open(File.join(path, secret_response[:file_name]), 'wb') do |file|
file.puts Base64.decode64(secret_response[:file_attachment])
end
end
## Write the password to a file. Intended for use with a Zanzifile
def save_username_and_password_to_file(password, username, path, name)
user_pass = {'username' => username.to_s, 'password' => password.to_s}.to_yaml
File.open(File.join(path, name), 'wb') do |file|
file.print user_pass
end
end
def get_secret_item_by_field_name(secret_items, field_name)
secret_items.each do |item|
return item if item[:field_name] == field_name

34
lib/zanzibar/actions/bundle.rb
View File

@@ -20,6 +20,7 @@ module Zanzibar
def run
ensure_zanzifile
load_required_secrets
ensure_secrets_path
validate_environment
load_resolved_secrets if resolved_file?
validate_local_secrets unless @update
@@ -42,6 +43,19 @@ module Zanzibar
debug { "#{ZANZIFILE_NAME} located..." }
end
def ensure_secrets_path
## Make sure the directory exists and that a .gitignore is there to ignore it
if @settings['secret_dir']
FileUtils.mkdir_p(@settings['secret_dir'])
if !File.exist? "#{@settings['secret_dir']}/.gitignore"
File.open("#{@settings['secret_dir']}/.gitignore", 'w') do |file|
file.puts '*'
file.puts '!.gitignore'
end
end
end
end
def resolved_file?
File.exist? RESOLVED_NAME
end
@@ -80,23 +94,29 @@ module Zanzibar
downloaded_secrets = {}
remote_secrets.each do |key, secret|
full_path = secret.has_key?('prefix') ? File.join(@settings['secret_dir'], secret['prefix']) : @settings['secret_dir']
downloaded_secrets[key] = download_one_secret(secret['id'],
secret['label'],
@settings['secret_dir'],
args)
full_path,
args,
secret['name'] || "#{secret['id']}_password")
debug { "Downloaded secret: #{key} to #{path}..." }
debug { "Downloaded secret: #{key} to #{@settings['secret_dir']}..." }
end
downloaded_secrets
end
def download_one_secret(scrt_id, label, path, args)
path = zanzibar(args).download_secret_file(scrt_id: scrt_id,
def download_one_secret(scrt_id, label, path, args, name = nil)
if label == 'Password'
path = zanzibar(args).get_username_and_password_and_save(scrt_id, path, name)
{ path: path, hash: Digest::MD5.file(path).hexdigest }
else
path = zanzibar(args).download_secret_file(scrt_id: scrt_id,
type: label,
path: path)
{ path: path, hash: Digest::MD5.file(path).hexdigest }
{ path: path, hash: Digest::MD5.file(path).hexdigest }
end
end
def update_resolved_file(new_secrets)

2
lib/zanzibar/actions/get.rb
View File

@@ -26,8 +26,6 @@ module Zanzibar
def fetch_secret(scrt_id, label = nil)
scrt = ::Zanzibar::Zanzibar.new(@zanzibar_options)
puts @zanzibar_options
if label
scrt.download_secret_file(scrt_id: scrt_id,
type: label)

1
lib/zanzibar/cli.rb
View File

@@ -53,6 +53,7 @@ module Zanzibar
end
desc 'plunder', "Alias to `#{APPLICATION_NAME} bundle`", :hide => true
option 'verbose', type: :boolean, default: false, aliases: :v
alias_method :plunder, :bundle
desc 'install', "Alias to `#{APPLICATION_NAME} bundle`"

2
lib/zanzibar/version.rb
View File

@@ -1,4 +1,4 @@
# The version of the gem
module Zanzibar
VERSION = '0.1.16'
VERSION = '0.1.21'
end

5
spec/files/Zanzifile
View File

@@ -4,8 +4,11 @@ settings:
domain: zanzitest.net
secret_dir: secrets/
ignore_ssl: true
secrets:
secrets:
ssh_key:
id: 2345
label: Private Key
prefix_ssh_key:
id: 2345
label: Private Key
prefix: ssh/

30
spec/lib/zanzibar/actions/bundle_spec.rb
View File

@@ -24,9 +24,12 @@ describe Zanzibar::Cli do
FakeFS::FileSystem.clone files
stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
.to_return(body: AUTH_XML, status: 200).then
.to_return(body: SECRET_WITH_KEY_XML, status: 200).then
.to_return(body: PRIVATE_KEY_XML, status: 200)
.to_return({body: AUTH_XML, status: 200}).then
.to_return({body: SECRET_WITH_KEY_XML, status: 200}).then
.to_return({body: PRIVATE_KEY_XML, status: 200}).then
.to_return({body: AUTH_XML, status: 200}).then
.to_return({body: SECRET_WITH_KEY_XML, status: 200}).then
.to_return({body: PRIVATE_KEY_XML, status: 200})
Dir.chdir File.join(source_root, 'spec', 'files')
end
@@ -50,6 +53,18 @@ describe Zanzibar::Cli do
expect(FakeFS::FileTest.file? File.join('secrets', 'zanzi_key')).to be(true)
end
it 'should download a file to a prefix' do
expect(FakeFS::FileTest.file? File.join('secrets/ssh', 'zanzi_key')).to be(false)
expect { subject.bundle }.to output(/Finished downloading secrets/).to_stdout
expect(FakeFS::FileTest.file? File.join('secrets/ssh', 'zanzi_key')).to be(true)
end
it 'should create a .gitignore' do
expect(FakeFS::FileTest.file? File.join('secrets', '.gitignore')).to be(false)
expect { subject.bundle }.to output(/Finished downloading secrets/).to_stdout
expect(FakeFS::FileTest.file? File.join('secrets', '.gitignore')).to be(true)
end
it 'should create a resolved file' do
expect(FakeFS::FileTest.file? Zanzibar::RESOLVED_NAME).to be(false)
expect { subject.bundle }.to output(/Finished downloading secrets/).to_stdout
@@ -58,7 +73,7 @@ describe Zanzibar::Cli do
it 'should not redownload files it already has' do
expect { subject.bundle }.to output(/Finished downloading secrets/).to_stdout
expect(WebMock).to have_requested(:post, 'https://www.zanzitest.net/webservices/sswebservice.asmx').times(3)
expect(WebMock).to have_requested(:post, 'https://www.zanzitest.net/webservices/sswebservice.asmx').times(6)
WebMock.reset!
@@ -68,16 +83,19 @@ describe Zanzibar::Cli do
it 'should redownload on update action' do
expect { subject.bundle }.to output(/Finished downloading secrets/).to_stdout
expect(WebMock).to have_requested(:post, 'https://www.zanzitest.net/webservices/sswebservice.asmx').times(3)
expect(WebMock).to have_requested(:post, 'https://www.zanzitest.net/webservices/sswebservice.asmx').times(6)
WebMock.reset!
stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
.to_return({body: AUTH_XML, status: 200}).then
.to_return({body: SECRET_WITH_KEY_XML, status: 200}).then
.to_return({body: PRIVATE_KEY_XML, status: 200}).then
.to_return(body: AUTH_XML, status: 200).then
.to_return(body: SECRET_WITH_KEY_XML, status: 200).then
.to_return(body: PRIVATE_KEY_XML, status: 200)
expect { subject.update }.to output(/Finished downloading secrets/).to_stdout
expect(WebMock).to have_requested(:post, 'https://www.zanzitest.net/webservices/sswebservice.asmx').times(3)
expect(WebMock).to have_requested(:post, 'https://www.zanzitest.net/webservices/sswebservice.asmx').times(6)
end
it 'should reject a malformed Zanzifile' do

11
spec/lib/zanzibar_spec.rb
View File

@@ -104,6 +104,17 @@ describe 'Zanzibar Test' do
File.delete('attachment.txt')
end
it 'should save credentials to a file' do
stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
.to_return(body: AUTH_XML, status: 200).then
.to_return(body: SECRET_XML, status: 200)
client.get_username_and_password_and_save(1234, '.', 'zanziTestCreds')
expect(File.exist? 'zanziTestCreds')
expect(File.read('zanziTestCreds')).to eq({'username' => 'ZanziUser', 'password' => 'zanziUserPassword'}.to_yaml)
File.delete('zanziTestCreds')
end
it 'should use environment variables for credentials' do
ENV['ZANZIBAR_USER'] = 'environment_user'
ENV['ZANZIBAR_PASSWORD'] = 'environment_password'