From 9d836f2a6d070894dd1c106bd1dfda359ad87ff1 Mon Sep 17 00:00:00 2001 From: Kilian Engelhardt Date: Fri, 11 Sep 2020 15:29:27 +0200 Subject: [PATCH 01/16] add step-by-step how-to encrypting multiline values; workaround for (#219) --- README.md | 99 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 99 insertions(+) diff --git a/README.md b/README.md index 3e511c9f..adea3690 100644 --- a/README.md +++ b/README.md @@ -187,6 +187,105 @@ file just like any other eyaml string and your done. If the file is rather large, you may wish to use a helper like `xclip` to copy the stdout directly to your clipboard. +### Encrypting multiline values + +Encrypting multiline values has a few extra steps. The following is a step-by-step example showing you how to encrypt multiline values while keeping a valid YAML file. + +- Copy the YAML text below to a file named `multiline_example.eyaml` +``` +--- +accounts::key_sets: + dummy: + private: | + ---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ---- + Comment: "dummy-key-hiera-eyaml-issue-rsa-key-20200911" + P2/56wAAANwAAAA3aWYtbW9kbntzaWdue3JzYS1wa2NzMS1zaGExfSxlbmNyeXB0e3JzYS + 1wa2NzMXYyLW9hZXB9fQAAAARub25lAAAAjQAAAIkAAAAGJQAAAP93ZtrMIRZutZ/SZUyw + JWwyI4YxNvr5tBt9UnSJ7K0+rQAAAQDohO1ykUahsogS+ymM6o9WEmdROJZpWShCqdv8Dj + 2roQAAAIDG1G8hY90Xlz/YiFhDZLLWAAAAgOzMWTfAlHbJ4AdEhG5uU/EAAACA+1/AlcSr + QEPM5xLW0unCsQ== + ---- END SSH2 ENCRYPTED PRIVATE KEY ---- +``` + +- Use `edit` to ... + - prepend `DEC::PKCS7[ ` before the first line, + - remove two whitespaces in front of the multiline value, + - and append `]!` to the last line of the multiline value. + +`eyaml edit multiline_example.eyaml` +``` +--- +accounts::key_sets: + dummy: + private: > + DEC::PKCS7[ ---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ---- + Comment: "dummy-key-hiera-eyaml-issue-rsa-key-20170123" + P2/56wAAANwAAAA3aWYtbW9kbntzaWdue3JzYS1wa2NzMS1zaGExfSxlbmNyeXB0e3JzYS + 1wa2NzMXYyLW9hZXB9fQAAAARub25lAAAAjQAAAIkAAAAGJQAAAP93ZtrMIRZutZ/SZUyw + JWwyI4YxNvr5tBt9UnSJ7K0+rQAAAQDohO1ykUahsogS+ymM6o9WEmdROJZpWShCqdv8Dj + 2roQAAAIDG1G8hY90Xlz/YiFhDZLLWAAAAgOzMWTfAlHbJ4AdEhG5uU/EAAACA+1/AlcSr + QEPM5xLW0unCsQ== + ---- END SSH2 ENCRYPTED PRIVATE KEY ----]! +``` +``` +# resulting encrypted file +--- +accounts::key_sets: + dummy: + private: > + ENC[PKCS7,MIIDTQYJKoZIhvcNAQcDoIIDPjCCAzoCAQAxggEhMIIBHQIBADAFMAACAQEw + DQYJKoZIhvcNAQEBBQAEggEAXH7xB1xuzoMAqA/3jSXO0ZUR6+UCb3DsTTj3 + Lsrcx5oQBnJ/ml7GfBCPxBKfArZunLcnxmSk4hECKXdfgKsVjAa++JQWvtEm + HUNTFqvwd76Ku+nMfI9c8g+X+l6obLjzWfJdg3t6Ja7CJKl8UNFtSmbfYKVi + nZ0xBubgdY4plLAFcZyD5/A/lNFqwb051TRLbZOIRRfLUlRL7RNkKRC59Aog + S5aJXjmqx6vRzFifNK0JFZvYHGD75TiHJ5LFjg4rjgFd43AnK8iNo773ZWP2 + 48Gly5Zx7qVQDCDDi1YBgNFb0NIBQw+kWy7HcPH2REvPnXu/HV2FWvDP3Ond + yr2EbTCCAg4GCSqGSIb3DQEHATAdBglghkgBZQMEASoEEH+CjZJ1gKfaQIrr + N5zef7OAggHgBmRVsfaoiNEOzhmHZ5SxxZztmpBNtLv7mteaSqSL5o0TtKQh + SDgxBhaQmlL51+JM1Jsnvqm57ikZhj7Vtek/vr5DhYhWs0AxttH5rNaw0zKU + 4bMppVu+SNKCtT+2Qw31x/S7gF7yVl+mwmXhq3qAj9ExWRX3d/8/zTuC61Io + f+7O6YUOucZ/m/YPrQnC5v7bDSKlIf1aFaKqukjM3QO8FZlAOHGPvRuWV2Om + QIgxQE6F8r+bTkW3KiVIx5FEIthRZ90VS3tz/2wjj77svddBhlid9ov/0ard + GGVNGsl1BFpLqxC0mpZXz237cL/aM58naqmX52J6YmC0xQM3DNmahWlYx1HV + J/Ogk12pOYPLJB/09OuoHPzKC4WfpB9B7wAC6pghRkO/84cOw6rgSdbzze5W + WMPvo181Y74BSBKhJDdO3lWYmEcDyx4TEsMUlpxd9PBDcOHqf9qHviXrwGzO + oSm2bUV0Fum5ueU+D2vu3mO0yIQ6fwyvDZLBRjfJV7K/PyDz81feWT6+g38t + AC27c0h8wk9b7HYfqG28nZE7F13qrhwCKnOaYLglsmbszNpRrBhfo1IHF6oM + YZRZrnrGQg5qQcxMsLq37RAfRgkY0rRLs78EEAhkf4NDxw0A/ovt] +``` + - *Notice:* Make sure to use four whitespaces after `DEC::PKCS7[`. `eyaml` always prepends two whitespaces ([#219](https://github.com/voxpupuli/hiera-eyaml/issues/219)). + - The number of whitespaces is relative to the values indentation level. Encrypting a value (e.g.) one level higher would require only two whitespaces. +- Edit the encrypted file using (e.g.) `vim` and re-add the two whitespaces. Without them it's not parsed as valid YAML. + +`vim multiline_example.eyaml` +``` +# encrypted file +--- +accounts::key_sets: + dummy: + private: > + ENC[PKCS7,MIIDTQYJKoZIhvcNAQcDoIIDPjCCAzoCAQAxggEhMIIBHQIBADAFMAACAQEw + DQYJKoZIhvcNAQEBBQAEggEAXH7xB1xuzoMAqA/3jSXO0ZUR6+UCb3DsTTj3 + Lsrcx5oQBnJ/ml7GfBCPxBKfArZunLcnxmSk4hECKXdfgKsVjAa++JQWvtEm + HUNTFqvwd76Ku+nMfI9c8g+X+l6obLjzWfJdg3t6Ja7CJKl8UNFtSmbfYKVi + nZ0xBubgdY4plLAFcZyD5/A/lNFqwb051TRLbZOIRRfLUlRL7RNkKRC59Aog + S5aJXjmqx6vRzFifNK0JFZvYHGD75TiHJ5LFjg4rjgFd43AnK8iNo773ZWP2 + 48Gly5Zx7qVQDCDDi1YBgNFb0NIBQw+kWy7HcPH2REvPnXu/HV2FWvDP3Ond + yr2EbTCCAg4GCSqGSIb3DQEHATAdBglghkgBZQMEASoEEH+CjZJ1gKfaQIrr + N5zef7OAggHgBmRVsfaoiNEOzhmHZ5SxxZztmpBNtLv7mteaSqSL5o0TtKQh + SDgxBhaQmlL51+JM1Jsnvqm57ikZhj7Vtek/vr5DhYhWs0AxttH5rNaw0zKU + 4bMppVu+SNKCtT+2Qw31x/S7gF7yVl+mwmXhq3qAj9ExWRX3d/8/zTuC61Io + f+7O6YUOucZ/m/YPrQnC5v7bDSKlIf1aFaKqukjM3QO8FZlAOHGPvRuWV2Om + QIgxQE6F8r+bTkW3KiVIx5FEIthRZ90VS3tz/2wjj77svddBhlid9ov/0ard + GGVNGsl1BFpLqxC0mpZXz237cL/aM58naqmX52J6YmC0xQM3DNmahWlYx1HV + J/Ogk12pOYPLJB/09OuoHPzKC4WfpB9B7wAC6pghRkO/84cOw6rgSdbzze5W + WMPvo181Y74BSBKhJDdO3lWYmEcDyx4TEsMUlpxd9PBDcOHqf9qHviXrwGzO + oSm2bUV0Fum5ueU+D2vu3mO0yIQ6fwyvDZLBRjfJV7K/PyDz81feWT6+g38t + AC27c0h8wk9b7HYfqG28nZE7F13qrhwCKnOaYLglsmbszNpRrBhfo1IHF6oM + YZRZrnrGQg5qQcxMsLq37RAfRgkY0rRLs78EEAhkf4NDxw0A/ovt] +``` +- Test with `eyaml decrypt -f multiline_example.eyaml` and compare the output to the plaintext. + Hiera ----- From e12b945c7299cd59025b5caf967029bce28a4d3c Mon Sep 17 00:00:00 2001 From: Kilian Engelhardt Date: Fri, 11 Sep 2020 16:54:07 +0200 Subject: [PATCH 02/16] update multiline how-to adding hint about output not being valid YAML --- README.md | 88 +++++++++++++++++++++++-------------------------------- 1 file changed, 36 insertions(+), 52 deletions(-) diff --git a/README.md b/README.md index adea3690..061f0c3b 100644 --- a/README.md +++ b/README.md @@ -189,7 +189,7 @@ your clipboard. ### Encrypting multiline values -Encrypting multiline values has a few extra steps. The following is a step-by-step example showing you how to encrypt multiline values while keeping a valid YAML file. +The following step-by-step example shows you how to encrypt multiline values. - Copy the YAML text below to a file named `multiline_example.eyaml` ``` @@ -197,19 +197,20 @@ Encrypting multiline values has a few extra steps. The following is a step-by-st accounts::key_sets: dummy: private: | - ---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ---- - Comment: "dummy-key-hiera-eyaml-issue-rsa-key-20200911" - P2/56wAAANwAAAA3aWYtbW9kbntzaWdue3JzYS1wa2NzMS1zaGExfSxlbmNyeXB0e3JzYS - 1wa2NzMXYyLW9hZXB9fQAAAARub25lAAAAjQAAAIkAAAAGJQAAAP93ZtrMIRZutZ/SZUyw - JWwyI4YxNvr5tBt9UnSJ7K0+rQAAAQDohO1ykUahsogS+ymM6o9WEmdROJZpWShCqdv8Dj - 2roQAAAIDG1G8hY90Xlz/YiFhDZLLWAAAAgOzMWTfAlHbJ4AdEhG5uU/EAAACA+1/AlcSr - QEPM5xLW0unCsQ== - ---- END SSH2 ENCRYPTED PRIVATE KEY ---- + ---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ---- + Comment: "dummy-key-hiera-eyaml-issue-rsa-key-20200911" + P2/56wAAANwAAAA3aWYtbW9kbntzaWdue3JzYS1wa2NzMS1zaGExfSxlbmNyeXB0e3JzYS + 1wa2NzMXYyLW9hZXB9fQAAAARub25lAAAAjQAAAIkAAAAGJQAAAP93ZtrMIRZutZ/SZUyw + JWwyI4YxNvr5tBt9UnSJ7K0+rQAAAQDohO1ykUahsogS+ymM6o9WEmdROJZpWShCqdv8Dj + 2roQAAAIDG1G8hY90Xlz/YiFhDZLLWAAAAgOzMWTfAlHbJ4AdEhG5uU/EAAACA+1/AlcSr + QEPM5xLW0unCsQ== + ---- END SSH2 ENCRYPTED PRIVATE KEY ---- ``` - Use `edit` to ... - - prepend `DEC::PKCS7[ ` before the first line, - - remove two whitespaces in front of the multiline value, + - replace '|' with '>', + - prepend `DEC::PKCS7[` before the first line, + - remove all whitespaces used for indentation, - and append `]!` to the last line of the multiline value. `eyaml edit multiline_example.eyaml` @@ -218,49 +219,18 @@ accounts::key_sets: accounts::key_sets: dummy: private: > - DEC::PKCS7[ ---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ---- - Comment: "dummy-key-hiera-eyaml-issue-rsa-key-20170123" - P2/56wAAANwAAAA3aWYtbW9kbntzaWdue3JzYS1wa2NzMS1zaGExfSxlbmNyeXB0e3JzYS - 1wa2NzMXYyLW9hZXB9fQAAAARub25lAAAAjQAAAIkAAAAGJQAAAP93ZtrMIRZutZ/SZUyw - JWwyI4YxNvr5tBt9UnSJ7K0+rQAAAQDohO1ykUahsogS+ymM6o9WEmdROJZpWShCqdv8Dj - 2roQAAAIDG1G8hY90Xlz/YiFhDZLLWAAAAgOzMWTfAlHbJ4AdEhG5uU/EAAACA+1/AlcSr - QEPM5xLW0unCsQ== - ---- END SSH2 ENCRYPTED PRIVATE KEY ----]! + DEC::PKCS7[---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ---- +Comment: "dummy-key-hiera-eyaml-issue-rsa-key-20170123" +P2/56wAAANwAAAA3aWYtbW9kbntzaWdue3JzYS1wa2NzMS1zaGExfSxlbmNyeXB0e3JzYS +1wa2NzMXYyLW9hZXB9fQAAAARub25lAAAAjQAAAIkAAAAGJQAAAP93ZtrMIRZutZ/SZUyw +JWwyI4YxNvr5tBt9UnSJ7K0+rQAAAQDohO1ykUahsogS+ymM6o9WEmdROJZpWShCqdv8Dj +2roQAAAIDG1G8hY90Xlz/YiFhDZLLWAAAAgOzMWTfAlHbJ4AdEhG5uU/EAAACA+1/AlcSr +QEPM5xLW0unCsQ== +---- END SSH2 ENCRYPTED PRIVATE KEY ----]! ``` ``` # resulting encrypted file --- -accounts::key_sets: - dummy: - private: > - ENC[PKCS7,MIIDTQYJKoZIhvcNAQcDoIIDPjCCAzoCAQAxggEhMIIBHQIBADAFMAACAQEw - DQYJKoZIhvcNAQEBBQAEggEAXH7xB1xuzoMAqA/3jSXO0ZUR6+UCb3DsTTj3 - Lsrcx5oQBnJ/ml7GfBCPxBKfArZunLcnxmSk4hECKXdfgKsVjAa++JQWvtEm - HUNTFqvwd76Ku+nMfI9c8g+X+l6obLjzWfJdg3t6Ja7CJKl8UNFtSmbfYKVi - nZ0xBubgdY4plLAFcZyD5/A/lNFqwb051TRLbZOIRRfLUlRL7RNkKRC59Aog - S5aJXjmqx6vRzFifNK0JFZvYHGD75TiHJ5LFjg4rjgFd43AnK8iNo773ZWP2 - 48Gly5Zx7qVQDCDDi1YBgNFb0NIBQw+kWy7HcPH2REvPnXu/HV2FWvDP3Ond - yr2EbTCCAg4GCSqGSIb3DQEHATAdBglghkgBZQMEASoEEH+CjZJ1gKfaQIrr - N5zef7OAggHgBmRVsfaoiNEOzhmHZ5SxxZztmpBNtLv7mteaSqSL5o0TtKQh - SDgxBhaQmlL51+JM1Jsnvqm57ikZhj7Vtek/vr5DhYhWs0AxttH5rNaw0zKU - 4bMppVu+SNKCtT+2Qw31x/S7gF7yVl+mwmXhq3qAj9ExWRX3d/8/zTuC61Io - f+7O6YUOucZ/m/YPrQnC5v7bDSKlIf1aFaKqukjM3QO8FZlAOHGPvRuWV2Om - QIgxQE6F8r+bTkW3KiVIx5FEIthRZ90VS3tz/2wjj77svddBhlid9ov/0ard - GGVNGsl1BFpLqxC0mpZXz237cL/aM58naqmX52J6YmC0xQM3DNmahWlYx1HV - J/Ogk12pOYPLJB/09OuoHPzKC4WfpB9B7wAC6pghRkO/84cOw6rgSdbzze5W - WMPvo181Y74BSBKhJDdO3lWYmEcDyx4TEsMUlpxd9PBDcOHqf9qHviXrwGzO - oSm2bUV0Fum5ueU+D2vu3mO0yIQ6fwyvDZLBRjfJV7K/PyDz81feWT6+g38t - AC27c0h8wk9b7HYfqG28nZE7F13qrhwCKnOaYLglsmbszNpRrBhfo1IHF6oM - YZRZrnrGQg5qQcxMsLq37RAfRgkY0rRLs78EEAhkf4NDxw0A/ovt] -``` - - *Notice:* Make sure to use four whitespaces after `DEC::PKCS7[`. `eyaml` always prepends two whitespaces ([#219](https://github.com/voxpupuli/hiera-eyaml/issues/219)). - - The number of whitespaces is relative to the values indentation level. Encrypting a value (e.g.) one level higher would require only two whitespaces. -- Edit the encrypted file using (e.g.) `vim` and re-add the two whitespaces. Without them it's not parsed as valid YAML. - -`vim multiline_example.eyaml` -``` -# encrypted file ---- accounts::key_sets: dummy: private: > @@ -284,8 +254,22 @@ accounts::key_sets: AC27c0h8wk9b7HYfqG28nZE7F13qrhwCKnOaYLglsmbszNpRrBhfo1IHF6oM YZRZrnrGQg5qQcxMsLq37RAfRgkY0rRLs78EEAhkf4NDxw0A/ovt] ``` -- Test with `eyaml decrypt -f multiline_example.eyaml` and compare the output to the plaintext. - +- Output of `eyaml decrypt -f multiline_example.eyaml`: +``` +--- +accounts::key_sets: + dummy: + private: | + ---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ---- + Comment: "dummy-key-hiera-eyaml-issue-rsa-key-20200911" + P2/56wAAANwAAAA3aWYtbW9kbntzaWdue3JzYS1wa2NzMS1zaGExfSxlbmNyeXB0e3JzYS + 1wa2NzMXYyLW9hZXB9fQAAAARub25lAAAAjQAAAIkAAAAGJQAAAP93ZtrMIRZutZ/SZUyw + JWwyI4YxNvr5tBt9UnSJ7K0+rQAAAQDohO1ykUahsogS+ymM6o9WEmdROJZpWShCqdv8Dj + 2roQAAAIDG1G8hY90Xlz/YiFhDZLLWAAAAgOzMWTfAlHbJ4AdEhG5uU/EAAACA+1/AlcSr + QEPM5xLW0unCsQ== + ---- END SSH2 ENCRYPTED PRIVATE KEY ---- +``` + - The output *does NOT* have to be valid YAML for usage with Puppet. Hiera ----- From c98738e0819ccb37399cada70b3562f03f94447d Mon Sep 17 00:00:00 2001 From: Kenyon Ralph Date: Sat, 9 Jan 2021 18:35:27 -0800 Subject: [PATCH 03/16] Gemfile: prevent use of github_changelog_generator on old rubies github_changelog_generator-1.15.1 requires Ruby >= 2.5.0, but Puppet 5 uses Ruby 2.4. --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 72538aef..4398a335 100644 --- a/Gemfile +++ b/Gemfile @@ -20,7 +20,7 @@ group :development do gem "hiera-eyaml-plaintext" gem "puppet", ENV['PUPPET_VERSION'] || default_puppet_restriction gem 'json_pure', '<= 2.0.1' if RUBY_VERSION < '2.0.0' - if RUBY_VERSION >= '2.2.2' + if RUBY_VERSION >= '2.5.0' gem 'github_changelog_generator', :require => false, :git => 'https://github.com/voxpupuli/github-changelog-generator', :branch => 'voxpupuli_essential_fixes' gem "activesupport", activesupport_restriction end From e4e55908ddee6c4467a3a6484dc0454803acd0ff Mon Sep 17 00:00:00 2001 From: Kenyon Ralph Date: Sat, 9 Jan 2021 18:37:45 -0800 Subject: [PATCH 04/16] Gemfile: remove extra space --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 4398a335..59113d6c 100644 --- a/Gemfile +++ b/Gemfile @@ -21,7 +21,7 @@ group :development do gem "puppet", ENV['PUPPET_VERSION'] || default_puppet_restriction gem 'json_pure', '<= 2.0.1' if RUBY_VERSION < '2.0.0' if RUBY_VERSION >= '2.5.0' - gem 'github_changelog_generator', :require => false, :git => 'https://github.com/voxpupuli/github-changelog-generator', :branch => 'voxpupuli_essential_fixes' + gem 'github_changelog_generator', :require => false, :git => 'https://github.com/voxpupuli/github-changelog-generator', :branch => 'voxpupuli_essential_fixes' gem "activesupport", activesupport_restriction end end From d976ee778f76716c727e34152c393180809e58d5 Mon Sep 17 00:00:00 2001 From: Kenyon Ralph Date: Sun, 22 Nov 2020 00:15:54 -0800 Subject: [PATCH 05/16] whitespace cleanup --- lib/hiera/backend/eyaml/encryptor.rb | 5 ++--- lib/hiera/backend/eyaml/subcommands/encrypt.rb | 6 +++--- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/lib/hiera/backend/eyaml/encryptor.rb b/lib/hiera/backend/eyaml/encryptor.rb index 843254b8..3c47d5d9 100644 --- a/lib/hiera/backend/eyaml/encryptor.rb +++ b/lib/hiera/backend/eyaml/encryptor.rb @@ -14,7 +14,7 @@ class << self def self.find encryption_scheme = nil encryption_scheme = Eyaml.default_encryption_scheme if encryption_scheme.nil? - require "hiera/backend/eyaml/encryptors/#{File.basename encryption_scheme.downcase}" + require "hiera/backend/eyaml/encryptors/#{File.basename encryption_scheme.downcase}" encryptor_module = Module.const_get('Hiera').const_get('Backend').const_get('Eyaml').const_get('Encryptors') encryptor_class = Utils.find_closest_class :parent_class => encryptor_module, :class_name => encryption_scheme raise StandardError, "Could not find hiera-eyaml encryptor: #{encryption_scheme}. Try gem install hiera-eyaml-#{encryption_scheme.downcase} ?" if encryptor_class.nil? @@ -29,7 +29,7 @@ def self.decode string Base64.decode64(string) end - def self.encrypt *args + def self.encrypt *args raise StandardError, "encrypt() not defined for encryptor plugin: #{self}" end @@ -80,4 +80,3 @@ def self.warn msg end end end - diff --git a/lib/hiera/backend/eyaml/subcommands/encrypt.rb b/lib/hiera/backend/eyaml/subcommands/encrypt.rb index aef9dd73..894d8362 100644 --- a/lib/hiera/backend/eyaml/subcommands/encrypt.rb +++ b/lib/hiera/backend/eyaml/subcommands/encrypt.rb @@ -11,12 +11,12 @@ module Subcommands class Encrypt < Subcommand def self.options - [{:name => :password, - :description => "Source input is a password entered on the terminal", + [{:name => :password, + :description => "Source input is a password entered on the terminal", :short => 'p'}, {:name => :string, :description => "Source input is a string provided as an argument", - :short => 's', + :short => 's', :type => :string}, {:name => :file, :description => "Source input is a regular file", From ce3fbad3c243cbe02546dadf18e93b2cb382efed Mon Sep 17 00:00:00 2001 From: Kenyon Ralph Date: Sun, 22 Nov 2020 00:16:38 -0800 Subject: [PATCH 06/16] use standard YAML indentation of 2 spaces instead of 4 --- lib/hiera/backend/eyaml/subcommands/encrypt.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/hiera/backend/eyaml/subcommands/encrypt.rb b/lib/hiera/backend/eyaml/subcommands/encrypt.rb index 894d8362..93660395 100644 --- a/lib/hiera/backend/eyaml/subcommands/encrypt.rb +++ b/lib/hiera/backend/eyaml/subcommands/encrypt.rb @@ -78,7 +78,7 @@ def self.execute else encryptor = Encryptor.find ciphertext = encryptor.encode( encryptor.encrypt(Eyaml::Options[:input_data]) ) - token = Parser::EncToken.new(:block, Eyaml::Options[:input_data], encryptor, ciphertext, nil, ' ') + token = Parser::EncToken.new(:block, Eyaml::Options[:input_data], encryptor, ciphertext, nil, ' ') case Eyaml::Options[:output] when "block" token.to_encrypted :label => Eyaml::Options[:label], :use_chevron => !Eyaml::Options[:label].nil?, :format => :block From b12b924877e8658c9fb7c1cbdac93600f2c2f732 Mon Sep 17 00:00:00 2001 From: Kenyon Ralph Date: Sun, 22 Nov 2020 00:40:41 -0800 Subject: [PATCH 07/16] produce evenly folded blocks Fixes #281. --- lib/hiera/backend/eyaml/encryptor.rb | 2 +- lib/hiera/backend/eyaml/parser/encrypted_tokens.rb | 8 ++------ 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/lib/hiera/backend/eyaml/encryptor.rb b/lib/hiera/backend/eyaml/encryptor.rb index 3c47d5d9..1a515186 100644 --- a/lib/hiera/backend/eyaml/encryptor.rb +++ b/lib/hiera/backend/eyaml/encryptor.rb @@ -22,7 +22,7 @@ def self.find encryption_scheme = nil end def self.encode binary_string - Base64.encode64(binary_string).strip + Base64.strict_encode64(binary_string) end def self.decode string diff --git a/lib/hiera/backend/eyaml/parser/encrypted_tokens.rb b/lib/hiera/backend/eyaml/parser/encrypted_tokens.rb index 037c2de9..1d6fff58 100644 --- a/lib/hiera/backend/eyaml/parser/encrypted_tokens.rb +++ b/lib/hiera/backend/eyaml/parser/encrypted_tokens.rb @@ -59,16 +59,12 @@ def to_encrypted(args={}) encryption_method = args[:change_encryption] if encryption_method != nil @encryptor = Encryptor.find encryption_method - @cipher = Base64.encode64(@encryptor.encrypt @plain_text).strip + @cipher = Base64.strict_encode64(@encryptor.encrypt(@plain_text)) end case format when :block - # strip any white space - @cipher = @cipher.gsub(/[ \t]/, "") - # normalize indentation - ciphertext = @cipher.gsub(/[\n\r]/, "\n" + @indentation) chevron = (args[:use_chevron].nil? || args[:use_chevron]) ? ">\n" : '' - "#{label_string}#{chevron}" + @indentation + "ENC[#{@encryptor.tag},#{ciphertext}]" + "#{label_string}#{chevron}" + @indentation + "ENC[#{@encryptor.tag},#{@cipher}]".scan(/.{1,60}/).join("\n" + @indentation) when :string ciphertext = @cipher.gsub(/[\n\r]/, "") "#{label_string}ENC[#{@encryptor.tag},#{ciphertext}]" From 5b52f4365d79a6dc06fb6645948ddc8febf0daa9 Mon Sep 17 00:00:00 2001 From: Lucy Wyman Date: Fri, 15 Jan 2021 13:22:41 -0800 Subject: [PATCH 08/16] Unpin highline This unpins highline as the bug that cause it to be pinned only occurs in Ruby < 1.9.3. Considering Ruby 1.9.2 was EOL in July 2014, this seems safe to be able to update now. This pin is currently blocking us being able to use [vmfloaty]() in Bolt development environments, as Bolt depends on this gem and vmfloaty pulls in `command 4.5.2` which requires `highline (~> 2.0.0)`. We can work around this by locally patching this change and pulling in the gem from the filepath, but it'd be great if this pin was removed and it could just work. Let me know your thoughts! --- hiera-eyaml.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hiera-eyaml.gemspec b/hiera-eyaml.gemspec index 9362744a..f0b22b81 100644 --- a/hiera-eyaml.gemspec +++ b/hiera-eyaml.gemspec @@ -18,5 +18,5 @@ Gem::Specification.new do |gem| gem.require_paths = ["lib"] gem.add_dependency('optimist') - gem.add_dependency('highline', '~> 1.6.19') + gem.add_dependency('highline') end From ea26ba601c8b00e241f37a89792ed9723cad68c3 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Sat, 16 Jan 2021 13:55:35 +0100 Subject: [PATCH 09/16] gemspec: fix repo url --- hiera-eyaml.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hiera-eyaml.gemspec b/hiera-eyaml.gemspec index f0b22b81..0043059e 100644 --- a/hiera-eyaml.gemspec +++ b/hiera-eyaml.gemspec @@ -11,7 +11,7 @@ Gem::Specification.new do |gem| gem.author = "Tom Poulton" gem.license = "MIT" - gem.homepage = "http://github.com/TomPoulton/hiera-eyaml" + gem.homepage = "https://github.com/voxpupuli/hiera-eyaml/" gem.files = `git ls-files`.split($/).reject { |file| file =~ /^features.*$/ } gem.executables = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) } gem.test_files = gem.files.grep(%r{^(test|spec|features)/}) From e29baebc0d5becc37db9b6b81dcedcf97ec82301 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Sat, 16 Jan 2021 13:55:48 +0100 Subject: [PATCH 10/16] Drop Puppet 4/5 tests; Add Ruby 2.7 testing --- .travis.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.travis.yml b/.travis.yml index a11a8fd2..ce3c45dd 100644 --- a/.travis.yml +++ b/.travis.yml @@ -18,11 +18,11 @@ script: bundle exec cucumber -f progress matrix: include: - - rvm: 2.1.9 - env: PUPPET_VERSION="~> 4.0" RUBYGEMS_VERSION=2.7.8 - - rvm: 2.4.2 - env: PUPPET_VERSION="~> 5.0" - - rvm: 2.5.7 + - rvm: 2.5 + env: PUPPET_VERSION="~> 6.0" + - rvm: 2.6 + env: PUPPET_VERSION="~> 6.0" + - rvm: 2.7 env: PUPPET_VERSION="~> 6.0" notifications: email: false From bc13b1783629618099dcc19d1163fa128c4b0664 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Sat, 16 Jan 2021 14:08:41 +0100 Subject: [PATCH 11/16] cleanup Gemfile --- Gemfile | 20 +++----------------- 1 file changed, 3 insertions(+), 17 deletions(-) diff --git a/Gemfile b/Gemfile index 59113d6c..067e4e90 100644 --- a/Gemfile +++ b/Gemfile @@ -2,28 +2,14 @@ source 'https://rubygems.org/' gemspec -def default_puppet_restriction - # Puppet 6 should be the default for Ruby 2.5+ - # Puppet 5 should be the defualt for Ruby 2.4 - Gem::Requirement.create('>= 2.5.0').satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) ? '~> 6.0' : '~> 5.0' -end - -def activesupport_restriction - # Active Support 6.x requires ruby 2.5.0+ - Gem::Requirement.create('>= 2.5.0').satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) ? '~> 6.0' : '~> 5.0' -end - group :development do gem "aruba", '~> 0.6.2' gem "cucumber", '~> 1.1' gem "rspec-expectations", '~> 3.1.0' gem "hiera-eyaml-plaintext" - gem "puppet", ENV['PUPPET_VERSION'] || default_puppet_restriction - gem 'json_pure', '<= 2.0.1' if RUBY_VERSION < '2.0.0' - if RUBY_VERSION >= '2.5.0' - gem 'github_changelog_generator', :require => false, :git => 'https://github.com/voxpupuli/github-changelog-generator', :branch => 'voxpupuli_essential_fixes' - gem "activesupport", activesupport_restriction - end + gem "puppet", ENV['PUPPET_VERSION'] || '>= 7' + gem 'github_changelog_generator', :require => false, :git => 'https://github.com/voxpupuli/github-changelog-generator', :branch => 'voxpupuli_essential_fixes' + gem "activesupport" end group :test do From e3be51f18edf2e961071b6b51cfa6c4ab7550173 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Sun, 17 Jan 2021 16:13:35 +0100 Subject: [PATCH 12/16] add .vendor/ to .gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index dc286d6d..02ce791a 100644 --- a/.gitignore +++ b/.gitignore @@ -16,3 +16,4 @@ features/sandbox/puppet-hiera-merge/reports features/sandbox/puppet-hiera-merge/state features/sandbox/puppet/reports features/sandbox/puppet/state +.vendor/ From d4c3e16bf678a70a38d657ecca5239872958558c Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Sun, 17 Jan 2021 16:13:48 +0100 Subject: [PATCH 13/16] release 3.2.1 --- CHANGELOG.md | 24 +++++++++++++++++++++++- lib/hiera/backend/eyaml.rb | 2 +- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 33f5051e..96414ac3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,26 @@ All notable changes to this project will be documented in this file. -## [v3.2.0](https://github.com/voxpupuli/hiera-eyaml/tree/v3.2.0) (2020-01-30) +## [v3.2.1](https://github.com/voxpupuli/hiera-eyaml/tree/v3.2.1) (2021-01-17) + +[Full Changelog](https://github.com/voxpupuli/hiera-eyaml/compare/v3.2.0...v3.2.1) + +**Fixed bugs:** + +- Fix block folding [\#307](https://github.com/voxpupuli/hiera-eyaml/pull/307) ([kenyon](https://github.com/kenyon)) +- add step-by-step how-to encrypting multiline values [\#304](https://github.com/voxpupuli/hiera-eyaml/pull/304) ([kBite](https://github.com/kBite)) + +**Closed issues:** + +- eyaml edit should produce evenly folded blocks. [\#281](https://github.com/voxpupuli/hiera-eyaml/issues/281) +- Support version 4 hiera config [\#213](https://github.com/voxpupuli/hiera-eyaml/issues/213) + +**Merged pull requests:** + +- gemspec: fix repo url / Drop Puppet 4/5 tests [\#311](https://github.com/voxpupuli/hiera-eyaml/pull/311) ([bastelfreak](https://github.com/bastelfreak)) +- Unpin highline [\#310](https://github.com/voxpupuli/hiera-eyaml/pull/310) ([lucywyman](https://github.com/lucywyman)) + +## [v3.2.0](https://github.com/voxpupuli/hiera-eyaml/tree/v3.2.0) (2020-01-31) [Full Changelog](https://github.com/voxpupuli/hiera-eyaml/compare/v3.1.1...v3.2.0) @@ -122,7 +141,10 @@ This is the first release after this project was migrated to Vox Pupuli. - \(docs\) Update README with instructions for using Hiera 5 [\#229](https://github.com/voxpupuli/hiera-eyaml/pull/229) ([nfagerlund](https://github.com/nfagerlund)) - Attempt to resolve Travis CI issues [\#220](https://github.com/voxpupuli/hiera-eyaml/pull/220) ([rnelson0](https://github.com/rnelson0)) - Make it clear that the ID and parens must be deleted, not just the ID [\#188](https://github.com/voxpupuli/hiera-eyaml/pull/188) ([sdotz](https://github.com/sdotz)) +- Refactor highline import [\#187](https://github.com/voxpupuli/hiera-eyaml/pull/187) ([petems](https://github.com/petems)) +- Adding hiera-eyaml-kms plugin to readme file [\#184](https://github.com/voxpupuli/hiera-eyaml/pull/184) ([adenot](https://github.com/adenot)) - Make output of `eyaml decrypt` valid yaml with multiline values. [\#183](https://github.com/voxpupuli/hiera-eyaml/pull/183) ([peculater](https://github.com/peculater)) +- Add testing support for puppet 4 [\#181](https://github.com/voxpupuli/hiera-eyaml/pull/181) ([peculater](https://github.com/peculater)) ## v2.1.0 (2016-03-02) diff --git a/lib/hiera/backend/eyaml.rb b/lib/hiera/backend/eyaml.rb index 7de126a4..3fef2855 100644 --- a/lib/hiera/backend/eyaml.rb +++ b/lib/hiera/backend/eyaml.rb @@ -2,7 +2,7 @@ class Hiera module Backend module Eyaml - VERSION = "3.2.0" + VERSION = "3.2.1" DESCRIPTION = "Hiera-eyaml is a backend for Hiera which provides OpenSSL encryption/decryption for Hiera properties" class RecoverableError < StandardError From 1cb6192b54f0e20ddbf5b4027c4b950d101c65e6 Mon Sep 17 00:00:00 2001 From: Edwin Maldonado Date: Mon, 15 Feb 2021 16:40:10 +0100 Subject: [PATCH 14/16] removing question mark from encrypted? mthd As discussed on this PR https://github.com/voxpupuli/puppet-syntax/pull/127/files The question mark is irrelevant in this REGEX, so with the IAC team, we decided to fix it from the upstream project. --- lib/hiera/backend/eyaml_backend.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/hiera/backend/eyaml_backend.rb b/lib/hiera/backend/eyaml_backend.rb index 322037ed..658654a4 100644 --- a/lib/hiera/backend/eyaml_backend.rb +++ b/lib/hiera/backend/eyaml_backend.rb @@ -99,7 +99,7 @@ def decrypt(data) end def encrypted?(data) - /.*ENC\[.*?\]/ =~ data ? true : false + /.*ENC\[.*\]/ =~ data ? true : false end def parse_answer(data, scope, extra_data={}) From a6fd534b416b6ef9beb0ef750127b861330a6998 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Tue, 16 Feb 2021 18:50:55 +0100 Subject: [PATCH 15/16] migrate CI to github actions --- .github/workflows/release.yml | 24 +++++++++++++++++++ .github/workflows/test.yml | 31 ++++++++++++++++++++++++ .travis.yml | 45 ----------------------------------- 3 files changed, 55 insertions(+), 45 deletions(-) create mode 100644 .github/workflows/release.yml create mode 100644 .github/workflows/test.yml delete mode 100644 .travis.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000..04aa6d8c --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,24 @@ +name: Release + +on: + create: + ref_type: tag + +jobs: + release: + runs-on: ubuntu-latest + if: github.repository == 'voxpupuli/hiera-eyaml' + env: + BUNDLE_WITHOUT: release + steps: + - uses: actions/checkout@v2 + - name: Install Ruby 2.7 + uses: ruby/setup-ruby@v1 + with: + ruby-version: '2.7' + - name: Build gem + run: gem build *.gemspec + - name: Publish gem + run: gem push *.gem + env: + GEM_HOST_API_KEY: '${{ secrets.RUBYGEMS_AUTH_TOKEN }}' diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 00000000..1ec2dab0 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,31 @@ +name: Test + +on: + - pull_request + - push + +jobs: + test: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + ruby: + - "2.5" + - "2.6" + - "2.7" + env: + BUNDLE_WITHOUT: release + PUPPET_VERSION: "~> 6.0" + name: Ruby ${{ matrix.ruby }} + steps: + - uses: actions/checkout@v2 + - name: Install expect + run: sudo apt-get install expect + - name: Install Ruby ${{ matrix.ruby }} + uses: ruby/setup-ruby@v1 + with: + ruby-version: ${{ matrix.ruby }} + bundler-cache: true + - name: Run tests + run: bundle exec cucumber -f progress diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index ce3c45dd..00000000 --- a/.travis.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -dist: trusty -language: ruby -cache: bundler -sudo: false -before_install: - - bundle -v - - rm Gemfile.lock || true - - gem update --system $RUBYGEMS_VERSION - - gem update bundler - - gem --version - - bundle -v -addons: - apt: - packages: - - expect -script: - bundle exec cucumber -f progress -matrix: - include: - - rvm: 2.5 - env: PUPPET_VERSION="~> 6.0" - - rvm: 2.6 - env: PUPPET_VERSION="~> 6.0" - - rvm: 2.7 - env: PUPPET_VERSION="~> 6.0" -notifications: - email: false - irc: - on_success: always - on_failure: always - channels: - - "chat.freenode.org#voxpupuli-notifications" -branches: - only: - - master - - /^v\d/ -deploy: - provider: rubygems - api_key: - secure: 'W6a8A3KfxNydnbK4qhpL4S4KBUnadw8eGr1s8vqeOc8gXlc/qkj/DET9jWpgaEsdnEN/ALJL0WEksYJCHDpdeJv1qKaidFg5dC5l+qZ5gdVHRoKKVFkVlt8WDHe5UdP+bI2vUHWQ/1c04P92+jU9SJ0afTU1xUFn4d3AWCgwmdk=' - gem: hiera-eyaml - on: - tags: true - repo: voxpupuli/hiera-eyaml From 839be70952c9ba3981200d3d077404e8658c9578 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Tue, 16 Feb 2021 18:39:26 +0100 Subject: [PATCH 16/16] release 3.2.1 --- CHANGELOG.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 96414ac3..8fbdbf8b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,12 +2,13 @@ All notable changes to this project will be documented in this file. -## [v3.2.1](https://github.com/voxpupuli/hiera-eyaml/tree/v3.2.1) (2021-01-17) +## [v3.2.1](https://github.com/voxpupuli/hiera-eyaml/tree/v3.2.1) (2021-02-16) [Full Changelog](https://github.com/voxpupuli/hiera-eyaml/compare/v3.2.0...v3.2.1) **Fixed bugs:** +- remove question mark from regex in encrypted? method [\#313](https://github.com/voxpupuli/hiera-eyaml/pull/313) ([mcka1n](https://github.com/mcka1n)) - Fix block folding [\#307](https://github.com/voxpupuli/hiera-eyaml/pull/307) ([kenyon](https://github.com/kenyon)) - add step-by-step how-to encrypting multiline values [\#304](https://github.com/voxpupuli/hiera-eyaml/pull/304) ([kBite](https://github.com/kBite)) @@ -18,6 +19,7 @@ All notable changes to this project will be documented in this file. **Merged pull requests:** +- migrate CI to github actions [\#315](https://github.com/voxpupuli/hiera-eyaml/pull/315) ([bastelfreak](https://github.com/bastelfreak)) - gemspec: fix repo url / Drop Puppet 4/5 tests [\#311](https://github.com/voxpupuli/hiera-eyaml/pull/311) ([bastelfreak](https://github.com/bastelfreak)) - Unpin highline [\#310](https://github.com/voxpupuli/hiera-eyaml/pull/310) ([lucywyman](https://github.com/lucywyman))