desc 'Compile json files to hiera configs'
command :compile do |c|
c.action do |global_options,options,args|
- update_compiled_ssh_configs # this must come first, hiera configs import these files.
- manager.export Path.named_path(:hiera_dir) # generate a hiera .yaml config for each node
+ # these must come first
+ update_compiled_ssh_configs
+
+ # export generated files
+ manager.export_nodes
+ manager.export_secrets
end
end
#
class Manager
- attr_reader :services, :tags, :nodes, :provider, :common
+ attr_reader :services, :tags, :nodes, :provider, :common, :secrets
##
## IMPORT EXPORT
# load .json configuration files
#
def load(provider_dir=Path.provider)
+ @provider_dir = provider_dir
@services = load_all_json(Path.named_path([:service_config, '*'], provider_dir))
@tags = load_all_json(Path.named_path([:tag_config, '*'], provider_dir))
@nodes = load_all_json(Path.named_path([:node_config, '*'], provider_dir))
@common = load_json(Path.named_path(:common_config, provider_dir))
@provider = load_json(Path.named_path(:provider_config, provider_dir))
+ @secrets = load_json(Path.named_path(:secrets_config, provider_dir))
Util::assert!(@provider, "Failed to load provider.json")
Util::assert!(@common, "Failed to load common.json")
#
# save compiled hiera .yaml files
#
- def export(dir=Path.named_path(:hiera_dir))
+ def export_nodes(destination_directory = nil)
+ dir = destination_directory || Path.named_path(:hiera_dir, @provider_dir)
existing_files = Dir.glob(dir + '/*.yaml')
updated_files = []
@nodes.each do |name, node|
end
end
+ def export_secrets(destination_file = nil)
+ if @secrets.any?
+ file_path = destination_file || Path.named_path(:secrets_config, @provider_dir)
+ Util.write_file!(file_path, @secrets.dump_json + "\n")
+ end
+ end
+
##
## FILTERING
##
end
def load_json(filename)
+ if !File.exists?(filename)
+ return Config::Object.new(self)
+ end
+
#
# read file, strip out comments
# (File.read(filename) would be faster, but we like ability to have comments)
# input config files
:common_config => 'common.json',
:provider_config => 'provider.json',
+ :secrets_config => 'secrets.json',
:node_config => 'nodes/#{arg}.json',
:service_config => 'services/#{arg}.json',
:tag_config => 'tags/#{arg}.json',
--- /dev/null
+#
+# A simple alphanumeric secret generator, with no ambiguous characters.
+#
+# It also includes symbols that are treated as word characters by most
+# terminals (so you can still double click to select the entire secret).
+#
+# Uses OpenSSL random number generator instead of Ruby's rand function
+#
+
+require 'openssl'
+
+module LeapCli; module Util
+
+ class Secret
+
+ CHARS = ('A'..'Z').to_a + ('a'..'z').to_a + ('0'..'9').to_a + "_-&@%~=+".split(//u) - "io01lO".split(//u)
+
+ def self.generate(length = 10)
+ seed
+ OpenSSL::Random.random_bytes(length).bytes.to_a.collect { |byte|
+ CHARS[ byte % CHARS.length ]
+ }.join
+ end
+
+ def self.seed
+ @pid ||= 0
+ pid = $$
+ if @pid != pid
+ now = Time.now
+ OpenSSL::Random.seed( [now.to_i, now.nsec, @pid, pid].join )
+ @pid = pid
+ end
+ end
+
+ end
+
+end; end
projects / leap / leap_cli.git / commitdiff