class Veil::CredentialCollection::Base

Attributes

credentials[R]
decryptor[R]
encryptor[R]
hasher[R]
version[R]

Public Class Methods

create(hash = {}) click to toggle source
# File lib/veil/credential_collection/base.rb, line 10
def create(hash = {})
  new(hash)
end
new(opts = {}) click to toggle source
# File lib/veil/credential_collection/base.rb, line 21
def initialize(opts = {})
  @hasher = Veil::Hasher.create(opts[:hasher] || {})
  @decryptor, @encryptor = Veil::Cipher.create(opts[:cipher] || {})
  @credentials = expand_credentials_hash(decryptor.decrypt(opts[:credentials]) || {})
  @version = opts[:version] || 1
end

Public Instance Methods

<<(*args)
Alias for: add
add(*args) click to toggle source

Add a new credential to the credentials

@param [Hash] args

# File lib/veil/credential_collection/base.rb, line 109
def add(*args)
  params = { name: nil, group: nil, length: 128, value: nil, force: false }
  case args.length
  when 1
    # add('foo')
    params[:name] = args.first
  when 2
    if args.all? { |a| a.is_a?(String) }
      # add('my_app', 'foo')
      params[:group], params[:name] = args
    elsif args[1].is_a?(Hash)
      # add('my_app', value: 'something')
      # add('foo', length: 50)
      params[:name] = args.first
      params.merge!(args[1])
    end
  when 3
    # add('my_app', 'foo', value: 'something')
    # add('my_app', 'foo', length: 50)
    params[:group], params[:name] = args[0], args[1]
    params.merge!(args[2])
  else
    raise ArgumentError, "wrong number of arguments (given #{args.length}, expected 1-3)"
  end

  add_from_params(params)
end
Also aliased as: <<
add_from_file(filepath, *args) click to toggle source
Add the contents of a file as a credential after
verifying that the file can be read.
Usage:
  add_from_file(filename, "secretname")
  add_from_file(filename, "groupname", "secretname")

 Anything added from file will automatically be frozen.

`add`'s options are not supported.

# File lib/veil/credential_collection/base.rb, line 147
def add_from_file(filepath, *args)
  unless File.readable?(filepath)
    raise Veil::FileNotReadable.new("Cannot read #{filepath}")
  end
  add(*args, value: File.read(filepath),
             frozen: true)
end
credentials_as_hash() click to toggle source
# File lib/veil/credential_collection/base.rb, line 179
def credentials_as_hash
  hash = Hash.new

  credentials.each do |cred_or_group_name, cred_or_group_attrs|
    if cred_or_group_attrs.is_a?(Hash)
      cred_or_group_attrs.each do |name, cred|
        hash[cred_or_group_name] ||= Hash.new
        hash[cred_or_group_name][name] = cred.to_hash
      end
    else
      hash[cred_or_group_name] = cred_or_group_attrs.to_hash
    end
  end

  hash
end
credentials_for_export() click to toggle source
# File lib/veil/credential_collection/base.rb, line 196
def credentials_for_export
  hash = Hash.new

  credentials.each do |namespace, cred_or_creds|
    if cred_or_creds.is_a?(Veil::Credential)
      hash[namespace] = cred_or_creds.value
    else
      hash[namespace] = {}
      cred_or_creds.each { |name, cred| hash[namespace][name] = cred.value }
    end
  end

  hash
end
Also aliased as: legacy_credentials_hash
delete(group_or_cred, cred = nil)
Alias for: remove
exist?(*args) click to toggle source

Check to see if a given credential has been added.

# File lib/veil/credential_collection/base.rb, line 97
def exist?(*args)
  get(*args)
  true
rescue Veil::GroupNotFound, Veil::CredentialNotFound
  false
end
get(*args) click to toggle source

Retrieves a credential from the credential store:

get(name)
get(group, name)
# File lib/veil/credential_collection/base.rb, line 61
def get(*args)
  case args.length
  when 1
    cred_name = args[0]
    c = credentials[cred_name]
    if c.nil?
      raise Veil::CredentialNotFound, "Credential '#{cred_name}' not found."
    else
      c.value
    end
  when 2
    group_name = args[0]
    cred_name = args[1]

    g = credentials[group_name]
    if g.nil?
      raise Veil::GroupNotFound, "Credential group '#{group_name}' not found."
    else
      c = g[cred_name]
      if c.nil?
        raise Veil::CredentialNotFound, "Credential '#{cred_name}' not found in group '#{group_name}'."
      else
        c.value
      end
    end
  else
    raise ArgumentError, "wrong number of arguments (given #{args.length}, expected 1 or 2)"
  end
end
Also aliased as: get_credential
get_credential(*args)

TODO mp 2017/03/01 replace usage to prefer get_credential

Alias for: get
legacy_credentials_hash()
remove(group_or_cred, cred = nil) click to toggle source
# File lib/veil/credential_collection/base.rb, line 155
def remove(group_or_cred, cred = nil)
  if group_or_cred && cred && credentials.key?(group_or_cred)
    credentials[group_or_cred].delete(cred)
  else
    credentials.delete(group_or_cred)
  end
end
Also aliased as: delete
rotate(group_or_cred, cred = nil) click to toggle source
# File lib/veil/credential_collection/base.rb, line 43
def rotate(group_or_cred, cred = nil)
  if cred && credentials.key?(group_or_cred) && credentials[group_or_cred].key?(cred)
    credentials[group_or_cred][cred].rotate(hasher)
  elsif credentials.key?(group_or_cred)
    if credentials[group_or_cred].is_a?(Hash)
      credentials[group_or_cred].each { |_s, c| c.rotate(hasher) }
    else
      credentials[group_or_cred].rotate(hasher)
    end
  end
end
rotate_credentials() click to toggle source
# File lib/veil/credential_collection/base.rb, line 169
def rotate_credentials
  credentials.each do |cred_or_group_name, cred_or_group|
    if cred_or_group.is_a?(Veil::Credential)
      cred_or_group.rotate(hasher)
    else
      cred_or_group.each { |_group, cred| cred.rotate(hasher) }
    end
  end
end
rotate_hasher() click to toggle source
# File lib/veil/credential_collection/base.rb, line 164
def rotate_hasher
  @hasher = Veil::Hasher.create
  rotate_credentials
end
save() click to toggle source
# File lib/veil/credential_collection/base.rb, line 39
def save
  raise "Save has not been implemented for this class"
end
to_h()
Alias for: to_hash
to_hash() click to toggle source
# File lib/veil/credential_collection/base.rb, line 28
def to_hash
  {
    type: self.class.name,
    version: version,
    hasher: hasher.to_h,
    cipher: encryptor.to_h,
    credentials: encryptor.encrypt(credentials_as_hash.to_json)
  }
end
Also aliased as: to_h

Private Instance Methods

add_from_params(params) click to toggle source
# File lib/veil/credential_collection/base.rb, line 214
def add_from_params(params)
  params[:name] = params[:name].to_s

  if params[:value]
    params[:length] = params[:value].length
  else
    params[:value] = hasher.encrypt(params[:group], params[:name], 0)
  end

  # Set frozen to true if force has been set and frozen hasn't otherwise been set
  params[:frozen] ||= (params[:force] && params[:frozen].nil?)
  v = Veil::Credential.new(params)

  if params[:group]
    credentials[params[:group]] ||= {}

    return credentials[params[:group]][params[:name]] if credentials[params[:group]].key?(params[:name]) && !params[:force]

    credentials[params[:group]][params[:name]] = v
  else
    return credentials[params[:name]] if credentials.key?(params[:name]) && !params[:force]

    credentials[params[:name]] = v
  end
end
expand_credentials_hash(creds_hash) click to toggle source
# File lib/veil/credential_collection/base.rb, line 241
def expand_credentials_hash(creds_hash)
  expanded = Hash.new

  creds_hash.each do |cred_or_group_name, cred_or_group_attrs|
    if cred_or_group_attrs.key?(:type) && cred_or_group_attrs[:type] == "Veil::Credential"
      expanded[cred_or_group_name.to_s] = Veil::Credential.create(cred_or_group_attrs)
    else
      cred_or_group_attrs.each do |name, opts|
        expanded[cred_or_group_name.to_s] ||= Hash.new
        expanded[cred_or_group_name.to_s][name.to_s] = Veil::Credential.create(opts)
      end
    end
  end

  expanded
end
import_credentials_hash(hash) click to toggle source
# File lib/veil/credential_collection/base.rb, line 258
def import_credentials_hash(hash)
  hash.each do |namespace, creds_hash|
    credentials[namespace.to_s] ||= Hash.new
    creds_hash.each do |cred, value|
      credentials[namespace.to_s][cred.to_s] = Veil::Credential.new(
        name: cred.to_s,
        value: value,
        length: value.length
      )
    end
  end
end