Merge 1aea838 into abcc979

CHANGELOG.md

@@ -0,0 +1,49 @@
+# Augosign changelog
+
+## Unreleased
+* (maint) print config in yaml format
+* (maint) Fix a cache bug where the settings were loaded multiple times
+* (maint) Fix a bug where the config overwrites settings
+* (maint) Fix bug with validation order
+* (maint) The autosign gem now requires the deep_merge gem 1.2.1
+* (maint) The require_all has been dropped and is no longer a dependency
+* (maint) Fix deprecation warnings with gemspec file
+* (maint) Objectify the validator classes
+* (maint) Fix a cache bug where the settings were loaded multiple times.
+    This was causing overzealous logging
+* (feat) Add an ordered validator list
+* (feat) Any validator should short circuit
+* (feat) Allow user to specify validation order
+
+This release removes support for ruby < 2.4.
+
+## 0.1.4
+Released Nov 25, 2019 
+
+### Bug fixes
+
+* Use multi_json to allow a variety of JSON engines to be used, which makes installation easier.
+* Read all of STDIN regardless of whether we’ll use it in order to avoid a bug in Java 8.
+* Change yard from a runtime dependency to a dev dependency.
+* Security updates for dependencies:
+* Bump ffi from 1.9.10 to 1.9.25
+* Bump yard from 0.9.12 to 0.9.20
+
+## 0.1.3
+Released Jan 24, 2018
+
+### Bug fixes
+
+* Fix config file path; the latest version of puppet-autosign creates config files in /etc/puppetlabs/puppetserver/autosign.conf but we weren't checking there
+* @reidmv fixed a bug where the decoder would error when presented with a csr with no challengePassword
+* added an Apache license to be explicit about how the code is licensed. Did check with all contributors first.
+
+## 0.1.1
+Released Oct 30, 2015
+
+* bump version to 0.1.1 to fix safe_yaml issue
+
+## 0.0.6 
+Released Jul 15, 2015
+
+* add autosign-validator executable to gem

Gemfile.lock

@@ -2,13 +2,12 @@ PATH
   remote: .
   specs:
     autosign (0.1.4)
-      deep_merge (~> 1)
+      deep_merge (~> 1.2)
       gli (~> 2)
       iniparse (~> 1)
       jwt (~> 1)
       logging (~> 2)
       multi_json (>= 1)
-      require_all (~> 1)
 
 GEM
   remote: https://rubygems.org/
@@ -51,7 +50,7 @@ GEM
     gli (2.19.0)
     hiera (1.3.4)
       json_pure
-    iniparse (1.4.4)
+    iniparse (1.5.0)
     json (2.2.0)
     json_pure (2.2.0)
     jwt (1.5.6)
@@ -75,7 +74,6 @@ GEM
     rainbow (3.0.0)
     rake (10.5.0)
     rdoc (4.3.0)
-    require_all (1.5.0)
     rexml (3.2.4)
     rspec (3.9.0)
       rspec-core (~> 3.9.0)

autosign.gemspec

@@ -10,13 +10,15 @@ spec = Gem::Specification.new do |s|
   s.homepage = 'https://github.com/danieldreier/autosign'
   s.platform = Gem::Platform::RUBY
   s.summary = 'Tooling to make puppet autosigning easy, secure, and extensible'
-  s.files = `git ls-files`.split("\n")
+  s.files   = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(spec|features|fixtures)/}) }
   s.require_paths << 'lib'
-  s.has_rdoc = false
-  s.rdoc_options << '--title' << 'autosign' << '--main' << 'README.rdoc' << '-ri'
+  s.extra_rdoc_files = [
+    'CHANGELOG.md',
+    'LICENSE',
+    'README.md'
+  ]
   s.bindir = 'bin'
-  s.executables << 'autosign'
-  s.executables << 'autosign-validator'
+  s.executables = ['autosign', 'autosign-validator']
   s.add_development_dependency('aruba', '~> 0.6')
   s.add_development_dependency('coveralls')
   s.add_development_dependency('cucumber', '~> 2')
@@ -27,11 +29,10 @@ spec = Gem::Specification.new do |s|
   s.add_development_dependency('rspec', '~> 3')
   s.add_development_dependency('rubocop', '~> 0.83.0')
   s.add_development_dependency('yard', '~> 0.9.11')
-  s.add_runtime_dependency('deep_merge', '~> 1')
+  s.add_runtime_dependency('deep_merge', '~> 1.2')
   s.add_runtime_dependency('gli', '~> 2')
   s.add_runtime_dependency('iniparse', '~> 1')
   s.add_runtime_dependency('jwt', '~> 1')
   s.add_runtime_dependency('logging', '~> 2')
   s.add_runtime_dependency('multi_json', '>=1')
-  s.add_runtime_dependency('require_all', '~> 1')
 end

bin/autosign

@@ -52,8 +52,9 @@ command :generate do |c|
 
   c.action do |global_options,options,args|
     config = Autosign::Config.new({'config_file' => global_options['config']})
-    global_options['secret'] = config.settings['jwt_token']['secret'] if global_options['secret'].nil?
-    options['validfor'] = config.settings.to_hash['jwt_token']['validity'].to_s if options['validfor'] == '7200'
+    config_settings = config.settings
+    global_options['secret'] = config_settings['jwt_token']['secret'] if global_options['secret'].nil?
+    options['validfor'] = config_settings.to_hash['jwt_token']['validity'].to_s if options['validfor'] == '7200'
     @logger.debug "validfor: " + options['validfor']
     help_now!('no secret was defined via --secret or a config file') if global_options['secret'].nil?
     help_now!('certname is required as argument') if args[0].nil?
@@ -87,8 +88,9 @@ command :validate do |c|
 
   c.action do |global_options,options,args|
     config = Autosign::Config.new({'config_file' => global_options['config']})
-    puts config.settings.to_hash['jwt_token']
-    global_options['secret'] = config.settings['jwt_token']['secret'] if global_options['secret'].nil?
+    config_settings = config.settings
+    puts config_settings.to_hash['jwt_token']
+    global_options['secret'] = config_settings['jwt_token']['secret'] if global_options['secret'].nil?
 
     help_now!('no secret was defined via --secret or a config file') if global_options['secret'].nil?
     help_now!('certname is required') if options['certname'].nil?
@@ -122,7 +124,8 @@ command :config do |c|
     print.action do |global_options,options,args|
       @logger.debug "print command ran with #{global_options} #{options} #{args}"
       config = Autosign::Config.new({'config_file' => global_options['config']})
-      puts config.settings.to_s
+      require 'yaml'
+      puts config.settings.to_yaml
     end
   end
 
@@ -135,7 +138,8 @@ pre do |global,command,options,args|
   # Use skips_pre before a command to skip this block
   # on that command only
   config = Autosign::Config.new
-  @logger.level = config.settings.to_hash['general']['loglevel'].to_sym unless config.settings.to_hash['general']['loglevel'].nil?
+  config_settings = config.settings
+  @logger.level = config_settings.to_hash['general']['loglevel'].to_sym unless config_settings.to_hash['general']['loglevel'].nil?
 
   @logger.level = :error if global['quiet']
   @logger.level = :info if global['verbose']

bin/autosign-validator

@@ -13,14 +13,14 @@ raw_csr = $stdin.read
 @logger.add_appenders Logging.appenders.stdout
 
 # Load config and then add logfile as a log appender
-config = Autosign::Config.new
+config_settings = Autosign::Config.new.settings
 
-unless config.settings['general']['logfile'].nil?
+unless config_settings['general']['logfile'].nil?
   file_layout = Logging.layouts.pattern(:pattern => "%d %-5l -- %c : %m\n", :date_pattern => "%Y-%m-%dT%H:%M:%S.%s")
-  @logger.add_appenders Logging.appenders.file(config.settings['general']['logfile'], :layout => file_layout)
+  @logger.add_appenders Logging.appenders.file(config_settings['general']['logfile'], :layout => file_layout)
 end
 
-@logger.level = config.settings['general']['loglevel'].to_sym unless config.settings['general']['loglevel'].nil?
+@logger.level = config_settings['general']['loglevel'].to_sym unless config_settings['general']['loglevel'].nil?
 
 ### End logging initialization
 
@@ -41,7 +41,7 @@ exit 1 unless csr.is_a?(Hash)
 ### End Inputs
 
 ### validate token
-token_validation = Autosign::Validator.any_validator(csr[:challenge_password].to_s, certname.to_s, raw_csr)
+token_validation = Autosign::Validator.any_validator(csr[:challenge_password].to_s, certname.to_s, raw_csr, config_settings)
 ### end validation
 
 ### Exit with correct exit status

lib/autosign/config.rb

@@ -50,6 +50,7 @@ def initialize(settings_param = {})
       unless ENV['HOME'].nil?
         @config_file_paths << File.join(Dir.home, '.autosign.conf')
       end
+
       unless settings_param['config_file'].nil?
         @config_file_paths = [settings_param['config_file']]
       end
@@ -65,7 +66,7 @@ def initialize(settings_param = {})
     def settings
       @log.debug 'merging settings'
       setting_sources = [default_settings, configfile, @settings]
-      merged_settings = setting_sources.inject({}) { |merged, hash| merged.deep_merge!(hash) }
+      merged_settings = setting_sources.inject({}) { |merged, hash| merged.deep_merge!(hash, {:overwrite_arrays => true}) }
       @log.debug 'using merged settings: ' + merged_settings.to_s
       merged_settings
     end
@@ -169,7 +170,10 @@ def self.generate_default(settings_param = {})
       config = {
         'general' => {
           'loglevel' => 'warn',
-          'logfile' => os_defaults['logpath']
+          'logfile' => os_defaults['logpath'],
+          'validation_order' => %w[
+            jwt_token password_list multiplexer
+          ]
         },
         'jwt_token' => {
           'secret' => SecureRandom.base64(20),