From 704db4403280a51f10f03e7a6b7780bad2ff3bda Mon Sep 17 00:00:00 2001 From: Matt Jones Date: Tue, 17 Feb 2015 09:35:43 -0500 Subject: [PATCH] initial commit --- .gitignore | 18 ++++++++++ .rubocop.yml | 25 ++++++++++++++ .travis.yml | 18 ++++++++++ CHANGELOG.md | 1 + CONTRIBUTING.md | 1 + Gemfile | 3 ++ LICENSE | 22 ++++++++++++ README.md | 53 +++++++++++++++++++++++++++++ Rakefile | 35 +++++++++++++++++++ Vagrantfile | 32 ++++++++++++++++++ bin/extension-redact.rb | 65 ++++++++++++++++++++++++++++++++++++ certs/sensu-plugins.pem | 21 ++++++++++++ lib/sensu-plugins-redact.rb | 7 ++++ sensu-plugins-redact.gemspec | 46 +++++++++++++++++++++++++ test/spec_helper.rb | 2 ++ 15 files changed, 349 insertions(+) create mode 100644 .gitignore create mode 100644 .rubocop.yml create mode 100644 .travis.yml create mode 100644 CHANGELOG.md create mode 100644 CONTRIBUTING.md create mode 100644 Gemfile create mode 100644 LICENSE create mode 100644 README.md create mode 100644 Rakefile create mode 100644 Vagrantfile create mode 100644 bin/extension-redact.rb create mode 100644 certs/sensu-plugins.pem create mode 100644 lib/sensu-plugins-redact.rb create mode 100644 sensu-plugins-redact.gemspec create mode 100644 test/spec_helper.rb diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f92e714 --- /dev/null +++ b/.gitignore @@ -0,0 +1,18 @@ +/.bundle/ +/.yardoc +/Gemfile.lock +/_yardoc/ +/coverage/ +/doc/ +/pkg/ +/spec/reports/ +/tmp/ +*.bundle +*.so +*.o +*.a +mkmf.log +.vagrant/* +.DS_Store +.idea/* +*.gem diff --git a/.rubocop.yml b/.rubocop.yml new file mode 100644 index 0000000..8011955 --- /dev/null +++ b/.rubocop.yml @@ -0,0 +1,25 @@ + +MethodLength: + Max: 200 + +LineLength: + Max: 160 + +FileName: + Enabled: false + +PerceivedComplexity: + Enabled: false + +CyclomaticComplexity: + Enabled: false + +ClassLength: + Enabled: false + +IfUnlessModifier: + Enabled: false + +RegexpLiteral: + Enabled: false + diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..95ba777 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,18 @@ +language: ruby +cache: + - bundler +install: + - bundle install +rvm: + - 1.9.3 + - 2.0 + - 2.1 +notifications: + email: + recipients: + - mattjones@yieldbot.com + on_success: change + on_failure: always + +script: + - 'bundle exec rake default' diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..f8c9a53 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1 @@ +#### 0.0.1.alpha.1 diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..ba15939 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1 @@ +[Development Documentation](http://sensu-plugins.github.io/development/) diff --git a/Gemfile b/Gemfile new file mode 100644 index 0000000..fa75df1 --- /dev/null +++ b/Gemfile @@ -0,0 +1,3 @@ +source 'https://rubygems.org' + +gemspec diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..6a08171 --- /dev/null +++ b/LICENSE @@ -0,0 +1,22 @@ +Copyright (c) 2015 devops@yieldbot.com + +MIT License + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..aaeb776 --- /dev/null +++ b/README.md @@ -0,0 +1,53 @@ +## Sensu-Plugins-redact + +[![Build Status](https://travis-ci.org/sensu-plugins/sensu-plugins-redact.svg?branch=master)](https://travis-ci.org/sensu-plugins/sensu-plugins-redact) +[![Gem Version](https://badge.fury.io/rb/sensu-plugins-redact.svg)](http://badge.fury.io/rb/sensu-plugins-redact) +[![Code Climate](https://codeclimate.com/github/sensu-plugins/sensu-plugins-redact/badges/gpa.svg)](https://codeclimate.com/github/sensu-plugins/sensu-plugins-redact) +[![Test Coverage](https://codeclimate.com/github/sensu-plugins/sensu-plugins-redact/badges/coverage.svg)](https://codeclimate.com/github/sensu-plugins/sensu-plugins-redact) +[![Dependency Status](https://gemnasium.com/sensu-plugins/sensu-plugins-redact.svg)](https://gemnasium.com/sensu-plugins/sensu-plugins-redact) + +## Functionality + +## Files + * bin/extension-redact + +## Usage + +## Installation + +Add the public key (if you haven’t already) as a trusted certificate + +``` +gem cert --add <(curl -Ls https://raw.githubusercontent.com/sensu-plugins/sensu-plugins.github.io/master/certs/sensu-plugins.pem) +gem install sensu-plugins-redact -P MediumSecurity +``` + +You can also download the key from /certs/ within each repository. + +#### Rubygems + +`gem install sensu-plugins-redact` + +#### Bundler + +Add *sensu-plugins-disk-checks* to your Gemfile and run `bundle install` or `bundle update` + +#### Chef + +Using the Sensu **sensu_gem** LWRP +``` +sensu_gem 'sensu-plugins-redact' do + options('--prerelease') + version '0.0.1' +end +``` + +Using the Chef **gem_package** resource +``` +gem_package 'sensu-plugins-redact' do + options('--prerelease') + version '0.0.1' +end +``` + +## Notes diff --git a/Rakefile b/Rakefile new file mode 100644 index 0000000..5ce0c83 --- /dev/null +++ b/Rakefile @@ -0,0 +1,35 @@ +require 'bundler/gem_tasks' +require 'rspec/core/rake_task' +require 'yard' +require 'github/markup' +require 'rubocop/rake_task' +require 'redcarpet' +require 'yard/rake/yardoc_task' + +desc 'Don\'t run Rubocop for unsupported versions' +begin + if RUBY_VERSION >= '2.0.0' + args = [:spec, :make_bin_executable, :yard, :rubocop] + else + args = [:spec, :make_bin_executable, :yard] + end +end + +YARD::Rake::YardocTask.new do |t| + OTHER_PATHS = %w() + t.files = ['lib/**/*.rb', 'bin/**/*.rb', OTHER_PATHS] + t.options = %w(--markup-provider=redcarpet --markup=markdown --main=README.md --files CHANGELOG.md) +end + +Rubocop::RakeTask.new + +RSpec::Core::RakeTask.new(:spec) do |r| + r.pattern = FileList['**/**/*_spec.rb'] +end + +desc 'Make all plugins executable' +task :make_bin_executable do + `chmod -R +x bin/***/*.rb` +end + +task default: args diff --git a/Vagrantfile b/Vagrantfile new file mode 100644 index 0000000..033525b --- /dev/null +++ b/Vagrantfile @@ -0,0 +1,32 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +VAGRANTFILE_API_VERSION = '2' + +Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| + + config.vm.box = 'chef/centos-6.6' + config.vm.box_download_checksum = true + config.vm.box_download_checksum_type = 'md5' + config.vm.hostname = 'sensu-plugins-dev' + + script = < +# +# Released under the same terms as Sensu (the MIT license); see LICENSE +# for details. + +# #YELLOW +module Sensu::Extension # rubocop:disable Style/ClassAndModuleChildren + class Redact < Mutator + def definition + { + type: 'extension', + name: 'redact' + } + end + + def name + definition[:name] + end + + def description + 'Redacts sensitive information from events' + end + + def run(event_data, settings) + event = JSON.parse(event_data, symbolize_names: true) + # #YELLOW + unless event[:client][:redact] # rubocop:disable UnlessElse + keys = settings['redact'] unless settings['redact'].nil? + keys ||= nil # just so we can pass the variable in to redact_sensitive + else + keys = event[:client][:redact] + end + redacted = redact_sensitive(event, keys) + event = JSON.dump(redacted) + yield(event, 0) + end + + def redact_sensitive(hash, keys = nil) + keys ||= %w( + password passwd pass + api_key api_token + access_key secret_key + private_key secret + ) + hash = hash.dup + hash.each do |key, value| + if keys.include?(key.to_s) + hash[key] = 'REDACTED' + elsif value.is_a?(Hash) + hash[key] = redact_sensitive(value, keys) + end + end + hash + end + end +end diff --git a/certs/sensu-plugins.pem b/certs/sensu-plugins.pem new file mode 100644 index 0000000..955a0e5 --- /dev/null +++ b/certs/sensu-plugins.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIBATANBgkqhkiG9w0BAQUFADBDMRIwEAYDVQQDDAltYXR0 +am9uZXMxGDAWBgoJkiaJk/IsZAEZFgh5aWVsZGJvdDETMBEGCgmSJomT8ixkARkW +A2NvbTAeFw0xNTAxMjgyMTAyNTFaFw0xNjAxMjgyMTAyNTFaMEMxEjAQBgNVBAMM +CW1hdHRqb25lczEYMBYGCgmSJomT8ixkARkWCHlpZWxkYm90MRMwEQYKCZImiZPy +LGQBGRYDY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyTSzVYnO +CLgyrIyT1mBQakArQyW8xhi6MlDqyzXHJGeERT790U6EgoBVeS4XoK0ptFZNR8Tf +zko0w+Nv47TarSCgkPOaxY+mxWnAVR10dOmfeLr7huiMyps+YD56/EF2FqQ3jf/+ +qohENfKD91qy1ieEy+Fn7Pf74ltbNKUdkb9a9eFXQ0DQ4ip5vik7DzjQkUTj4lca +k6ArwnmHX4YDhZoYtrQJ8jVktN0/+NtA40M5qkCYHNe5tUW25b/tKVYuioxG6b2Z +oIzaZxRLxf6HVAWpCVRT/F5+/yjigkX4u++eYacfLGleXQzoK7BL65vHGMJygWEE +0TKGqFOrl/L0AQIDAQABo38wfTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNV +HQ4EFgQUEf6a8Td7MrSZc8ImbLFZAENPbz0wIQYDVR0RBBowGIEWbWF0dGpvbmVz +QHlpZWxkYm90LmNvbTAhBgNVHRIEGjAYgRZtYXR0am9uZXNAeWllbGRib3QuY29t +MA0GCSqGSIb3DQEBBQUAA4IBAQBbzXAYA3BVGw8DZ0YYoY1VHPNEcH5qPIApmHO8 +rvSmuUT0yMEi7u00H/5uHRFf4LleGT/+sTdyXKsNPGT9kdRuQEgwi+vf7Zfvd8aX +UF/+4VkEYf/8rV8Ere6u2QaWPgApdMV6JjKr1fAwCTd8AuGXNaWItiPPMseSQzLJ +JKP4hVvbc1d+oS925B1lcBiqn2aYvElbyNAVmQPywNNqkWmvtlqj9ZVJfV5HQLdu +8sHuVruarogxxKPBzlL2is4EUb6oN/RdpGx2l4254+nyR+abg//Ed27Ym0PkB4lk +HP0m8WSjZmFr109pE/sVsM5jtOCvogyujQOjNVGN4gz1wwPr +-----END CERTIFICATE----- diff --git a/lib/sensu-plugins-redact.rb b/lib/sensu-plugins-redact.rb new file mode 100644 index 0000000..5302986 --- /dev/null +++ b/lib/sensu-plugins-redact.rb @@ -0,0 +1,7 @@ +# +# Set gem version +# +module SensuPluginsRedact + # Gem version + VERSION = '0.0.1.alpha.1' +end diff --git a/sensu-plugins-redact.gemspec b/sensu-plugins-redact.gemspec new file mode 100644 index 0000000..a569f5f --- /dev/null +++ b/sensu-plugins-redact.gemspec @@ -0,0 +1,46 @@ +lib = File.expand_path('../lib', __FILE__) +$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib) + +require 'date' + + +if RUBY_VERSION < '2.0.0' + require 'sensu-plugins-redact' +else + require_relative 'lib/sensu-plugins-redact' +end + +pvt_key = '~/.ssh/gem-private_key.pem' + +Gem::Specification.new do |s| + s.name = 'sensu-plugins-redact' + s.version = SensuPluginsRedact::VERSION + s.authors = ["Yieldbot, Inc. and contributors"] + s.email = '' + s.homepage = 'https://github.com/sensu-plugins/sensu-plugins-redact' + s.summary = '' + s.description = '' + s.license = 'MIT' + s.date = Date.today.to_s + s.files = Dir.glob('{bin,lib}/**/*') + %w(LICENSE README.md CHANGELOG.md) + s.executables = s.files.grep(%r{^bin/}) { |f| File.basename(f) } + s.test_files = s.files.grep(%r{^(test|spec|features)/}) + s.require_paths = ["lib"] + s.cert_chain = ["certs/sensu-plugins.pem"] + s.signing_key = File.expand_path(pvt_key) if $PROGRAM_NAME =~ /gem\z/ + s.platform = Gem::Platform::RUBY + s.required_ruby_version = '>= 1.9.3' + + + s.add_runtime_dependency 'sensu-plugin' + + s.add_development_dependency 'codeclimate-test-reporter' + s.add_development_dependency 'rubocop', '~> 0.17.0' + s.add_development_dependency 'rspec', '~> 3.1' + s.add_development_dependency 'bundler', '~> 1.7' + s.add_development_dependency 'rake', '~> 10.0' + s.add_development_dependency 'github-markup' + s.add_development_dependency 'redcarpet' + s.add_development_dependency 'yard' + s.add_development_dependency 'pry' +end diff --git a/test/spec_helper.rb b/test/spec_helper.rb new file mode 100644 index 0000000..9797982 --- /dev/null +++ b/test/spec_helper.rb @@ -0,0 +1,2 @@ +require 'codeclimate-test-reporter' +CodeClimate::TestReporter.start