[eyaml] Add eyaml support

Gemfile

@@ -1,3 +1,4 @@
 source 'https://rubygems.org'
 gem 'rspec'
+gem 'hiera-eyaml'
 gem 'lookup_http'

README.md

@@ -106,6 +106,33 @@ The following are optional configuration parameters supported in the `options` h
 
 `headers:`: Hash of headers to send in the request
 
+#### eyaml support
+
+`eyaml:`: When set to true, enable eyaml support (default: false)
+
+`eyaml_options`: Specify a eyaml options
+
+```yaml
+---
+
+version: 5
+
+hierarchy:
+  - name: "Hiera-HTTP lookup"
+    lookup_key: hiera_http
+    uris:
+      - http://localhost:5984/host/%{trusted.certname}
+      - http://localhost:5984/dc/%{facts.location}
+      - http://localhost:5984/role/%{facts.role}
+    options:
+      output: json
+      ignore_404: true
+      eyaml: true
+      eyaml_options:
+        pkcs7_private_key: /etc/puppetlabs/puppet/keys/private_key.pkcs7.pem
+        pkcs7_public_key: /etc/puppetlabs/puppet/keys/public_key.pkcs7.pem
+```
+
 ### Interpolating special tags
 
 Previous versions of this backed allowed the use of variables such as `%{key}` and `%{calling_module}` to be used in the URL, this has changed with Hiera 5. To allow for similar behaviour you can use a number of tags surrounded by `__` to interpolate special variables derived from the key into the `uri` or `uris` option in hiera.yaml. Currently you can interpolate `__KEY__`, `__MODULE__`, `__CLASS__` and `__PARAMETER__`, these tags are derived from parsing the original lookup key.

lib/puppet/functions/hiera_http.rb

@@ -6,6 +6,14 @@
   rescue LoadError => e
     raise Puppet::DataBinding::LookupError, "Must install lookup_http gem to use hiera-http"
   end
+  begin
+    require 'hiera/backend/eyaml/encryptor'
+    require 'hiera/backend/eyaml/utils'
+    require 'hiera/backend/eyaml/options'
+    require 'hiera/backend/eyaml/parser/parser'
+  rescue LoadError => e
+    raise Puppet::DataBinding::LookupError, "Must install hiera-eyaml gem to use hiera-http"
+  end
   require 'uri'
 
   dispatch :lookup_key do
@@ -35,11 +43,39 @@ def lookup_key(key, options, context)
       context.not_found
       return nil
     else
-      return context.interpolate(answer)
+      result = context.interpolate(answer)
+      if options['eyaml']
+        result = decrypt(result, key, options)
+      end
+      return result
     end
 
   end
 
+  def decrypt(result, key, options)
+    if result.is_a?(Hash)
+      result.each do |k, v|
+        result[k] = decrypt(v, "#{key}/#{k}", options)
+      end
+    elsif result.is_a?(Array)
+      result.each_with_index do |v, i|
+        result[i] = decrypt(v, "#{key}[#{i}]", options)
+      end
+    elsif result.is_a?(String)
+      if /.*ENC\[.*\]/ =~ result
+        Hiera::Backend::Eyaml::Options.set(options['eyaml_options'])
+        begin
+          tokens = Hiera::Backend::Eyaml::Parser::ParserFactory.hiera_backend_parser.parse(result)
+          result = tokens.map(&:to_plain_text).join.chomp
+        rescue StandardError => ex
+          raise Puppet::DataBinding::LookupError,
+            _("hiera-eyaml backend error decrypting %{data} when looking up %{key} in %{path}. Error was %{message}") % { data: result, key: key, path: options['path'], message: ex.message }
+        end
+      end
+    end
+    return result
+  end
+
   def return_answer(result, key, options)
 
     # dig defaults to true, dig_key defaults to the value of the 
@@ -147,6 +183,8 @@ def lookup_supported_params
       :use_auth,
       :auth_user,
       :auth_pass,
+      :eyaml,
+      :eyaml_options
     ]
   end
 end