configuration_service-provider-vault 2.0.0 → 2.0.1
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 308555a5fbb41084a4993fff7e606b0d3ecaaa94
|
4
|
+
data.tar.gz: f31b038011e7af7e90e440f27357a7e3a6f715f0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a3a365096aa3acd90582d00b5496124e7657703a73ff711651736f10059710f57225731d73e1a5164967d3db292e3e12523cc77e2ecf79f9503c79a6cdf130b1
|
7
|
+
data.tar.gz: 42f59961c487c15e69ad9b6e618a7f7b5b8286b71876532e999602a43f80afb42f66f931c5dd2fd7126293e5b4221edc64abeb844755324c917e2f90df698675
|
data/README.md
CHANGED
@@ -21,11 +21,8 @@ require 'bundler'
|
|
21
21
|
Bundler.require(:default)
|
22
22
|
|
23
23
|
service = ConfigurationService::Factory::EnvironmentContext.create
|
24
|
-
|
25
|
-
|
26
|
-
else
|
27
|
-
raise "configuration not found"
|
28
|
-
end
|
24
|
+
configuraton = service.request_configuration
|
25
|
+
AcmeApplication.new(configuration.data).run
|
29
26
|
```
|
30
27
|
|
31
28
|
This relies on a [bundler](http://bundler.io) Gemfile to provide the
|
@@ -69,9 +66,5 @@ service = ConfigurationService.new(
|
|
69
66
|
address: "http://127.0.0.1:8200"
|
70
67
|
)
|
71
68
|
)
|
72
|
-
|
73
|
-
|
74
|
-
else
|
75
|
-
raise "configuration not found"
|
76
|
-
end
|
77
|
-
```
|
69
|
+
configuraton = service.request_configuration
|
70
|
+
AcmeApplication.new(configuration.data).run
|
@@ -9,12 +9,25 @@ module ConfigurationService
|
|
9
9
|
|
10
10
|
module Provider
|
11
11
|
|
12
|
+
##
|
13
|
+
# Vault provider for the configuration service
|
14
|
+
#
|
15
|
+
# Instances of this class are intended to be composed into a ConfigurationService::Base,
|
16
|
+
# usually by a ConfigurationService::Factory.
|
17
|
+
#
|
12
18
|
class Vault
|
13
19
|
|
14
20
|
def initialize(address:)
|
15
21
|
@vault = ::Vault::Client.new(address: address)
|
16
22
|
end
|
17
23
|
|
24
|
+
##
|
25
|
+
# Request configuration from Vault
|
26
|
+
#
|
27
|
+
# The Vault secret path is composed by IndexHelper, using the +identifier+ and the string "latest".
|
28
|
+
#
|
29
|
+
# See #publish_configuration.
|
30
|
+
#
|
18
31
|
def request_configuration(identifier, token)
|
19
32
|
authenticate(token)
|
20
33
|
|
@@ -29,6 +42,18 @@ module ConfigurationService
|
|
29
42
|
end
|
30
43
|
end
|
31
44
|
|
45
|
+
##
|
46
|
+
# Publish configuration to Vault
|
47
|
+
#
|
48
|
+
# The configuration is written to a Vault path composed by IndexHelper, using the configuration's
|
49
|
+
# +identifier+ and metadata +revision+ as the path. That path is then written to another path,
|
50
|
+
# also composed by IndexHelper, using +identifier+ and the string "latest".
|
51
|
+
#
|
52
|
+
# This allows the current configuration to always be retrieved from a predictable path in Vault,
|
53
|
+
# but preserves revision history of configuration.
|
54
|
+
#
|
55
|
+
# TODO make revision history queryable (blocked by https://github.com/hashicorp/vault/issues/111)
|
56
|
+
#
|
32
57
|
def publish_configuration(configuration, token)
|
33
58
|
authenticate(token)
|
34
59
|
|
@@ -43,10 +68,6 @@ module ConfigurationService
|
|
43
68
|
end
|
44
69
|
end
|
45
70
|
|
46
|
-
def key(identifier)
|
47
|
-
self.class.key(identifier)
|
48
|
-
end
|
49
|
-
|
50
71
|
private
|
51
72
|
|
52
73
|
# We explicitly disallow a nil token to defeat ::Vault::Client's default behaviour
|
@@ -4,14 +4,34 @@ module ConfigurationService
|
|
4
4
|
|
5
5
|
class Vault
|
6
6
|
|
7
|
+
##
|
8
|
+
# Utility module for creating Vault paths
|
9
|
+
#
|
10
|
+
# The module supports:
|
11
|
+
#
|
12
|
+
# * versioning paths to support backward-incompatible changes to the
|
13
|
+
# pathing and data schemes;
|
14
|
+
# * composing the configuration identifier into the path, and
|
15
|
+
# * composing a revision (or "latest") into the path, to support
|
16
|
+
# revision history.
|
17
|
+
#
|
7
18
|
module IndexHelper
|
8
19
|
|
9
|
-
PREFIX = "secret/config/v1"
|
20
|
+
PREFIX = "secret/config/v1" unless defined?(PREFIX)
|
10
21
|
|
22
|
+
##
|
23
|
+
# Returns the path for the given +revision+ of +identifier+
|
24
|
+
#
|
11
25
|
def self.index(identifier, revision = "latest")
|
12
26
|
"#{policy_index(identifier)}/#{revision}"
|
13
27
|
end
|
14
28
|
|
29
|
+
##
|
30
|
+
# Returns the policy path for the given +identifier+
|
31
|
+
#
|
32
|
+
# Since policies must apply to all revisions of the identified configuration,
|
33
|
+
# the policy path is necessarily broad.
|
34
|
+
#
|
15
35
|
def self.policy_index(identifier)
|
16
36
|
"#{PREFIX}/#{identifier}"
|
17
37
|
end
|