configuration_service-provider-vault 2.0.11 → 2.0.12
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gemspec +2 -0
- data/.gitignore +1 -0
- data/.travis.yml +15 -2
- data/Rakefile +16 -55
- data/bin/start-dev-server.sh +20 -0
- data/bin/stop-dev-server.sh +4 -0
- data/fixtures/ssl/ca-chain.cert.pem +71 -0
- data/fixtures/ssl/localhost.cert.pem +41 -0
- data/fixtures/ssl/localhost.key.pem +51 -0
- data/fixtures/vault.d/configuration.json +16 -0
- data/lib/configuration_service/provider/vault.rb +8 -1
- data/lib/configuration_service/provider/vault/version.rb +1 -1
- data/lib/configuration_service/test/vault_admin_client.rb +5 -3
- data/lib/configuration_service/test/vault_orchestration_provider.rb +3 -3
- metadata +26 -20
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: eec3721da8adb644965322492bdb6d4b732e262d
|
4
|
+
data.tar.gz: 8cbc4d28b57ddb179ae85fdd6e66d433533b6e93
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 910f0639b50b61d0c5411add59b4e5637d20b1a523b568b0ea144a6152715f977c8938a507507d5c93f830dffdfd6f57fade9f99468209214f465a9aa919ac34
|
7
|
+
data.tar.gz: 4f48469e23fcec927342e4649ad72143bf650d5975d1f7cb75396cb72f6b7d621c36e30cf873b396507d88f134c9436ca30c2dabdc1640b983355d3029085754
|
data/.gemspec
CHANGED
@@ -18,6 +18,8 @@ Gem::Specification.new do |spec|
|
|
18
18
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
19
19
|
spec.require_paths = ["lib"]
|
20
20
|
|
21
|
+
spec.required_ruby_version = '>= 2.0'
|
22
|
+
|
21
23
|
spec.add_dependency "vault", "~> 0.2"
|
22
24
|
spec.add_dependency "configuration_service", "~> 2.0.5"
|
23
25
|
spec.add_development_dependency "bundler", "~> 1.7"
|
data/.gitignore
CHANGED
data/.travis.yml
CHANGED
@@ -1,9 +1,22 @@
|
|
1
|
+
---
|
1
2
|
language: ruby
|
2
3
|
rvm:
|
3
|
-
- 2.0.0
|
4
|
-
- 2.
|
4
|
+
- ruby-2.0.0
|
5
|
+
- ruby-2.3.0
|
6
|
+
- jruby-9.0.4.0
|
5
7
|
before_install:
|
8
|
+
- r=$(rvm current)
|
9
|
+
- v=${r#*-}; v=${v%-clang}
|
10
|
+
- p=${r%%-*}
|
11
|
+
- if [ "$p" = "ruby" ]; then rebuild=true; fi
|
12
|
+
- if [ -n "$rebuild" ]; then git clone https://github.com/openssl/openssl.git; fi
|
13
|
+
- if [ -n "$rebuild" ]; then (cd openssl && git checkout OpenSSL_1_0_1n); fi
|
14
|
+
- if [ -n "$rebuild" ]; then (cd openssl && ./config -fPIC --prefix=/usr/local/ssl shared && make && sudo make install) >/dev/null; fi
|
15
|
+
- if [ -n "$rebuild" ]; then git clone https://github.com/rbenv/ruby-build.git; fi
|
16
|
+
- if [ -n "$rebuild" ]; then (cd ruby-build && sudo ./install.sh); fi
|
17
|
+
- if [ -n "$rebuild" ]; then RUBY_CONFIGURE_OPTS=--with-openssl-dir=/usr/local/ssl ruby-build $v ~/.rvm/rubies/$r; fi
|
6
18
|
- rm -f vault_0.3.1_linux_amd64.zip
|
7
19
|
- wget https://dl.bintray.com/mitchellh/vault/vault_0.3.1_linux_amd64.zip
|
8
20
|
- unzip vault_0.3.1_linux_amd64.zip
|
9
21
|
- sudo mv vault /usr/local/bin/
|
22
|
+
- gem install bundler
|
data/Rakefile
CHANGED
@@ -1,3 +1,4 @@
|
|
1
|
+
require "open3"
|
1
2
|
require "bundler/gem_tasks"
|
2
3
|
|
3
4
|
task :default => :test
|
@@ -12,6 +13,16 @@ task :test do
|
|
12
13
|
end
|
13
14
|
end
|
14
15
|
|
16
|
+
desc "Just fire up and tear down a vault server"
|
17
|
+
task :scramble do
|
18
|
+
if File.exists?("#{ENV["HOME"]}/.vault-token")
|
19
|
+
raise "cannot test with ~/.vault-token present"
|
20
|
+
end
|
21
|
+
with_devserver do
|
22
|
+
$stderr.puts "DEBUG: doing nothing..."
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
15
26
|
desc "Run cucumber without starting a Vault development server"
|
16
27
|
task :just_test do
|
17
28
|
gem = Gem::Specification.find_by_name("configuration_service")
|
@@ -21,64 +32,14 @@ task :just_test do
|
|
21
32
|
end
|
22
33
|
|
23
34
|
def with_devserver
|
24
|
-
|
25
|
-
|
26
|
-
|
35
|
+
ENV["VAULT_TOKEN"] = %x[bin/start-dev-server.sh].chomp
|
36
|
+
ENV["VAULT_ADDR"] = "https://127.0.0.1:8200"
|
37
|
+
ENV["VAULT_CACERT"] = "fixtures/ssl/ca-chain.cert.pem"
|
38
|
+
raise "Could not start vault dev server" unless $?.success?
|
27
39
|
begin
|
28
40
|
yield
|
29
41
|
ensure
|
30
|
-
|
42
|
+
system("bin/stop-dev-server.sh")
|
31
43
|
end
|
32
44
|
end
|
33
45
|
|
34
|
-
def assert_no_vault_server
|
35
|
-
require "socket"
|
36
|
-
|
37
|
-
begin
|
38
|
-
Socket.tcp('127.0.0.1', 8200).close
|
39
|
-
raise "can't start devserver; localhost already listening on TCP port 8200"
|
40
|
-
rescue Errno::ECONNREFUSED
|
41
|
-
end
|
42
|
-
end
|
43
|
-
|
44
|
-
def devserver_start
|
45
|
-
require "open3"
|
46
|
-
|
47
|
-
channel, notify = IO.pipe
|
48
|
-
|
49
|
-
fork do
|
50
|
-
channel.close
|
51
|
-
begin
|
52
|
-
_, stdout, _, wait_thr = Open3.popen3("vault server -dev")
|
53
|
-
rescue
|
54
|
-
notify.puts("Process.exit(0)")
|
55
|
-
raise
|
56
|
-
end
|
57
|
-
|
58
|
-
vault_pid = wait_thr[:pid]
|
59
|
-
notify.puts("ENV['VAULT_PID']='#{vault_pid}'")
|
60
|
-
while line = stdout.gets
|
61
|
-
line.chomp!
|
62
|
-
if line =~ /export VAULT_ADDR='([^']+)'/
|
63
|
-
notify.puts("ENV['VAULT_ADDR']='#{$1}'")
|
64
|
-
elsif line =~ /^Root Token: (.+)/
|
65
|
-
notify.puts("ENV['VAULT_TOKEN']='#{$1}'")
|
66
|
-
notify.close
|
67
|
-
break
|
68
|
-
end
|
69
|
-
end
|
70
|
-
Process.detach(vault_pid)
|
71
|
-
Process.exit(0)
|
72
|
-
end
|
73
|
-
|
74
|
-
notify.close
|
75
|
-
while line = channel.gets
|
76
|
-
line.chomp!
|
77
|
-
eval line
|
78
|
-
end
|
79
|
-
%w[VAULT_PID VAULT_ADDR VAULT_TOKEN].each { |s| $stderr.puts "export #{s}='#{ENV[s]}'" }
|
80
|
-
end
|
81
|
-
|
82
|
-
def devserver_stop
|
83
|
-
Process.kill("TERM", ENV['VAULT_PID'].to_i)
|
84
|
-
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
#!/bin/sh -e
|
2
|
+
|
3
|
+
vault server -config fixtures/vault.d/configuration.json 1>&2 &
|
4
|
+
pid=$!
|
5
|
+
echo $pid > fixtures/vault.pid
|
6
|
+
|
7
|
+
while ! nc -z 127.0.0.1 8200; do
|
8
|
+
sleep 1
|
9
|
+
done
|
10
|
+
|
11
|
+
init=$(vault init -ca-cert fixtures/ssl/ca-chain.cert.pem -key-shares=1 -key-threshold=1)
|
12
|
+
# Key 1: 3635ffc636e58cd594b588084b599d661487c77d21eed2d5de048898474fac84
|
13
|
+
# Initial Root Token: 3c5bece4-c521-0334-2d01-81e91791fe85
|
14
|
+
|
15
|
+
key=$(echo "$init" | sed -ne 's/^Key 1: \(.*\)$/\1/p')
|
16
|
+
token=$(echo "$init" | sed -ne 's/^Initial Root Token: \(.*\)$/\1/p')
|
17
|
+
|
18
|
+
vault unseal -ca-cert fixtures/ssl/ca-chain.cert.pem $key 1>&2
|
19
|
+
|
20
|
+
echo $token
|
@@ -0,0 +1,71 @@
|
|
1
|
+
-----BEGIN CERTIFICATE-----
|
2
|
+
MIIGITCCBAmgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgaUxCzAJBgNVBAYTAlpB
|
3
|
+
MRUwEwYDVQQIDAxXZXN0ZXJuIENhcGUxEjAQBgNVBAcMCUNhcGUgVG93bjEYMBYG
|
4
|
+
A1UECgwPSGV0em5lciBQVFkgTHRkMS4wLAYDVQQLDCVIZXR6bmVyIFBUWSBMdGQg
|
5
|
+
Q2VydGlmaWNhdGUgQXV0aG9yaXR5MSEwHwYDVQQDDBg6SGV0em5lciBQVFkgTHRk
|
6
|
+
IFJvb3QgQ0EwHhcNMTYwMjA0MTQ1MTM3WhcNMjYwMjAxMTQ1MTM3WjCBmDELMAkG
|
7
|
+
A1UEBhMCWkExFTATBgNVBAgMDFdlc3Rlcm4gQ2FwZTEYMBYGA1UECgwPSGV0em5l
|
8
|
+
ciBQVFkgTHRkMS4wLAYDVQQLDCVIZXR6bmVyIFBUWSBMdGQgQ2VydGlmaWNhdGUg
|
9
|
+
QXV0aG9yaXR5MSgwJgYDVQQDDB9IZXR6bmVyIFBUWSBMdGQgSW50ZXJtZWRpYXRl
|
10
|
+
IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA9iuD7qiNE4E5X1ja
|
11
|
+
QVBmv3d9J+SkRjdOPKxaxNY6RAHa7kksZkuTIb1oa1Ik/T6U2NCZbsg7maNwfxOm
|
12
|
+
ewHnpeN6a0RtsTlp/PO/ev3CfULqA0OGDa6Um4bzHclPIfkzKIqMhKSjQ8FIQZln
|
13
|
+
1J8lVImRUkQYukUYvDFm6850hISs0f4dDNIqep5Vog7Roj92bnQ1CnPF/zJ6r+PQ
|
14
|
+
AwqUTk45Ht5q6ebEdWA6NhWjmBWWfKpt+TnOTTT6cYFxI04cOv99qgqhHdArQa9w
|
15
|
+
4HWo5lt3MckkkUJMtOhBICN0i7OCODj2RxTtOVRMBDzDg3KJH97T++lR6rvefPzj
|
16
|
+
nczP7a/GKQt19h7DD9N9oTAi4I31bYwLQhL77mnIdlqR7ZZxcRgQe9OZcpOGoNqA
|
17
|
+
lUio3DX1fjO0aQ12HG2KElD1GvOezFsJOADNE9BH0yhs+XKSNTzCX8Gn1OyvStFE
|
18
|
+
U9Qx0USs5r0ZuzwKJzMfueHv6848qCZqYrR1NezdJyub+xWnc+tjl5wdeCyOv7Cj
|
19
|
+
ivT1n2oyBDK/MwSlrDMZS88CNUAGLS5xV3CAZW49FfuQ5nx943T74QU1gw3yInnL
|
20
|
+
k6VuZ+djNxMQL4Lt72HdJnzt/+9upcU1YrTjDWmUGFKepE0esHBRsB3jmhVGqRuN
|
21
|
+
x5kpAsGS05viwMCsKyXJhFk0NtsCAwEAAaNmMGQwHQYDVR0OBBYEFMnYN4t8kJ9l
|
22
|
+
fZ8URkzkw2Q+Fco6MB8GA1UdIwQYMBaAFEmLx8tSTjPPxgRXaAekVbOHQIYJMBIG
|
23
|
+
A1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUA
|
24
|
+
A4ICAQAs6iD73Glj244NQ2qJwYPBTW8meML4iLB/zE10y1Q5Rumgme6Lil/5o2Xy
|
25
|
+
iRSAgpvcncxOWOiHv855hlCMFuUly9nRRfEe84Z2G/t8YrPxrLlLEj5hFfhuGh1t
|
26
|
+
77Bryq7jGjG05P7HyE5gNIfzm+Q5KqNt8xgm949VemBre4akRSOudfp9sC98nB0L
|
27
|
+
5mMvyhjIc9HC9PgZeKZVEKlCl75LK7yxOWDX1L+vv5ZmjOeF4srQnYyMBd280h68
|
28
|
+
PYyqws7S1afCj0A274xqEaKtBx+WP5CEjeEjJWgCaRAcCSAd0T+IX0XpN2nwub9L
|
29
|
+
gxCPTlDPaoXKt+Vu1SjQyWs0U1igMA+XOlQqExvbGOo2+i4Cp06EUrCofIT/dDM4
|
30
|
+
SCy8FshbhMiSSMW4Uf4cmpWfD/kVSvm3WDtlbDO+ZOX8gLvB2uvgtfyzvZsF6Qbq
|
31
|
+
1+9WZy5x/VwJXGAHj4Hl9QpcqWEIqgjUN1ltzxSSsQC6KxByQWerziTpHt2yX+31
|
32
|
+
rm0fQ8uUvil2KfK+RI8rotmb/VpBNBcbXHvBNkAecYBfJT88S4mN84NEP1lIQ2OO
|
33
|
+
Kb2xL0wgYLUKmrFAS5+psTRqNZGG9ndZtHWBfEa4hZsDGLyyeDYWkXvNcVmAAYHz
|
34
|
+
2Fk/KPXYeJ9/ZqLSaPoIgHZLjs/uGOQ06BP79NIyI5FyMwsOeg==
|
35
|
+
-----END CERTIFICATE-----
|
36
|
+
-----BEGIN CERTIFICATE-----
|
37
|
+
MIIGMjCCBBqgAwIBAgIJAIPECGxEZLbHMA0GCSqGSIb3DQEBCwUAMIGlMQswCQYD
|
38
|
+
VQQGEwJaQTEVMBMGA1UECAwMV2VzdGVybiBDYXBlMRIwEAYDVQQHDAlDYXBlIFRv
|
39
|
+
d24xGDAWBgNVBAoMD0hldHpuZXIgUFRZIEx0ZDEuMCwGA1UECwwlSGV0em5lciBQ
|
40
|
+
VFkgTHRkIENlcnRpZmljYXRlIEF1dGhvcml0eTEhMB8GA1UEAwwYOkhldHpuZXIg
|
41
|
+
UFRZIEx0ZCBSb290IENBMB4XDTE2MDIwNDE0NTAwM1oXDTM2MDEzMDE0NTAwM1ow
|
42
|
+
gaUxCzAJBgNVBAYTAlpBMRUwEwYDVQQIDAxXZXN0ZXJuIENhcGUxEjAQBgNVBAcM
|
43
|
+
CUNhcGUgVG93bjEYMBYGA1UECgwPSGV0em5lciBQVFkgTHRkMS4wLAYDVQQLDCVI
|
44
|
+
ZXR6bmVyIFBUWSBMdGQgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSEwHwYDVQQDDBg6
|
45
|
+
SGV0em5lciBQVFkgTHRkIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
|
46
|
+
ggIKAoICAQDPdYR521NrO6ccGxSCHUukafstCJXKcOKQYSEPMUjlB6r3EwkgUGL9
|
47
|
+
h8IdAqQiSvZLtTPpaPVabiA6E1bHYq4NRdqvkUFfJdRQazSEFdYkW4h+koSn/Pyu
|
48
|
+
f4qtgf7XyVsd/ZPizmoOB7eYFpycG+YKfRm7wPTwGuVQDlkOG2H20v1UJ3cKybja
|
49
|
+
NAuNGdivVIvmC+2uL692O9/dIMHSJ4Jzy2Bzs4fLfzo8NVIjCBKXpItx50Bl+UUu
|
50
|
+
ob3XNYe/2Gcxibp9KVqC7fxVOO2/pSmNpA3mR+ghfnuG9BtfXvUxcogV6GYfX7Ou
|
51
|
+
iDJ4H3kwLUxjKzEApHuZvq5Pu9RkIcMn8fQ48BGxD0cblv4RY1T1uV7oxq4eLmco
|
52
|
+
QFU8DjEC40CwYjnotprQUIlGHsix1hNfcD+4zcM9ua1OXVspmvv0CFxBGg3Zvreu
|
53
|
+
RCQbkpfQCj8GnTwOUY9Nk1NyDcOD06+aDau6s8swFbUTaEPeFDD5hamx9jQuo3fp
|
54
|
+
swDlgExSHw1jJgoZ6Iceo9QY1tY6AaWY/HA1LlBhtR0qXitIpqtAwB5GW3QddKZL
|
55
|
+
tfuLrPlnhU+gn7rj92w/lcKjepxcNp7xyHKwGnGM9ipys9yZkRKBXYSUCfdet2v0
|
56
|
+
4j8SBXgxyN65vyKzjdjJe1SszTunnILD451NdznsNtwCYA4I+I+RZwIDAQABo2Mw
|
57
|
+
YTAdBgNVHQ4EFgQUSYvHy1JOM8/GBFdoB6RVs4dAhgkwHwYDVR0jBBgwFoAUSYvH
|
58
|
+
y1JOM8/GBFdoB6RVs4dAhgkwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
|
59
|
+
AYYwDQYJKoZIhvcNAQELBQADggIBABXm8BnNAYqztRCjp+7N9G1aYDvJojetN6j+
|
60
|
+
e/E7XBadhIJmKOVd0U5XHbj/Cqov0zidZJ5iQG8HIwWIp6MDTaJP6t7QEko9mtkI
|
61
|
+
ZYw2G1GkvRcA+mxzkw01blfDr9SA29wZf0IDuOgi4oVMvnm+GKdgVMovTilyVYX8
|
62
|
+
5QSUPdF6UJbXEfNSKgzDZJQcTsdrJhBwLkgUoa/X+5JXOy/q+dUm302jDk9jn9+k
|
63
|
+
PfX+0uHAVmNf6Y+Ra1zpZ8xseGOujdoGiLO/2K16+J/5bb/51Tx47CLrNRC5j/jG
|
64
|
+
AdbGWg1tUUN0ctQopYYNA4tprkXfBLRvQYt5uA09nn9eKI2isyld2Eha09tXsoVv
|
65
|
+
uouIO7jvcoZk0sUOAs5L2zA5uT8FTylYInr++dHBZuc81SWPI+0GOUK/SIOLerGD
|
66
|
+
5+oMocum6+Qo/PpZhw48Awf3Qy8nFFXpn4dngWoLXWlMMEpWEFIDS5B051tZvViV
|
67
|
+
rh3c8goozIIpEeXvxHp42ICBcjw7QLMYviBv2/WcItrrQbviAagxBEhiwZC6jrw5
|
68
|
+
gXEcsfuCjc0n+XE/9Tw2aJphWyyXMSvZC46MO3MHG7s5Wlpu205k6yrEb8XryWBG
|
69
|
+
q0xrZ0afHa4FM3oRxhSgonYQuX4K/aIdT1qzUrf/69jMgbGbnPo5xFS54I7+JtkZ
|
70
|
+
iP9EjJlQ
|
71
|
+
-----END CERTIFICATE-----
|
@@ -0,0 +1,41 @@
|
|
1
|
+
-----BEGIN CERTIFICATE-----
|
2
|
+
MIIHMzCCBRugAwIBAgICEAYwDQYJKoZIhvcNAQELBQAwgZgxCzAJBgNVBAYTAlpB
|
3
|
+
MRUwEwYDVQQIDAxXZXN0ZXJuIENhcGUxGDAWBgNVBAoMD0hldHpuZXIgUFRZIEx0
|
4
|
+
ZDEuMCwGA1UECwwlSGV0em5lciBQVFkgTHRkIENlcnRpZmljYXRlIEF1dGhvcml0
|
5
|
+
eTEoMCYGA1UEAwwfSGV0em5lciBQVFkgTHRkIEludGVybWVkaWF0ZSBDQTAeFw0x
|
6
|
+
NjAyMDYwNzM4MzRaFw0xOTAyMDUwNzM4MzRaMGYxCzAJBgNVBAYTAlpBMRUwEwYD
|
7
|
+
VQQIDAxXZXN0ZXJuIENhcGUxEjAQBgNVBAcMCUNhcGUgVG93bjEYMBYGA1UECgwP
|
8
|
+
SGV0em5lciBQVFkgTHRkMRIwEAYDVQQDDAlsb2NhbGhvc3QwggIiMA0GCSqGSIb3
|
9
|
+
DQEBAQUAA4ICDwAwggIKAoICAQDgg2W2IhdqdSreSP39MK5aayGHMVl944LNa4BY
|
10
|
+
ahTwi2AT8AgYDvQxByr+j9dzLr7qmMbFtTqFDr/YFIKxaIqpkfWKamrkhqI9n3ZL
|
11
|
+
pBMN5PQ3/rKNy60EzCQeJNl/XbsFsgA1Kyd8DhbFeAHYB4TTxCXACFsukJIRehLP
|
12
|
+
0sdasAnvjMUXzhOfusq0YU8iGBP14yFQqH0/YWTBrrIiSusu/0Ktb2RaCcYu35sd
|
13
|
+
pjQhqmpqnW4uR1swF0zZyYB89T0Kj69SdgATIdPs3O7LCKCZLG+pD0xBmcveZAlL
|
14
|
+
e/GUmjHMYI1TDlODDOfpvonJazC5AElJI24jmBbUKlwwDyhkDXRpPkkgmVmLQBy0
|
15
|
+
UY4zw2FXyrpEqrO97Di4ZwBmfiiVaMW8eWXQsf0ROBV0m7lUBlw1VLKvWgpT8pgX
|
16
|
+
WwmZ6xDWOxPJ4bifWFiTa79KzMLxQv+O29pfaUlLUnoSkyaeMYhGVYKepWkUSrvG
|
17
|
+
7ABNBgd1iNCZer8kDe4rYWnhhfgN/RoRJd77vRVTbIhGd6YOB88tdLHGKgjr89fc
|
18
|
+
zAurd/qJ3XsNHa/pNF09/YK9dbREErYkVloJEqH7UtQx+cWrlrBiDjnK9hV3HvuZ
|
19
|
+
0GxR3KlNB5UjZArnUPNgtCsZxcA0D8o7eHMRh7QQgV8CPI6xCsNy9fHLPzXcGgGL
|
20
|
+
gtOIDwIDAQABo4IBtjCCAbIwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAw
|
21
|
+
MwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVkIFNlcnZlciBDZXJ0aWZp
|
22
|
+
Y2F0ZTAdBgNVHQ4EFgQUiNbH+6oNwexJZ64b04Cf7aR+tvMwgdMGA1UdIwSByzCB
|
23
|
+
yIAUydg3i3yQn2V9nxRGTOTDZD4VyjqhgaukgagwgaUxCzAJBgNVBAYTAlpBMRUw
|
24
|
+
EwYDVQQIDAxXZXN0ZXJuIENhcGUxEjAQBgNVBAcMCUNhcGUgVG93bjEYMBYGA1UE
|
25
|
+
CgwPSGV0em5lciBQVFkgTHRkMS4wLAYDVQQLDCVIZXR6bmVyIFBUWSBMdGQgQ2Vy
|
26
|
+
dGlmaWNhdGUgQXV0aG9yaXR5MSEwHwYDVQQDDBg6SGV0em5lciBQVFkgTHRkIFJv
|
27
|
+
b3QgQ0GCAhAAMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATBD
|
28
|
+
BgNVHREEPDA6gglsb2NhbGhvc3SCFWxvY2FsaG9zdC5sb2NhbGRvbWFpbocEfwAA
|
29
|
+
AYcQAAAAAAAAAAAAAAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAgEAzuMx9N9li+3d
|
30
|
+
JU1e3LSsQ4DqpVYIoFjJ0q7HkyzLZME51O+WuGJwIufEVWykwxtbNbHX6DfGHf+M
|
31
|
+
BF7DGxaza8UKQvv5P9DeIfGhvJtczARENVpqwKnR+Ior1UGv+QNVLDblXCLLqn08
|
32
|
+
EmHdof6BRoyas3IboWV7fIbUPMhMEO2NBcuULFs4NcqTYdyAyID9yz3a4+63dqZq
|
33
|
+
uYCaFDViRshjtqnmnWQtWnUx9miP8PEnBWNUSIeXnAa8HhN2HWWuL+4pp5j6UOZt
|
34
|
+
BcdtvS8ho/6vgxrA4YZNkhg+3wjJLvuKKZGhtqG7ZaD3nohOFIQkay1DVkVQsmEF
|
35
|
+
fbLZmhDx4HmZgpdD8LMQctN5FvkLFEm5VyLHJy3bvJxJsekvxge8OcrL6vnONvix
|
36
|
+
0pqR/y1RpM40q99HmRq7Z0OpKhoH41ta4D01m0v5KgqrKWG52zNM7UmXzf3T+HEl
|
37
|
+
HR7mCV9TnvLKLcLU9r321QmVoPR7soVvRblwfA4yx14yYysTWPm044esp9Rn2quH
|
38
|
+
oEB0+JHqOPxC6xiXLc6qloQI2V2yj+sfQEUEzY9M2o7tpQHQmdnd4JAka/Hw/DaB
|
39
|
+
LkrZ1CR+O2u9Y8Gsnxt6+f2R8o2+mlo6EPtDzhpc0pau4yVLmzQiigj/GoewjrOV
|
40
|
+
oZTKK8bcH9Cet4BEDZJw6lG7m4PEYbo=
|
41
|
+
-----END CERTIFICATE-----
|
@@ -0,0 +1,51 @@
|
|
1
|
+
-----BEGIN RSA PRIVATE KEY-----
|
2
|
+
MIIJKgIBAAKCAgEA4INltiIXanUq3kj9/TCuWmshhzFZfeOCzWuAWGoU8ItgE/AI
|
3
|
+
GA70MQcq/o/Xcy6+6pjGxbU6hQ6/2BSCsWiKqZH1impq5IaiPZ92S6QTDeT0N/6y
|
4
|
+
jcutBMwkHiTZf127BbIANSsnfA4WxXgB2AeE08QlwAhbLpCSEXoSz9LHWrAJ74zF
|
5
|
+
F84Tn7rKtGFPIhgT9eMhUKh9P2Fkwa6yIkrrLv9CrW9kWgnGLt+bHaY0Iapqap1u
|
6
|
+
LkdbMBdM2cmAfPU9Co+vUnYAEyHT7NzuywigmSxvqQ9MQZnL3mQJS3vxlJoxzGCN
|
7
|
+
Uw5Tgwzn6b6JyWswuQBJSSNuI5gW1CpcMA8oZA10aT5JIJlZi0ActFGOM8NhV8q6
|
8
|
+
RKqzvew4uGcAZn4olWjFvHll0LH9ETgVdJu5VAZcNVSyr1oKU/KYF1sJmesQ1jsT
|
9
|
+
yeG4n1hYk2u/SszC8UL/jtvaX2lJS1J6EpMmnjGIRlWCnqVpFEq7xuwATQYHdYjQ
|
10
|
+
mXq/JA3uK2Fp4YX4Df0aESXe+70VU2yIRnemDgfPLXSxxioI6/PX3MwLq3f6id17
|
11
|
+
DR2v6TRdPf2CvXW0RBK2JFZaCRKh+1LUMfnFq5awYg45yvYVdx77mdBsUdypTQeV
|
12
|
+
I2QK51DzYLQrGcXANA/KO3hzEYe0EIFfAjyOsQrDcvXxyz813BoBi4LTiA8CAwEA
|
13
|
+
AQKCAgAYazIs1Rhm48d91cKKPzk3bF+BLMTnBE+9t+uFskQExaP1hy3aMAYvLvBm
|
14
|
+
L47nYDYzndpAtq1eu3PyNIjictRiDRX/sANgR6Rtv2JGZ9oKsNQ/ItyYv4ZZ9zoW
|
15
|
+
bTuatr8Yp3uOTNtGiuG/KIZK0MaJodPZRw9jySWZ8QUKxYoZOvxZqZ3mMOvBe7eA
|
16
|
+
VvUcaDIDlGiTNUAqHJWw2ydUw4FA41KFOpBXmqiLgJaGawVQhBB++BB7yBcK6/3X
|
17
|
+
0iq/bIzvESGofl0Tt6ItKPpv6shM4KBkat2IZQnfblH0e86SsxKnf/jfB7fdkRHI
|
18
|
+
QokJ9zadaIKQCeJ4zJnvCYxtTbi+tPCLPu9tN3N7UJnUBqFe3S8ZZPa4SP/Iu7pf
|
19
|
+
t3YlMSrK2NUAQJ4vbiiw41JfGDgv0Q00K7lQMP92JjZ0RSszEN0DFxbCBJQYZ4d8
|
20
|
+
ESAeytEGATA/FpL9kMpHAXDKY2sGbcigwRjy/1lm5MCpQ+Qysckh0AalDjC2cOkS
|
21
|
+
YBfQsCPfIkM29CHoc3BY90qznZj+bjR63H62L0DOOAHqp73oXmq18uKyxP0gIic2
|
22
|
+
rqanJDWfYwDk6serbGs6P8YlSZqN26THCSrnKypr/PUZU8mq+c87hp5ICpVesvIY
|
23
|
+
4vw4KUfDyD7Xwc3lQ+GyEGprd+nVJA61zd7HYG11FapsPC8CwQKCAQEA8nMloEwc
|
24
|
+
4FoF9dWXr+MiKTUwX1cVRmtoz57kPAcvvghyUe3o5Z3kPTR4o2xn313IqF9TPwFc
|
25
|
+
8gVhk6p/JxISO4lzdCmst3QQ6MxlOQe0MosFTALgAHn+Sww98kTRFK+rwxbkEqr2
|
26
|
+
tNQFwjhNpUGCpSfcYoxk+ZbsvfXpOHvuWvCZ3MUoAVOQMYkS6FRvTCt1nfKiEA+Q
|
27
|
+
qAZbxUMZx77NWKWXvQ7MMlYiyEORzqDAUUxjDamZZqod8vzrrZIc3swUkzNJ+jx/
|
28
|
+
4FZGhQwodiBDoOJLlMYEDyfLS31JorcwZCsGhxVE4xCsdIchDwiXUZ98fFs8LU+t
|
29
|
+
/UNJMjbPn1KYQwKCAQEA7Q+fk9YT2k1Izovm4vubkQ0su4uCJjguMpzdlVuYwCBH
|
30
|
+
vFfuYiGQpVX9kog1cRsvF/1FLQ5Frmyy9QemueA/tdjXkWg05IRzAqh+6ZaMumeW
|
31
|
+
Q8N/NF7LSjQnGdKRgSS1NCa715yb3Jlt/S42KvdxYeKhJxyo+1jkyz8bnhOPeHDs
|
32
|
+
3eCA3rILGgdaY1EK4FLNBXuuH57zyQOEFd3uoSfMul9rdgUw1z4CNdIZulPYjNF7
|
33
|
+
kvlLmC2KcCRkAlW5v1OKJijQUo4W3M0C8KqMVCfl4lefQ1Y1thfuCgefXIvu7hVt
|
34
|
+
UXKXvtenYaaLYl/Cdz4JP0GlhhkppAlcfYCJqHyqRQKCAQEA8LrEMVVhlqHMKTvb
|
35
|
+
URkFYkUdsoyU40bi2sO5eqDoFpfsasz+4n7TkLH41stcl7xW8Fc2IOkJkIUnTaeM
|
36
|
+
eQ7Ia7UenciDZeQopf3Mw8OSeFzw9XglUlPO2lVdbKBHuXJz6VFhQ+fc7c9XqHCf
|
37
|
+
J+bUAYiCmpcr62afyj3RQ/RJxqH/I+XewvJlycmArI6ps8ezERFJOQk7aJpnpIXr
|
38
|
+
oxkga1SARYfb2F8OSipNLA0Q56gg8f/kALwI4KuglsbtQ4r/IulaGszXa7g+bPyV
|
39
|
+
cDS48ZW/1giHH0Uz5dCQvK+HrO3LnXTQ4WQ817cUbAjrtm/U+uTb62GiMEYO93zU
|
40
|
+
yi0IYQKCAQEAo7Q7RbL7CLCAC6pO6gZIepV3g5ema9A2DtuGpSKYzGw+PZEXXIrD
|
41
|
+
QXmtXyhSh2X3UoCi6adGdVo5Br6e4xM5y9EPpCkrBXd1mKtU4OgHDJ6GBQuW50pi
|
42
|
+
5j43ljx0IJOB0p7A7vcGJwOJEeJ8o5U2phsDoGfJRbEwZi6RWss1Mz4ARIRJWf/n
|
43
|
+
bLURNS587UYgsJ2lM87nmLOl3hfhN0atuTI1mk2hWbJHgnUxMRu/mhb7WBZxnogs
|
44
|
+
Zp6qtXYPjFEbQJjEq43VueqVEi8kMuVOecx6fdylwLaruh9jbFxxxdXkJO+WXMK9
|
45
|
+
otCIxolMWF3tstIZhQ4RVGbmiQBfj4tvZQKCAQEAyfP0uV6PqklHFZ8rtXt9OFAf
|
46
|
+
HabEpXBAVe2vv7D5rXjeZO1vsCLUGaVsock1wzM+T0140xB6SWEp6tq/wROMDVWi
|
47
|
+
Y1vG22Vvy/3nIGC36Qcvx57FkRiEaOYc0bOMiVtwr3pvRCca/T5JiRnTmV3hAwKz
|
48
|
+
zFVAPCCcr10Bg6rGO9kbCnoNGWvEGEM3pVo9auMyTXu7aGOXsNVbDMws9Ly9dOUU
|
49
|
+
OWLDgd3sGmBuGKBGwhFQjVFsJ7XGZkAgMUyWt+sEEbRQG8ZWRQdRigScRXWpSNGO
|
50
|
+
VtSrlZb+Ep7tOz/1mLlwWfsEdmaqa6r4xFz0szHQ/ywpC9PylbI0vafWXBSD4g==
|
51
|
+
-----END RSA PRIVATE KEY-----
|
@@ -0,0 +1,16 @@
|
|
1
|
+
{
|
2
|
+
"disable_mlock": true,
|
3
|
+
"default_lease_ttl": "24h",
|
4
|
+
"max_lease_ttl": "24h",
|
5
|
+
"backend": {
|
6
|
+
"inmem":{
|
7
|
+
}
|
8
|
+
},
|
9
|
+
"listener": {
|
10
|
+
"tcp": {
|
11
|
+
"address":"127.0.0.1:8200",
|
12
|
+
"tls_cert_file":"./fixtures/ssl/localhost.cert.pem",
|
13
|
+
"tls_key_file":"./fixtures/ssl/localhost.key.pem"
|
14
|
+
}
|
15
|
+
}
|
16
|
+
}
|
@@ -17,13 +17,20 @@ module ConfigurationService
|
|
17
17
|
#
|
18
18
|
class Vault
|
19
19
|
|
20
|
+
##
|
21
|
+
# @private
|
22
|
+
SSL_CIPHERS = "TLSv1.2+HIGH:!aNULL:!eNULL"
|
23
|
+
|
20
24
|
##
|
21
25
|
# @param [Hash] options
|
22
26
|
# @option options [String] :address {https://vaultproject.io HashiCorp Vault} HTTP service URL
|
23
27
|
def initialize(options = {})
|
24
28
|
address = options[:address] or raise ArgumentError, "missing required argument: address"
|
25
29
|
@vault = ::Vault::Client.new(address: address)
|
26
|
-
@vault.ssl_ciphers =
|
30
|
+
@vault.ssl_ciphers = SSL_CIPHERS
|
31
|
+
if ca_cert = options[:ca_cert]
|
32
|
+
@vault.ssl_ca_cert = ca_cert
|
33
|
+
end
|
27
34
|
end
|
28
35
|
|
29
36
|
##
|
@@ -17,14 +17,16 @@ module ConfigurationService
|
|
17
17
|
##
|
18
18
|
# A new instance of VaultAdminClient
|
19
19
|
#
|
20
|
-
# It expects a development mode Vault instance listening at +
|
21
|
-
# instance in the +VAULT_TOKEN+ envinronment variable.
|
20
|
+
# It expects a development mode Vault instance listening at +https://127.0.0.1:8200+ and expects a root token for that
|
21
|
+
# instance in the +VAULT_TOKEN+ envinronment variable. Accepts the +VAULT_ADDR+ and +VAULT_CACERT+ environment
|
22
|
+
# variables if present.
|
22
23
|
#
|
23
|
-
def initialize
|
24
|
+
def initialize(options = {})
|
24
25
|
if ENV["VAULT_TOKEN"] and File.exists?("#{ENV["HOME"]}/.vault-token")
|
25
26
|
$stderr.puts "warning: ~/.vault-token overrides VAULT_TOKEN environment variable"
|
26
27
|
end
|
27
28
|
@vault = ::Vault::Client.new
|
29
|
+
@vault.ssl_ciphers = ConfigurationService::Provider::Vault::SSL_CIPHERS
|
28
30
|
end
|
29
31
|
|
30
32
|
##
|
@@ -29,13 +29,13 @@ module ConfigurationService
|
|
29
29
|
# @see http://www.rubydoc.info/gems/configuration_service/ConfigurationService/Test/OrchestrationProvider#service_provider_configuration-instance_method ConfigurationService::Test::OrchestrationProvider#service_provider_configuration
|
30
30
|
#
|
31
31
|
def service_provider_configuration
|
32
|
-
{address: "
|
32
|
+
{address: (ENV["VAULT_ADDR"] || "https://127.0.0.1:8200"), ca_cert: (ENV["VAULT_CACERT"] || "fixtures/ssl/ca-chain.cert.pem")}
|
33
33
|
end
|
34
34
|
|
35
35
|
##
|
36
36
|
# The service provider under test
|
37
37
|
#
|
38
|
-
# @see
|
38
|
+
# @see http://localhost:8808/docs/ConfigurationService/Test/VaultOrchestrationProvider#service_provider-instance_method ConfigurationService::Test::OrchestrationProvider#service_provider
|
39
39
|
#
|
40
40
|
def service_provider
|
41
41
|
ConfigurationService::Provider::Vault.new(service_provider_configuration)
|
@@ -47,7 +47,7 @@ module ConfigurationService
|
|
47
47
|
# @see http://localhost:8808/docs/ConfigurationService/Test/VaultOrchestrationProvider#broken_service_provider-instance_method ConfigurationService::Test::OrchestrationProvider#broken_service_provider
|
48
48
|
#
|
49
49
|
def broken_service_provider
|
50
|
-
ConfigurationService::Provider::Vault.new(address: "
|
50
|
+
ConfigurationService::Provider::Vault.new(address: "https://127.0.0.1:8201")
|
51
51
|
end
|
52
52
|
|
53
53
|
##
|
metadata
CHANGED
@@ -1,94 +1,94 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: configuration_service-provider-vault
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.
|
4
|
+
version: 2.0.12
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sheldon Hearn
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-02-
|
11
|
+
date: 2016-02-06 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
|
-
name: vault
|
15
14
|
requirement: !ruby/object:Gem::Requirement
|
16
15
|
requirements:
|
17
16
|
- - "~>"
|
18
17
|
- !ruby/object:Gem::Version
|
19
18
|
version: '0.2'
|
20
|
-
|
19
|
+
name: vault
|
21
20
|
prerelease: false
|
21
|
+
type: :runtime
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: '0.2'
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
|
-
name: configuration_service
|
29
28
|
requirement: !ruby/object:Gem::Requirement
|
30
29
|
requirements:
|
31
30
|
- - "~>"
|
32
31
|
- !ruby/object:Gem::Version
|
33
32
|
version: 2.0.5
|
34
|
-
|
33
|
+
name: configuration_service
|
35
34
|
prerelease: false
|
35
|
+
type: :runtime
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
40
|
version: 2.0.5
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
|
-
name: bundler
|
43
42
|
requirement: !ruby/object:Gem::Requirement
|
44
43
|
requirements:
|
45
44
|
- - "~>"
|
46
45
|
- !ruby/object:Gem::Version
|
47
46
|
version: '1.7'
|
48
|
-
|
47
|
+
name: bundler
|
49
48
|
prerelease: false
|
49
|
+
type: :development
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
51
51
|
requirements:
|
52
52
|
- - "~>"
|
53
53
|
- !ruby/object:Gem::Version
|
54
54
|
version: '1.7'
|
55
55
|
- !ruby/object:Gem::Dependency
|
56
|
-
name: rake
|
57
56
|
requirement: !ruby/object:Gem::Requirement
|
58
57
|
requirements:
|
59
58
|
- - "~>"
|
60
59
|
- !ruby/object:Gem::Version
|
61
60
|
version: '10.0'
|
62
|
-
|
61
|
+
name: rake
|
63
62
|
prerelease: false
|
63
|
+
type: :development
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
65
65
|
requirements:
|
66
66
|
- - "~>"
|
67
67
|
- !ruby/object:Gem::Version
|
68
68
|
version: '10.0'
|
69
69
|
- !ruby/object:Gem::Dependency
|
70
|
-
name: cucumber
|
71
70
|
requirement: !ruby/object:Gem::Requirement
|
72
71
|
requirements:
|
73
72
|
- - "~>"
|
74
73
|
- !ruby/object:Gem::Version
|
75
74
|
version: '2.0'
|
76
|
-
|
75
|
+
name: cucumber
|
77
76
|
prerelease: false
|
77
|
+
type: :development
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
79
79
|
requirements:
|
80
80
|
- - "~>"
|
81
81
|
- !ruby/object:Gem::Version
|
82
82
|
version: '2.0'
|
83
83
|
- !ruby/object:Gem::Dependency
|
84
|
-
name: rspec-expectations
|
85
84
|
requirement: !ruby/object:Gem::Requirement
|
86
85
|
requirements:
|
87
86
|
- - "~>"
|
88
87
|
- !ruby/object:Gem::Version
|
89
88
|
version: '3.3'
|
90
|
-
|
89
|
+
name: rspec-expectations
|
91
90
|
prerelease: false
|
91
|
+
type: :development
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
93
93
|
requirements:
|
94
94
|
- - "~>"
|
@@ -111,11 +111,17 @@ files:
|
|
111
111
|
- Rakefile
|
112
112
|
- bin/console
|
113
113
|
- bin/setup
|
114
|
+
- bin/start-dev-server.sh
|
115
|
+
- bin/stop-dev-server.sh
|
114
116
|
- contrib/.gitignore
|
115
117
|
- contrib/README.md
|
116
118
|
- contrib/authorize.rb
|
117
119
|
- contrib/publish.rb
|
118
120
|
- contrib/request.rb
|
121
|
+
- fixtures/ssl/ca-chain.cert.pem
|
122
|
+
- fixtures/ssl/localhost.cert.pem
|
123
|
+
- fixtures/ssl/localhost.key.pem
|
124
|
+
- fixtures/vault.d/configuration.json
|
119
125
|
- lib/configuration_service/provider/vault.rb
|
120
126
|
- lib/configuration_service/provider/vault/path_helper.rb
|
121
127
|
- lib/configuration_service/provider/vault/version.rb
|
@@ -124,7 +130,7 @@ files:
|
|
124
130
|
homepage: https://github.com/hetznerZA/configuration_service-provider-vault
|
125
131
|
licenses: []
|
126
132
|
metadata: {}
|
127
|
-
post_install_message:
|
133
|
+
post_install_message:
|
128
134
|
rdoc_options: []
|
129
135
|
require_paths:
|
130
136
|
- lib
|
@@ -132,16 +138,16 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
132
138
|
requirements:
|
133
139
|
- - ">="
|
134
140
|
- !ruby/object:Gem::Version
|
135
|
-
version: '0'
|
141
|
+
version: '2.0'
|
136
142
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
137
143
|
requirements:
|
138
144
|
- - ">="
|
139
145
|
- !ruby/object:Gem::Version
|
140
146
|
version: '0'
|
141
147
|
requirements: []
|
142
|
-
rubyforge_project:
|
143
|
-
rubygems_version: 2.
|
144
|
-
signing_key:
|
148
|
+
rubyforge_project:
|
149
|
+
rubygems_version: 2.4.8
|
150
|
+
signing_key:
|
145
151
|
specification_version: 4
|
146
152
|
summary: Vault provider for Configuration Service
|
147
153
|
test_files: []
|