configuration_service-provider-vault 2.0.4 → 2.0.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -13
- data/.gemspec +1 -1
- data/.travis.yml +7 -1
- data/.yardopts +5 -0
- data/README.md +25 -1
- data/README.rdoc +47 -0
- data/lib/configuration_service/provider/vault/path_helper.rb +14 -2
- data/lib/configuration_service/provider/vault/version.rb +1 -1
- data/lib/configuration_service/provider/vault.rb +35 -11
- data/lib/configuration_service/test/vault_admin_client.rb +150 -0
- data/lib/configuration_service/test/vault_orchestration_provider.rb +88 -0
- metadata +26 -21
checksums.yaml
CHANGED
@@ -1,15 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
|
5
|
-
data.tar.gz: !binary |-
|
6
|
-
MzZkN2FjOWFjMTM0OTgyYWRkYjk3M2ZiZmQwY2YwMGNkNjIwMWM5Yw==
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 4ad0eb637e553d43cb8c83d0f37b73a8eef4b51d
|
4
|
+
data.tar.gz: 2eaeb61b37d37204bf4b6108dbe2722181ef40e7
|
7
5
|
SHA512:
|
8
|
-
metadata.gz:
|
9
|
-
|
10
|
-
MGRlNjZhYmQxZmJmOTQ2Mzc0OGI2MDI0MTAzODIxYWU3YjhkN2U0MDIzZTk4
|
11
|
-
MTk2Mjg4M2NhMzZjNmQ2NTM3Mjg4YzhiZmQxY2E5ZmJiMjAyZTQ=
|
12
|
-
data.tar.gz: !binary |-
|
13
|
-
NzcxNTIwNjE4OGY3N2IxOTM0N2IxYWVjNGVlMTQ1ZWMwZjMzYWZkMzY3MGJm
|
14
|
-
NGUwOGE0NjcwMTU5MGQ1ZGEyNWI3MGQ2ODIyZGMxMjc3ZTU1ZDdjYWZiYjk4
|
15
|
-
NTJjOTdmYWFlMDMyOTI1Y2VhNGJlMDExM2E2MDdlOGRmMGZhOGM=
|
6
|
+
metadata.gz: 9f929cbb7d1c471d498e411aa622f1d77ffe8f55157beb4bc94ff89d07d44d8c32442af3013efbfa7755c59af67c757983e1a9998a7839ee95cd0ae6b058d9f8
|
7
|
+
data.tar.gz: c5ac83991a366e0a8a07faf3ffa4ebbfcd9aa78d7360374dc1c9992bb365441e426014633344d770878ba3dfd464aff19ec71d131015cd2c85284f58d3575c64
|
data/.gemspec
CHANGED
@@ -20,7 +20,7 @@ Gem::Specification.new do |spec|
|
|
20
20
|
|
21
21
|
spec.add_dependency "vault", "~> 0.1"
|
22
22
|
spec.add_dependency "configuration_service", "~> 2.0.0"
|
23
|
-
spec.add_development_dependency "bundler", "~> 1.
|
23
|
+
spec.add_development_dependency "bundler", "~> 1.7"
|
24
24
|
spec.add_development_dependency "rake", "~> 10.0"
|
25
25
|
spec.add_development_dependency "cucumber", "~> 2.0"
|
26
26
|
spec.add_development_dependency "rspec-expectations", "~> 3.3"
|
data/.travis.yml
CHANGED
@@ -1,4 +1,10 @@
|
|
1
1
|
language: ruby
|
2
2
|
rvm:
|
3
|
+
- 1.9.3
|
4
|
+
- 2.0.0
|
3
5
|
- 2.2.2
|
4
|
-
before_install:
|
6
|
+
before_install:
|
7
|
+
- rm -f vault_0.2.0_linux_amd64.zip
|
8
|
+
- wget https://dl.bintray.com/mitchellh/vault/vault_0.2.0_linux_amd64.zip
|
9
|
+
- unzip vault_0.2.0_linux_amd64.zip
|
10
|
+
- sudo mv vault /usr/local/bin/
|
data/.yardopts
ADDED
data/README.md
CHANGED
@@ -1,7 +1,31 @@
|
|
1
|
+
[![Gem Version](https://badge.fury.io/rb/configuration_service-provider-vault.svg)](http://badge.fury.io/rb/configuration_service-provider-vault) [![Build Status](https://travis-ci.org/hetznerZA/configuration_service-provider-vault.svg?branch=master)](https://travis-ci.org/hetznerZA/configuration_service-provider-vault) [![Dependency Status](https://gemnasium.com/hetznerZA/configuration_service-provider-vault.svg)](https://gemnasium.com/hetznerZA/configuration_service-provider-vault)
|
2
|
+
|
1
3
|
# ConfigurationService::Provider::Vault
|
2
4
|
|
3
|
-
A
|
5
|
+
A [HashiCorp Vault](https://vaultproject.io) service provider
|
6
|
+
for the Ruby [ConfigurationService API](https://github.com/hetznerZA/configuration_service).
|
7
|
+
|
8
|
+
|
9
|
+
## Documentation
|
10
|
+
|
11
|
+
For documentation of the released gems, see [rubydoc.info](http://www.rubydoc.info/gems/configuration_service-provider-vault).
|
12
|
+
|
13
|
+
## Testing
|
14
|
+
|
15
|
+
The `Rakefile` provides a default target that launches a development mode vault server.
|
16
|
+
It requires that the vault executable be in the `PATH`.
|
17
|
+
|
18
|
+
With that requirement satisfied, test as follows:
|
19
|
+
|
20
|
+
```shell
|
21
|
+
git clone git@github.com:hetznerZA/configuration_service-provider-vault.git
|
22
|
+
cd configuration_service-provider-vault
|
23
|
+
bundle install
|
24
|
+
bundle exec rake
|
25
|
+
```
|
4
26
|
|
27
|
+
Note that the tests use cucumber features and support files from the `configuration_service` gem;
|
28
|
+
do not be surprised when you find no feature files in the `features` subdirectory of this repo.
|
5
29
|
|
6
30
|
## Usage
|
7
31
|
|
data/README.rdoc
ADDED
@@ -0,0 +1,47 @@
|
|
1
|
+
= Vault configuration service provider
|
2
|
+
|
3
|
+
A {https://vaultproject.io HashiCorp Vault} service provider for the Ruby configuration service API
|
4
|
+
defined by {http://www.rubydoc.info/gems/configuration_service/ConfigurationService/Base ConfigurationService::Base}
|
5
|
+
from the {https://rubygems.org/gems/configuration_service configuration_service gem}.
|
6
|
+
|
7
|
+
The provider is defined in {ConfigurationService::Provider::Vault}.
|
8
|
+
It is registered against the {http://www.rubydoc.info/gems/configuration_service/ConfigurationService/ProviderRegistry ConfigurationService::ProviderRegistry} with the identifier "vault".
|
9
|
+
|
10
|
+
The provider's fulfillment of the API is tested using the configuration_service gem's declarative specification
|
11
|
+
implemented with cucumber.
|
12
|
+
This package includes an extension of {http://www.rubydoc.info/gems/configuration_service/ConfigurationService/Test/OrchestrationProvider ConfigurationService::Test::OrchestrationProvider}
|
13
|
+
called {ConfigurationService::Test::VaultOrchestrationProvider},
|
14
|
+
which is registered against the {http://www.rubydoc.info/gems/configuration_service/ConfigurationService/Test/OrchestrationProviderRegistry ConfigurationService::Test::OrchestrationProviderRegistry} with the identifier "vault".
|
15
|
+
|
16
|
+
== Usage
|
17
|
+
|
18
|
+
Our +main.rb+ (or +config.ru+ or whatever) is simple:
|
19
|
+
|
20
|
+
require 'bundler'
|
21
|
+
Bundler.require(:default)
|
22
|
+
|
23
|
+
config_service = ConfigurationService::Factory::EnvironmentContext.create
|
24
|
+
config = config_service.request_configuration
|
25
|
+
|
26
|
+
$stderr.puts "Using configuration #{configuration.identifier} #{configuration.metadata}..."
|
27
|
+
acme_config = AcmeConfig.new(configuration.data)
|
28
|
+
acme_config.validate!
|
29
|
+
AcmeApplication.new(acme_config).run
|
30
|
+
|
31
|
+
We specify the +configuration_service-provider-vault+ gem in the {http://bundler.io/ bundler} {http://bundler.io/gemfile.html Gemfile}:
|
32
|
+
|
33
|
+
source 'https://rubygems.org'
|
34
|
+
|
35
|
+
gem 'configuration_service-provider-vault'
|
36
|
+
gem 'acme_application'
|
37
|
+
|
38
|
+
Then we use the process environment to configure the configuration service factory:
|
39
|
+
|
40
|
+
CFGSRV_IDENTIFIER="acme" \
|
41
|
+
CFGSRV_TOKEN="0b2a80f4-54ce-45f4-8267-f6558fee64af" \
|
42
|
+
CFGSRV_PROVIDER="vault" \
|
43
|
+
CFGSRV_PROVIDER_ADDRESS="http://127.0.0.1:8200" \
|
44
|
+
bundle exec main.rb
|
45
|
+
|
46
|
+
Note that +main.rb+ is completely decoupled from the selection of provider and provider configuration.
|
47
|
+
We could swap out the Vault provider for some other provider by manipulating only the +Gemfile+ and the environment.
|
@@ -20,18 +20,30 @@ module ConfigurationService
|
|
20
20
|
PREFIX = "secret/config/v1" unless defined?(PREFIX)
|
21
21
|
|
22
22
|
##
|
23
|
-
#
|
23
|
+
# Revision path
|
24
|
+
#
|
25
|
+
# @param [String] identifier
|
26
|
+
# the unique identity of the configuration
|
27
|
+
# @param [String] revision
|
28
|
+
# the unique metadata revision of the configuration
|
29
|
+
#
|
30
|
+
# @return [String] the Vault path for the +revision+ of +identifier+
|
24
31
|
#
|
25
32
|
def self.path(identifier, revision = "latest")
|
26
33
|
"#{policy_path(identifier)}/#{revision}"
|
27
34
|
end
|
28
35
|
|
29
36
|
##
|
30
|
-
#
|
37
|
+
# Policy path
|
31
38
|
#
|
32
39
|
# Since policies must apply to all revisions of the identified configuration,
|
33
40
|
# the policy path is necessarily broad.
|
34
41
|
#
|
42
|
+
# @param [String] identifier
|
43
|
+
# the unique identity of the configuration
|
44
|
+
#
|
45
|
+
# @return [String] the Vault path for all revisions for +identifier+
|
46
|
+
#
|
35
47
|
def self.policy_path(identifier)
|
36
48
|
"#{PREFIX}/#{identifier}"
|
37
49
|
end
|
@@ -10,24 +10,38 @@ module ConfigurationService
|
|
10
10
|
module Provider
|
11
11
|
|
12
12
|
##
|
13
|
-
# Vault
|
13
|
+
# Vault configuration service provider
|
14
14
|
#
|
15
|
-
# Instances of this class are intended to be composed into a ConfigurationService::Base,
|
16
|
-
# usually by a ConfigurationService::Factory.
|
15
|
+
# Instances of this class are intended to be composed into a {http://www.rubydoc.info/gems/configuration_service/ConfigurationService/Base ConfigurationService::Base},
|
16
|
+
# usually by a {http://www.rubydoc.info/gems/configuration_service/ConfigurationService/Factory ConfigurationService::Factory}.
|
17
17
|
#
|
18
18
|
class Vault
|
19
19
|
|
20
|
+
##
|
21
|
+
# @param [Hash] options
|
22
|
+
# @option options [String] :address {https://vaultproject.io HashiCorp Vault} HTTP service URL
|
20
23
|
def initialize(options = {})
|
21
24
|
address = options[:address] or raise ArgumentError, "missing required argument: address"
|
22
25
|
@vault = ::Vault::Client.new(address: address)
|
23
26
|
end
|
24
27
|
|
25
28
|
##
|
26
|
-
# Request configuration
|
29
|
+
# Request configuration
|
30
|
+
#
|
31
|
+
# The Vault secret path is composed by from the +identifier+ and the string "latest" using {ConfigurationService::Provider::PathHelper}.
|
32
|
+
#
|
33
|
+
# @param [String] identifier
|
34
|
+
# the unique identity of the configuration
|
35
|
+
# @param [String] token
|
36
|
+
# Vault token with +read+ permission on the composed secret path
|
37
|
+
#
|
38
|
+
# @return [ConfigurationService::Configuration] the configuration if found
|
39
|
+
# @return [nil] if the configuration for +identifier was not found
|
27
40
|
#
|
28
|
-
#
|
41
|
+
# @raise [ConfigurationService::AuthorizationError] if the request was not allowed
|
42
|
+
# @raise [ConfigurationService::Error] if the request was allowed but failed
|
29
43
|
#
|
30
|
-
#
|
44
|
+
# @see #publish_configuration
|
31
45
|
#
|
32
46
|
def request_configuration(identifier, token)
|
33
47
|
authenticate(token)
|
@@ -44,16 +58,26 @@ module ConfigurationService
|
|
44
58
|
end
|
45
59
|
|
46
60
|
##
|
47
|
-
# Publish configuration
|
61
|
+
# Publish configuration
|
48
62
|
#
|
49
|
-
# The configuration is written to a Vault path composed
|
50
|
-
# +identifier+ and metadata +revision+
|
51
|
-
#
|
63
|
+
# The configuration data and metadata is written to a Vault path composed from the configuration's
|
64
|
+
# +identifier+ and metadata +revision+ by {ConfigurationService::Provider::PathHelper}.
|
65
|
+
# That path is then written to another path, composed from +identifier and the string "latest".
|
52
66
|
#
|
53
67
|
# This allows the current configuration to always be retrieved from a predictable path in Vault,
|
54
68
|
# but preserves revision history of configuration.
|
55
69
|
#
|
56
|
-
#
|
70
|
+
# @param [ConfigurationService::Configuration] configuration
|
71
|
+
# the configuration to publish
|
72
|
+
# @param [String] token
|
73
|
+
# Vault token with +write+ permission on the composed secret path
|
74
|
+
#
|
75
|
+
# @return [ConfigurationService::Configuration] the published configuration
|
76
|
+
#
|
77
|
+
# @raise [ConfigurationService::AuthorizationError] if the request was not allowed
|
78
|
+
# @raise [ConfigurationService::Error] if the request was allowed but failed
|
79
|
+
#
|
80
|
+
# @todo make revision history queryable (blocked by https://github.com/hashicorp/vault/issues/111)
|
57
81
|
#
|
58
82
|
def publish_configuration(configuration, token)
|
59
83
|
authenticate(token)
|
@@ -0,0 +1,150 @@
|
|
1
|
+
require "configuration_service/provider/vault"
|
2
|
+
require "vault"
|
3
|
+
|
4
|
+
module ConfigurationService
|
5
|
+
|
6
|
+
module Test
|
7
|
+
|
8
|
+
##
|
9
|
+
# Fixture helper for Vault test orchestration provider
|
10
|
+
#
|
11
|
+
# It bypasses the {ConfigurationService::Provider::Vault} configuration service provider and manipulates Vault directly.
|
12
|
+
#
|
13
|
+
# Never use this with a production Vault instance.
|
14
|
+
#
|
15
|
+
class VaultAdminClient
|
16
|
+
|
17
|
+
##
|
18
|
+
# A new instance of VaultAdminClient
|
19
|
+
#
|
20
|
+
# It expects a development mode Vault instance listening at +http://127.0.0.1:8200+ and expects a root token for that
|
21
|
+
# instance in the +VAULT_TOKEN+ envinronment variable.
|
22
|
+
#
|
23
|
+
def initialize
|
24
|
+
@vault = ::Vault::Client.new
|
25
|
+
end
|
26
|
+
|
27
|
+
##
|
28
|
+
# Delete configuration
|
29
|
+
#
|
30
|
+
# @param [String] identifier
|
31
|
+
# the configuration identifier
|
32
|
+
#
|
33
|
+
def delete_configuration(identifier)
|
34
|
+
path = ConfigurationService::Provider::Vault::PathHelper.path(identifier)
|
35
|
+
@vault.logical.delete(path)
|
36
|
+
end
|
37
|
+
|
38
|
+
##
|
39
|
+
# Create a Vault token to request configuration
|
40
|
+
#
|
41
|
+
# @param [String] identifier
|
42
|
+
# the configuration identifier to authorize the token to read
|
43
|
+
#
|
44
|
+
# @return [String] the token
|
45
|
+
#
|
46
|
+
def consumer_token(identifier)
|
47
|
+
create_token_for(consumer_policy(identifier))
|
48
|
+
end
|
49
|
+
|
50
|
+
##
|
51
|
+
# Create a Vault policy for requesting configuration
|
52
|
+
#
|
53
|
+
# @param [String] identifier
|
54
|
+
# the configuration identifier to create the read policy for
|
55
|
+
#
|
56
|
+
# @return [String] the policy
|
57
|
+
#
|
58
|
+
def consumer_policy(identifier)
|
59
|
+
create_policy_for(identifier, "consumer", "read")
|
60
|
+
end
|
61
|
+
|
62
|
+
##
|
63
|
+
# Create a Vault token to publish configuration
|
64
|
+
#
|
65
|
+
# @param [String] identifier
|
66
|
+
# the configuration identifier to authorize the token to write
|
67
|
+
#
|
68
|
+
# @return [String] the token
|
69
|
+
#
|
70
|
+
def publisher_token(identifier)
|
71
|
+
create_token_for(publisher_policy(identifier))
|
72
|
+
end
|
73
|
+
|
74
|
+
##
|
75
|
+
# Create a Vault policy for publishing configuration
|
76
|
+
#
|
77
|
+
# @param [String] identifier
|
78
|
+
# the configuration identifier to create the write policy for
|
79
|
+
#
|
80
|
+
# @return [String] the policy
|
81
|
+
#
|
82
|
+
def publisher_policy(identifier)
|
83
|
+
create_policy_for(identifier, "publisher", "write")
|
84
|
+
end
|
85
|
+
|
86
|
+
##
|
87
|
+
# Create a Vault token with no privilege
|
88
|
+
#
|
89
|
+
# @param [String] identifier
|
90
|
+
# the configuration identifier to deny the token for
|
91
|
+
#
|
92
|
+
# @return [String] the token
|
93
|
+
#
|
94
|
+
def none_token(identifier)
|
95
|
+
create_token_for(none_policy(identifier))
|
96
|
+
end
|
97
|
+
|
98
|
+
##
|
99
|
+
# Create a Vault deny policy
|
100
|
+
#
|
101
|
+
# @param [String] identifier
|
102
|
+
# the configuration identifier to create the deny policy for
|
103
|
+
#
|
104
|
+
# @return [String] the policy
|
105
|
+
#
|
106
|
+
def none_policy(identifier)
|
107
|
+
create_policy_for(identifier, "guest", "deny")
|
108
|
+
end
|
109
|
+
|
110
|
+
##
|
111
|
+
# Test Vault access
|
112
|
+
#
|
113
|
+
# Creates a new {ConfigurationService::Test::VaultAdminClient} and uses it to test connectivity to the development mode Vault instance.
|
114
|
+
#
|
115
|
+
# @raise [::Vault::VaultError] on failure
|
116
|
+
#
|
117
|
+
def self.preflight_check
|
118
|
+
new.send(:preflight_check)
|
119
|
+
end
|
120
|
+
|
121
|
+
private
|
122
|
+
|
123
|
+
def create_token_for(*policy_names)
|
124
|
+
result = @vault.auth_token.create(policies: policy_names)
|
125
|
+
result.auth.client_token
|
126
|
+
end
|
127
|
+
|
128
|
+
def create_policy_for(identifier, role, access_level)
|
129
|
+
"#{identifier}_#{role}".tap do |policy_name|
|
130
|
+
@vault.sys.put_policy(policy_name, policy(identifier, access_level))
|
131
|
+
end
|
132
|
+
end
|
133
|
+
|
134
|
+
def policy(identifier, access_level)
|
135
|
+
policy_path = ConfigurationService::Provider::Vault::PathHelper.policy_path(identifier)
|
136
|
+
%Q<
|
137
|
+
path "#{policy_path}" { policy = "#{access_level}" }
|
138
|
+
path "#{policy_path}/*" { policy = "#{access_level}" }
|
139
|
+
>
|
140
|
+
end
|
141
|
+
|
142
|
+
def preflight_check
|
143
|
+
@vault.sys.policies
|
144
|
+
end
|
145
|
+
|
146
|
+
end
|
147
|
+
|
148
|
+
end
|
149
|
+
|
150
|
+
end
|
@@ -0,0 +1,88 @@
|
|
1
|
+
require 'configuration_service/test'
|
2
|
+
require 'configuration_service/provider/vault'
|
3
|
+
|
4
|
+
require_relative "vault_admin_client"
|
5
|
+
|
6
|
+
module ConfigurationService
|
7
|
+
|
8
|
+
module Test
|
9
|
+
|
10
|
+
##
|
11
|
+
# Test orchestration provider for testing the {ConfigurationService::Provider::Vault} service provider
|
12
|
+
#
|
13
|
+
# Registered to the {http://www.rubydoc.info/gems/configuration_service/ConfigurationService/Test/OrchestrationProviderRegistry ConfigurationService::Test::OrchestrationProviderRegistry} as "vault".
|
14
|
+
#
|
15
|
+
class VaultOrchestrationProvider < ConfigurationService::Test::OrchestrationProvider
|
16
|
+
|
17
|
+
##
|
18
|
+
# The registered identifier of the service provider under test
|
19
|
+
#
|
20
|
+
# @see http://www.rubydoc.info/gems/configuration_service/ConfigurationService/Test/OrchestrationProvider#service_provider_id-instance_method ConfigurationService::Test::OrchestrationProvider#service_provider_id
|
21
|
+
#
|
22
|
+
def service_provider_id
|
23
|
+
"vault"
|
24
|
+
end
|
25
|
+
|
26
|
+
##
|
27
|
+
# The configuration for the service provider under test
|
28
|
+
#
|
29
|
+
# @see http://www.rubydoc.info/gems/configuration_service/ConfigurationService/Test/OrchestrationProvider#service_provider_configuration-instance_method ConfigurationService::Test::OrchestrationProvider#service_provider_configuration
|
30
|
+
#
|
31
|
+
def service_provider_configuration
|
32
|
+
{address: "http://127.0.0.1:8200"}
|
33
|
+
end
|
34
|
+
|
35
|
+
##
|
36
|
+
# The service provider under test
|
37
|
+
#
|
38
|
+
# @see ihttp://localhost:8808/docs/ConfigurationService/Test/VaultOrchestrationProvider#service_provider-instance_method ConfigurationService::Test::OrchestrationProvider#service_provider
|
39
|
+
#
|
40
|
+
def service_provider
|
41
|
+
ConfigurationService::Provider::Vault.new(service_provider_configuration)
|
42
|
+
end
|
43
|
+
|
44
|
+
##
|
45
|
+
# A broken service provider
|
46
|
+
#
|
47
|
+
# @see http://localhost:8808/docs/ConfigurationService/Test/VaultOrchestrationProvider#broken_service_provider-instance_method ConfigurationService::Test::OrchestrationProvider#broken_service_provider
|
48
|
+
#
|
49
|
+
def broken_service_provider
|
50
|
+
ConfigurationService::Provider::Vault.new(address: "http://127.0.0.1:8201")
|
51
|
+
end
|
52
|
+
|
53
|
+
##
|
54
|
+
# Delete configuration data
|
55
|
+
#
|
56
|
+
# @see http://localhost:8808/docs/ConfigurationService/Test/VaultOrchestrationProvider#delete_configuration-instance_method ConfigurationService::Test::OrchestrationProvider#delete_configuration
|
57
|
+
#
|
58
|
+
def delete_configuration
|
59
|
+
VaultAdminClient.new.delete_configuration(@identifier)
|
60
|
+
end
|
61
|
+
|
62
|
+
##
|
63
|
+
# Provide a token that authorizes a role
|
64
|
+
#
|
65
|
+
# The token is supplied by {ConfigurationService::Test::VaultAdminClient}.
|
66
|
+
#
|
67
|
+
# @see http://localhost:8808/docs/ConfigurationService/Test/VaultOrchestrationProvider#token_for-instance_method ConfigurationService::Test::OrchestrationProvider#token_for
|
68
|
+
#
|
69
|
+
def token_for(role)
|
70
|
+
case role
|
71
|
+
when :consumer
|
72
|
+
VaultAdminClient.new.consumer_token(@identifier)
|
73
|
+
when :publisher
|
74
|
+
VaultAdminClient.new.publisher_token(@identifier)
|
75
|
+
when :none
|
76
|
+
VaultAdminClient.new.none_token(@identifier)
|
77
|
+
else
|
78
|
+
raise "unsupported role #{role}"
|
79
|
+
end
|
80
|
+
end
|
81
|
+
|
82
|
+
end
|
83
|
+
|
84
|
+
end
|
85
|
+
|
86
|
+
end
|
87
|
+
|
88
|
+
ConfigurationService::Test::OrchestrationProviderRegistry.instance.register("vault", ConfigurationService::Test::VaultOrchestrationProvider)
|
metadata
CHANGED
@@ -1,97 +1,97 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: configuration_service-provider-vault
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.
|
4
|
+
version: 2.0.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sheldon Hearn
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-08-
|
11
|
+
date: 2015-08-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: vault
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- - ~>
|
17
|
+
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
19
|
version: '0.1'
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
|
-
- - ~>
|
24
|
+
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: '0.1'
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: configuration_service
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
|
-
- - ~>
|
31
|
+
- - "~>"
|
32
32
|
- !ruby/object:Gem::Version
|
33
33
|
version: 2.0.0
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
|
-
- - ~>
|
38
|
+
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
40
|
version: 2.0.0
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: bundler
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
44
44
|
requirements:
|
45
|
-
- - ~>
|
45
|
+
- - "~>"
|
46
46
|
- !ruby/object:Gem::Version
|
47
|
-
version: '1.
|
47
|
+
version: '1.7'
|
48
48
|
type: :development
|
49
49
|
prerelease: false
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
51
51
|
requirements:
|
52
|
-
- - ~>
|
52
|
+
- - "~>"
|
53
53
|
- !ruby/object:Gem::Version
|
54
|
-
version: '1.
|
54
|
+
version: '1.7'
|
55
55
|
- !ruby/object:Gem::Dependency
|
56
56
|
name: rake
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
58
58
|
requirements:
|
59
|
-
- - ~>
|
59
|
+
- - "~>"
|
60
60
|
- !ruby/object:Gem::Version
|
61
61
|
version: '10.0'
|
62
62
|
type: :development
|
63
63
|
prerelease: false
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
65
65
|
requirements:
|
66
|
-
- - ~>
|
66
|
+
- - "~>"
|
67
67
|
- !ruby/object:Gem::Version
|
68
68
|
version: '10.0'
|
69
69
|
- !ruby/object:Gem::Dependency
|
70
70
|
name: cucumber
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
72
72
|
requirements:
|
73
|
-
- - ~>
|
73
|
+
- - "~>"
|
74
74
|
- !ruby/object:Gem::Version
|
75
75
|
version: '2.0'
|
76
76
|
type: :development
|
77
77
|
prerelease: false
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
79
79
|
requirements:
|
80
|
-
- - ~>
|
80
|
+
- - "~>"
|
81
81
|
- !ruby/object:Gem::Version
|
82
82
|
version: '2.0'
|
83
83
|
- !ruby/object:Gem::Dependency
|
84
84
|
name: rspec-expectations
|
85
85
|
requirement: !ruby/object:Gem::Requirement
|
86
86
|
requirements:
|
87
|
-
- - ~>
|
87
|
+
- - "~>"
|
88
88
|
- !ruby/object:Gem::Version
|
89
89
|
version: '3.3'
|
90
90
|
type: :development
|
91
91
|
prerelease: false
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
93
93
|
requirements:
|
94
|
-
- - ~>
|
94
|
+
- - "~>"
|
95
95
|
- !ruby/object:Gem::Version
|
96
96
|
version: '3.3'
|
97
97
|
description: A HashiCorp Vault provider for the Configuration Service
|
@@ -101,17 +101,21 @@ executables: []
|
|
101
101
|
extensions: []
|
102
102
|
extra_rdoc_files: []
|
103
103
|
files:
|
104
|
-
- .gemspec
|
105
|
-
- .gitignore
|
106
|
-
- .travis.yml
|
104
|
+
- ".gemspec"
|
105
|
+
- ".gitignore"
|
106
|
+
- ".travis.yml"
|
107
|
+
- ".yardopts"
|
107
108
|
- Gemfile
|
108
109
|
- README.md
|
110
|
+
- README.rdoc
|
109
111
|
- Rakefile
|
110
112
|
- bin/console
|
111
113
|
- bin/setup
|
112
114
|
- lib/configuration_service/provider/vault.rb
|
113
115
|
- lib/configuration_service/provider/vault/path_helper.rb
|
114
116
|
- lib/configuration_service/provider/vault/version.rb
|
117
|
+
- lib/configuration_service/test/vault_admin_client.rb
|
118
|
+
- lib/configuration_service/test/vault_orchestration_provider.rb
|
115
119
|
homepage: http://www.hetzner.co.za
|
116
120
|
licenses: []
|
117
121
|
metadata: {}
|
@@ -121,12 +125,12 @@ require_paths:
|
|
121
125
|
- lib
|
122
126
|
required_ruby_version: !ruby/object:Gem::Requirement
|
123
127
|
requirements:
|
124
|
-
- -
|
128
|
+
- - ">="
|
125
129
|
- !ruby/object:Gem::Version
|
126
130
|
version: '0'
|
127
131
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
128
132
|
requirements:
|
129
|
-
- -
|
133
|
+
- - ">="
|
130
134
|
- !ruby/object:Gem::Version
|
131
135
|
version: '0'
|
132
136
|
requirements: []
|
@@ -136,3 +140,4 @@ signing_key:
|
|
136
140
|
specification_version: 4
|
137
141
|
summary: Vault provider for Configuration Service
|
138
142
|
test_files: []
|
143
|
+
has_rdoc:
|