RubyGems - configuration_service-provider-vault - Versions diffs - 3.0.1 → 3.1.0 - Mend

configuration_service-provider-vault 3.0.1 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/Gemfile +0 -1
data/contrib/publish.rb +5 -5
data/contrib/request.rb +5 -5
data/lib/configuration_service/provider/vault.rb +24 -15
data/lib/configuration_service/provider/vault/version.rb +1 -1
data/lib/configuration_service/test/vault_admin_client.rb +24 -1
data/lib/configuration_service/test/vault_orchestration_provider.rb +5 -5
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 18856db153801c9b127736fabb4362e5813a328c
-  data.tar.gz: cb5925035eee98812114fc2445748e03c77fc9b6
+  metadata.gz: 1fff8618caf895c631917064234d9f45b0359573
+  data.tar.gz: 33d5e1e43f9eab2364058b2adf26f1c67d1ffd9b
 SHA512:
-  metadata.gz: a2d54cd52fa551069bcc64b08788d86e0b95e56ef337215d9ddc584ef6565db68dc1fc7703dec6897ecc9e82539a5f6cb8c7e6af1b89c31e9d7fc7d01dac12eb
-  data.tar.gz: 480160ed92242e1ff6191551ef99b7bc1a9ab43338a91ecfacbf2ad72d74b9617c8b15df8798df8836029c4cc8b39c731d31dc51026ee4276c5451431aa4825e
+  metadata.gz: 50bc248271ea74fcf0274a58198ebbb5096b6815d451108de6029df19ada3c5a7c63c4dad9b621e6f1b5dd40e8e223a1384d3faf7044409c0793ee2ab9781a29
+  data.tar.gz: 6237b17a9fb0c9d840cd72b5e5d8a006102bb0cdd9b43ffe79fd2a396fdbc97fc3c9ed0f3df3c4bc1e62f414246d52ab951ddb75a27fda0c6c31221edf995f73

data/Gemfile CHANGED Viewed

@@ -2,4 +2,3 @@ source 'https://rubygems.org'
 # Specify your gem's dependencies in configuration_service-vault.gemspec
 gemspec

data/contrib/publish.rb CHANGED Viewed

@@ -36,12 +36,12 @@ data = begin
          JSON.parse(raw_data)
        end
-service = ConfigurationService::Base.new(
-  identifier,
-  ENV["VAULT_TOKEN"],
-  ConfigurationService::Provider::Vault.new(
+service = ConfigurationService::Client.new(
+  identifier: identifier,
+  credentials: ENV["VAULT_TOKEN"],
+  provider: ConfigurationService::Provider::Vault.new(
     address: ENV["VAULT_ADDR"]
   )
 )
-puts service.publish_configuration(data).metadata
+puts service.publish_configuration(data: data).metadata

data/contrib/request.rb CHANGED Viewed

@@ -41,13 +41,13 @@ end
 end
 identifier = ARGV[0]
-service = ConfigurationService::Base.new(
-  identifier,
-  ENV["VAULT_TOKEN"],
-  ConfigurationService::Provider::Vault.new(
+service = ConfigurationService::Client.new(
+  identifier: identifier,
+  credentials: ENV["VAULT_TOKEN"],
+  provider: ConfigurationService::Provider::Vault.new(
     address: ENV["VAULT_ADDR"]
   )
 )
-configuration = service.request_configuration
+configuration = service.request_configuration(identifier: identifier)
 puts formatter[configuration.data]

data/lib/configuration_service/provider/vault.rb CHANGED Viewed

@@ -46,7 +46,7 @@ module ConfigurationService
       #   Vault token with +read+ permission on the composed secret path
       #
       # @return [ConfigurationService::Configuration] the configuration if found
-      # @return [nil] if the configuration for +identifier was not found
+      # @return [nil] if the configuration for +identifier+ was not found
       #
       # @raise [ConfigurationService::AuthorizationError] if the request was not allowed
       # @raise [ConfigurationService::Error] if the request was allowed but failed
@@ -72,8 +72,8 @@ module ConfigurationService
       ##
       # Authorize consumption
       #
-      # @param [String] identifier
-      #   the unique identity of the configuration
+      # @param [String|Array] identifier
+      #   the unique identity/identities of the configuration/s
       # @param [String] token
       #   Vault token with +authorize+ permission on the composed secret path
       #
@@ -83,20 +83,15 @@ module ConfigurationService
       # @raise [ConfigurationService::Error] if the request was allowed but failed
       ##
       def authorize_consumption(identifier, token)
+        identifiers = [identifier].flatten
         @mutex.synchronize do
           authenticate(token)
           adapt_exceptions do
-            path = build_path(identifier, "*")
-            policy = <<-EOF
-              path "#{path}" {
-                policy = "read"
-              }
-            EOF
-            if @vault.sys.put_policy(identifier, policy)
-              secret = @vault.auth_token.create(policies: [identifier], no_default_policy: true)
-              secret.auth.client_token
-            end
+            create_policies(identifiers)
+            secret = @vault.auth_token.create(policies: identifiers, no_default_policy: true)
+            secret.auth.client_token
           end
         end
       end
@@ -106,7 +101,7 @@ module ConfigurationService
       #
       # The configuration data and metadata is written to a Vault path composed from the configuration's
       # +identifier+ and metadata +revision+ by {ConfigurationService::Provider::PathHelper}.
-      # That path is then written to another path, composed from +identifier and the string "latest".
+      # That path is then written to another path, composed from +identifier+ and the string "latest".
       #
       # This allows the current configuration to always be retrieved from a predictable path in Vault,
       # but preserves revision history of configuration.
@@ -132,7 +127,7 @@ module ConfigurationService
           adapt_exceptions do
             path = build_path(identifier, revision)
-            @vault.logical.write(path, data: JSON.generate(data), metadata: JSON.generate(metadata), format: "json")
+            result = @vault.logical.write(path, data: JSON.generate(data), metadata: JSON.generate(metadata), format: "json")
             set_latest_revision(identifier, metadata["revision"])
             ConfigurationService::Configuration.new(identifier, data, metadata)
           end
@@ -141,6 +136,20 @@ module ConfigurationService
       private
+      def create_policies(identifiers = [])
+        adapt_exceptions do
+          identifiers.each { |identifier|
+            path = build_path(identifier, "*")
+            policy = <<-EOF
+              path "#{path}" {
+                policy = "read"
+              }
+            EOF
+            @vault.sys.put_policy(identifier, policy)
+          }
+        end
+      end
       # We explicitly disallow a nil token to defeat ::Vault::Client's default behaviour
       # of reading ENV['VAULT_TOKEN'] and ~/.vault-token, which makes testing harder.
       #

data/lib/configuration_service/provider/vault/version.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module ConfigurationService
     class Vault
-      VERSION = "3.0.1"
+      VERSION = "3.1.0"
     end

data/lib/configuration_service/test/vault_admin_client.rb CHANGED Viewed

@@ -1,5 +1,6 @@
 require "configuration_service/provider/vault"
 require "vault"
+require "configuration_service/provider/vault/path_helper"
 module ConfigurationService
@@ -58,7 +59,29 @@ module ConfigurationService
       # @return [String] the token
       #
       def consumer_token(identifier)
-        create_token_for(consumer_policy(identifier))
+        client = ConfigurationService::Factory.create_client({
+          "token" => @vault.token,
+          "provider_id" => "vault",
+          "provider_config" => {
+            "address" => @vault.address,
+          },
+          "decorators" => ["reference_resolver"],
+        })
+        client.authorize_consumption(identifier: identifier)
+      end
+      def latest_path(identifier)
+        ConfigurationService::Provider::Vault::PathHelper.path(identifier)
+      end
+      def get_latest_revision(identifier)
+        if response = @vault.logical.read(latest_path(identifier))
+          response.data[:revision]
+        end
+      end
+      def build_path(identifier, revision)
+        ConfigurationService::Provider::Vault::PathHelper.path(identifier, revision)
       end
       ##

data/lib/configuration_service/test/vault_orchestration_provider.rb CHANGED Viewed

@@ -66,16 +66,16 @@ module ConfigurationService
       #
       # @see http://localhost:8808/docs/ConfigurationService/Test/VaultOrchestrationProvider#token_for-instance_method ConfigurationService::Test::OrchestrationProvider#token_for
       #
-      def credentials_for(role)
+      def credentials_for(role, identifier = @identifier)
         case role
         when :admin
-          VaultAdminClient.new.admin_token()
+          VaultAdminClient.new.admin_token
         when :consumer
-          VaultAdminClient.new.consumer_token(@identifier)
+          VaultAdminClient.new.consumer_token(identifier)
         when :publisher
-          VaultAdminClient.new.publisher_token(@identifier)
+          VaultAdminClient.new.publisher_token(identifier)
         when :none
-          VaultAdminClient.new.none_token(@identifier)
+          VaultAdminClient.new.none_token(identifier)
         else
           raise "unsupported role #{role}"
         end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: configuration_service-provider-vault
 version: !ruby/object:Gem::Version
-  version: 3.0.1
+  version: 3.1.0
 platform: ruby
 authors:
 - Sheldon Hearn
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2016-08-24 00:00:00.000000000 Z
+date: 2016-09-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: vault