configuration_service-provider-vault 2.0.0 → 2.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 308555a5fbb41084a4993fff7e606b0d3ecaaa94
|
|
4
|
+
data.tar.gz: f31b038011e7af7e90e440f27357a7e3a6f715f0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a3a365096aa3acd90582d00b5496124e7657703a73ff711651736f10059710f57225731d73e1a5164967d3db292e3e12523cc77e2ecf79f9503c79a6cdf130b1
|
|
7
|
+
data.tar.gz: 42f59961c487c15e69ad9b6e618a7f7b5b8286b71876532e999602a43f80afb42f66f931c5dd2fd7126293e5b4221edc64abeb844755324c917e2f90df698675
|
data/README.md
CHANGED
|
@@ -21,11 +21,8 @@ require 'bundler'
|
|
|
21
21
|
Bundler.require(:default)
|
|
22
22
|
|
|
23
23
|
service = ConfigurationService::Factory::EnvironmentContext.create
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
else
|
|
27
|
-
raise "configuration not found"
|
|
28
|
-
end
|
|
24
|
+
configuraton = service.request_configuration
|
|
25
|
+
AcmeApplication.new(configuration.data).run
|
|
29
26
|
```
|
|
30
27
|
|
|
31
28
|
This relies on a [bundler](http://bundler.io) Gemfile to provide the
|
|
@@ -69,9 +66,5 @@ service = ConfigurationService.new(
|
|
|
69
66
|
address: "http://127.0.0.1:8200"
|
|
70
67
|
)
|
|
71
68
|
)
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
else
|
|
75
|
-
raise "configuration not found"
|
|
76
|
-
end
|
|
77
|
-
```
|
|
69
|
+
configuraton = service.request_configuration
|
|
70
|
+
AcmeApplication.new(configuration.data).run
|
|
@@ -9,12 +9,25 @@ module ConfigurationService
|
|
|
9
9
|
|
|
10
10
|
module Provider
|
|
11
11
|
|
|
12
|
+
##
|
|
13
|
+
# Vault provider for the configuration service
|
|
14
|
+
#
|
|
15
|
+
# Instances of this class are intended to be composed into a ConfigurationService::Base,
|
|
16
|
+
# usually by a ConfigurationService::Factory.
|
|
17
|
+
#
|
|
12
18
|
class Vault
|
|
13
19
|
|
|
14
20
|
def initialize(address:)
|
|
15
21
|
@vault = ::Vault::Client.new(address: address)
|
|
16
22
|
end
|
|
17
23
|
|
|
24
|
+
##
|
|
25
|
+
# Request configuration from Vault
|
|
26
|
+
#
|
|
27
|
+
# The Vault secret path is composed by IndexHelper, using the +identifier+ and the string "latest".
|
|
28
|
+
#
|
|
29
|
+
# See #publish_configuration.
|
|
30
|
+
#
|
|
18
31
|
def request_configuration(identifier, token)
|
|
19
32
|
authenticate(token)
|
|
20
33
|
|
|
@@ -29,6 +42,18 @@ module ConfigurationService
|
|
|
29
42
|
end
|
|
30
43
|
end
|
|
31
44
|
|
|
45
|
+
##
|
|
46
|
+
# Publish configuration to Vault
|
|
47
|
+
#
|
|
48
|
+
# The configuration is written to a Vault path composed by IndexHelper, using the configuration's
|
|
49
|
+
# +identifier+ and metadata +revision+ as the path. That path is then written to another path,
|
|
50
|
+
# also composed by IndexHelper, using +identifier+ and the string "latest".
|
|
51
|
+
#
|
|
52
|
+
# This allows the current configuration to always be retrieved from a predictable path in Vault,
|
|
53
|
+
# but preserves revision history of configuration.
|
|
54
|
+
#
|
|
55
|
+
# TODO make revision history queryable (blocked by https://github.com/hashicorp/vault/issues/111)
|
|
56
|
+
#
|
|
32
57
|
def publish_configuration(configuration, token)
|
|
33
58
|
authenticate(token)
|
|
34
59
|
|
|
@@ -43,10 +68,6 @@ module ConfigurationService
|
|
|
43
68
|
end
|
|
44
69
|
end
|
|
45
70
|
|
|
46
|
-
def key(identifier)
|
|
47
|
-
self.class.key(identifier)
|
|
48
|
-
end
|
|
49
|
-
|
|
50
71
|
private
|
|
51
72
|
|
|
52
73
|
# We explicitly disallow a nil token to defeat ::Vault::Client's default behaviour
|
|
@@ -4,14 +4,34 @@ module ConfigurationService
|
|
|
4
4
|
|
|
5
5
|
class Vault
|
|
6
6
|
|
|
7
|
+
##
|
|
8
|
+
# Utility module for creating Vault paths
|
|
9
|
+
#
|
|
10
|
+
# The module supports:
|
|
11
|
+
#
|
|
12
|
+
# * versioning paths to support backward-incompatible changes to the
|
|
13
|
+
# pathing and data schemes;
|
|
14
|
+
# * composing the configuration identifier into the path, and
|
|
15
|
+
# * composing a revision (or "latest") into the path, to support
|
|
16
|
+
# revision history.
|
|
17
|
+
#
|
|
7
18
|
module IndexHelper
|
|
8
19
|
|
|
9
|
-
PREFIX = "secret/config/v1"
|
|
20
|
+
PREFIX = "secret/config/v1" unless defined?(PREFIX)
|
|
10
21
|
|
|
22
|
+
##
|
|
23
|
+
# Returns the path for the given +revision+ of +identifier+
|
|
24
|
+
#
|
|
11
25
|
def self.index(identifier, revision = "latest")
|
|
12
26
|
"#{policy_index(identifier)}/#{revision}"
|
|
13
27
|
end
|
|
14
28
|
|
|
29
|
+
##
|
|
30
|
+
# Returns the policy path for the given +identifier+
|
|
31
|
+
#
|
|
32
|
+
# Since policies must apply to all revisions of the identified configuration,
|
|
33
|
+
# the policy path is necessarily broad.
|
|
34
|
+
#
|
|
15
35
|
def self.policy_index(identifier)
|
|
16
36
|
"#{PREFIX}/#{identifier}"
|
|
17
37
|
end
|