configuration_service-provider-vault 2.0.19 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: da701529c748cdc62dd436a60a5fccf2903cd273
4
- data.tar.gz: 13a505cb6b5de0c02fc6cc744d9c7a209deb803e
3
+ metadata.gz: e5acb4fbf878e0d84cef5766e8628701edf27f6b
4
+ data.tar.gz: a2d9c40fc71fc3e05eaff49f43d9d7d5f70981bc
5
5
  SHA512:
6
- metadata.gz: 0248fc0cfa1f2bf515aa8f38085d1962814545e1ca7d22c1283d75b9be3a9a798983b09ee181039b87bf7ce768d3ff2828455477db8e01aa5255aa282f091070
7
- data.tar.gz: c2d1e8f837fc45bfaf13b8fd2e29f922f35a194fd0328ddf0eb9a90fe65f25d3655a80d367b9137594b2fd7a1b4d87b2ed14c39b1bd375a7413e65f479d1be68
6
+ metadata.gz: 3ee50c274680de1e9dfa0c46d95554f59f8d1028eef2d1190ebb4eac6c5d574a6eb49916eebc4694560e8e849e8ea2413fcf75635da0eef949817edc76ba518c
7
+ data.tar.gz: 43e3d6c9c6ecfa0bafa14b4b43e19f2ee68a1626159df5644d10da6888199c605768521b5054fdb7f6c34b12b0e9f60625e78d2b825e0391beb887152bc2d1a8
data/.gemspec CHANGED
@@ -21,7 +21,7 @@ Gem::Specification.new do |spec|
21
21
  spec.required_ruby_version = '>= 2.1'
22
22
 
23
23
  spec.add_dependency "vault", "~> 0.4"
24
- spec.add_dependency "configuration_service", "~> 2.3.0"
24
+ spec.add_dependency "configuration_service", "~> 4.0.0"
25
25
  spec.add_development_dependency "bundler", "~> 1.7"
26
26
  spec.add_development_dependency "rake", "~> 11.1"
27
27
  spec.add_development_dependency "cucumber", "~> 2.0"
data/.gitignore CHANGED
@@ -1,3 +1,4 @@
1
+ *.swp
1
2
  /.bundle/
2
3
  /.yardoc
3
4
  /Gemfile.lock
@@ -8,3 +9,5 @@
8
9
  /spec/reports/
9
10
  /tmp/
10
11
  /fixtures/vault.pid
12
+ .ruby-gemset
13
+ .ruby-version
data/.rspec CHANGED
@@ -1,2 +1,3 @@
1
1
  --color
2
2
  --require spec_helper
3
+ --format documentation
data/Gemfile CHANGED
@@ -2,3 +2,4 @@ source 'https://rubygems.org'
2
2
 
3
3
  # Specify your gem's dependencies in configuration_service-vault.gemspec
4
4
  gemspec
5
+
@@ -69,6 +69,38 @@ module ConfigurationService
69
69
  end
70
70
  end
71
71
 
72
+ ##
73
+ # Authorize consumption
74
+ #
75
+ # @param [String] identifier
76
+ # the unique identity of the configuration
77
+ # @param [String] token
78
+ # Vault token with +authorize+ permission on the composed secret path
79
+ #
80
+ # @return [Sting] token
81
+ #
82
+ # @raise [ConfigurationService::AuthorizationError] if the request was not allowed
83
+ # @raise [ConfigurationService::Error] if the request was allowed but failed
84
+ ##
85
+ def authorize_consumption(identifier, token)
86
+ @mutex.synchronize do
87
+ authenticate(token)
88
+
89
+ adapt_exceptions do
90
+ path = build_path(identifier, "*")
91
+ policy = <<-EOF
92
+ path "#{path}" {
93
+ policy = "read"
94
+ }
95
+ EOF
96
+ if @vault.sys.put_policy(identifier, policy)
97
+ secret = @vault.auth_token.create(policies: [identifier], no_default_policy: true)
98
+ secret.auth.client_token
99
+ end
100
+ end
101
+ end
102
+ end
103
+
72
104
  ##
73
105
  # Publish configuration
74
106
  #
@@ -109,45 +141,45 @@ module ConfigurationService
109
141
 
110
142
  private
111
143
 
112
- # We explicitly disallow a nil token to defeat ::Vault::Client's default behaviour
113
- # of reading ENV['VAULT_TOKEN'] and ~/.vault-token, which makes testing harder.
114
- #
115
- def authenticate(token)
116
- token or raise ConfigurationService::AuthorizationError, "non-nil token required"
117
- @vault.token = token
118
- end
144
+ # We explicitly disallow a nil token to defeat ::Vault::Client's default behaviour
145
+ # of reading ENV['VAULT_TOKEN'] and ~/.vault-token, which makes testing harder.
146
+ #
147
+ def authenticate(token)
148
+ token or raise ConfigurationService::AuthorizationError, "non-nil token required"
149
+ @vault.token = token
150
+ end
119
151
 
120
- def adapt_exceptions
121
- yield
122
- rescue ::Vault::MissingTokenError
123
- raise ConfigurationService::AuthorizationError, "missing token"
124
- rescue ::Vault::HTTPError => ex
125
- if ex.errors.include?("permission denied")
126
- raise ConfigurationService::AuthorizationError, "permission denied"
127
- else
128
- raise
129
- end
130
- rescue ::Vault::VaultError => ex
131
- raise ConfigurationService::Error, ex.message
152
+ def adapt_exceptions
153
+ yield
154
+ rescue ::Vault::MissingTokenError
155
+ raise ConfigurationService::AuthorizationError, "missing token"
156
+ rescue ::Vault::HTTPError => ex
157
+ if ex.errors.include?("permission denied")
158
+ raise ConfigurationService::AuthorizationError, "permission denied"
159
+ else
160
+ raise
132
161
  end
162
+ rescue ::Vault::VaultError => ex
163
+ raise ConfigurationService::Error, ex.message
164
+ end
133
165
 
134
- def get_latest_revision(identifier)
135
- if response = @vault.logical.read(latest_path(identifier))
136
- response.data[:revision]
137
- end
166
+ def get_latest_revision(identifier)
167
+ if response = @vault.logical.read(latest_path(identifier))
168
+ response.data[:revision]
138
169
  end
170
+ end
139
171
 
140
- def set_latest_revision(identifier, revision)
141
- @vault.logical.write(latest_path(identifier), revision: revision)
142
- end
172
+ def set_latest_revision(identifier, revision)
173
+ @vault.logical.write(latest_path(identifier), revision: revision)
174
+ end
143
175
 
144
- def latest_path(identifier)
145
- PathHelper.path(identifier)
146
- end
176
+ def latest_path(identifier)
177
+ PathHelper.path(identifier)
178
+ end
147
179
 
148
- def build_path(identifier, revision)
149
- PathHelper.path(identifier, revision)
150
- end
180
+ def build_path(identifier, revision)
181
+ PathHelper.path(identifier, revision)
182
+ end
151
183
 
152
184
  end
153
185
 
@@ -4,7 +4,7 @@ module ConfigurationService
4
4
 
5
5
  class Vault
6
6
 
7
- VERSION = "2.0.19"
7
+ VERSION = "3.0.0"
8
8
 
9
9
  end
10
10
 
@@ -40,6 +40,15 @@ module ConfigurationService
40
40
  @vault.logical.delete(path)
41
41
  end
42
42
 
43
+ ##
44
+ # Return a vault admin token
45
+ #
46
+ # @return [String] the token
47
+ #
48
+ def admin_token
49
+ @vault.token
50
+ end
51
+
43
52
  ##
44
53
  # Create a Vault token to request configuration
45
54
  #
@@ -66,8 +66,10 @@ module ConfigurationService
66
66
  #
67
67
  # @see http://localhost:8808/docs/ConfigurationService/Test/VaultOrchestrationProvider#token_for-instance_method ConfigurationService::Test::OrchestrationProvider#token_for
68
68
  #
69
- def token_for(role)
69
+ def credentials_for(role)
70
70
  case role
71
+ when :admin
72
+ VaultAdminClient.new.admin_token()
71
73
  when :consumer
72
74
  VaultAdminClient.new.consumer_token(@identifier)
73
75
  when :publisher
@@ -79,6 +81,14 @@ module ConfigurationService
79
81
  end
80
82
  end
81
83
 
84
+ ##
85
+ # @deprecated use credentials_for()
86
+ ##
87
+ def token_for(role)
88
+ warn "[DEPRECATION] token_for() is deprecated. Please use credentials_for()."
89
+ credentials_for(role)
90
+ end
91
+
82
92
  end
83
93
 
84
94
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: configuration_service-provider-vault
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.19
4
+ version: 3.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sheldon Hearn
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2016-06-20 00:00:00.000000000 Z
11
+ date: 2016-08-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: vault
@@ -30,14 +30,14 @@ dependencies:
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: 2.3.0
33
+ version: 4.0.0
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: 2.3.0
40
+ version: 4.0.0
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: bundler
43
43
  requirement: !ruby/object:Gem::Requirement