RubyGems - configuration_service-provider-vault - Versions diffs - 2.0.19 → 3.0.0 - Mend

configuration_service-provider-vault 2.0.19 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml +4 -4
data/.gemspec +1 -1
data/.gitignore +3 -0
data/.rspec +1 -0
data/Gemfile +1 -0
data/lib/configuration_service/provider/vault.rb +64 -32
data/lib/configuration_service/provider/vault/version.rb +1 -1
data/lib/configuration_service/test/vault_admin_client.rb +9 -0
data/lib/configuration_service/test/vault_orchestration_provider.rb +11 -1
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: da701529c748cdc62dd436a60a5fccf2903cd273
-  data.tar.gz: 13a505cb6b5de0c02fc6cc744d9c7a209deb803e
+  metadata.gz: e5acb4fbf878e0d84cef5766e8628701edf27f6b
+  data.tar.gz: a2d9c40fc71fc3e05eaff49f43d9d7d5f70981bc
 SHA512:
-  metadata.gz: 0248fc0cfa1f2bf515aa8f38085d1962814545e1ca7d22c1283d75b9be3a9a798983b09ee181039b87bf7ce768d3ff2828455477db8e01aa5255aa282f091070
-  data.tar.gz: c2d1e8f837fc45bfaf13b8fd2e29f922f35a194fd0328ddf0eb9a90fe65f25d3655a80d367b9137594b2fd7a1b4d87b2ed14c39b1bd375a7413e65f479d1be68
+  metadata.gz: 3ee50c274680de1e9dfa0c46d95554f59f8d1028eef2d1190ebb4eac6c5d574a6eb49916eebc4694560e8e849e8ea2413fcf75635da0eef949817edc76ba518c
+  data.tar.gz: 43e3d6c9c6ecfa0bafa14b4b43e19f2ee68a1626159df5644d10da6888199c605768521b5054fdb7f6c34b12b0e9f60625e78d2b825e0391beb887152bc2d1a8

data/.gemspec CHANGED Viewed

@@ -21,7 +21,7 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = '>= 2.1'
   spec.add_dependency "vault", "~> 0.4"
-  spec.add_dependency "configuration_service", "~> 2.3.0"
+  spec.add_dependency "configuration_service", "~> 4.0.0"
   spec.add_development_dependency "bundler", "~> 1.7"
   spec.add_development_dependency "rake", "~> 11.1"
   spec.add_development_dependency "cucumber", "~> 2.0"

data/.gitignore CHANGED Viewed

@@ -1,3 +1,4 @@
+*.swp
 /.bundle/
 /.yardoc
 /Gemfile.lock
@@ -8,3 +9,5 @@
 /spec/reports/
 /tmp/
 /fixtures/vault.pid
+.ruby-gemset
+.ruby-version

data/.rspec CHANGED Viewed

@@ -1,2 +1,3 @@
 --color
 --require spec_helper
+--format documentation

data/Gemfile CHANGED Viewed

@@ -2,3 +2,4 @@ source 'https://rubygems.org'
 # Specify your gem's dependencies in configuration_service-vault.gemspec
 gemspec

data/lib/configuration_service/provider/vault.rb CHANGED Viewed

@@ -69,6 +69,38 @@ module ConfigurationService
         end
       end
+      ##
+      # Authorize consumption
+      #
+      # @param [String] identifier
+      #   the unique identity of the configuration
+      # @param [String] token
+      #   Vault token with +authorize+ permission on the composed secret path
+      #
+      # @return [Sting]  token
+      #
+      # @raise [ConfigurationService::AuthorizationError] if the request was not allowed
+      # @raise [ConfigurationService::Error] if the request was allowed but failed
+      ##
+      def authorize_consumption(identifier, token)
+        @mutex.synchronize do
+          authenticate(token)
+          adapt_exceptions do
+            path = build_path(identifier, "*")
+            policy = <<-EOF
+              path "#{path}" {
+                policy = "read"
+              }
+            EOF
+            if @vault.sys.put_policy(identifier, policy)
+              secret = @vault.auth_token.create(policies: [identifier], no_default_policy: true)
+              secret.auth.client_token
+            end
+          end
+        end
+      end
       ##
       # Publish configuration
       #
@@ -109,45 +141,45 @@ module ConfigurationService
       private
-        # We explicitly disallow a nil token to defeat ::Vault::Client's default behaviour
-        # of reading ENV['VAULT_TOKEN'] and ~/.vault-token, which makes testing harder.
-        #
-        def authenticate(token)
-          token or raise ConfigurationService::AuthorizationError, "non-nil token required"
-          @vault.token = token
-        end
+      # We explicitly disallow a nil token to defeat ::Vault::Client's default behaviour
+      # of reading ENV['VAULT_TOKEN'] and ~/.vault-token, which makes testing harder.
+      #
+      def authenticate(token)
+        token or raise ConfigurationService::AuthorizationError, "non-nil token required"
+        @vault.token = token
+      end
-        def adapt_exceptions
-          yield
-        rescue ::Vault::MissingTokenError
-          raise ConfigurationService::AuthorizationError, "missing token"
-        rescue ::Vault::HTTPError => ex
-          if ex.errors.include?("permission denied")
-            raise ConfigurationService::AuthorizationError, "permission denied"
-          else
-            raise
-          end
-        rescue ::Vault::VaultError => ex
-          raise ConfigurationService::Error, ex.message
+      def adapt_exceptions
+        yield
+      rescue ::Vault::MissingTokenError
+        raise ConfigurationService::AuthorizationError, "missing token"
+      rescue ::Vault::HTTPError => ex
+        if ex.errors.include?("permission denied")
+          raise ConfigurationService::AuthorizationError, "permission denied"
+        else
+          raise
         end
+      rescue ::Vault::VaultError => ex
+        raise ConfigurationService::Error, ex.message
+      end
-        def get_latest_revision(identifier)
-          if response = @vault.logical.read(latest_path(identifier))
-            response.data[:revision]
-          end
+      def get_latest_revision(identifier)
+        if response = @vault.logical.read(latest_path(identifier))
+          response.data[:revision]
         end
+      end
-        def set_latest_revision(identifier, revision)
-          @vault.logical.write(latest_path(identifier), revision: revision)
-        end
+      def set_latest_revision(identifier, revision)
+        @vault.logical.write(latest_path(identifier), revision: revision)
+      end
-        def latest_path(identifier)
-          PathHelper.path(identifier)
-        end
+      def latest_path(identifier)
+        PathHelper.path(identifier)
+      end
-        def build_path(identifier, revision)
-          PathHelper.path(identifier, revision)
-        end
+      def build_path(identifier, revision)
+        PathHelper.path(identifier, revision)
+      end
     end

data/lib/configuration_service/provider/vault/version.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module ConfigurationService
     class Vault
-      VERSION = "2.0.19"
+      VERSION = "3.0.0"
     end

data/lib/configuration_service/test/vault_admin_client.rb CHANGED Viewed

@@ -40,6 +40,15 @@ module ConfigurationService
         @vault.logical.delete(path)
       end
+      ##
+      # Return a vault admin token
+      #
+      # @return [String] the token
+      #
+      def admin_token
+        @vault.token
+      end
       ##
       # Create a Vault token to request configuration
       #

data/lib/configuration_service/test/vault_orchestration_provider.rb CHANGED Viewed

@@ -66,8 +66,10 @@ module ConfigurationService
       #
       # @see http://localhost:8808/docs/ConfigurationService/Test/VaultOrchestrationProvider#token_for-instance_method ConfigurationService::Test::OrchestrationProvider#token_for
       #
-      def token_for(role)
+      def credentials_for(role)
         case role
+        when :admin
+          VaultAdminClient.new.admin_token()
         when :consumer
           VaultAdminClient.new.consumer_token(@identifier)
         when :publisher
@@ -79,6 +81,14 @@ module ConfigurationService
         end
       end
+      ##
+      # @deprecated use credentials_for()
+      ##
+      def token_for(role)
+        warn "[DEPRECATION] token_for() is deprecated.  Please use credentials_for()."
+        credentials_for(role)
+      end
     end
   end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: configuration_service-provider-vault
 version: !ruby/object:Gem::Version
-  version: 2.0.19
+  version: 3.0.0
 platform: ruby
 authors:
 - Sheldon Hearn
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2016-06-20 00:00:00.000000000 Z
+date: 2016-08-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: vault
@@ -30,14 +30,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.3.0
+        version: 4.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.3.0
+        version: 4.0.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement