configuration_service-provider-vault 3.0.1 → 3.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 18856db153801c9b127736fabb4362e5813a328c
-  data.tar.gz: cb5925035eee98812114fc2445748e03c77fc9b6
+  metadata.gz: 1fff8618caf895c631917064234d9f45b0359573
+  data.tar.gz: 33d5e1e43f9eab2364058b2adf26f1c67d1ffd9b
 SHA512:
-  metadata.gz: a2d54cd52fa551069bcc64b08788d86e0b95e56ef337215d9ddc584ef6565db68dc1fc7703dec6897ecc9e82539a5f6cb8c7e6af1b89c31e9d7fc7d01dac12eb
-  data.tar.gz: 480160ed92242e1ff6191551ef99b7bc1a9ab43338a91ecfacbf2ad72d74b9617c8b15df8798df8836029c4cc8b39c731d31dc51026ee4276c5451431aa4825e
+  metadata.gz: 50bc248271ea74fcf0274a58198ebbb5096b6815d451108de6029df19ada3c5a7c63c4dad9b621e6f1b5dd40e8e223a1384d3faf7044409c0793ee2ab9781a29
+  data.tar.gz: 6237b17a9fb0c9d840cd72b5e5d8a006102bb0cdd9b43ffe79fd2a396fdbc97fc3c9ed0f3df3c4bc1e62f414246d52ab951ddb75a27fda0c6c31221edf995f73

data/Gemfile

@@ -2,4 +2,3 @@ source 'https://rubygems.org'
 
 # Specify your gem's dependencies in configuration_service-vault.gemspec
 gemspec
-

data/contrib/publish.rb

@@ -36,12 +36,12 @@ data = begin
          JSON.parse(raw_data)
        end
 
-service = ConfigurationService::Base.new(
-  identifier,
-  ENV["VAULT_TOKEN"],
-  ConfigurationService::Provider::Vault.new(
+service = ConfigurationService::Client.new(
+  identifier: identifier,
+  credentials: ENV["VAULT_TOKEN"],
+  provider: ConfigurationService::Provider::Vault.new(
     address: ENV["VAULT_ADDR"]
   )
 )
 
-puts service.publish_configuration(data).metadata
+puts service.publish_configuration(data: data).metadata

data/contrib/request.rb

@@ -41,13 +41,13 @@ end
 end
 
 identifier = ARGV[0]
-service = ConfigurationService::Base.new(
-  identifier,
-  ENV["VAULT_TOKEN"],
-  ConfigurationService::Provider::Vault.new(
+service = ConfigurationService::Client.new(
+  identifier: identifier,
+  credentials: ENV["VAULT_TOKEN"],
+  provider: ConfigurationService::Provider::Vault.new(
     address: ENV["VAULT_ADDR"]
   )
 )
 
-configuration = service.request_configuration
+configuration = service.request_configuration(identifier: identifier)
 puts formatter[configuration.data]

data/lib/configuration_service/provider/vault.rb

@@ -46,7 +46,7 @@ module ConfigurationService
       #   Vault token with +read+ permission on the composed secret path
       #
       # @return [ConfigurationService::Configuration] the configuration if found
-      # @return [nil] if the configuration for +identifier was not found
+      # @return [nil] if the configuration for +identifier+ was not found
       #
       # @raise [ConfigurationService::AuthorizationError] if the request was not allowed
       # @raise [ConfigurationService::Error] if the request was allowed but failed
@@ -72,8 +72,8 @@ module ConfigurationService
       ##
       # Authorize consumption
       #
-      # @param [String] identifier
-      #   the unique identity of the configuration
+      # @param [String|Array] identifier
+      #   the unique identity/identities of the configuration/s
       # @param [String] token
       #   Vault token with +authorize+ permission on the composed secret path
       #
@@ -83,20 +83,15 @@ module ConfigurationService
       # @raise [ConfigurationService::Error] if the request was allowed but failed
       ##
       def authorize_consumption(identifier, token)
+        identifiers = [identifier].flatten
+
         @mutex.synchronize do
           authenticate(token)
 
           adapt_exceptions do
-            path = build_path(identifier, "*")
-            policy = <<-EOF
-              path "#{path}" {
-                policy = "read"
-              }
-            EOF
-            if @vault.sys.put_policy(identifier, policy)
-              secret = @vault.auth_token.create(policies: [identifier], no_default_policy: true)
-              secret.auth.client_token
-            end
+            create_policies(identifiers)
+            secret = @vault.auth_token.create(policies: identifiers, no_default_policy: true)
+            secret.auth.client_token
           end
         end
       end
@@ -106,7 +101,7 @@ module ConfigurationService
       #
       # The configuration data and metadata is written to a Vault path composed from the configuration's
       # +identifier+ and metadata +revision+ by {ConfigurationService::Provider::PathHelper}.
-      # That path is then written to another path, composed from +identifier and the string "latest".
+      # That path is then written to another path, composed from +identifier+ and the string "latest".
       #
       # This allows the current configuration to always be retrieved from a predictable path in Vault,
       # but preserves revision history of configuration.
@@ -132,7 +127,7 @@ module ConfigurationService
 
           adapt_exceptions do
             path = build_path(identifier, revision)
-            @vault.logical.write(path, data: JSON.generate(data), metadata: JSON.generate(metadata), format: "json")
+            result = @vault.logical.write(path, data: JSON.generate(data), metadata: JSON.generate(metadata), format: "json")
             set_latest_revision(identifier, metadata["revision"])
             ConfigurationService::Configuration.new(identifier, data, metadata)
           end
@@ -141,6 +136,20 @@ module ConfigurationService
 
       private
 
+      def create_policies(identifiers = [])
+        adapt_exceptions do
+          identifiers.each { |identifier| 
+            path = build_path(identifier, "*")
+            policy = <<-EOF
+              path "#{path}" {
+                policy = "read"
+              }
+            EOF
+            @vault.sys.put_policy(identifier, policy)
+          }
+        end
+      end
+
       # We explicitly disallow a nil token to defeat ::Vault::Client's default behaviour
       # of reading ENV['VAULT_TOKEN'] and ~/.vault-token, which makes testing harder.
       #

data/lib/configuration_service/provider/vault/version.rb

@@ -4,7 +4,7 @@ module ConfigurationService
 
     class Vault
 
-      VERSION = "3.0.1"
+      VERSION = "3.1.0"
 
     end
 

data/lib/configuration_service/test/vault_admin_client.rb

@@ -1,5 +1,6 @@
 require "configuration_service/provider/vault"
 require "vault"
+require "configuration_service/provider/vault/path_helper"
 
 module ConfigurationService
 
@@ -58,7 +59,29 @@ module ConfigurationService
       # @return [String] the token
       #
       def consumer_token(identifier)
-        create_token_for(consumer_policy(identifier))
+        client = ConfigurationService::Factory.create_client({
+          "token" => @vault.token,
+          "provider_id" => "vault",
+          "provider_config" => {
+            "address" => @vault.address,
+          },
+          "decorators" => ["reference_resolver"],
+        })
+        client.authorize_consumption(identifier: identifier)
+      end
+
+      def latest_path(identifier)
+        ConfigurationService::Provider::Vault::PathHelper.path(identifier)
+      end
+
+      def get_latest_revision(identifier)
+        if response = @vault.logical.read(latest_path(identifier))
+          response.data[:revision]
+        end
+      end
+
+      def build_path(identifier, revision)
+        ConfigurationService::Provider::Vault::PathHelper.path(identifier, revision)
       end
 
       ##

data/lib/configuration_service/test/vault_orchestration_provider.rb

@@ -66,16 +66,16 @@ module ConfigurationService
       #
       # @see http://localhost:8808/docs/ConfigurationService/Test/VaultOrchestrationProvider#token_for-instance_method ConfigurationService::Test::OrchestrationProvider#token_for
       #
-      def credentials_for(role)
+      def credentials_for(role, identifier = @identifier)
         case role
         when :admin
-          VaultAdminClient.new.admin_token()
+          VaultAdminClient.new.admin_token
         when :consumer
-          VaultAdminClient.new.consumer_token(@identifier)
+          VaultAdminClient.new.consumer_token(identifier)
         when :publisher
-          VaultAdminClient.new.publisher_token(@identifier)
+          VaultAdminClient.new.publisher_token(identifier)
         when :none
-          VaultAdminClient.new.none_token(@identifier)
+          VaultAdminClient.new.none_token(identifier)
         else
           raise "unsupported role #{role}"
         end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: configuration_service-provider-vault
 version: !ruby/object:Gem::Version
-  version: 3.0.1
+  version: 3.1.0
 platform: ruby
 authors:
 - Sheldon Hearn
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2016-08-24 00:00:00.000000000 Z
+date: 2016-09-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: vault