dev-vault 0.5.2 → 0.5.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3d012554f26c1dd685c900a550f05afdeb0aceba
-  data.tar.gz: 220279ed96aa66f8aeb46182c6395389d8661015
+  metadata.gz: 961a270a9a52e4c9431755be1eb793cce783cb32
+  data.tar.gz: f1206da878bb90ac4bea0f14fb703cb0122d3709
 SHA512:
-  metadata.gz: bec5ef4030ed4fe559c9abf7d4b09ad805d3e8439c5fe6e2a0d9a88289f1a9ec40836f7b67f6bc29f2da65b3f68dd87b370a04a9d45c037bf746f5fbd768ebb0
-  data.tar.gz: ad7ee8e0b5e41be7f451287b8a2f863985650f13a80a283595ebcd209347fbacc04a0d0dbb917dd69548ad919f44103e3f44d695ee18e4fbaaa46bbb20965136
+  metadata.gz: ef08ed8ec9627aab8b4917003373bc0fbb6c0443590e369575db711bd7f685585cb524f44bbc2a909f4fc8b7d889e5726439d89b56f536ba4e4ab341b86b941c
+  data.tar.gz: ec3e5b85262ab27c2c69bb228ff142be416e868d34111262a0204871c65822e0184be9db37504a954129bfc2a592748d69ec9571c3b5b50f21affaebed7e9a59

data/.rubocop.yml

@@ -21,3 +21,5 @@ RescueModifier:
   Enabled: false
 SpaceInsideStringInterpolation:
   Enabled: false
+Style/Alias:
+  Enabled: false

data/README.md

@@ -40,10 +40,8 @@ require 'dev/vault'
 
 RSpec.configure do |config|
   config.before(:suite) do
-    Dev::Vault.run
-
-    ## Mute output once the vault server is running
-    Dev::Vault.output(false)
+    ## Start Vault with logging suppressed
+    Dev::Vault.run(:output => false)
   end
 
   config.after(:suite) do
@@ -54,6 +52,31 @@ RSpec.configure do |config|
 end
 ```
 
+For more advanced test scenarios involving `init`, `seal`, and `unseal` operations, start a non-dev Vault instance with the `inmem` storage provider:
+
+```ruby
+require 'dev/vault'
+
+RSpec.describe 'Some Vault Test'
+  subject(:vault) do
+    Dev::Vault.new(
+      :dev => false,
+      :port => Dev::Vault::RANDOM_PORT,
+      :output => false
+    ).run.wait
+  end
+
+  after { vault.stop }
+
+  it 'initializes vault' do
+    vault.client.sys.init
+
+    expect(vault.client.sys.init_status.initialized?).to be true
+  end
+```
+
+This test suite will create and destroy un-initialized vault instances for each case.
+
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/rapid7/dev-vault.

data/Rakefile

@@ -9,12 +9,18 @@ task :fetch do
   Dev::Vault::Build.fetch
 end
 
-task :run do
+task :dev do
   Dev::Vault.run
+  Dev::Vault.wait
 end
 
-task :wait do
+task :nodev do
+  Dev::Vault.run(:dev => false, :port => Dev::Vault::RANDOM_PORT)
   Dev::Vault.wait
 end
 
-task :default => [:run, :wait]
+task :block do
+  Dev::Vault.block
+end
+
+task :default => [:dev, :block]

data/dev-vault.gemspec

@@ -5,7 +5,7 @@ require 'dev/vault/version'
 
 Gem::Specification.new do |spec|
   spec.name          = 'dev-vault'
-  spec.version       = Dev::Vault::VERSION
+  spec.version       = "#{Dev::Vault::VERSION}.#{Dev::Vault::RELEASE}"
   spec.authors       = ['John Manero']
   spec.email         = ['jmanero@rapid7.com']
 
@@ -24,4 +24,6 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'zipruby', '~> 0.3'
   spec.add_development_dependency 'bundler', '~> 1.11'
   spec.add_development_dependency 'rake', '~> 10.0'
+
+  spec.add_dependency 'vault', '~> 0.4'
 end

data/lib/dev/vault.rb

@@ -1,125 +1,177 @@
 require_relative './vault/version'
+require_relative './vault/helpers'
 
 require 'json'
-require 'net/http'
 require 'securerandom'
+require 'tempfile'
+require 'vault'
 
 module Dev
   ##
   # Helpers to fetch and run a development-instance of vault
   ##
-  module Vault
-    class << self
-      def bindir
-        File.expand_path('../../bin', __dir__)
-      end
+  class Vault
+    extend Helpers
 
-      def architecture
-        case RUBY_PLATFORM
-        when /x86_64/ then 'amd64'
-        when /amd64/ then 'amd64'
-        when /386/ then '386'
-        when /arm/ then 'arm'
-        else raise NameError, "Unable to detect system architecture for #{RUBY_PLATFORM}"
-        end
-      end
+    DEFAULT_PORT = 8200
+    RANDOM_PORT = 'RANDOM_PORT'.freeze
 
-      def platform
-        case RUBY_PLATFORM
-        when /darwin/ then 'darwin'
-        when /freebsd/ then 'freebsd'
-        when /linux/ then 'linux'
-        else raise NameError, "Unable to detect system platfrom for #{RUBY_PLATFORM}"
-        end
-      end
+    attr_reader :command
+    attr_reader :config
+    attr_reader :output
 
-      def bin
-        File.join(bindir, "vault_#{VERSION}_#{platform}_#{architecture}")
-      end
+    attr_reader :dev
+    alias_method :dev?, :dev
 
-      def token
-        @token ||= SecureRandom.uuid
-      end
+    attr_reader :client
+    attr_reader :port
 
-      def mount(name)
-        post = Net::HTTP::Post.new("/v1/sys/mounts/#{name}")
-        post.body = JSON.generate(:type => name)
-        post['X-Vault-Token'] = token
+    attr_reader :keys
+    attr_reader :token
 
-        Net::HTTP.new('localhost', 8200).request(post)
-      end
+    def initialize(**options)
+      @dev = options.fetch(:dev, true)
+      @token = dev ? SecureRandom.uuid : options[:token]
 
-      def output(arg = nil)
-        @thread[:output] = arg unless @thread.nil? || arg.nil?
-        @thread[:output] unless @thread.nil?
+      @port = case options[:port]
+              when Fixnum then options[:port]
+              when RANDOM_PORT then 10_000 + rand(10_000)
+              else DEFAULT_PORT
+              end
+
+      @command = [self.class.bin, 'server']
+      @command.push(*['-dev', "-dev-root-token-id=#{token}", "-dev-listen-address=127.0.0.1:#{port}"]) if dev?
+      @output = options.fetch(:output, $stdout)
+
+      ## Non-development mode server
+      unless dev?
+        @config = Tempfile.new('dev-vault')
+        @command << "-config=#{config.path}"
       end
 
-      def run
-        puts "Starting #{bin}"
+      @client = ::Vault::Client.new(:address => "http://localhost:#{port}",
+                                    :token => token)
+    end
 
-        ## Fork a child process for Vault from a thread
-        @thread = Thread.new do
-          IO.popen(%(#{bin} server -dev -dev-root-token-id="#{token}"), 'r+') do |io|
-            Thread.current[:process] = io.pid
-            puts "Started #{bin} (#{io.pid})"
+    ## Logging helper
+    def log(*message)
+      return unless output.is_a?(IO)
 
-            ## Stream output
-            loop do
-              break if io.eof?
-              chunk = io.readpartial(1024)
+      output.write(message.join(' ') + "\n")
+      output.flush
+    end
 
-              if Thread.current[:output]
-                Thread.current[:output].write(chunk)
-                Thread.current[:output].flush
-              end
-            end
-          end
-        end
+    ##
+    # Write configuration to tempfile
+    ##
+    def configure
+      raise 'Cannot configure a Vault server in development mode' if dev?
+
+      config.write(
+        JSON.pretty_generate(
+          :backend => {
+            :inmem => {}
+          },
+          :listener => {
+            :tcp => {
+              :address => "127.0.0.1:#{port}",
+              :tls_disable => 'true'
+            }
+          }
+        )
+      )
+
+      config.rewind
+    end
 
-        @thread[:output] = $stdout
+    ##
+    # Helper to initialize a non-development Vault server and store the new token
+    ##
+    def init(**options)
+      raise 'Cannot initialize a Vault server in development mode' if dev?
 
-        ## Wait for the service to become ready
-        loop do
-          begin
-            break if @stopped
+      options[:shares] ||= 1
+      options[:threshold] ||= 1
 
-            status = Net::HTTP.get('localhost', '/v1/sys/seal-status', 8200)
-            status = JSON.parse(status, :symbolize_names => true)
+      result = client.sys.init(options)
 
-            if status[:sealed]
-              puts 'Waiting for Vault HTTP API to be ready'
-              sleep 1
+      ## Capture the new keys and token
+      @keys = result.keys
+      @token = result.root_token
+    end
+
+    def run
+      configure unless dev?
+      log "Running #{command.join(' ')}"
 
-              next
-            end
+      ## Fork a child process for Vault from a thread
+      @stopped = false
+      @thread = Thread.new do
+        IO.popen(command + [:err => [:child, :out]], 'r+') do |io|
+          Thread.current[:process] = io.pid
 
-            puts 'Vault HTTP API is ready!'
-            break
+          ## Stream output
+          loop do
+            break if io.eof?
+            chunk = io.readpartial(1024)
 
-          rescue Errno::ECONNREFUSED, JSON::ParseError
-            puts 'Waiting for Vault HTTP API to be ready'
-            sleep 1
+            next unless output.is_a?(IO)
+            output.write(chunk)
+            output.flush
           end
         end
       end
 
-      def wait
-        @thread.join unless @thread.nil?
+      self
+    end
+
+    ##
+    # Wait for the service to become ready
+    ##
+    def wait
+      loop do
+        break if @stopped || @thread.nil? || !@thread.alive?
+
+        begin
+          client.sys.init_status
+        rescue ::Vault::HTTPConnectionError
+          log 'Waiting for Vault HTTP API to be ready'
+          sleep 1
+
+          next
+        end
+
+        if dev? && !client.sys.init_status.initialized?
+          log 'Waiting for Vault development server to initialize'
+          sleep 1
+
+          next
+        end
+
+        log 'Vault is ready!'
+        break
       end
 
-      def stop
-        unless @thread.nil?
-          unless @thread[:process].nil?
-            puts "Stop #{bin} (#{@thread[:process]})"
-            Process.kill('INT', @thread[:process])
-          end
+      self
+    end
+
+    def block
+      @thread.join unless @thread.nil?
+    end
 
-          @thread.join
+    def stop
+      unless @thread.nil?
+        unless @thread[:process].nil?
+          log "Stop #{command.join(' ')} (#{@thread[:process]})"
+          Process.kill('TERM', @thread[:process])
         end
 
-        @thread = nil
-        @stopped = true
+        @thread.join
       end
+
+      config.unlink unless dev?
+      @thread = nil
+      @stopped = true
     end
   end
 end

data/lib/dev/vault/build.rb

@@ -10,7 +10,7 @@ rescue LoadError
 end
 
 module Dev
-  module Vault
+  class Vault
     ##
     # Tools to fetch and extract Hashicorp's platform builds of Vault
     ##

data/lib/dev/vault/helpers.rb

@@ -0,0 +1,45 @@
+require 'forwardable'
+
+module Dev
+  class Vault
+    ##
+    # Helpers to fetch and run a development-instance of vault
+    ##
+    module Helpers
+      extend Forwardable
+
+      def bindir
+        File.expand_path('../../../bin', __dir__)
+      end
+
+      def architecture
+        case RUBY_PLATFORM
+        when /x86_64/ then 'amd64'
+        when /amd64/ then 'amd64'
+        when /386/ then '386'
+        when /arm/ then 'arm'
+        else raise NameError, "Unable to detect system architecture for #{RUBY_PLATFORM}"
+        end
+      end
+
+      def platform
+        case RUBY_PLATFORM
+        when /darwin/ then 'darwin'
+        when /freebsd/ then 'freebsd'
+        when /linux/ then 'linux'
+        else raise NameError, "Unable to detect system platfrom for #{RUBY_PLATFORM}"
+        end
+      end
+
+      def bin
+        File.join(bindir, "vault_#{VERSION}_#{platform}_#{architecture}")
+      end
+
+      def run(**options)
+        @vault ||= Vault.new(options).run
+      end
+
+      def_delegators :@vault, :client, :command, :config, :dev, :dev?, :port, :token, :output, :configure, :init, :wait, :block, :stop
+    end
+  end
+end

data/lib/dev/vault/version.rb

@@ -1,5 +1,6 @@
 module Dev
-  module Vault
+  class Vault
+    RELEASE = '1'.freeze
     VERSION = '0.5.2'.freeze
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dev-vault
 version: !ruby/object:Gem::Version
-  version: 0.5.2
+  version: 0.5.2.1
 platform: ruby
 authors:
 - John Manero
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-05-11 00:00:00.000000000 Z
+date: 2016-05-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: zipruby
@@ -52,6 +52,20 @@ dependencies:
     - - ~>
       - !ruby/object:Gem::Version
         version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: vault
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.4'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.4'
 description: dev/vault bundles all of Hashicorp's platform-specific binaries for Vault
   and provides helpers to detect the local platform and run the right build.
 email:
@@ -78,6 +92,7 @@ files:
 - dev-vault.gemspec
 - lib/dev/vault.rb
 - lib/dev/vault/build.rb
+- lib/dev/vault/helpers.rb
 - lib/dev/vault/version.rb
 homepage: https://github.com/rapid7/dev-vault
 licenses: