dev-vault 0.5.2 → 0.5.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +2 -0
- data/README.md +27 -4
- data/Rakefile +9 -3
- data/dev-vault.gemspec +3 -1
- data/lib/dev/vault.rb +136 -84
- data/lib/dev/vault/build.rb +1 -1
- data/lib/dev/vault/helpers.rb +45 -0
- data/lib/dev/vault/version.rb +2 -1
- metadata +17 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 961a270a9a52e4c9431755be1eb793cce783cb32
|
4
|
+
data.tar.gz: f1206da878bb90ac4bea0f14fb703cb0122d3709
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ef08ed8ec9627aab8b4917003373bc0fbb6c0443590e369575db711bd7f685585cb524f44bbc2a909f4fc8b7d889e5726439d89b56f536ba4e4ab341b86b941c
|
7
|
+
data.tar.gz: ec3e5b85262ab27c2c69bb228ff142be416e868d34111262a0204871c65822e0184be9db37504a954129bfc2a592748d69ec9571c3b5b50f21affaebed7e9a59
|
data/.rubocop.yml
CHANGED
data/README.md
CHANGED
@@ -40,10 +40,8 @@ require 'dev/vault'
|
|
40
40
|
|
41
41
|
RSpec.configure do |config|
|
42
42
|
config.before(:suite) do
|
43
|
-
|
44
|
-
|
45
|
-
## Mute output once the vault server is running
|
46
|
-
Dev::Vault.output(false)
|
43
|
+
## Start Vault with logging suppressed
|
44
|
+
Dev::Vault.run(:output => false)
|
47
45
|
end
|
48
46
|
|
49
47
|
config.after(:suite) do
|
@@ -54,6 +52,31 @@ RSpec.configure do |config|
|
|
54
52
|
end
|
55
53
|
```
|
56
54
|
|
55
|
+
For more advanced test scenarios involving `init`, `seal`, and `unseal` operations, start a non-dev Vault instance with the `inmem` storage provider:
|
56
|
+
|
57
|
+
```ruby
|
58
|
+
require 'dev/vault'
|
59
|
+
|
60
|
+
RSpec.describe 'Some Vault Test'
|
61
|
+
subject(:vault) do
|
62
|
+
Dev::Vault.new(
|
63
|
+
:dev => false,
|
64
|
+
:port => Dev::Vault::RANDOM_PORT,
|
65
|
+
:output => false
|
66
|
+
).run.wait
|
67
|
+
end
|
68
|
+
|
69
|
+
after { vault.stop }
|
70
|
+
|
71
|
+
it 'initializes vault' do
|
72
|
+
vault.client.sys.init
|
73
|
+
|
74
|
+
expect(vault.client.sys.init_status.initialized?).to be true
|
75
|
+
end
|
76
|
+
```
|
77
|
+
|
78
|
+
This test suite will create and destroy un-initialized vault instances for each case.
|
79
|
+
|
57
80
|
## Contributing
|
58
81
|
|
59
82
|
Bug reports and pull requests are welcome on GitHub at https://github.com/rapid7/dev-vault.
|
data/Rakefile
CHANGED
@@ -9,12 +9,18 @@ task :fetch do
|
|
9
9
|
Dev::Vault::Build.fetch
|
10
10
|
end
|
11
11
|
|
12
|
-
task :
|
12
|
+
task :dev do
|
13
13
|
Dev::Vault.run
|
14
|
+
Dev::Vault.wait
|
14
15
|
end
|
15
16
|
|
16
|
-
task :
|
17
|
+
task :nodev do
|
18
|
+
Dev::Vault.run(:dev => false, :port => Dev::Vault::RANDOM_PORT)
|
17
19
|
Dev::Vault.wait
|
18
20
|
end
|
19
21
|
|
20
|
-
task :
|
22
|
+
task :block do
|
23
|
+
Dev::Vault.block
|
24
|
+
end
|
25
|
+
|
26
|
+
task :default => [:dev, :block]
|
data/dev-vault.gemspec
CHANGED
@@ -5,7 +5,7 @@ require 'dev/vault/version'
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |spec|
|
7
7
|
spec.name = 'dev-vault'
|
8
|
-
spec.version = Dev::Vault::VERSION
|
8
|
+
spec.version = "#{Dev::Vault::VERSION}.#{Dev::Vault::RELEASE}"
|
9
9
|
spec.authors = ['John Manero']
|
10
10
|
spec.email = ['jmanero@rapid7.com']
|
11
11
|
|
@@ -24,4 +24,6 @@ Gem::Specification.new do |spec|
|
|
24
24
|
spec.add_development_dependency 'zipruby', '~> 0.3'
|
25
25
|
spec.add_development_dependency 'bundler', '~> 1.11'
|
26
26
|
spec.add_development_dependency 'rake', '~> 10.0'
|
27
|
+
|
28
|
+
spec.add_dependency 'vault', '~> 0.4'
|
27
29
|
end
|
data/lib/dev/vault.rb
CHANGED
@@ -1,125 +1,177 @@
|
|
1
1
|
require_relative './vault/version'
|
2
|
+
require_relative './vault/helpers'
|
2
3
|
|
3
4
|
require 'json'
|
4
|
-
require 'net/http'
|
5
5
|
require 'securerandom'
|
6
|
+
require 'tempfile'
|
7
|
+
require 'vault'
|
6
8
|
|
7
9
|
module Dev
|
8
10
|
##
|
9
11
|
# Helpers to fetch and run a development-instance of vault
|
10
12
|
##
|
11
|
-
|
12
|
-
|
13
|
-
def bindir
|
14
|
-
File.expand_path('../../bin', __dir__)
|
15
|
-
end
|
13
|
+
class Vault
|
14
|
+
extend Helpers
|
16
15
|
|
17
|
-
|
18
|
-
|
19
|
-
when /x86_64/ then 'amd64'
|
20
|
-
when /amd64/ then 'amd64'
|
21
|
-
when /386/ then '386'
|
22
|
-
when /arm/ then 'arm'
|
23
|
-
else raise NameError, "Unable to detect system architecture for #{RUBY_PLATFORM}"
|
24
|
-
end
|
25
|
-
end
|
16
|
+
DEFAULT_PORT = 8200
|
17
|
+
RANDOM_PORT = 'RANDOM_PORT'.freeze
|
26
18
|
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
when /freebsd/ then 'freebsd'
|
31
|
-
when /linux/ then 'linux'
|
32
|
-
else raise NameError, "Unable to detect system platfrom for #{RUBY_PLATFORM}"
|
33
|
-
end
|
34
|
-
end
|
19
|
+
attr_reader :command
|
20
|
+
attr_reader :config
|
21
|
+
attr_reader :output
|
35
22
|
|
36
|
-
|
37
|
-
|
38
|
-
end
|
23
|
+
attr_reader :dev
|
24
|
+
alias_method :dev?, :dev
|
39
25
|
|
40
|
-
|
41
|
-
|
42
|
-
end
|
26
|
+
attr_reader :client
|
27
|
+
attr_reader :port
|
43
28
|
|
44
|
-
|
45
|
-
|
46
|
-
post.body = JSON.generate(:type => name)
|
47
|
-
post['X-Vault-Token'] = token
|
29
|
+
attr_reader :keys
|
30
|
+
attr_reader :token
|
48
31
|
|
49
|
-
|
50
|
-
|
32
|
+
def initialize(**options)
|
33
|
+
@dev = options.fetch(:dev, true)
|
34
|
+
@token = dev ? SecureRandom.uuid : options[:token]
|
51
35
|
|
52
|
-
|
53
|
-
|
54
|
-
|
36
|
+
@port = case options[:port]
|
37
|
+
when Fixnum then options[:port]
|
38
|
+
when RANDOM_PORT then 10_000 + rand(10_000)
|
39
|
+
else DEFAULT_PORT
|
40
|
+
end
|
41
|
+
|
42
|
+
@command = [self.class.bin, 'server']
|
43
|
+
@command.push(*['-dev', "-dev-root-token-id=#{token}", "-dev-listen-address=127.0.0.1:#{port}"]) if dev?
|
44
|
+
@output = options.fetch(:output, $stdout)
|
45
|
+
|
46
|
+
## Non-development mode server
|
47
|
+
unless dev?
|
48
|
+
@config = Tempfile.new('dev-vault')
|
49
|
+
@command << "-config=#{config.path}"
|
55
50
|
end
|
56
51
|
|
57
|
-
|
58
|
-
|
52
|
+
@client = ::Vault::Client.new(:address => "http://localhost:#{port}",
|
53
|
+
:token => token)
|
54
|
+
end
|
59
55
|
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
Thread.current[:process] = io.pid
|
64
|
-
puts "Started #{bin} (#{io.pid})"
|
56
|
+
## Logging helper
|
57
|
+
def log(*message)
|
58
|
+
return unless output.is_a?(IO)
|
65
59
|
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
chunk = io.readpartial(1024)
|
60
|
+
output.write(message.join(' ') + "\n")
|
61
|
+
output.flush
|
62
|
+
end
|
70
63
|
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
64
|
+
##
|
65
|
+
# Write configuration to tempfile
|
66
|
+
##
|
67
|
+
def configure
|
68
|
+
raise 'Cannot configure a Vault server in development mode' if dev?
|
69
|
+
|
70
|
+
config.write(
|
71
|
+
JSON.pretty_generate(
|
72
|
+
:backend => {
|
73
|
+
:inmem => {}
|
74
|
+
},
|
75
|
+
:listener => {
|
76
|
+
:tcp => {
|
77
|
+
:address => "127.0.0.1:#{port}",
|
78
|
+
:tls_disable => 'true'
|
79
|
+
}
|
80
|
+
}
|
81
|
+
)
|
82
|
+
)
|
83
|
+
|
84
|
+
config.rewind
|
85
|
+
end
|
78
86
|
|
79
|
-
|
87
|
+
##
|
88
|
+
# Helper to initialize a non-development Vault server and store the new token
|
89
|
+
##
|
90
|
+
def init(**options)
|
91
|
+
raise 'Cannot initialize a Vault server in development mode' if dev?
|
80
92
|
|
81
|
-
|
82
|
-
|
83
|
-
begin
|
84
|
-
break if @stopped
|
93
|
+
options[:shares] ||= 1
|
94
|
+
options[:threshold] ||= 1
|
85
95
|
|
86
|
-
|
87
|
-
status = JSON.parse(status, :symbolize_names => true)
|
96
|
+
result = client.sys.init(options)
|
88
97
|
|
89
|
-
|
90
|
-
|
91
|
-
|
98
|
+
## Capture the new keys and token
|
99
|
+
@keys = result.keys
|
100
|
+
@token = result.root_token
|
101
|
+
end
|
102
|
+
|
103
|
+
def run
|
104
|
+
configure unless dev?
|
105
|
+
log "Running #{command.join(' ')}"
|
92
106
|
|
93
|
-
|
94
|
-
|
107
|
+
## Fork a child process for Vault from a thread
|
108
|
+
@stopped = false
|
109
|
+
@thread = Thread.new do
|
110
|
+
IO.popen(command + [:err => [:child, :out]], 'r+') do |io|
|
111
|
+
Thread.current[:process] = io.pid
|
95
112
|
|
96
|
-
|
97
|
-
|
113
|
+
## Stream output
|
114
|
+
loop do
|
115
|
+
break if io.eof?
|
116
|
+
chunk = io.readpartial(1024)
|
98
117
|
|
99
|
-
|
100
|
-
|
101
|
-
|
118
|
+
next unless output.is_a?(IO)
|
119
|
+
output.write(chunk)
|
120
|
+
output.flush
|
102
121
|
end
|
103
122
|
end
|
104
123
|
end
|
105
124
|
|
106
|
-
|
107
|
-
|
125
|
+
self
|
126
|
+
end
|
127
|
+
|
128
|
+
##
|
129
|
+
# Wait for the service to become ready
|
130
|
+
##
|
131
|
+
def wait
|
132
|
+
loop do
|
133
|
+
break if @stopped || @thread.nil? || !@thread.alive?
|
134
|
+
|
135
|
+
begin
|
136
|
+
client.sys.init_status
|
137
|
+
rescue ::Vault::HTTPConnectionError
|
138
|
+
log 'Waiting for Vault HTTP API to be ready'
|
139
|
+
sleep 1
|
140
|
+
|
141
|
+
next
|
142
|
+
end
|
143
|
+
|
144
|
+
if dev? && !client.sys.init_status.initialized?
|
145
|
+
log 'Waiting for Vault development server to initialize'
|
146
|
+
sleep 1
|
147
|
+
|
148
|
+
next
|
149
|
+
end
|
150
|
+
|
151
|
+
log 'Vault is ready!'
|
152
|
+
break
|
108
153
|
end
|
109
154
|
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
|
155
|
+
self
|
156
|
+
end
|
157
|
+
|
158
|
+
def block
|
159
|
+
@thread.join unless @thread.nil?
|
160
|
+
end
|
116
161
|
|
117
|
-
|
162
|
+
def stop
|
163
|
+
unless @thread.nil?
|
164
|
+
unless @thread[:process].nil?
|
165
|
+
log "Stop #{command.join(' ')} (#{@thread[:process]})"
|
166
|
+
Process.kill('TERM', @thread[:process])
|
118
167
|
end
|
119
168
|
|
120
|
-
@thread
|
121
|
-
@stopped = true
|
169
|
+
@thread.join
|
122
170
|
end
|
171
|
+
|
172
|
+
config.unlink unless dev?
|
173
|
+
@thread = nil
|
174
|
+
@stopped = true
|
123
175
|
end
|
124
176
|
end
|
125
177
|
end
|
data/lib/dev/vault/build.rb
CHANGED
@@ -0,0 +1,45 @@
|
|
1
|
+
require 'forwardable'
|
2
|
+
|
3
|
+
module Dev
|
4
|
+
class Vault
|
5
|
+
##
|
6
|
+
# Helpers to fetch and run a development-instance of vault
|
7
|
+
##
|
8
|
+
module Helpers
|
9
|
+
extend Forwardable
|
10
|
+
|
11
|
+
def bindir
|
12
|
+
File.expand_path('../../../bin', __dir__)
|
13
|
+
end
|
14
|
+
|
15
|
+
def architecture
|
16
|
+
case RUBY_PLATFORM
|
17
|
+
when /x86_64/ then 'amd64'
|
18
|
+
when /amd64/ then 'amd64'
|
19
|
+
when /386/ then '386'
|
20
|
+
when /arm/ then 'arm'
|
21
|
+
else raise NameError, "Unable to detect system architecture for #{RUBY_PLATFORM}"
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
def platform
|
26
|
+
case RUBY_PLATFORM
|
27
|
+
when /darwin/ then 'darwin'
|
28
|
+
when /freebsd/ then 'freebsd'
|
29
|
+
when /linux/ then 'linux'
|
30
|
+
else raise NameError, "Unable to detect system platfrom for #{RUBY_PLATFORM}"
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
def bin
|
35
|
+
File.join(bindir, "vault_#{VERSION}_#{platform}_#{architecture}")
|
36
|
+
end
|
37
|
+
|
38
|
+
def run(**options)
|
39
|
+
@vault ||= Vault.new(options).run
|
40
|
+
end
|
41
|
+
|
42
|
+
def_delegators :@vault, :client, :command, :config, :dev, :dev?, :port, :token, :output, :configure, :init, :wait, :block, :stop
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
data/lib/dev/vault/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dev-vault
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.5.2
|
4
|
+
version: 0.5.2.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- John Manero
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-05-
|
11
|
+
date: 2016-05-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: zipruby
|
@@ -52,6 +52,20 @@ dependencies:
|
|
52
52
|
- - ~>
|
53
53
|
- !ruby/object:Gem::Version
|
54
54
|
version: '10.0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: vault
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ~>
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0.4'
|
62
|
+
type: :runtime
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ~>
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '0.4'
|
55
69
|
description: dev/vault bundles all of Hashicorp's platform-specific binaries for Vault
|
56
70
|
and provides helpers to detect the local platform and run the right build.
|
57
71
|
email:
|
@@ -78,6 +92,7 @@ files:
|
|
78
92
|
- dev-vault.gemspec
|
79
93
|
- lib/dev/vault.rb
|
80
94
|
- lib/dev/vault/build.rb
|
95
|
+
- lib/dev/vault/helpers.rb
|
81
96
|
- lib/dev/vault/version.rb
|
82
97
|
homepage: https://github.com/rapid7/dev-vault
|
83
98
|
licenses:
|