foreman_vault 1.1.0 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 39553e728b4ff3661a8b0fc008ee0959e5fdbba5f915a9f7f9d09bdd24d9d65a
4
- data.tar.gz: 34b06a3ffc2cfdd6055356c4af15e91bb7d94de7954983d0becc20881c85fef3
3
+ metadata.gz: 1a698b340bc8ac1d8e1f9313548b3f27b971e87863886b4eac7c345c836460f2
4
+ data.tar.gz: 199cfbb6dae934a8dddc047964f068ad68a0fb1dd32590dbf4a976513229a205
5
5
  SHA512:
6
- metadata.gz: 04fe38f150fb63017eeb3803c14ea02fe6eb557a8a51d13f7f089bc4a7e5ca12f08182ede2c642e5dd6b47d5ab53e5adcc80e45117ad714ad6154cec2df486de
7
- data.tar.gz: d6ecb38160b4180a137a6db4f0d9e7fa6e9e14d32ebc5e98cae09a92f18997946bacc548adc4a55f7e19107ae6f2fcdbe7e43ab5a540b0d96706239dd81aa462
6
+ metadata.gz: 43759e193861b1ead17c0112b73fb7b36f613348f0041687e84646bb1e9ae869f5833893f4a749ffee880a921e23896a1ff5dfa7488cff7d6079d9056ffb3332
7
+ data.tar.gz: b956c84f73978386e43ad0e095d86ff1a2383f826f747252a176fe1198df2605c0e10d740c1fdacbb99f9105773ebef00e891c643e386f24e448d185389d9e08
data/README.md CHANGED
@@ -32,7 +32,7 @@ This allows Foreman to create everything needed to access Hashicorp Vault direct
32
32
  - Working Vault instance
33
33
  - with _cert_ auth enabled
34
34
  - with _approle_ auth enabled
35
- - with _kv_ secret store enabled
35
+ - with _kv v1_ secret store enabled
36
36
  - valid Vault Token
37
37
 
38
38
  **Dev Vault Instance**
@@ -43,7 +43,7 @@ To run a local Vault dev environment on MacOS use:
43
43
  $ brew install vault
44
44
  $ vault server -dev
45
45
  $ export VAULT_ADDR='http://127.0.0.1:8200'
46
- $ vault secrets enable kv
46
+ $ vault secrets enable -version=1 kv
47
47
  $ vault auth enable cert
48
48
 
49
49
  $ vault token create -period=60m
@@ -11,6 +11,8 @@ class Setting
11
11
 
12
12
  # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
13
13
  def self.load_defaults
14
+ return unless Gem::Version.new(SETTINGS[:version].notag) < Gem::Version.new('3.4')
15
+
14
16
  # Check the table exists
15
17
  return unless super
16
18
 
@@ -33,7 +35,6 @@ class Setting
33
35
  end
34
36
  end
35
37
 
36
- Foreman.try(:settings)&.load
37
38
  true
38
39
  end
39
40
  # rubocop:enable Metrics/AbcSize, Metrics/MethodLength
@@ -5,6 +5,7 @@ class VaultConnection < ApplicationRecord
5
5
 
6
6
  validates_lengths_from_database
7
7
  validates :name, presence: true, uniqueness: true
8
+ validates :name, inclusion: { in: ->(i) { [i.name_was] }, message: _('cannot be changed after creation') }, on: :update
8
9
  validates :url, presence: true
9
10
  validates :url, format: URI.regexp(['http', 'https'])
10
11
 
@@ -1,6 +1,6 @@
1
1
  <%= form_for @vault_connection, url: (@vault_connection.new_record? ? vault_connections_path : vault_connection_path(id: @vault_connection)) do |f| %>
2
2
  <%= base_errors_for @vault_connection %>
3
- <%= text_f f, :name, help_inline: _("Vault Connection name") %>
3
+ <%= text_f f, :name, disabled: @vault_connection.persisted?, help_inline: _("Vault Connection name") %>
4
4
  <%= text_f f, :url, help_inline: _("Vault Server url") %>
5
5
  <div class="auth_methods">
6
6
  <h4><%=_("Auth Methods")%></h4>
@@ -12,10 +12,10 @@
12
12
  <div class="tab-content">
13
13
  <div class="tab-pane active" id="approle">
14
14
  <%= text_f f, :role_id, label: _("Role ID"), help_inline: _("Vault Connection Role ID") %>
15
- <%= text_f f, :secret_id, label: _("Secret ID"), help_inline: _("Vault Connection Secret ID") %>
15
+ <%= password_f f, :secret_id, label: _("Secret ID"), help_inline: _("Vault Connection Secret ID") %>
16
16
  </div>
17
17
  <div class="tab-pane" id="token">
18
- <%= text_f f, :token, help_inline: _("Vault Connection token") %>
18
+ <%= password_f f, :token, help_inline: _("Vault Connection token") %>
19
19
  </div>
20
20
  </div>
21
21
  </div>
@@ -45,6 +45,33 @@ module ForemanVault
45
45
  'api/v2/vault_connections': [:destroy] }, resource_type: 'VaultConnection'
46
46
  end
47
47
 
48
+ # New settings definition DSL is available from Foreman 3.0
49
+ if respond_to?(:settings)
50
+ settings do
51
+ category(:vault, N_('Vault')) do
52
+ setting('vault_connection',
53
+ full_name: N_('Default Vault connection'),
54
+ type: :string,
55
+ description: N_('Default Vault Connection that can be override using parameters'),
56
+ default: VaultConnection.table_exists? && VaultConnection.unscoped.count == 1 ? VaultConnection.unscoped.first.name : nil,
57
+ collection: VaultConnection.table_exists? ? proc { Hash[VaultConnection.unscoped.all.map { |vc| [vc.name, vc.name] }] } : [],
58
+ include_blank: _('Select Vault Connection'))
59
+ setting('vault_policy_template',
60
+ full_name: N_('Vault Policy template name'),
61
+ type: :string,
62
+ description: N_('The name of the ProvisioningTemplate that will be used for Vault Policy'),
63
+ default: ProvisioningTemplate.unscoped.of_kind(:VaultPolicy).find_by(name: 'Default Vault Policy')&.name,
64
+ collection: proc { Hash[ProvisioningTemplate.unscoped.of_kind(:VaultPolicy).map { |tmpl| [tmpl.name, tmpl.name] }] },
65
+ include_blank: _('Select Template'))
66
+ setting('vault_orchestration_enabled',
67
+ full_name: N_('Vault Orchestration enabled'),
68
+ type: :boolean,
69
+ description: N_('Enable or disable the Vault orchestration step for managing policies and auth methods'),
70
+ default: false)
71
+ end
72
+ end
73
+ end
74
+
48
75
  # add menu entry
49
76
  menu :top_menu, :vault_connections, url_hash: { controller: :vault_connections, action: :index },
50
77
  caption: N_('Vault Connections'),
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module ForemanVault
4
- VERSION = '1.1.0'
4
+ VERSION = '1.2.0'
5
5
  end
@@ -53,11 +53,11 @@ module Api
53
53
  client = mock.tap { |object| object.expects(:auth_token).returns(auth_token) }
54
54
  Vault::Client.expects(:new).returns(client)
55
55
 
56
- params = { name: 'New name', url: 'http://localhost:8200', token: 'token' }
56
+ params = { url: 'http://updatedhost:8200', token: 'token' }
57
57
  put :update, params: { id: @vault_connection.to_param, vault_connection: params }
58
58
  response = ActiveSupport::JSON.decode(@response.body)
59
59
  assert_response :success
60
- assert_equal params[:name], response['name']
60
+ assert_equal params[:url], response['url']
61
61
  end
62
62
 
63
63
  test 'should not update invalid' do
@@ -65,6 +65,12 @@ module Api
65
65
  put :update, params: { id: @vault_connection.to_param, vault_connection: params }
66
66
  assert_response :unprocessable_entity
67
67
  end
68
+
69
+ test 'should not allow to update name' do
70
+ params = { name: 'Updated name' }
71
+ put :update, params: { id: @vault_connection.to_param, vault_connection: params }
72
+ assert_response :unprocessable_entity
73
+ end
68
74
  end
69
75
 
70
76
  describe '#destroy' do
@@ -139,7 +139,7 @@ module ForemanVault
139
139
  end
140
140
 
141
141
  setup do
142
- Setting.find_by(name: 'ssl_ca_file').update(value: File.join(ForemanVault::Engine.root, 'test/fixtures/ca.crt'))
142
+ Setting['ssl_ca_file'] = File.join(ForemanVault::Engine.root, 'test/fixtures/ca.crt')
143
143
  if Setting.find_by(name: 'vault_orchestration_enabled')
144
144
  Setting['vault_orchestration_enabled'] = true
145
145
  else
@@ -10,4 +10,10 @@ class VaultConnectionTest < ActiveSupport::TestCase
10
10
  should validate_presence_of(:url)
11
11
  should allow_value('http://127.0.0.1:8200').for(:url)
12
12
  should_not allow_value('börks').for(:url)
13
+
14
+ test 'validate that the name cannot be changed' do
15
+ assert_raises(ActiveRecord::RecordInvalid, 'Validation failed: Name cannot be changed after creation') do
16
+ subject.update!(name: 'UpdatedName')
17
+ end
18
+ end
13
19
  end
@@ -99,7 +99,7 @@ class VaultAuthMethodTest < ActiveSupport::TestCase
99
99
 
100
100
  describe '#certificate' do
101
101
  setup do
102
- Setting.find_by(name: 'ssl_ca_file').update(value: cert_path)
102
+ Setting['ssl_ca_file'] = cert_path
103
103
  end
104
104
 
105
105
  context 'when certificate file can be read' do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: foreman_vault
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.0
4
+ version: 1.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - dmTECH GmbH
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-10-21 00:00:00.000000000 Z
11
+ date: 2022-08-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: vault
@@ -138,25 +138,25 @@ required_rubygems_version: !ruby/object:Gem::Requirement
138
138
  - !ruby/object:Gem::Version
139
139
  version: '0'
140
140
  requirements: []
141
- rubygems_version: 3.2.28
141
+ rubygems_version: 3.3.3
142
142
  signing_key:
143
143
  specification_version: 4
144
144
  summary: Adds support for using credentials from Hashicorp Vault
145
145
  test_files:
146
- - test/unit/lib/foreman_vault/macros_test.rb
147
- - test/unit/services/foreman_vault/vault_client_test.rb
148
- - test/unit/services/foreman_vault/vault_policy_test.rb
149
- - test/unit/services/foreman_vault/vault_auth_method_test.rb
150
- - test/models/vault_policy_template_test.rb
151
- - test/models/vault_connection_test.rb
152
- - test/models/foreman_vault/orchestration/vault_policy_test.rb
153
- - test/factories/vault_policy_template.rb
154
146
  - test/factories/vault_connection.rb
147
+ - test/factories/vault_policy_template.rb
155
148
  - test/factories/vault_setting.rb
156
- - test/lib/tasks/push_policies_test.rb
157
- - test/lib/tasks/push_auth_methods_test.rb
158
149
  - test/fixtures/ca.crt
159
- - test/test_plugin_helper.rb
160
- - test/jobs/refresh_vault_tokens_test.rb
161
- - test/jobs/refresh_vault_token_test.rb
162
150
  - test/functional/api/v2/vault_connections_controller_test.rb
151
+ - test/jobs/refresh_vault_token_test.rb
152
+ - test/jobs/refresh_vault_tokens_test.rb
153
+ - test/lib/tasks/push_auth_methods_test.rb
154
+ - test/lib/tasks/push_policies_test.rb
155
+ - test/models/foreman_vault/orchestration/vault_policy_test.rb
156
+ - test/models/vault_connection_test.rb
157
+ - test/models/vault_policy_template_test.rb
158
+ - test/test_plugin_helper.rb
159
+ - test/unit/lib/foreman_vault/macros_test.rb
160
+ - test/unit/services/foreman_vault/vault_auth_method_test.rb
161
+ - test/unit/services/foreman_vault/vault_client_test.rb
162
+ - test/unit/services/foreman_vault/vault_policy_test.rb