foreman_vault 1.1.0 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 39553e728b4ff3661a8b0fc008ee0959e5fdbba5f915a9f7f9d09bdd24d9d65a
-  data.tar.gz: 34b06a3ffc2cfdd6055356c4af15e91bb7d94de7954983d0becc20881c85fef3
+  metadata.gz: c5fe8746df7815f6129640d07776dcc4e32108fcd751c35fdb20f6facf95b87f
+  data.tar.gz: 48a412989b2ce3dda9389f9a6ea9a06fc881157cb959536c618b6395d5b6ed83
 SHA512:
-  metadata.gz: 04fe38f150fb63017eeb3803c14ea02fe6eb557a8a51d13f7f089bc4a7e5ca12f08182ede2c642e5dd6b47d5ab53e5adcc80e45117ad714ad6154cec2df486de
-  data.tar.gz: d6ecb38160b4180a137a6db4f0d9e7fa6e9e14d32ebc5e98cae09a92f18997946bacc548adc4a55f7e19107ae6f2fcdbe7e43ab5a540b0d96706239dd81aa462
+  metadata.gz: d45fa891dc392701f2cdb08ed00216fabff042a63b3d097cd71caf43630366b245c70ef06bd5860963fa1d9179f239bc0e3e7b79f94a288109d9c97b2dbe068c
+  data.tar.gz: 48f5a92159bccc41cea54144f88ce47875d1f83f6158ba812a2b36c1289087aadf41f2caad431f52ebf2c917267f9432e2cf6cbc2a221a35b9ed2b1a924958a1

data/README.md

@@ -22,6 +22,7 @@ This allows Foreman to create everything needed to access Hashicorp Vault direct
 
 | Foreman Version | Plugin Version |
 | --------------- | -------------- |
+| >= 3.9          | ~> 2.0         |
 | >= 2.3          | ~> 1.0         |
 | >= 1.23         | ~> 0.3, ~> 0.4 |
 | >= 1.20         | ~> 0.2         |
@@ -32,7 +33,7 @@ This allows Foreman to create everything needed to access Hashicorp Vault direct
 - Working Vault instance
   - with _cert_ auth enabled
   - with _approle_ auth enabled
-  - with _kv_ secret store enabled
+  - with _kv v1_ secret store enabled
 - valid Vault Token
 
 **Dev Vault Instance**
@@ -43,7 +44,7 @@ To run a local Vault dev environment on MacOS use:
 $ brew install vault
 $ vault server -dev
 $ export VAULT_ADDR='http://127.0.0.1:8200'
-$ vault secrets enable kv
+$ vault secrets enable -version=1 kv
 $ vault auth enable cert
 
 $ vault token create -period=60m

data/Rakefile

@@ -20,7 +20,7 @@ RDoc::Task.new(:rdoc) do |rdoc|
   rdoc.rdoc_files.include('lib/**/*.rb')
 end
 
-APP_RAKEFILE = File.expand_path('../test/dummy/Rakefile', __FILE__)
+APP_RAKEFILE = File.expand_path('test/dummy/Rakefile', __dir__)
 
 Bundler::GemHelper.install_tasks
 
@@ -38,7 +38,7 @@ task default: :test
 begin
   require 'rubocop/rake_task'
   RuboCop::RakeTask.new
-rescue => _
+rescue StandardError => _e
   puts 'Rubocop not loaded.'
 end
 

data/app/controllers/api/v2/vault_connections_controller.rb

@@ -16,7 +16,8 @@ module Api
 
       api :GET, '/vault_connections/:id', N_('Show VaultConnection details')
       param :id, :identifier, required: true
-      def show; end
+      def show
+      end
 
       def_param_group :vault_connection do
         param :vault_connection, Hash, action_aware: true, required: true do

data/app/controllers/vault_connections_controller.rb

@@ -22,7 +22,8 @@ class VaultConnectionsController < ::ApplicationController
     end
   end
 
-  def edit; end
+  def edit
+  end
 
   def update
     if @vault_connection.update(vault_connection_params)

data/app/models/concerns/foreman_vault/orchestration/vault_policy.rb

@@ -21,7 +21,7 @@ module ForemanVault
         return unless vault_auth_method.valid?
 
         queue.create(name: _('Push %s data to Vault') % self, priority: 100,
-                     action: [self, :set_vault])
+          action: [self, :set_vault])
       end
 
       def queue_vault_destroy
@@ -30,10 +30,9 @@ module ForemanVault
         return unless vault_auth_method.valid?
 
         queue.create(name: _('Clear %s Vault data') % self, priority: 60,
-                     action: [self, :del_vault])
+          action: [self, :del_vault])
       end
 
-      # rubocop:disable Metrics/AbcSize
       def set_vault
         logger.info "Pushing #{name} data to Vault"
 
@@ -44,7 +43,6 @@ module ForemanVault
         Foreman::Logging.exception("Failed to push #{name} data to Vault.", e)
         failure format(_('Failed to push %{name} data to Vault: %{message}\n '), name: name, message: e.message), e
       end
-      # rubocop:enable Metrics/AbcSize
 
       def del_vault
         logger.info "Clearing #{name} Vault data"

data/app/models/vault_connection.rb

@@ -5,8 +5,9 @@ class VaultConnection < ApplicationRecord
 
   validates_lengths_from_database
   validates :name, presence: true, uniqueness: true
+  validates :name, inclusion: { in: ->(i) { [i.name_was] }, message: _('cannot be changed after creation') }, on: :update
   validates :url, presence: true
-  validates :url, format: URI.regexp(['http', 'https'])
+  validates :url, format: URI::DEFAULT_PARSER.make_regexp(['http', 'https'])
 
   validates :token, presence: true, if: -> { role_id.nil? || secret_id.nil? }
   validates :token, inclusion: { in: [nil], message: _('AppRole or token must be blank') }, unless: -> { role_id.nil? || secret_id.nil? }
@@ -24,8 +25,8 @@ class VaultConnection < ApplicationRecord
   scope :with_valid_token, -> { with_token.where(vault_error: nil).where('expire_time > ?', Time.zone.now) }
 
   delegate :fetch_expire_time, :fetch_secret, :issue_certificate,
-           :policy, :policies, :put_policy, :delete_policy,
-           :set_certificate, :certificates, :delete_certificate, to: :client
+    :policy, :policies, :put_policy, :delete_policy,
+    :set_certificate, :certificates, :delete_certificate, to: :client
 
   def with_token?
     token.present?

data/app/services/foreman_vault/vault_auth_method.rb

@@ -31,6 +31,7 @@ module ForemanVault
     private
 
     attr_reader :host
+
     delegate :vault_policy, :vault_connection, :fqdn, to: :host
     delegate :name, to: :vault_policy, prefix: true
     delegate :set_certificate, :delete_certificate, to: :vault_connection
@@ -39,7 +40,7 @@ module ForemanVault
       {
         certificate: certificate,
         token_policies: vault_policy_name,
-        allowed_common_names: allowed_common_names
+        allowed_common_names: allowed_common_names,
       }
     end
 

data/app/services/foreman_vault/vault_policy.rb

@@ -37,6 +37,7 @@ module ForemanVault
     private
 
     attr_reader :host
+
     delegate :params, :render_template, :vault_connection, to: :host
     delegate :policy, :policies, :put_policy, :delete_policy, to: :vault_connection
 

data/app/views/vault_connections/_form.html.erb

@@ -1,6 +1,6 @@
 <%= form_for @vault_connection, url: (@vault_connection.new_record? ? vault_connections_path : vault_connection_path(id: @vault_connection)) do |f| %>
   <%= base_errors_for @vault_connection %>
-  <%= text_f f, :name, help_inline: _("Vault Connection name") %>
+  <%= text_f f, :name, disabled: @vault_connection.persisted?, help_inline: _("Vault Connection name") %>
   <%= text_f f, :url, help_inline: _("Vault Server url") %>
   <div class="auth_methods">
     <h4><%=_("Auth Methods")%></h4>
@@ -12,10 +12,10 @@
     <div class="tab-content">
       <div class="tab-pane active" id="approle">
         <%= text_f f, :role_id, label: _("Role ID"), help_inline: _("Vault Connection Role ID") %>
-        <%= text_f f, :secret_id, label: _("Secret ID"), help_inline: _("Vault Connection Secret ID") %>
+        <%= password_f f, :secret_id, label: _("Secret ID"), help_inline: _("Vault Connection Secret ID") %>
       </div>
       <div class="tab-pane" id="token">
-        <%= text_f f, :token, help_inline: _("Vault Connection token") %>
+        <%= password_f f, :token, help_inline: _("Vault Connection token") %>
       </div>
     </div>
   </div>

data/db/migrate/20230309072504_fix_vault_settings_category_to_dsl.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class FixVaultSettingsCategoryToDsl < ActiveRecord::Migration[6.0]
+  def up
+    Setting.where(category: 'Setting::Vault').update_all(category: 'Setting') if column_exists?(:settings, :category)
+  end
+end

data/db/seeds.d/103-provisioning_templates.rb

@@ -5,8 +5,8 @@ User.as_anonymous_admin do
     {
       name: 'Default Vault Policy',
       source: 'VaultPolicy/default.erb',
-      template_kind: TemplateKind.find_or_create_by(name: 'VaultPolicy')
-    }
+      template_kind: TemplateKind.find_or_create_by(name: 'VaultPolicy'),
+    },
   ]
 
   templates.each do |template|

data/lib/foreman_vault/engine.rb

@@ -12,14 +12,6 @@ module ForemanVault
     config.autoload_paths += Dir["#{config.root}/app/lib"]
     config.autoload_paths += Dir["#{config.root}/app/jobs"]
 
-    initializer 'foreman_vault.load_default_settings', before: :load_config_initializers do
-      require_dependency File.expand_path('../../app/models/setting/vault.rb', __dir__) if begin
-                                                                                             Setting.table_exists?
-                                                                                           rescue StandardError
-                                                                                             (false)
-                                                                                           end
-    end
-
     # Add any db migrations
     initializer 'foreman_vault.load_app_instance_data' do |app|
       ForemanVault::Engine.paths['db/migrate'].existent.each do |path|
@@ -29,7 +21,7 @@ module ForemanVault
 
     initializer 'foreman_vault.register_plugin', before: :finisher_hook do |_app|
       Foreman::Plugin.register :foreman_vault do
-        requires_foreman '>= 2.3'
+        requires_foreman '>= 3.9'
 
         apipie_documented_controllers ["#{ForemanVault::Engine.root}/app/controllers/api/v2/*.rb"]
 
@@ -45,6 +37,30 @@ module ForemanVault
                                                     'api/v2/vault_connections': [:destroy] }, resource_type: 'VaultConnection'
         end
 
+        settings do
+          category(:vault, N_('Vault')) do
+            setting('vault_connection',
+              full_name: N_('Default Vault connection'),
+              type: :string,
+              description: N_('Default Vault Connection that can be override using parameters'),
+              default: VaultConnection.table_exists? && VaultConnection.unscoped.count == 1 ? VaultConnection.unscoped.first.name : nil,
+              collection: VaultConnection.table_exists? ? proc { Hash[VaultConnection.unscoped.all.map { |vc| [vc.name, vc.name] }] } : [],
+              include_blank: _('Select Vault Connection'))
+            setting('vault_policy_template',
+              full_name: N_('Vault Policy template name'),
+              type: :string,
+              description: N_('The name of the ProvisioningTemplate that will be used for Vault Policy'),
+              default: ProvisioningTemplate.unscoped.of_kind(:VaultPolicy).find_by(name: 'Default Vault Policy')&.name,
+              collection: proc { Hash[ProvisioningTemplate.unscoped.of_kind(:VaultPolicy).map { |tmpl| [tmpl.name, tmpl.name] }] },
+              include_blank: _('Select Template'))
+            setting('vault_orchestration_enabled',
+              full_name: N_('Vault Orchestration enabled'),
+              type: :boolean,
+              description: N_('Enable or disable the Vault orchestration step for managing policies and auth methods'),
+              default: false)
+          end
+        end
+
         # add menu entry
         menu :top_menu, :vault_connections, url_hash: { controller: :vault_connections, action: :index },
                                             caption: N_('Vault Connections'),
@@ -53,14 +69,12 @@ module ForemanVault
     end
 
     config.to_prepare do
-      begin
-        ::Host::Managed.include(ForemanVault::HostExtensions)
-        ::ProvisioningTemplate.include(ForemanVault::ProvisioningTemplateExtensions)
-        ::Foreman::Renderer::Scope::Base.include(ForemanVault::Macros)
-        ::Foreman::Renderer.configure { |c| c.allowed_generic_helpers += [:vault_secret, :vault_issue_certificate] }
-      rescue StandardError => e
-        Rails.logger.warn "ForemanVault: skipping engine hook (#{e})"
-      end
+      ::Host::Managed.include(ForemanVault::HostExtensions)
+      ::ProvisioningTemplate.include(ForemanVault::ProvisioningTemplateExtensions)
+      ::Foreman::Renderer::Scope::Base.include(ForemanVault::Macros)
+      ::Foreman::Renderer.configure { |c| c.allowed_generic_helpers += [:vault_secret, :vault_issue_certificate] }
+    rescue StandardError => e
+      Rails.logger.warn "ForemanVault: skipping engine hook (#{e})"
     end
 
     initializer 'foreman_vault.register_gettext', after: :load_config_initializers do |_app|

data/lib/foreman_vault/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ForemanVault
-  VERSION = '1.1.0'
+  VERSION = '2.0.0'
 end

data/lib/tasks/foreman_vault_tasks.rake

@@ -11,16 +11,14 @@ namespace :foreman_vault do # rubocop:disable Metrics/BlockLength
         hosts = Host::Managed.where(managed: true)
 
         hosts.each_with_index do |host, index|
-          begin
-            result = host.reload.vault_auth_method.save
-            if result
-              puts "[#{index + 1}/#{hosts.count}] Auth-Method of \"#{host.name}\" pushed to Vault server \"#{host.vault_connection.url}\""
-            else
-              puts "[#{index + 1}/#{hosts.count}] Failed to push \"#{host.name}\": #{result}"
-            end
-          rescue StandardError => err
-            puts "[#{index + 1}/#{hosts.count}] Failed to push \"#{host.name}\": #{err}"
+          result = host.reload.vault_auth_method.save
+          if result
+            puts "[#{index + 1}/#{hosts.count}] Auth-Method of \"#{host.name}\" pushed to Vault server \"#{host.vault_connection.url}\""
+          else
+            puts "[#{index + 1}/#{hosts.count}] Failed to push \"#{host.name}\": #{result}"
           end
+        rescue StandardError => e
+          puts "[#{index + 1}/#{hosts.count}] Failed to push \"#{host.name}\": #{e}"
         end
       end
     end
@@ -33,16 +31,14 @@ namespace :foreman_vault do # rubocop:disable Metrics/BlockLength
         hosts = Host::Managed.where(managed: true)
 
         hosts.each_with_index do |host, index|
-          begin
-            result = host.reload.vault_policy.save
-            if result
-              puts "[#{index + 1}/#{hosts.count}] Policy of \"#{host.name}\" pushed to Vault server \"#{host.vault_connection.url}\""
-            else
-              puts "[#{index + 1}/#{hosts.count}] Failed to push \"#{host.name}\": #{result}"
-            end
-          rescue StandardError => err
-            puts "[#{index + 1}/#{hosts.count}] Failed to push \"#{host.name}\": #{err}"
+          result = host.reload.vault_policy.save
+          if result
+            puts "[#{index + 1}/#{hosts.count}] Policy of \"#{host.name}\" pushed to Vault server \"#{host.vault_connection.url}\""
+          else
+            puts "[#{index + 1}/#{hosts.count}] Failed to push \"#{host.name}\": #{result}"
           end
+        rescue StandardError => e
+          puts "[#{index + 1}/#{hosts.count}] Failed to push \"#{host.name}\": #{e}"
         end
       end
     end
@@ -61,25 +57,4 @@ namespace :test do
   end
 end
 
-namespace :foreman_vault do
-  task :rubocop do
-    begin
-      require 'rubocop/rake_task'
-      RuboCop::RakeTask.new(:rubocop_foreman_vault) do |task|
-        task.patterns = ["#{ForemanVault::Engine.root}/app/**/*.rb",
-                         "#{ForemanVault::Engine.root}/lib/**/*.rb",
-                         "#{ForemanVault::Engine.root}/test/**/*.rb"]
-      end
-    rescue StandardError
-      puts 'Rubocop not loaded.'
-    end
-
-    Rake::Task['rubocop_foreman_vault'].invoke
-  end
-end
-
 Rake::Task[:test].enhance ['test:foreman_vault']
-
-load 'tasks/jenkins.rake'
-
-Rake::Task['jenkins:unit'].enhance ['test:foreman_vault', 'foreman_vault:rubocop'] if Rake::Task.task_defined?(:'jenkins:unit')

data/test/functional/api/v2/vault_connections_controller_test.rb

@@ -53,11 +53,11 @@ module Api
           client = mock.tap { |object| object.expects(:auth_token).returns(auth_token) }
           Vault::Client.expects(:new).returns(client)
 
-          params = { name: 'New name', url: 'http://localhost:8200', token: 'token' }
+          params = { url: 'http://updatedhost:8200', token: 'token' }
           put :update, params: { id: @vault_connection.to_param, vault_connection: params }
           response = ActiveSupport::JSON.decode(@response.body)
           assert_response :success
-          assert_equal params[:name], response['name']
+          assert_equal params[:url], response['url']
         end
 
         test 'should not update invalid' do
@@ -65,6 +65,12 @@ module Api
           put :update, params: { id: @vault_connection.to_param, vault_connection: params }
           assert_response :unprocessable_entity
         end
+
+        test 'should not allow to update name' do
+          params = { name: 'Updated name' }
+          put :update, params: { id: @vault_connection.to_param, vault_connection: params }
+          assert_response :unprocessable_entity
+        end
       end
 
       describe '#destroy' do

data/test/models/foreman_vault/orchestration/vault_policy_test.rb

@@ -139,7 +139,7 @@ module ForemanVault
         end
 
         setup do
-          Setting.find_by(name: 'ssl_ca_file').update(value: File.join(ForemanVault::Engine.root, 'test/fixtures/ca.crt'))
+          Setting['ssl_ca_file'] = File.join(ForemanVault::Engine.root, 'test/fixtures/ca.crt')
           if Setting.find_by(name: 'vault_orchestration_enabled')
             Setting['vault_orchestration_enabled'] = true
           else

data/test/models/vault_connection_test.rb

@@ -10,4 +10,10 @@ class VaultConnectionTest < ActiveSupport::TestCase
   should validate_presence_of(:url)
   should allow_value('http://127.0.0.1:8200').for(:url)
   should_not allow_value('börks').for(:url)
+
+  test 'validate that the name cannot be changed' do
+    assert_raises(ActiveRecord::RecordInvalid, 'Validation failed: Name cannot be changed after creation') do
+      subject.update!(name: 'UpdatedName')
+    end
+  end
 end

data/test/unit/foreman_vault/access_permissions_test.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+require 'test_plugin_helper'
+require 'unit/shared/access_permissions_test_base'
+
+# Permissions are added in AccessPermissions with lists of controllers and
+# actions that they enable access to.  For non-admin users, we need to test
+# that there are permissions available that cover every controller action, else
+# it can't be delegated and this will lead to parts of the application that
+# aren't functional for non-admin users.
+#
+# In particular, it's important that actions for AJAX requests are added to
+# an appropriate permission so views using those requests function.
+class AccessPermissionsTest < ActiveSupport::TestCase
+  include AccessPermissionsTestBase
+
+  check_routes(ForemanVault::Engine.routes, [])
+end

data/test/unit/lib/foreman_vault/macros_test.rb

@@ -22,7 +22,7 @@ class MacrosTest < ActiveSupport::TestCase
 
       subject = TestScope.new(host: host, source: source)
 
-      assert subject.respond_to?(:vault_secret)
+      assert_respond_to subject, :vault_secret
       assert_equal response.data, subject.vault_secret(vault_connection.name, secret_path)
     end
   end

data/test/unit/services/foreman_vault/vault_auth_method_test.rb

@@ -59,9 +59,11 @@ class VaultAuthMethodTest < ActiveSupport::TestCase
 
         subject.expects(:set_certificate).once.with(
           'name',
-          certificate: 'cert',
-          token_policies: 'vault_policy_name',
-          allowed_common_names: [host.fqdn]
+          {
+            certificate: 'cert',
+            token_policies: 'vault_policy_name',
+            allowed_common_names: [host.fqdn],
+          }
         )
         subject.save
       end
@@ -99,7 +101,7 @@ class VaultAuthMethodTest < ActiveSupport::TestCase
 
   describe '#certificate' do
     setup do
-      Setting.find_by(name: 'ssl_ca_file').update(value: cert_path)
+      Setting['ssl_ca_file'] = cert_path
     end
 
     context 'when certificate file can be read' do

data/test/unit/services/foreman_vault/vault_client_test.rb

@@ -23,15 +23,15 @@ class VaultClientTest < ActiveSupport::TestCase
       stub_request(:post, "#{base_url}/v1/auth/approle/login").with(
         body: {
           role_id: role_id,
-          secret_id: secret_id
+          secret_id: secret_id,
         }
       ).to_return(
         status: 200,
         headers: { 'Content-Type': 'application/json' },
         body: {
           auth: {
-            client_token: token
-          }
+            client_token: token,
+          },
         }.to_json
       )
     end
@@ -82,7 +82,7 @@ class VaultClientTest < ActiveSupport::TestCase
         issuing_ca: 'CA_CERTIFICATE_DATA',
         private_key: 'PRIVATE_KEY_DATA',
         private_key_type: 'rsa',
-        serial_number: '7e:2d:c8:dd:df:da:fe:1f:39:da:39:23:4f:74:c8:1f:1d:4a:db:a7'
+        serial_number: '7e:2d:c8:dd:df:da:fe:1f:39:da:39:23:4f:74:c8:1f:1d:4a:db:a7',
       }
 
       response = OpenStruct.new(data: @data)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: foreman_vault
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 2.0.0
 platform: ruby
 authors:
 - dmTECH GmbH
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-10-21 00:00:00.000000000 Z
+date: 2024-05-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: vault
@@ -39,19 +39,19 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rubocop
+  name: theforeman-rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.54.0
+        version: 0.1.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.54.0
+        version: 0.1.2
 description:
 email:
 - opensource@dm.de
@@ -71,7 +71,6 @@ files:
 - app/models/concerns/foreman_vault/host_extensions.rb
 - app/models/concerns/foreman_vault/orchestration/vault_policy.rb
 - app/models/concerns/foreman_vault/provisioning_template_extensions.rb
-- app/models/setting/vault.rb
 - app/models/vault_connection.rb
 - app/services/foreman_vault/vault_auth_method.rb
 - app/services/foreman_vault/vault_client.rb
@@ -93,6 +92,7 @@ files:
 - db/migrate/20180725072913_create_vault_connection.foreman_vault.rb
 - db/migrate/20180809172407_rename_vault_status_to_vault_error.foreman_vault.rb
 - db/migrate/20201203220058_add_approle_to_vault_connection.rb
+- db/migrate/20230309072504_fix_vault_settings_category_to_dsl.rb
 - db/seeds.d/103-provisioning_templates.rb
 - lib/foreman_vault.rb
 - lib/foreman_vault/engine.rb
@@ -115,6 +115,7 @@ files:
 - test/models/vault_connection_test.rb
 - test/models/vault_policy_template_test.rb
 - test/test_plugin_helper.rb
+- test/unit/foreman_vault/access_permissions_test.rb
 - test/unit/lib/foreman_vault/macros_test.rb
 - test/unit/services/foreman_vault/vault_auth_method_test.rb
 - test/unit/services/foreman_vault/vault_client_test.rb
@@ -131,32 +132,36 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.5'
+  - - "<"
+    - !ruby/object:Gem::Version
+      version: '4'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.28
+rubygems_version: 3.4.1
 signing_key:
 specification_version: 4
 summary: Adds support for using credentials from Hashicorp Vault
 test_files:
-- test/unit/lib/foreman_vault/macros_test.rb
-- test/unit/services/foreman_vault/vault_client_test.rb
-- test/unit/services/foreman_vault/vault_policy_test.rb
-- test/unit/services/foreman_vault/vault_auth_method_test.rb
-- test/models/vault_policy_template_test.rb
-- test/models/vault_connection_test.rb
-- test/models/foreman_vault/orchestration/vault_policy_test.rb
-- test/factories/vault_policy_template.rb
 - test/factories/vault_connection.rb
+- test/factories/vault_policy_template.rb
 - test/factories/vault_setting.rb
-- test/lib/tasks/push_policies_test.rb
-- test/lib/tasks/push_auth_methods_test.rb
 - test/fixtures/ca.crt
-- test/test_plugin_helper.rb
-- test/jobs/refresh_vault_tokens_test.rb
-- test/jobs/refresh_vault_token_test.rb
 - test/functional/api/v2/vault_connections_controller_test.rb
+- test/jobs/refresh_vault_token_test.rb
+- test/jobs/refresh_vault_tokens_test.rb
+- test/lib/tasks/push_auth_methods_test.rb
+- test/lib/tasks/push_policies_test.rb
+- test/models/foreman_vault/orchestration/vault_policy_test.rb
+- test/models/vault_connection_test.rb
+- test/models/vault_policy_template_test.rb
+- test/test_plugin_helper.rb
+- test/unit/foreman_vault/access_permissions_test.rb
+- test/unit/lib/foreman_vault/macros_test.rb
+- test/unit/services/foreman_vault/vault_auth_method_test.rb
+- test/unit/services/foreman_vault/vault_client_test.rb
+- test/unit/services/foreman_vault/vault_policy_test.rb

data/app/models/setting/vault.rb

@@ -1,103 +0,0 @@
-# frozen_string_literal: true
-
-class Setting
-  class Vault < ::Setting
-    BLANK_ATTRS << 'vault_connection'
-    BLANK_ATTRS << 'vault_policy_template'
-
-    def self.default_settings
-      [set_vault_connection, set_vault_policy_template, set_vault_orchestration_enabled]
-    end
-
-    # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
-    def self.load_defaults
-      # Check the table exists
-      return unless super
-
-      transaction do
-        default_settings.each do |s|
-          setting = create! s.update(category: 'Setting::Vault')
-
-          Foreman.try(:settings)&._add(
-            s[:name],
-            s.slice(:description, :default, :full_name, :encrypted)
-             .merge(category: 'Setting::Vault')
-             .yield_self do |params|
-               unless Gem::Version.new(SETTINGS[:version].notag) < Gem::Version.new('2.6')
-                 params[:context] = :vault
-                 params[:type] = setting.settings_type
-               end
-               params
-             end
-          )
-        end
-      end
-
-      Foreman.try(:settings)&.load
-      true
-    end
-    # rubocop:enable Metrics/AbcSize, Metrics/MethodLength
-
-    def self.humanized_category
-      N_('Vault')
-    end
-
-    class << self
-      private
-
-      def set_vault_connection
-        set(
-          'vault_connection',
-          N_('Default Vault Connection that can be override using parameters'),
-          default_vault_connection,
-          N_('Default Vault Connection'),
-          nil,
-          collection: vault_connections_collection,
-          include_blank: _('Select Vault Connection')
-        )
-      end
-
-      def default_vault_connection
-        return nil unless VaultConnection.table_exists?
-        return unless VaultConnection.unscoped.count == 1
-
-        VaultConnection.unscoped.first.name
-      end
-
-      def vault_connections_collection
-        return [] unless VaultConnection.table_exists?
-
-        proc { Hash[VaultConnection.unscoped.all.map { |vc| [vc.name, vc.name] }] }
-      end
-
-      def set_vault_policy_template
-        set(
-          'vault_policy_template',
-          N_('The name of the ProvisioningTemplate that will be used for Vault Policy'),
-          default_vault_policy_template,
-          N_('Vault Policy template name'),
-          nil,
-          collection: vault_policy_templates_collection,
-          include_blank: _('Select Template')
-        )
-      end
-
-      def default_vault_policy_template
-        ProvisioningTemplate.unscoped.of_kind(:VaultPolicy).find_by(name: 'Default Vault Policy')&.name
-      end
-
-      def vault_policy_templates_collection
-        proc { Hash[ProvisioningTemplate.unscoped.of_kind(:VaultPolicy).map { |tmpl| [tmpl.name, tmpl.name] }] }
-      end
-
-      def set_vault_orchestration_enabled
-        set(
-          'vault_orchestration_enabled',
-          N_('Enable or disable the Vault orchestration step for managing policies and auth methods'),
-          false,
-          N_('Vault Orchestration enabled')
-        )
-      end
-    end
-  end
-end