foreman_vault 1.2.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1a698b340bc8ac1d8e1f9313548b3f27b971e87863886b4eac7c345c836460f2
4
- data.tar.gz: 199cfbb6dae934a8dddc047964f068ad68a0fb1dd32590dbf4a976513229a205
3
+ metadata.gz: c5fe8746df7815f6129640d07776dcc4e32108fcd751c35fdb20f6facf95b87f
4
+ data.tar.gz: 48a412989b2ce3dda9389f9a6ea9a06fc881157cb959536c618b6395d5b6ed83
5
5
  SHA512:
6
- metadata.gz: 43759e193861b1ead17c0112b73fb7b36f613348f0041687e84646bb1e9ae869f5833893f4a749ffee880a921e23896a1ff5dfa7488cff7d6079d9056ffb3332
7
- data.tar.gz: b956c84f73978386e43ad0e095d86ff1a2383f826f747252a176fe1198df2605c0e10d740c1fdacbb99f9105773ebef00e891c643e386f24e448d185389d9e08
6
+ metadata.gz: d45fa891dc392701f2cdb08ed00216fabff042a63b3d097cd71caf43630366b245c70ef06bd5860963fa1d9179f239bc0e3e7b79f94a288109d9c97b2dbe068c
7
+ data.tar.gz: 48f5a92159bccc41cea54144f88ce47875d1f83f6158ba812a2b36c1289087aadf41f2caad431f52ebf2c917267f9432e2cf6cbc2a221a35b9ed2b1a924958a1
data/README.md CHANGED
@@ -22,6 +22,7 @@ This allows Foreman to create everything needed to access Hashicorp Vault direct
22
22
 
23
23
  | Foreman Version | Plugin Version |
24
24
  | --------------- | -------------- |
25
+ | >= 3.9 | ~> 2.0 |
25
26
  | >= 2.3 | ~> 1.0 |
26
27
  | >= 1.23 | ~> 0.3, ~> 0.4 |
27
28
  | >= 1.20 | ~> 0.2 |
data/Rakefile CHANGED
@@ -20,7 +20,7 @@ RDoc::Task.new(:rdoc) do |rdoc|
20
20
  rdoc.rdoc_files.include('lib/**/*.rb')
21
21
  end
22
22
 
23
- APP_RAKEFILE = File.expand_path('../test/dummy/Rakefile', __FILE__)
23
+ APP_RAKEFILE = File.expand_path('test/dummy/Rakefile', __dir__)
24
24
 
25
25
  Bundler::GemHelper.install_tasks
26
26
 
@@ -38,7 +38,7 @@ task default: :test
38
38
  begin
39
39
  require 'rubocop/rake_task'
40
40
  RuboCop::RakeTask.new
41
- rescue => _
41
+ rescue StandardError => _e
42
42
  puts 'Rubocop not loaded.'
43
43
  end
44
44
 
@@ -16,7 +16,8 @@ module Api
16
16
 
17
17
  api :GET, '/vault_connections/:id', N_('Show VaultConnection details')
18
18
  param :id, :identifier, required: true
19
- def show; end
19
+ def show
20
+ end
20
21
 
21
22
  def_param_group :vault_connection do
22
23
  param :vault_connection, Hash, action_aware: true, required: true do
@@ -22,7 +22,8 @@ class VaultConnectionsController < ::ApplicationController
22
22
  end
23
23
  end
24
24
 
25
- def edit; end
25
+ def edit
26
+ end
26
27
 
27
28
  def update
28
29
  if @vault_connection.update(vault_connection_params)
@@ -21,7 +21,7 @@ module ForemanVault
21
21
  return unless vault_auth_method.valid?
22
22
 
23
23
  queue.create(name: _('Push %s data to Vault') % self, priority: 100,
24
- action: [self, :set_vault])
24
+ action: [self, :set_vault])
25
25
  end
26
26
 
27
27
  def queue_vault_destroy
@@ -30,10 +30,9 @@ module ForemanVault
30
30
  return unless vault_auth_method.valid?
31
31
 
32
32
  queue.create(name: _('Clear %s Vault data') % self, priority: 60,
33
- action: [self, :del_vault])
33
+ action: [self, :del_vault])
34
34
  end
35
35
 
36
- # rubocop:disable Metrics/AbcSize
37
36
  def set_vault
38
37
  logger.info "Pushing #{name} data to Vault"
39
38
 
@@ -44,7 +43,6 @@ module ForemanVault
44
43
  Foreman::Logging.exception("Failed to push #{name} data to Vault.", e)
45
44
  failure format(_('Failed to push %{name} data to Vault: %{message}\n '), name: name, message: e.message), e
46
45
  end
47
- # rubocop:enable Metrics/AbcSize
48
46
 
49
47
  def del_vault
50
48
  logger.info "Clearing #{name} Vault data"
@@ -7,7 +7,7 @@ class VaultConnection < ApplicationRecord
7
7
  validates :name, presence: true, uniqueness: true
8
8
  validates :name, inclusion: { in: ->(i) { [i.name_was] }, message: _('cannot be changed after creation') }, on: :update
9
9
  validates :url, presence: true
10
- validates :url, format: URI.regexp(['http', 'https'])
10
+ validates :url, format: URI::DEFAULT_PARSER.make_regexp(['http', 'https'])
11
11
 
12
12
  validates :token, presence: true, if: -> { role_id.nil? || secret_id.nil? }
13
13
  validates :token, inclusion: { in: [nil], message: _('AppRole or token must be blank') }, unless: -> { role_id.nil? || secret_id.nil? }
@@ -25,8 +25,8 @@ class VaultConnection < ApplicationRecord
25
25
  scope :with_valid_token, -> { with_token.where(vault_error: nil).where('expire_time > ?', Time.zone.now) }
26
26
 
27
27
  delegate :fetch_expire_time, :fetch_secret, :issue_certificate,
28
- :policy, :policies, :put_policy, :delete_policy,
29
- :set_certificate, :certificates, :delete_certificate, to: :client
28
+ :policy, :policies, :put_policy, :delete_policy,
29
+ :set_certificate, :certificates, :delete_certificate, to: :client
30
30
 
31
31
  def with_token?
32
32
  token.present?
@@ -31,6 +31,7 @@ module ForemanVault
31
31
  private
32
32
 
33
33
  attr_reader :host
34
+
34
35
  delegate :vault_policy, :vault_connection, :fqdn, to: :host
35
36
  delegate :name, to: :vault_policy, prefix: true
36
37
  delegate :set_certificate, :delete_certificate, to: :vault_connection
@@ -39,7 +40,7 @@ module ForemanVault
39
40
  {
40
41
  certificate: certificate,
41
42
  token_policies: vault_policy_name,
42
- allowed_common_names: allowed_common_names
43
+ allowed_common_names: allowed_common_names,
43
44
  }
44
45
  end
45
46
 
@@ -37,6 +37,7 @@ module ForemanVault
37
37
  private
38
38
 
39
39
  attr_reader :host
40
+
40
41
  delegate :params, :render_template, :vault_connection, to: :host
41
42
  delegate :policy, :policies, :put_policy, :delete_policy, to: :vault_connection
42
43
 
@@ -0,0 +1,7 @@
1
+ # frozen_string_literal: true
2
+
3
+ class FixVaultSettingsCategoryToDsl < ActiveRecord::Migration[6.0]
4
+ def up
5
+ Setting.where(category: 'Setting::Vault').update_all(category: 'Setting') if column_exists?(:settings, :category)
6
+ end
7
+ end
@@ -5,8 +5,8 @@ User.as_anonymous_admin do
5
5
  {
6
6
  name: 'Default Vault Policy',
7
7
  source: 'VaultPolicy/default.erb',
8
- template_kind: TemplateKind.find_or_create_by(name: 'VaultPolicy')
9
- }
8
+ template_kind: TemplateKind.find_or_create_by(name: 'VaultPolicy'),
9
+ },
10
10
  ]
11
11
 
12
12
  templates.each do |template|
@@ -12,14 +12,6 @@ module ForemanVault
12
12
  config.autoload_paths += Dir["#{config.root}/app/lib"]
13
13
  config.autoload_paths += Dir["#{config.root}/app/jobs"]
14
14
 
15
- initializer 'foreman_vault.load_default_settings', before: :load_config_initializers do
16
- require_dependency File.expand_path('../../app/models/setting/vault.rb', __dir__) if begin
17
- Setting.table_exists?
18
- rescue StandardError
19
- (false)
20
- end
21
- end
22
-
23
15
  # Add any db migrations
24
16
  initializer 'foreman_vault.load_app_instance_data' do |app|
25
17
  ForemanVault::Engine.paths['db/migrate'].existent.each do |path|
@@ -29,7 +21,7 @@ module ForemanVault
29
21
 
30
22
  initializer 'foreman_vault.register_plugin', before: :finisher_hook do |_app|
31
23
  Foreman::Plugin.register :foreman_vault do
32
- requires_foreman '>= 2.3'
24
+ requires_foreman '>= 3.9'
33
25
 
34
26
  apipie_documented_controllers ["#{ForemanVault::Engine.root}/app/controllers/api/v2/*.rb"]
35
27
 
@@ -45,30 +37,27 @@ module ForemanVault
45
37
  'api/v2/vault_connections': [:destroy] }, resource_type: 'VaultConnection'
46
38
  end
47
39
 
48
- # New settings definition DSL is available from Foreman 3.0
49
- if respond_to?(:settings)
50
- settings do
51
- category(:vault, N_('Vault')) do
52
- setting('vault_connection',
53
- full_name: N_('Default Vault connection'),
54
- type: :string,
55
- description: N_('Default Vault Connection that can be override using parameters'),
56
- default: VaultConnection.table_exists? && VaultConnection.unscoped.count == 1 ? VaultConnection.unscoped.first.name : nil,
57
- collection: VaultConnection.table_exists? ? proc { Hash[VaultConnection.unscoped.all.map { |vc| [vc.name, vc.name] }] } : [],
58
- include_blank: _('Select Vault Connection'))
59
- setting('vault_policy_template',
60
- full_name: N_('Vault Policy template name'),
61
- type: :string,
62
- description: N_('The name of the ProvisioningTemplate that will be used for Vault Policy'),
63
- default: ProvisioningTemplate.unscoped.of_kind(:VaultPolicy).find_by(name: 'Default Vault Policy')&.name,
64
- collection: proc { Hash[ProvisioningTemplate.unscoped.of_kind(:VaultPolicy).map { |tmpl| [tmpl.name, tmpl.name] }] },
65
- include_blank: _('Select Template'))
66
- setting('vault_orchestration_enabled',
67
- full_name: N_('Vault Orchestration enabled'),
68
- type: :boolean,
69
- description: N_('Enable or disable the Vault orchestration step for managing policies and auth methods'),
70
- default: false)
71
- end
40
+ settings do
41
+ category(:vault, N_('Vault')) do
42
+ setting('vault_connection',
43
+ full_name: N_('Default Vault connection'),
44
+ type: :string,
45
+ description: N_('Default Vault Connection that can be override using parameters'),
46
+ default: VaultConnection.table_exists? && VaultConnection.unscoped.count == 1 ? VaultConnection.unscoped.first.name : nil,
47
+ collection: VaultConnection.table_exists? ? proc { Hash[VaultConnection.unscoped.all.map { |vc| [vc.name, vc.name] }] } : [],
48
+ include_blank: _('Select Vault Connection'))
49
+ setting('vault_policy_template',
50
+ full_name: N_('Vault Policy template name'),
51
+ type: :string,
52
+ description: N_('The name of the ProvisioningTemplate that will be used for Vault Policy'),
53
+ default: ProvisioningTemplate.unscoped.of_kind(:VaultPolicy).find_by(name: 'Default Vault Policy')&.name,
54
+ collection: proc { Hash[ProvisioningTemplate.unscoped.of_kind(:VaultPolicy).map { |tmpl| [tmpl.name, tmpl.name] }] },
55
+ include_blank: _('Select Template'))
56
+ setting('vault_orchestration_enabled',
57
+ full_name: N_('Vault Orchestration enabled'),
58
+ type: :boolean,
59
+ description: N_('Enable or disable the Vault orchestration step for managing policies and auth methods'),
60
+ default: false)
72
61
  end
73
62
  end
74
63
 
@@ -80,14 +69,12 @@ module ForemanVault
80
69
  end
81
70
 
82
71
  config.to_prepare do
83
- begin
84
- ::Host::Managed.include(ForemanVault::HostExtensions)
85
- ::ProvisioningTemplate.include(ForemanVault::ProvisioningTemplateExtensions)
86
- ::Foreman::Renderer::Scope::Base.include(ForemanVault::Macros)
87
- ::Foreman::Renderer.configure { |c| c.allowed_generic_helpers += [:vault_secret, :vault_issue_certificate] }
88
- rescue StandardError => e
89
- Rails.logger.warn "ForemanVault: skipping engine hook (#{e})"
90
- end
72
+ ::Host::Managed.include(ForemanVault::HostExtensions)
73
+ ::ProvisioningTemplate.include(ForemanVault::ProvisioningTemplateExtensions)
74
+ ::Foreman::Renderer::Scope::Base.include(ForemanVault::Macros)
75
+ ::Foreman::Renderer.configure { |c| c.allowed_generic_helpers += [:vault_secret, :vault_issue_certificate] }
76
+ rescue StandardError => e
77
+ Rails.logger.warn "ForemanVault: skipping engine hook (#{e})"
91
78
  end
92
79
 
93
80
  initializer 'foreman_vault.register_gettext', after: :load_config_initializers do |_app|
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module ForemanVault
4
- VERSION = '1.2.0'
4
+ VERSION = '2.0.0'
5
5
  end
@@ -11,16 +11,14 @@ namespace :foreman_vault do # rubocop:disable Metrics/BlockLength
11
11
  hosts = Host::Managed.where(managed: true)
12
12
 
13
13
  hosts.each_with_index do |host, index|
14
- begin
15
- result = host.reload.vault_auth_method.save
16
- if result
17
- puts "[#{index + 1}/#{hosts.count}] Auth-Method of \"#{host.name}\" pushed to Vault server \"#{host.vault_connection.url}\""
18
- else
19
- puts "[#{index + 1}/#{hosts.count}] Failed to push \"#{host.name}\": #{result}"
20
- end
21
- rescue StandardError => err
22
- puts "[#{index + 1}/#{hosts.count}] Failed to push \"#{host.name}\": #{err}"
14
+ result = host.reload.vault_auth_method.save
15
+ if result
16
+ puts "[#{index + 1}/#{hosts.count}] Auth-Method of \"#{host.name}\" pushed to Vault server \"#{host.vault_connection.url}\""
17
+ else
18
+ puts "[#{index + 1}/#{hosts.count}] Failed to push \"#{host.name}\": #{result}"
23
19
  end
20
+ rescue StandardError => e
21
+ puts "[#{index + 1}/#{hosts.count}] Failed to push \"#{host.name}\": #{e}"
24
22
  end
25
23
  end
26
24
  end
@@ -33,16 +31,14 @@ namespace :foreman_vault do # rubocop:disable Metrics/BlockLength
33
31
  hosts = Host::Managed.where(managed: true)
34
32
 
35
33
  hosts.each_with_index do |host, index|
36
- begin
37
- result = host.reload.vault_policy.save
38
- if result
39
- puts "[#{index + 1}/#{hosts.count}] Policy of \"#{host.name}\" pushed to Vault server \"#{host.vault_connection.url}\""
40
- else
41
- puts "[#{index + 1}/#{hosts.count}] Failed to push \"#{host.name}\": #{result}"
42
- end
43
- rescue StandardError => err
44
- puts "[#{index + 1}/#{hosts.count}] Failed to push \"#{host.name}\": #{err}"
34
+ result = host.reload.vault_policy.save
35
+ if result
36
+ puts "[#{index + 1}/#{hosts.count}] Policy of \"#{host.name}\" pushed to Vault server \"#{host.vault_connection.url}\""
37
+ else
38
+ puts "[#{index + 1}/#{hosts.count}] Failed to push \"#{host.name}\": #{result}"
45
39
  end
40
+ rescue StandardError => e
41
+ puts "[#{index + 1}/#{hosts.count}] Failed to push \"#{host.name}\": #{e}"
46
42
  end
47
43
  end
48
44
  end
@@ -61,25 +57,4 @@ namespace :test do
61
57
  end
62
58
  end
63
59
 
64
- namespace :foreman_vault do
65
- task :rubocop do
66
- begin
67
- require 'rubocop/rake_task'
68
- RuboCop::RakeTask.new(:rubocop_foreman_vault) do |task|
69
- task.patterns = ["#{ForemanVault::Engine.root}/app/**/*.rb",
70
- "#{ForemanVault::Engine.root}/lib/**/*.rb",
71
- "#{ForemanVault::Engine.root}/test/**/*.rb"]
72
- end
73
- rescue StandardError
74
- puts 'Rubocop not loaded.'
75
- end
76
-
77
- Rake::Task['rubocop_foreman_vault'].invoke
78
- end
79
- end
80
-
81
60
  Rake::Task[:test].enhance ['test:foreman_vault']
82
-
83
- load 'tasks/jenkins.rake'
84
-
85
- Rake::Task['jenkins:unit'].enhance ['test:foreman_vault', 'foreman_vault:rubocop'] if Rake::Task.task_defined?(:'jenkins:unit')
@@ -0,0 +1,18 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'test_plugin_helper'
4
+ require 'unit/shared/access_permissions_test_base'
5
+
6
+ # Permissions are added in AccessPermissions with lists of controllers and
7
+ # actions that they enable access to. For non-admin users, we need to test
8
+ # that there are permissions available that cover every controller action, else
9
+ # it can't be delegated and this will lead to parts of the application that
10
+ # aren't functional for non-admin users.
11
+ #
12
+ # In particular, it's important that actions for AJAX requests are added to
13
+ # an appropriate permission so views using those requests function.
14
+ class AccessPermissionsTest < ActiveSupport::TestCase
15
+ include AccessPermissionsTestBase
16
+
17
+ check_routes(ForemanVault::Engine.routes, [])
18
+ end
@@ -22,7 +22,7 @@ class MacrosTest < ActiveSupport::TestCase
22
22
 
23
23
  subject = TestScope.new(host: host, source: source)
24
24
 
25
- assert subject.respond_to?(:vault_secret)
25
+ assert_respond_to subject, :vault_secret
26
26
  assert_equal response.data, subject.vault_secret(vault_connection.name, secret_path)
27
27
  end
28
28
  end
@@ -59,9 +59,11 @@ class VaultAuthMethodTest < ActiveSupport::TestCase
59
59
 
60
60
  subject.expects(:set_certificate).once.with(
61
61
  'name',
62
- certificate: 'cert',
63
- token_policies: 'vault_policy_name',
64
- allowed_common_names: [host.fqdn]
62
+ {
63
+ certificate: 'cert',
64
+ token_policies: 'vault_policy_name',
65
+ allowed_common_names: [host.fqdn],
66
+ }
65
67
  )
66
68
  subject.save
67
69
  end
@@ -23,15 +23,15 @@ class VaultClientTest < ActiveSupport::TestCase
23
23
  stub_request(:post, "#{base_url}/v1/auth/approle/login").with(
24
24
  body: {
25
25
  role_id: role_id,
26
- secret_id: secret_id
26
+ secret_id: secret_id,
27
27
  }
28
28
  ).to_return(
29
29
  status: 200,
30
30
  headers: { 'Content-Type': 'application/json' },
31
31
  body: {
32
32
  auth: {
33
- client_token: token
34
- }
33
+ client_token: token,
34
+ },
35
35
  }.to_json
36
36
  )
37
37
  end
@@ -82,7 +82,7 @@ class VaultClientTest < ActiveSupport::TestCase
82
82
  issuing_ca: 'CA_CERTIFICATE_DATA',
83
83
  private_key: 'PRIVATE_KEY_DATA',
84
84
  private_key_type: 'rsa',
85
- serial_number: '7e:2d:c8:dd:df:da:fe:1f:39:da:39:23:4f:74:c8:1f:1d:4a:db:a7'
85
+ serial_number: '7e:2d:c8:dd:df:da:fe:1f:39:da:39:23:4f:74:c8:1f:1d:4a:db:a7',
86
86
  }
87
87
 
88
88
  response = OpenStruct.new(data: @data)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: foreman_vault
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.0
4
+ version: 2.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - dmTECH GmbH
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-08-18 00:00:00.000000000 Z
11
+ date: 2024-05-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: vault
@@ -39,19 +39,19 @@ dependencies:
39
39
  - !ruby/object:Gem::Version
40
40
  version: '0'
41
41
  - !ruby/object:Gem::Dependency
42
- name: rubocop
42
+ name: theforeman-rubocop
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - '='
45
+ - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: 0.54.0
47
+ version: 0.1.2
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
- - - '='
52
+ - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: 0.54.0
54
+ version: 0.1.2
55
55
  description:
56
56
  email:
57
57
  - opensource@dm.de
@@ -71,7 +71,6 @@ files:
71
71
  - app/models/concerns/foreman_vault/host_extensions.rb
72
72
  - app/models/concerns/foreman_vault/orchestration/vault_policy.rb
73
73
  - app/models/concerns/foreman_vault/provisioning_template_extensions.rb
74
- - app/models/setting/vault.rb
75
74
  - app/models/vault_connection.rb
76
75
  - app/services/foreman_vault/vault_auth_method.rb
77
76
  - app/services/foreman_vault/vault_client.rb
@@ -93,6 +92,7 @@ files:
93
92
  - db/migrate/20180725072913_create_vault_connection.foreman_vault.rb
94
93
  - db/migrate/20180809172407_rename_vault_status_to_vault_error.foreman_vault.rb
95
94
  - db/migrate/20201203220058_add_approle_to_vault_connection.rb
95
+ - db/migrate/20230309072504_fix_vault_settings_category_to_dsl.rb
96
96
  - db/seeds.d/103-provisioning_templates.rb
97
97
  - lib/foreman_vault.rb
98
98
  - lib/foreman_vault/engine.rb
@@ -115,6 +115,7 @@ files:
115
115
  - test/models/vault_connection_test.rb
116
116
  - test/models/vault_policy_template_test.rb
117
117
  - test/test_plugin_helper.rb
118
+ - test/unit/foreman_vault/access_permissions_test.rb
118
119
  - test/unit/lib/foreman_vault/macros_test.rb
119
120
  - test/unit/services/foreman_vault/vault_auth_method_test.rb
120
121
  - test/unit/services/foreman_vault/vault_client_test.rb
@@ -131,14 +132,17 @@ required_ruby_version: !ruby/object:Gem::Requirement
131
132
  requirements:
132
133
  - - ">="
133
134
  - !ruby/object:Gem::Version
134
- version: '0'
135
+ version: '2.5'
136
+ - - "<"
137
+ - !ruby/object:Gem::Version
138
+ version: '4'
135
139
  required_rubygems_version: !ruby/object:Gem::Requirement
136
140
  requirements:
137
141
  - - ">="
138
142
  - !ruby/object:Gem::Version
139
143
  version: '0'
140
144
  requirements: []
141
- rubygems_version: 3.3.3
145
+ rubygems_version: 3.4.1
142
146
  signing_key:
143
147
  specification_version: 4
144
148
  summary: Adds support for using credentials from Hashicorp Vault
@@ -156,6 +160,7 @@ test_files:
156
160
  - test/models/vault_connection_test.rb
157
161
  - test/models/vault_policy_template_test.rb
158
162
  - test/test_plugin_helper.rb
163
+ - test/unit/foreman_vault/access_permissions_test.rb
159
164
  - test/unit/lib/foreman_vault/macros_test.rb
160
165
  - test/unit/services/foreman_vault/vault_auth_method_test.rb
161
166
  - test/unit/services/foreman_vault/vault_client_test.rb
@@ -1,104 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- class Setting
4
- class Vault < ::Setting
5
- BLANK_ATTRS << 'vault_connection'
6
- BLANK_ATTRS << 'vault_policy_template'
7
-
8
- def self.default_settings
9
- [set_vault_connection, set_vault_policy_template, set_vault_orchestration_enabled]
10
- end
11
-
12
- # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
13
- def self.load_defaults
14
- return unless Gem::Version.new(SETTINGS[:version].notag) < Gem::Version.new('3.4')
15
-
16
- # Check the table exists
17
- return unless super
18
-
19
- transaction do
20
- default_settings.each do |s|
21
- setting = create! s.update(category: 'Setting::Vault')
22
-
23
- Foreman.try(:settings)&._add(
24
- s[:name],
25
- s.slice(:description, :default, :full_name, :encrypted)
26
- .merge(category: 'Setting::Vault')
27
- .yield_self do |params|
28
- unless Gem::Version.new(SETTINGS[:version].notag) < Gem::Version.new('2.6')
29
- params[:context] = :vault
30
- params[:type] = setting.settings_type
31
- end
32
- params
33
- end
34
- )
35
- end
36
- end
37
-
38
- true
39
- end
40
- # rubocop:enable Metrics/AbcSize, Metrics/MethodLength
41
-
42
- def self.humanized_category
43
- N_('Vault')
44
- end
45
-
46
- class << self
47
- private
48
-
49
- def set_vault_connection
50
- set(
51
- 'vault_connection',
52
- N_('Default Vault Connection that can be override using parameters'),
53
- default_vault_connection,
54
- N_('Default Vault Connection'),
55
- nil,
56
- collection: vault_connections_collection,
57
- include_blank: _('Select Vault Connection')
58
- )
59
- end
60
-
61
- def default_vault_connection
62
- return nil unless VaultConnection.table_exists?
63
- return unless VaultConnection.unscoped.count == 1
64
-
65
- VaultConnection.unscoped.first.name
66
- end
67
-
68
- def vault_connections_collection
69
- return [] unless VaultConnection.table_exists?
70
-
71
- proc { Hash[VaultConnection.unscoped.all.map { |vc| [vc.name, vc.name] }] }
72
- end
73
-
74
- def set_vault_policy_template
75
- set(
76
- 'vault_policy_template',
77
- N_('The name of the ProvisioningTemplate that will be used for Vault Policy'),
78
- default_vault_policy_template,
79
- N_('Vault Policy template name'),
80
- nil,
81
- collection: vault_policy_templates_collection,
82
- include_blank: _('Select Template')
83
- )
84
- end
85
-
86
- def default_vault_policy_template
87
- ProvisioningTemplate.unscoped.of_kind(:VaultPolicy).find_by(name: 'Default Vault Policy')&.name
88
- end
89
-
90
- def vault_policy_templates_collection
91
- proc { Hash[ProvisioningTemplate.unscoped.of_kind(:VaultPolicy).map { |tmpl| [tmpl.name, tmpl.name] }] }
92
- end
93
-
94
- def set_vault_orchestration_enabled
95
- set(
96
- 'vault_orchestration_enabled',
97
- N_('Enable or disable the Vault orchestration step for managing policies and auth methods'),
98
- false,
99
- N_('Vault Orchestration enabled')
100
- )
101
- end
102
- end
103
- end
104
- end