foreman_vault 1.2.0 → 2.0.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1a698b340bc8ac1d8e1f9313548b3f27b971e87863886b4eac7c345c836460f2
4
- data.tar.gz: 199cfbb6dae934a8dddc047964f068ad68a0fb1dd32590dbf4a976513229a205
3
+ metadata.gz: c5fe8746df7815f6129640d07776dcc4e32108fcd751c35fdb20f6facf95b87f
4
+ data.tar.gz: 48a412989b2ce3dda9389f9a6ea9a06fc881157cb959536c618b6395d5b6ed83
5
5
  SHA512:
6
- metadata.gz: 43759e193861b1ead17c0112b73fb7b36f613348f0041687e84646bb1e9ae869f5833893f4a749ffee880a921e23896a1ff5dfa7488cff7d6079d9056ffb3332
7
- data.tar.gz: b956c84f73978386e43ad0e095d86ff1a2383f826f747252a176fe1198df2605c0e10d740c1fdacbb99f9105773ebef00e891c643e386f24e448d185389d9e08
6
+ metadata.gz: d45fa891dc392701f2cdb08ed00216fabff042a63b3d097cd71caf43630366b245c70ef06bd5860963fa1d9179f239bc0e3e7b79f94a288109d9c97b2dbe068c
7
+ data.tar.gz: 48f5a92159bccc41cea54144f88ce47875d1f83f6158ba812a2b36c1289087aadf41f2caad431f52ebf2c917267f9432e2cf6cbc2a221a35b9ed2b1a924958a1
data/README.md CHANGED
@@ -22,6 +22,7 @@ This allows Foreman to create everything needed to access Hashicorp Vault direct
22
22
 
23
23
  | Foreman Version | Plugin Version |
24
24
  | --------------- | -------------- |
25
+ | >= 3.9 | ~> 2.0 |
25
26
  | >= 2.3 | ~> 1.0 |
26
27
  | >= 1.23 | ~> 0.3, ~> 0.4 |
27
28
  | >= 1.20 | ~> 0.2 |
data/Rakefile CHANGED
@@ -20,7 +20,7 @@ RDoc::Task.new(:rdoc) do |rdoc|
20
20
  rdoc.rdoc_files.include('lib/**/*.rb')
21
21
  end
22
22
 
23
- APP_RAKEFILE = File.expand_path('../test/dummy/Rakefile', __FILE__)
23
+ APP_RAKEFILE = File.expand_path('test/dummy/Rakefile', __dir__)
24
24
 
25
25
  Bundler::GemHelper.install_tasks
26
26
 
@@ -38,7 +38,7 @@ task default: :test
38
38
  begin
39
39
  require 'rubocop/rake_task'
40
40
  RuboCop::RakeTask.new
41
- rescue => _
41
+ rescue StandardError => _e
42
42
  puts 'Rubocop not loaded.'
43
43
  end
44
44
 
@@ -16,7 +16,8 @@ module Api
16
16
 
17
17
  api :GET, '/vault_connections/:id', N_('Show VaultConnection details')
18
18
  param :id, :identifier, required: true
19
- def show; end
19
+ def show
20
+ end
20
21
 
21
22
  def_param_group :vault_connection do
22
23
  param :vault_connection, Hash, action_aware: true, required: true do
@@ -22,7 +22,8 @@ class VaultConnectionsController < ::ApplicationController
22
22
  end
23
23
  end
24
24
 
25
- def edit; end
25
+ def edit
26
+ end
26
27
 
27
28
  def update
28
29
  if @vault_connection.update(vault_connection_params)
@@ -21,7 +21,7 @@ module ForemanVault
21
21
  return unless vault_auth_method.valid?
22
22
 
23
23
  queue.create(name: _('Push %s data to Vault') % self, priority: 100,
24
- action: [self, :set_vault])
24
+ action: [self, :set_vault])
25
25
  end
26
26
 
27
27
  def queue_vault_destroy
@@ -30,10 +30,9 @@ module ForemanVault
30
30
  return unless vault_auth_method.valid?
31
31
 
32
32
  queue.create(name: _('Clear %s Vault data') % self, priority: 60,
33
- action: [self, :del_vault])
33
+ action: [self, :del_vault])
34
34
  end
35
35
 
36
- # rubocop:disable Metrics/AbcSize
37
36
  def set_vault
38
37
  logger.info "Pushing #{name} data to Vault"
39
38
 
@@ -44,7 +43,6 @@ module ForemanVault
44
43
  Foreman::Logging.exception("Failed to push #{name} data to Vault.", e)
45
44
  failure format(_('Failed to push %{name} data to Vault: %{message}\n '), name: name, message: e.message), e
46
45
  end
47
- # rubocop:enable Metrics/AbcSize
48
46
 
49
47
  def del_vault
50
48
  logger.info "Clearing #{name} Vault data"
@@ -7,7 +7,7 @@ class VaultConnection < ApplicationRecord
7
7
  validates :name, presence: true, uniqueness: true
8
8
  validates :name, inclusion: { in: ->(i) { [i.name_was] }, message: _('cannot be changed after creation') }, on: :update
9
9
  validates :url, presence: true
10
- validates :url, format: URI.regexp(['http', 'https'])
10
+ validates :url, format: URI::DEFAULT_PARSER.make_regexp(['http', 'https'])
11
11
 
12
12
  validates :token, presence: true, if: -> { role_id.nil? || secret_id.nil? }
13
13
  validates :token, inclusion: { in: [nil], message: _('AppRole or token must be blank') }, unless: -> { role_id.nil? || secret_id.nil? }
@@ -25,8 +25,8 @@ class VaultConnection < ApplicationRecord
25
25
  scope :with_valid_token, -> { with_token.where(vault_error: nil).where('expire_time > ?', Time.zone.now) }
26
26
 
27
27
  delegate :fetch_expire_time, :fetch_secret, :issue_certificate,
28
- :policy, :policies, :put_policy, :delete_policy,
29
- :set_certificate, :certificates, :delete_certificate, to: :client
28
+ :policy, :policies, :put_policy, :delete_policy,
29
+ :set_certificate, :certificates, :delete_certificate, to: :client
30
30
 
31
31
  def with_token?
32
32
  token.present?
@@ -31,6 +31,7 @@ module ForemanVault
31
31
  private
32
32
 
33
33
  attr_reader :host
34
+
34
35
  delegate :vault_policy, :vault_connection, :fqdn, to: :host
35
36
  delegate :name, to: :vault_policy, prefix: true
36
37
  delegate :set_certificate, :delete_certificate, to: :vault_connection
@@ -39,7 +40,7 @@ module ForemanVault
39
40
  {
40
41
  certificate: certificate,
41
42
  token_policies: vault_policy_name,
42
- allowed_common_names: allowed_common_names
43
+ allowed_common_names: allowed_common_names,
43
44
  }
44
45
  end
45
46
 
@@ -37,6 +37,7 @@ module ForemanVault
37
37
  private
38
38
 
39
39
  attr_reader :host
40
+
40
41
  delegate :params, :render_template, :vault_connection, to: :host
41
42
  delegate :policy, :policies, :put_policy, :delete_policy, to: :vault_connection
42
43
 
@@ -0,0 +1,7 @@
1
+ # frozen_string_literal: true
2
+
3
+ class FixVaultSettingsCategoryToDsl < ActiveRecord::Migration[6.0]
4
+ def up
5
+ Setting.where(category: 'Setting::Vault').update_all(category: 'Setting') if column_exists?(:settings, :category)
6
+ end
7
+ end
@@ -5,8 +5,8 @@ User.as_anonymous_admin do
5
5
  {
6
6
  name: 'Default Vault Policy',
7
7
  source: 'VaultPolicy/default.erb',
8
- template_kind: TemplateKind.find_or_create_by(name: 'VaultPolicy')
9
- }
8
+ template_kind: TemplateKind.find_or_create_by(name: 'VaultPolicy'),
9
+ },
10
10
  ]
11
11
 
12
12
  templates.each do |template|
@@ -12,14 +12,6 @@ module ForemanVault
12
12
  config.autoload_paths += Dir["#{config.root}/app/lib"]
13
13
  config.autoload_paths += Dir["#{config.root}/app/jobs"]
14
14
 
15
- initializer 'foreman_vault.load_default_settings', before: :load_config_initializers do
16
- require_dependency File.expand_path('../../app/models/setting/vault.rb', __dir__) if begin
17
- Setting.table_exists?
18
- rescue StandardError
19
- (false)
20
- end
21
- end
22
-
23
15
  # Add any db migrations
24
16
  initializer 'foreman_vault.load_app_instance_data' do |app|
25
17
  ForemanVault::Engine.paths['db/migrate'].existent.each do |path|
@@ -29,7 +21,7 @@ module ForemanVault
29
21
 
30
22
  initializer 'foreman_vault.register_plugin', before: :finisher_hook do |_app|
31
23
  Foreman::Plugin.register :foreman_vault do
32
- requires_foreman '>= 2.3'
24
+ requires_foreman '>= 3.9'
33
25
 
34
26
  apipie_documented_controllers ["#{ForemanVault::Engine.root}/app/controllers/api/v2/*.rb"]
35
27
 
@@ -45,30 +37,27 @@ module ForemanVault
45
37
  'api/v2/vault_connections': [:destroy] }, resource_type: 'VaultConnection'
46
38
  end
47
39
 
48
- # New settings definition DSL is available from Foreman 3.0
49
- if respond_to?(:settings)
50
- settings do
51
- category(:vault, N_('Vault')) do
52
- setting('vault_connection',
53
- full_name: N_('Default Vault connection'),
54
- type: :string,
55
- description: N_('Default Vault Connection that can be override using parameters'),
56
- default: VaultConnection.table_exists? && VaultConnection.unscoped.count == 1 ? VaultConnection.unscoped.first.name : nil,
57
- collection: VaultConnection.table_exists? ? proc { Hash[VaultConnection.unscoped.all.map { |vc| [vc.name, vc.name] }] } : [],
58
- include_blank: _('Select Vault Connection'))
59
- setting('vault_policy_template',
60
- full_name: N_('Vault Policy template name'),
61
- type: :string,
62
- description: N_('The name of the ProvisioningTemplate that will be used for Vault Policy'),
63
- default: ProvisioningTemplate.unscoped.of_kind(:VaultPolicy).find_by(name: 'Default Vault Policy')&.name,
64
- collection: proc { Hash[ProvisioningTemplate.unscoped.of_kind(:VaultPolicy).map { |tmpl| [tmpl.name, tmpl.name] }] },
65
- include_blank: _('Select Template'))
66
- setting('vault_orchestration_enabled',
67
- full_name: N_('Vault Orchestration enabled'),
68
- type: :boolean,
69
- description: N_('Enable or disable the Vault orchestration step for managing policies and auth methods'),
70
- default: false)
71
- end
40
+ settings do
41
+ category(:vault, N_('Vault')) do
42
+ setting('vault_connection',
43
+ full_name: N_('Default Vault connection'),
44
+ type: :string,
45
+ description: N_('Default Vault Connection that can be override using parameters'),
46
+ default: VaultConnection.table_exists? && VaultConnection.unscoped.count == 1 ? VaultConnection.unscoped.first.name : nil,
47
+ collection: VaultConnection.table_exists? ? proc { Hash[VaultConnection.unscoped.all.map { |vc| [vc.name, vc.name] }] } : [],
48
+ include_blank: _('Select Vault Connection'))
49
+ setting('vault_policy_template',
50
+ full_name: N_('Vault Policy template name'),
51
+ type: :string,
52
+ description: N_('The name of the ProvisioningTemplate that will be used for Vault Policy'),
53
+ default: ProvisioningTemplate.unscoped.of_kind(:VaultPolicy).find_by(name: 'Default Vault Policy')&.name,
54
+ collection: proc { Hash[ProvisioningTemplate.unscoped.of_kind(:VaultPolicy).map { |tmpl| [tmpl.name, tmpl.name] }] },
55
+ include_blank: _('Select Template'))
56
+ setting('vault_orchestration_enabled',
57
+ full_name: N_('Vault Orchestration enabled'),
58
+ type: :boolean,
59
+ description: N_('Enable or disable the Vault orchestration step for managing policies and auth methods'),
60
+ default: false)
72
61
  end
73
62
  end
74
63
 
@@ -80,14 +69,12 @@ module ForemanVault
80
69
  end
81
70
 
82
71
  config.to_prepare do
83
- begin
84
- ::Host::Managed.include(ForemanVault::HostExtensions)
85
- ::ProvisioningTemplate.include(ForemanVault::ProvisioningTemplateExtensions)
86
- ::Foreman::Renderer::Scope::Base.include(ForemanVault::Macros)
87
- ::Foreman::Renderer.configure { |c| c.allowed_generic_helpers += [:vault_secret, :vault_issue_certificate] }
88
- rescue StandardError => e
89
- Rails.logger.warn "ForemanVault: skipping engine hook (#{e})"
90
- end
72
+ ::Host::Managed.include(ForemanVault::HostExtensions)
73
+ ::ProvisioningTemplate.include(ForemanVault::ProvisioningTemplateExtensions)
74
+ ::Foreman::Renderer::Scope::Base.include(ForemanVault::Macros)
75
+ ::Foreman::Renderer.configure { |c| c.allowed_generic_helpers += [:vault_secret, :vault_issue_certificate] }
76
+ rescue StandardError => e
77
+ Rails.logger.warn "ForemanVault: skipping engine hook (#{e})"
91
78
  end
92
79
 
93
80
  initializer 'foreman_vault.register_gettext', after: :load_config_initializers do |_app|
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module ForemanVault
4
- VERSION = '1.2.0'
4
+ VERSION = '2.0.0'
5
5
  end
@@ -11,16 +11,14 @@ namespace :foreman_vault do # rubocop:disable Metrics/BlockLength
11
11
  hosts = Host::Managed.where(managed: true)
12
12
 
13
13
  hosts.each_with_index do |host, index|
14
- begin
15
- result = host.reload.vault_auth_method.save
16
- if result
17
- puts "[#{index + 1}/#{hosts.count}] Auth-Method of \"#{host.name}\" pushed to Vault server \"#{host.vault_connection.url}\""
18
- else
19
- puts "[#{index + 1}/#{hosts.count}] Failed to push \"#{host.name}\": #{result}"
20
- end
21
- rescue StandardError => err
22
- puts "[#{index + 1}/#{hosts.count}] Failed to push \"#{host.name}\": #{err}"
14
+ result = host.reload.vault_auth_method.save
15
+ if result
16
+ puts "[#{index + 1}/#{hosts.count}] Auth-Method of \"#{host.name}\" pushed to Vault server \"#{host.vault_connection.url}\""
17
+ else
18
+ puts "[#{index + 1}/#{hosts.count}] Failed to push \"#{host.name}\": #{result}"
23
19
  end
20
+ rescue StandardError => e
21
+ puts "[#{index + 1}/#{hosts.count}] Failed to push \"#{host.name}\": #{e}"
24
22
  end
25
23
  end
26
24
  end
@@ -33,16 +31,14 @@ namespace :foreman_vault do # rubocop:disable Metrics/BlockLength
33
31
  hosts = Host::Managed.where(managed: true)
34
32
 
35
33
  hosts.each_with_index do |host, index|
36
- begin
37
- result = host.reload.vault_policy.save
38
- if result
39
- puts "[#{index + 1}/#{hosts.count}] Policy of \"#{host.name}\" pushed to Vault server \"#{host.vault_connection.url}\""
40
- else
41
- puts "[#{index + 1}/#{hosts.count}] Failed to push \"#{host.name}\": #{result}"
42
- end
43
- rescue StandardError => err
44
- puts "[#{index + 1}/#{hosts.count}] Failed to push \"#{host.name}\": #{err}"
34
+ result = host.reload.vault_policy.save
35
+ if result
36
+ puts "[#{index + 1}/#{hosts.count}] Policy of \"#{host.name}\" pushed to Vault server \"#{host.vault_connection.url}\""
37
+ else
38
+ puts "[#{index + 1}/#{hosts.count}] Failed to push \"#{host.name}\": #{result}"
45
39
  end
40
+ rescue StandardError => e
41
+ puts "[#{index + 1}/#{hosts.count}] Failed to push \"#{host.name}\": #{e}"
46
42
  end
47
43
  end
48
44
  end
@@ -61,25 +57,4 @@ namespace :test do
61
57
  end
62
58
  end
63
59
 
64
- namespace :foreman_vault do
65
- task :rubocop do
66
- begin
67
- require 'rubocop/rake_task'
68
- RuboCop::RakeTask.new(:rubocop_foreman_vault) do |task|
69
- task.patterns = ["#{ForemanVault::Engine.root}/app/**/*.rb",
70
- "#{ForemanVault::Engine.root}/lib/**/*.rb",
71
- "#{ForemanVault::Engine.root}/test/**/*.rb"]
72
- end
73
- rescue StandardError
74
- puts 'Rubocop not loaded.'
75
- end
76
-
77
- Rake::Task['rubocop_foreman_vault'].invoke
78
- end
79
- end
80
-
81
60
  Rake::Task[:test].enhance ['test:foreman_vault']
82
-
83
- load 'tasks/jenkins.rake'
84
-
85
- Rake::Task['jenkins:unit'].enhance ['test:foreman_vault', 'foreman_vault:rubocop'] if Rake::Task.task_defined?(:'jenkins:unit')
@@ -0,0 +1,18 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'test_plugin_helper'
4
+ require 'unit/shared/access_permissions_test_base'
5
+
6
+ # Permissions are added in AccessPermissions with lists of controllers and
7
+ # actions that they enable access to. For non-admin users, we need to test
8
+ # that there are permissions available that cover every controller action, else
9
+ # it can't be delegated and this will lead to parts of the application that
10
+ # aren't functional for non-admin users.
11
+ #
12
+ # In particular, it's important that actions for AJAX requests are added to
13
+ # an appropriate permission so views using those requests function.
14
+ class AccessPermissionsTest < ActiveSupport::TestCase
15
+ include AccessPermissionsTestBase
16
+
17
+ check_routes(ForemanVault::Engine.routes, [])
18
+ end
@@ -22,7 +22,7 @@ class MacrosTest < ActiveSupport::TestCase
22
22
 
23
23
  subject = TestScope.new(host: host, source: source)
24
24
 
25
- assert subject.respond_to?(:vault_secret)
25
+ assert_respond_to subject, :vault_secret
26
26
  assert_equal response.data, subject.vault_secret(vault_connection.name, secret_path)
27
27
  end
28
28
  end
@@ -59,9 +59,11 @@ class VaultAuthMethodTest < ActiveSupport::TestCase
59
59
 
60
60
  subject.expects(:set_certificate).once.with(
61
61
  'name',
62
- certificate: 'cert',
63
- token_policies: 'vault_policy_name',
64
- allowed_common_names: [host.fqdn]
62
+ {
63
+ certificate: 'cert',
64
+ token_policies: 'vault_policy_name',
65
+ allowed_common_names: [host.fqdn],
66
+ }
65
67
  )
66
68
  subject.save
67
69
  end
@@ -23,15 +23,15 @@ class VaultClientTest < ActiveSupport::TestCase
23
23
  stub_request(:post, "#{base_url}/v1/auth/approle/login").with(
24
24
  body: {
25
25
  role_id: role_id,
26
- secret_id: secret_id
26
+ secret_id: secret_id,
27
27
  }
28
28
  ).to_return(
29
29
  status: 200,
30
30
  headers: { 'Content-Type': 'application/json' },
31
31
  body: {
32
32
  auth: {
33
- client_token: token
34
- }
33
+ client_token: token,
34
+ },
35
35
  }.to_json
36
36
  )
37
37
  end
@@ -82,7 +82,7 @@ class VaultClientTest < ActiveSupport::TestCase
82
82
  issuing_ca: 'CA_CERTIFICATE_DATA',
83
83
  private_key: 'PRIVATE_KEY_DATA',
84
84
  private_key_type: 'rsa',
85
- serial_number: '7e:2d:c8:dd:df:da:fe:1f:39:da:39:23:4f:74:c8:1f:1d:4a:db:a7'
85
+ serial_number: '7e:2d:c8:dd:df:da:fe:1f:39:da:39:23:4f:74:c8:1f:1d:4a:db:a7',
86
86
  }
87
87
 
88
88
  response = OpenStruct.new(data: @data)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: foreman_vault
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.0
4
+ version: 2.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - dmTECH GmbH
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-08-18 00:00:00.000000000 Z
11
+ date: 2024-05-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: vault
@@ -39,19 +39,19 @@ dependencies:
39
39
  - !ruby/object:Gem::Version
40
40
  version: '0'
41
41
  - !ruby/object:Gem::Dependency
42
- name: rubocop
42
+ name: theforeman-rubocop
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - '='
45
+ - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: 0.54.0
47
+ version: 0.1.2
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
- - - '='
52
+ - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: 0.54.0
54
+ version: 0.1.2
55
55
  description:
56
56
  email:
57
57
  - opensource@dm.de
@@ -71,7 +71,6 @@ files:
71
71
  - app/models/concerns/foreman_vault/host_extensions.rb
72
72
  - app/models/concerns/foreman_vault/orchestration/vault_policy.rb
73
73
  - app/models/concerns/foreman_vault/provisioning_template_extensions.rb
74
- - app/models/setting/vault.rb
75
74
  - app/models/vault_connection.rb
76
75
  - app/services/foreman_vault/vault_auth_method.rb
77
76
  - app/services/foreman_vault/vault_client.rb
@@ -93,6 +92,7 @@ files:
93
92
  - db/migrate/20180725072913_create_vault_connection.foreman_vault.rb
94
93
  - db/migrate/20180809172407_rename_vault_status_to_vault_error.foreman_vault.rb
95
94
  - db/migrate/20201203220058_add_approle_to_vault_connection.rb
95
+ - db/migrate/20230309072504_fix_vault_settings_category_to_dsl.rb
96
96
  - db/seeds.d/103-provisioning_templates.rb
97
97
  - lib/foreman_vault.rb
98
98
  - lib/foreman_vault/engine.rb
@@ -115,6 +115,7 @@ files:
115
115
  - test/models/vault_connection_test.rb
116
116
  - test/models/vault_policy_template_test.rb
117
117
  - test/test_plugin_helper.rb
118
+ - test/unit/foreman_vault/access_permissions_test.rb
118
119
  - test/unit/lib/foreman_vault/macros_test.rb
119
120
  - test/unit/services/foreman_vault/vault_auth_method_test.rb
120
121
  - test/unit/services/foreman_vault/vault_client_test.rb
@@ -131,14 +132,17 @@ required_ruby_version: !ruby/object:Gem::Requirement
131
132
  requirements:
132
133
  - - ">="
133
134
  - !ruby/object:Gem::Version
134
- version: '0'
135
+ version: '2.5'
136
+ - - "<"
137
+ - !ruby/object:Gem::Version
138
+ version: '4'
135
139
  required_rubygems_version: !ruby/object:Gem::Requirement
136
140
  requirements:
137
141
  - - ">="
138
142
  - !ruby/object:Gem::Version
139
143
  version: '0'
140
144
  requirements: []
141
- rubygems_version: 3.3.3
145
+ rubygems_version: 3.4.1
142
146
  signing_key:
143
147
  specification_version: 4
144
148
  summary: Adds support for using credentials from Hashicorp Vault
@@ -156,6 +160,7 @@ test_files:
156
160
  - test/models/vault_connection_test.rb
157
161
  - test/models/vault_policy_template_test.rb
158
162
  - test/test_plugin_helper.rb
163
+ - test/unit/foreman_vault/access_permissions_test.rb
159
164
  - test/unit/lib/foreman_vault/macros_test.rb
160
165
  - test/unit/services/foreman_vault/vault_auth_method_test.rb
161
166
  - test/unit/services/foreman_vault/vault_client_test.rb
@@ -1,104 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- class Setting
4
- class Vault < ::Setting
5
- BLANK_ATTRS << 'vault_connection'
6
- BLANK_ATTRS << 'vault_policy_template'
7
-
8
- def self.default_settings
9
- [set_vault_connection, set_vault_policy_template, set_vault_orchestration_enabled]
10
- end
11
-
12
- # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
13
- def self.load_defaults
14
- return unless Gem::Version.new(SETTINGS[:version].notag) < Gem::Version.new('3.4')
15
-
16
- # Check the table exists
17
- return unless super
18
-
19
- transaction do
20
- default_settings.each do |s|
21
- setting = create! s.update(category: 'Setting::Vault')
22
-
23
- Foreman.try(:settings)&._add(
24
- s[:name],
25
- s.slice(:description, :default, :full_name, :encrypted)
26
- .merge(category: 'Setting::Vault')
27
- .yield_self do |params|
28
- unless Gem::Version.new(SETTINGS[:version].notag) < Gem::Version.new('2.6')
29
- params[:context] = :vault
30
- params[:type] = setting.settings_type
31
- end
32
- params
33
- end
34
- )
35
- end
36
- end
37
-
38
- true
39
- end
40
- # rubocop:enable Metrics/AbcSize, Metrics/MethodLength
41
-
42
- def self.humanized_category
43
- N_('Vault')
44
- end
45
-
46
- class << self
47
- private
48
-
49
- def set_vault_connection
50
- set(
51
- 'vault_connection',
52
- N_('Default Vault Connection that can be override using parameters'),
53
- default_vault_connection,
54
- N_('Default Vault Connection'),
55
- nil,
56
- collection: vault_connections_collection,
57
- include_blank: _('Select Vault Connection')
58
- )
59
- end
60
-
61
- def default_vault_connection
62
- return nil unless VaultConnection.table_exists?
63
- return unless VaultConnection.unscoped.count == 1
64
-
65
- VaultConnection.unscoped.first.name
66
- end
67
-
68
- def vault_connections_collection
69
- return [] unless VaultConnection.table_exists?
70
-
71
- proc { Hash[VaultConnection.unscoped.all.map { |vc| [vc.name, vc.name] }] }
72
- end
73
-
74
- def set_vault_policy_template
75
- set(
76
- 'vault_policy_template',
77
- N_('The name of the ProvisioningTemplate that will be used for Vault Policy'),
78
- default_vault_policy_template,
79
- N_('Vault Policy template name'),
80
- nil,
81
- collection: vault_policy_templates_collection,
82
- include_blank: _('Select Template')
83
- )
84
- end
85
-
86
- def default_vault_policy_template
87
- ProvisioningTemplate.unscoped.of_kind(:VaultPolicy).find_by(name: 'Default Vault Policy')&.name
88
- end
89
-
90
- def vault_policy_templates_collection
91
- proc { Hash[ProvisioningTemplate.unscoped.of_kind(:VaultPolicy).map { |tmpl| [tmpl.name, tmpl.name] }] }
92
- end
93
-
94
- def set_vault_orchestration_enabled
95
- set(
96
- 'vault_orchestration_enabled',
97
- N_('Enable or disable the Vault orchestration step for managing policies and auth methods'),
98
- false,
99
- N_('Vault Orchestration enabled')
100
- )
101
- end
102
- end
103
- end
104
- end