foreman_vault 1.1.0 → 1.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +2 -2
  3. data/app/models/setting/vault.rb +2 -1
  4. data/app/models/vault_connection.rb +1 -0
  5. data/app/views/vault_connections/_form.html.erb +3 -3
  6. data/lib/foreman_vault/engine.rb +27 -0
  7. data/lib/foreman_vault/version.rb +1 -1
  8. data/test/functional/api/v2/vault_connections_controller_test.rb +8 -2
  9. data/test/models/foreman_vault/orchestration/vault_policy_test.rb +1 -1
  10. data/test/models/vault_connection_test.rb +6 -0
  11. data/test/unit/services/foreman_vault/vault_auth_method_test.rb +1 -1
  12. metadata +16 -16
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 39553e728b4ff3661a8b0fc008ee0959e5fdbba5f915a9f7f9d09bdd24d9d65a
4
- data.tar.gz: 34b06a3ffc2cfdd6055356c4af15e91bb7d94de7954983d0becc20881c85fef3
3
+ metadata.gz: 1a698b340bc8ac1d8e1f9313548b3f27b971e87863886b4eac7c345c836460f2
4
+ data.tar.gz: 199cfbb6dae934a8dddc047964f068ad68a0fb1dd32590dbf4a976513229a205
5
5
  SHA512:
6
- metadata.gz: 04fe38f150fb63017eeb3803c14ea02fe6eb557a8a51d13f7f089bc4a7e5ca12f08182ede2c642e5dd6b47d5ab53e5adcc80e45117ad714ad6154cec2df486de
7
- data.tar.gz: d6ecb38160b4180a137a6db4f0d9e7fa6e9e14d32ebc5e98cae09a92f18997946bacc548adc4a55f7e19107ae6f2fcdbe7e43ab5a540b0d96706239dd81aa462
6
+ metadata.gz: 43759e193861b1ead17c0112b73fb7b36f613348f0041687e84646bb1e9ae869f5833893f4a749ffee880a921e23896a1ff5dfa7488cff7d6079d9056ffb3332
7
+ data.tar.gz: b956c84f73978386e43ad0e095d86ff1a2383f826f747252a176fe1198df2605c0e10d740c1fdacbb99f9105773ebef00e891c643e386f24e448d185389d9e08
data/README.md CHANGED
@@ -32,7 +32,7 @@ This allows Foreman to create everything needed to access Hashicorp Vault direct
32
32
  - Working Vault instance
33
33
  - with _cert_ auth enabled
34
34
  - with _approle_ auth enabled
35
- - with _kv_ secret store enabled
35
+ - with _kv v1_ secret store enabled
36
36
  - valid Vault Token
37
37
 
38
38
  **Dev Vault Instance**
@@ -43,7 +43,7 @@ To run a local Vault dev environment on MacOS use:
43
43
  $ brew install vault
44
44
  $ vault server -dev
45
45
  $ export VAULT_ADDR='http://127.0.0.1:8200'
46
- $ vault secrets enable kv
46
+ $ vault secrets enable -version=1 kv
47
47
  $ vault auth enable cert
48
48
 
49
49
  $ vault token create -period=60m
data/app/models/setting/vault.rb CHANGED
@@ -11,6 +11,8 @@ class Setting
11
11
 
12
12
  # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
13
13
  def self.load_defaults
14
+ return unless Gem::Version.new(SETTINGS[:version].notag) < Gem::Version.new('3.4')
15
+
14
16
  # Check the table exists
15
17
  return unless super
16
18
 
@@ -33,7 +35,6 @@ class Setting
33
35
  end
34
36
  end
35
37
 
36
- Foreman.try(:settings)&.load
37
38
  true
38
39
  end
39
40
  # rubocop:enable Metrics/AbcSize, Metrics/MethodLength
data/app/models/vault_connection.rb CHANGED
@@ -5,6 +5,7 @@ class VaultConnection < ApplicationRecord
5
5
 
6
6
  validates_lengths_from_database
7
7
  validates :name, presence: true, uniqueness: true
8
+ validates :name, inclusion: { in: ->(i) { [i.name_was] }, message: _('cannot be changed after creation') }, on: :update
8
9
  validates :url, presence: true
9
10
  validates :url, format: URI.regexp(['http', 'https'])
10
11
 
data/app/views/vault_connections/_form.html.erb CHANGED
@@ -1,6 +1,6 @@
1
1
  <%= form_for @vault_connection, url: (@vault_connection.new_record? ? vault_connections_path : vault_connection_path(id: @vault_connection)) do |f| %>
2
2
  <%= base_errors_for @vault_connection %>
3
- <%= text_f f, :name, help_inline: _("Vault Connection name") %>
3
+ <%= text_f f, :name, disabled: @vault_connection.persisted?, help_inline: _("Vault Connection name") %>
4
4
  <%= text_f f, :url, help_inline: _("Vault Server url") %>
5
5
  <div class="auth_methods">
6
6
  <h4><%=_("Auth Methods")%></h4>
@@ -12,10 +12,10 @@
12
12
  <div class="tab-content">
13
13
  <div class="tab-pane active" id="approle">
14
14
  <%= text_f f, :role_id, label: _("Role ID"), help_inline: _("Vault Connection Role ID") %>
15
- <%= text_f f, :secret_id, label: _("Secret ID"), help_inline: _("Vault Connection Secret ID") %>
15
+ <%= password_f f, :secret_id, label: _("Secret ID"), help_inline: _("Vault Connection Secret ID") %>
16
16
  </div>
17
17
  <div class="tab-pane" id="token">
18
- <%= text_f f, :token, help_inline: _("Vault Connection token") %>
18
+ <%= password_f f, :token, help_inline: _("Vault Connection token") %>
19
19
  </div>
20
20
  </div>
21
21
  </div>
data/lib/foreman_vault/engine.rb CHANGED
@@ -45,6 +45,33 @@ module ForemanVault
45
45
  'api/v2/vault_connections': [:destroy] }, resource_type: 'VaultConnection'
46
46
  end
47
47
 
48
+ # New settings definition DSL is available from Foreman 3.0
49
+ if respond_to?(:settings)
50
+ settings do
51
+ category(:vault, N_('Vault')) do
52
+ setting('vault_connection',
53
+ full_name: N_('Default Vault connection'),
54
+ type: :string,
55
+ description: N_('Default Vault Connection that can be override using parameters'),
56
+ default: VaultConnection.table_exists? && VaultConnection.unscoped.count == 1 ? VaultConnection.unscoped.first.name : nil,
57
+ collection: VaultConnection.table_exists? ? proc { Hash[VaultConnection.unscoped.all.map { |vc| [vc.name, vc.name] }] } : [],
58
+ include_blank: _('Select Vault Connection'))
59
+ setting('vault_policy_template',
60
+ full_name: N_('Vault Policy template name'),
61
+ type: :string,
62
+ description: N_('The name of the ProvisioningTemplate that will be used for Vault Policy'),
63
+ default: ProvisioningTemplate.unscoped.of_kind(:VaultPolicy).find_by(name: 'Default Vault Policy')&.name,
64
+ collection: proc { Hash[ProvisioningTemplate.unscoped.of_kind(:VaultPolicy).map { |tmpl| [tmpl.name, tmpl.name] }] },
65
+ include_blank: _('Select Template'))
66
+ setting('vault_orchestration_enabled',
67
+ full_name: N_('Vault Orchestration enabled'),
68
+ type: :boolean,
69
+ description: N_('Enable or disable the Vault orchestration step for managing policies and auth methods'),
70
+ default: false)
71
+ end
72
+ end
73
+ end
74
+
48
75
  # add menu entry
49
76
  menu :top_menu, :vault_connections, url_hash: { controller: :vault_connections, action: :index },
50
77
  caption: N_('Vault Connections'),
data/lib/foreman_vault/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module ForemanVault
4
- VERSION = '1.1.0'
4
+ VERSION = '1.2.0'
5
5
  end
data/test/functional/api/v2/vault_connections_controller_test.rb CHANGED
@@ -53,11 +53,11 @@ module Api
53
53
  client = mock.tap { |object| object.expects(:auth_token).returns(auth_token) }
54
54
  Vault::Client.expects(:new).returns(client)
55
55
 
56
- params = { name: 'New name', url: 'http://localhost:8200', token: 'token' }
56
+ params = { url: 'http://updatedhost:8200', token: 'token' }
57
57
  put :update, params: { id: @vault_connection.to_param, vault_connection: params }
58
58
  response = ActiveSupport::JSON.decode(@response.body)
59
59
  assert_response :success
60
- assert_equal params[:name], response['name']
60
+ assert_equal params[:url], response['url']
61
61
  end
62
62
 
63
63
  test 'should not update invalid' do
@@ -65,6 +65,12 @@ module Api
65
65
  put :update, params: { id: @vault_connection.to_param, vault_connection: params }
66
66
  assert_response :unprocessable_entity
67
67
  end
68
+
69
+ test 'should not allow to update name' do
70
+ params = { name: 'Updated name' }
71
+ put :update, params: { id: @vault_connection.to_param, vault_connection: params }
72
+ assert_response :unprocessable_entity
73
+ end
68
74
  end
69
75
 
70
76
  describe '#destroy' do
data/test/models/foreman_vault/orchestration/vault_policy_test.rb CHANGED
@@ -139,7 +139,7 @@ module ForemanVault
139
139
  end
140
140
 
141
141
  setup do
142
- Setting.find_by(name: 'ssl_ca_file').update(value: File.join(ForemanVault::Engine.root, 'test/fixtures/ca.crt'))
142
+ Setting['ssl_ca_file'] = File.join(ForemanVault::Engine.root, 'test/fixtures/ca.crt')
143
143
  if Setting.find_by(name: 'vault_orchestration_enabled')
144
144
  Setting['vault_orchestration_enabled'] = true
145
145
  else
data/test/models/vault_connection_test.rb CHANGED
@@ -10,4 +10,10 @@ class VaultConnectionTest < ActiveSupport::TestCase
10
10
  should validate_presence_of(:url)
11
11
  should allow_value('http://127.0.0.1:8200').for(:url)
12
12
  should_not allow_value('börks').for(:url)
13
+
14
+ test 'validate that the name cannot be changed' do
15
+ assert_raises(ActiveRecord::RecordInvalid, 'Validation failed: Name cannot be changed after creation') do
16
+ subject.update!(name: 'UpdatedName')
17
+ end
18
+ end
13
19
  end
data/test/unit/services/foreman_vault/vault_auth_method_test.rb CHANGED
@@ -99,7 +99,7 @@ class VaultAuthMethodTest < ActiveSupport::TestCase
99
99
 
100
100
  describe '#certificate' do
101
101
  setup do
102
- Setting.find_by(name: 'ssl_ca_file').update(value: cert_path)
102
+ Setting['ssl_ca_file'] = cert_path
103
103
  end
104
104
 
105
105
  context 'when certificate file can be read' do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: foreman_vault
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.0
4
+ version: 1.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - dmTECH GmbH
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-10-21 00:00:00.000000000 Z
11
+ date: 2022-08-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: vault
@@ -138,25 +138,25 @@ required_rubygems_version: !ruby/object:Gem::Requirement
138
138
  - !ruby/object:Gem::Version
139
139
  version: '0'
140
140
  requirements: []
141
- rubygems_version: 3.2.28
141
+ rubygems_version: 3.3.3
142
142
  signing_key:
143
143
  specification_version: 4
144
144
  summary: Adds support for using credentials from Hashicorp Vault
145
145
  test_files:
146
- - test/unit/lib/foreman_vault/macros_test.rb
147
- - test/unit/services/foreman_vault/vault_client_test.rb
148
- - test/unit/services/foreman_vault/vault_policy_test.rb
149
- - test/unit/services/foreman_vault/vault_auth_method_test.rb
150
- - test/models/vault_policy_template_test.rb
151
- - test/models/vault_connection_test.rb
152
- - test/models/foreman_vault/orchestration/vault_policy_test.rb
153
- - test/factories/vault_policy_template.rb
154
146
  - test/factories/vault_connection.rb
147
+ - test/factories/vault_policy_template.rb
155
148
  - test/factories/vault_setting.rb
156
- - test/lib/tasks/push_policies_test.rb
157
- - test/lib/tasks/push_auth_methods_test.rb
158
149
  - test/fixtures/ca.crt
159
- - test/test_plugin_helper.rb
160
- - test/jobs/refresh_vault_tokens_test.rb
161
- - test/jobs/refresh_vault_token_test.rb
162
150
  - test/functional/api/v2/vault_connections_controller_test.rb
151
+ - test/jobs/refresh_vault_token_test.rb
152
+ - test/jobs/refresh_vault_tokens_test.rb
153
+ - test/lib/tasks/push_auth_methods_test.rb
154
+ - test/lib/tasks/push_policies_test.rb
155
+ - test/models/foreman_vault/orchestration/vault_policy_test.rb
156
+ - test/models/vault_connection_test.rb
157
+ - test/models/vault_policy_template_test.rb
158
+ - test/test_plugin_helper.rb
159
+ - test/unit/lib/foreman_vault/macros_test.rb
160
+ - test/unit/services/foreman_vault/vault_auth_method_test.rb
161
+ - test/unit/services/foreman_vault/vault_client_test.rb
162
+ - test/unit/services/foreman_vault/vault_policy_test.rb