rake_vault 0.1.0.pre.10 → 0.1.0.pre.12
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +18 -12
- data/lib/rake_vault/auth/approle.rb +42 -0
- data/lib/rake_vault/auth/oidc.rb +20 -0
- data/lib/rake_vault/tasks/app_role_auth.rb +6 -16
- data/lib/rake_vault/tasks/login.rb +54 -0
- data/lib/rake_vault/tasks/oidc_auth.rb +2 -9
- data/lib/rake_vault/tasks.rb +1 -0
- data/lib/rake_vault/version.rb +1 -1
- data/lib/rake_vault.rb +21 -1
- data/rake_vault.gemspec +1 -0
- metadata +19 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '0468f9e8b1f7e53949c9949ec71ba14ce467c3947ad2dd6e95e6ea5328e19c43'
|
|
4
|
+
data.tar.gz: d5cb1267de2e8f40495a7de422c6b73cb3d39b246ffd15ed4975543e7d0360fc
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 40d5399ce62b0e6a935ec789c00cf2aac969ebab2a41c31f7e7c7557776f101b60ad9ad4438711ebd9384c77d0670644fbc746c9e5d3b1dfdce0dd6a89542701
|
|
7
|
+
data.tar.gz: 5402b2867c9e5f80deffe500ec640dc46f4a106875092fe2a8b42577a47c5ed74938201a6099c2bd80a862b4d716a04e1b0d662d8a4b33225e8aa61a733e99ef
|
data/Gemfile.lock
CHANGED
|
@@ -1,16 +1,17 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
rake_vault (0.1.0.pre.
|
|
4
|
+
rake_vault (0.1.0.pre.12)
|
|
5
5
|
colored2 (~> 3.1)
|
|
6
6
|
rake_dependencies (~> 3.1)
|
|
7
7
|
rake_factory (~> 0.23)
|
|
8
8
|
ruby_vault (~> 0.1.0.pre.15)
|
|
9
|
+
vault (~> 0.17)
|
|
9
10
|
|
|
10
11
|
GEM
|
|
11
12
|
remote: https://rubygems.org/
|
|
12
13
|
specs:
|
|
13
|
-
activesupport (7.0.
|
|
14
|
+
activesupport (7.0.4)
|
|
14
15
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
|
15
16
|
i18n (>= 1.6, < 2)
|
|
16
17
|
minitest (>= 5.1)
|
|
@@ -18,6 +19,9 @@ GEM
|
|
|
18
19
|
addressable (2.8.0)
|
|
19
20
|
public_suffix (>= 2.0.2, < 5.0)
|
|
20
21
|
ast (2.4.2)
|
|
22
|
+
aws-eventstream (1.2.0)
|
|
23
|
+
aws-sigv4 (1.5.1)
|
|
24
|
+
aws-eventstream (~> 1, >= 1.0.2)
|
|
21
25
|
colored2 (3.1.2)
|
|
22
26
|
concurrent-ruby (1.1.10)
|
|
23
27
|
diff-lcs (1.5.0)
|
|
@@ -30,7 +34,7 @@ GEM
|
|
|
30
34
|
gem-release (2.2.2)
|
|
31
35
|
hamster (3.0.0)
|
|
32
36
|
concurrent-ruby (~> 1.0)
|
|
33
|
-
i18n (1.
|
|
37
|
+
i18n (1.12.0)
|
|
34
38
|
concurrent-ruby (~> 1.0)
|
|
35
39
|
immutable-struct (2.4.1)
|
|
36
40
|
json (2.6.2)
|
|
@@ -39,7 +43,7 @@ GEM
|
|
|
39
43
|
open4 (~> 1.3)
|
|
40
44
|
memfs (1.0.0)
|
|
41
45
|
minitar (0.9)
|
|
42
|
-
minitest (5.16.
|
|
46
|
+
minitest (5.16.3)
|
|
43
47
|
octokit (4.25.1)
|
|
44
48
|
faraday (>= 1, < 3)
|
|
45
49
|
sawyer (~> 0.9)
|
|
@@ -90,27 +94,27 @@ GEM
|
|
|
90
94
|
diff-lcs (>= 1.2.0, < 2.0)
|
|
91
95
|
rspec-support (~> 3.11.0)
|
|
92
96
|
rspec-support (3.11.0)
|
|
93
|
-
rubocop (1.
|
|
97
|
+
rubocop (1.36.0)
|
|
94
98
|
json (~> 2.3)
|
|
95
99
|
parallel (~> 1.10)
|
|
96
100
|
parser (>= 3.1.2.1)
|
|
97
101
|
rainbow (>= 2.2.2, < 4.0)
|
|
98
102
|
regexp_parser (>= 1.8, < 3.0)
|
|
99
103
|
rexml (>= 3.2.5, < 4.0)
|
|
100
|
-
rubocop-ast (>= 1.20.
|
|
104
|
+
rubocop-ast (>= 1.20.1, < 2.0)
|
|
101
105
|
ruby-progressbar (~> 1.7)
|
|
102
106
|
unicode-display_width (>= 1.4.0, < 3.0)
|
|
103
107
|
rubocop-ast (1.21.0)
|
|
104
108
|
parser (>= 3.1.1.0)
|
|
105
109
|
rubocop-rake (0.6.0)
|
|
106
110
|
rubocop (~> 1.0)
|
|
107
|
-
rubocop-rspec (2.
|
|
108
|
-
rubocop (~> 1.
|
|
111
|
+
rubocop-rspec (2.13.1)
|
|
112
|
+
rubocop (~> 1.33)
|
|
109
113
|
ruby-progressbar (1.11.0)
|
|
110
114
|
ruby2_keywords (0.0.5)
|
|
111
115
|
ruby_gpg2 (0.8.0)
|
|
112
116
|
lino (>= 1.5)
|
|
113
|
-
ruby_vault (0.1.0.pre.
|
|
117
|
+
ruby_vault (0.1.0.pre.16)
|
|
114
118
|
immutable-struct (~> 2.4)
|
|
115
119
|
lino (~> 3.0)
|
|
116
120
|
rubyzip (2.3.2)
|
|
@@ -124,14 +128,16 @@ GEM
|
|
|
124
128
|
simplecov-html (0.12.3)
|
|
125
129
|
simplecov_json_formatter (0.1.4)
|
|
126
130
|
sshkey (2.0.0)
|
|
127
|
-
tzinfo (2.0.
|
|
131
|
+
tzinfo (2.0.5)
|
|
128
132
|
concurrent-ruby (~> 1.0)
|
|
129
133
|
unicode-display_width (2.2.0)
|
|
134
|
+
vault (0.17.0)
|
|
135
|
+
aws-sigv4
|
|
130
136
|
|
|
131
137
|
PLATFORMS
|
|
132
138
|
arm64-darwin-21
|
|
133
|
-
ruby
|
|
134
139
|
x86_64-darwin-19
|
|
140
|
+
x86_64-darwin-21
|
|
135
141
|
x86_64-linux
|
|
136
142
|
|
|
137
143
|
DEPENDENCIES
|
|
@@ -152,4 +158,4 @@ DEPENDENCIES
|
|
|
152
158
|
simplecov
|
|
153
159
|
|
|
154
160
|
BUNDLED WITH
|
|
155
|
-
2.3.
|
|
161
|
+
2.3.22
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'ruby_vault'
|
|
4
|
+
|
|
5
|
+
module RakeVault
|
|
6
|
+
module Auth
|
|
7
|
+
module Approle
|
|
8
|
+
def self.login(address, path, role_id, secret_id)
|
|
9
|
+
role_id = role_id ? "role_id=#{role_id}" : nil
|
|
10
|
+
secret_id = secret_id ? "secret_id=#{secret_id}" : nil
|
|
11
|
+
|
|
12
|
+
stdout_io = StringIO.new
|
|
13
|
+
|
|
14
|
+
configure_stdout(stdout_io)
|
|
15
|
+
write(address, path, role_id, secret_id)
|
|
16
|
+
reset_stdout
|
|
17
|
+
RakeVault::TokenFile.write(stdout_io.string)
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def self.write(address, path, role_id, secret_id)
|
|
21
|
+
RubyVault.write(
|
|
22
|
+
address: address,
|
|
23
|
+
path: path,
|
|
24
|
+
data: [role_id, secret_id].compact,
|
|
25
|
+
format: 'json'
|
|
26
|
+
)
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def self.configure_stdout(stdout_io)
|
|
30
|
+
RubyVault.configure do |config|
|
|
31
|
+
config.stdout = stdout_io
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def self.reset_stdout
|
|
36
|
+
RubyVault.configure do |config|
|
|
37
|
+
config.stdout = $stdout
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
end
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'ruby_vault'
|
|
4
|
+
|
|
5
|
+
module RakeVault
|
|
6
|
+
module Auth
|
|
7
|
+
module Oidc
|
|
8
|
+
def self.login(address, role, no_print)
|
|
9
|
+
auth = role ? ["role=#{role}"] : []
|
|
10
|
+
|
|
11
|
+
RubyVault.login(
|
|
12
|
+
method: 'oidc',
|
|
13
|
+
auth: auth,
|
|
14
|
+
address: address,
|
|
15
|
+
no_print: no_print
|
|
16
|
+
)
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
require 'rake_factory'
|
|
4
|
+
require_relative '../auth/approle'
|
|
4
5
|
require_relative '../token_file'
|
|
5
6
|
|
|
6
7
|
module RakeVault
|
|
@@ -20,23 +21,12 @@ module RakeVault
|
|
|
20
21
|
parameter :secret_id
|
|
21
22
|
|
|
22
23
|
action do |task|
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
RubyVault.configure do |config|
|
|
29
|
-
config.stdout = stdout_io
|
|
30
|
-
end
|
|
31
|
-
|
|
32
|
-
RubyVault.write(
|
|
33
|
-
address: task.address,
|
|
34
|
-
path: task.path,
|
|
35
|
-
data: [role_id, secret_id].compact,
|
|
36
|
-
format: 'json'
|
|
24
|
+
RakeVault::Auth::Approle.login(
|
|
25
|
+
task.address,
|
|
26
|
+
task.path,
|
|
27
|
+
task.role_id,
|
|
28
|
+
task.secret_id
|
|
37
29
|
)
|
|
38
|
-
RubyVault.reset!
|
|
39
|
-
RakeVault::TokenFile.write(stdout_io.string)
|
|
40
30
|
end
|
|
41
31
|
end
|
|
42
32
|
end
|
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'rake_factory'
|
|
4
|
+
require 'vault'
|
|
5
|
+
require_relative '../auth/approle'
|
|
6
|
+
require_relative '../auth/oidc'
|
|
7
|
+
|
|
8
|
+
module RakeVault
|
|
9
|
+
module Tasks
|
|
10
|
+
class Login < RakeFactory::Task
|
|
11
|
+
default_name :login
|
|
12
|
+
default_prerequisites(RakeFactory::DynamicValue.new do |t|
|
|
13
|
+
[t.ensure_task_name]
|
|
14
|
+
end)
|
|
15
|
+
default_description(RakeFactory::DynamicValue.new do |_t|
|
|
16
|
+
'Login with approle or oidc using vault'
|
|
17
|
+
end)
|
|
18
|
+
parameter :address
|
|
19
|
+
parameter :role
|
|
20
|
+
parameter :ensure_task_name, default: :'vault:ensure'
|
|
21
|
+
|
|
22
|
+
action do |task|
|
|
23
|
+
if valid_token?(task.address)
|
|
24
|
+
puts 'Valid token found.'
|
|
25
|
+
else
|
|
26
|
+
puts 'No valid token found. Attempting to login...'
|
|
27
|
+
app_role_role_id = ENV.fetch('VAULT_APPROLE_ROLE_ID', nil)
|
|
28
|
+
app_role_secret_id = ENV.fetch('VAULT_APPROLE_SECRET_ID', nil)
|
|
29
|
+
if app_role_role_id && app_role_secret_id
|
|
30
|
+
puts 'Approle credentials found. Logging in with approle...'
|
|
31
|
+
RakeVault::Auth::Approle.login(
|
|
32
|
+
task.address,
|
|
33
|
+
'auth/approle/login',
|
|
34
|
+
app_role_role_id,
|
|
35
|
+
app_role_secret_id
|
|
36
|
+
)
|
|
37
|
+
else
|
|
38
|
+
RakeVault::Auth::Oidc.login(task.address, task.role, true)
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
def valid_token?(address)
|
|
44
|
+
puts 'Checking for valid token...'
|
|
45
|
+
vault_client = Vault::Client.new(address: address)
|
|
46
|
+
vault_client.auth_token.lookup_self
|
|
47
|
+
rescue Vault::HTTPClientError || Vault::HTTPServerError
|
|
48
|
+
false
|
|
49
|
+
else
|
|
50
|
+
true
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
end
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
require 'rake_factory'
|
|
4
|
-
|
|
4
|
+
require_relative '../auth/oidc'
|
|
5
5
|
|
|
6
6
|
module RakeVault
|
|
7
7
|
module Tasks
|
|
@@ -19,14 +19,7 @@ module RakeVault
|
|
|
19
19
|
parameter :no_print, default: false
|
|
20
20
|
|
|
21
21
|
action do |task|
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
RubyVault.login(
|
|
25
|
-
method: 'oidc',
|
|
26
|
-
auth: auth,
|
|
27
|
-
address: task.address,
|
|
28
|
-
no_print: task.no_print
|
|
29
|
-
)
|
|
22
|
+
RakeVault::Auth::Oidc.login(task.address, task.role, task.no_print)
|
|
30
23
|
end
|
|
31
24
|
end
|
|
32
25
|
end
|
data/lib/rake_vault/tasks.rb
CHANGED
data/lib/rake_vault/version.rb
CHANGED
data/lib/rake_vault.rb
CHANGED
|
@@ -7,7 +7,11 @@ require 'rake_vault/token_file'
|
|
|
7
7
|
|
|
8
8
|
module RakeVault
|
|
9
9
|
def self.define_installation_tasks(opts = {})
|
|
10
|
-
|
|
10
|
+
command_task_set = define_command_installation_tasks(opts)
|
|
11
|
+
|
|
12
|
+
configure_ruby_vault(command_task_set.binary)
|
|
13
|
+
|
|
14
|
+
command_task_set.delegate
|
|
11
15
|
end
|
|
12
16
|
|
|
13
17
|
def self.define_oidc_auth_task(opts = {}, &block)
|
|
@@ -17,4 +21,20 @@ module RakeVault
|
|
|
17
21
|
def self.define_app_role_auth_task(opts = {}, &block)
|
|
18
22
|
RakeVault::Tasks::AppRoleAuth.define(opts, &block)
|
|
19
23
|
end
|
|
24
|
+
|
|
25
|
+
def self.define_login_task(opts = {}, &block)
|
|
26
|
+
RakeVault::Tasks::Login.define(opts, &block)
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
class << self
|
|
30
|
+
private
|
|
31
|
+
|
|
32
|
+
def define_command_installation_tasks(opts = {})
|
|
33
|
+
RakeVault::TaskSets::Vault.define(opts)
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
def configure_ruby_vault(binary)
|
|
37
|
+
RubyVault.configure { |c| c.binary = binary }
|
|
38
|
+
end
|
|
39
|
+
end
|
|
20
40
|
end
|
data/rake_vault.gemspec
CHANGED
|
@@ -40,6 +40,7 @@ Gem::Specification.new do |spec|
|
|
|
40
40
|
spec.add_dependency 'rake_dependencies', '~> 3.1'
|
|
41
41
|
spec.add_dependency 'rake_factory', '~> 0.23'
|
|
42
42
|
spec.add_dependency 'ruby_vault', '~> 0.1.0.pre.15'
|
|
43
|
+
spec.add_dependency 'vault', '~> 0.17'
|
|
43
44
|
|
|
44
45
|
spec.add_development_dependency 'activesupport'
|
|
45
46
|
spec.add_development_dependency 'bundler'
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rake_vault
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.0.pre.
|
|
4
|
+
version: 0.1.0.pre.12
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- InfraBlocks Maintainers
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-09-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: colored2
|
|
@@ -66,6 +66,20 @@ dependencies:
|
|
|
66
66
|
- - "~>"
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
68
|
version: 0.1.0.pre.15
|
|
69
|
+
- !ruby/object:Gem::Dependency
|
|
70
|
+
name: vault
|
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
|
72
|
+
requirements:
|
|
73
|
+
- - "~>"
|
|
74
|
+
- !ruby/object:Gem::Version
|
|
75
|
+
version: '0.17'
|
|
76
|
+
type: :runtime
|
|
77
|
+
prerelease: false
|
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
79
|
+
requirements:
|
|
80
|
+
- - "~>"
|
|
81
|
+
- !ruby/object:Gem::Version
|
|
82
|
+
version: '0.17'
|
|
69
83
|
- !ruby/object:Gem::Dependency
|
|
70
84
|
name: activesupport
|
|
71
85
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -278,10 +292,13 @@ files:
|
|
|
278
292
|
- bin/console
|
|
279
293
|
- bin/setup
|
|
280
294
|
- lib/rake_vault.rb
|
|
295
|
+
- lib/rake_vault/auth/approle.rb
|
|
296
|
+
- lib/rake_vault/auth/oidc.rb
|
|
281
297
|
- lib/rake_vault/task_sets.rb
|
|
282
298
|
- lib/rake_vault/task_sets/vault.rb
|
|
283
299
|
- lib/rake_vault/tasks.rb
|
|
284
300
|
- lib/rake_vault/tasks/app_role_auth.rb
|
|
301
|
+
- lib/rake_vault/tasks/login.rb
|
|
285
302
|
- lib/rake_vault/tasks/oidc_auth.rb
|
|
286
303
|
- lib/rake_vault/token_file.rb
|
|
287
304
|
- lib/rake_vault/version.rb
|