rake_vault 0.1.0.pre.10 → 0.1.0.pre.12

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: da86d812082bfd701832d8fe391c222492127e74b6626a7fd3c757150d95d65d
4
- data.tar.gz: 6d2e22a0282bb02fbe31e382cd3a29cd250977ee1046569244d079e8be05b579
3
+ metadata.gz: '0468f9e8b1f7e53949c9949ec71ba14ce467c3947ad2dd6e95e6ea5328e19c43'
4
+ data.tar.gz: d5cb1267de2e8f40495a7de422c6b73cb3d39b246ffd15ed4975543e7d0360fc
5
5
  SHA512:
6
- metadata.gz: 0a6e300befd67fb8d2ca2cd9dab3522ab09d2bece695789f9358baae4b1b94310679c4a955ff1af8774a6cd6d86e8750127f0636759db08664c9abb0208d0d01
7
- data.tar.gz: d268aa3de8b5a443e15a3b01ae3de60a4e1954b6096304330c2de3b7cf74210b87900dfa2da0a281905464d5f957435dd5f878cb0d1716d005a47c380c9c8b2d
6
+ metadata.gz: 40d5399ce62b0e6a935ec789c00cf2aac969ebab2a41c31f7e7c7557776f101b60ad9ad4438711ebd9384c77d0670644fbc746c9e5d3b1dfdce0dd6a89542701
7
+ data.tar.gz: 5402b2867c9e5f80deffe500ec640dc46f4a106875092fe2a8b42577a47c5ed74938201a6099c2bd80a862b4d716a04e1b0d662d8a4b33225e8aa61a733e99ef
data/Gemfile.lock CHANGED
@@ -1,16 +1,17 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- rake_vault (0.1.0.pre.10)
4
+ rake_vault (0.1.0.pre.12)
5
5
  colored2 (~> 3.1)
6
6
  rake_dependencies (~> 3.1)
7
7
  rake_factory (~> 0.23)
8
8
  ruby_vault (~> 0.1.0.pre.15)
9
+ vault (~> 0.17)
9
10
 
10
11
  GEM
11
12
  remote: https://rubygems.org/
12
13
  specs:
13
- activesupport (7.0.3.1)
14
+ activesupport (7.0.4)
14
15
  concurrent-ruby (~> 1.0, >= 1.0.2)
15
16
  i18n (>= 1.6, < 2)
16
17
  minitest (>= 5.1)
@@ -18,6 +19,9 @@ GEM
18
19
  addressable (2.8.0)
19
20
  public_suffix (>= 2.0.2, < 5.0)
20
21
  ast (2.4.2)
22
+ aws-eventstream (1.2.0)
23
+ aws-sigv4 (1.5.1)
24
+ aws-eventstream (~> 1, >= 1.0.2)
21
25
  colored2 (3.1.2)
22
26
  concurrent-ruby (1.1.10)
23
27
  diff-lcs (1.5.0)
@@ -30,7 +34,7 @@ GEM
30
34
  gem-release (2.2.2)
31
35
  hamster (3.0.0)
32
36
  concurrent-ruby (~> 1.0)
33
- i18n (1.11.0)
37
+ i18n (1.12.0)
34
38
  concurrent-ruby (~> 1.0)
35
39
  immutable-struct (2.4.1)
36
40
  json (2.6.2)
@@ -39,7 +43,7 @@ GEM
39
43
  open4 (~> 1.3)
40
44
  memfs (1.0.0)
41
45
  minitar (0.9)
42
- minitest (5.16.2)
46
+ minitest (5.16.3)
43
47
  octokit (4.25.1)
44
48
  faraday (>= 1, < 3)
45
49
  sawyer (~> 0.9)
@@ -90,27 +94,27 @@ GEM
90
94
  diff-lcs (>= 1.2.0, < 2.0)
91
95
  rspec-support (~> 3.11.0)
92
96
  rspec-support (3.11.0)
93
- rubocop (1.34.1)
97
+ rubocop (1.36.0)
94
98
  json (~> 2.3)
95
99
  parallel (~> 1.10)
96
100
  parser (>= 3.1.2.1)
97
101
  rainbow (>= 2.2.2, < 4.0)
98
102
  regexp_parser (>= 1.8, < 3.0)
99
103
  rexml (>= 3.2.5, < 4.0)
100
- rubocop-ast (>= 1.20.0, < 2.0)
104
+ rubocop-ast (>= 1.20.1, < 2.0)
101
105
  ruby-progressbar (~> 1.7)
102
106
  unicode-display_width (>= 1.4.0, < 3.0)
103
107
  rubocop-ast (1.21.0)
104
108
  parser (>= 3.1.1.0)
105
109
  rubocop-rake (0.6.0)
106
110
  rubocop (~> 1.0)
107
- rubocop-rspec (2.12.1)
108
- rubocop (~> 1.31)
111
+ rubocop-rspec (2.13.1)
112
+ rubocop (~> 1.33)
109
113
  ruby-progressbar (1.11.0)
110
114
  ruby2_keywords (0.0.5)
111
115
  ruby_gpg2 (0.8.0)
112
116
  lino (>= 1.5)
113
- ruby_vault (0.1.0.pre.15)
117
+ ruby_vault (0.1.0.pre.16)
114
118
  immutable-struct (~> 2.4)
115
119
  lino (~> 3.0)
116
120
  rubyzip (2.3.2)
@@ -124,14 +128,16 @@ GEM
124
128
  simplecov-html (0.12.3)
125
129
  simplecov_json_formatter (0.1.4)
126
130
  sshkey (2.0.0)
127
- tzinfo (2.0.4)
131
+ tzinfo (2.0.5)
128
132
  concurrent-ruby (~> 1.0)
129
133
  unicode-display_width (2.2.0)
134
+ vault (0.17.0)
135
+ aws-sigv4
130
136
 
131
137
  PLATFORMS
132
138
  arm64-darwin-21
133
- ruby
134
139
  x86_64-darwin-19
140
+ x86_64-darwin-21
135
141
  x86_64-linux
136
142
 
137
143
  DEPENDENCIES
@@ -152,4 +158,4 @@ DEPENDENCIES
152
158
  simplecov
153
159
 
154
160
  BUNDLED WITH
155
- 2.3.20
161
+ 2.3.22
@@ -0,0 +1,42 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'ruby_vault'
4
+
5
+ module RakeVault
6
+ module Auth
7
+ module Approle
8
+ def self.login(address, path, role_id, secret_id)
9
+ role_id = role_id ? "role_id=#{role_id}" : nil
10
+ secret_id = secret_id ? "secret_id=#{secret_id}" : nil
11
+
12
+ stdout_io = StringIO.new
13
+
14
+ configure_stdout(stdout_io)
15
+ write(address, path, role_id, secret_id)
16
+ reset_stdout
17
+ RakeVault::TokenFile.write(stdout_io.string)
18
+ end
19
+
20
+ def self.write(address, path, role_id, secret_id)
21
+ RubyVault.write(
22
+ address: address,
23
+ path: path,
24
+ data: [role_id, secret_id].compact,
25
+ format: 'json'
26
+ )
27
+ end
28
+
29
+ def self.configure_stdout(stdout_io)
30
+ RubyVault.configure do |config|
31
+ config.stdout = stdout_io
32
+ end
33
+ end
34
+
35
+ def self.reset_stdout
36
+ RubyVault.configure do |config|
37
+ config.stdout = $stdout
38
+ end
39
+ end
40
+ end
41
+ end
42
+ end
@@ -0,0 +1,20 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'ruby_vault'
4
+
5
+ module RakeVault
6
+ module Auth
7
+ module Oidc
8
+ def self.login(address, role, no_print)
9
+ auth = role ? ["role=#{role}"] : []
10
+
11
+ RubyVault.login(
12
+ method: 'oidc',
13
+ auth: auth,
14
+ address: address,
15
+ no_print: no_print
16
+ )
17
+ end
18
+ end
19
+ end
20
+ end
@@ -1,6 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require 'rake_factory'
4
+ require_relative '../auth/approle'
4
5
  require_relative '../token_file'
5
6
 
6
7
  module RakeVault
@@ -20,23 +21,12 @@ module RakeVault
20
21
  parameter :secret_id
21
22
 
22
23
  action do |task|
23
- role_id = task.role_id ? "role_id=#{task.role_id}" : nil
24
- secret_id = task.secret_id ? "secret_id=#{task.secret_id}" : nil
25
-
26
- stdout_io = StringIO.new
27
-
28
- RubyVault.configure do |config|
29
- config.stdout = stdout_io
30
- end
31
-
32
- RubyVault.write(
33
- address: task.address,
34
- path: task.path,
35
- data: [role_id, secret_id].compact,
36
- format: 'json'
24
+ RakeVault::Auth::Approle.login(
25
+ task.address,
26
+ task.path,
27
+ task.role_id,
28
+ task.secret_id
37
29
  )
38
- RubyVault.reset!
39
- RakeVault::TokenFile.write(stdout_io.string)
40
30
  end
41
31
  end
42
32
  end
@@ -0,0 +1,54 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'rake_factory'
4
+ require 'vault'
5
+ require_relative '../auth/approle'
6
+ require_relative '../auth/oidc'
7
+
8
+ module RakeVault
9
+ module Tasks
10
+ class Login < RakeFactory::Task
11
+ default_name :login
12
+ default_prerequisites(RakeFactory::DynamicValue.new do |t|
13
+ [t.ensure_task_name]
14
+ end)
15
+ default_description(RakeFactory::DynamicValue.new do |_t|
16
+ 'Login with approle or oidc using vault'
17
+ end)
18
+ parameter :address
19
+ parameter :role
20
+ parameter :ensure_task_name, default: :'vault:ensure'
21
+
22
+ action do |task|
23
+ if valid_token?(task.address)
24
+ puts 'Valid token found.'
25
+ else
26
+ puts 'No valid token found. Attempting to login...'
27
+ app_role_role_id = ENV.fetch('VAULT_APPROLE_ROLE_ID', nil)
28
+ app_role_secret_id = ENV.fetch('VAULT_APPROLE_SECRET_ID', nil)
29
+ if app_role_role_id && app_role_secret_id
30
+ puts 'Approle credentials found. Logging in with approle...'
31
+ RakeVault::Auth::Approle.login(
32
+ task.address,
33
+ 'auth/approle/login',
34
+ app_role_role_id,
35
+ app_role_secret_id
36
+ )
37
+ else
38
+ RakeVault::Auth::Oidc.login(task.address, task.role, true)
39
+ end
40
+ end
41
+ end
42
+
43
+ def valid_token?(address)
44
+ puts 'Checking for valid token...'
45
+ vault_client = Vault::Client.new(address: address)
46
+ vault_client.auth_token.lookup_self
47
+ rescue Vault::HTTPClientError || Vault::HTTPServerError
48
+ false
49
+ else
50
+ true
51
+ end
52
+ end
53
+ end
54
+ end
@@ -1,7 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require 'rake_factory'
4
- require 'ruby_vault'
4
+ require_relative '../auth/oidc'
5
5
 
6
6
  module RakeVault
7
7
  module Tasks
@@ -19,14 +19,7 @@ module RakeVault
19
19
  parameter :no_print, default: false
20
20
 
21
21
  action do |task|
22
- auth = task.role ? ["role=#{task.role}"] : []
23
-
24
- RubyVault.login(
25
- method: 'oidc',
26
- auth: auth,
27
- address: task.address,
28
- no_print: task.no_print
29
- )
22
+ RakeVault::Auth::Oidc.login(task.address, task.role, task.no_print)
30
23
  end
31
24
  end
32
25
  end
@@ -2,6 +2,7 @@
2
2
 
3
3
  require_relative 'tasks/oidc_auth'
4
4
  require_relative 'tasks/app_role_auth'
5
+ require_relative 'tasks/login'
5
6
 
6
7
  module RakeVault
7
8
  module Tasks
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module RakeVault
4
- VERSION = '0.1.0.pre.10'
4
+ VERSION = '0.1.0.pre.12'
5
5
  end
data/lib/rake_vault.rb CHANGED
@@ -7,7 +7,11 @@ require 'rake_vault/token_file'
7
7
 
8
8
  module RakeVault
9
9
  def self.define_installation_tasks(opts = {})
10
- RakeVault::TaskSets::Vault.define(opts).delegate
10
+ command_task_set = define_command_installation_tasks(opts)
11
+
12
+ configure_ruby_vault(command_task_set.binary)
13
+
14
+ command_task_set.delegate
11
15
  end
12
16
 
13
17
  def self.define_oidc_auth_task(opts = {}, &block)
@@ -17,4 +21,20 @@ module RakeVault
17
21
  def self.define_app_role_auth_task(opts = {}, &block)
18
22
  RakeVault::Tasks::AppRoleAuth.define(opts, &block)
19
23
  end
24
+
25
+ def self.define_login_task(opts = {}, &block)
26
+ RakeVault::Tasks::Login.define(opts, &block)
27
+ end
28
+
29
+ class << self
30
+ private
31
+
32
+ def define_command_installation_tasks(opts = {})
33
+ RakeVault::TaskSets::Vault.define(opts)
34
+ end
35
+
36
+ def configure_ruby_vault(binary)
37
+ RubyVault.configure { |c| c.binary = binary }
38
+ end
39
+ end
20
40
  end
data/rake_vault.gemspec CHANGED
@@ -40,6 +40,7 @@ Gem::Specification.new do |spec|
40
40
  spec.add_dependency 'rake_dependencies', '~> 3.1'
41
41
  spec.add_dependency 'rake_factory', '~> 0.23'
42
42
  spec.add_dependency 'ruby_vault', '~> 0.1.0.pre.15'
43
+ spec.add_dependency 'vault', '~> 0.17'
43
44
 
44
45
  spec.add_development_dependency 'activesupport'
45
46
  spec.add_development_dependency 'bundler'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rake_vault
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0.pre.10
4
+ version: 0.1.0.pre.12
5
5
  platform: ruby
6
6
  authors:
7
7
  - InfraBlocks Maintainers
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2022-08-11 00:00:00.000000000 Z
11
+ date: 2022-09-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: colored2
@@ -66,6 +66,20 @@ dependencies:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
68
  version: 0.1.0.pre.15
69
+ - !ruby/object:Gem::Dependency
70
+ name: vault
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: '0.17'
76
+ type: :runtime
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: '0.17'
69
83
  - !ruby/object:Gem::Dependency
70
84
  name: activesupport
71
85
  requirement: !ruby/object:Gem::Requirement
@@ -278,10 +292,13 @@ files:
278
292
  - bin/console
279
293
  - bin/setup
280
294
  - lib/rake_vault.rb
295
+ - lib/rake_vault/auth/approle.rb
296
+ - lib/rake_vault/auth/oidc.rb
281
297
  - lib/rake_vault/task_sets.rb
282
298
  - lib/rake_vault/task_sets/vault.rb
283
299
  - lib/rake_vault/tasks.rb
284
300
  - lib/rake_vault/tasks/app_role_auth.rb
301
+ - lib/rake_vault/tasks/login.rb
285
302
  - lib/rake_vault/tasks/oidc_auth.rb
286
303
  - lib/rake_vault/token_file.rb
287
304
  - lib/rake_vault/version.rb