rake_vault 0.1.0.pre.10 → 0.1.0.pre.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +18 -12
- data/lib/rake_vault/auth/approle.rb +42 -0
- data/lib/rake_vault/auth/oidc.rb +20 -0
- data/lib/rake_vault/tasks/app_role_auth.rb +6 -16
- data/lib/rake_vault/tasks/login.rb +54 -0
- data/lib/rake_vault/tasks/oidc_auth.rb +2 -9
- data/lib/rake_vault/tasks.rb +1 -0
- data/lib/rake_vault/version.rb +1 -1
- data/lib/rake_vault.rb +21 -1
- data/rake_vault.gemspec +1 -0
- metadata +19 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '0468f9e8b1f7e53949c9949ec71ba14ce467c3947ad2dd6e95e6ea5328e19c43'
|
|
4
|
+
data.tar.gz: d5cb1267de2e8f40495a7de422c6b73cb3d39b246ffd15ed4975543e7d0360fc
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 40d5399ce62b0e6a935ec789c00cf2aac969ebab2a41c31f7e7c7557776f101b60ad9ad4438711ebd9384c77d0670644fbc746c9e5d3b1dfdce0dd6a89542701
|
|
7
|
+
data.tar.gz: 5402b2867c9e5f80deffe500ec640dc46f4a106875092fe2a8b42577a47c5ed74938201a6099c2bd80a862b4d716a04e1b0d662d8a4b33225e8aa61a733e99ef
|
data/Gemfile.lock
CHANGED
|
@@ -1,16 +1,17 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
rake_vault (0.1.0.pre.
|
|
4
|
+
rake_vault (0.1.0.pre.12)
|
|
5
5
|
colored2 (~> 3.1)
|
|
6
6
|
rake_dependencies (~> 3.1)
|
|
7
7
|
rake_factory (~> 0.23)
|
|
8
8
|
ruby_vault (~> 0.1.0.pre.15)
|
|
9
|
+
vault (~> 0.17)
|
|
9
10
|
|
|
10
11
|
GEM
|
|
11
12
|
remote: https://rubygems.org/
|
|
12
13
|
specs:
|
|
13
|
-
activesupport (7.0.
|
|
14
|
+
activesupport (7.0.4)
|
|
14
15
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
|
15
16
|
i18n (>= 1.6, < 2)
|
|
16
17
|
minitest (>= 5.1)
|
|
@@ -18,6 +19,9 @@ GEM
|
|
|
18
19
|
addressable (2.8.0)
|
|
19
20
|
public_suffix (>= 2.0.2, < 5.0)
|
|
20
21
|
ast (2.4.2)
|
|
22
|
+
aws-eventstream (1.2.0)
|
|
23
|
+
aws-sigv4 (1.5.1)
|
|
24
|
+
aws-eventstream (~> 1, >= 1.0.2)
|
|
21
25
|
colored2 (3.1.2)
|
|
22
26
|
concurrent-ruby (1.1.10)
|
|
23
27
|
diff-lcs (1.5.0)
|
|
@@ -30,7 +34,7 @@ GEM
|
|
|
30
34
|
gem-release (2.2.2)
|
|
31
35
|
hamster (3.0.0)
|
|
32
36
|
concurrent-ruby (~> 1.0)
|
|
33
|
-
i18n (1.
|
|
37
|
+
i18n (1.12.0)
|
|
34
38
|
concurrent-ruby (~> 1.0)
|
|
35
39
|
immutable-struct (2.4.1)
|
|
36
40
|
json (2.6.2)
|
|
@@ -39,7 +43,7 @@ GEM
|
|
|
39
43
|
open4 (~> 1.3)
|
|
40
44
|
memfs (1.0.0)
|
|
41
45
|
minitar (0.9)
|
|
42
|
-
minitest (5.16.
|
|
46
|
+
minitest (5.16.3)
|
|
43
47
|
octokit (4.25.1)
|
|
44
48
|
faraday (>= 1, < 3)
|
|
45
49
|
sawyer (~> 0.9)
|
|
@@ -90,27 +94,27 @@ GEM
|
|
|
90
94
|
diff-lcs (>= 1.2.0, < 2.0)
|
|
91
95
|
rspec-support (~> 3.11.0)
|
|
92
96
|
rspec-support (3.11.0)
|
|
93
|
-
rubocop (1.
|
|
97
|
+
rubocop (1.36.0)
|
|
94
98
|
json (~> 2.3)
|
|
95
99
|
parallel (~> 1.10)
|
|
96
100
|
parser (>= 3.1.2.1)
|
|
97
101
|
rainbow (>= 2.2.2, < 4.0)
|
|
98
102
|
regexp_parser (>= 1.8, < 3.0)
|
|
99
103
|
rexml (>= 3.2.5, < 4.0)
|
|
100
|
-
rubocop-ast (>= 1.20.
|
|
104
|
+
rubocop-ast (>= 1.20.1, < 2.0)
|
|
101
105
|
ruby-progressbar (~> 1.7)
|
|
102
106
|
unicode-display_width (>= 1.4.0, < 3.0)
|
|
103
107
|
rubocop-ast (1.21.0)
|
|
104
108
|
parser (>= 3.1.1.0)
|
|
105
109
|
rubocop-rake (0.6.0)
|
|
106
110
|
rubocop (~> 1.0)
|
|
107
|
-
rubocop-rspec (2.
|
|
108
|
-
rubocop (~> 1.
|
|
111
|
+
rubocop-rspec (2.13.1)
|
|
112
|
+
rubocop (~> 1.33)
|
|
109
113
|
ruby-progressbar (1.11.0)
|
|
110
114
|
ruby2_keywords (0.0.5)
|
|
111
115
|
ruby_gpg2 (0.8.0)
|
|
112
116
|
lino (>= 1.5)
|
|
113
|
-
ruby_vault (0.1.0.pre.
|
|
117
|
+
ruby_vault (0.1.0.pre.16)
|
|
114
118
|
immutable-struct (~> 2.4)
|
|
115
119
|
lino (~> 3.0)
|
|
116
120
|
rubyzip (2.3.2)
|
|
@@ -124,14 +128,16 @@ GEM
|
|
|
124
128
|
simplecov-html (0.12.3)
|
|
125
129
|
simplecov_json_formatter (0.1.4)
|
|
126
130
|
sshkey (2.0.0)
|
|
127
|
-
tzinfo (2.0.
|
|
131
|
+
tzinfo (2.0.5)
|
|
128
132
|
concurrent-ruby (~> 1.0)
|
|
129
133
|
unicode-display_width (2.2.0)
|
|
134
|
+
vault (0.17.0)
|
|
135
|
+
aws-sigv4
|
|
130
136
|
|
|
131
137
|
PLATFORMS
|
|
132
138
|
arm64-darwin-21
|
|
133
|
-
ruby
|
|
134
139
|
x86_64-darwin-19
|
|
140
|
+
x86_64-darwin-21
|
|
135
141
|
x86_64-linux
|
|
136
142
|
|
|
137
143
|
DEPENDENCIES
|
|
@@ -152,4 +158,4 @@ DEPENDENCIES
|
|
|
152
158
|
simplecov
|
|
153
159
|
|
|
154
160
|
BUNDLED WITH
|
|
155
|
-
2.3.
|
|
161
|
+
2.3.22
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'ruby_vault'
|
|
4
|
+
|
|
5
|
+
module RakeVault
|
|
6
|
+
module Auth
|
|
7
|
+
module Approle
|
|
8
|
+
def self.login(address, path, role_id, secret_id)
|
|
9
|
+
role_id = role_id ? "role_id=#{role_id}" : nil
|
|
10
|
+
secret_id = secret_id ? "secret_id=#{secret_id}" : nil
|
|
11
|
+
|
|
12
|
+
stdout_io = StringIO.new
|
|
13
|
+
|
|
14
|
+
configure_stdout(stdout_io)
|
|
15
|
+
write(address, path, role_id, secret_id)
|
|
16
|
+
reset_stdout
|
|
17
|
+
RakeVault::TokenFile.write(stdout_io.string)
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def self.write(address, path, role_id, secret_id)
|
|
21
|
+
RubyVault.write(
|
|
22
|
+
address: address,
|
|
23
|
+
path: path,
|
|
24
|
+
data: [role_id, secret_id].compact,
|
|
25
|
+
format: 'json'
|
|
26
|
+
)
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def self.configure_stdout(stdout_io)
|
|
30
|
+
RubyVault.configure do |config|
|
|
31
|
+
config.stdout = stdout_io
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def self.reset_stdout
|
|
36
|
+
RubyVault.configure do |config|
|
|
37
|
+
config.stdout = $stdout
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
end
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'ruby_vault'
|
|
4
|
+
|
|
5
|
+
module RakeVault
|
|
6
|
+
module Auth
|
|
7
|
+
module Oidc
|
|
8
|
+
def self.login(address, role, no_print)
|
|
9
|
+
auth = role ? ["role=#{role}"] : []
|
|
10
|
+
|
|
11
|
+
RubyVault.login(
|
|
12
|
+
method: 'oidc',
|
|
13
|
+
auth: auth,
|
|
14
|
+
address: address,
|
|
15
|
+
no_print: no_print
|
|
16
|
+
)
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
require 'rake_factory'
|
|
4
|
+
require_relative '../auth/approle'
|
|
4
5
|
require_relative '../token_file'
|
|
5
6
|
|
|
6
7
|
module RakeVault
|
|
@@ -20,23 +21,12 @@ module RakeVault
|
|
|
20
21
|
parameter :secret_id
|
|
21
22
|
|
|
22
23
|
action do |task|
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
RubyVault.configure do |config|
|
|
29
|
-
config.stdout = stdout_io
|
|
30
|
-
end
|
|
31
|
-
|
|
32
|
-
RubyVault.write(
|
|
33
|
-
address: task.address,
|
|
34
|
-
path: task.path,
|
|
35
|
-
data: [role_id, secret_id].compact,
|
|
36
|
-
format: 'json'
|
|
24
|
+
RakeVault::Auth::Approle.login(
|
|
25
|
+
task.address,
|
|
26
|
+
task.path,
|
|
27
|
+
task.role_id,
|
|
28
|
+
task.secret_id
|
|
37
29
|
)
|
|
38
|
-
RubyVault.reset!
|
|
39
|
-
RakeVault::TokenFile.write(stdout_io.string)
|
|
40
30
|
end
|
|
41
31
|
end
|
|
42
32
|
end
|
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'rake_factory'
|
|
4
|
+
require 'vault'
|
|
5
|
+
require_relative '../auth/approle'
|
|
6
|
+
require_relative '../auth/oidc'
|
|
7
|
+
|
|
8
|
+
module RakeVault
|
|
9
|
+
module Tasks
|
|
10
|
+
class Login < RakeFactory::Task
|
|
11
|
+
default_name :login
|
|
12
|
+
default_prerequisites(RakeFactory::DynamicValue.new do |t|
|
|
13
|
+
[t.ensure_task_name]
|
|
14
|
+
end)
|
|
15
|
+
default_description(RakeFactory::DynamicValue.new do |_t|
|
|
16
|
+
'Login with approle or oidc using vault'
|
|
17
|
+
end)
|
|
18
|
+
parameter :address
|
|
19
|
+
parameter :role
|
|
20
|
+
parameter :ensure_task_name, default: :'vault:ensure'
|
|
21
|
+
|
|
22
|
+
action do |task|
|
|
23
|
+
if valid_token?(task.address)
|
|
24
|
+
puts 'Valid token found.'
|
|
25
|
+
else
|
|
26
|
+
puts 'No valid token found. Attempting to login...'
|
|
27
|
+
app_role_role_id = ENV.fetch('VAULT_APPROLE_ROLE_ID', nil)
|
|
28
|
+
app_role_secret_id = ENV.fetch('VAULT_APPROLE_SECRET_ID', nil)
|
|
29
|
+
if app_role_role_id && app_role_secret_id
|
|
30
|
+
puts 'Approle credentials found. Logging in with approle...'
|
|
31
|
+
RakeVault::Auth::Approle.login(
|
|
32
|
+
task.address,
|
|
33
|
+
'auth/approle/login',
|
|
34
|
+
app_role_role_id,
|
|
35
|
+
app_role_secret_id
|
|
36
|
+
)
|
|
37
|
+
else
|
|
38
|
+
RakeVault::Auth::Oidc.login(task.address, task.role, true)
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
def valid_token?(address)
|
|
44
|
+
puts 'Checking for valid token...'
|
|
45
|
+
vault_client = Vault::Client.new(address: address)
|
|
46
|
+
vault_client.auth_token.lookup_self
|
|
47
|
+
rescue Vault::HTTPClientError || Vault::HTTPServerError
|
|
48
|
+
false
|
|
49
|
+
else
|
|
50
|
+
true
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
end
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
require 'rake_factory'
|
|
4
|
-
|
|
4
|
+
require_relative '../auth/oidc'
|
|
5
5
|
|
|
6
6
|
module RakeVault
|
|
7
7
|
module Tasks
|
|
@@ -19,14 +19,7 @@ module RakeVault
|
|
|
19
19
|
parameter :no_print, default: false
|
|
20
20
|
|
|
21
21
|
action do |task|
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
RubyVault.login(
|
|
25
|
-
method: 'oidc',
|
|
26
|
-
auth: auth,
|
|
27
|
-
address: task.address,
|
|
28
|
-
no_print: task.no_print
|
|
29
|
-
)
|
|
22
|
+
RakeVault::Auth::Oidc.login(task.address, task.role, task.no_print)
|
|
30
23
|
end
|
|
31
24
|
end
|
|
32
25
|
end
|
data/lib/rake_vault/tasks.rb
CHANGED
data/lib/rake_vault/version.rb
CHANGED
data/lib/rake_vault.rb
CHANGED
|
@@ -7,7 +7,11 @@ require 'rake_vault/token_file'
|
|
|
7
7
|
|
|
8
8
|
module RakeVault
|
|
9
9
|
def self.define_installation_tasks(opts = {})
|
|
10
|
-
|
|
10
|
+
command_task_set = define_command_installation_tasks(opts)
|
|
11
|
+
|
|
12
|
+
configure_ruby_vault(command_task_set.binary)
|
|
13
|
+
|
|
14
|
+
command_task_set.delegate
|
|
11
15
|
end
|
|
12
16
|
|
|
13
17
|
def self.define_oidc_auth_task(opts = {}, &block)
|
|
@@ -17,4 +21,20 @@ module RakeVault
|
|
|
17
21
|
def self.define_app_role_auth_task(opts = {}, &block)
|
|
18
22
|
RakeVault::Tasks::AppRoleAuth.define(opts, &block)
|
|
19
23
|
end
|
|
24
|
+
|
|
25
|
+
def self.define_login_task(opts = {}, &block)
|
|
26
|
+
RakeVault::Tasks::Login.define(opts, &block)
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
class << self
|
|
30
|
+
private
|
|
31
|
+
|
|
32
|
+
def define_command_installation_tasks(opts = {})
|
|
33
|
+
RakeVault::TaskSets::Vault.define(opts)
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
def configure_ruby_vault(binary)
|
|
37
|
+
RubyVault.configure { |c| c.binary = binary }
|
|
38
|
+
end
|
|
39
|
+
end
|
|
20
40
|
end
|
data/rake_vault.gemspec
CHANGED
|
@@ -40,6 +40,7 @@ Gem::Specification.new do |spec|
|
|
|
40
40
|
spec.add_dependency 'rake_dependencies', '~> 3.1'
|
|
41
41
|
spec.add_dependency 'rake_factory', '~> 0.23'
|
|
42
42
|
spec.add_dependency 'ruby_vault', '~> 0.1.0.pre.15'
|
|
43
|
+
spec.add_dependency 'vault', '~> 0.17'
|
|
43
44
|
|
|
44
45
|
spec.add_development_dependency 'activesupport'
|
|
45
46
|
spec.add_development_dependency 'bundler'
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rake_vault
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.0.pre.
|
|
4
|
+
version: 0.1.0.pre.12
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- InfraBlocks Maintainers
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-09-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: colored2
|
|
@@ -66,6 +66,20 @@ dependencies:
|
|
|
66
66
|
- - "~>"
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
68
|
version: 0.1.0.pre.15
|
|
69
|
+
- !ruby/object:Gem::Dependency
|
|
70
|
+
name: vault
|
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
|
72
|
+
requirements:
|
|
73
|
+
- - "~>"
|
|
74
|
+
- !ruby/object:Gem::Version
|
|
75
|
+
version: '0.17'
|
|
76
|
+
type: :runtime
|
|
77
|
+
prerelease: false
|
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
79
|
+
requirements:
|
|
80
|
+
- - "~>"
|
|
81
|
+
- !ruby/object:Gem::Version
|
|
82
|
+
version: '0.17'
|
|
69
83
|
- !ruby/object:Gem::Dependency
|
|
70
84
|
name: activesupport
|
|
71
85
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -278,10 +292,13 @@ files:
|
|
|
278
292
|
- bin/console
|
|
279
293
|
- bin/setup
|
|
280
294
|
- lib/rake_vault.rb
|
|
295
|
+
- lib/rake_vault/auth/approle.rb
|
|
296
|
+
- lib/rake_vault/auth/oidc.rb
|
|
281
297
|
- lib/rake_vault/task_sets.rb
|
|
282
298
|
- lib/rake_vault/task_sets/vault.rb
|
|
283
299
|
- lib/rake_vault/tasks.rb
|
|
284
300
|
- lib/rake_vault/tasks/app_role_auth.rb
|
|
301
|
+
- lib/rake_vault/tasks/login.rb
|
|
285
302
|
- lib/rake_vault/tasks/oidc_auth.rb
|
|
286
303
|
- lib/rake_vault/token_file.rb
|
|
287
304
|
- lib/rake_vault/version.rb
|