rubyconfig-vault 0.1.1 → 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/config/vault/vault_source.rb +53 -11
- data/lib/config/vault/version.rb +2 -2
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 46de173dcd36067470c87796ac1767b87b0dfa8a45deccab555e3f4e46f27eba
|
|
4
|
+
data.tar.gz: a46241218beef3db50686fdd504804c0996b3a773dc7d5fdf0c6cffe2250ae8e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2714a2880f99e0adfa77bbcdfb1b0bc00fe26ecc087846d47dce9d1c644f37c39ce459c1474810f4d6b9200094b197dab593f80e26023643854eb27d3b828859
|
|
7
|
+
data.tar.gz: d31a1275c69520b68ed8d3c7bb6bb68fbd852ac50e8337899ab310114c76d4086697407067cfb13d6c391b98bb3f96fbcf40202bb7a8a322a13a4176c35962b5
|
|
@@ -2,31 +2,74 @@ require 'vault'
|
|
|
2
2
|
|
|
3
3
|
module Config
|
|
4
4
|
module Sources
|
|
5
|
+
# A vault source for Config
|
|
5
6
|
class VaultSource
|
|
6
7
|
attr_accessor :kv, :root
|
|
7
8
|
attr_reader :paths, :client
|
|
8
9
|
|
|
10
|
+
# Create a new Config source, all Vault::Client parameters supported
|
|
11
|
+
#
|
|
12
|
+
# @param [Hash] opts
|
|
13
|
+
# @option opts [String, nil] :kv mount point for operations
|
|
14
|
+
# @option opts [Array<String>, nil] :paths paths for vault secrets
|
|
15
|
+
# @option opts [String, Symbol, nil] :root default root key for data provided by source
|
|
16
|
+
# @option opts [Integer] :attempts number of attempts to try and resolve Vault::HTTPError
|
|
17
|
+
# @option opts [Number] :base interval for exponential backoff
|
|
18
|
+
# @option opts [Number] :max_wait maximum weight time for exponential backoff
|
|
19
|
+
# @option opts [Boolean] :flatten flatten the resulting hash. Preserves root option
|
|
9
20
|
def initialize(opts = {})
|
|
10
21
|
client_opts = opts.clone
|
|
11
22
|
@kv = client_opts.delete(:kv) || ''
|
|
12
|
-
@paths =
|
|
23
|
+
@paths = []
|
|
24
|
+
@attempts = client_opts.delete(:attempts) || 5
|
|
25
|
+
@base = client_opts.delete(:base) || 0.5
|
|
26
|
+
@max_wait = client_opts.delete(:max_wait) || 2.5
|
|
13
27
|
@root = client_opts.delete(:root)
|
|
28
|
+
@flatten = client_opts.delete(:flatten)
|
|
29
|
+
@paths << client_opts.delete(:paths) if client_opts.key?(:paths)
|
|
30
|
+
@paths.map! do |p|
|
|
31
|
+
if p.is_a?(Array)
|
|
32
|
+
p
|
|
33
|
+
else
|
|
34
|
+
[p, @root]
|
|
35
|
+
end
|
|
36
|
+
end
|
|
14
37
|
@client = Vault::Client.new(client_opts)
|
|
15
38
|
end
|
|
16
39
|
|
|
17
|
-
|
|
18
|
-
|
|
40
|
+
# Add a path to Config source
|
|
41
|
+
#
|
|
42
|
+
# @example Use glob operators
|
|
43
|
+
# source.add_path('secrets/**/test/*')
|
|
44
|
+
# source.load #=> { secrets: { some_key: { test: { secret_data: 2 } } } }
|
|
45
|
+
#
|
|
46
|
+
# @param path [String]
|
|
47
|
+
# @param root [String] optional root
|
|
48
|
+
def add_path(path, root = nil)
|
|
49
|
+
root ||= @root
|
|
50
|
+
@paths << [path, root]
|
|
19
51
|
end
|
|
20
52
|
|
|
53
|
+
# Remove added paths
|
|
21
54
|
def clear_paths
|
|
22
55
|
@paths = []
|
|
23
56
|
end
|
|
24
57
|
|
|
58
|
+
# Load data from source into hash
|
|
59
|
+
#
|
|
60
|
+
# @return [Hash]
|
|
25
61
|
def load
|
|
26
|
-
|
|
62
|
+
Vault.with_retries(Vault::HTTPError,
|
|
63
|
+
attempts: @attempts,
|
|
64
|
+
base: @base,
|
|
65
|
+
max_wait: @max_wait) do
|
|
66
|
+
process_paths
|
|
67
|
+
end
|
|
27
68
|
end
|
|
28
69
|
|
|
29
|
-
|
|
70
|
+
private
|
|
71
|
+
|
|
72
|
+
def client_ops
|
|
30
73
|
unless kv.empty?
|
|
31
74
|
@client.kv(@kv)
|
|
32
75
|
else
|
|
@@ -34,8 +77,6 @@ module Config
|
|
|
34
77
|
end
|
|
35
78
|
end
|
|
36
79
|
|
|
37
|
-
private
|
|
38
|
-
|
|
39
80
|
def process_paths
|
|
40
81
|
root = {}
|
|
41
82
|
parsed_paths = @paths.map { |p| process_path(p) }
|
|
@@ -46,7 +87,7 @@ module Config
|
|
|
46
87
|
|
|
47
88
|
def process_path(path)
|
|
48
89
|
root = {}
|
|
49
|
-
subpaths = path.split('/')
|
|
90
|
+
subpaths = path.first.split('/')
|
|
50
91
|
stack = []
|
|
51
92
|
stack.push([nil, 0, root])
|
|
52
93
|
|
|
@@ -54,13 +95,13 @@ module Config
|
|
|
54
95
|
query_path, idx, parent = stack.pop
|
|
55
96
|
sp = subpaths[idx]
|
|
56
97
|
if sp.nil? || sp.eql?('*')
|
|
57
|
-
data =
|
|
98
|
+
data = client_ops.read(query_path)&.data
|
|
58
99
|
parent.merge!(data || {})
|
|
59
100
|
parent.compact!
|
|
60
101
|
end
|
|
61
102
|
|
|
62
103
|
if sp.eql?('**') || sp.eql?('*')
|
|
63
|
-
subtrees =
|
|
104
|
+
subtrees = client_ops.list(query_path)
|
|
64
105
|
subtrees.each do |st|
|
|
65
106
|
new_parent = {}
|
|
66
107
|
new_key = st.split('/').last.downcase.to_sym
|
|
@@ -77,7 +118,8 @@ module Config
|
|
|
77
118
|
end
|
|
78
119
|
end
|
|
79
120
|
|
|
80
|
-
if @
|
|
121
|
+
root = root.flatten if @flatten
|
|
122
|
+
if path.last
|
|
81
123
|
{ @root => root }
|
|
82
124
|
else
|
|
83
125
|
root
|
data/lib/config/vault/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rubyconfig-vault
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1
|
|
4
|
+
version: 1.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- David Young
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-04-
|
|
11
|
+
date: 2022-04-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: vault
|
|
@@ -96,6 +96,7 @@ metadata:
|
|
|
96
96
|
allowed_push_host: https://rubygems.org
|
|
97
97
|
homepage_uri: https://github.com/CrunchwrapSupreme/rubyconfig-vault
|
|
98
98
|
source_code_uri: https://github.com/CrunchwrapSupreme/rubyconfig-vault
|
|
99
|
+
documentation_uri: https://www.rubydoc.info/gems/rubyconfig-vault/index
|
|
99
100
|
post_install_message:
|
|
100
101
|
rdoc_options: []
|
|
101
102
|
require_paths:
|