rubyconfig-vault 0.1.1 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/config/vault/vault_source.rb +53 -11
- data/lib/config/vault/version.rb +2 -2
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 46de173dcd36067470c87796ac1767b87b0dfa8a45deccab555e3f4e46f27eba
|
4
|
+
data.tar.gz: a46241218beef3db50686fdd504804c0996b3a773dc7d5fdf0c6cffe2250ae8e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2714a2880f99e0adfa77bbcdfb1b0bc00fe26ecc087846d47dce9d1c644f37c39ce459c1474810f4d6b9200094b197dab593f80e26023643854eb27d3b828859
|
7
|
+
data.tar.gz: d31a1275c69520b68ed8d3c7bb6bb68fbd852ac50e8337899ab310114c76d4086697407067cfb13d6c391b98bb3f96fbcf40202bb7a8a322a13a4176c35962b5
|
@@ -2,31 +2,74 @@ require 'vault'
|
|
2
2
|
|
3
3
|
module Config
|
4
4
|
module Sources
|
5
|
+
# A vault source for Config
|
5
6
|
class VaultSource
|
6
7
|
attr_accessor :kv, :root
|
7
8
|
attr_reader :paths, :client
|
8
9
|
|
10
|
+
# Create a new Config source, all Vault::Client parameters supported
|
11
|
+
#
|
12
|
+
# @param [Hash] opts
|
13
|
+
# @option opts [String, nil] :kv mount point for operations
|
14
|
+
# @option opts [Array<String>, nil] :paths paths for vault secrets
|
15
|
+
# @option opts [String, Symbol, nil] :root default root key for data provided by source
|
16
|
+
# @option opts [Integer] :attempts number of attempts to try and resolve Vault::HTTPError
|
17
|
+
# @option opts [Number] :base interval for exponential backoff
|
18
|
+
# @option opts [Number] :max_wait maximum weight time for exponential backoff
|
19
|
+
# @option opts [Boolean] :flatten flatten the resulting hash. Preserves root option
|
9
20
|
def initialize(opts = {})
|
10
21
|
client_opts = opts.clone
|
11
22
|
@kv = client_opts.delete(:kv) || ''
|
12
|
-
@paths =
|
23
|
+
@paths = []
|
24
|
+
@attempts = client_opts.delete(:attempts) || 5
|
25
|
+
@base = client_opts.delete(:base) || 0.5
|
26
|
+
@max_wait = client_opts.delete(:max_wait) || 2.5
|
13
27
|
@root = client_opts.delete(:root)
|
28
|
+
@flatten = client_opts.delete(:flatten)
|
29
|
+
@paths << client_opts.delete(:paths) if client_opts.key?(:paths)
|
30
|
+
@paths.map! do |p|
|
31
|
+
if p.is_a?(Array)
|
32
|
+
p
|
33
|
+
else
|
34
|
+
[p, @root]
|
35
|
+
end
|
36
|
+
end
|
14
37
|
@client = Vault::Client.new(client_opts)
|
15
38
|
end
|
16
39
|
|
17
|
-
|
18
|
-
|
40
|
+
# Add a path to Config source
|
41
|
+
#
|
42
|
+
# @example Use glob operators
|
43
|
+
# source.add_path('secrets/**/test/*')
|
44
|
+
# source.load #=> { secrets: { some_key: { test: { secret_data: 2 } } } }
|
45
|
+
#
|
46
|
+
# @param path [String]
|
47
|
+
# @param root [String] optional root
|
48
|
+
def add_path(path, root = nil)
|
49
|
+
root ||= @root
|
50
|
+
@paths << [path, root]
|
19
51
|
end
|
20
52
|
|
53
|
+
# Remove added paths
|
21
54
|
def clear_paths
|
22
55
|
@paths = []
|
23
56
|
end
|
24
57
|
|
58
|
+
# Load data from source into hash
|
59
|
+
#
|
60
|
+
# @return [Hash]
|
25
61
|
def load
|
26
|
-
|
62
|
+
Vault.with_retries(Vault::HTTPError,
|
63
|
+
attempts: @attempts,
|
64
|
+
base: @base,
|
65
|
+
max_wait: @max_wait) do
|
66
|
+
process_paths
|
67
|
+
end
|
27
68
|
end
|
28
69
|
|
29
|
-
|
70
|
+
private
|
71
|
+
|
72
|
+
def client_ops
|
30
73
|
unless kv.empty?
|
31
74
|
@client.kv(@kv)
|
32
75
|
else
|
@@ -34,8 +77,6 @@ module Config
|
|
34
77
|
end
|
35
78
|
end
|
36
79
|
|
37
|
-
private
|
38
|
-
|
39
80
|
def process_paths
|
40
81
|
root = {}
|
41
82
|
parsed_paths = @paths.map { |p| process_path(p) }
|
@@ -46,7 +87,7 @@ module Config
|
|
46
87
|
|
47
88
|
def process_path(path)
|
48
89
|
root = {}
|
49
|
-
subpaths = path.split('/')
|
90
|
+
subpaths = path.first.split('/')
|
50
91
|
stack = []
|
51
92
|
stack.push([nil, 0, root])
|
52
93
|
|
@@ -54,13 +95,13 @@ module Config
|
|
54
95
|
query_path, idx, parent = stack.pop
|
55
96
|
sp = subpaths[idx]
|
56
97
|
if sp.nil? || sp.eql?('*')
|
57
|
-
data =
|
98
|
+
data = client_ops.read(query_path)&.data
|
58
99
|
parent.merge!(data || {})
|
59
100
|
parent.compact!
|
60
101
|
end
|
61
102
|
|
62
103
|
if sp.eql?('**') || sp.eql?('*')
|
63
|
-
subtrees =
|
104
|
+
subtrees = client_ops.list(query_path)
|
64
105
|
subtrees.each do |st|
|
65
106
|
new_parent = {}
|
66
107
|
new_key = st.split('/').last.downcase.to_sym
|
@@ -77,7 +118,8 @@ module Config
|
|
77
118
|
end
|
78
119
|
end
|
79
120
|
|
80
|
-
if @
|
121
|
+
root = root.flatten if @flatten
|
122
|
+
if path.last
|
81
123
|
{ @root => root }
|
82
124
|
else
|
83
125
|
root
|
data/lib/config/vault/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rubyconfig-vault
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1
|
4
|
+
version: 1.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- David Young
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-04-
|
11
|
+
date: 2022-04-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: vault
|
@@ -96,6 +96,7 @@ metadata:
|
|
96
96
|
allowed_push_host: https://rubygems.org
|
97
97
|
homepage_uri: https://github.com/CrunchwrapSupreme/rubyconfig-vault
|
98
98
|
source_code_uri: https://github.com/CrunchwrapSupreme/rubyconfig-vault
|
99
|
+
documentation_uri: https://www.rubydoc.info/gems/rubyconfig-vault/index
|
99
100
|
post_install_message:
|
100
101
|
rdoc_options: []
|
101
102
|
require_paths:
|