sambot 0.1.189 → 0.1.190
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/integration_tests/docker-compose.yml +10 -0
- data/integration_tests/spec_helper.rb +17 -0
- data/integration_tests/vault_helper_spec.rb +41 -0
- data/lib/sambot/cli.rb +1 -0
- data/lib/sambot/templates/bootstrap_scripts/local/docker/bootstrap.sh.erb +5 -33
- data/lib/sambot/testing/vault_helper.rb +6 -2
- data/lib/sambot/version.rb +1 -1
- metadata +4 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2a0cd83ae3d9e1b9929290679426a1f3829cee1b
|
4
|
+
data.tar.gz: 17e60ee1bf68cddcba21da3f813c9cde1dcbd3b4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a61a6737ee2f66ef1d6763fa906875227040c0401743c6416c6292c37fe194fcf5f1f17e8342fd535b3b1c64d3be141fedfeb21c26c94dde8f55740f48b99b0e
|
7
|
+
data.tar.gz: ae02fd221a5f655275fca44ffd5fb73da67daa32b8e59abd6bb9b3ddc1613d5ef1578ee6689ed52759406f1fee30c2922d08fe59fba149736e3d11adf990b1f4
|
@@ -0,0 +1,17 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'bundler/setup'
|
4
|
+
require 'hashie'
|
5
|
+
require 'logger'
|
6
|
+
|
7
|
+
$VERBOSE = nil
|
8
|
+
Hashie.logger = Logger.new(nil)
|
9
|
+
|
10
|
+
require 'sambot'
|
11
|
+
|
12
|
+
RSpec.configure do |config|
|
13
|
+
config.example_status_persistence_file_path = '.rspec_status'
|
14
|
+
config.expect_with :rspec do |c|
|
15
|
+
c.syntax = :expect
|
16
|
+
end
|
17
|
+
end
|
@@ -0,0 +1,41 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require_relative 'spec_helper'
|
4
|
+
|
5
|
+
VaultHelper = Sambot::Testing::VaultHelper
|
6
|
+
Fixtures = Sambot::Testing::Fixtures
|
7
|
+
|
8
|
+
RSpec.describe Sambot::Testing::VaultHelper do
|
9
|
+
|
10
|
+
before(:each) do
|
11
|
+
`docker-compose down`
|
12
|
+
`docker-compose up -d`
|
13
|
+
VaultHelper.setup
|
14
|
+
::Vault.configure do |config|
|
15
|
+
config.address = 'http://127.0.0.1:8200'
|
16
|
+
config.token = 'root'
|
17
|
+
config.ssl_verify = false
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
context ".setup()" do
|
22
|
+
|
23
|
+
it "sets up Vault correctly" do
|
24
|
+
mounts= ::Vault.sys.mounts
|
25
|
+
expect(mounts[:"dev/common"]).to_not be_nil
|
26
|
+
end
|
27
|
+
|
28
|
+
end
|
29
|
+
|
30
|
+
context ".generate_wrapped_token()" do
|
31
|
+
|
32
|
+
it "generates the correct token" do
|
33
|
+
wrapped_token = VaultHelper.generate_wrapped_token
|
34
|
+
access_token = ::Vault.logical.unwrap(wrapped_token)
|
35
|
+
expect(access_token.auth.renewable?).to be true
|
36
|
+
expect(access_token.auth.lease_duration).to eql(2764800)
|
37
|
+
end
|
38
|
+
|
39
|
+
end
|
40
|
+
|
41
|
+
end
|
data/lib/sambot/cli.rb
CHANGED
@@ -13,6 +13,7 @@ module Sambot
|
|
13
13
|
desc 'populate', 'Populates Vault and Consul with seed data'
|
14
14
|
def populate
|
15
15
|
execute do
|
16
|
+
Sambot::Testing::VaultHelper.setup
|
16
17
|
Sambot::Testing::VaultHelper.load_secrets(Config.read)
|
17
18
|
Sambot::Testing::ConsulHelper.load_values(Config.read)
|
18
19
|
end
|
@@ -15,16 +15,12 @@
|
|
15
15
|
# it needs from Vault. #
|
16
16
|
# #
|
17
17
|
# Once the real token has been obtained, it is periodicially renewed by the #
|
18
|
-
# as-vault-token
|
18
|
+
# as-vault-token cookbook. #
|
19
19
|
# #
|
20
|
-
#
|
21
|
-
#
|
22
|
-
#
|
23
|
-
#
|
24
|
-
# given the Vault instance is located on the test instance. #
|
25
|
-
# #
|
26
|
-
# The token used by the test instance is therefore simply the root token and #
|
27
|
-
# no unwrapping takes place. #
|
20
|
+
# When testing a cookbook using a Vault instance on Docker then the wrapped #
|
21
|
+
# token is passed to this bootstrap script in the Vagrantfile where it is #
|
22
|
+
# dynamically generated every time the Vagrantfile is created. This is the $1 #
|
23
|
+
# argument you will see used below when constructing tokens.json #
|
28
24
|
# #
|
29
25
|
#################################################################################
|
30
26
|
|
@@ -38,24 +34,6 @@ wget "https://releases.hashicorp.com/vault/0.6.5/vault_0.6.5_linux_amd64.zip"
|
|
38
34
|
unzip vault_0.6.5_linux_amd64.zip -d /usr/bin
|
39
35
|
sudo mkdir /etc/vault
|
40
36
|
|
41
|
-
#################################################################################
|
42
|
-
# Install Advertising Studio's as-vault-tool binary. #
|
43
|
-
#################################################################################
|
44
|
-
|
45
|
-
echo "Download and install as-vault-tool"
|
46
|
-
if [ ! -d "/opt/as-vault-tool/1.0.2" ]; then sudo mkdir -p /opt/as-vault-tool/1.0.2; fi
|
47
|
-
if [ ! -f /opt/as-vault-tool/1.0.2/as-vault-tool ]; then
|
48
|
-
curl --fail -sSO https://storage.googleapis.com/ads-devops-chef/as-vault-tool/1.0.2/linux_amd64.zip > /dev/null 2>&1
|
49
|
-
sudo unzip linux_amd64 -d /opt/as-vault-tool/1.0.2/
|
50
|
-
fi
|
51
|
-
|
52
|
-
#################################################################################
|
53
|
-
# Use the Vault server on the host machine running under Docker. #
|
54
|
-
#################################################################################
|
55
|
-
|
56
|
-
export VAULT_ADDR=http://10.0.2.2:8200
|
57
|
-
export VAULT_TOKEN=root
|
58
|
-
|
59
37
|
#################################################################################
|
60
38
|
# Create the tokens.json file so that Chef and other applications can access #
|
61
39
|
# the Vault server. #
|
@@ -71,12 +49,6 @@ cat << EOF > /etc/vault/tokens.json
|
|
71
49
|
}
|
72
50
|
EOF
|
73
51
|
|
74
|
-
#################################################################################
|
75
|
-
# Display the contents of /etc/vault/tokens.json for debugging. #
|
76
|
-
#################################################################################
|
77
|
-
|
78
|
-
less /etc/vault/tokens.json
|
79
|
-
|
80
52
|
#################################################################################
|
81
53
|
# Create the 'vault-tokens' group so other services/applications apart from #
|
82
54
|
# 'root' can access the file. #
|
@@ -20,7 +20,7 @@ module Sambot
|
|
20
20
|
end
|
21
21
|
token = ''
|
22
22
|
begin
|
23
|
-
token = Vault.auth_token.create(wrap_ttl: "72h", role: 'nightswatch-ro',
|
23
|
+
token = Vault.auth_token.create('wrap_ttl': "72h", role: 'nightswatch-ro', policies: ['nightswatch-ro']).wrap_info.token
|
24
24
|
rescue
|
25
25
|
end
|
26
26
|
token
|
@@ -29,11 +29,15 @@ module Sambot
|
|
29
29
|
def setup
|
30
30
|
FileUtils.rm_r(WORKING_DIR) if Dir.exist?(WORKING_DIR)
|
31
31
|
FileUtils.mkpath WORKING_DIR
|
32
|
+
UI.info("Created #{WORKING_DIR}")
|
32
33
|
Dir.chdir WORKING_DIR do
|
34
|
+
UI.info("Cloning the Vault policies for inclusion into the Vault Docker instance")
|
33
35
|
`git clone --depth=1 --single-branch -q #{VAULT_POLICIES_REPO}`
|
34
36
|
Dir.chdir 'vault-policies/dev/vault-config' do
|
35
37
|
FS.copy(VAULT_CONFIG_BINARY)
|
36
|
-
|
38
|
+
UI.info("Applying the Vault policies")
|
39
|
+
`VC_VAULT_ADDR=http://127.0.0.1:8200 VC_VAULT_TOKEN=root ./#{VAULT_CONFIG_BINARY} config`
|
40
|
+
UI.info("The Vault policies have been applied")
|
37
41
|
end
|
38
42
|
end
|
39
43
|
end
|
data/lib/sambot/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sambot
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.190
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Olivier Kouame
|
@@ -385,6 +385,9 @@ files:
|
|
385
385
|
- bin/sambot
|
386
386
|
- bin/setup
|
387
387
|
- bin/slackbot
|
388
|
+
- integration_tests/docker-compose.yml
|
389
|
+
- integration_tests/spec_helper.rb
|
390
|
+
- integration_tests/vault_helper_spec.rb
|
388
391
|
- lib/sambot.rb
|
389
392
|
- lib/sambot/application_error.rb
|
390
393
|
- lib/sambot/base_command.rb
|