RubyGems - sambot - Versions diffs - 0.1.189 → 0.1.190 - Mend

sambot 0.1.189 → 0.1.190

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/integration_tests/docker-compose.yml +10 -0
data/integration_tests/spec_helper.rb +17 -0
data/integration_tests/vault_helper_spec.rb +41 -0
data/lib/sambot/cli.rb +1 -0
data/lib/sambot/templates/bootstrap_scripts/local/docker/bootstrap.sh.erb +5 -33
data/lib/sambot/testing/vault_helper.rb +6 -2
data/lib/sambot/version.rb +1 -1
metadata +4 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ea09e73b73a391f1fbfdd5d1a68774e3058665c0
-  data.tar.gz: '093ca1e0db4b885d2cbfd1ed1dce5fd854b40c10'
+  metadata.gz: 2a0cd83ae3d9e1b9929290679426a1f3829cee1b
+  data.tar.gz: 17e60ee1bf68cddcba21da3f813c9cde1dcbd3b4
 SHA512:
-  metadata.gz: 7e81873dc40560f552bb93683a097ecda59e7ec6dd012fbb1d8d2e2a6f181242bfd35994fead5ad395144aa379a8ffaa1753dddf5cf4888b6d62897d57cb2fa2
-  data.tar.gz: 9feec1846f7e59051ebca6ffe4a9dddc2c6d8d1d33a77ffc241bf1ff31c268aa9c780120e124a46ae149f3c9e9bf01f709732c6af2080f3c7757e8cc9a1fcc88
+  metadata.gz: a61a6737ee2f66ef1d6763fa906875227040c0401743c6416c6292c37fe194fcf5f1f17e8342fd535b3b1c64d3be141fedfeb21c26c94dde8f55740f48b99b0e
+  data.tar.gz: ae02fd221a5f655275fca44ffd5fb73da67daa32b8e59abd6bb9b3ddc1613d5ef1578ee6689ed52759406f1fee30c2922d08fe59fba149736e3d11adf990b1f4

data/integration_tests/docker-compose.yml ADDED Viewed

@@ -0,0 +1,10 @@
+version: '2'
+services:
+  vault:
+    image: vault
+    container_name: vault
+    ports:
+      - "8200:8200"
+    cap_add:
+      - IPC_LOCK
+    entrypoint: vault server -dev -log-level=debug -dev-listen-address=0.0.0.0:8200 -dev-root-token-id=root

data/integration_tests/spec_helper.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+require 'bundler/setup'
+require 'hashie'
+require 'logger'
+$VERBOSE = nil
+Hashie.logger = Logger.new(nil)
+require 'sambot'
+RSpec.configure do |config|
+  config.example_status_persistence_file_path = '.rspec_status'
+  config.expect_with :rspec do |c|
+    c.syntax = :expect
+  end
+end

data/integration_tests/vault_helper_spec.rb ADDED Viewed

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+require_relative 'spec_helper'
+VaultHelper = Sambot::Testing::VaultHelper
+Fixtures = Sambot::Testing::Fixtures
+RSpec.describe Sambot::Testing::VaultHelper do
+  before(:each) do
+    `docker-compose down`
+    `docker-compose up -d`
+    VaultHelper.setup
+    ::Vault.configure do |config|
+      config.address = 'http://127.0.0.1:8200'
+      config.token = 'root'
+      config.ssl_verify = false
+    end
+  end
+  context ".setup()" do
+    it "sets up Vault correctly" do
+      mounts= ::Vault.sys.mounts
+      expect(mounts[:"dev/common"]).to_not be_nil
+    end
+  end
+  context ".generate_wrapped_token()" do
+    it "generates the correct token" do
+      wrapped_token = VaultHelper.generate_wrapped_token
+      access_token = ::Vault.logical.unwrap(wrapped_token)
+      expect(access_token.auth.renewable?).to be true
+      expect(access_token.auth.lease_duration).to eql(2764800)
+    end
+  end
+end

data/lib/sambot/cli.rb CHANGED Viewed

@@ -13,6 +13,7 @@ module Sambot
     desc 'populate', 'Populates Vault and Consul with seed data'
     def populate
       execute do
+        Sambot::Testing::VaultHelper.setup
         Sambot::Testing::VaultHelper.load_secrets(Config.read)
         Sambot::Testing::ConsulHelper.load_values(Config.read)
       end

data/lib/sambot/templates/bootstrap_scripts/local/docker/bootstrap.sh.erb CHANGED Viewed

@@ -15,16 +15,12 @@
 # it needs from Vault.                                                          #
 #                                                                               #
 # Once the real token has been obtained, it is periodicially renewed by the     #
-# as-vault-token tool.                                                          #
+# as-vault-token cookbook.                                                      #
 #                                                                               #
-# The periodic running of this task is managed by the as-vault-token cookbook.  #
-#                                                                               #
-# When testing a cookbook using the 'sidecar' method this periodic renewal      #
-# along with the added security provided by the wrapper token is not required   #
-# given the Vault instance is located on the test instance.                     #
-#                                                                               #
-# The token used by the test instance is therefore simply the root token and    #
-# no unwrapping takes place.                                                    #
+# When testing a cookbook using a Vault instance on Docker then the wrapped     #
+# token is passed to this bootstrap script in the Vagrantfile where it is       #
+# dynamically generated every time the Vagrantfile is created. This is the $1   #
+# argument you will see used below when constructing tokens.json                #
 #                                                                               #
 #################################################################################
@@ -38,24 +34,6 @@ wget "https://releases.hashicorp.com/vault/0.6.5/vault_0.6.5_linux_amd64.zip"
 unzip vault_0.6.5_linux_amd64.zip -d /usr/bin
 sudo mkdir /etc/vault
-#################################################################################
-# Install Advertising Studio's as-vault-tool binary.                            #
-#################################################################################
-echo "Download and install as-vault-tool"
-if [ ! -d "/opt/as-vault-tool/1.0.2" ]; then sudo mkdir -p /opt/as-vault-tool/1.0.2; fi
-if [ ! -f /opt/as-vault-tool/1.0.2/as-vault-tool ]; then
-  curl --fail -sSO https://storage.googleapis.com/ads-devops-chef/as-vault-tool/1.0.2/linux_amd64.zip > /dev/null 2>&1
-  sudo unzip linux_amd64 -d /opt/as-vault-tool/1.0.2/
-fi
-#################################################################################
-# Use the Vault server on the host machine running under Docker.                #
-#################################################################################
-export VAULT_ADDR=http://10.0.2.2:8200
-export VAULT_TOKEN=root
 #################################################################################
 # Create the tokens.json file so that Chef and other applications can access    #
 # the Vault server.                                                             #
@@ -71,12 +49,6 @@ cat << EOF > /etc/vault/tokens.json
 }
 EOF
-#################################################################################
-# Display the contents of /etc/vault/tokens.json for debugging.                 #
-#################################################################################
-less /etc/vault/tokens.json
 #################################################################################
 # Create the 'vault-tokens' group so other services/applications apart from     #
 # 'root' can access the file.                                                   #

data/lib/sambot/testing/vault_helper.rb CHANGED Viewed

@@ -20,7 +20,7 @@ module Sambot
           end
           token = ''
           begin
-            token = Vault.auth_token.create(wrap_ttl: "72h", role: 'nightswatch-ro', policy: 'nightswatch-ro').wrap_info.token
+            token = Vault.auth_token.create('wrap_ttl': "72h", role: 'nightswatch-ro', policies: ['nightswatch-ro']).wrap_info.token
           rescue
           end
           token
@@ -29,11 +29,15 @@ module Sambot
         def setup
           FileUtils.rm_r(WORKING_DIR) if Dir.exist?(WORKING_DIR)
           FileUtils.mkpath WORKING_DIR
+          UI.info("Created #{WORKING_DIR}")
           Dir.chdir WORKING_DIR do
+            UI.info("Cloning the Vault policies for inclusion into the Vault Docker instance")
             `git clone --depth=1 --single-branch -q #{VAULT_POLICIES_REPO}`
             Dir.chdir 'vault-policies/dev/vault-config' do
               FS.copy(VAULT_CONFIG_BINARY)
-              `./#{VAULT_CONFIG_BINARY} config`
+              UI.info("Applying the Vault policies")
+              `VC_VAULT_ADDR=http://127.0.0.1:8200 VC_VAULT_TOKEN=root ./#{VAULT_CONFIG_BINARY} config`
+              UI.info("The Vault policies have been applied")
             end
           end
         end

data/lib/sambot/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Sambot
-  VERSION = '0.1.189'.freeze
+  VERSION = '0.1.190'.freeze
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sambot
 version: !ruby/object:Gem::Version
-  version: 0.1.189
+  version: 0.1.190
 platform: ruby
 authors:
 - Olivier Kouame
@@ -385,6 +385,9 @@ files:
 - bin/sambot
 - bin/setup
 - bin/slackbot
+- integration_tests/docker-compose.yml
+- integration_tests/spec_helper.rb
+- integration_tests/vault_helper_spec.rb
 - lib/sambot.rb
 - lib/sambot/application_error.rb
 - lib/sambot/base_command.rb