RubyGems - sambot - Versions diffs - 0.1.189 → 0.1.190 - Mend

sambot 0.1.189 → 0.1.190

Files changed (9) hide show

checksums.yaml +4 -4
data/integration_tests/docker-compose.yml +10 -0
data/integration_tests/spec_helper.rb +17 -0
data/integration_tests/vault_helper_spec.rb +41 -0
data/lib/sambot/cli.rb +1 -0
data/lib/sambot/templates/bootstrap_scripts/local/docker/bootstrap.sh.erb +5 -33
data/lib/sambot/testing/vault_helper.rb +6 -2
data/lib/sambot/version.rb +1 -1
metadata +4 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ea09e73b73a391f1fbfdd5d1a68774e3058665c0
-  data.tar.gz: '093ca1e0db4b885d2cbfd1ed1dce5fd854b40c10'
+  metadata.gz: 2a0cd83ae3d9e1b9929290679426a1f3829cee1b
+  data.tar.gz: 17e60ee1bf68cddcba21da3f813c9cde1dcbd3b4
 SHA512:
-  metadata.gz: 7e81873dc40560f552bb93683a097ecda59e7ec6dd012fbb1d8d2e2a6f181242bfd35994fead5ad395144aa379a8ffaa1753dddf5cf4888b6d62897d57cb2fa2
-  data.tar.gz: 9feec1846f7e59051ebca6ffe4a9dddc2c6d8d1d33a77ffc241bf1ff31c268aa9c780120e124a46ae149f3c9e9bf01f709732c6af2080f3c7757e8cc9a1fcc88
+  metadata.gz: a61a6737ee2f66ef1d6763fa906875227040c0401743c6416c6292c37fe194fcf5f1f17e8342fd535b3b1c64d3be141fedfeb21c26c94dde8f55740f48b99b0e
+  data.tar.gz: ae02fd221a5f655275fca44ffd5fb73da67daa32b8e59abd6bb9b3ddc1613d5ef1578ee6689ed52759406f1fee30c2922d08fe59fba149736e3d11adf990b1f4

data/integration_tests/docker-compose.yml ADDED Viewed

@@ -0,0 +1,10 @@
+version: '2'
+services:
+  vault:
+    image: vault
+    container_name: vault
+    ports:
+      - "8200:8200"
+    cap_add:
+      - IPC_LOCK
+    entrypoint: vault server -dev -log-level=debug -dev-listen-address=0.0.0.0:8200 -dev-root-token-id=root

data/integration_tests/spec_helper.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+require 'bundler/setup'
+require 'hashie'
+require 'logger'
+$VERBOSE = nil
+Hashie.logger = Logger.new(nil)
+require 'sambot'
+RSpec.configure do |config|
+  config.example_status_persistence_file_path = '.rspec_status'
+  config.expect_with :rspec do |c|
+    c.syntax = :expect
+  end
+end

data/integration_tests/vault_helper_spec.rb ADDED Viewed

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+require_relative 'spec_helper'
+VaultHelper = Sambot::Testing::VaultHelper
+Fixtures = Sambot::Testing::Fixtures
+RSpec.describe Sambot::Testing::VaultHelper do
+  before(:each) do
+    `docker-compose down`
+    `docker-compose up -d`
+    VaultHelper.setup
+    ::Vault.configure do |config|
+      config.address = 'http://127.0.0.1:8200'
+      config.token = 'root'
+      config.ssl_verify = false
+    end
+  end
+  context ".setup()" do
+    it "sets up Vault correctly" do
+      mounts= ::Vault.sys.mounts
+      expect(mounts[:"dev/common"]).to_not be_nil
+    end
+  end
+  context ".generate_wrapped_token()" do
+    it "generates the correct token" do
+      wrapped_token = VaultHelper.generate_wrapped_token
+      access_token = ::Vault.logical.unwrap(wrapped_token)
+      expect(access_token.auth.renewable?).to be true
+      expect(access_token.auth.lease_duration).to eql(2764800)
+    end
+  end
+end

data/lib/sambot/cli.rb CHANGED Viewed

@@ -13,6 +13,7 @@ module Sambot
     desc 'populate', 'Populates Vault and Consul with seed data'
     def populate
       execute do
+        Sambot::Testing::VaultHelper.setup
         Sambot::Testing::VaultHelper.load_secrets(Config.read)
         Sambot::Testing::ConsulHelper.load_values(Config.read)
       end

data/lib/sambot/templates/bootstrap_scripts/local/docker/bootstrap.sh.erb CHANGED Viewed

@@ -15,16 +15,12 @@
 # it needs from Vault.                                                          #
 #                                                                               #
 # Once the real token has been obtained, it is periodicially renewed by the     #
-# as-vault-token tool.                                                          #
+# as-vault-token cookbook.                                                      #
 #                                                                               #
-# The periodic running of this task is managed by the as-vault-token cookbook.  #
-#                                                                               #
-# When testing a cookbook using the 'sidecar' method this periodic renewal      #
-# along with the added security provided by the wrapper token is not required   #
-# given the Vault instance is located on the test instance.                     #
-#                                                                               #
-# The token used by the test instance is therefore simply the root token and    #
-# no unwrapping takes place.                                                    #
+# When testing a cookbook using a Vault instance on Docker then the wrapped     #
+# token is passed to this bootstrap script in the Vagrantfile where it is       #
+# dynamically generated every time the Vagrantfile is created. This is the $1   #
+# argument you will see used below when constructing tokens.json                #
 #                                                                               #
 #################################################################################
@@ -38,24 +34,6 @@ wget "https://releases.hashicorp.com/vault/0.6.5/vault_0.6.5_linux_amd64.zip"
 unzip vault_0.6.5_linux_amd64.zip -d /usr/bin
 sudo mkdir /etc/vault
-#################################################################################
-# Install Advertising Studio's as-vault-tool binary.                            #
-#################################################################################
-echo "Download and install as-vault-tool"
-if [ ! -d "/opt/as-vault-tool/1.0.2" ]; then sudo mkdir -p /opt/as-vault-tool/1.0.2; fi
-if [ ! -f /opt/as-vault-tool/1.0.2/as-vault-tool ]; then
-  curl --fail -sSO https://storage.googleapis.com/ads-devops-chef/as-vault-tool/1.0.2/linux_amd64.zip > /dev/null 2>&1
-  sudo unzip linux_amd64 -d /opt/as-vault-tool/1.0.2/
-fi
-#################################################################################
-# Use the Vault server on the host machine running under Docker.                #
-#################################################################################
-export VAULT_ADDR=http://10.0.2.2:8200
-export VAULT_TOKEN=root
 #################################################################################
 # Create the tokens.json file so that Chef and other applications can access    #
 # the Vault server.                                                             #
@@ -71,12 +49,6 @@ cat << EOF > /etc/vault/tokens.json
 }
 EOF
-#################################################################################
-# Display the contents of /etc/vault/tokens.json for debugging.                 #
-#################################################################################
-less /etc/vault/tokens.json
 #################################################################################
 # Create the 'vault-tokens' group so other services/applications apart from     #
 # 'root' can access the file.                                                   #

data/lib/sambot/testing/vault_helper.rb CHANGED Viewed

@@ -20,7 +20,7 @@ module Sambot
           end
           token = ''
           begin
-            token = Vault.auth_token.create(wrap_ttl: "72h", role: 'nightswatch-ro', policy: 'nightswatch-ro').wrap_info.token
+            token = Vault.auth_token.create('wrap_ttl': "72h", role: 'nightswatch-ro', policies: ['nightswatch-ro']).wrap_info.token
           rescue
           end
           token
@@ -29,11 +29,15 @@ module Sambot
         def setup
           FileUtils.rm_r(WORKING_DIR) if Dir.exist?(WORKING_DIR)
           FileUtils.mkpath WORKING_DIR
+          UI.info("Created #{WORKING_DIR}")
           Dir.chdir WORKING_DIR do
+            UI.info("Cloning the Vault policies for inclusion into the Vault Docker instance")
             `git clone --depth=1 --single-branch -q #{VAULT_POLICIES_REPO}`
             Dir.chdir 'vault-policies/dev/vault-config' do
               FS.copy(VAULT_CONFIG_BINARY)
-              `./#{VAULT_CONFIG_BINARY} config`
+              UI.info("Applying the Vault policies")
+              `VC_VAULT_ADDR=http://127.0.0.1:8200 VC_VAULT_TOKEN=root ./#{VAULT_CONFIG_BINARY} config`
+              UI.info("The Vault policies have been applied")
             end
           end
         end

data/lib/sambot/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Sambot
-  VERSION = '0.1.189'.freeze
+  VERSION = '0.1.190'.freeze
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sambot
 version: !ruby/object:Gem::Version
-  version: 0.1.189
+  version: 0.1.190
 platform: ruby
 authors:
 - Olivier Kouame
@@ -385,6 +385,9 @@ files:
 - bin/sambot
 - bin/setup
 - bin/slackbot
+- integration_tests/docker-compose.yml
+- integration_tests/spec_helper.rb
+- integration_tests/vault_helper_spec.rb
 - lib/sambot.rb
 - lib/sambot/application_error.rb
 - lib/sambot/base_command.rb