RubyGems - sanctum - Versions diffs - 0.8.5.rc5 → 0.8.6.rc1 - Mend

sanctum 0.8.5.rc5 → 0.8.6.rc1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

checksums.yaml +4 -4
data/Gemfile.lock +26 -1
data/lib/sanctum/command/base.rb +17 -3
data/lib/sanctum/command/create.rb +1 -6
data/lib/sanctum/command/diff_helper.rb +2 -0
data/lib/sanctum/command/edit.rb +1 -6
data/lib/sanctum/command/editor_helper.rb +2 -1
data/lib/sanctum/command/pull.rb +1 -0
data/lib/sanctum/command/push.rb +1 -0
data/lib/sanctum/version.rb +1 -1
data/sanctum.gemspec +5 -3
metadata +22 -15
data/.gitlab-ci.yml +0 -22
data/Dockerfile +0 -31
data/docker-compose.override.yml_sample +0 -11
data/docker-compose.test.yml +0 -17
data/docker-compose.yml +0 -19
data/examples/single_target/example_policy.hcl +0 -54

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dff385a40c33fc32dc3c5b57c28c1c8493cf9e01dc6e79cfbfee08269a3bd072
-  data.tar.gz: ebdd7ba3f3a1020357301d281e4dc474195d8b765a25885f96e10e7a7e6b3573
+  metadata.gz: b898d2e916e8ec1febdcaaa482017484aa1d2c0d7bb407cd0f1e93fb58615622
+  data.tar.gz: 5f34552ae0916fdce2b8903e0548e3656a60e9f950b1e5a656a9f54d500f78f4
 SHA512:
-  metadata.gz: 23d19761e85666eb94b7c7e25a7957be59ba422f2967a930000b1171ae1280e0417b3ad767fc35e0c5c1a19cb61962c752c06d3ae381a1b54c2ef6e8c4cf9949
-  data.tar.gz: 8563efa095ac2a186572adcd14f999db22070e91803cc6ad89d67c29c009e4f8c6c005675b9f796744dbb76633381ad5df05cc8050366aa32e5e503aa860acb2
+  metadata.gz: d72a9696fc57f35c6eb1da437069ba9eb369aec6ce871095296bdd09b753528ac8eeb5ed3023a52f3ae3826df81a5dd70dda8e19a07bdbf860ebd3fd761de895
+  data.tar.gz: c63d24c16472a5170a54f3da4fa2ba5caf472f5cc5b25bbe3ce2d3bd8c41e087ff8efbc640289b45decdbaf74a7e32e30bbdfa5c8344fc33f4b79054808991cf

data/Gemfile.lock CHANGED

@@ -1,9 +1,10 @@
 PATH
   remote: .
   specs:
-    sanctum (0.8.5.rc5)
+    sanctum (0.8.6.rc1)
       gli (~> 2.18)
       hashdiff (~> 0.3)
+      tty-editor (~> 0.5)
       vault (~> 0.12)
 GEM
@@ -13,13 +14,18 @@ GEM
     aws-sigv4 (1.0.3)
     coderay (1.1.2)
     diff-lcs (1.3)
+    equatable (0.5.0)
     gli (2.18.0)
     hashdiff (0.3.8)
     jaro_winkler (1.5.2)
     method_source (0.9.2)
+    necromancer (0.4.0)
     parallel (1.14.0)
     parser (2.6.0.0)
       ast (~> 2.4.0)
+    pastel (0.7.2)
+      equatable (~> 0.5.0)
+      tty-color (~> 0.4.0)
     powerpack (0.1.2)
     pry (0.12.2)
       coderay (~> 1.1.0)
@@ -52,9 +58,28 @@ GEM
     rubocop-rspec (1.32.0)
       rubocop (>= 0.60.0)
     ruby-progressbar (1.10.0)
+    timers (4.3.0)
+    tty-color (0.4.3)
+    tty-cursor (0.6.1)
+    tty-editor (0.5.0)
+      tty-prompt (~> 0.18)
+      tty-which (~> 0.4)
+    tty-prompt (0.18.1)
+      necromancer (~> 0.4.0)
+      pastel (~> 0.7.0)
+      timers (~> 4.0)
+      tty-cursor (~> 0.6.0)
+      tty-reader (~> 0.5.0)
+    tty-reader (0.5.0)
+      tty-cursor (~> 0.6.0)
+      tty-screen (~> 0.6.4)
+      wisper (~> 2.0.0)
+    tty-screen (0.6.5)
+    tty-which (0.4.0)
     unicode-display_width (1.4.1)
     vault (0.12.0)
       aws-sigv4
+    wisper (2.0.0)
 PLATFORMS
   ruby

data/lib/sanctum/command/base.rb CHANGED

@@ -41,6 +41,9 @@ module Sanctum
         default_transit_key = options.fetch(:sanctum).fetch(:transit_key, nil)
         default_secrets_version = options.fetch(:sanctum).fetch(:secrets_version)
+        # TODO: make this better
+        # remove_trailing_slash needs to run first, as some of the other logic in other methods
+        # rely on it
         targets = remove_trailing_slash(targets)
         targets = set_secrets_version(targets, default_secrets_version)
         targets = set_transit_key(targets, default_transit_key)
@@ -63,13 +66,16 @@ module Sanctum
           if default_secrets_version == "auto"
             mounts_hash = mounts_info
+            # Use the root path to determine secrets_version
+            prefix = "#{h[:prefix].lines('/').first}"
+            prefix = prefix.include?("/") ? prefix.to_sym : "#{prefix}/".to_sym
             # If mount options is nil default to api version 1 otherwise use version value
             # generic mounts will not have a version specified
-            if mounts_hash.dig(:data, :secret, "#{h[:prefix]}/".to_sym, :options).nil?
+            if mounts_hash.dig(:data, :secret, prefix, :options).nil?
               h[:secrets_version] = "1"
             else
-              h[:secrets_version] = mounts_hash.dig(:data, :secret, "#{h[:prefix]}/".to_sym, :options, :version).to_s
+              h[:secrets_version] = mounts_hash.dig(:data, :secret, prefix, :options, :version).to_s
             end
           else
             h[:secrets_version] = default_secrets_version
@@ -103,7 +109,14 @@ module Sanctum
         targets.each do |h|
           next unless h[:secrets_version] == "2"
-          h[:prefix] = h[:prefix].include?("/data") ? h[:prefix] : "#{h[:prefix]}/data"
+          # Super gross..., split path into an array
+          path_array = h[:prefix].lines("/")
+          # Add `data/` to the right place in the path if it's not already there
+          if path_array.count == 1
+            h[:prefix] = path_array.insert(1, "/data").join
+          else
+            h[:prefix] = path_array.include?("data/") ? path_array.join : path_array.insert(1, "data/").join
+          end
         end
       end
@@ -111,6 +124,7 @@ module Sanctum
         targets.each do |h|
           h[:prefix] = h[:prefix].chomp("/")
           h[:path] = h[:path].chomp("/")
+          h[:transit_key] = h[:transit_key].chomp("/") if h.key?(:transit_key)
         end
       end

data/lib/sanctum/command/create.rb CHANGED

@@ -30,12 +30,7 @@ module Sanctum
           if block_given?
             yield tmp_file
           else
-            editor = ENV.fetch('EDITOR', 'vi')
-            #This should help in the case where people are using macvim, atom, etc
-            command = Thread.new do
-              raise red("Error with editor") unless system(editor, tmp_file.path)
-            end
-            command.join
+            TTY::Editor.open(tmp_file.path)
           end
           contents = File.read(tmp_file.path)

data/lib/sanctum/command/diff_helper.rb CHANGED

@@ -12,6 +12,8 @@ module Sanctum
             puts green("#{diff[0].to_s + diff[1].join(" => ").to_s} => #{diff[2]}")
           else
             puts red("#{diff[0].to_s + diff[1].join(" => ").to_s} => #{diff[2]}")
+            # If a secret is changed, we should show the change
+            puts green("+#{diff[1].join(" => ").to_s} => #{diff[3]}") if diff.fetch(3, false)
           end
         end
         differences

data/lib/sanctum/command/edit.rb CHANGED

@@ -33,12 +33,7 @@ module Sanctum
             yield tmp_file
           else
             previous_contents = File.read(tmp_file.path)
-            editor = ENV.fetch('EDITOR', 'vi')
-            #This should help in the case where people are using macvim, atom, etc
-            command = Thread.new do
-              raise red("Error with editor") unless system(editor, tmp_file.path )
-            end
-            command.join
+            TTY::Editor.open(tmp_file.path)
           end
           contents = File.read(tmp_file.path)

data/lib/sanctum/command/editor_helper.rb CHANGED

@@ -1,6 +1,7 @@
+require 'json'
 require 'securerandom'
+require 'tty-editor'
 require 'yaml'
-require 'json'
 module Sanctum
   module Command

data/lib/sanctum/command/pull.rb CHANGED

@@ -5,6 +5,7 @@ module Sanctum
     class Pull < Base
       def run
+        puts yellow("Running `pull` for the following targets: \n#{targets.map{ |h| h.dig(:name)}.to_yaml.gsub("---\n", '')}")
         targets.each do |target|
           # Use command line if force: true
           if options[:cli][:force]

data/lib/sanctum/command/push.rb CHANGED

@@ -6,6 +6,7 @@ module Sanctum
     class Push < Base
       def run
+        puts yellow("Running `push` for the following targets: \n#{targets.map{ |h| h.dig(:name)}.to_yaml.gsub("---\n", '')}")
         targets.each do |target|
           # Use command line if force: true
           if options[:cli][:force]

data/lib/sanctum/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Sanctum
-  VERSION = "0.8.5.rc5"
+  VERSION = "0.8.6.rc1"
 end

data/sanctum.gemspec CHANGED

@@ -17,15 +17,17 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = '>=2.5.0'
   spec.files         = `git ls-files -z`.split("\x0").reject do |f|
-    f.match(%r{^(test|spec|features)/})
+    exclude = [%r{^(test|spec|features|examples)/}, %r{docker.*}i, %r{\.gitlab-ci.yml}]
+    f.match(Regexp.union(exclude))
   end
   spec.bindir        = "bin"
   spec.executables   = "sanctum"
   spec.require_paths = ["lib"]
-  spec.add_dependency 'vault', '~> 0.12'
-  spec.add_dependency 'hashdiff', '~> 0.3'
   spec.add_dependency 'gli', '~> 2.18'
+  spec.add_dependency 'hashdiff', '~> 0.3'
+  spec.add_dependency 'tty-editor', '~> 0.5'
+  spec.add_dependency 'vault', '~> 0.12'
   spec.add_development_dependency 'bundler', '~> 1.0'
   spec.add_development_dependency 'pry', '~> 0.12.0'

metadata CHANGED

@@ -1,29 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: sanctum
 version: !ruby/object:Gem::Version
-  version: 0.8.5.rc5
+  version: 0.8.6.rc1
 platform: ruby
 authors:
 - Corban Raun
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-03-06 00:00:00.000000000 Z
+date: 2019-03-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: vault
+  name: gli
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.12'
+        version: '2.18'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.12'
+        version: '2.18'
 - !ruby/object:Gem::Dependency
   name: hashdiff
   requirement: !ruby/object:Gem::Requirement
@@ -39,19 +39,33 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0.3'
 - !ruby/object:Gem::Dependency
-  name: gli
+  name: tty-editor
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.18'
+        version: '0.5'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.18'
+        version: '0.5'
+- !ruby/object:Gem::Dependency
+  name: vault
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.12'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.12'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -145,10 +159,8 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
-- ".gitlab-ci.yml"
 - ".rspec"
 - ".rubocop.yml"
-- Dockerfile
 - Gemfile
 - Gemfile.lock
 - LICENSE.txt
@@ -157,11 +169,6 @@ files:
 - bin/console
 - bin/sanctum
 - bin/setup
-- docker-compose.override.yml_sample
-- docker-compose.test.yml
-- docker-compose.yml
-- examples/single_target/example_policy.hcl
-- examples/single_target/sanctum.yaml
 - lib/sanctum.rb
 - lib/sanctum/cli.rb
 - lib/sanctum/colorize_string.rb

data/.gitlab-ci.yml DELETED

@@ -1,22 +0,0 @@
----
-image:
-  name: docker/compose:1.23.2
-  entrypoint: ["/bin/sh", "-c"]
-variables:
-  COMPOSE_FILE: 'docker-compose.test.yml'
-stages:
-  - test
-before_script:
-  - docker version
-  - docker info
-  - docker-compose version
-testing:
-  stage: test
-  script:
-    - docker-compose build
-    - docker-compose run -T --rm sanctum ls -lart -hu
-    - docker-compose run -T --rm sanctum bundle exec rspec

data/Dockerfile DELETED

@@ -1,31 +0,0 @@
-FROM ruby:2.5-alpine
-USER root
-ENV VERSION 1.0.3
-ADD https://releases.hashicorp.com/vault/${VERSION}/vault_${VERSION}_linux_amd64.zip /tmp/
-ADD https://releases.hashicorp.com/vault/${VERSION}/vault_${VERSION}_SHA256SUMS /tmp/
-ADD https://releases.hashicorp.com/vault/${VERSION}/vault_${VERSION}_SHA256SUMS.sig /tmp/
-# Install additional dependencies
-# As well as nice to haves locally
-RUN apk --no-cache add git vim busybox-extras curl gnupg build-base \
-  && until gpg --keyserver hkp://p80.pool.sks-keyservers.net --recv-key 0x348FFC4C; do echo "Retry"; sleep 30; done \
-  && gpg --verify /tmp/vault_${VERSION}_SHA256SUMS.sig \
-  && cat /tmp/vault_${VERSION}_SHA256SUMS | grep linux_amd64 | sha256sum /tmp/vault_${VERSION}_linux_amd64.zip \
-  && unzip /tmp/vault_${VERSION}_linux_amd64.zip \
-  && mv vault /usr/local/bin/ \
-  && rm -rf /tmp/*
-# Setup up app directory
-ENV APP_HOME /usr/src/app/
-WORKDIR $APP_HOME
-# Add app code
-COPY . $APP_HOME
-# Install gems
-RUN bundle install --jobs=8
-# Install sanctum gem
-RUN bundle exec rake install

data/docker-compose.override.yml_sample DELETED

@@ -1,11 +0,0 @@
----
-version: '3.4'
-services:
-  sanctum:
-    environment:
-      GEM_HOST_API_KEY:
-      GIT_AUTHOR_NAME:
-      GIT_AUTHOR_EMAIL:
-      GIT_COMMITTER_NAME:
-      GIT_COMMITTER_EMAIL:

data/docker-compose.test.yml DELETED

@@ -1,17 +0,0 @@
----
-version: '3.4'
-services:
-  sanctum:
-    build:
-      context: "."
-    command: /bin/true
-    depends_on:
-      - vault
-  vault:
-    image: vault:1.0.3
-    environment:
-      SKIP_SETCAP: "true"
-      VAULT_DEV_ROOT_TOKEN_ID: "514c55f0-c452-99e3-55e0-8301b770b92c"
-      VAULT_DEV_LISTEN_ADDRESS: "0.0.0.0:8200"
-    command: ["vault", "server", "-dev"]

data/docker-compose.yml DELETED

@@ -1,19 +0,0 @@
----
-version: '3.4'
-services:
-  sanctum:
-    build:
-      context: "."
-    command: /bin/true
-    depends_on:
-      - vault
-    volumes:
-      - ".:/usr/src/app"
-  vault:
-    image: vault:1.0.3
-    environment:
-      SKIP_SETCAP: "true"
-      VAULT_DEV_ROOT_TOKEN_ID: "514c55f0-c452-99e3-55e0-8301b770b92c"
-      VAULT_DEV_LISTEN_ADDRESS: "0.0.0.0:8200"
-    command: ["vault", "server", "-dev"]

data/examples/single_target/example_policy.hcl DELETED

@@ -1,54 +0,0 @@
-# Helpful documentation can be found
-# https://www.vaultproject.io/guides/identity/policies
-# https://www.vaultproject.io/docs/concepts/policies.html
-# https://learn.hashicorp.com/vault/getting-started/policies
-#
-# You can make permissions more granular or limited by specifying deeper paths
-# Example: `path "sanctum-test/data/dev/*"`, etc.
-#
-################# Read/Write v2 api example #################################################
-path "sanctum-test/data/*" { capabilities = ["list","read","create","update","delete"] }
-path "sanctum-test/metadata/*" { capabilities = ["list","read","create","update","delete"] }
-path "sanctum-test/destroy/*" { capabilities = ["update"] }
-path "sanctum-test/delete/*" { capabilities = ["update"] }
-path "sanctum-test/undelete/*" { capabilities = ["update"] }
-#############################################################################################
-################# Read/Write v1/generic example ###################################
-path "sanctum-test/*" { capabilities = ["list","read","create","update","delete"] }
-###################################################################################
-################## Additional sys/ and sys/mount permissions ############################################
-# Grant access to tune existing mount
-# Required to upgrade from v1/generic to v2
-path "sys/mounts/sanctum-test/tune" { capabilities = ["read", "update"] }
-# Grant broader permission to specific mount
-path "sys/mounts/sanctum-test" { capabilities = ["create", "read", "update", "delete", "list", "sudo"] }
-# Read health checks
-path "sys/health" { capabilities = ["read", "sudo"] }
-# View capabilities of token
-path "sys/capabilities" { capabilities = ["create", "update"] }
-# View capabilities of token
-path "sys/capabilities-self" { capabilities = ["create", "update"] }
-# View mount info for mounts that you have permissions on
-path "sys/internal/ui/mounts" { capabilities = ["read"] }
-#########################################################################################################
-################### Transit permissions###########################################################
-# General permission on key
-path "transit/keys/sanctum-test" { capabilities = ["list","read","create","update", "delete"] }
-# Permission to rotate keys
-path "transit/keys/sanctum-test/rotate" { capabilities = ["list","read","create","update"] }
-# Permission to modify transit key config
-path "transit/keys/sanctum-test/config" { capabilities = ["list","read","create","update"] }
-# Permission to backup key
-#path "transit/backup/sanctum-test" { capabilities = ["list","read"] }
-# Permission to restore key
-#path "transit/restore/sanctum-test" { capabilities = ["list","read","create","update"] }
-# Transit encryption endpoint
-path "transit/encrypt/sanctum-test" { capabilities = ["list","read","create","update"] }
-# Transit decrypt endpoint
-path "transit/decrypt/sanctum-test" { capabilities = ["list","read","create","update"] }
-# Transit rewrap permissions
-path "transit/rewrap/sanctum-test" { capabilities = ["list","read","create","update"] }
-##################################################################################################