smart_proxy_vault 0.2.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 544a2fd0ade0912432a4bc4d6d61b9b146235e7c
-  data.tar.gz: 11f15e847cc320fdb2810f2c713962b7bef38094
+  metadata.gz: 3bc99e2ef5775e96638be552f22d34c29d7401df
+  data.tar.gz: 8e133958ef309ad1bb51c9881811812aa3d7356a
 SHA512:
-  metadata.gz: 8484187752e035b9d0dd99f963e9798d67bebb3baa303fd2a9cb1e27964ddd33d50f382a51ba9fd95f3cc8c5229604fdbdb69d42f20ab4fdfb8fe137803f03c4
-  data.tar.gz: bb7a1c65b870dcdff1123a03fc611f14e8b9f76ce31e0e73ba5337af772ea68cab744c354fabd30b63c75979654945aae9f0660fa56df44696364d548681779e
+  metadata.gz: e8646fd374e184105847592fc1513a61bdc787259d4a68b6303396b947fadaa0c24443b81199f395baee5539a73fde4454a05e5fbcb7ba2c03ff144ddbd200b5
+  data.tar.gz: 0c0541374147afccfef1e004a8d1c3be016df10420fd7aa235d254fd8e3c73706c345d981ad52e168e55a94e14ea33fdf9a8d519a684d4cfee95e6c8dee14041

data/lib/smart_proxy_vault.rb

@@ -3,9 +3,4 @@ require 'vault'
 require 'base64'
 require 'openssl'
 
-require 'smart_proxy_vault/authentication'
-require 'smart_proxy_vault/helpers'
-require 'smart_proxy_vault/vault_backend'
-require 'smart_proxy_vault/vault_api'
-require 'smart_proxy_vault/version'
 require 'smart_proxy_vault/vault'

data/lib/smart_proxy_vault/api.rb

@@ -0,0 +1,82 @@
+require_relative './authentication'
+require_relative './helpers'
+
+module VaultPlugin
+  module API
+    def self.included(klass)
+      klass.send :include, Backend
+      klass.extend Backend
+    end
+
+    module Backend
+      include ::VaultPlugin::Authentication
+      include ::VaultPlugin::Helpers
+
+      class Client
+        attr_reader :connection
+
+        include ::VaultPlugin::Helpers
+
+        def initialize
+          @connection = ::Vault::Client.new(vault_settings)
+        end
+
+        def issue_token(options)
+          @connection.auth_token.create(options).auth.client_token
+        end
+
+        def lookup_self
+          @connection.auth_token.lookup_self
+        end
+
+        def renew_self
+          @connection.auth_token.renew_self(lookup_self[:data][:creation_ttl])
+        end
+      end
+
+      def metadata
+        return {} unless add_token_metadata?
+        { display_name: vault_client,
+          meta: { client: vault_client, smartproxy_generated: true } }
+      end
+
+      def options(ttl)
+        options = metadata.merge token_options
+        options.merge(ttl: ttl) unless ttl.nil?
+      end
+
+      def vault
+        Client.new
+      end
+
+      def issue(ttl)
+        begin
+          vault.issue_token options(ttl)
+        rescue StandardError => e
+          log_halt 500, 'Failed to generate Vault token ' + e.message
+        end
+      end
+
+      def creation_ttl
+        vault.lookup_self[:data][:creation_ttl]
+      end
+
+      def renew
+        begin
+          vault.renew_self
+        rescue StandardError => e
+          puts 'Failed to renew Vault token ' + e.message
+        end
+      end
+
+      def start_renewal
+        Thread.new do
+          while true do
+            renew
+            sleep to_seconds(creation_ttl/3)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/smart_proxy_vault/authentication.rb

@@ -25,9 +25,9 @@ module VaultPlugin
 
     # Returns the human-readable identity for the requesting client
     # Optionally used in a token's metadata & display-name
-    def client
+    def vault_client
       extend auth_module
-      client
+      vault_client
     end
   end
 end

data/lib/smart_proxy_vault/{vault_api.rb → endpoint.rb}

@@ -1,8 +1,12 @@
+require_relative './authentication'
+require_relative './api'
+require_relative './helpers'
+
 module VaultPlugin
-  class VaultAPI < ::Sinatra::Base
+  class Endpoint < ::Sinatra::Base
     include ::Proxy::Log
     include ::VaultPlugin::Authentication
-    include ::VaultPlugin::VaultBackend
+    include ::VaultPlugin::API
     helpers ::Proxy::Helpers, ::VaultPlugin::Helpers
 
     ::Sinatra::Base.register Authentication
@@ -12,6 +16,8 @@ module VaultPlugin
       authorized?
     end
 
+    start_renewal
+
     get '/token/issue' do
       ttl = params[:ttl]
       issue(ttl) if valid_ttl? ttl

data/lib/smart_proxy_vault/helpers.rb

@@ -1,9 +1,21 @@
 module VaultPlugin
   module Helpers
+    def vault_settings
+      ::VaultPlugin::Plugin.settings.vault
+    end
+
     def settings_ttl
       ::VaultPlugin::Plugin.settings.token_options[:ttl]
     end
 
+    def token_options
+      ::VaultPlugin::Plugin.settings.token_options
+    end
+
+    def add_token_metadata?
+      ::VaultPlugin::Plugin.settings.add_token_metadata
+    end
+
     def to_seconds(string)
       case string.slice(-1)
       when 'd'

data/lib/smart_proxy_vault/https_config.ru

@@ -1,3 +1,5 @@
+require 'smart_proxy_vault/endpoint'
+
 map '/vault' do
-  run VaultPlugin::VaultAPI
+  run VaultPlugin::Endpoint
 end

data/lib/smart_proxy_vault/vault.rb

@@ -1,3 +1,5 @@
+require_relative './version'
+
 module VaultPlugin
   class Plugin < ::Proxy::Plugin
     plugin 'vault', VaultPlugin::VERSION

data/lib/smart_proxy_vault/version.rb

@@ -1,3 +1,3 @@
 module VaultPlugin
-  VERSION = '0.2.0'
+  VERSION = '0.3.0'
 end

data/test/authentication_chef_test.rb

@@ -1,5 +1,6 @@
 require 'test_helper'
-require 'smart_proxy_vault'
+require 'smart_proxy_vault/authentication/chef'
+
 
 class AuthenticationChefTest < Test::Unit::TestCase
   include Rack::Test::Methods

data/test/request_test.rb

@@ -1,5 +1,6 @@
 require 'test_helper'
 require 'smart_proxy_vault'
+require 'smart_proxy_vault/endpoint'
 
 class RequestTest < Test::Unit::TestCase
   include Rack::Test::Methods
@@ -9,13 +10,13 @@ class RequestTest < Test::Unit::TestCase
   ###
 
   def stub_authorized?(bool)
-    any_instance_of(VaultPlugin::VaultAPI) do |klass|
+    any_instance_of(VaultPlugin::Endpoint) do |klass|
       stub(klass).authorized? { true }
     end
   end
 
   def stub_client
-    any_instance_of(VaultPlugin::VaultAPI) do |klass|
+    any_instance_of(VaultPlugin::Endpoint) do |klass|
       stub(klass).client { 'fry' }
     end
   end
@@ -33,7 +34,7 @@ class RequestTest < Test::Unit::TestCase
     stub_request(:post, "https://vault.example.com/v1/auth/token/create").
     with(:body => "{\"ttl\":\"12h\"}",
          :headers => { 'Accept'=>['*/*', 'application/json'], 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3',
-                       'Content-Type'=>'application/json', 'User-Agent'=>['Ruby', 'VaultRuby/0.3.0 (+github.com/hashicorp/vault-ruby)'],
+                       'Content-Type'=>'application/json', 'User-Agent'=>['Ruby', 'VaultRuby/0.4.0 (+github.com/hashicorp/vault-ruby)'],
                        'X-Vault-Token'=>'GUID' }).
     to_return(:status => 200, :body => token.to_json, :headers => { 'Content-Type'=>'application/json' })
   end
@@ -43,7 +44,7 @@ class RequestTest < Test::Unit::TestCase
   ###
 
   def app
-    VaultPlugin::VaultAPI.new
+    VaultPlugin::Endpoint.new
   end
 
   def setup

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: smart_proxy_vault
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Riley
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-04-07 00:00:00.000000000 Z
+date: 2016-05-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -157,14 +157,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.3.0
+        version: 0.4.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.3.0
+        version: 0.4.0
 description: Authenticates a client & returns a Vault token
 email: riley.shott@visioncritical.com
 executables: []
@@ -177,13 +177,13 @@ files:
 - README.md
 - bundler.d/vault.rb
 - lib/smart_proxy_vault.rb
+- lib/smart_proxy_vault/api.rb
 - lib/smart_proxy_vault/authentication.rb
 - lib/smart_proxy_vault/authentication/chef.rb
+- lib/smart_proxy_vault/endpoint.rb
 - lib/smart_proxy_vault/helpers.rb
 - lib/smart_proxy_vault/https_config.ru
 - lib/smart_proxy_vault/vault.rb
-- lib/smart_proxy_vault/vault_api.rb
-- lib/smart_proxy_vault/vault_backend.rb
 - lib/smart_proxy_vault/version.rb
 - settings.d/vault.yml.example
 - test/authentication_chef_test.rb

data/lib/smart_proxy_vault/vault_backend.rb

@@ -1,43 +0,0 @@
-module VaultPlugin
-  module VaultBackend
-    class API
-      attr_reader :connection
-
-      def initialize(child, ttl)
-        vault_settings = ::VaultPlugin::Plugin.settings.vault
-        @connection = ::Vault::Client.new(vault_settings)
-        @child = child
-        @ttl = ttl
-        @token_options = token_options
-      end
-
-      def issue_token
-        @connection.auth_token.create(@token_options).auth.client_token
-      end
-
-      private
-      def metadata
-        if ::VaultPlugin::Plugin.settings.add_token_metadata == true
-          return { meta: { client: @child, smartproxy_generated: true },
-                   display_name: @child }
-        end
-        {}
-      end
-
-      def token_options
-        options = metadata.merge ::VaultPlugin::Plugin.settings[:token_options]
-        options[:ttl] = @ttl unless @ttl.nil?
-        options
-      end
-    end
-
-    def issue(ttl)
-      begin
-        vault = API.new client, ttl
-        vault.issue_token
-      rescue StandardError => e
-        log_halt 500, 'Failed to generate Vault token ' + e.message
-      end
-    end
-  end
-end