smart_proxy_vault 0.2.0 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/smart_proxy_vault.rb +0 -5
- data/lib/smart_proxy_vault/api.rb +82 -0
- data/lib/smart_proxy_vault/authentication.rb +2 -2
- data/lib/smart_proxy_vault/{vault_api.rb → endpoint.rb} +8 -2
- data/lib/smart_proxy_vault/helpers.rb +12 -0
- data/lib/smart_proxy_vault/https_config.ru +3 -1
- data/lib/smart_proxy_vault/vault.rb +2 -0
- data/lib/smart_proxy_vault/version.rb +1 -1
- data/test/authentication_chef_test.rb +2 -1
- data/test/request_test.rb +5 -4
- metadata +6 -6
- data/lib/smart_proxy_vault/vault_backend.rb +0 -43
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3bc99e2ef5775e96638be552f22d34c29d7401df
|
4
|
+
data.tar.gz: 8e133958ef309ad1bb51c9881811812aa3d7356a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e8646fd374e184105847592fc1513a61bdc787259d4a68b6303396b947fadaa0c24443b81199f395baee5539a73fde4454a05e5fbcb7ba2c03ff144ddbd200b5
|
7
|
+
data.tar.gz: 0c0541374147afccfef1e004a8d1c3be016df10420fd7aa235d254fd8e3c73706c345d981ad52e168e55a94e14ea33fdf9a8d519a684d4cfee95e6c8dee14041
|
data/lib/smart_proxy_vault.rb
CHANGED
@@ -3,9 +3,4 @@ require 'vault'
|
|
3
3
|
require 'base64'
|
4
4
|
require 'openssl'
|
5
5
|
|
6
|
-
require 'smart_proxy_vault/authentication'
|
7
|
-
require 'smart_proxy_vault/helpers'
|
8
|
-
require 'smart_proxy_vault/vault_backend'
|
9
|
-
require 'smart_proxy_vault/vault_api'
|
10
|
-
require 'smart_proxy_vault/version'
|
11
6
|
require 'smart_proxy_vault/vault'
|
@@ -0,0 +1,82 @@
|
|
1
|
+
require_relative './authentication'
|
2
|
+
require_relative './helpers'
|
3
|
+
|
4
|
+
module VaultPlugin
|
5
|
+
module API
|
6
|
+
def self.included(klass)
|
7
|
+
klass.send :include, Backend
|
8
|
+
klass.extend Backend
|
9
|
+
end
|
10
|
+
|
11
|
+
module Backend
|
12
|
+
include ::VaultPlugin::Authentication
|
13
|
+
include ::VaultPlugin::Helpers
|
14
|
+
|
15
|
+
class Client
|
16
|
+
attr_reader :connection
|
17
|
+
|
18
|
+
include ::VaultPlugin::Helpers
|
19
|
+
|
20
|
+
def initialize
|
21
|
+
@connection = ::Vault::Client.new(vault_settings)
|
22
|
+
end
|
23
|
+
|
24
|
+
def issue_token(options)
|
25
|
+
@connection.auth_token.create(options).auth.client_token
|
26
|
+
end
|
27
|
+
|
28
|
+
def lookup_self
|
29
|
+
@connection.auth_token.lookup_self
|
30
|
+
end
|
31
|
+
|
32
|
+
def renew_self
|
33
|
+
@connection.auth_token.renew_self(lookup_self[:data][:creation_ttl])
|
34
|
+
end
|
35
|
+
end
|
36
|
+
|
37
|
+
def metadata
|
38
|
+
return {} unless add_token_metadata?
|
39
|
+
{ display_name: vault_client,
|
40
|
+
meta: { client: vault_client, smartproxy_generated: true } }
|
41
|
+
end
|
42
|
+
|
43
|
+
def options(ttl)
|
44
|
+
options = metadata.merge token_options
|
45
|
+
options.merge(ttl: ttl) unless ttl.nil?
|
46
|
+
end
|
47
|
+
|
48
|
+
def vault
|
49
|
+
Client.new
|
50
|
+
end
|
51
|
+
|
52
|
+
def issue(ttl)
|
53
|
+
begin
|
54
|
+
vault.issue_token options(ttl)
|
55
|
+
rescue StandardError => e
|
56
|
+
log_halt 500, 'Failed to generate Vault token ' + e.message
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
def creation_ttl
|
61
|
+
vault.lookup_self[:data][:creation_ttl]
|
62
|
+
end
|
63
|
+
|
64
|
+
def renew
|
65
|
+
begin
|
66
|
+
vault.renew_self
|
67
|
+
rescue StandardError => e
|
68
|
+
puts 'Failed to renew Vault token ' + e.message
|
69
|
+
end
|
70
|
+
end
|
71
|
+
|
72
|
+
def start_renewal
|
73
|
+
Thread.new do
|
74
|
+
while true do
|
75
|
+
renew
|
76
|
+
sleep to_seconds(creation_ttl/3)
|
77
|
+
end
|
78
|
+
end
|
79
|
+
end
|
80
|
+
end
|
81
|
+
end
|
82
|
+
end
|
@@ -1,8 +1,12 @@
|
|
1
|
+
require_relative './authentication'
|
2
|
+
require_relative './api'
|
3
|
+
require_relative './helpers'
|
4
|
+
|
1
5
|
module VaultPlugin
|
2
|
-
class
|
6
|
+
class Endpoint < ::Sinatra::Base
|
3
7
|
include ::Proxy::Log
|
4
8
|
include ::VaultPlugin::Authentication
|
5
|
-
include ::VaultPlugin::
|
9
|
+
include ::VaultPlugin::API
|
6
10
|
helpers ::Proxy::Helpers, ::VaultPlugin::Helpers
|
7
11
|
|
8
12
|
::Sinatra::Base.register Authentication
|
@@ -12,6 +16,8 @@ module VaultPlugin
|
|
12
16
|
authorized?
|
13
17
|
end
|
14
18
|
|
19
|
+
start_renewal
|
20
|
+
|
15
21
|
get '/token/issue' do
|
16
22
|
ttl = params[:ttl]
|
17
23
|
issue(ttl) if valid_ttl? ttl
|
@@ -1,9 +1,21 @@
|
|
1
1
|
module VaultPlugin
|
2
2
|
module Helpers
|
3
|
+
def vault_settings
|
4
|
+
::VaultPlugin::Plugin.settings.vault
|
5
|
+
end
|
6
|
+
|
3
7
|
def settings_ttl
|
4
8
|
::VaultPlugin::Plugin.settings.token_options[:ttl]
|
5
9
|
end
|
6
10
|
|
11
|
+
def token_options
|
12
|
+
::VaultPlugin::Plugin.settings.token_options
|
13
|
+
end
|
14
|
+
|
15
|
+
def add_token_metadata?
|
16
|
+
::VaultPlugin::Plugin.settings.add_token_metadata
|
17
|
+
end
|
18
|
+
|
7
19
|
def to_seconds(string)
|
8
20
|
case string.slice(-1)
|
9
21
|
when 'd'
|
data/test/request_test.rb
CHANGED
@@ -1,5 +1,6 @@
|
|
1
1
|
require 'test_helper'
|
2
2
|
require 'smart_proxy_vault'
|
3
|
+
require 'smart_proxy_vault/endpoint'
|
3
4
|
|
4
5
|
class RequestTest < Test::Unit::TestCase
|
5
6
|
include Rack::Test::Methods
|
@@ -9,13 +10,13 @@ class RequestTest < Test::Unit::TestCase
|
|
9
10
|
###
|
10
11
|
|
11
12
|
def stub_authorized?(bool)
|
12
|
-
any_instance_of(VaultPlugin::
|
13
|
+
any_instance_of(VaultPlugin::Endpoint) do |klass|
|
13
14
|
stub(klass).authorized? { true }
|
14
15
|
end
|
15
16
|
end
|
16
17
|
|
17
18
|
def stub_client
|
18
|
-
any_instance_of(VaultPlugin::
|
19
|
+
any_instance_of(VaultPlugin::Endpoint) do |klass|
|
19
20
|
stub(klass).client { 'fry' }
|
20
21
|
end
|
21
22
|
end
|
@@ -33,7 +34,7 @@ class RequestTest < Test::Unit::TestCase
|
|
33
34
|
stub_request(:post, "https://vault.example.com/v1/auth/token/create").
|
34
35
|
with(:body => "{\"ttl\":\"12h\"}",
|
35
36
|
:headers => { 'Accept'=>['*/*', 'application/json'], 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3',
|
36
|
-
'Content-Type'=>'application/json', 'User-Agent'=>['Ruby', 'VaultRuby/0.
|
37
|
+
'Content-Type'=>'application/json', 'User-Agent'=>['Ruby', 'VaultRuby/0.4.0 (+github.com/hashicorp/vault-ruby)'],
|
37
38
|
'X-Vault-Token'=>'GUID' }).
|
38
39
|
to_return(:status => 200, :body => token.to_json, :headers => { 'Content-Type'=>'application/json' })
|
39
40
|
end
|
@@ -43,7 +44,7 @@ class RequestTest < Test::Unit::TestCase
|
|
43
44
|
###
|
44
45
|
|
45
46
|
def app
|
46
|
-
VaultPlugin::
|
47
|
+
VaultPlugin::Endpoint.new
|
47
48
|
end
|
48
49
|
|
49
50
|
def setup
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: smart_proxy_vault
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Riley
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2016-
|
12
|
+
date: 2016-05-16 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: bundler
|
@@ -157,14 +157,14 @@ dependencies:
|
|
157
157
|
requirements:
|
158
158
|
- - "~>"
|
159
159
|
- !ruby/object:Gem::Version
|
160
|
-
version: 0.
|
160
|
+
version: 0.4.0
|
161
161
|
type: :runtime
|
162
162
|
prerelease: false
|
163
163
|
version_requirements: !ruby/object:Gem::Requirement
|
164
164
|
requirements:
|
165
165
|
- - "~>"
|
166
166
|
- !ruby/object:Gem::Version
|
167
|
-
version: 0.
|
167
|
+
version: 0.4.0
|
168
168
|
description: Authenticates a client & returns a Vault token
|
169
169
|
email: riley.shott@visioncritical.com
|
170
170
|
executables: []
|
@@ -177,13 +177,13 @@ files:
|
|
177
177
|
- README.md
|
178
178
|
- bundler.d/vault.rb
|
179
179
|
- lib/smart_proxy_vault.rb
|
180
|
+
- lib/smart_proxy_vault/api.rb
|
180
181
|
- lib/smart_proxy_vault/authentication.rb
|
181
182
|
- lib/smart_proxy_vault/authentication/chef.rb
|
183
|
+
- lib/smart_proxy_vault/endpoint.rb
|
182
184
|
- lib/smart_proxy_vault/helpers.rb
|
183
185
|
- lib/smart_proxy_vault/https_config.ru
|
184
186
|
- lib/smart_proxy_vault/vault.rb
|
185
|
-
- lib/smart_proxy_vault/vault_api.rb
|
186
|
-
- lib/smart_proxy_vault/vault_backend.rb
|
187
187
|
- lib/smart_proxy_vault/version.rb
|
188
188
|
- settings.d/vault.yml.example
|
189
189
|
- test/authentication_chef_test.rb
|
@@ -1,43 +0,0 @@
|
|
1
|
-
module VaultPlugin
|
2
|
-
module VaultBackend
|
3
|
-
class API
|
4
|
-
attr_reader :connection
|
5
|
-
|
6
|
-
def initialize(child, ttl)
|
7
|
-
vault_settings = ::VaultPlugin::Plugin.settings.vault
|
8
|
-
@connection = ::Vault::Client.new(vault_settings)
|
9
|
-
@child = child
|
10
|
-
@ttl = ttl
|
11
|
-
@token_options = token_options
|
12
|
-
end
|
13
|
-
|
14
|
-
def issue_token
|
15
|
-
@connection.auth_token.create(@token_options).auth.client_token
|
16
|
-
end
|
17
|
-
|
18
|
-
private
|
19
|
-
def metadata
|
20
|
-
if ::VaultPlugin::Plugin.settings.add_token_metadata == true
|
21
|
-
return { meta: { client: @child, smartproxy_generated: true },
|
22
|
-
display_name: @child }
|
23
|
-
end
|
24
|
-
{}
|
25
|
-
end
|
26
|
-
|
27
|
-
def token_options
|
28
|
-
options = metadata.merge ::VaultPlugin::Plugin.settings[:token_options]
|
29
|
-
options[:ttl] = @ttl unless @ttl.nil?
|
30
|
-
options
|
31
|
-
end
|
32
|
-
end
|
33
|
-
|
34
|
-
def issue(ttl)
|
35
|
-
begin
|
36
|
-
vault = API.new client, ttl
|
37
|
-
vault.issue_token
|
38
|
-
rescue StandardError => e
|
39
|
-
log_halt 500, 'Failed to generate Vault token ' + e.message
|
40
|
-
end
|
41
|
-
end
|
42
|
-
end
|
43
|
-
end
|