smart_proxy_vault 0.4.0 → 0.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/lib/smart_proxy_vault/api.rb +12 -22
- data/lib/smart_proxy_vault/endpoint.rb +1 -0
- data/lib/smart_proxy_vault/helpers.rb +8 -0
- data/lib/smart_proxy_vault/version.rb +1 -1
- data/test/helpers/helpers.rb +18 -0
- data/test/request_test.rb +8 -8
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 59bbf36d677feac1a85674ef5b6e4592cbaabef9
|
|
4
|
+
data.tar.gz: 9eb12ef4c3225de70436601091f30dcc0dc61e64
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 52623d07b6e789637e376e452128e6a6c198554aad07dcb1da727f20b5885675cc11f16b1bff5fc64505b95ae9e4359dd841a1fa5fac5dbe69ba914220d4f6dd
|
|
7
|
+
data.tar.gz: 48f28cecae0135f976ddc9a601c92dc37ad0119c9566003a6f4feda0c64778f53c379daddb3070540e536acb72f1a7845540c4a59590bafc2d1a32e1316d31b6
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,8 @@
|
|
|
1
1
|
# Change Log
|
|
2
2
|
|
|
3
|
+
## [v0.4.1](https://github.com/theforeman/smart_proxy_vault/tree/v0.4.1)
|
|
4
|
+
- Fix for https://github.com/hashicorp/vault-ruby/issues/121
|
|
5
|
+
|
|
3
6
|
## [v0.4.0](https://github.com/theforeman/smart_proxy_vault/tree/v0.4.0)
|
|
4
7
|
- Added creating tokens from roles
|
|
5
8
|
- Fixed days to seconds calculation
|
|
@@ -13,28 +13,22 @@ module VaultPlugin
|
|
|
13
13
|
include ::VaultPlugin::Helpers
|
|
14
14
|
|
|
15
15
|
class Client
|
|
16
|
-
|
|
16
|
+
extend ::VaultPlugin::Helpers
|
|
17
17
|
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
def initialize
|
|
21
|
-
@connection = ::Vault::Client.new(vault_settings)
|
|
22
|
-
end
|
|
23
|
-
|
|
24
|
-
def issue_token(options)
|
|
25
|
-
@connection.auth_token.create(options).auth.client_token
|
|
18
|
+
def self.issue_token(options)
|
|
19
|
+
Vault.auth_token.create(options).auth.client_token
|
|
26
20
|
end
|
|
27
21
|
|
|
28
|
-
def issue_role_token(role, options)
|
|
29
|
-
|
|
22
|
+
def self.issue_role_token(role, options)
|
|
23
|
+
Vault.auth_token.create_with_role(role, options).auth.client_token
|
|
30
24
|
end
|
|
31
25
|
|
|
32
|
-
def lookup_self
|
|
33
|
-
|
|
26
|
+
def self.lookup_self
|
|
27
|
+
Vault.auth_token.lookup_self
|
|
34
28
|
end
|
|
35
29
|
|
|
36
|
-
def renew_self
|
|
37
|
-
|
|
30
|
+
def self.renew_self
|
|
31
|
+
Vault.auth_token.renew_self(lookup_self.data[:creation_ttl])
|
|
38
32
|
end
|
|
39
33
|
end
|
|
40
34
|
|
|
@@ -49,26 +43,22 @@ module VaultPlugin
|
|
|
49
43
|
options.merge(ttl: ttl) unless ttl.nil?
|
|
50
44
|
end
|
|
51
45
|
|
|
52
|
-
def vault
|
|
53
|
-
Client.new
|
|
54
|
-
end
|
|
55
|
-
|
|
56
46
|
def issue(ttl, role)
|
|
57
47
|
begin
|
|
58
48
|
opts = options ttl
|
|
59
|
-
role.nil? ?
|
|
49
|
+
role.nil? ? Client.issue_token(opts) : Client.issue_role_token(role, opts)
|
|
60
50
|
rescue StandardError => e
|
|
61
51
|
log_halt 500, 'Failed to generate Vault token ' + e.message
|
|
62
52
|
end
|
|
63
53
|
end
|
|
64
54
|
|
|
65
55
|
def creation_ttl
|
|
66
|
-
|
|
56
|
+
Client.lookup_self[:data][:creation_ttl]
|
|
67
57
|
end
|
|
68
58
|
|
|
69
59
|
def renew
|
|
70
60
|
begin
|
|
71
|
-
|
|
61
|
+
Client.renew_self
|
|
72
62
|
rescue StandardError => e
|
|
73
63
|
puts 'Failed to renew Vault token ' + e.message
|
|
74
64
|
end
|
|
@@ -16,6 +16,14 @@ module VaultPlugin
|
|
|
16
16
|
::VaultPlugin::Plugin.settings.add_token_metadata
|
|
17
17
|
end
|
|
18
18
|
|
|
19
|
+
def vault_client_configure
|
|
20
|
+
Vault.configure do |config|
|
|
21
|
+
vault_settings.each do |k, v|
|
|
22
|
+
config.send("#{k}=", v)
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
|
|
19
27
|
def to_seconds(string)
|
|
20
28
|
case string.slice(-1)
|
|
21
29
|
when 'd'
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
module RequestHelpers
|
|
2
|
+
extend RR::DSL
|
|
3
|
+
extend self
|
|
4
|
+
|
|
5
|
+
# Need to stub this before we require smart_proxy_vault/endpoint
|
|
6
|
+
def configure_settings
|
|
7
|
+
stub.proxy(::VaultPlugin::Plugin.settings).token_options {{
|
|
8
|
+
ttl: '12h'
|
|
9
|
+
}}
|
|
10
|
+
stub.proxy(::VaultPlugin::Plugin.settings).vault {{
|
|
11
|
+
address: 'https://vault.example.com',
|
|
12
|
+
token: 'GUID',
|
|
13
|
+
ssl_verify: true
|
|
14
|
+
}}
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
RequestHelpers.configure_settings
|
|
18
|
+
end
|
data/test/request_test.rb
CHANGED
|
@@ -1,9 +1,11 @@
|
|
|
1
1
|
require_relative './test_helper'
|
|
2
2
|
require 'smart_proxy_vault'
|
|
3
|
+
require_relative './helpers/helpers'
|
|
3
4
|
require 'smart_proxy_vault/endpoint'
|
|
4
5
|
|
|
5
6
|
class RequestTest < Test::Unit::TestCase
|
|
6
7
|
include Rack::Test::Methods
|
|
8
|
+
include RequestHelpers
|
|
7
9
|
include VaultPlugin::API
|
|
8
10
|
|
|
9
11
|
###
|
|
@@ -122,14 +124,7 @@ class RequestTest < Test::Unit::TestCase
|
|
|
122
124
|
def setup
|
|
123
125
|
stub_authorized?(true)
|
|
124
126
|
stub_client
|
|
125
|
-
|
|
126
|
-
ttl: '12h'
|
|
127
|
-
}}
|
|
128
|
-
stub.proxy(::VaultPlugin::Plugin.settings).vault {{
|
|
129
|
-
address: 'https://vault.example.com',
|
|
130
|
-
token: 'GUID',
|
|
131
|
-
ssl_verify: true
|
|
132
|
-
}}
|
|
127
|
+
configure_settings
|
|
133
128
|
end
|
|
134
129
|
|
|
135
130
|
def test_vault_token_issue
|
|
@@ -154,4 +149,9 @@ class RequestTest < Test::Unit::TestCase
|
|
|
154
149
|
stub_response_renew
|
|
155
150
|
renew
|
|
156
151
|
end
|
|
152
|
+
|
|
153
|
+
def test_vault_settings
|
|
154
|
+
failure_msg = 'Unexpected Vault Configuration'
|
|
155
|
+
assert_equal [], vault_settings.values - Vault.options.values.compact, failure_msg
|
|
156
|
+
end
|
|
157
157
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: smart_proxy_vault
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.4.
|
|
4
|
+
version: 0.4.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Riley
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2016-11-
|
|
12
|
+
date: 2016-11-16 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: bundler
|
|
@@ -234,6 +234,7 @@ files:
|
|
|
234
234
|
- test/factories/rsa.rb
|
|
235
235
|
- test/fixtures/authentication/chef/bender.pem
|
|
236
236
|
- test/fixtures/authentication/chef/fry.pem
|
|
237
|
+
- test/helpers/helpers.rb
|
|
237
238
|
- test/request_test.rb
|
|
238
239
|
- test/test_helper.rb
|
|
239
240
|
homepage: http://github.com/theforeman/smart_proxy_vault
|
|
@@ -265,5 +266,6 @@ test_files:
|
|
|
265
266
|
- test/factories/rsa.rb
|
|
266
267
|
- test/fixtures/authentication/chef/bender.pem
|
|
267
268
|
- test/fixtures/authentication/chef/fry.pem
|
|
269
|
+
- test/helpers/helpers.rb
|
|
268
270
|
- test/request_test.rb
|
|
269
271
|
- test/test_helper.rb
|