RubyGems - vaml - Versions diffs - 0.1.0 → 0.2.2 - Mend

vaml 0.1.0 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

checksums.yaml +4 -4
data/.gitignore +1 -0
data/README.md +8 -7
data/docker/config/consul-config.json +5 -0
data/docker/config/vault.hcl +12 -0
data/docker/config/vault.prod.hcl +20 -0
data/docker/docker-compose.with_ssl.yml +50 -0
data/docker/docker-compose.yml +38 -0
data/lib/tasks/add_secret.rake +2 -0
data/lib/vaml.rb +1 -1
data/lib/vaml/configuration.rb +2 -1
data/lib/vaml/github.rb +3 -3
data/lib/vaml/vault_config.rb +2 -1
data/lib/vaml/version.rb +1 -1
metadata +7 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: be6b490176d6f15d95fcc857f59070092e8b6a4d
-  data.tar.gz: 508da870ab0559220448c30b2a23879b185242ef
+  metadata.gz: 3b2ebabfa0526b8241ba6497e5d93f41a6e95b61
+  data.tar.gz: 3820ffa87e3dffa4d13d29dcbf280dd9a6ed566f
 SHA512:
-  metadata.gz: eed59d3d4c072a25d87a3a906e9b5df3a35c15f645a3d7c164eb47386c8b75f353692f9ab4041f23007c1e96b4e40d6f7d76b2440d71a9bf85ce6d91642bd297
-  data.tar.gz: a1ed95d6cd38d82f3bef07ddf9a2b0b9ab1df483ebead2a0b6c2ba8ed416549c736d4e821308ba0a83b063334d1ef94b6bd5e364f8749a1bb4af31206e4ac894
+  metadata.gz: ce9219c27887b53640b4fd9774a93380c690ac5e83f840463282b00487e2b119f7fc214b613da2e589b36773070294699851abd2959b60950b00b8dfdf5e0d04
+  data.tar.gz: 84df93926bc8a34ba9d74e14e4bd9b39b73c45226edd71a0f78171178367bea28bb644e55066b6b21d8508918f5be21ea82680ba7bd8e770cea4b94992ececa7

data/.gitignore CHANGED

@@ -5,5 +5,6 @@
 /coverage/
 /doc/
 /pkg/
+/docker/consul-data
 /spec/reports/
 /tmp/

data/README.md CHANGED

@@ -124,15 +124,16 @@ Vaml::Github.enable_auth(organization)
 Vaml::Github.grant_policy(team_name, policy_name)
 ```
-## Using Vault in your Local System
+## Using Vault
-OSX
+This gem also contains a `docker/` directory with vault and consul setup for you.
+To start vault on your local system with consul as the backend, clone the repo and run
+`cd docker`
+`docker-compose up`
+or you can follow the official Vault documentation and install vault.
-```
-brew install vault
-vault server --dev
-```
-And Follow the official Vault documentation.
 ## Development

data/docker/config/consul-config.json ADDED

@@ -0,0 +1,5 @@
+{
+  "key_file": "/consul/config/privkey1.pem",
+  "cert_file": "/consul/config/cert1.pem",
+  "ca_file": "/consul/config/fullchain1.pem",
+}

data/docker/config/vault.hcl ADDED

@@ -0,0 +1,12 @@
+backend "consul" {
+  address = "consul:8500"
+  path = "vault"
+  scheme = "http"
+}
+listener "tcp" {
+  address = "vault:8200"
+  tls_disable = 1
+}
+disable_mlock = true

data/docker/config/vault.prod.hcl ADDED

@@ -0,0 +1,20 @@
+backend "consul" {
+  address = "my_server_address:8500"
+  redirect_addr = "https://vault:8200"
+  path = "vault"
+  scheme = "https"
+  tls_skip_verify = 0
+  tls_cert_file= "/config/cert.pem"
+  tls_key_file = "/config/privkey.pem"
+  tls_ca_file = "/config/fullchain.pem"
+}
+listener "tcp" {
+  address = "0.0.0.0:8200"
+  tls_disable = 0
+  tls_cert_file = "/config/cert.pem"
+  tls_key_file = "/config/privkey.pem"
+  cluster_address = "0.0.0.0:8200"
+}
+disable_mlock = true

data/docker/docker-compose.with_ssl.yml ADDED

@@ -0,0 +1,50 @@
+version: '3'
+services:
+  consul-base:
+    image: consul:latest
+    container_name: "consul-base"
+    ports:
+      - "8400:8400"
+      - "8500:8500"
+      - "8600:8600"
+      - "53:53/udp"
+    command: "consul agent -server -bootstrap-expect 1 -ui-dir /ui -bind 0.0.0.0 -data-dir=/consul-data -config-file=/config/consul-config.json"
+    volumes:
+      - ./consul-data:/consul-data:Z
+      - ./config:/config
+    environment:
+      CONSUL_LOCAL_CONFIG: "{'key_file': '/consul/config/privkey1.pem', 'cert_file': '/consul/config/cert1.pem', 'ca_file': '/consul/config/fullchain1.pem', {'ports': {'http': 8501, 'https': 8500}}}"
+  consul-agent:
+    image: consul:latest
+    expose:
+      - "8400"
+      - "8500"
+      - "8600"
+    links:
+      - "consul-base:consul"
+    command: "consul agent -retry-join consul -bind 0.0.0.0 -data-dir=/consul-data"
+    depends_on:
+      - consul-base
+    volumes:
+      - ./consul-data:/consul-data:Z
+    environment:
+      CONSUL_LOCAL_CONFIG: "{'key_file': '/consul/config/privkey1.pem', 'cert_file': '/consul/config/cert1.pem', 'ca_file': '/consul/config/fullchain1.pem'}"
+  vault:
+    image: "vault"
+    #restart: always
+    cap_add:
+      - IPC_LOCK
+    #privileged: true
+    depends_on:
+      - consul-base
+      - consul-agent
+    links:
+      - "consul-base:consul"
+    environment:
+      - VAULT_ADDR=https://encrypt.homify.com:8200
+    ports:
+      - "8200:8200"
+    volumes:
+      - /home/ubuntu/vault-docker/config:/config:rw
+    #privileged: true
+    command: "vault server -config=/config/vault.hcl -log-level=trace"

data/docker/docker-compose.yml ADDED

@@ -0,0 +1,38 @@
+version: '3'
+services:
+  consul-base:
+    image: progrium/consul:latest
+    container_name: "consul-base"
+    ports:
+      - "8400:8400"
+      - "8500:8500"
+      - "8600:8600"
+      - "53:53/udp"
+    command: "-server -bootstrap-expect 1 -ui-dir /ui -bind 0.0.0.0 -data-dir=/consul-data"
+    volumes:
+      - ./consul-data:/consul-data
+  consul-agent:
+    image: progrium/consul:latest
+    expose:
+      - "8400"
+      - "8500"
+      - "8600"
+    command: "-server -join consul-base -bind 0.0.0.0"
+    depends_on:
+      - consul-base
+  vault:
+    image: "vault"
+    restart: always
+    depends_on:
+      - consul-base
+      - consul-agent
+    links:
+      - "consul-base:consul"
+    environment:
+      - VAULT_ADDR=http://vault:8200
+    ports:
+      - "8200:8200"
+    volumes:
+      - ./config:/config
+      - ./certbot-data:/etc/letsencrypt
+    command: "vault server -config=/config/vault.hcl -log-level=trace"

data/lib/tasks/add_secret.rake CHANGED

@@ -7,6 +7,7 @@ namespace :vaml do
       raise
     end
     Vaml.configure(host: ENV['VAULT_HOST'], token: ENV['VAULT_TOKEN'])
+    Vaml::Github.auth(ENV['VAULT_TOKEN'])
     Vaml.write_string(key, value)
     puts "the rake task did something"
     exit
@@ -14,6 +15,7 @@ namespace :vaml do
   task :read_secret do
     Vaml.configure(host: ENV['VAULT_HOST'], token: ENV['VAULT_TOKEN'])
+    Vaml::Github.auth(ENV['VAULT_TOKEN'])
     puts Vaml.read_string(ARGV[1])
     exit
   end

data/lib/vaml.rb CHANGED

@@ -6,7 +6,6 @@ require 'vaml/vault_config'
 require 'vaml/configuration'
 require 'vaml/github'
 require 'vaml/railtie' if defined?(Rails)
-require 'pry'
 module Vaml
@@ -17,6 +16,7 @@ module Vaml
     def configure(options)
       options[:host] ||= 'http://127.0.0.1:8200'
       options[:token] ||= ENV['VAULT_TOKEN']
+      options[:ssl_verify] ||= false
       self.configuration ||= Configuration.new(options)
       yield configuration if block_given?

data/lib/vaml/configuration.rb CHANGED

@@ -1,10 +1,11 @@
 module Vaml
   class Configuration
-    attr_accessor :organization, :host, :token
+    attr_accessor :organization, :host, :token, :ssl_verify
     def initialize(options)
       @host = options[:host]
       @token = options[:token]
       @organization = options[:organization]
+      @ssl_verify = options[:ssl_verify]
     end
   end
 end

data/lib/vaml/github.rb CHANGED

@@ -2,13 +2,13 @@ module Vaml
   module Github
     def self.enable_auth(org = Vaml.configuration.organization)
       puts "Enabling auth for #{org} ... "
-      Vault.sys.enable_auth("github", "github")
+      Vault.sys.enable_auth("github", "github") unless Vault.sys.auths[:github]
       Vault.logical.write("auth/github/config", organization: org)
     end
     def self.grant_policy(team_name, policy_name)
-      Vault.client.post("/v1/auth/github/map/teams/#{team_name}", policy_name)
-      # Vault.logical.write("auth/github/map/teams/#{team_name}", policy_name)
+      puts "Granting policy for #{team_name} ... #{policy_name} "
+      Vaml.write_string("auth/github/map/teams/#{team_name}", policy_name)
     end
     def self.auth(token)

data/lib/vaml/vault_config.rb CHANGED

@@ -5,7 +5,8 @@ module Vaml
       ::Vault.configure do |config|
         config.address = Vaml.configuration.host
         config.token = Vaml.configuration.token
-        config.ssl_verify = false
+        config.ssl_verify = true
+        config.ssl_verify = Vaml.configuration.ssl_verify
         config.timeout = 30
         config.ssl_timeout  = 5
         config.open_timeout = 5

data/lib/vaml/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Vaml
-  VERSION = "0.1.0"
+  VERSION = "0.2.2"
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: vaml
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.2
 platform: ruby
 authors:
 - Dipesh
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2017-07-12 00:00:00.000000000 Z
+date: 2017-07-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: vault
@@ -81,6 +81,11 @@ files:
 - Rakefile
 - bin/console
 - bin/setup
+- docker/config/consul-config.json
+- docker/config/vault.hcl
+- docker/config/vault.prod.hcl
+- docker/docker-compose.with_ssl.yml
+- docker/docker-compose.yml
 - exe/vaml
 - lib/tasks/add_secret.rake
 - lib/vaml.rb