vaml 0.1.0 → 0.2.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: be6b490176d6f15d95fcc857f59070092e8b6a4d
-  data.tar.gz: 508da870ab0559220448c30b2a23879b185242ef
+  metadata.gz: 3b2ebabfa0526b8241ba6497e5d93f41a6e95b61
+  data.tar.gz: 3820ffa87e3dffa4d13d29dcbf280dd9a6ed566f
 SHA512:
-  metadata.gz: eed59d3d4c072a25d87a3a906e9b5df3a35c15f645a3d7c164eb47386c8b75f353692f9ab4041f23007c1e96b4e40d6f7d76b2440d71a9bf85ce6d91642bd297
-  data.tar.gz: a1ed95d6cd38d82f3bef07ddf9a2b0b9ab1df483ebead2a0b6c2ba8ed416549c736d4e821308ba0a83b063334d1ef94b6bd5e364f8749a1bb4af31206e4ac894
+  metadata.gz: ce9219c27887b53640b4fd9774a93380c690ac5e83f840463282b00487e2b119f7fc214b613da2e589b36773070294699851abd2959b60950b00b8dfdf5e0d04
+  data.tar.gz: 84df93926bc8a34ba9d74e14e4bd9b39b73c45226edd71a0f78171178367bea28bb644e55066b6b21d8508918f5be21ea82680ba7bd8e770cea4b94992ececa7

data/.gitignore

@@ -5,5 +5,6 @@
 /coverage/
 /doc/
 /pkg/
+/docker/consul-data
 /spec/reports/
 /tmp/

data/README.md

@@ -124,15 +124,16 @@ Vaml::Github.enable_auth(organization)
 Vaml::Github.grant_policy(team_name, policy_name)
 ```
 
-## Using Vault in your Local System
+## Using Vault
 
-OSX
+This gem also contains a `docker/` directory with vault and consul setup for you.
+To start vault on your local system with consul as the backend, clone the repo and run
+
+`cd docker`
+`docker-compose up`
+
+or you can follow the official Vault documentation and install vault.
 
-```
-brew install vault
-vault server --dev
-```
-And Follow the official Vault documentation.
 
 ## Development
 

data/docker/config/consul-config.json

@@ -0,0 +1,5 @@
+{
+  "key_file": "/consul/config/privkey1.pem",
+  "cert_file": "/consul/config/cert1.pem",
+  "ca_file": "/consul/config/fullchain1.pem",
+}

data/docker/config/vault.hcl

@@ -0,0 +1,12 @@
+backend "consul" {
+  address = "consul:8500"
+  path = "vault"
+  scheme = "http"
+}
+
+listener "tcp" {
+  address = "vault:8200"
+  tls_disable = 1
+}
+
+disable_mlock = true

data/docker/config/vault.prod.hcl

@@ -0,0 +1,20 @@
+backend "consul" {
+  address = "my_server_address:8500"
+  redirect_addr = "https://vault:8200"
+  path = "vault"
+  scheme = "https"
+  tls_skip_verify = 0
+  tls_cert_file= "/config/cert.pem"
+  tls_key_file = "/config/privkey.pem"
+  tls_ca_file = "/config/fullchain.pem"
+}
+
+listener "tcp" {
+  address = "0.0.0.0:8200"
+  tls_disable = 0
+  tls_cert_file = "/config/cert.pem"
+  tls_key_file = "/config/privkey.pem"
+  cluster_address = "0.0.0.0:8200"
+}
+
+disable_mlock = true

data/docker/docker-compose.with_ssl.yml

@@ -0,0 +1,50 @@
+version: '3'
+services:
+  consul-base:
+    image: consul:latest
+    container_name: "consul-base"
+    ports:
+      - "8400:8400"
+      - "8500:8500"
+      - "8600:8600"
+      - "53:53/udp"
+    command: "consul agent -server -bootstrap-expect 1 -ui-dir /ui -bind 0.0.0.0 -data-dir=/consul-data -config-file=/config/consul-config.json"
+    volumes:
+      - ./consul-data:/consul-data:Z
+      - ./config:/config
+    environment:
+      CONSUL_LOCAL_CONFIG: "{'key_file': '/consul/config/privkey1.pem', 'cert_file': '/consul/config/cert1.pem', 'ca_file': '/consul/config/fullchain1.pem', {'ports': {'http': 8501, 'https': 8500}}}"
+  consul-agent:
+    image: consul:latest
+    expose:
+      - "8400"
+      - "8500"
+      - "8600"
+    links:
+      - "consul-base:consul"
+    command: "consul agent -retry-join consul -bind 0.0.0.0 -data-dir=/consul-data"
+    depends_on:
+      - consul-base
+    volumes:
+      - ./consul-data:/consul-data:Z
+    environment:
+      CONSUL_LOCAL_CONFIG: "{'key_file': '/consul/config/privkey1.pem', 'cert_file': '/consul/config/cert1.pem', 'ca_file': '/consul/config/fullchain1.pem'}"
+  vault:
+    image: "vault"
+    #restart: always
+    cap_add:
+      - IPC_LOCK
+    #privileged: true
+    depends_on:
+      - consul-base
+      - consul-agent
+    links:
+      - "consul-base:consul"
+    environment:
+      - VAULT_ADDR=https://encrypt.homify.com:8200
+    ports:
+      - "8200:8200"
+    volumes:
+      - /home/ubuntu/vault-docker/config:/config:rw
+    #privileged: true
+    command: "vault server -config=/config/vault.hcl -log-level=trace"

data/docker/docker-compose.yml

@@ -0,0 +1,38 @@
+version: '3'
+services:
+  consul-base:
+    image: progrium/consul:latest
+    container_name: "consul-base"
+    ports:
+      - "8400:8400"
+      - "8500:8500"
+      - "8600:8600"
+      - "53:53/udp"
+    command: "-server -bootstrap-expect 1 -ui-dir /ui -bind 0.0.0.0 -data-dir=/consul-data"
+    volumes:
+      - ./consul-data:/consul-data
+  consul-agent:
+    image: progrium/consul:latest
+    expose:
+      - "8400"
+      - "8500"
+      - "8600"
+    command: "-server -join consul-base -bind 0.0.0.0"
+    depends_on:
+      - consul-base
+  vault:
+    image: "vault"
+    restart: always
+    depends_on:
+      - consul-base
+      - consul-agent
+    links:
+      - "consul-base:consul"
+    environment:
+      - VAULT_ADDR=http://vault:8200
+    ports:
+      - "8200:8200"
+    volumes:
+      - ./config:/config
+      - ./certbot-data:/etc/letsencrypt
+    command: "vault server -config=/config/vault.hcl -log-level=trace"

data/lib/tasks/add_secret.rake

@@ -7,6 +7,7 @@ namespace :vaml do
       raise
     end
     Vaml.configure(host: ENV['VAULT_HOST'], token: ENV['VAULT_TOKEN'])
+    Vaml::Github.auth(ENV['VAULT_TOKEN'])
     Vaml.write_string(key, value)
     puts "the rake task did something"
     exit
@@ -14,6 +15,7 @@ namespace :vaml do
 
   task :read_secret do
     Vaml.configure(host: ENV['VAULT_HOST'], token: ENV['VAULT_TOKEN'])
+    Vaml::Github.auth(ENV['VAULT_TOKEN'])
     puts Vaml.read_string(ARGV[1])
     exit
   end

data/lib/vaml.rb

@@ -6,7 +6,6 @@ require 'vaml/vault_config'
 require 'vaml/configuration'
 require 'vaml/github'
 require 'vaml/railtie' if defined?(Rails)
-require 'pry'
 
 module Vaml
 
@@ -17,6 +16,7 @@ module Vaml
     def configure(options)
       options[:host] ||= 'http://127.0.0.1:8200'
       options[:token] ||= ENV['VAULT_TOKEN']
+      options[:ssl_verify] ||= false
 
       self.configuration ||= Configuration.new(options)
       yield configuration if block_given?

data/lib/vaml/configuration.rb

@@ -1,10 +1,11 @@
 module Vaml
   class Configuration
-    attr_accessor :organization, :host, :token
+    attr_accessor :organization, :host, :token, :ssl_verify
     def initialize(options)
       @host = options[:host]
       @token = options[:token]
       @organization = options[:organization]
+      @ssl_verify = options[:ssl_verify]
     end
   end
 end

data/lib/vaml/github.rb

@@ -2,13 +2,13 @@ module Vaml
   module Github
     def self.enable_auth(org = Vaml.configuration.organization)
       puts "Enabling auth for #{org} ... "
-      Vault.sys.enable_auth("github", "github")
+      Vault.sys.enable_auth("github", "github") unless Vault.sys.auths[:github]
       Vault.logical.write("auth/github/config", organization: org)
     end
 
     def self.grant_policy(team_name, policy_name)
-      Vault.client.post("/v1/auth/github/map/teams/#{team_name}", policy_name)
-      # Vault.logical.write("auth/github/map/teams/#{team_name}", policy_name)
+      puts "Granting policy for #{team_name} ... #{policy_name} "
+      Vaml.write_string("auth/github/map/teams/#{team_name}", policy_name)
     end
 
     def self.auth(token)

data/lib/vaml/vault_config.rb

@@ -5,7 +5,8 @@ module Vaml
       ::Vault.configure do |config|
         config.address = Vaml.configuration.host
         config.token = Vaml.configuration.token
-        config.ssl_verify = false
+        config.ssl_verify = true
+        config.ssl_verify = Vaml.configuration.ssl_verify
         config.timeout = 30
         config.ssl_timeout  = 5
         config.open_timeout = 5

data/lib/vaml/version.rb

@@ -1,3 +1,3 @@
 module Vaml
-  VERSION = "0.1.0"
+  VERSION = "0.2.2"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: vaml
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.2
 platform: ruby
 authors:
 - Dipesh
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-07-12 00:00:00.000000000 Z
+date: 2017-07-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: vault
@@ -81,6 +81,11 @@ files:
 - Rakefile
 - bin/console
 - bin/setup
+- docker/config/consul-config.json
+- docker/config/vault.hcl
+- docker/config/vault.prod.hcl
+- docker/docker-compose.with_ssl.yml
+- docker/docker-compose.yml
 - exe/vaml
 - lib/tasks/add_secret.rake
 - lib/vaml.rb