vault-provision 0.1.1 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/VERSION +1 -1
- data/lib/vault/provision/auth/ldap/groups.rb +22 -0
- data/lib/vault/provision.rb +1 -1
- data/spec/vault_provision_spec.rb +12 -0
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 07ea7e20d39900ca94b02dff1b460933ea9e2a7b
|
4
|
+
data.tar.gz: 974204a47b957a7532d1750c9248e408ce1baaeb
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: fd1561e9ae836c4e51d0930157b6ebbfdf5fb7210fdfeecfc192d778070e76f782277be085e8e4bfad8814de3ce988f493ca897f3695ae56c3de65ffd225ab31
|
7
|
+
data.tar.gz: 19d8c9a168a5c4c9f983fdbccc181c08affffe07ef9170b1dc86a16c7b8df2fe2b9ebbd88359fe47a370055677fef2d4b723ad3a665e08b99b9354014089ba66
|
data/Gemfile.lock
CHANGED
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.1.
|
1
|
+
0.1.2
|
@@ -1,3 +1,25 @@
|
|
1
1
|
# placeholder
|
2
2
|
class Vault::Provision::Auth::Ldap::Groups < Vault::Provision::Prototype
|
3
|
+
def group_files auth_point
|
4
|
+
Find.find("#{@instance_dir}/auth/#{auth_point}/groups/").select do |rf|
|
5
|
+
FileTest.file?(rf) && rf.end_with?('.json')
|
6
|
+
end
|
7
|
+
end
|
8
|
+
|
9
|
+
def repo_files
|
10
|
+
#auths = @vault.sys.auths
|
11
|
+
#auths.keys.select { |ap| auths[ap].type == 'ldap' }
|
12
|
+
# .inject([]) { |acc, elem| acc + group_files(elem) }
|
13
|
+
@vault.sys.auths.select { |_,v| v.type == 'ldap' }
|
14
|
+
.keys
|
15
|
+
.inject([]) { |acc, elem| acc + group_files(elem) }
|
16
|
+
end
|
17
|
+
|
18
|
+
def provision!
|
19
|
+
repo_files.each do |rf|
|
20
|
+
group = File.basename(rf, '.json')
|
21
|
+
auth_point = rf.split('/')[-3]
|
22
|
+
@vault.post "v1/auth/#{auth_point}/groups/#{group}", File.read(rf)
|
23
|
+
end
|
24
|
+
end
|
3
25
|
end
|
data/lib/vault/provision.rb
CHANGED
@@ -10,6 +10,18 @@ describe Vault::Provision do
|
|
10
10
|
expect(client.sys.auths[:ldap].type).to be == 'ldap'
|
11
11
|
end
|
12
12
|
|
13
|
+
it "has an ldap admin group" do
|
14
|
+
resp = client.get('v1/auth/ldap/groups/admin')
|
15
|
+
expect(resp[:data]).to be
|
16
|
+
expect(resp[:data][:policies].split(',')).to include 'security_admin'
|
17
|
+
end
|
18
|
+
|
19
|
+
it "has an ldap operators group" do
|
20
|
+
resp = client.get('v1/auth/ldap/groups/operators')
|
21
|
+
expect(resp[:data]).to be
|
22
|
+
expect(resp[:data][:policies]).to include 'master_of_secrets'
|
23
|
+
end
|
24
|
+
|
13
25
|
it "has a token auth" do
|
14
26
|
expect(client.sys.auths[:token].type).to be == 'token'
|
15
27
|
end
|