vault-provision 0.1.10 → 0.1.11
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/VERSION +1 -1
- data/examples/basic/sys/audit/my_file.json +8 -0
- data/examples/basic/sys/audit/my_syslog.json +8 -0
- data/lib/vault/provision.rb +1 -0
- data/lib/vault/provision/sys.rb +1 -0
- data/lib/vault/provision/sys/audit.rb +27 -0
- data/spec/spec_helper.rb +6 -1
- data/spec/vault_provision_spec.rb +12 -0
- metadata +4 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 060598f1500adc483e0fbf393bf8e1c50b81f251
|
4
|
+
data.tar.gz: 6d3a8fc25c8e4f2083fe44bebfb7a15d4290443e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 11f2f509baf8dbbee5a1bbfb48cbed93a93bf7e32454224f13e9b0a2704437bdfc8dc3633aff7f930baa49f65a6254dd161963fd291b41ef4ae03990ddc525e7
|
7
|
+
data.tar.gz: f13d17d20092adf42a42a36aae968f96144801e0f114e0f5c3b7001e483127ffb6e8270001dec3a5e782e714974e41f4627880e38a8e8fb3da6b61336d5e612b
|
data/Gemfile.lock
CHANGED
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.1.
|
1
|
+
0.1.11
|
data/lib/vault/provision.rb
CHANGED
data/lib/vault/provision/sys.rb
CHANGED
@@ -0,0 +1,27 @@
|
|
1
|
+
# helps to enable auditing
|
2
|
+
class Vault::Provision::Sys::Audit < Vault::Provision::Prototype
|
3
|
+
def provision!
|
4
|
+
audits = @vault.sys.audits
|
5
|
+
|
6
|
+
change = []
|
7
|
+
repo_files.each do |rf|
|
8
|
+
validate_file! rf
|
9
|
+
path = rf[(repo_path.length + 1)..-6].to_sym
|
10
|
+
r_conf = JSON.parse(File.read(rf))
|
11
|
+
next unless backend_changed? audits[path], r_conf
|
12
|
+
|
13
|
+
@vault.sys.enable_audit(path.to_s,
|
14
|
+
r_conf['type'],
|
15
|
+
r_conf['description'],
|
16
|
+
r_conf['options'])
|
17
|
+
change << @vault.sys.audits[path]
|
18
|
+
end
|
19
|
+
change
|
20
|
+
end
|
21
|
+
|
22
|
+
def backend_changed?(vault_conf, file_conf)
|
23
|
+
return true unless vault_conf
|
24
|
+
file_conf.each { |k, v| return true if v != vault_conf[k] }
|
25
|
+
false
|
26
|
+
end
|
27
|
+
end
|
data/spec/spec_helper.rb
CHANGED
@@ -9,6 +9,8 @@ require 'vcr'
|
|
9
9
|
DEV_VAULT_TOKEN = 'kittens'.freeze
|
10
10
|
DEV_VAULT_ADDR = 'http://127.0.0.1:8200'.freeze
|
11
11
|
EXAMPLE_DIR = "#{GEM_DIR}/examples/basic".freeze
|
12
|
+
AUDIT_LOG_PATH = "/tmp/my-vault-audit-test.log"
|
13
|
+
AUDIT_LOG_TAG = "my-vault-audit-tag"
|
12
14
|
|
13
15
|
ENV['VAULT_DEV_ROOT_TOKEN_ID'] = DEV_VAULT_TOKEN
|
14
16
|
ENV['VAULT_TOKEN'] = DEV_VAULT_TOKEN
|
@@ -34,6 +36,7 @@ VCR.configure do |config|
|
|
34
36
|
end
|
35
37
|
|
36
38
|
def vault_server
|
39
|
+
File.unlink(AUDIT_LOG_PATH) if File.exist?(AUDIT_LOG_PATH)
|
37
40
|
stdin, stdout, stderr, server = Open3.popen3('vault server -dev')
|
38
41
|
cleanup = lambda do |_|
|
39
42
|
stdin.close
|
@@ -41,7 +44,9 @@ def vault_server
|
|
41
44
|
stderr.close
|
42
45
|
Process.kill :INT, server.pid
|
43
46
|
end
|
44
|
-
[:INT, :EXIT].each
|
47
|
+
[:INT, :EXIT].each do |sig|
|
48
|
+
trap(sig, cleanup)
|
49
|
+
end
|
45
50
|
puts "server is PID #{server.pid}"
|
46
51
|
sleep(1) # woo race condition! wait for server to start up
|
47
52
|
server
|
@@ -162,4 +162,16 @@ describe Vault::Provision do
|
|
162
162
|
expect(last_used.user_name).to be
|
163
163
|
end
|
164
164
|
end
|
165
|
+
|
166
|
+
it "can create audit backends" do
|
167
|
+
resp = client.sys.audits
|
168
|
+
expect(resp[:my_file]).to be
|
169
|
+
expect(resp[:my_file].options[:file_path]).to be == AUDIT_LOG_PATH
|
170
|
+
expect(resp[:my_file].description).to be == 'my file-based audit backend'
|
171
|
+
expect(File.exist?(AUDIT_LOG_PATH)).to be true
|
172
|
+
|
173
|
+
expect(resp[:my_syslog]).to be
|
174
|
+
expect(resp[:my_syslog].options[:tag]).to be == AUDIT_LOG_TAG
|
175
|
+
expect(resp[:my_syslog].options[:facility]).to be == "LPR"
|
176
|
+
end
|
165
177
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: vault-provision
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.11
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tom Maher
|
@@ -130,6 +130,8 @@ files:
|
|
130
130
|
- examples/basic/secret/bar/bad.json
|
131
131
|
- examples/basic/secret/baz/yummy.json
|
132
132
|
- examples/basic/secret/foo/good.json
|
133
|
+
- examples/basic/sys/audit/my_file.json
|
134
|
+
- examples/basic/sys/audit/my_syslog.json
|
133
135
|
- examples/basic/sys/auth.json
|
134
136
|
- examples/basic/sys/auth/.keep
|
135
137
|
- examples/basic/sys/auth/approle.json
|
@@ -178,6 +180,7 @@ files:
|
|
178
180
|
- lib/vault/provision/prototype.rb
|
179
181
|
- lib/vault/provision/secret.rb
|
180
182
|
- lib/vault/provision/sys.rb
|
183
|
+
- lib/vault/provision/sys/audit.rb
|
181
184
|
- lib/vault/provision/sys/auth.rb
|
182
185
|
- lib/vault/provision/sys/policy.rb
|
183
186
|
- lib/vault_provision.rb
|