vault-update 1.0.2 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/vault-update/version.rb +1 -1
- data/lib/vault-update.rb +31 -20
- data/vault-update.gemspec +1 -0
- metadata +16 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9ccd334da99fc683a7240d10e6e828209b7fc611
|
|
4
|
+
data.tar.gz: 6efab5c807c8a7cc3a741aca87bd9d31c3953269
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6742da546734bd27b853dca3b3633993728af7300693fa2a8ec866ea65ce8d210fe93e6cd0aa896e290fe2bb4afc2fb8f21ba31aaf4d45116b69d1d5d97fc07a
|
|
7
|
+
data.tar.gz: 34063b2d3cd89f86a7968fc313df591e27ece38d0cc80b8bfad192e3c895b772d2a085dd1cab37f5ede0c6bebdd16052243b839bdcab723406573a6a4364ac88
|
data/lib/vault-update/version.rb
CHANGED
data/lib/vault-update.rb
CHANGED
|
@@ -3,24 +3,29 @@ require 'vault'
|
|
|
3
3
|
require 'trollop'
|
|
4
4
|
require 'json'
|
|
5
5
|
require 'diffy'
|
|
6
|
+
require 'colorize'
|
|
7
|
+
require 'facets'
|
|
6
8
|
|
|
7
9
|
class MissingInputError < StandardError; end
|
|
8
10
|
class NoHistoryError < StandardError; end
|
|
9
11
|
class NoUpdateError < StandardError; end
|
|
12
|
+
class NoValueError < StandardError; end
|
|
10
13
|
|
|
11
14
|
class VaultUpdate
|
|
12
15
|
def run
|
|
13
16
|
if opts[:history]
|
|
14
17
|
secret_history.sort_by { |ts, _data| ts }[-history_fetch_size..-1].each do |ts, data|
|
|
15
|
-
puts "#{Time.at(ts.to_s.to_i)}:"
|
|
18
|
+
puts "#{Time.at(ts.to_s.to_i)}:".colorize(:green)
|
|
16
19
|
puts JSON.pretty_generate(data) + "\n\n"
|
|
17
20
|
end
|
|
18
21
|
elsif opts[:last]
|
|
19
|
-
puts JSON.pretty_generate(
|
|
22
|
+
puts JSON.pretty_generate(
|
|
23
|
+
(secret_history.sort_by { |ts, _data| ts }.last || fail(NoHistoryError))[1]
|
|
24
|
+
)
|
|
20
25
|
elsif opts[:rollback]
|
|
21
26
|
rollback_secret
|
|
22
27
|
elsif opts[:current]
|
|
23
|
-
puts JSON.pretty_generate(vault_read(opts[:path]))
|
|
28
|
+
puts JSON.pretty_generate(vault_read(opts[:path]) || fail(NoValueError))
|
|
24
29
|
else
|
|
25
30
|
update
|
|
26
31
|
end
|
|
@@ -28,36 +33,41 @@ class VaultUpdate
|
|
|
28
33
|
raise e unless e.class == TypeError && e.message == 'no implicit conversion of nil into String'
|
|
29
34
|
Trollop.die 'KEY and VALUE must be provided'
|
|
30
35
|
rescue NoUpdateError
|
|
31
|
-
puts 'Nothing to do'
|
|
36
|
+
puts 'Nothing to do'.colorize(:light_white)
|
|
32
37
|
exit 0
|
|
33
38
|
rescue NoHistoryError
|
|
34
|
-
puts
|
|
39
|
+
puts 'ERROR: '.colorize(:red) + "There is no history for #{opts[:path]}"
|
|
35
40
|
exit 2
|
|
41
|
+
rescue NoValueError
|
|
42
|
+
puts 'ERROR: '.colorize(:red) + "There is no current value for #{opts[:path]}"
|
|
43
|
+
exit 3
|
|
36
44
|
end
|
|
37
45
|
|
|
38
46
|
private
|
|
39
47
|
|
|
40
48
|
def history_fetch_size
|
|
41
|
-
opts[:history] > secret_history.count ? secret_history.count : opts[:history]
|
|
49
|
+
opts[:history] > secret_history.keys.count ? secret_history.keys.count : opts[:history]
|
|
42
50
|
end
|
|
43
51
|
|
|
44
52
|
def update
|
|
45
53
|
update_value = ARGV.pop
|
|
46
54
|
|
|
55
|
+
json_value = true
|
|
56
|
+
|
|
47
57
|
# JSON is optional in the value field, so we have this funny business
|
|
48
58
|
update_value = (
|
|
49
59
|
begin
|
|
50
60
|
JSON.parse update_value
|
|
51
61
|
rescue JSON::ParserError
|
|
62
|
+
json_value = false
|
|
52
63
|
update_value
|
|
53
64
|
end
|
|
54
65
|
)
|
|
55
66
|
|
|
56
67
|
update_key = ARGV.pop
|
|
57
68
|
|
|
58
|
-
raise(MissingInputError) unless
|
|
59
|
-
|
|
60
|
-
update_secret update_key.to_sym => update_value
|
|
69
|
+
raise(MissingInputError) unless json_value || update_key
|
|
70
|
+
update_secret(json_value ? update_value : { update_key.to_sym => update_value })
|
|
61
71
|
end
|
|
62
72
|
|
|
63
73
|
def debug?
|
|
@@ -65,35 +75,36 @@ class VaultUpdate
|
|
|
65
75
|
end
|
|
66
76
|
|
|
67
77
|
def rollback_secret
|
|
68
|
-
|
|
78
|
+
fail NoHistoryError unless previous_update
|
|
69
79
|
current_secret_value = vault_read opts[:path]
|
|
70
80
|
|
|
71
81
|
# Update history with {} if empty now
|
|
72
82
|
secret_history[Time.now.to_i] = (current_secret_value || {})
|
|
73
83
|
vault_write "#{opts[:path]}_history", secret_history
|
|
74
84
|
|
|
75
|
-
puts "Writing to #{opts[:path]}:\n
|
|
85
|
+
puts "Writing to #{opts[:path]}:\n".bold + JSON.pretty_generate(previous_update) unless debug?
|
|
76
86
|
vault_write opts[:path], previous_update
|
|
77
87
|
end
|
|
78
88
|
|
|
79
89
|
def update_secret(update_hash)
|
|
80
90
|
data =
|
|
81
|
-
if (current_secret_value = vault_read
|
|
91
|
+
if (current_secret_value = vault_read(opts[:path]).stringify_keys)
|
|
82
92
|
secret_history[Time.now.to_i] = current_secret_value
|
|
83
93
|
vault_write "#{opts[:path]}_history", secret_history
|
|
84
|
-
current_secret_value.merge(update_hash)
|
|
94
|
+
current_secret_value.merge(update_hash.stringify_keys)
|
|
85
95
|
else
|
|
96
|
+
puts "update_hash: ".colorize(:blue) + update_hash.inspect
|
|
86
97
|
update_hash
|
|
87
98
|
end
|
|
88
99
|
|
|
89
100
|
if debug?
|
|
90
|
-
puts "current_secret_value:
|
|
91
|
-
puts "
|
|
101
|
+
puts "current_secret_value: ".colorize(:blue) + current_secret_value.inspect
|
|
102
|
+
puts "data: ".colorize(:blue) + data.inspect
|
|
92
103
|
end
|
|
93
104
|
|
|
94
|
-
|
|
105
|
+
fail NoUpdateError if current_secret_value == data
|
|
95
106
|
|
|
96
|
-
puts "Applying changes to #{opts[:path]}:\n
|
|
107
|
+
puts "Applying changes to #{opts[:path]}:\n".bold
|
|
97
108
|
puts Diffy::Diff.new(
|
|
98
109
|
JSON.pretty_generate(current_secret_value) + "\n", # What to do if no existing content
|
|
99
110
|
JSON.pretty_generate(data) + "\n"
|
|
@@ -134,13 +145,13 @@ class VaultUpdate
|
|
|
134
145
|
opt :last, 'Show the last value', short: 'l'
|
|
135
146
|
opt :current, 'Show the current contents of the secret', short: 'c'
|
|
136
147
|
end
|
|
137
|
-
|
|
148
|
+
fail 'VAULT_ADDR and VAULT_TOKEN must be set' unless ENV['VAULT_ADDR'] && ENV['VAULT_TOKEN']
|
|
138
149
|
opts
|
|
139
150
|
end
|
|
140
151
|
end
|
|
141
152
|
|
|
142
153
|
def vault_write(path, data)
|
|
143
|
-
puts "Writing to #{path}:\n
|
|
154
|
+
puts "Writing to #{path}:\n".colorize(:blue) + data.inspect if debug?
|
|
144
155
|
vault.with_retries(Vault::HTTPConnectionError) do |attempt, e|
|
|
145
156
|
puts "Received exception #{e} from Vault - attempt #{attempt}" if e
|
|
146
157
|
vault.logical.write(path, data)
|
|
@@ -153,7 +164,7 @@ class VaultUpdate
|
|
|
153
164
|
vault.logical.read(path)
|
|
154
165
|
end
|
|
155
166
|
res = r ? r.data : nil
|
|
156
|
-
puts "Read from #{path}:\n
|
|
167
|
+
puts "Read from #{path}:\n".colorize(:blue) + res.to_json if debug?
|
|
157
168
|
res
|
|
158
169
|
end
|
|
159
170
|
|
data/vault-update.gemspec
CHANGED
|
@@ -24,6 +24,7 @@ Gem::Specification.new do |spec|
|
|
|
24
24
|
spec.add_dependency 'diffy'
|
|
25
25
|
spec.add_dependency 'trollop'
|
|
26
26
|
spec.add_dependency 'vault'
|
|
27
|
+
spec.add_dependency 'colorize'
|
|
27
28
|
|
|
28
29
|
spec.add_development_dependency 'bundler', '~> 1.13'
|
|
29
30
|
spec.add_development_dependency 'rake', '~> 10.0'
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: vault-update
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0
|
|
4
|
+
version: 1.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Eric Herot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-
|
|
11
|
+
date: 2016-11-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: diffy
|
|
@@ -52,6 +52,20 @@ dependencies:
|
|
|
52
52
|
- - ">="
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
54
|
version: '0'
|
|
55
|
+
- !ruby/object:Gem::Dependency
|
|
56
|
+
name: colorize
|
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
|
58
|
+
requirements:
|
|
59
|
+
- - ">="
|
|
60
|
+
- !ruby/object:Gem::Version
|
|
61
|
+
version: '0'
|
|
62
|
+
type: :runtime
|
|
63
|
+
prerelease: false
|
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
65
|
+
requirements:
|
|
66
|
+
- - ">="
|
|
67
|
+
- !ruby/object:Gem::Version
|
|
68
|
+
version: '0'
|
|
55
69
|
- !ruby/object:Gem::Dependency
|
|
56
70
|
name: bundler
|
|
57
71
|
requirement: !ruby/object:Gem::Requirement
|