vaultkit 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +974 -726
- data/lib/vkit/cli/base_cli.rb +1 -1
- data/lib/vkit/cli/commands/base_command.rb +2 -0
- data/lib/vkit/cli/commands/policy_bundle_command.rb +44 -21
- data/lib/vkit/cli/commands/policy_deploy_command.rb +20 -1
- metadata +3 -3
data/lib/vkit/cli/base_cli.rb
CHANGED
|
@@ -157,7 +157,7 @@ module Vkit
|
|
|
157
157
|
|
|
158
158
|
desc "deploy", "Deploy a policy bundle to VaultKit"
|
|
159
159
|
option :bundle, type: :string, default: "dist/policy_bundle.json"
|
|
160
|
-
option :org, type: :string
|
|
160
|
+
option :org, type: :string
|
|
161
161
|
option :activate, type: :boolean, default: true
|
|
162
162
|
|
|
163
163
|
def deploy
|
|
@@ -1,10 +1,13 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require "json"
|
|
4
|
+
require "fileutils"
|
|
2
5
|
require_relative "../../policy/bundle_compiler"
|
|
3
6
|
|
|
4
7
|
module Vkit
|
|
5
8
|
module CLI
|
|
6
9
|
module Commands
|
|
7
|
-
class PolicyBundleCommand
|
|
10
|
+
class PolicyBundleCommand < BaseCommand
|
|
8
11
|
def call(policies_dir:, registry_dir:, out:, org:, version:)
|
|
9
12
|
policies_dir = File.expand_path(policies_dir)
|
|
10
13
|
registry_dir = File.expand_path(registry_dir)
|
|
@@ -15,26 +18,46 @@ module Vkit
|
|
|
15
18
|
|
|
16
19
|
version ||= git_sha
|
|
17
20
|
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
21
|
+
with_auth do
|
|
22
|
+
derived_org = credential_store.user["organization_slug"]
|
|
23
|
+
|
|
24
|
+
raise "Unable to determine organization from credentials. Please login." \
|
|
25
|
+
if derived_org.nil? || derived_org.empty?
|
|
26
|
+
|
|
27
|
+
if org && org != derived_org
|
|
28
|
+
raise <<~MSG
|
|
29
|
+
Organization mismatch detected.
|
|
30
|
+
|
|
31
|
+
Authenticated organization: #{derived_org}
|
|
32
|
+
Provided via --org: #{org}
|
|
33
|
+
|
|
34
|
+
Refusing to continue to prevent cross-organization policy bundles.
|
|
35
|
+
MSG
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
org_slug = org || derived_org
|
|
39
|
+
|
|
40
|
+
bundle = Vkit::Policy::BundleCompiler.compile!(
|
|
41
|
+
org_slug: org_slug,
|
|
42
|
+
bundle_version: version,
|
|
43
|
+
policies_dir: policies_dir,
|
|
44
|
+
registry_dir: registry_dir,
|
|
45
|
+
source: {
|
|
46
|
+
repo: git_repo,
|
|
47
|
+
ref: git_ref,
|
|
48
|
+
commit_sha: version
|
|
49
|
+
}
|
|
50
|
+
)
|
|
51
|
+
|
|
52
|
+
FileUtils.mkdir_p(File.dirname(out))
|
|
53
|
+
File.write(out, JSON.pretty_generate(bundle))
|
|
54
|
+
|
|
55
|
+
puts "✅ Policy bundle created"
|
|
56
|
+
puts " Org: #{bundle.dig("bundle", "org_slug")}"
|
|
57
|
+
puts " Version: #{bundle.dig("bundle", "bundle_version")}"
|
|
58
|
+
puts " Checksum: #{bundle.dig("bundle", "checksum")}"
|
|
59
|
+
puts " Output: #{out}"
|
|
60
|
+
end
|
|
38
61
|
end
|
|
39
62
|
|
|
40
63
|
private
|
|
@@ -11,10 +11,28 @@ module Vkit
|
|
|
11
11
|
bundle_path = File.expand_path(bundle_path)
|
|
12
12
|
raise "Bundle not found: #{bundle_path}" unless File.exist?(bundle_path)
|
|
13
13
|
|
|
14
|
+
derived_org = credential_store.user["organization_slug"]
|
|
15
|
+
|
|
16
|
+
raise "Unable to determine organization from credentials. Please login." \
|
|
17
|
+
if derived_org.nil? || derived_org.empty?
|
|
18
|
+
|
|
19
|
+
if org && org != derived_org
|
|
20
|
+
raise <<~MSG
|
|
21
|
+
Organization mismatch detected.
|
|
22
|
+
|
|
23
|
+
Authenticated organization: #{derived_org}
|
|
24
|
+
Provided via --org: #{org}
|
|
25
|
+
|
|
26
|
+
Refusing to deploy policy bundle to a different organization.
|
|
27
|
+
MSG
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
org_slug = org || derived_org
|
|
31
|
+
|
|
14
32
|
bundle = JSON.parse(File.read(bundle_path))
|
|
15
33
|
|
|
16
34
|
response = authenticated_client.post(
|
|
17
|
-
"/api/v1/orgs/#{
|
|
35
|
+
"/api/v1/orgs/#{org_slug}/policy_bundles",
|
|
18
36
|
body: {
|
|
19
37
|
bundle: bundle,
|
|
20
38
|
activate: activate
|
|
@@ -22,6 +40,7 @@ module Vkit
|
|
|
22
40
|
)
|
|
23
41
|
|
|
24
42
|
puts "🚀 Policy bundle deployed"
|
|
43
|
+
puts " Org: #{org_slug}"
|
|
25
44
|
puts " Version: #{response['bundle_version']}"
|
|
26
45
|
puts " State: #{response['state']}"
|
|
27
46
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: vaultkit
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nnamdi Ogundu
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2026-01-
|
|
11
|
+
date: 2026-01-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: thor
|
|
@@ -68,7 +68,7 @@ files:
|
|
|
68
68
|
- lib/vkit/utils/logger.rb
|
|
69
69
|
homepage: https://vaultkit.io
|
|
70
70
|
licenses:
|
|
71
|
-
-
|
|
71
|
+
- Nonstandard
|
|
72
72
|
metadata:
|
|
73
73
|
rubygems_mfa_required: 'true'
|
|
74
74
|
source_code_uri: https://github.com/ndbaba1/vaultkitcli
|