PyPI - raijin-server - Versions diffs - 0.3.4__py3-none-any.whl → 0.3.6__py3-none-any.whl - Mend

raijin-server 0.3.4py3-none-any.whl → 0.3.6py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of raijin-server might be problematic. Click here for more details.

Files changed (14) hide show

raijin_server/modules/secrets.py CHANGED Viewed

@@ -1,10 +1,15 @@
-"""Automacao de sealed-secrets e external-secrets via Helm (production-ready).
+"""Automacao de HashiCorp Vault e External Secrets Operator (production-ready).
-Instala os controladores necessários para criptografar e consumir segredos
-em clusters Kubernetes. Inclui opcionalmente a exportacao do certificado
-publico do sealed-secrets para permitir geracao de manifests lacrados.
+Instala Vault com MinIO backend para persistencia e External Secrets Operator
+para sincronizar segredos do Vault para Secrets nativos do Kubernetes.
+Arquitetura:
+- Vault: Gerenciamento centralizado de segredos com MinIO como storage backend
+- External Secrets Operator: Sincroniza segredos do Vault para K8s Secrets
+- Aplicações: Usam Secrets nativos do K8s (transparente)
 """
+import base64
 import socket
 import time
 from pathlib import Path
@@ -20,7 +25,7 @@ from raijin_server.utils import (
     write_file,
 )
-SEALED_NAMESPACE = "kube-system"
+VAULT_NAMESPACE = "vault"
 ESO_NAMESPACE = "external-secrets"
@@ -36,10 +41,10 @@ def _detect_node_name(ctx: ExecutionContext) -> str:
     return socket.gethostname()
-def _check_existing_sealed_secrets(ctx: ExecutionContext, namespace: str) -> bool:
-    """Verifica se existe instalacao do Sealed Secrets."""
+def _check_existing_vault(ctx: ExecutionContext, namespace: str) -> bool:
+    """Verifica se existe instalacao do Vault."""
     result = run_cmd(
-        ["helm", "status", "sealed-secrets", "-n", namespace],
+        ["helm", "status", "vault", "-n", namespace],
         ctx,
         check=False,
     )
@@ -56,12 +61,12 @@ def _check_existing_external_secrets(ctx: ExecutionContext, namespace: str) -> b
     return result.returncode == 0
-def _uninstall_sealed_secrets(ctx: ExecutionContext, namespace: str) -> None:
-    """Remove instalacao anterior do Sealed Secrets."""
-    typer.echo("Removendo instalacao anterior do Sealed Secrets...")
+def _uninstall_vault(ctx: ExecutionContext, namespace: str) -> None:
+    """Remove instalacao anterior do Vault."""
+    typer.echo("Removendo instalacao anterior do Vault...")
     run_cmd(
-        ["helm", "uninstall", "sealed-secrets", "-n", namespace],
+        ["helm", "uninstall", "vault", "-n", namespace],
         ctx,
         check=False,
     )
@@ -82,16 +87,16 @@ def _uninstall_external_secrets(ctx: ExecutionContext, namespace: str) -> None:
     time.sleep(5)
-def _wait_for_sealed_secrets_ready(ctx: ExecutionContext, namespace: str, timeout: int = 120) -> bool:
-    """Aguarda pods do Sealed Secrets ficarem Ready."""
-    typer.echo("Aguardando pods do Sealed Secrets ficarem Ready...")
+def _wait_for_pods_ready(ctx: ExecutionContext, namespace: str, label: str, timeout: int = 120) -> bool:
+    """Aguarda pods ficarem Ready."""
+    typer.echo(f"Aguardando pods com label {label} ficarem Ready...")
     deadline = time.time() + timeout
     while time.time() < deadline:
         result = run_cmd(
             [
                 "kubectl", "-n", namespace, "get", "pods",
-                "-l", "app.kubernetes.io/name=sealed-secrets",
+                "-l", label,
                 "-o", "jsonpath={range .items[*]}{.metadata.name}={.status.phase} {end}",
             ],
             ctx,
@@ -109,49 +114,266 @@ def _wait_for_sealed_secrets_ready(ctx: ExecutionContext, namespace: str, timeou
                             pods.append((parts[0], parts[1]))
                 if pods and all(phase == "Running" for _, phase in pods):
-                    typer.secho("  Sealed Secrets Ready.", fg=typer.colors.GREEN)
+                    typer.secho(f"  Pods {label} Ready.", fg=typer.colors.GREEN)
                     return True
         time.sleep(5)
-    typer.secho("  Timeout aguardando Sealed Secrets.", fg=typer.colors.YELLOW)
+    typer.secho(f"  Timeout aguardando pods {label}.", fg=typer.colors.YELLOW)
     return False
-def _export_sealed_cert(namespace: str, ctx: ExecutionContext) -> None:
-    """Exporta o certificado publico do sealed-secrets para um caminho local."""
+def _get_minio_credentials(ctx: ExecutionContext) -> tuple[str, str]:
+    """Obtem credenciais do MinIO do Secret do K8s."""
+    typer.echo("Obtendo credenciais do MinIO...")
+    # Tenta obter do secret minio-credentials no namespace minio
+    result = run_cmd(
+        ["kubectl", "-n", "minio", "get", "secret", "minio-credentials", "-o", "jsonpath={.data.accesskey}"],
+        ctx,
+        check=False,
+    )
+    if result.returncode == 0 and result.stdout:
+        access_key = base64.b64decode(result.stdout.strip()).decode("utf-8")
+        result = run_cmd(
+            ["kubectl", "-n", "minio", "get", "secret", "minio-credentials", "-o", "jsonpath={.data.secretkey}"],
+            ctx,
+            check=False,
+        )
+        if result.returncode == 0 and result.stdout:
+            secret_key = base64.b64decode(result.stdout.strip()).decode("utf-8")
+            return access_key, secret_key
+    # Fallback para prompt manual
+    typer.secho("Não foi possível obter credenciais automaticamente.", fg=typer.colors.YELLOW)
+    access_key = typer.prompt("MinIO Access Key", default="thor")
+    secret_key = typer.prompt("MinIO Secret Key", default="rebel1on", hide_input=True)
+    return access_key, secret_key
-    default_path = Path("/tmp/sealed-secrets-cert.pem")
-    dest = typer.prompt(
-        "Caminho para salvar o certificado publico do sealed-secrets",
-        default=str(default_path),
+def _initialize_vault(ctx: ExecutionContext, vault_ns: str, node_ip: str) -> tuple[str, list[str]]:
+    """Inicializa o Vault e retorna root token e unseal keys."""
+    typer.echo("\n Inicializando Vault...")
+    result = run_cmd(
+        ["kubectl", "-n", vault_ns, "exec", "vault-0", "--", "vault", "operator", "init", "-format=json"],
+        ctx,
+        check=False,
     )
-    typer.echo(f"Exportando certificado para {dest}...")
-    cmd = [
-        "kubectl",
-        "-n",
-        namespace,
-        "get",
-        "secret",
-        "-l",
-        "sealedsecrets.bitnami.com/sealed-secrets-key",
-        "-o",
-        r"jsonpath={.items[0].data.tls\.crt}",
-    ]
-    result = run_cmd(cmd, ctx, check=False)
     if result.returncode != 0:
-        typer.secho("Nao foi possivel obter o certificado (tente novamente apos o pod estar Ready).", fg=typer.colors.YELLOW)
-        return
+        typer.secho("Falha ao inicializar Vault.", fg=typer.colors.RED)
+        raise typer.Exit(1)
+    import json
+    init_data = json.loads(result.stdout)
+    root_token = init_data["root_token"]
+    unseal_keys = init_data["unseal_keys_b64"]
+    # Salva keys localmente
+    vault_keys_path = Path("/etc/vault/keys.json")
+    vault_keys_path.parent.mkdir(parents=True, exist_ok=True)
+    vault_keys_path.write_text(json.dumps(init_data, indent=2))
+    typer.secho(f"\n✓ Vault keys salvas em {vault_keys_path}", fg=typer.colors.GREEN)
+    typer.secho("⚠️  IMPORTANTE: Guarde essas keys em local seguro!", fg=typer.colors.YELLOW, bold=True)
+    return root_token, unseal_keys
+def _unseal_vault(ctx: ExecutionContext, vault_ns: str, unseal_keys: list[str]) -> None:
+    """Destrava o Vault usando as unseal keys."""
+    typer.echo("\nDesbloqueando Vault...")
+    # Precisa de 3 keys das 5 geradas (threshold padrão)
+    for i in range(3):
+        run_cmd(
+            ["kubectl", "-n", vault_ns, "exec", "vault-0", "--", "vault", "operator", "unseal", unseal_keys[i]],
+            ctx,
+        )
+    typer.secho("✓ Vault desbloqueado.", fg=typer.colors.GREEN)
+def _enable_kv_secrets(ctx: ExecutionContext, vault_ns: str, root_token: str) -> None:
+    """Habilita KV v2 secrets engine."""
+    typer.echo("\nHabilitando KV v2 secrets engine...")
+    run_cmd(
+        [
+            "kubectl", "-n", vault_ns, "exec", "vault-0", "--",
+            "vault", "secrets", "enable", "-path=secret", "kv-v2"
+        ],
+        ctx,
+        env={"VAULT_TOKEN": root_token},
+        check=False,  # Pode já estar habilitado
+    )
+    typer.secho("✓ KV v2 habilitado em path 'secret'.", fg=typer.colors.GREEN)
-    try:
-        import base64
-        cert_b64 = result.stdout.strip()
-        cert_bytes = base64.b64decode(cert_b64)
-        Path(dest).write_bytes(cert_bytes)
-        typer.secho(f"✓ Certificado salvo em {dest}", fg=typer.colors.GREEN)
-    except Exception as exc:
-        typer.secho(f"Falha ao decodificar/salvar certificado: {exc}", fg=typer.colors.YELLOW)
+def _configure_kubernetes_auth(ctx: ExecutionContext, vault_ns: str, root_token: str) -> None:
+    """Configura autenticação Kubernetes no Vault."""
+    typer.echo("\nConfigurando autenticação Kubernetes...")
+    # Habilita kubernetes auth
+    run_cmd(
+        ["kubectl", "-n", vault_ns, "exec", "vault-0", "--", "vault", "auth", "enable", "kubernetes"],
+        ctx,
+        env={"VAULT_TOKEN": root_token},
+        check=False,
+    )
+    # Configura kubernetes auth
+    run_cmd(
+        [
+            "kubectl", "-n", vault_ns, "exec", "vault-0", "--",
+            "sh", "-c",
+            "vault write auth/kubernetes/config " +
+            "kubernetes_host=https://$KUBERNETES_PORT_443_TCP_ADDR:443"
+        ],
+        ctx,
+        env={"VAULT_TOKEN": root_token},
+    )
+    typer.secho("✓ Autenticação Kubernetes configurada.", fg=typer.colors.GREEN)
+def _create_eso_policy_and_role(ctx: ExecutionContext, vault_ns: str, root_token: str, eso_ns: str) -> None:
+    """Cria policy e role para External Secrets Operator."""
+    typer.echo("\nCriando policy e role para ESO...")
+    # Policy para ler todos os secrets
+    policy = """path "secret/data/*" {
+  capabilities = ["read"]
+}"""
+    run_cmd(
+        ["kubectl", "-n", vault_ns, "exec", "vault-0", "--", "vault", "policy", "write", "eso-policy", "-"],
+        ctx,
+        env={"VAULT_TOKEN": root_token},
+        input=policy,
+    )
+    # Role vinculando serviceaccount do ESO
+    run_cmd(
+        [
+            "kubectl", "-n", vault_ns, "exec", "vault-0", "--",
+            "vault", "write", "auth/kubernetes/role/eso-role",
+            "bound_service_account_names=external-secrets",
+            f"bound_service_account_namespaces={eso_ns}",
+            "policies=eso-policy",
+            "ttl=24h"
+        ],
+        ctx,
+        env={"VAULT_TOKEN": root_token},
+    )
+    typer.secho("✓ Policy 'eso-policy' e role 'eso-role' criadas.", fg=typer.colors.GREEN)
+def _create_secretstore_example(ctx: ExecutionContext, vault_ns: str, eso_ns: str, node_ip: str) -> None:
+    """Cria exemplo de ClusterSecretStore e ExternalSecret."""
+    typer.echo("\nCriando exemplo de ClusterSecretStore...")
+    secretstore_yaml = f"""apiVersion: external-secrets.io/v1beta1
+kind: ClusterSecretStore
+metadata:
+  name: vault-backend
+spec:
+  provider:
+    vault:
+      server: "http://vault.{vault_ns}.svc.cluster.local:8200"
+      path: "secret"
+      version: "v2"
+      auth:
+        kubernetes:
+          mountPath: "kubernetes"
+          role: "eso-role"
+          serviceAccountRef:
+            name: "external-secrets"
+            namespace: "{eso_ns}"
+"""
+    secretstore_path = Path("/tmp/raijin-vault-secretstore.yaml")
+    write_file(secretstore_path, secretstore_yaml, ctx)
+    run_cmd(
+        ["kubectl", "apply", "-f", str(secretstore_path)],
+        ctx,
+    )
+    typer.secho("✓ ClusterSecretStore 'vault-backend' criado.", fg=typer.colors.GREEN)
+def _create_example_secret(ctx: ExecutionContext, vault_ns: str, root_token: str) -> None:
+    """Cria um secret de exemplo no Vault."""
+    typer.echo("\nCriando secret de exemplo no Vault...")
+    run_cmd(
+        [
+            "kubectl", "-n", vault_ns, "exec", "vault-0", "--",
+            "vault", "kv", "put", "secret/example",
+            "username=admin",
+            "password=supersecret123"
+        ],
+        ctx,
+        env={"VAULT_TOKEN": root_token},
+    )
+    typer.secho("✓ Secret 'secret/example' criado no Vault.", fg=typer.colors.GREEN)
+    # Cria ExternalSecret de exemplo
+    external_secret_yaml = """apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: example-secret
+  namespace: default
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: vault-backend
+    kind: ClusterSecretStore
+  target:
+    name: example-secret
+    creationPolicy: Owner
+  data:
+  - secretKey: username
+    remoteRef:
+      key: secret/example
+      property: username
+  - secretKey: password
+    remoteRef:
+      key: secret/example
+      property: password
+"""
+    external_secret_path = Path("/tmp/raijin-vault-externalsecret.yaml")
+    write_file(external_secret_path, external_secret_yaml, ctx)
+    run_cmd(
+        ["kubectl", "apply", "-f", str(external_secret_path)],
+        ctx,
+    )
+    typer.secho("✓ ExternalSecret 'example-secret' criado no namespace default.", fg=typer.colors.GREEN)
+    # Aguarda sincronização
+    time.sleep(5)
+    # Verifica se o Secret foi criado
+    result = run_cmd(
+        ["kubectl", "-n", "default", "get", "secret", "example-secret"],
+        ctx,
+        check=False,
+    )
+    if result.returncode == 0:
+        typer.secho("\n✓ Secret sincronizado com sucesso! Teste com:", fg=typer.colors.GREEN)
+        typer.echo("  kubectl -n default get secret example-secret -o yaml")
 def run(ctx: ExecutionContext) -> None:
@@ -159,69 +381,132 @@ def run(ctx: ExecutionContext) -> None:
     ensure_tool("kubectl", ctx, install_hint="Instale kubectl ou habilite dry-run.")
     ensure_tool("helm", ctx, install_hint="Instale helm ou habilite dry-run.")
-    typer.echo("Instalando sealed-secrets e external-secrets...")
+    typer.echo("Instalando HashiCorp Vault + External Secrets Operator...")
-    sealed_ns = typer.prompt("Namespace para sealed-secrets", default=SEALED_NAMESPACE)
-    eso_ns = typer.prompt("Namespace para external-secrets", default=ESO_NAMESPACE)
+    vault_ns = typer.prompt("Namespace para Vault", default=VAULT_NAMESPACE)
+    eso_ns = typer.prompt("Namespace para External Secrets", default=ESO_NAMESPACE)
     node_name = _detect_node_name(ctx)
+    # Detecta IP do node para acesso ao MinIO
+    result = run_cmd(
+        ["kubectl", "get", "nodes", "-o", "jsonpath={.items[0].status.addresses[?(@.type=='InternalIP')].address}"],
+        ctx,
+        check=False,
+    )
+    node_ip = result.stdout.strip() if result.returncode == 0 else "192.168.1.81"
+    minio_host = typer.prompt("MinIO host", default=f"{node_ip}:30900")
+    access_key, secret_key = _get_minio_credentials(ctx)
-    # sealed-secrets
-    typer.secho("\n== Sealed Secrets ==", fg=typer.colors.CYAN, bold=True)
+    # ========== HashiCorp Vault ==========
+    typer.secho("\n== HashiCorp Vault ==", fg=typer.colors.CYAN, bold=True)
-    # Prompt opcional de limpeza
-    if _check_existing_sealed_secrets(ctx, sealed_ns):
+    if _check_existing_vault(ctx, vault_ns):
         cleanup = typer.confirm(
-            "Instalacao anterior do Sealed Secrets detectada. Limpar antes de reinstalar?",
+            "Instalacao anterior do Vault detectada. Limpar antes de reinstalar?",
             default=False,
         )
         if cleanup:
-            _uninstall_sealed_secrets(ctx, sealed_ns)
+            _uninstall_vault(ctx, vault_ns)
-    sealed_values_yaml = f"""tolerations:
-  - key: node-role.kubernetes.io/control-plane
-    operator: Exists
-    effect: NoSchedule
-  - key: node-role.kubernetes.io/master
-    operator: Exists
-    effect: NoSchedule
-nodeSelector:
-  kubernetes.io/hostname: {node_name}
-resources:
-  requests:
-    memory: 64Mi
-    cpu: 50m
-  limits:
-    memory: 128Mi
+    # Cria bucket no MinIO para Vault storage
+    typer.echo("\nCriando bucket 'vault-storage' no MinIO...")
+    run_cmd(
+        [
+            "mc", "mb", "--ignore-existing",
+            f"minio/vault-storage"
+        ],
+        ctx,
+        check=False,
+    )
+    vault_values_yaml = f"""server:
+  ha:
+    enabled: true
+    replicas: 1
+    raft:
+      enabled: false
+  standalone:
+    enabled: true
+    config: |
+      ui = true
+      listener "tcp" {{
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }}
+      storage "s3" {{
+        endpoint = "http://{minio_host}"
+        bucket = "vault-storage"
+        access_key = "{access_key}"
+        secret_key = "{secret_key}"
+        s3_force_path_style = true
+      }}
+      api_addr = "http://vault.{vault_ns}.svc.cluster.local:8200"
+      cluster_addr = "http://vault-0.vault-internal:8201"
+  tolerations:
+    - key: node-role.kubernetes.io/control-plane
+      operator: Exists
+      effect: NoSchedule
+    - key: node-role.kubernetes.io/master
+      operator: Exists
+      effect: NoSchedule
+  nodeSelector:
+    kubernetes.io/hostname: {node_name}
+  resources:
+    requests:
+      memory: 256Mi
+      cpu: 250m
+    limits:
+      memory: 512Mi
+ui:
+  enabled: true
+  serviceType: "NodePort"
+  serviceNodePort: 30820
+injector:
+  enabled: false
 """
-    sealed_values_path = Path("/tmp/raijin-sealed-secrets-values.yaml")
-    write_file(sealed_values_path, sealed_values_yaml, ctx)
+    vault_values_path = Path("/tmp/raijin-vault-values.yaml")
+    write_file(vault_values_path, vault_values_yaml, ctx)
     helm_upgrade_install(
-        "sealed-secrets",
-        "sealed-secrets",
-        sealed_ns,
+        "vault",
+        "vault",
+        vault_ns,
         ctx,
-        repo="bitnami-labs",
-        repo_url="https://bitnami-labs.github.io/sealed-secrets",
+        repo="hashicorp",
+        repo_url="https://helm.releases.hashicorp.com",
         create_namespace=True,
-        extra_args=["-f", str(sealed_values_path)],
+        extra_args=["-f", str(vault_values_path)],
     )
     if not ctx.dry_run:
-        _wait_for_sealed_secrets_ready(ctx, sealed_ns)
-    typer.echo(
-        "Para criar sealed-secrets a partir do seu desktop, exporte o certificado publico e use kubeseal."
-    )
-    if typer.confirm("Exportar certificado publico agora?", default=True):
-        _export_sealed_cert(sealed_ns, ctx)
+        _wait_for_pods_ready(ctx, vault_ns, "app.kubernetes.io/name=vault", timeout=180)
+        # Inicializa Vault
+        root_token, unseal_keys = _initialize_vault(ctx, vault_ns, node_ip)
+        # Destrava Vault
+        _unseal_vault(ctx, vault_ns, unseal_keys)
+        # Configura Vault
+        _enable_kv_secrets(ctx, vault_ns, root_token)
+        _configure_kubernetes_auth(ctx, vault_ns, root_token)
-    # external-secrets
+    # ========== External Secrets Operator ==========
     typer.secho("\n== External Secrets Operator ==", fg=typer.colors.CYAN, bold=True)
-    # Prompt opcional de limpeza
     if _check_existing_external_secrets(ctx, eso_ns):
         cleanup = typer.confirm(
             "Instalacao anterior do External Secrets detectada. Limpar antes de reinstalar?",
@@ -282,12 +567,48 @@ resources:
         extra_args=["-f", str(eso_values_path)],
     )
-    typer.secho("\n✓ Secrets management instalado com sucesso.", fg=typer.colors.GREEN, bold=True)
-    typer.echo(
-        "\nExternal Secrets Operator instalado. Configure um SecretStore/ClusterSecretStore conforme seu provedor (AWS/GCP/Vault)."
-    )
+    if not ctx.dry_run:
+        _wait_for_pods_ready(ctx, eso_ns, "app.kubernetes.io/name=external-secrets", timeout=120)
+        # Configura integração Vault + ESO
+        _create_eso_policy_and_role(ctx, vault_ns, root_token, eso_ns)
+        _create_secretstore_example(ctx, vault_ns, eso_ns, node_ip)
+        _create_example_secret(ctx, vault_ns, root_token)
-    typer.secho("\nDicas rapidas:", fg=typer.colors.GREEN)
-    typer.echo(f"- Gere sealed-secrets localmente: kubeseal --controller-namespace {sealed_ns} --controller-name sealed-secrets < secret.yaml > sealed.yaml")
-    typer.echo("- Para ESO: crie um SecretStore apontando para seu backend e um ExternalSecret referenciando os keys.")
+    typer.secho("\n✓ Vault + External Secrets Operator instalado com sucesso!", fg=typer.colors.GREEN, bold=True)
+    typer.secho("\n=== Acesso ao Vault UI ===", fg=typer.colors.CYAN)
+    typer.echo(f"URL: http://{node_ip}:30820")
+    typer.echo(f"Token: {root_token if not ctx.dry_run else '<root-token>'}")
+    typer.secho("\n=== Como usar ===", fg=typer.colors.CYAN)
+    typer.echo("1. Criar segredo no Vault:")
+    typer.echo(f"   kubectl -n {vault_ns} exec vault-0 -- vault kv put secret/myapp username=admin password=secret123")
+    typer.echo("\n2. Criar ExternalSecret:")
+    typer.echo("   kubectl apply -f - <<EOF")
+    typer.echo("   apiVersion: external-secrets.io/v1beta1")
+    typer.echo("   kind: ExternalSecret")
+    typer.echo("   metadata:")
+    typer.echo("     name: myapp-secret")
+    typer.echo("   spec:")
+    typer.echo("     secretStoreRef:")
+    typer.echo("       name: vault-backend")
+    typer.echo("       kind: ClusterSecretStore")
+    typer.echo("     target:")
+    typer.echo("       name: myapp-secret")
+    typer.echo("     data:")
+    typer.echo("     - secretKey: username")
+    typer.echo("       remoteRef:")
+    typer.echo("         key: secret/myapp")
+    typer.echo("         property: username")
+    typer.echo("   EOF")
+    typer.echo("\n3. Secret será sincronizado automaticamente!")
+    typer.echo("   kubectl get secret myapp-secret -o yaml")
+    typer.secho("\n⚠️  IMPORTANTE:", fg=typer.colors.YELLOW, bold=True)
+    typer.echo(f"- Root token e unseal keys salvos em: /etc/vault/keys.json")
+    typer.echo("- Faça backup dessas keys em local seguro!")
+    typer.echo("- Após reboot do Vault, use: kubectl -n vault exec vault-0 -- vault operator unseal")

{raijin_server-0.3.4.dist-info → raijin_server-0.3.6.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: raijin-server
-Version: 0.3.4
+Version: 0.3.6
 Summary: CLI para automacao de setup e hardening de servidores Ubuntu Server.
 Home-page: https://example.com/raijin-server
 Author: Equipe Raijin

{raijin_server-0.3.4.dist-info → raijin_server-0.3.6.dist-info}/RECORD RENAMED Viewed

@@ -1,19 +1,20 @@
-raijin_server/__init__.py,sha256=PxBToT7REJri8rHFGLoeIfEApLUM9TrOogmxCLdnomI,94
-raijin_server/cli.py,sha256=rqkAQCU5imi52YJCIeEuZqWo8bWYkVErOQh3JpKIDok,38149
+raijin_server/__init__.py,sha256=DizNqR7krrm4UEAK6a2xeOG3wuV7xlSekBC-mCSHadw,94
+raijin_server/cli.py,sha256=74ZqEPhg9R9jxNFZRV37CHrwm-dBKmYdT_MxdK4FKKA,37585
 raijin_server/config.py,sha256=QNiEVvrbW56XgvNn5-h3bkJm46Xc8mjNqPbvixXD8N0,4829
 raijin_server/healthchecks.py,sha256=lzXdFw6S0hOYbUKbqksh4phb04lXgXdTspP1Dsz4dx8,15401
 raijin_server/module_manager.py,sha256=Wmhj603CN0XGUVr7_Fo8CHzKd9yIbS9x5BJLqDj78kw,10259
 raijin_server/utils.py,sha256=9RnGnPoUTYOpMVRLNa4P4lIQrJNQLkSkPUxycZRGv78,20827
 raijin_server/validators.py,sha256=EATYPy2pllAb6IX4gUZKnELvospWwyGV3DHrzxb_RMg,11761
-raijin_server/modules/__init__.py,sha256=ojxAdnJfXifNUVa4WuLVh97jHqeVzIi6DZ_fAtXB9tM,984
+raijin_server/modules/__init__.py,sha256=BCTLuNtmvn8IWqGNQZQBRokqAv-KwUZP4_kyxkyHyN4,896
 raijin_server/modules/apokolips_demo.py,sha256=8ltsXRbVDwlDwLMIvh02NG-FeAfBWw_v6lh7IGOyNqs,13725
 raijin_server/modules/bootstrap.py,sha256=oVIGNRW_JbgY8zXNHGAIP0vGbbHNHyQexthxo5zhbcw,9762
 raijin_server/modules/calico.py,sha256=TTPF1bLFdAKb3IVOqFqRxNblULkRmMMRylsIBp4w8I8,6700
 raijin_server/modules/cert_manager.py,sha256=XkFlXJjiP4_9It_PJaFcVYMS-QKTzzFAt839QQ9qNsg,50223
 raijin_server/modules/essentials.py,sha256=2xUXCyCQtFGd2DnCKV81N1R6bEJqH8zaet8mLovtQ1I,689
 raijin_server/modules/firewall.py,sha256=h6AISqiZeTinVT7BjmQIS872qRAFZJLg7meqlth3cfw,757
-raijin_server/modules/full_install.py,sha256=xiKe2GLuZ97c4YdTmhP-kwDVuJJ9Xq3dlgcLlqSPeYM,15518
+raijin_server/modules/full_install.py,sha256=M4SV4OA-r41xhpMmZQvUieRugiq0faLa4f0N499ksd4,15035
 raijin_server/modules/grafana.py,sha256=8YbKG-UL19lwTkH1-ZxpUetOZd-CLI4_kPsuZblNaWI,18080
+raijin_server/modules/harbor.py,sha256=ix0qnu_FugzbFnnTRZ3Dyy6UmKdm3nD0ubZ4SZYHkWE,21940
 raijin_server/modules/hardening.py,sha256=4hz3ifkMhPlXa2n7gPxN0gitQgzALZ-073vuU3LM4RI,1616
 raijin_server/modules/harness.py,sha256=uWTxTVJlY_VB6xi4ftMtTSaIb96HA8WJQS-RbyxU45M,5391
 raijin_server/modules/internal_dns.py,sha256=Jynngq0TEEUo3jkAR4m8F1ihF10rkQuKHVP-gZYyDFY,15191
@@ -25,11 +26,9 @@ raijin_server/modules/loki.py,sha256=fRoXNghwffW6afE_a3sKMhjPJ9DIWhGMTTPM-ltNr2E
 raijin_server/modules/metallb.py,sha256=uUuklc_RsQ-W2qDVRMQAxQm9HKGEqso444b1IwBpM6w,8554
 raijin_server/modules/minio.py,sha256=ZoxugJvvuGLzViDfEzrVCRZUevoiFwcEy0PNyn0My4w,18918
 raijin_server/modules/network.py,sha256=QRlYdcryCCPAWG3QQ_W7ld9gJgETI7H8gwntOU7UqFE,4818
-raijin_server/modules/observability_dashboards.py,sha256=fVz0WEOQrUTF5rJ__Nu_onyBuwL_exFmysWMmg8AE9w,7319
-raijin_server/modules/observability_ingress.py,sha256=S4MtJKahiZ1qSx0P71P3IhKvq4RY-g01Z4IogW3c1hs,7045
 raijin_server/modules/prometheus.py,sha256=lyhaqLIfMl0GtQ2b2Hre7_A47HrHBB5gspmnWtwXZ4Y,21880
 raijin_server/modules/sanitize.py,sha256=_RnWn1DUuNrzx3NnKEbMvf5iicgjiN_ubwT59e0rYWY,6040
-raijin_server/modules/secrets.py,sha256=d4j12feQL8m_4-hYN5FfboQHvBc75TFeGno3OzrXokE,9266
+raijin_server/modules/secrets.py,sha256=C5k10ODo6Ai_e6Ei-JiWTOa-cOh-5d2__PhTQA0UmjI,19452
 raijin_server/modules/ssh_hardening.py,sha256=Zd0dlylUBr01SkrI1CS05-0DB9xIto5rWH1bUVs80ow,5422
 raijin_server/modules/traefik.py,sha256=omziywss4o-8t64Kj-upLqbXdFYm2JwqOoOukDUmqxY,5008
 raijin_server/modules/velero.py,sha256=yDtqd6yUu0L5wzLCjYXqvvxB_RyaAoZtntb6HoHVAOo,5642
@@ -40,9 +39,9 @@ raijin_server/scripts/checklist.sh,sha256=j6E0Kmk1EfjLvKK1VpCqzXJAXI_7Bm67LK4ndy
 raijin_server/scripts/install.sh,sha256=Y1ickbQ4siQ0NIPs6UgrqUr8WWy7U0LHmaTQbEgavoI,3949
 raijin_server/scripts/log_size_metric.sh,sha256=Iv4SsX8AuCYRou-klYn32mX41xB6j0xJGLBO6riw4rU,1208
 raijin_server/scripts/pre-deploy-check.sh,sha256=XqMo7IMIpwUHF17YEmU0-cVmTDMoCGMBFnmS39FidI4,4912
-raijin_server-0.3.4.dist-info/licenses/LICENSE,sha256=kJsMCjOiRZE0AQNtxWqBa32z9kMAaF4EUxyHj3hKaJo,1105
-raijin_server-0.3.4.dist-info/METADATA,sha256=pwLU_oSjSgh599AadAEAoyH-UOVQBs9mhQZef-Bcnzk,8829
-raijin_server-0.3.4.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
-raijin_server-0.3.4.dist-info/entry_points.txt,sha256=3ZvxDX4pvcjkIRsXAJ69wIfVmKa78LKo-C3QhqN2KVM,56
-raijin_server-0.3.4.dist-info/top_level.txt,sha256=Yz1xneCRtsZOzbPIcTAcrSxd-1p80pohMXYAZ74dpok,14
-raijin_server-0.3.4.dist-info/RECORD,,
+raijin_server-0.3.6.dist-info/licenses/LICENSE,sha256=kJsMCjOiRZE0AQNtxWqBa32z9kMAaF4EUxyHj3hKaJo,1105
+raijin_server-0.3.6.dist-info/METADATA,sha256=egpj4eEFQ3JJAA-bT3Iz5ebOc57e5JpyuQ2a8-ruAD4,8829
+raijin_server-0.3.6.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
+raijin_server-0.3.6.dist-info/entry_points.txt,sha256=3ZvxDX4pvcjkIRsXAJ69wIfVmKa78LKo-C3QhqN2KVM,56
+raijin_server-0.3.6.dist-info/top_level.txt,sha256=Yz1xneCRtsZOzbPIcTAcrSxd-1p80pohMXYAZ74dpok,14
+raijin_server-0.3.6.dist-info/RECORD,,

raijin-server 0.3.4__py3-none-any.whl → 0.3.6__py3-none-any.whl

Potentially problematic release.

raijin-server 0.3.4py3-none-any.whl → 0.3.6py3-none-any.whl