Class: Sambot::Testing::VaultHelper
- Inherits:
-
Object
- Object
- Sambot::Testing::VaultHelper
- Defined in:
- lib/sambot/testing/vault_helper.rb
Constant Summary collapse
- VAULT_CONFIG_BINARY =
'vault-config'
- WORKING_DIR =
'/tmp/sambot/testing/vault'
- VAULT_POLICIES_REPO =
'[email protected]:ads-devops/vault-policies.git'
- VAULT_ADDRESS =
'http://127.0.0.1:8200'
- BOOTSTRAP_TOKEN_ROLE =
'nightswatch-ro'
- BOOTSTRAP_TOKEN_TTL =
'72h'
- BOOTSTRAP_TOKEN =
'root'
- BOOTSTRAP_TOKEN_POLICIES =
['nightswatch-ro']
Class Method Summary collapse
- .configure ⇒ Object
- .generate_wrapped_token ⇒ Object
- .load_secrets(config, src = 'local_testing') ⇒ Object
- .read_field(path, key) ⇒ Object
- .read_path(path) ⇒ Object
- .setup ⇒ Object
Class Method Details
.configure ⇒ Object
22 23 24 25 26 27 28 |
# File 'lib/sambot/testing/vault_helper.rb', line 22 def configure ::Vault.configure do |config| config.address = VAULT_ADDRESS config.token = BOOTSTRAP_TOKEN config.ssl_verify = false end end |
.generate_wrapped_token ⇒ Object
30 31 32 33 34 35 36 37 38 39 |
# File 'lib/sambot/testing/vault_helper.rb', line 30 def generate_wrapped_token configure token = '' begin wrap_info = Vault.auth_token.create('wrap_ttl': BOOTSTRAP_TOKEN_TTL, role: BOOTSTRAP_TOKEN_ROLE, policies: BOOTSTRAP_TOKEN_POLICIES).wrap_info token = wrap_info.token rescue end token end |
.load_secrets(config, src = 'local_testing') ⇒ Object
57 58 59 60 61 62 63 64 65 66 |
# File 'lib/sambot/testing/vault_helper.rb', line 57 def load_secrets(config, src = 'local_testing') UI.info('Reading secrets from the configuration file') secrets = merge_wrapper_cookbook_secrets(config.dependencies, config.secrets) if secrets.nil? || secrets.empty? UI.info('No secrets were found in the secrets configuration file') return 0 else store_secrets(secrets, src) end end |
.read_field(path, key) ⇒ Object
73 74 75 76 |
# File 'lib/sambot/testing/vault_helper.rb', line 73 def read_field(path, key) configure Vault.logical.read(path, key) end |
.read_path(path) ⇒ Object
68 69 70 71 |
# File 'lib/sambot/testing/vault_helper.rb', line 68 def read_path(path) configure Vault.logical.read(path) end |
.setup ⇒ Object
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
# File 'lib/sambot/testing/vault_helper.rb', line 41 def setup FileUtils.rm_r(WORKING_DIR) if Dir.exist?(WORKING_DIR) FileUtils.mkpath WORKING_DIR UI.info("Created #{WORKING_DIR}") Dir.chdir WORKING_DIR do UI.info('Cloning the Vault policies for inclusion into the Vault Docker instance') `git clone --depth=1 --single-branch -q #{VAULT_POLICIES_REPO}` Dir.chdir 'vault-policies/dev/vault-config' do FS.copy(VAULT_CONFIG_BINARY) UI.info('Applying the Vault policies') `VC_VAULT_ADDR=#{VAULT_ADDRESS} VC_VAULT_TOKEN=#{BOOTSTRAP_TOKEN} ./#{VAULT_CONFIG_BINARY} config` UI.info('The Vault policies have been applied') end end end |