Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pack update #25

Merged
merged 3 commits into from
Sep 7, 2023
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
# This is base configuration. These owners could review the
# changes in all files in this repository.
* @cognifloyd
* @nzlosh
arm4b marked this conversation as resolved.
Show resolved Hide resolved
arm4b marked this conversation as resolved.
Show resolved Hide resolved

# CI configuration files should be reviewed by specific owners
# who are more responsible for ensuring the quality of this pack
Expand Down
20 changes: 9 additions & 11 deletions .github/workflows/build_and_test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,14 +12,15 @@ jobs:
# StackStorm-Exchange/ci/.github/workflows/pack-build_and_test.yaml@master

build_and_test:
runs-on: ubuntu-latest
runs-on: ubuntu-20.04
name: 'Build and Test / Python ${{ matrix.python-version-short }}'
strategy:
matrix:
include:
- python-version-short: "3.6"
python-version: 3.6.13
vault-version: 1.5.9
- python-version-short: "3.8"
arm4b marked this conversation as resolved.
Show resolved Hide resolved
python-version: 3.8.17
vault-version: "1.12.5-1"
hvac-gh-tag: "v1.1.1"
steps:
- name: Checkout Pack Repo and CI Repos
uses: StackStorm-Exchange/ci/.github/actions/checkout@master
Expand All @@ -30,7 +31,7 @@ jobs:
path: hvac
repository: hvac/hvac
# main = the release branch; devel = the active development branch
ref: main
ref: ${{ matrix.hvac-gh-tag }}
fetch-depth: 0

- name: Install APT Dependencies
Expand All @@ -50,7 +51,7 @@ jobs:
working-directory: pack
shell: bash
run: |
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/hashicorp.gpg
echo "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" \
| sudo tee /etc/apt/sources.list.d/hashicorp.list

Expand All @@ -59,10 +60,7 @@ jobs:
-o APT::Get::List-Cleanup="0" \
-o Dir::Etc::sourcelist="sources.list.d/hashicorp.list"

sudo apt install \
consul \
vault=${{ matrix.vault-version }} \
;
sudo apt install consul vault=${{ matrix.vault-version }}

# We disble cap_ipc_lock here as its generally incompatabile with GitHub
# Actions' runtime environments.
Expand Down Expand Up @@ -99,7 +97,7 @@ jobs:

services:
mongo:
image: mongo:3.4
image: mongo:4.4
ports:
- 27017:27017
rabbitmq:
Expand Down
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -94,3 +94,6 @@ ENV/

# Rope project settings
.ropeproject

# pack2md backup file
README.md.bak
13 changes: 12 additions & 1 deletion CHANGES.md
Original file line number Diff line number Diff line change
@@ -1,8 +1,19 @@
# Change Log

## 2.0.0

- Add action to generate secrets.
- Add profile support to pack to define multiple Vault end-points.
- Updated README with full list of available actions.
- Fixes TLS support for server and client certificates.
- Updated HVAC python module dependency v1.1.0
- Added token revoke action.
- Updated all actions to use profile name.
- Moved from Python 3.6 to 3.8 to support newer version of Vault.

## 1.0.0

* Drop Python 2.7 support
- Drop Python 2.7 support

## 0.6.0

Expand Down
141 changes: 141 additions & 0 deletions README.jinja
Original file line number Diff line number Diff line change
@@ -0,0 +1,141 @@
# {{ pack["pack.yaml"].name | capitalize }} Integration Pack
_{{ pack["pack.yaml"].description }}_

*Author:* {{ pack["pack.yaml"].author }} <{{ pack["pack.yaml"].email }}>

## Maintainers
Active pack maintainers with review & write repository access and expertise with vault:
* Jacob Floyd ([@cognifloyd](https://github.com/cognifloyd)) <[email protected]> Copart
* Carlos ([@nzlosh](https://github.com/nzlosh))

### Contributors
{% for contributor in pack["pack.yaml"].contributors -%}
- {{ contributor }}
{% endfor %}

{% if pack and pack["config.schema.yaml"] -%}
## Configuration

The following options are required to be configured for the pack to work correctly.

| Option | Type | Required | Secret | Description |
|---|---|---|---|---|
{% for key, value in pack["config.schema.yaml"].items() -%}
| `{{ key }}` | {{ value.type }} | {{ value.required }} | {{ value.secret | default("default") }} | _{{ value.description | default("Unavailable") }}_ |
{% if "array" == value.type -%}
{% if "object" == value.get("items").type -%}
{% for ik, iv in value.get("items").properties.items() -%}
| - `{{ ik }}` | {{ iv.type }} | {{ iv.required }} | {{ iv.secret | default("default") }} | _{{ iv.description | default("Unavailable") }}_ |
{% endfor -%}
{% else -%}
| | {{ value.get("items").type }} | | | list of items |
{% endif -%}
{% endif -%}
{% endfor -%}

{% endif %}

## Actions

{% if actions | length > 0 %}
The pack provides the following actions:

{% for key, value in actions.items() -%}
### {{ value.name }}
_{{ value.description }}_
{% if "parameters" in value -%}
| Parameter | Type | Required | Secret | Description |
|---|---|---|---|---|
{% for p_key, p_value in value.parameters.items() -%}
{% if "array" == p_value.type -%}
{% if p_value.get("items").type == "object" -%}
{% for a_k, a_v in p_value.get("items").properties.items() -%}
| - `{{ a_k }}` | {{ a_v.type | default("n/a") }} | {{ a_v.required | default("default") }} | {{ a_v.secret | default("default") }} | _{{ a_v.description | default("Unavailable") }}_ |
{% endfor %}
{% else -%}
| Items are of type | {{ p_value.items.type }} ||||
{% endif -%}
{% endif -%}
| `{{ p_key }}` | {{ p_value.type | default("n/a") }} | {{ p_value.required | default("default") }} | {{ p_value.secret | default("default") }} | _{{ p_value.description | default("Unavailable") }}_ |
{% endfor -%}
{% endif %}

{% endfor %}
{% else %}
There are no actions available for this pack.
{% endif %}

### generate secret

This action is written to pre-populate keys with a random secret.

The following string sets are available

- ascii_letters
```abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ```
- ascii_lowercase
```abcdefghijklmnopqrstuvwxyz```
- ascii_uppercase
```ABCDEFGHIJKLMNOPQRSTUVWXYZ```
- digits
```0123456789```
- punctuation
```!"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~```
- printable
```0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~ \t\n\r\x0b\x0c```
- alphanumeric
```abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789```

### Update tactic

The update tactic controls how the action will update existing secrets. It's intended to ensure idempotence on multiple runs of the secret generation action. The currently supported tactics are:
- `overwrite`: Overwrite an existing secret.
- `refrain`: Do not overwrite an existing secret.

## Sensors
{% if sensors | length > 0 %}
The following sensors and triggers are provided:
{% for key, value in sensors.items() %}
### Class {{ value.class_name }}
_{{ value.description }}_

{% for trigger in value.trigger_types -%}
| Trigger Name | Description |
|---|---|
| `{{ trigger.name }}` | _{{ trigger.description | default("Unavailable") }}_ |
{% endfor %}


{% endfor %}
{% else %}
There are no sensors available for this pack.
{% endif %}

## Authentication methods

Authentication methods are defined per profile and are mutally exclusive. Only configure the
method that should be used.

### Supported
- approle
- token

### Unsupported
- app-id
- ali-cloud
- aws-iam # aka aws
- aws-ec2
- azure
- cert # aka tls
- gcp
- github
- jwt
- kubernetes
- ldap
- mfa
- oidc
- okta
- radius
- userpass

<sub>Documentation generated using [pack2md](https://github.com/nzlosh/pack2md)</sub>
Loading
Loading