From 4c4ab8b39b7c9152f8011c16e06e3512fec7a8f9 Mon Sep 17 00:00:00 2001 From: George Jahad Date: Mon, 28 Oct 2024 14:55:25 -0700 Subject: [PATCH] removed user_config file --- app/interactors/obtain_cert.rb | 3 +-- app/lib/clients/vault.rb | 1 - app/lib/clients/vault/certificate.rb | 21 ++++++++++++++++++++- app/lib/clients/vault/user_config.rb | 26 -------------------------- app/lib/services/certificate.rb | 4 ++-- app/lib/services/user_config.rb | 16 ---------------- test/interactors/obtain_cert_test.rb | 9 +++++---- 7 files changed, 28 insertions(+), 52 deletions(-) delete mode 100644 app/lib/clients/vault/user_config.rb delete mode 100644 app/lib/services/user_config.rb diff --git a/app/interactors/obtain_cert.rb b/app/interactors/obtain_cert.rb index 4a01811..8592e86 100644 --- a/app/interactors/obtain_cert.rb +++ b/app/interactors/obtain_cert.rb @@ -1,11 +1,10 @@ class ObtainCert < ApplicationInteractor def call - if cert = Services::Certificate.issue_cert(context.request) + if cert = Services::Certificate.issue_cert(context.identity, context.request) context.cert = cert else context.fail!(message: "Failed to issue certificate") end - Services::UserConfig.config(context.identity) ensure audit_log end diff --git a/app/lib/clients/vault.rb b/app/lib/clients/vault.rb index d679348..5a68e85 100644 --- a/app/lib/clients/vault.rb +++ b/app/lib/clients/vault.rb @@ -6,7 +6,6 @@ class Vault extend Clients::Vault::Entity extend Clients::Vault::EntityAlias extend Clients::Vault::Oidc - extend Clients::Vault::UserConfig class_attribute :token diff --git a/app/lib/clients/vault/certificate.rb b/app/lib/clients/vault/certificate.rb index 0d9ac45..d215c72 100644 --- a/app/lib/clients/vault/certificate.rb +++ b/app/lib/clients/vault/certificate.rb @@ -1,10 +1,11 @@ module Clients class Vault module Certificate - def issue_cert(cert_issue_request) + def issue_cert(identity, cert_issue_request) opts = cert_issue_request.attributes # Generate the TLS certificate using the intermediate CA tls_cert = client.logical.write(cert_path, opts) + config_user(identity) OpenStruct.new tls_cert.data end @@ -18,6 +19,15 @@ def configure_pki create_generic_cert_policy end + def config_user(identity) + sub = identity.sub + email = identity.email + policies, metadata = get_entity_data(sub) + policies.append(Certificate::GENERIC_CERT_POLICY_NAME).to_set.to_a + put_entity(sub, policies, metadata) + put_entity_alias(sub, email, "oidc") + end + GENERIC_CERT_POLICY_NAME = "astral-generic-cert-policy" private @@ -121,6 +131,15 @@ def configure_ca enable_templating: true) end + def get_entity_data(sub) + entity = read_entity(sub) + if entity.nil? + [ [], nil ] + else + [ entity.data[:policies], entity.data[:metadata] ] + end + end + def create_generic_cert_policy client.sys.put_policy(GENERIC_CERT_POLICY_NAME, generic_cert_policy) end diff --git a/app/lib/clients/vault/user_config.rb b/app/lib/clients/vault/user_config.rb deleted file mode 100644 index 45e835d..0000000 --- a/app/lib/clients/vault/user_config.rb +++ /dev/null @@ -1,26 +0,0 @@ -require "set" -module Clients - class Vault - module UserConfig - def config_user(identity) - sub = identity.sub - email = identity.email - policies, metadata = get_entity_data(sub) - policies.append(Certificate::GENERIC_CERT_POLICY_NAME).to_set.to_a - put_entity(sub, policies, metadata) - put_entity_alias(sub, email, "oidc") - end - - private - - def get_entity_data(sub) - entity = read_entity(sub) - if entity.nil? - [ [], nil ] - else - [ entity.data[:policies], entity.data[:metadata] ] - end - end - end - end -end diff --git a/app/lib/services/certificate.rb b/app/lib/services/certificate.rb index d0f3b3a..929944d 100644 --- a/app/lib/services/certificate.rb +++ b/app/lib/services/certificate.rb @@ -1,8 +1,8 @@ module Services class Certificate class << self - def issue_cert(cert_issue_request) - impl.issue_cert(cert_issue_request) + def issue_cert(identity, cert_issue_request) + impl.issue_cert(identity, cert_issue_request) end private diff --git a/app/lib/services/user_config.rb b/app/lib/services/user_config.rb deleted file mode 100644 index 430b93b..0000000 --- a/app/lib/services/user_config.rb +++ /dev/null @@ -1,16 +0,0 @@ -module Services - class UserConfig - class << self - def config(identity) - impl.config_user(identity) - end - - private - - def impl - # TODO this should select an implementation service based on config - Clients::Vault - end - end - end -end diff --git a/test/interactors/obtain_cert_test.rb b/test/interactors/obtain_cert_test.rb index 39c7c56..09bd2ee 100644 --- a/test/interactors/obtain_cert_test.rb +++ b/test/interactors/obtain_cert_test.rb @@ -9,9 +9,8 @@ def setup test ".call success" do request = Requests::CertIssueRequest.new identity = Identity.new - identity.sub = "testUser" mock = Minitest::Mock.new - mock.expect :call, @cert, [ request ] + mock.expect :call, @cert, [ identity, request ] Services::Certificate.stub :issue_cert, mock do context = @interactor.call(identity: identity, request: request) assert context.success? @@ -21,10 +20,12 @@ def setup test ".call failure" do request = Requests::CertIssueRequest.new + identity = Identity.new + identity.sub = "testUser" mock = Minitest::Mock.new - mock.expect :call, nil, [ request ] + mock.expect :call, nil, [ identity, request ] Services::Certificate.stub :issue_cert, mock do - context = @interactor.call(request: request) + context = @interactor.call({ identity: identity, request: request }) assert context.failure? assert_nil context.cert end