Skip to content

Commit

Permalink
simpify config lookups with helper class which checks ENV first, then (
Browse files Browse the repository at this point in the history
…#44)

check ENV then astral.yml for configuration key
  • Loading branch information
suprjinx authored Oct 3, 2024
1 parent 0f6beb1 commit 7146eab
Show file tree
Hide file tree
Showing 11 changed files with 53 additions and 33 deletions.
2 changes: 1 addition & 1 deletion app/lib/audit_logger.rb
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
class AuditLogger < ActiveSupport::Logger
def initialize
super(Rails.configuration.astral[:audit_log_file])
super(Config[:audit_log_file])
self.formatter = AuditLogFormatter.new
end
end
10 changes: 5 additions & 5 deletions app/lib/clients/app_registry.rb
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,8 @@ def get_domain_info(fqdn)
private

def client
Faraday.new(ssl: ssl_opts, url: Rails.configuration.astral[:app_registry_addr]) do |faraday|
faraday.request :authorization, "Bearer", -> { Rails.configuration.astral[:app_registry_token] }
Faraday.new(ssl: ssl_opts, url: Config[:app_registry_addr]) do |faraday|
faraday.request :authorization, "Bearer", -> { Config[:app_registry_token] }
faraday.request :retry, retry_opts
faraday.response :json
faraday.response :raise_error, include_request: true
Expand All @@ -34,9 +34,9 @@ def convert(domain_info)

def ssl_opts
{
ca_file: Rails.configuration.astral[:app_registry_ca_file],
client_cert: Rails.configuration.astral[:app_registry_client_cert],
client_key: Rails.configuration.astral[:app_registry_client_key]
ca_file: Config[:app_registry_ca_file],
client_cert: Config[:app_registry_client_cert],
client_key: Config[:app_registry_client_key]
}
end

Expand Down
4 changes: 2 additions & 2 deletions app/lib/clients/vault.rb
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,11 @@ def client
end

def vault_address
Rails.configuration.astral[:vault_addr]
Config[:vault_addr]
end

def vault_token
Rails.configuration.astral[:vault_token]
Config[:vault_token]
end

def enable_engine(mount, type)
Expand Down
6 changes: 3 additions & 3 deletions app/lib/clients/vault/certificate.rb
Original file line number Diff line number Diff line change
Expand Up @@ -28,16 +28,16 @@ def cert_path
end

def create_root?
create_root_config = Rails.configuration.astral[:vault_create_root]
create_root_config = Config[:vault_create_root]
!!ActiveModel::Type::Boolean.new.cast(create_root_config)
end

def root_ca_ref
Rails.configuration.astral[:vault_root_ca_ref]
Config[:vault_root_ca_ref]
end

def root_ca_mount
Rails.configuration.astral[:vault_root_ca_mount]
Config[:vault_root_ca_mount]
end

def cert_engine_type
Expand Down
19 changes: 19 additions & 0 deletions app/lib/config.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
class Config
class << self
def get(key)
ENV[key.to_s.upcase] || Rails.configuration.astral[key.to_s.downcase.to_sym]
end

def set(key, value)
ENV[key.to_s.upcase] = value
end

def [](key)
get(key)
end

def []=(key, value)
set(key, value)
end
end
end
4 changes: 2 additions & 2 deletions app/lib/requests/cert_issue_request.rb
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ class CertIssueRequest
attribute :other_sans, :string
attribute :private_key_format, :string, default: "pem"
attribute :remove_roots_from_chain, :boolean, default: false
attribute :ttl, :integer, default: Rails.configuration.astral[:cert_ttl]
attribute :ttl, :integer, default: Config[:cert_ttl]
attribute :uri_sans, :string
attribute :ip_sans, :string
attribute :serial_number, :integer
Expand All @@ -24,7 +24,7 @@ class CertIssueRequest
validates :format, presence: true, inclusion: { in: %w[pem der pem_bundle] }
validates :private_key_format, presence: true, inclusion: { in: %w[pem der pkcs8] }
validates :ttl, numericality: {
less_than_or_equal_to: Rails.configuration.astral[:cert_ttl],
less_than_or_equal_to: Config[:cert_ttl],
greater_than: 0
}
validate :validate_no_wildcards
Expand Down
2 changes: 1 addition & 1 deletion app/lib/services/auth.rb
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ def authenticate!(token)

def decode(token)
# Decode a JWT access token using the configured base.
body = JWT.decode(token, Rails.configuration.astral[:jwt_signing_key])[0]
body = JWT.decode(token, Config[:jwt_signing_key])[0]
Identity.new(body)
rescue => e
Rails.logger.warn "Unable to decode token: #{e}"
Expand Down
27 changes: 14 additions & 13 deletions config/astral.yml
Original file line number Diff line number Diff line change
@@ -1,26 +1,27 @@
shared:
vault_addr: <%= ENV["VAULT_ADDR"] %>
vault_token: <%= ENV["VAULT_TOKEN"] %>
vault_addr:
vault_token:

# Pre-existing root CA, or create new if requested
vault_create_root: <%= ENV["VAULT_CREATE_ROOT"] || "true" %>
vault_root_ca_ref: <%= ENV["VAULT_ROOT_CA_REF"] || "root-ca" %>
vault_root_ca_mount: <%= ENV["VAULT_ROOT_CA_MOUNT"] || "pki_root" %>
vault_create_root: true
vault_root_ca_ref: root_ca
vault_root_ca_mount: pki_root

jwt_signing_key: <%= ENV["JWT_SIGNING_KEY"] %>
cert_ttl: <%= ENV["CERT_TTL"] %>
jwt_signing_key:
cert_ttl:

app_registry_addr: <%= ENV["APP_REGISTRY_ADDR"] %>
app_registry_token: <%= ENV["APP_REGISTRY_TOKEN"] %>
app_registry_ca_file: <%= ENV["APP_REGISTRY_CA_FILE"] %>
app_registry_client_cert: <%= ENV["APP_REGISTRY_CLIENT_CERT"] %>
app_registry_client_key: <%= ENV["APP_REGISTRY_CLIENT_KEY"] %>
app_registry_addr:
app_registry_token:
app_registry_ca_file:
app_registry_client_cert:
app_registry_client_key:

audit_log_file: <%= ENV["AUDIT_LOG_FILE"] || "#{Rails.root.join('log')}/astral-audit.log" %>
audit_log_file: <%= "#{Rails.root.join('log')}/astral-audit.log" %>

test:
cert_ttl: <%= 24.hours.in_seconds %>

development:

production:
vault_create_root: false
2 changes: 1 addition & 1 deletion test/interactors/application_interactor_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ def setup
@identity = Identity.new(subject: @domain.users_array.first)
@cr = Requests::CertIssueRequest.new(common_name: @domain.fqdn)
@log = Tempfile.new("log-test")
Rails.configuration.astral[:audit_log_file] = @log.path
Config[:audit_log_file] = @log.path
end

def teardown
Expand Down
4 changes: 2 additions & 2 deletions test/lib/clients/vault_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -99,11 +99,11 @@ class VaultTest < ActiveSupport::TestCase
def vault_client
::Vault::Client.new(
address: vault_addr,
token: Rails.configuration.astral[:vault_token]
token: Config[:vault_token]
)
end

def vault_addr
Rails.configuration.astral[:vault_addr]
Config[:vault_addr]
end
end
6 changes: 3 additions & 3 deletions test/lib/requests/cert_isssue_request_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -59,9 +59,9 @@ def setup
end

test "#valid? should require a ttl less than configured max" do
@cert_issue_request.ttl = Rails.configuration.astral[:cert_ttl] + 1
@cert_issue_request.ttl = Config[:cert_ttl] + 1
assert_not @cert_issue_request.valid?
assert_includes @cert_issue_request.errors[:ttl], "must be less than or equal to #{Rails.configuration.astral[:cert_ttl]}"
assert_includes @cert_issue_request.errors[:ttl], "must be less than or equal to #{Config[:cert_ttl]}"
end

test "#valid? should prevent wildcard common_name" do
Expand All @@ -82,7 +82,7 @@ def setup
assert_equal "pem", @cert_issue_request.format
assert_equal "pem", @cert_issue_request.private_key_format
assert_equal false, @cert_issue_request.remove_roots_from_chain
assert_equal Rails.configuration.astral[:cert_ttl], @cert_issue_request.ttl
assert_equal Config[:cert_ttl], @cert_issue_request.ttl
assert_equal true, @cert_issue_request.client_flag
assert_equal false, @cert_issue_request.code_signing_flag
assert_equal false, @cert_issue_request.email_protection_flag
Expand Down

0 comments on commit 7146eab

Please sign in to comment.