Merge pull request #25 from nzlosh/tls_fixes

pack update

Author: nzlosh

.github/CODEOWNERS

@@ -8,7 +8,8 @@
 
 # This is base configuration. These owners could review the
 # changes in all files in this repository.
-* @cognifloyd
+
+* @cognifloyd @nzlosh
 
 # CI configuration files should be reviewed by specific owners
 # who are more responsible for ensuring the quality of this pack

.github/workflows/build_and_test.yaml

@@ -12,14 +12,15 @@ jobs:
   # StackStorm-Exchange/ci/.github/workflows/pack-build_and_test.yaml@master
 
   build_and_test:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     name: 'Build and Test / Python ${{ matrix.python-version-short }}'
     strategy:
       matrix:
         include:
-          - python-version-short: "3.6"
-            python-version: 3.6.13
-            vault-version: 1.5.9
+          - python-version-short: "3.8"
+            python-version: 3.8.17
+            vault-version: "1.12.5-1"
+            hvac-gh-tag: "v1.1.1"
     steps:
       - name: Checkout Pack Repo and CI Repos
         uses: StackStorm-Exchange/ci/.github/actions/checkout@master
@@ -30,7 +31,7 @@ jobs:
           path: hvac
           repository: hvac/hvac
           # main = the release branch; devel = the active development branch
-          ref: main
+          ref: ${{ matrix.hvac-gh-tag }}
           fetch-depth: 0
 
       - name: Install APT Dependencies
@@ -50,7 +51,7 @@ jobs:
         working-directory: pack
         shell: bash
         run: |
-          curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
+          wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/hashicorp.gpg
           echo "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" \
             | sudo tee /etc/apt/sources.list.d/hashicorp.list
 
@@ -59,10 +60,7 @@ jobs:
             -o APT::Get::List-Cleanup="0" \
             -o Dir::Etc::sourcelist="sources.list.d/hashicorp.list"
 
-          sudo apt install \
-            consul \
-            vault=${{ matrix.vault-version }} \
-            ;
+          sudo apt install consul vault=${{ matrix.vault-version }}
 
           # We disble cap_ipc_lock here as its generally incompatabile with GitHub
           # Actions' runtime environments.
@@ -99,7 +97,7 @@ jobs:
 
     services:
       mongo:
-        image: mongo:3.4
+        image: mongo:4.4
         ports:
           - 27017:27017
       rabbitmq:

.gitignore

@@ -94,3 +94,6 @@ ENV/
 
 # Rope project settings
 .ropeproject
+
+# pack2md backup file
+README.md.bak

CHANGES.md

@@ -1,8 +1,19 @@
 # Change Log
 
+## 2.0.0
+
+- Add action to generate secrets.
+- Add profile support to pack to define multiple Vault end-points.
+- Updated README with full list of available actions.
+- Fixes TLS support for server and client certificates.
+- Updated HVAC python module dependency v1.1.0
+- Added token revoke action.
+- Updated all actions to use profile name.
+- Moved from Python 3.6 to 3.8 to support newer version of Vault.
+
 ## 1.0.0
 
-* Drop Python 2.7 support
+- Drop Python 2.7 support
 
 ## 0.6.0
 

README.jinja

@@ -0,0 +1,136 @@
+# {{ pack["pack.yaml"].name | capitalize }} Integration Pack
+_{{ pack["pack.yaml"].description }}_
+
+*Author:* {{ pack["pack.yaml"].author }} <{{ pack["pack.yaml"].email }}>
+
+{% if pack and pack["config.schema.yaml"] -%}
+## Configuration
+
+The following options are required to be configured for the pack to work correctly.
+
+| Option | Type | Required | Secret | Description |
+|---|---|---|---|---|
+{% for key, value in pack["config.schema.yaml"].items() -%}
+| `{{ key }}` | {{ value.type }} | {{ value.required }} | {{ value.secret | default("default") }} | _{{ value.description | default("Unavailable") }}_ |
+{% if "array" == value.type -%}
+{% if "object" == value.get("items").type -%}
+{% for ik, iv in value.get("items").properties.items() -%}
+| - `{{ ik }}` | {{ iv.type }} | {{ iv.required }} | {{ iv.secret | default("default") }} | _{{ iv.description | default("Unavailable") }}_ |
+{% endfor -%}
+{% else -%}
+| | {{ value.get("items").type }} | | | list of items |
+{% endif -%}
+{% endif -%}
+{% endfor -%}
+
+{% endif %}
+
+## Actions
+
+{% if actions | length > 0 %}
+The pack provides the following actions:
+
+{% for key, value in (actions.items() | list | sort) -%}
+### {{ value.name }}
+_{{ value.description }}_
+{% if "parameters" in value -%}
+| Parameter | Type | Required | Secret | Description |
+|---|---|---|---|---|
+{% for p_key, p_value in value.parameters.items() -%}
+{% if "array" == p_value.type -%}
+{% if p_value.get("items").type == "object" -%}
+{% for a_k, a_v in p_value.get("items").properties.items() -%}
+| - `{{ a_k }}` | {{ a_v.type | default("n/a") }} | {{ a_v.required | default("default") }} | {{ a_v.secret | default("default") }} | _{{ a_v.description | default("Unavailable") }}_ |
+{% endfor %}
+{% else -%}
+| Items are of type | {{ p_value.items.type }} ||||
+{% endif -%}
+{% endif -%}
+| `{{ p_key }}` | {{ p_value.type | default("n/a") }} | {{ p_value.required | default("default") }} | {{ p_value.secret | default("default") }} | _{{ p_value.description | default("Unavailable") }}_ |
+{% endfor -%}
+{% endif %}
+
+{% endfor %}
+{% else %}
+There are no actions available for this pack.
+{% endif %}
+
+### generate secret
+
+This action is written to pre-populate keys with a random secret.
+
+The following string sets are available
+
+ - ascii_letters
+   ```abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ```
+ - ascii_lowercase
+   ```abcdefghijklmnopqrstuvwxyz```
+ - ascii_uppercase
+   ```ABCDEFGHIJKLMNOPQRSTUVWXYZ```
+ - digits
+   ```0123456789```
+ - punctuation
+   ```!"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~```
+ - printable
+   ```0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~ \t\n\r\x0b\x0c```
+ - alphanumeric
+   ```abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789```
+
+### Update tactic
+
+The update tactic controls how the action will update existing secrets.  It's intended to ensure idempotence on multiple runs of the secret generation action.  The currently supported tactics are:
+ - `overwrite`: Overwrite an existing secret.
+ - `refrain`: Do not overwrite an existing secret.
+
+## Sensors
+{% if sensors | length > 0 %}
+The following sensors and triggers are provided:
+{% for key, value in sensors.items() %}
+### Class {{ value.class_name }}
+_{{ value.description }}_
+
+{% for trigger in value.trigger_types -%}
+| Trigger Name | Description |
+|---|---|
+| `{{ trigger.name }}` | _{{ trigger.description | default("Unavailable") }}_ |
+{% endfor %}
+
+
+{% endfor %}
+{% else %}
+There are no sensors available for this pack.
+{% endif %}
+
+## Authentication methods
+
+Authentication methods are defined per profile and are mutally exclusive.  Only configure the
+method that should be used.
+
+### Supported
+ - approle
+ - token
+
+### Unsupported
+ - app-id
+ - ali-cloud
+ - aws-iam  # aka aws
+ - aws-ec2
+ - azure
+ - cert  # aka tls
+ - gcp
+ - github
+ - jwt
+ - kubernetes
+ - ldap
+ - mfa
+ - oidc
+ - okta
+ - radius
+ - userpass
+
+## Maintainers
+Active pack maintainers with review & write repository access and expertise with vault:
+* Jacob Floyd ([@cognifloyd](https://github.com/cognifloyd)) <cognifloyd@gmail.com> Copart
+* Carlos ([@nzlosh](https://github.com/nzlosh))
+
+<sub>Documentation generated using [pack2md](https://github.com/nzlosh/pack2md)</sub>