add-vault-tokens 0.2.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/exe/add-vault-tokens +12 -3
- data/lib/add_vault_tokens/version.rb +1 -1
- data/lib/add_vault_tokens.rb +5 -3
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 436e279282f8b840ebde7603fc29c3a1677ab7dc
|
|
4
|
+
data.tar.gz: 9ad13038cafd810e0b7075ed8de06bc603cb970a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 42976d30ccb031824ac1d2cbc848bfe4ff24027defd10badb1918370f60c7c3192184b9234f1a4d88e62126e00cb84535c041af3f5d106bd30b6bce84c5602df
|
|
7
|
+
data.tar.gz: 4cbd9ef822398d6e4770240de364282bdf971b72bdb87f8ed198e16fe2c3e42fbb02f3b24d1f1a25541159acbf04d8490ef67e5cf807215244c2b5bb8223ffd2
|
data/exe/add-vault-tokens
CHANGED
|
@@ -5,7 +5,11 @@ require "psych"
|
|
|
5
5
|
require "add_vault_tokens"
|
|
6
6
|
|
|
7
7
|
# Set up command-line option defaults.
|
|
8
|
-
options = {
|
|
8
|
+
options = {
|
|
9
|
+
prefix: '',
|
|
10
|
+
renew: true,
|
|
11
|
+
quiet: false
|
|
12
|
+
}
|
|
9
13
|
options[:prefix] = "#{ENV.fetch('VAULT_ENV')}-" if ENV.has_key?('VAULT_ENV')
|
|
10
14
|
|
|
11
15
|
# Parse our command-line.
|
|
@@ -19,6 +23,10 @@ OptionParser.new do |opts|
|
|
|
19
23
|
opts.on(nil, "--no-renew", "Do not renew our master token") do |nr|
|
|
20
24
|
options[:renew] = false
|
|
21
25
|
end
|
|
26
|
+
|
|
27
|
+
opts.on('q', "--quiet", "Do not print lots of output") do |nr|
|
|
28
|
+
options[:quiet] = true
|
|
29
|
+
end
|
|
22
30
|
end.parse!
|
|
23
31
|
paths = ARGV
|
|
24
32
|
|
|
@@ -26,7 +34,7 @@ paths = ARGV
|
|
|
26
34
|
AddVaultTokens.connect
|
|
27
35
|
|
|
28
36
|
# Renew our master token.
|
|
29
|
-
if options
|
|
37
|
+
if options.fetch(:renew)
|
|
30
38
|
STDERR.puts("Renewing VAULT_MASTER_TOKEN")
|
|
31
39
|
AddVaultTokens.renew_master_token
|
|
32
40
|
end
|
|
@@ -34,7 +42,8 @@ end
|
|
|
34
42
|
# For each input file, add the appropriate tokens to each app.
|
|
35
43
|
paths.each do |path|
|
|
36
44
|
yml = Psych.load_file(path)
|
|
37
|
-
result = AddVaultTokens.add_tokens_to_apps(yml, prefix: options.fetch(:prefix)
|
|
45
|
+
result = AddVaultTokens.add_tokens_to_apps(yml, prefix: options.fetch(:prefix),
|
|
46
|
+
quiet: options.fetch(:quiet))
|
|
38
47
|
File.write("#{path}.tmp", Psych.dump(result))
|
|
39
48
|
# Atomically overwrite existing file.
|
|
40
49
|
File.rename("#{path}.tmp", path)
|
data/lib/add_vault_tokens.rb
CHANGED
|
@@ -36,20 +36,22 @@ module AddVaultTokens
|
|
|
36
36
|
# appropriate vault-related environment variables injected. If
|
|
37
37
|
# specified, append `prefix` to each service name in the file before
|
|
38
38
|
# looking up a policy.
|
|
39
|
-
def add_tokens_to_apps(parsed_yaml, prefix: "")
|
|
39
|
+
def add_tokens_to_apps(parsed_yaml, quiet: false, prefix: "")
|
|
40
40
|
env = ENV.fetch('VAULT_ENV', nil)
|
|
41
41
|
result = Marshal.load(Marshal.dump(parsed_yaml))
|
|
42
42
|
result.each do |app_name, info|
|
|
43
43
|
full_app_name = prefix + app_name
|
|
44
44
|
if have_policy_for?(full_app_name)
|
|
45
|
-
STDERR.puts("Issuing token for #{full_app_name}")
|
|
45
|
+
STDERR.puts("Issuing token for #{full_app_name}") unless quiet
|
|
46
46
|
token = create_token_for(full_app_name)
|
|
47
47
|
info['environment'] ||= {}
|
|
48
48
|
info['environment']['VAULT_ADDR'] = ENV.fetch('VAULT_ADDR')
|
|
49
49
|
info['environment']['VAULT_ENV'] = env if env
|
|
50
50
|
info['environment']['VAULT_TOKEN'] = token.auth.client_token
|
|
51
51
|
else
|
|
52
|
-
|
|
52
|
+
unless quiet
|
|
53
|
+
STDERR.puts("WARNING: No policy for #{full_app_name}, so no token issued")
|
|
54
|
+
end
|
|
53
55
|
end
|
|
54
56
|
end
|
|
55
57
|
result
|