add-vault-tokens 0.2.0 → 0.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/exe/add-vault-tokens +12 -3
- data/lib/add_vault_tokens/version.rb +1 -1
- data/lib/add_vault_tokens.rb +5 -3
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 436e279282f8b840ebde7603fc29c3a1677ab7dc
|
|
4
|
+
data.tar.gz: 9ad13038cafd810e0b7075ed8de06bc603cb970a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 42976d30ccb031824ac1d2cbc848bfe4ff24027defd10badb1918370f60c7c3192184b9234f1a4d88e62126e00cb84535c041af3f5d106bd30b6bce84c5602df
|
|
7
|
+
data.tar.gz: 4cbd9ef822398d6e4770240de364282bdf971b72bdb87f8ed198e16fe2c3e42fbb02f3b24d1f1a25541159acbf04d8490ef67e5cf807215244c2b5bb8223ffd2
|
data/exe/add-vault-tokens
CHANGED
|
@@ -5,7 +5,11 @@ require "psych"
|
|
|
5
5
|
require "add_vault_tokens"
|
|
6
6
|
|
|
7
7
|
# Set up command-line option defaults.
|
|
8
|
-
options = {
|
|
8
|
+
options = {
|
|
9
|
+
prefix: '',
|
|
10
|
+
renew: true,
|
|
11
|
+
quiet: false
|
|
12
|
+
}
|
|
9
13
|
options[:prefix] = "#{ENV.fetch('VAULT_ENV')}-" if ENV.has_key?('VAULT_ENV')
|
|
10
14
|
|
|
11
15
|
# Parse our command-line.
|
|
@@ -19,6 +23,10 @@ OptionParser.new do |opts|
|
|
|
19
23
|
opts.on(nil, "--no-renew", "Do not renew our master token") do |nr|
|
|
20
24
|
options[:renew] = false
|
|
21
25
|
end
|
|
26
|
+
|
|
27
|
+
opts.on('q', "--quiet", "Do not print lots of output") do |nr|
|
|
28
|
+
options[:quiet] = true
|
|
29
|
+
end
|
|
22
30
|
end.parse!
|
|
23
31
|
paths = ARGV
|
|
24
32
|
|
|
@@ -26,7 +34,7 @@ paths = ARGV
|
|
|
26
34
|
AddVaultTokens.connect
|
|
27
35
|
|
|
28
36
|
# Renew our master token.
|
|
29
|
-
if options
|
|
37
|
+
if options.fetch(:renew)
|
|
30
38
|
STDERR.puts("Renewing VAULT_MASTER_TOKEN")
|
|
31
39
|
AddVaultTokens.renew_master_token
|
|
32
40
|
end
|
|
@@ -34,7 +42,8 @@ end
|
|
|
34
42
|
# For each input file, add the appropriate tokens to each app.
|
|
35
43
|
paths.each do |path|
|
|
36
44
|
yml = Psych.load_file(path)
|
|
37
|
-
result = AddVaultTokens.add_tokens_to_apps(yml, prefix: options.fetch(:prefix)
|
|
45
|
+
result = AddVaultTokens.add_tokens_to_apps(yml, prefix: options.fetch(:prefix),
|
|
46
|
+
quiet: options.fetch(:quiet))
|
|
38
47
|
File.write("#{path}.tmp", Psych.dump(result))
|
|
39
48
|
# Atomically overwrite existing file.
|
|
40
49
|
File.rename("#{path}.tmp", path)
|
data/lib/add_vault_tokens.rb
CHANGED
|
@@ -36,20 +36,22 @@ module AddVaultTokens
|
|
|
36
36
|
# appropriate vault-related environment variables injected. If
|
|
37
37
|
# specified, append `prefix` to each service name in the file before
|
|
38
38
|
# looking up a policy.
|
|
39
|
-
def add_tokens_to_apps(parsed_yaml, prefix: "")
|
|
39
|
+
def add_tokens_to_apps(parsed_yaml, quiet: false, prefix: "")
|
|
40
40
|
env = ENV.fetch('VAULT_ENV', nil)
|
|
41
41
|
result = Marshal.load(Marshal.dump(parsed_yaml))
|
|
42
42
|
result.each do |app_name, info|
|
|
43
43
|
full_app_name = prefix + app_name
|
|
44
44
|
if have_policy_for?(full_app_name)
|
|
45
|
-
STDERR.puts("Issuing token for #{full_app_name}")
|
|
45
|
+
STDERR.puts("Issuing token for #{full_app_name}") unless quiet
|
|
46
46
|
token = create_token_for(full_app_name)
|
|
47
47
|
info['environment'] ||= {}
|
|
48
48
|
info['environment']['VAULT_ADDR'] = ENV.fetch('VAULT_ADDR')
|
|
49
49
|
info['environment']['VAULT_ENV'] = env if env
|
|
50
50
|
info['environment']['VAULT_TOKEN'] = token.auth.client_token
|
|
51
51
|
else
|
|
52
|
-
|
|
52
|
+
unless quiet
|
|
53
|
+
STDERR.puts("WARNING: No policy for #{full_app_name}, so no token issued")
|
|
54
|
+
end
|
|
53
55
|
end
|
|
54
56
|
end
|
|
55
57
|
result
|