confidante 0.28.0.pre.13 → 0.28.0.pre.16
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +2 -1
- data/lib/confidante/version.rb +1 -1
- data/lib/hiera/backend/vault_backend.rb +27 -6
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f227c07f069e181681816cc7489b858e84902900d7c19f31b5ba99449f6e431b
|
|
4
|
+
data.tar.gz: b0d0e7a23a56b82c86a26aedad88b03f12ae92a08a8a6d670cd6929916c15c79
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 83b32114eccd28d13653e36afe295828adf3def314aa33d21da2665e237021c74128b852c7244a273cedfa880bcd2ad628226ca16ae14db5f50d9adb39cc0626
|
|
7
|
+
data.tar.gz: 031042a9e6e29028ff51a5772c834cf4025f04b4e250a3ca2ea5fe638d1d1fb70c43bf209200ff5c2e3b6ccc07537a711d87277b1035ac5fdfebb4d8d51fe5a9
|
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
confidante (0.28.0.pre.
|
|
4
|
+
confidante (0.28.0.pre.16)
|
|
5
5
|
activesupport (>= 4)
|
|
6
6
|
hiera (~> 3.3)
|
|
7
7
|
shikashi (~> 0.6)
|
|
@@ -161,6 +161,7 @@ GEM
|
|
|
161
161
|
PLATFORMS
|
|
162
162
|
arm64-darwin-21
|
|
163
163
|
x86_64-darwin-20
|
|
164
|
+
x86_64-darwin-21
|
|
164
165
|
x86_64-linux
|
|
165
166
|
|
|
166
167
|
DEPENDENCIES
|
data/lib/confidante/version.rb
CHANGED
|
@@ -9,23 +9,44 @@ class Hiera
|
|
|
9
9
|
class Vault_backend
|
|
10
10
|
def initialize
|
|
11
11
|
Hiera.debug('Hiera vault backend starting')
|
|
12
|
-
|
|
13
|
-
@client = Vault::Client.new
|
|
14
12
|
end
|
|
15
13
|
|
|
16
14
|
def lookup(key, scope, _order_override, resolution_type, _context)
|
|
17
15
|
Hiera.debug("Looking up #{key} in vault backend " \
|
|
18
16
|
"with #{resolution_type}")
|
|
19
17
|
|
|
20
|
-
|
|
21
|
-
|
|
18
|
+
vault_config = Backend.parse_answer(Config[:vault], scope)
|
|
19
|
+
vault_address = vault_config[:address]
|
|
20
|
+
vault_client = Vault::Client.new(address: vault_address)
|
|
22
21
|
|
|
23
|
-
value =
|
|
24
|
-
throw(:no_such_key) unless value
|
|
22
|
+
value = get_value(vault_client, key, vault_config[:sources])
|
|
25
23
|
|
|
26
24
|
Backend.parse_answer(value, scope)
|
|
27
25
|
end
|
|
26
|
+
|
|
27
|
+
def get_value(vault_client, key, sources)
|
|
28
|
+
found_source = sources.find do |source|
|
|
29
|
+
read_kv_value(vault_client, source, key)
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
throw(:no_such_key) unless found_source
|
|
33
|
+
|
|
34
|
+
read_kv_value(vault_client, found_source, key)
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def read_kv_value(vault_client, source, key)
|
|
38
|
+
throw(:unsupported_secrets_engine) unless source[:engine] == 'kv'
|
|
39
|
+
|
|
40
|
+
mount = source[:mount]
|
|
41
|
+
full_path = "#{source[:path]}/#{key}"
|
|
42
|
+
|
|
43
|
+
secret = vault_client.kv(mount).read(full_path)
|
|
44
|
+
return nil unless secret
|
|
45
|
+
|
|
46
|
+
secret.data[:value]
|
|
47
|
+
end
|
|
28
48
|
end
|
|
49
|
+
|
|
29
50
|
# rubocop:enable Naming/ClassAndModuleCamelCase
|
|
30
51
|
end
|
|
31
52
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: confidante
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.28.0.pre.
|
|
4
|
+
version: 0.28.0.pre.16
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- InfraBlocks Maintainers
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-08-
|
|
11
|
+
date: 2022-08-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|