hiera-vault 0.0.3 → 0.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 45c85e3cf6ae846fbd88d455f89e284236418142
-  data.tar.gz: 81ba520a29ad5603e516d15ecb03b01a7ce9dfde
+  metadata.gz: 54f1cd1107252c458c1f395266b2e8169833bed0
+  data.tar.gz: e398d18df0034a6a0b7ef3fa2a00ea8447ad9d26
 SHA512:
-  metadata.gz: c50c96da01630f6644b3eb72b77cb7759813080d3a0343acb90d7e5853c7ce3ee5e8d511f821a9b98c7362def7a96f55bf2b8b746095778cd019a3738c3dc1a5
-  data.tar.gz: 3699b7f995814832859acde1c77cdcab97865f444f57a458e525c1dd32f42413128125c3592400b922fb179315ba88fa6dd0ace82d73dea3955592d8370f43a2
+  metadata.gz: 610bbf21ed98fcb445ea40e3f0d7d4ab9e7aa25329f9e27ec2a9d34912bd734e540d942110f6d603710dd99c6647da2571df95f166df046eaac59dbd9e80896d
+  data.tar.gz: 43ebd78c114126bde4b6ae47c60d7a1ded9ebfeb413bae3558f451cbde923fd9e3b1d84336ec9c8b884997c7f84903dc844601e7a0567cd6beda61af85da4f20

data/lib/hiera/backend/vault_backend.rb

@@ -8,6 +8,9 @@ class Hiera
         require 'vault'
 
         @config = Config[:vault]
+        @config[:mounts] ||= {}
+        @config[:mounts][:generic] ||= ['secret']
+
         begin
           @vault = Vault::Client.new(address: @config[:addr], token: @config[:token])
           fail if @vault.sys.seal_status.sealed?
@@ -21,25 +24,39 @@ class Hiera
       def lookup(key, scope, order_override, resolution_type)
         return nil if @vault.nil?
 
-        begin
-          secret = @vault.logical.read(key)
-          Hiera.debug("[hiera-vault] Read secret: #{key}")
+        Hiera.debug("[hiera-vault] Looking up #{key} in vault backend")
+
+        answer = nil
+
+        # Only generic mounts supported so far
+        @config[:mounts][:generic].each do |mount|
+          path = Backend.parse_string(mount, scope, { 'key' => key })
+          answer = lookup_generic("#{path}/#{key}", scope)
 
-        rescue Vault::HTTPConnectionError
-          Hiera.warn("[hiera-vault] Could not connect to read secret: #{key}")
-        rescue Vault::HTTPError => e
-          Hiera.warn("[hiera-vault] Could not read secret #{key}: #{e.errors.join("\n").rstrip}")
+          break if answer.kind_of? Hash
         end
 
-        return nil if secret.nil?
+        answer
+      end
+
+      def lookup_generic(key, scope)
+          begin
+            secret = @vault.logical.read(key)
+          rescue Vault::HTTPConnectionError
+            Hiera.debug("[hiera-vault] Could not connect to read secret: #{key}")
+          rescue Vault::HTTPError => e
+            Hiera.warn("[hiera-vault] Could not read secret #{key}: #{e.errors.join("\n").rstrip}")
+          end
 
-        # Turn secret's hash keys into strings
-        data = secret.data.inject({}) { |h, (k, v)| h[k.to_s] = v; h }
-        answer = Backend.parse_answer(data, scope)
+          return nil if secret.nil?
 
-        return nil unless answer.kind_of? Hash
-        return answer
+          Hiera.debug("[hiera-vault] Read secret: #{key}")
+          # Turn secret's hash keys into strings
+          data = secret.data.inject({}) { |h, (k, v)| h[k.to_s] = v; h }
+
+          return Backend.parse_answer(data, scope)
       end
+
     end
   end
 end

metadata

@@ -1,29 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: hiera-vault
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.4
 platform: ruby
 authors:
 - Jonathan Sokolowski
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-06-09 00:00:00.000000000 Z
+date: 2015-06-22 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: json
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: vault
   requirement: !ruby/object:Gem::Requirement