hiera-vault 0.1.4 → 0.1.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/hiera/backend/vault_backend.rb +43 -5
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3f5330ec11f401a3bafbc2223c3dbcf513ce63f6
|
|
4
|
+
data.tar.gz: bfca139927590fa43f24a782c1eb36249164cc0e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a73d38373d64d71b5611cb882e207aec7ecbe521f0b829742f5f04c3339756056423a850f8162c42b9a86192aa0f4598661573eeba164a2ce80e4c85c617bb04
|
|
7
|
+
data.tar.gz: afa2f42bc6d4d75946a43787f6b6baf71d6b3c9e49a479aefb900b7ae59c4754eaa57f99c8714a3e2d910f0f55fc6b42d3ac71f1f2fd5b1bfeb8d007ea5e1c7f
|
|
@@ -10,6 +10,20 @@ class Hiera
|
|
|
10
10
|
@config = Config[:vault]
|
|
11
11
|
@config[:mounts] ||= {}
|
|
12
12
|
@config[:mounts][:generic] ||= ['secret']
|
|
13
|
+
@config[:default_field_parse] ||= 'string' # valid values: 'string', 'json'
|
|
14
|
+
|
|
15
|
+
if not ['string','json'].include?(@config[:default_field_parse])
|
|
16
|
+
raise Exception, "[hiera-vault] invalid value for :default_field_parse: '#{@config[:default_field_behavior]}', should be one of 'string','json'"
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
# :default_field_behavior:
|
|
20
|
+
# 'ignore' => ignore additional fields, if the field is not present return nil
|
|
21
|
+
# 'only' => only return value of default_field when it is present and the only field, otherwise return hash as normal
|
|
22
|
+
@config[:default_field_behavior] ||= 'ignore'
|
|
23
|
+
|
|
24
|
+
if not ['ignore','only'].include?(@config[:default_field_behavior])
|
|
25
|
+
raise Exception, "[hiera-vault] invalid value for :default_field_behavior: '#{@config[:default_field_behavior]}', should be one of 'ignore','only'"
|
|
26
|
+
end
|
|
13
27
|
|
|
14
28
|
begin
|
|
15
29
|
@vault = Vault::Client.new
|
|
@@ -37,16 +51,31 @@ class Hiera
|
|
|
37
51
|
Hiera.debug("[hiera-vault] Looking up #{key} in vault backend")
|
|
38
52
|
|
|
39
53
|
answer = nil
|
|
54
|
+
found = false
|
|
40
55
|
|
|
41
56
|
# Only generic mounts supported so far
|
|
42
57
|
@config[:mounts][:generic].each do |mount|
|
|
43
58
|
path = Backend.parse_string(mount, scope, { 'key' => key })
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
59
|
+
Hiera.debug("Looking in path #{path}")
|
|
60
|
+
new_answer = lookup_generic("#{path}/#{key}", scope)
|
|
61
|
+
#Hiera.debug("[hiera-vault] Answer: #{new_answer}:#{new_answer.class}")
|
|
62
|
+
next if new_answer.nil?
|
|
63
|
+
case resolution_type
|
|
64
|
+
when :array
|
|
65
|
+
raise Exception, "Hiera type mismatch: expected Array and got #{new_answer.class}" unless new_answer.kind_of? Array or new_answer.kind_of? String
|
|
66
|
+
answer ||= []
|
|
67
|
+
answer << new_answer
|
|
68
|
+
when :hash
|
|
69
|
+
raise Exception, "Hiera type mismatch: expected Hash and got #{new_answer.class}" unless new_answer.kind_of? Hash
|
|
70
|
+
answer ||= {}
|
|
71
|
+
answer = Backend.merge_answer(new_answer,answer)
|
|
72
|
+
else
|
|
73
|
+
answer = new_answer
|
|
74
|
+
break
|
|
75
|
+
end
|
|
47
76
|
end
|
|
48
77
|
|
|
49
|
-
answer
|
|
78
|
+
return answer
|
|
50
79
|
end
|
|
51
80
|
|
|
52
81
|
def lookup_generic(key, scope)
|
|
@@ -61,13 +90,22 @@ class Hiera
|
|
|
61
90
|
return nil if secret.nil?
|
|
62
91
|
|
|
63
92
|
Hiera.debug("[hiera-vault] Read secret: #{key}")
|
|
64
|
-
if @config[:default_field]
|
|
93
|
+
if @config[:default_field] and (@config[:default_field_behavior] == 'ignore' or (secret.data.has_key?(@config[:default_field].to_sym) and secret.data.length == 1))
|
|
94
|
+
return nil if not secret.data.has_key?(@config[:default_field].to_sym)
|
|
65
95
|
# Return just our default_field
|
|
66
96
|
data = secret.data[@config[:default_field].to_sym]
|
|
97
|
+
if @config[:default_field_parse] == 'json'
|
|
98
|
+
begin
|
|
99
|
+
data = JSON.parse(data)
|
|
100
|
+
rescue JSON::ParserError => e
|
|
101
|
+
Hiera.debug("[hiera-vault] Could not parse string as json: #{e}")
|
|
102
|
+
end
|
|
103
|
+
end
|
|
67
104
|
else
|
|
68
105
|
# Turn secret's hash keys into strings
|
|
69
106
|
data = secret.data.inject({}) { |h, (k, v)| h[k.to_s] = v; h }
|
|
70
107
|
end
|
|
108
|
+
#Hiera.debug("[hiera-vault] Data: #{data}:#{data.class}")
|
|
71
109
|
|
|
72
110
|
return Backend.parse_answer(data, scope)
|
|
73
111
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: hiera-vault
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jonathan Sokolowski
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2016-01-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: vault
|