hiera-vault 0.1.4 → 0.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/hiera/backend/vault_backend.rb +43 -5
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3f5330ec11f401a3bafbc2223c3dbcf513ce63f6
|
|
4
|
+
data.tar.gz: bfca139927590fa43f24a782c1eb36249164cc0e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a73d38373d64d71b5611cb882e207aec7ecbe521f0b829742f5f04c3339756056423a850f8162c42b9a86192aa0f4598661573eeba164a2ce80e4c85c617bb04
|
|
7
|
+
data.tar.gz: afa2f42bc6d4d75946a43787f6b6baf71d6b3c9e49a479aefb900b7ae59c4754eaa57f99c8714a3e2d910f0f55fc6b42d3ac71f1f2fd5b1bfeb8d007ea5e1c7f
|
|
@@ -10,6 +10,20 @@ class Hiera
|
|
|
10
10
|
@config = Config[:vault]
|
|
11
11
|
@config[:mounts] ||= {}
|
|
12
12
|
@config[:mounts][:generic] ||= ['secret']
|
|
13
|
+
@config[:default_field_parse] ||= 'string' # valid values: 'string', 'json'
|
|
14
|
+
|
|
15
|
+
if not ['string','json'].include?(@config[:default_field_parse])
|
|
16
|
+
raise Exception, "[hiera-vault] invalid value for :default_field_parse: '#{@config[:default_field_behavior]}', should be one of 'string','json'"
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
# :default_field_behavior:
|
|
20
|
+
# 'ignore' => ignore additional fields, if the field is not present return nil
|
|
21
|
+
# 'only' => only return value of default_field when it is present and the only field, otherwise return hash as normal
|
|
22
|
+
@config[:default_field_behavior] ||= 'ignore'
|
|
23
|
+
|
|
24
|
+
if not ['ignore','only'].include?(@config[:default_field_behavior])
|
|
25
|
+
raise Exception, "[hiera-vault] invalid value for :default_field_behavior: '#{@config[:default_field_behavior]}', should be one of 'ignore','only'"
|
|
26
|
+
end
|
|
13
27
|
|
|
14
28
|
begin
|
|
15
29
|
@vault = Vault::Client.new
|
|
@@ -37,16 +51,31 @@ class Hiera
|
|
|
37
51
|
Hiera.debug("[hiera-vault] Looking up #{key} in vault backend")
|
|
38
52
|
|
|
39
53
|
answer = nil
|
|
54
|
+
found = false
|
|
40
55
|
|
|
41
56
|
# Only generic mounts supported so far
|
|
42
57
|
@config[:mounts][:generic].each do |mount|
|
|
43
58
|
path = Backend.parse_string(mount, scope, { 'key' => key })
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
59
|
+
Hiera.debug("Looking in path #{path}")
|
|
60
|
+
new_answer = lookup_generic("#{path}/#{key}", scope)
|
|
61
|
+
#Hiera.debug("[hiera-vault] Answer: #{new_answer}:#{new_answer.class}")
|
|
62
|
+
next if new_answer.nil?
|
|
63
|
+
case resolution_type
|
|
64
|
+
when :array
|
|
65
|
+
raise Exception, "Hiera type mismatch: expected Array and got #{new_answer.class}" unless new_answer.kind_of? Array or new_answer.kind_of? String
|
|
66
|
+
answer ||= []
|
|
67
|
+
answer << new_answer
|
|
68
|
+
when :hash
|
|
69
|
+
raise Exception, "Hiera type mismatch: expected Hash and got #{new_answer.class}" unless new_answer.kind_of? Hash
|
|
70
|
+
answer ||= {}
|
|
71
|
+
answer = Backend.merge_answer(new_answer,answer)
|
|
72
|
+
else
|
|
73
|
+
answer = new_answer
|
|
74
|
+
break
|
|
75
|
+
end
|
|
47
76
|
end
|
|
48
77
|
|
|
49
|
-
answer
|
|
78
|
+
return answer
|
|
50
79
|
end
|
|
51
80
|
|
|
52
81
|
def lookup_generic(key, scope)
|
|
@@ -61,13 +90,22 @@ class Hiera
|
|
|
61
90
|
return nil if secret.nil?
|
|
62
91
|
|
|
63
92
|
Hiera.debug("[hiera-vault] Read secret: #{key}")
|
|
64
|
-
if @config[:default_field]
|
|
93
|
+
if @config[:default_field] and (@config[:default_field_behavior] == 'ignore' or (secret.data.has_key?(@config[:default_field].to_sym) and secret.data.length == 1))
|
|
94
|
+
return nil if not secret.data.has_key?(@config[:default_field].to_sym)
|
|
65
95
|
# Return just our default_field
|
|
66
96
|
data = secret.data[@config[:default_field].to_sym]
|
|
97
|
+
if @config[:default_field_parse] == 'json'
|
|
98
|
+
begin
|
|
99
|
+
data = JSON.parse(data)
|
|
100
|
+
rescue JSON::ParserError => e
|
|
101
|
+
Hiera.debug("[hiera-vault] Could not parse string as json: #{e}")
|
|
102
|
+
end
|
|
103
|
+
end
|
|
67
104
|
else
|
|
68
105
|
# Turn secret's hash keys into strings
|
|
69
106
|
data = secret.data.inject({}) { |h, (k, v)| h[k.to_s] = v; h }
|
|
70
107
|
end
|
|
108
|
+
#Hiera.debug("[hiera-vault] Data: #{data}:#{data.class}")
|
|
71
109
|
|
|
72
110
|
return Backend.parse_answer(data, scope)
|
|
73
111
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: hiera-vault
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jonathan Sokolowski
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2016-01-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: vault
|