jerakia-datasource-vault 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +15 -0
- data/lib/jerakia/datasource/vault.rb +76 -0
- metadata +84 -0
checksums.yaml
ADDED
@@ -0,0 +1,15 @@
|
|
1
|
+
---
|
2
|
+
!binary "U0hBMQ==":
|
3
|
+
metadata.gz: !binary |-
|
4
|
+
YmE3MTMwZWMwYzliNzYzY2FiYjRmMjRjMjE1MDk4ZjY4ZjRkN2VjMQ==
|
5
|
+
data.tar.gz: !binary |-
|
6
|
+
ZTEyOGMwZTcxOWVlNmMzYTdlN2E1ZWNjN2U0NzNjYjlkYjYzYWNlZg==
|
7
|
+
SHA512:
|
8
|
+
metadata.gz: !binary |-
|
9
|
+
NmI3NWIxODY4MDk5Y2Q0OWU5NDA5ZTVkNDEzODI4ZDc4Nzc1MDU0NDVlYmU3
|
10
|
+
YmVhYWRhNjc4ZjdlYjE1ZjdjN2RhNmZkY2VkNTE5ZDNhMWY0OGJiYjQwZDUz
|
11
|
+
M2VjOTFkZGViYTM3Y2M2ZDUzY2FmMzA1YTQ1NGI1Mjg3ODVjN2E=
|
12
|
+
data.tar.gz: !binary |-
|
13
|
+
ODFmYjY1NmUwN2FhNmFlZmMxMGNlOTJjZGNiY2EzOTc3NWY1MGZmYWVkMDcz
|
14
|
+
NjQzN2E1MmIxYTcxYWZiMTg1YmNlZjEwZTUwN2FiM2FmOTJkYmFiZGE3ZWNl
|
15
|
+
ODc1NmJmMTYxNTRlYWFiODkwMWVjNDc0MTc3ZGZmZDkzZDhhOGY=
|
@@ -0,0 +1,76 @@
|
|
1
|
+
require 'jerakia'
|
2
|
+
require 'vault'
|
3
|
+
|
4
|
+
class Jerakia
|
5
|
+
class Datasource
|
6
|
+
module Vault
|
7
|
+
|
8
|
+
def run
|
9
|
+
|
10
|
+
option :host, type: String, default: '127.0.0.1'
|
11
|
+
option :port, type: Integer, default: 8200
|
12
|
+
option :scheme, type: Symbol, default: :http
|
13
|
+
option :token, type: String
|
14
|
+
option :searchpath, type: Array, default: [ 'secret' ]
|
15
|
+
option :field, type: Symbol, default: lookup.request.key.to_sym
|
16
|
+
option :dig, type: [FalseClass, TrueClass], default: true
|
17
|
+
option :map_key, type: [FalseClass, TrueClass], default: false
|
18
|
+
|
19
|
+
|
20
|
+
addr = "#{options[:scheme].to_s}://#{options[:host]}:#{options[:port]}"
|
21
|
+
|
22
|
+
Jerakia.log.debug("[jerakia-vault]: Using address #{addr}")
|
23
|
+
|
24
|
+
begin
|
25
|
+
vault = ::Vault::Client.new
|
26
|
+
vault.configure do |conf|
|
27
|
+
conf.address = addr
|
28
|
+
conf.token = options[:token] if options[:token]
|
29
|
+
end
|
30
|
+
|
31
|
+
sealed = vault.sys.seal_status.sealed?
|
32
|
+
|
33
|
+
rescue ::Vault::HTTPConnectionError => e
|
34
|
+
raise Jerakia::Error, "Cannot connect to vault server. #{e.message}"
|
35
|
+
end
|
36
|
+
|
37
|
+
raise Jerakia::Error, "Connected to sealed vault" if sealed
|
38
|
+
|
39
|
+
hierarchy = options[:searchpath].map { |s|
|
40
|
+
[s, lookup.request.namespace ].flatten.join("/")
|
41
|
+
}
|
42
|
+
|
43
|
+
hierarchy.each do |level|
|
44
|
+
|
45
|
+
# Don't perform any more lookups if Jerakia reports that
|
46
|
+
# it doesn't want any more.
|
47
|
+
break unless response.want?
|
48
|
+
|
49
|
+
# If map_key option is set then we should append the lookup key to
|
50
|
+
# the search path
|
51
|
+
level << "/#{lookup.request.key}" if options[:map_key]
|
52
|
+
|
53
|
+
Jerakia.log.debug("[jerakia-vault]: looking up #{level}")
|
54
|
+
|
55
|
+
secret = vault.logical.read(level)
|
56
|
+
|
57
|
+
if secret.is_a?(::Vault::Secret)
|
58
|
+
Jerakia.log.debug("[jerakia-vault]: valid answer returned #{secret.data}")
|
59
|
+
|
60
|
+
# If dig is true then we should lookup the key from the hash
|
61
|
+
# response, if not then we just return the whole hash
|
62
|
+
#
|
63
|
+
if options[:dig]
|
64
|
+
if result = secret.data[options[:field]]
|
65
|
+
Jerakia.log.debug("[jerakia-vault]: found key #{lookup.request.key.to_sym}")
|
66
|
+
response.submit result
|
67
|
+
end
|
68
|
+
else
|
69
|
+
response.submit secret.data unless secret.data.empty?
|
70
|
+
end
|
71
|
+
end
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
76
|
+
end
|
metadata
ADDED
@@ -0,0 +1,84 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: jerakia-datasource-vault
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Craig Dunn
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2016-09-27 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: jerakia
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ~>
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '1.1'
|
20
|
+
- - ! '>='
|
21
|
+
- !ruby/object:Gem::Version
|
22
|
+
version: 1.1.0
|
23
|
+
type: :runtime
|
24
|
+
prerelease: false
|
25
|
+
version_requirements: !ruby/object:Gem::Requirement
|
26
|
+
requirements:
|
27
|
+
- - ~>
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: '1.1'
|
30
|
+
- - ! '>='
|
31
|
+
- !ruby/object:Gem::Version
|
32
|
+
version: 1.1.0
|
33
|
+
- !ruby/object:Gem::Dependency
|
34
|
+
name: vault
|
35
|
+
requirement: !ruby/object:Gem::Requirement
|
36
|
+
requirements:
|
37
|
+
- - ~>
|
38
|
+
- !ruby/object:Gem::Version
|
39
|
+
version: '0.6'
|
40
|
+
- - ! '>='
|
41
|
+
- !ruby/object:Gem::Version
|
42
|
+
version: 0.6.0
|
43
|
+
type: :runtime
|
44
|
+
prerelease: false
|
45
|
+
version_requirements: !ruby/object:Gem::Requirement
|
46
|
+
requirements:
|
47
|
+
- - ~>
|
48
|
+
- !ruby/object:Gem::Version
|
49
|
+
version: '0.6'
|
50
|
+
- - ! '>='
|
51
|
+
- !ruby/object:Gem::Version
|
52
|
+
version: 0.6.0
|
53
|
+
description: Jerakia datasource plugin for vault
|
54
|
+
email: craig@craigdunn.org
|
55
|
+
executables: []
|
56
|
+
extensions: []
|
57
|
+
extra_rdoc_files: []
|
58
|
+
files:
|
59
|
+
- lib/jerakia/datasource/vault.rb
|
60
|
+
homepage: http://github.com/crayfishx/jerakia-vault
|
61
|
+
licenses:
|
62
|
+
- Apache 2.0
|
63
|
+
metadata: {}
|
64
|
+
post_install_message:
|
65
|
+
rdoc_options: []
|
66
|
+
require_paths:
|
67
|
+
- lib
|
68
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
69
|
+
requirements:
|
70
|
+
- - ! '>='
|
71
|
+
- !ruby/object:Gem::Version
|
72
|
+
version: '0'
|
73
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
74
|
+
requirements:
|
75
|
+
- - ! '>='
|
76
|
+
- !ruby/object:Gem::Version
|
77
|
+
version: '0'
|
78
|
+
requirements: []
|
79
|
+
rubyforge_project:
|
80
|
+
rubygems_version: 2.2.5
|
81
|
+
signing_key:
|
82
|
+
specification_version: 4
|
83
|
+
summary: Jerakia data source plugin for vault
|
84
|
+
test_files: []
|