jerakia-datasource-vault 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +15 -0
  2. data/lib/jerakia/datasource/vault.rb +76 -0
  3. metadata +84 -0
checksums.yaml ADDED
@@ -0,0 +1,15 @@
1
+ ---
2
+ !binary "U0hBMQ==":
3
+ metadata.gz: !binary |-
4
+ YmE3MTMwZWMwYzliNzYzY2FiYjRmMjRjMjE1MDk4ZjY4ZjRkN2VjMQ==
5
+ data.tar.gz: !binary |-
6
+ ZTEyOGMwZTcxOWVlNmMzYTdlN2E1ZWNjN2U0NzNjYjlkYjYzYWNlZg==
7
+ SHA512:
8
+ metadata.gz: !binary |-
9
+ NmI3NWIxODY4MDk5Y2Q0OWU5NDA5ZTVkNDEzODI4ZDc4Nzc1MDU0NDVlYmU3
10
+ YmVhYWRhNjc4ZjdlYjE1ZjdjN2RhNmZkY2VkNTE5ZDNhMWY0OGJiYjQwZDUz
11
+ M2VjOTFkZGViYTM3Y2M2ZDUzY2FmMzA1YTQ1NGI1Mjg3ODVjN2E=
12
+ data.tar.gz: !binary |-
13
+ ODFmYjY1NmUwN2FhNmFlZmMxMGNlOTJjZGNiY2EzOTc3NWY1MGZmYWVkMDcz
14
+ NjQzN2E1MmIxYTcxYWZiMTg1YmNlZjEwZTUwN2FiM2FmOTJkYmFiZGE3ZWNl
15
+ ODc1NmJmMTYxNTRlYWFiODkwMWVjNDc0MTc3ZGZmZDkzZDhhOGY=
data/lib/jerakia/datasource/vault.rb ADDED
@@ -0,0 +1,76 @@
1
+ require 'jerakia'
2
+ require 'vault'
3
+
4
+ class Jerakia
5
+ class Datasource
6
+ module Vault
7
+
8
+ def run
9
+
10
+ option :host, type: String, default: '127.0.0.1'
11
+ option :port, type: Integer, default: 8200
12
+ option :scheme, type: Symbol, default: :http
13
+ option :token, type: String
14
+ option :searchpath, type: Array, default: [ 'secret' ]
15
+ option :field, type: Symbol, default: lookup.request.key.to_sym
16
+ option :dig, type: [FalseClass, TrueClass], default: true
17
+ option :map_key, type: [FalseClass, TrueClass], default: false
18
+
19
+
20
+ addr = "#{options[:scheme].to_s}://#{options[:host]}:#{options[:port]}"
21
+
22
+ Jerakia.log.debug("[jerakia-vault]: Using address #{addr}")
23
+
24
+ begin
25
+ vault = ::Vault::Client.new
26
+ vault.configure do |conf|
27
+ conf.address = addr
28
+ conf.token = options[:token] if options[:token]
29
+ end
30
+
31
+ sealed = vault.sys.seal_status.sealed?
32
+
33
+ rescue ::Vault::HTTPConnectionError => e
34
+ raise Jerakia::Error, "Cannot connect to vault server. #{e.message}"
35
+ end
36
+
37
+ raise Jerakia::Error, "Connected to sealed vault" if sealed
38
+
39
+ hierarchy = options[:searchpath].map { |s|
40
+ [s, lookup.request.namespace ].flatten.join("/")
41
+ }
42
+
43
+ hierarchy.each do |level|
44
+
45
+ # Don't perform any more lookups if Jerakia reports that
46
+ # it doesn't want any more.
47
+ break unless response.want?
48
+
49
+ # If map_key option is set then we should append the lookup key to
50
+ # the search path
51
+ level << "/#{lookup.request.key}" if options[:map_key]
52
+
53
+ Jerakia.log.debug("[jerakia-vault]: looking up #{level}")
54
+
55
+ secret = vault.logical.read(level)
56
+
57
+ if secret.is_a?(::Vault::Secret)
58
+ Jerakia.log.debug("[jerakia-vault]: valid answer returned #{secret.data}")
59
+
60
+ # If dig is true then we should lookup the key from the hash
61
+ # response, if not then we just return the whole hash
62
+ #
63
+ if options[:dig]
64
+ if result = secret.data[options[:field]]
65
+ Jerakia.log.debug("[jerakia-vault]: found key #{lookup.request.key.to_sym}")
66
+ response.submit result
67
+ end
68
+ else
69
+ response.submit secret.data unless secret.data.empty?
70
+ end
71
+ end
72
+ end
73
+ end
74
+ end
75
+ end
76
+ end
metadata ADDED
@@ -0,0 +1,84 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: jerakia-datasource-vault
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Craig Dunn
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2016-09-27 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: jerakia
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ~>
18
+ - !ruby/object:Gem::Version
19
+ version: '1.1'
20
+ - - ! '>='
21
+ - !ruby/object:Gem::Version
22
+ version: 1.1.0
23
+ type: :runtime
24
+ prerelease: false
25
+ version_requirements: !ruby/object:Gem::Requirement
26
+ requirements:
27
+ - - ~>
28
+ - !ruby/object:Gem::Version
29
+ version: '1.1'
30
+ - - ! '>='
31
+ - !ruby/object:Gem::Version
32
+ version: 1.1.0
33
+ - !ruby/object:Gem::Dependency
34
+ name: vault
35
+ requirement: !ruby/object:Gem::Requirement
36
+ requirements:
37
+ - - ~>
38
+ - !ruby/object:Gem::Version
39
+ version: '0.6'
40
+ - - ! '>='
41
+ - !ruby/object:Gem::Version
42
+ version: 0.6.0
43
+ type: :runtime
44
+ prerelease: false
45
+ version_requirements: !ruby/object:Gem::Requirement
46
+ requirements:
47
+ - - ~>
48
+ - !ruby/object:Gem::Version
49
+ version: '0.6'
50
+ - - ! '>='
51
+ - !ruby/object:Gem::Version
52
+ version: 0.6.0
53
+ description: Jerakia datasource plugin for vault
54
+ email: craig@craigdunn.org
55
+ executables: []
56
+ extensions: []
57
+ extra_rdoc_files: []
58
+ files:
59
+ - lib/jerakia/datasource/vault.rb
60
+ homepage: http://github.com/crayfishx/jerakia-vault
61
+ licenses:
62
+ - Apache 2.0
63
+ metadata: {}
64
+ post_install_message:
65
+ rdoc_options: []
66
+ require_paths:
67
+ - lib
68
+ required_ruby_version: !ruby/object:Gem::Requirement
69
+ requirements:
70
+ - - ! '>='
71
+ - !ruby/object:Gem::Version
72
+ version: '0'
73
+ required_rubygems_version: !ruby/object:Gem::Requirement
74
+ requirements:
75
+ - - ! '>='
76
+ - !ruby/object:Gem::Version
77
+ version: '0'
78
+ requirements: []
79
+ rubyforge_project:
80
+ rubygems_version: 2.2.5
81
+ signing_key:
82
+ specification_version: 4
83
+ summary: Jerakia data source plugin for vault
84
+ test_files: []