jerakia-datasource-vault 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +15 -0
  2. data/lib/jerakia/datasource/vault.rb +76 -0
  3. metadata +84 -0
checksums.yaml ADDED
@@ -0,0 +1,15 @@
1
+ ---
2
+ !binary "U0hBMQ==":
3
+ metadata.gz: !binary |-
4
+ YmE3MTMwZWMwYzliNzYzY2FiYjRmMjRjMjE1MDk4ZjY4ZjRkN2VjMQ==
5
+ data.tar.gz: !binary |-
6
+ ZTEyOGMwZTcxOWVlNmMzYTdlN2E1ZWNjN2U0NzNjYjlkYjYzYWNlZg==
7
+ SHA512:
8
+ metadata.gz: !binary |-
9
+ NmI3NWIxODY4MDk5Y2Q0OWU5NDA5ZTVkNDEzODI4ZDc4Nzc1MDU0NDVlYmU3
10
+ YmVhYWRhNjc4ZjdlYjE1ZjdjN2RhNmZkY2VkNTE5ZDNhMWY0OGJiYjQwZDUz
11
+ M2VjOTFkZGViYTM3Y2M2ZDUzY2FmMzA1YTQ1NGI1Mjg3ODVjN2E=
12
+ data.tar.gz: !binary |-
13
+ ODFmYjY1NmUwN2FhNmFlZmMxMGNlOTJjZGNiY2EzOTc3NWY1MGZmYWVkMDcz
14
+ NjQzN2E1MmIxYTcxYWZiMTg1YmNlZjEwZTUwN2FiM2FmOTJkYmFiZGE3ZWNl
15
+ ODc1NmJmMTYxNTRlYWFiODkwMWVjNDc0MTc3ZGZmZDkzZDhhOGY=
data/lib/jerakia/datasource/vault.rb ADDED
@@ -0,0 +1,76 @@
1
+ require 'jerakia'
2
+ require 'vault'
3
+
4
+ class Jerakia
5
+ class Datasource
6
+ module Vault
7
+
8
+ def run
9
+
10
+ option :host, type: String, default: '127.0.0.1'
11
+ option :port, type: Integer, default: 8200
12
+ option :scheme, type: Symbol, default: :http
13
+ option :token, type: String
14
+ option :searchpath, type: Array, default: [ 'secret' ]
15
+ option :field, type: Symbol, default: lookup.request.key.to_sym
16
+ option :dig, type: [FalseClass, TrueClass], default: true
17
+ option :map_key, type: [FalseClass, TrueClass], default: false
18
+
19
+
20
+ addr = "#{options[:scheme].to_s}://#{options[:host]}:#{options[:port]}"
21
+
22
+ Jerakia.log.debug("[jerakia-vault]: Using address #{addr}")
23
+
24
+ begin
25
+ vault = ::Vault::Client.new
26
+ vault.configure do |conf|
27
+ conf.address = addr
28
+ conf.token = options[:token] if options[:token]
29
+ end
30
+
31
+ sealed = vault.sys.seal_status.sealed?
32
+
33
+ rescue ::Vault::HTTPConnectionError => e
34
+ raise Jerakia::Error, "Cannot connect to vault server. #{e.message}"
35
+ end
36
+
37
+ raise Jerakia::Error, "Connected to sealed vault" if sealed
38
+
39
+ hierarchy = options[:searchpath].map { |s|
40
+ [s, lookup.request.namespace ].flatten.join("/")
41
+ }
42
+
43
+ hierarchy.each do |level|
44
+
45
+ # Don't perform any more lookups if Jerakia reports that
46
+ # it doesn't want any more.
47
+ break unless response.want?
48
+
49
+ # If map_key option is set then we should append the lookup key to
50
+ # the search path
51
+ level << "/#{lookup.request.key}" if options[:map_key]
52
+
53
+ Jerakia.log.debug("[jerakia-vault]: looking up #{level}")
54
+
55
+ secret = vault.logical.read(level)
56
+
57
+ if secret.is_a?(::Vault::Secret)
58
+ Jerakia.log.debug("[jerakia-vault]: valid answer returned #{secret.data}")
59
+
60
+ # If dig is true then we should lookup the key from the hash
61
+ # response, if not then we just return the whole hash
62
+ #
63
+ if options[:dig]
64
+ if result = secret.data[options[:field]]
65
+ Jerakia.log.debug("[jerakia-vault]: found key #{lookup.request.key.to_sym}")
66
+ response.submit result
67
+ end
68
+ else
69
+ response.submit secret.data unless secret.data.empty?
70
+ end
71
+ end
72
+ end
73
+ end
74
+ end
75
+ end
76
+ end
metadata ADDED
@@ -0,0 +1,84 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: jerakia-datasource-vault
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Craig Dunn
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2016-09-27 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: jerakia
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ~>
18
+ - !ruby/object:Gem::Version
19
+ version: '1.1'
20
+ - - ! '>='
21
+ - !ruby/object:Gem::Version
22
+ version: 1.1.0
23
+ type: :runtime
24
+ prerelease: false
25
+ version_requirements: !ruby/object:Gem::Requirement
26
+ requirements:
27
+ - - ~>
28
+ - !ruby/object:Gem::Version
29
+ version: '1.1'
30
+ - - ! '>='
31
+ - !ruby/object:Gem::Version
32
+ version: 1.1.0
33
+ - !ruby/object:Gem::Dependency
34
+ name: vault
35
+ requirement: !ruby/object:Gem::Requirement
36
+ requirements:
37
+ - - ~>
38
+ - !ruby/object:Gem::Version
39
+ version: '0.6'
40
+ - - ! '>='
41
+ - !ruby/object:Gem::Version
42
+ version: 0.6.0
43
+ type: :runtime
44
+ prerelease: false
45
+ version_requirements: !ruby/object:Gem::Requirement
46
+ requirements:
47
+ - - ~>
48
+ - !ruby/object:Gem::Version
49
+ version: '0.6'
50
+ - - ! '>='
51
+ - !ruby/object:Gem::Version
52
+ version: 0.6.0
53
+ description: Jerakia datasource plugin for vault
54
+ email: craig@craigdunn.org
55
+ executables: []
56
+ extensions: []
57
+ extra_rdoc_files: []
58
+ files:
59
+ - lib/jerakia/datasource/vault.rb
60
+ homepage: http://github.com/crayfishx/jerakia-vault
61
+ licenses:
62
+ - Apache 2.0
63
+ metadata: {}
64
+ post_install_message:
65
+ rdoc_options: []
66
+ require_paths:
67
+ - lib
68
+ required_ruby_version: !ruby/object:Gem::Requirement
69
+ requirements:
70
+ - - ! '>='
71
+ - !ruby/object:Gem::Version
72
+ version: '0'
73
+ required_rubygems_version: !ruby/object:Gem::Requirement
74
+ requirements:
75
+ - - ! '>='
76
+ - !ruby/object:Gem::Version
77
+ version: '0'
78
+ requirements: []
79
+ rubyforge_project:
80
+ rubygems_version: 2.2.5
81
+ signing_key:
82
+ specification_version: 4
83
+ summary: Jerakia data source plugin for vault
84
+ test_files: []