vvauth 0.2.2 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/index.js +41 -7
  2. package/package.json +2 -1
package/index.js CHANGED
@@ -9,6 +9,7 @@ const net = require('net');
9
9
  const {spawn} = require('child_process');
10
10
 
11
11
  const {parse} = require('yaml');
12
+ const semver = require('semver');
12
13
  const SSHAgent = require('ssh-agent-js/client');
13
14
  const trim = require('mout/string/trim');
14
15
  const get = require('mout/object/get');
@@ -35,6 +36,15 @@ const FUNCTION_DECL = "function vauth() { source <(/usr/bin/env vvauth --ir://ra
35
36
  class vvauth {
36
37
  constructor(rc = null) {
37
38
 
39
+
40
+ let {dependencies = {}} = require(path.resolve('package.json'));
41
+
42
+ for(let [module_name, module_version] of Object.entries(dependencies)) {
43
+ let {version} = require(require.resolve(`${module_name}/package.json`));
44
+ if(!semver.satisfies(version, module_version))
45
+ throw `Unsupported ${module_name} version (requires ${module_version})`;
46
+ }
47
+
38
48
  this.rc = {};
39
49
  if(rc) {
40
50
  this.rc = rc;
@@ -42,7 +52,7 @@ class vvauth {
42
52
  let vauth_rc = VAUTH_RC.filter(path => path && fs.existsSync(path))[0];
43
53
  if(vauth_rc) {
44
54
  let body = fs.readFileSync(vauth_rc, 'utf8');
45
- this.rc = walk(parse(body), v => replaceEnv(v, { env : process.env}));
55
+ this.rc = walk(parse(body), v => replaceEnv(v, process.env));
46
56
  }
47
57
  }
48
58
 
@@ -126,20 +136,36 @@ class vvauth {
126
136
  async env(source = false) {
127
137
  let {profile} = await this._get_profile();
128
138
 
129
- let env = {VAULT_TOKEN : this.VAULT_TOKEN}, {git, map} = this.rc.env || {};
139
+ let env = {VAULT_TOKEN : this.VAULT_TOKEN},
140
+ {git, map = [], paths, path : mount = "secrets"} = this.rc.env || {};
141
+
142
+ if(!Array.isArray(map))
143
+ map = [map];
144
+
130
145
  if(git) {
131
- map = {...map,
146
+ map.push({
132
147
  "GIT_COMMITTER_NAME" : "VAUTH_USER_NAME",
133
148
  "GIT_COMMITTER_EMAIL" : "VAUTH_USER_MAIL",
134
149
  "GIT_AUTHOR_EMAIL" : "VAUTH_USER_MAIL",
135
150
  "GIT_AUTHOR_NAME" : "VAUTH_USER_NAME",
136
151
  "GIT_USER_LOGIN" : "VAUTH_USER_LOGIN",
137
- };
152
+ });
153
+ }
154
+ if(paths) {
155
+ for(let secret_path of paths) {
156
+ console.error("reaching paths", secret_path);
157
+ let data = await this._read(mount, secret_path);
158
+ profile = {...profile, ...data};
159
+ }
138
160
  }
139
161
 
140
- for(let [k, v] of Object.entries(map || {})) {
141
- if(profile[v])
142
- env[k] = profile[v];
162
+ for(let entry of map) {
163
+ if(typeof entry == "string")
164
+ entry = {[entry] : entry};
165
+ for(let [k, v] of Object.entries(entry)) {
166
+ if(profile[v])
167
+ env[k] = profile[v];
168
+ }
143
169
  }
144
170
 
145
171
  if(source) {
@@ -148,6 +174,14 @@ class vvauth {
148
174
  }
149
175
  }
150
176
 
177
+
178
+ async _read(mount, secret_path) {
179
+ let remote_url = `${trim(this.vault_addr, '/')}/v1/${mount}/data/${trim(secret_path, '/')}`;
180
+ let query = {...url.parse(remote_url), headers : {'x-vault-token' : this.VAULT_TOKEN}, expect : 200};
181
+ let res = await request(query);
182
+ return get(JSON.parse(String(await drain(res))), 'data.data');
183
+ }
184
+
151
185
  async _login_vault_ssh({path = 'ssh', role}) {
152
186
  logger.info("Trying to auth as '%s'", role);
153
187
  let sock;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "vvauth",
3
- "version": "0.2.2",
3
+ "version": "0.3.0",
4
4
  "description": "Vault Auth helper",
5
5
  "main": "index.js",
6
6
  "bin": {
@@ -16,6 +16,7 @@
16
16
  "debug": "^4.3.4",
17
17
  "mout": "^1.0.0",
18
18
  "nyks": "^6.9.1",
19
+ "semver": "^7.5.4",
19
20
  "ssh-agent-js": "^2.0.4",
20
21
  "yaml": "^2.6.1"
21
22
  },