vvauth 1.1.2 → 1.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +38 -35
- package/package.json +2 -1
package/index.js
CHANGED
|
@@ -112,7 +112,7 @@ class vvauth {
|
|
|
112
112
|
|
|
113
113
|
|
|
114
114
|
async set(k, v) {
|
|
115
|
-
let {entity_id, identity : {metadata}} = await this.
|
|
115
|
+
let {entity_id, identity : {metadata}} = await this._vault_get_profile();
|
|
116
116
|
if(!metadata)
|
|
117
117
|
metadata = {};
|
|
118
118
|
let key_name = `env_${k.toUpperCase()}`;
|
|
@@ -125,12 +125,16 @@ class vvauth {
|
|
|
125
125
|
}
|
|
126
126
|
|
|
127
127
|
async show() {
|
|
128
|
-
let {profile} = await this.
|
|
128
|
+
let {profile} = await this._vault_get_profile();
|
|
129
129
|
return profile;
|
|
130
130
|
}
|
|
131
131
|
|
|
132
|
-
async
|
|
132
|
+
async _vault_get_profile() {
|
|
133
133
|
await this.connect();
|
|
134
|
+
|
|
135
|
+
if(!this.VAULT_TOKEN)
|
|
136
|
+
return {};
|
|
137
|
+
|
|
134
138
|
let {entity_id} = await this._lookup_token(this.VAULT_TOKEN);
|
|
135
139
|
let identity = await this._lookup_identity(this.VAULT_TOKEN, entity_id);
|
|
136
140
|
let profile = {};
|
|
@@ -147,40 +151,22 @@ class vvauth {
|
|
|
147
151
|
return {entity_id, identity, profile};
|
|
148
152
|
}
|
|
149
153
|
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
let {profile} = await this._get_profile();
|
|
154
|
+
async _get_env() {
|
|
155
|
+
let {profile} = await this._vault_get_profile();
|
|
153
156
|
|
|
154
157
|
let env = {VAULT_TOKEN : this.VAULT_TOKEN, VAULT_ADDR : this.VAULT_ADDR}, secrets = {},
|
|
155
|
-
{map = {}, paths, path : mount = "secrets"} = this.rc.env || {};
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
if(paths) {
|
|
159
|
-
for(let secret_path of paths) {
|
|
160
|
-
console.error("reaching paths", secret_path);
|
|
161
|
-
let data = await this._read(mount, secret_path);
|
|
162
|
-
secrets = {...secrets, ...data};
|
|
163
|
-
}
|
|
158
|
+
{git, map = {}, paths, path : mount = "secrets"} = this.rc.env || {};
|
|
164
159
|
|
|
165
|
-
}
|
|
166
|
-
|
|
167
|
-
|
|
160
|
+
let {'ssh-agent-crypt' : agent } = this.rc;
|
|
161
|
+
if(agent) {
|
|
162
|
+
const {path, identity} = agent;
|
|
163
|
+
let child = spawn('ssh-agent-crypt', ["-decrypt", identity]);
|
|
168
164
|
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
165
|
+
child.stdin.end(fs.readFileSync(path));
|
|
166
|
+
const result = JSON.parse(await drain(child.stdout));
|
|
167
|
+
secrets = {...secrets, ...result};
|
|
172
168
|
}
|
|
173
169
|
|
|
174
|
-
process.exit();
|
|
175
|
-
}
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
async env(source = false) {
|
|
179
|
-
let {profile} = await this._get_profile();
|
|
180
|
-
|
|
181
|
-
let env = {VAULT_TOKEN : this.VAULT_TOKEN, VAULT_ADDR : this.VAULT_ADDR}, secrets = {},
|
|
182
|
-
{git, map = {}, paths, path : mount = "secrets"} = this.rc.env || {};
|
|
183
|
-
|
|
184
170
|
if(git) {
|
|
185
171
|
map = {...map,
|
|
186
172
|
"GIT_COMMITTER_NAME" : profile.VAUTH_USER_NAME,
|
|
@@ -193,32 +179,49 @@ class vvauth {
|
|
|
193
179
|
if(paths) {
|
|
194
180
|
for(let secret_path of paths) {
|
|
195
181
|
console.error("reaching paths", secret_path);
|
|
196
|
-
let data = await this.
|
|
182
|
+
let data = await this._vault_read(mount, secret_path);
|
|
197
183
|
secrets = {...secrets, ...data};
|
|
198
184
|
}
|
|
199
185
|
}
|
|
200
186
|
for(let [k, v] of Object.entries(map))
|
|
201
187
|
env[k] = replaceEnv(v, {env : process.env, profile, secrets});
|
|
202
188
|
|
|
189
|
+
return env;
|
|
190
|
+
}
|
|
191
|
+
|
|
192
|
+
async dotenv() {
|
|
193
|
+
const env = await this._get_env();
|
|
194
|
+
|
|
195
|
+
for(let [k, v] of Object.entries(env)) {
|
|
196
|
+
process.stdout.write(`${k}=${String(v)}\n`);
|
|
197
|
+
process.stderr.write(`export ${k}=[redacted]\n`);
|
|
198
|
+
}
|
|
199
|
+
|
|
200
|
+
process.exit();
|
|
201
|
+
}
|
|
202
|
+
|
|
203
|
+
async env(source = false) {
|
|
204
|
+
const env = await this._get_env();
|
|
205
|
+
|
|
203
206
|
if(source) {
|
|
204
207
|
this._publish_env(env);
|
|
205
208
|
process.exit();
|
|
206
209
|
}
|
|
210
|
+
|
|
207
211
|
return env;
|
|
208
212
|
}
|
|
209
213
|
|
|
210
|
-
|
|
211
|
-
async _read(mount, secret_path) {
|
|
214
|
+
async _vault_read(mount, secret_path) {
|
|
212
215
|
let remote_url = `${trim(this.VAULT_ADDR, '/')}/v1/${mount}/data/${trim(secret_path, '/')}`;
|
|
213
216
|
let query = {...url.parse(remote_url), headers : {'x-vault-token' : this.VAULT_TOKEN}, expect : 200};
|
|
214
217
|
let res = await request(query);
|
|
215
218
|
return get(JSON.parse(String(await drain(res))), 'data.data');
|
|
216
219
|
}
|
|
217
220
|
|
|
221
|
+
|
|
218
222
|
async _login_vault_ssh({path = 'ssh', role}) {
|
|
219
223
|
logger.info("Trying to auth as '%s'", role);
|
|
220
224
|
|
|
221
|
-
|
|
222
225
|
let agent = new OpenSSHAgent(process.env.SSH_AUTH_SOCK);
|
|
223
226
|
let keys = await promiser(chain => agent.getIdentities(chain));
|
|
224
227
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "vvauth",
|
|
3
|
-
"version": "1.1
|
|
3
|
+
"version": "1.2.1",
|
|
4
4
|
"description": "Vault Auth helper",
|
|
5
5
|
"main": "index.js",
|
|
6
6
|
"bin": {
|
|
@@ -17,6 +17,7 @@
|
|
|
17
17
|
"mout": "^1.2.4",
|
|
18
18
|
"nyks": "^6.15.0",
|
|
19
19
|
"semver": "^7.5.4",
|
|
20
|
+
"ssh-agent-crypt": "^1.0.1",
|
|
20
21
|
"ssh2": "^1.16.0",
|
|
21
22
|
"yaml": "^2.6.1"
|
|
22
23
|
},
|