get-hc-secrets 1.5.10__py3-none-any.whl → 1.5.21__py3-none-any.whl

getSecrets/__init__.py

@@ -5,22 +5,24 @@ from os import getenv
 from os.path import join
 
 import requests
+import urllib3
 import yaml
 
 logging.basicConfig(level=logging.INFO, format='%(asctime)s %(message)s',
                     datefmt='%m/%d/%Y %I:%M:%S %p')
 
-_config_file = "~/.config/.vault/vault.yml"
+_config_file = ".config/.vault/vault.yml"
 _home = getenv("HOME")
 
 try:
-    _config = yaml.safe_load(open(join(_home, _config_file.replace("~/", ''))))
+    _config = yaml.safe_load(open(join(_home, _config_file)))
 except (FileNotFoundError, TypeError):
     if not os.path.exists("/etc/vault"):
         os.makedirs("/etc/vault")
     _home = "/etc/vault"
+    _config_file = "vault.yml"
     try:
-        _config = yaml.safe_load(open(join(_home, 'vault.yml')))
+        _config = yaml.safe_load(open(join(_home, _config_file)))
     except FileNotFoundError:
         logging.error(f"No vault configuration found in {_home}")
         sys.exit(1)
@@ -38,25 +40,34 @@ def get_secret(id: str, repo: str = 'secret') -> dict:
     If the request fails, the method logs an HTTP error message and returns a n empty json {}.
     """
 
-    base_url = _config['vault']['vault_addr']
-    if _home == '/etc/vault':
-        certs = '/etc/vault/bundle.pem'
+    # check if data is available in config file
+    if id in _config:
+        return _config[id]
     else:
-        certs = join(_home, _config['vault']['certs'].replace("~/", ''))
-
-    token = _config['vault']['token']
-    headers = {"X-Vault-Token": token}
-    uri = f"/v1/{repo}/data/"
-    url = f"{base_url}{uri}{id}"
-    resp = requests.get(url, headers=headers, verify=certs)
-    if resp.status_code == 200:
-        secret = resp.json()["data"]["data"]
-        return secret
+        base_url = _config['vault']['vault_addr']
+        if _home == '/etc/vault':
+            certs = '/etc/vault/bundle.pem'
+        else:
+            certs = join(_home, _config['vault']['certs'].replace("~/", ''))
+        # check if file exist, else make insecure
+        if not (os.path.exists(certs)):
+            certs = False
+            urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
+            logging.warning(f"No vault bundle.pem found at {certs} - working insecure !!")
+
+        token = _config['vault']['token']
+        headers = {"X-Vault-Token": token}
+        uri = f"/v1/{repo}/data/"
+        url = f"{base_url}{uri}{id}"
+        resp = requests.get(url, headers=headers, verify=certs)
+        if resp.status_code == 200:
+            secret = resp.json()["data"]["data"]
+            return secret
 
-    else:
-        print(f"http error {resp.status_code}")
-        logging.error(f"Vault api error {resp}")
-        return {}
+        else:
+            print(f"http error {resp.status_code}")
+            logging.error(f"Vault api error {resp}")
+            return {}
 
 
 def get_user_pwd(id: str, repo: str = 'secret') -> tuple:
@@ -71,26 +82,30 @@ def get_user_pwd(id: str, repo: str = 'secret') -> tuple:
     If the request fails, the method prints an HTTP error message and returns (None, None).
     """
 
-    base_url = _config['vault']['vault_addr']
-    certs = join(_home, _config['vault']['certs'].replace("~/", ''))
-    token = _config['vault']['token']
+    # check if data is available in config file
+    if id in _config:
+        return _config[id]['username'], _config[id]['password']
+    else:
+        base_url = _config['vault']['vault_addr']
+        certs = join(_home, _config['vault']['certs'].replace("~/", ''))
+        token = _config['vault']['token']
+
+        headers = {"X-Vault-Token": token}
+        uri = f"/v1/{repo}/data/"
+        url = f"{base_url}{uri}{id}"
+        resp = requests.get(url, headers=headers, verify=certs)
+        if resp.status_code == 200:
+            secret = resp.json()["data"]["data"]
+            if 'username' in secret and 'password' in secret:
+                return secret['username'], secret['password']
+            else:
+                return None, None
 
-    headers = {"X-Vault-Token": token}
-    uri = f"/v1/{repo}/data/"
-    url = f"{base_url}{uri}{id}"
-    resp = requests.get(url, headers=headers, verify=certs)
-    if resp.status_code == 200:
-        secret = resp.json()["data"]["data"]
-        if 'username' in secret and 'password' in secret:
-            return secret['username'], secret['password']
         else:
+            print(f"http error {resp.status_code}")
+            logging.error(f"Vault api error {resp}")
             return None, None
 
-    else:
-        print(f"http error {resp.status_code}")
-        logging.error(f"Vault api error {resp}")
-        return None, None
-
 
 def list_secret(repo: str = 'secret'):
     """
@@ -125,29 +140,41 @@ def upd_secret(id: str, data, repo: str = 'secret'):
 
     """
 
-    base_url = _config['vault']['vault_addr']
-    certs = join(_home, _config['vault']['certs'].replace("~/", ''))
-    token = _config['vault']['token']
-
-    headers = {"X-Vault-Token": token}
-    uri = f"/v1/{repo}/data/"
-    url = f"{base_url}{uri}{id}"
-    resp = requests.request('GET', url, headers=headers, verify=certs)
-    if resp.status_code == 200:
-        version = resp.json()["data"]['metadata']['version']
-        obj = {
-            "options": {
-                "cas": version
-            },
-            "data": data
-        }
-
-        resp2 = requests.request('POST', url, headers=headers, json=obj, verify=certs)
-        if resp2.status_code != 200:
-            logging.warning(f"Vault update error for {id} with new {data}")
-        return resp2.status_code
+    # check if data is available in config file
+    if id in _config:
+        _config[id] = data
+        with open(join(_home, _config_file), 'w') as fd:
+            yaml.safe_dump(_config, fd)
+        return 200
 
     else:
-        print(f"http error {resp.status_code}")
-        logging.error(f"Vault api error {resp}")
-        return None, None
+        base_url = _config['vault']['vault_addr']
+        certs = join(_home, _config['vault']['certs'].replace("~/", ''))
+        token = _config['vault']['token']
+
+        headers = {"X-Vault-Token": token}
+        uri = f"/v1/{repo}/data/"
+        url = f"{base_url}{uri}{id}"
+        resp = requests.request('GET', url, headers=headers, verify=certs)
+        if resp.status_code == 200:
+            version = resp.json()["data"]['metadata']['version']
+            obj = {
+                "options": {
+                    "cas": version
+                },
+                "data": data
+            }
+
+            resp2 = requests.request('POST', url, headers=headers, json=obj, verify=certs)
+            if resp2.status_code != 200:
+                logging.warning(f"Vault update error for {id} with new {data}")
+            return resp2.status_code
+
+        else:
+            print(f"http error {resp.status_code}")
+            logging.error(f"Vault api error {resp}")
+            return None, None
+
+
+if __name__ == "__main__":
+    secret = get_secret('test')

{get_hc_secrets-1.5.10.dist-info → get_hc_secrets-1.5.21.dist-info}/METADATA

@@ -1,7 +1,7 @@
-Metadata-Version: 2.1
+Metadata-Version: 2.4
 Name: get_hc_secrets
-Version: 1.5.10
-Summary: A package to read secrets from Hashicorp vault
+Version: 1.5.21
+Summary: A package to read secrets from Hashicorp vault or from a local file
 Author-email: Xavier Mayeur <xavier@mayeur.be>
 Project-URL: Homepage, https://github.com/xmayeur/getSecrets
 Project-URL: Bug Tracker, https://github.com/xmayeur/getSecrets/issues
@@ -13,19 +13,23 @@ Description-Content-Type: text/markdown
 License-File: LICENSE
 Requires-Dist: pyyaml
 Requires-Dist: requests
+Dynamic: license-file
 
 # getSecrets package
 
 getSecrets is a simple package that reads from the given engine ('secret' by default) of a Hashicorp vault
+It can also read data from the local vault.yml file
 
 usage:
 
 ```
 from getSecrets import *
 
-data = get_secret(<id>, [<secret>])
+data = get_secret(<id>, [repo:<secret>])
 
-usr_pwd = get_user_pwd(<id>, <new k_v_dict> , [<secret>])
+usr, pwd = get_user_pwd(<id> , [repo:<secret>])
+
+updater = update_secret(<id>, <new_object>, [repo:<secret>])
 
 list = list_secret([<secret>]
 
@@ -38,4 +42,17 @@ vault:
   token: "<access token>"
   vault_addr: "https://vault:8200"
   certs: "<path>/bundle.pem"
+ 
+id:
+  item1: 1
+  item2: 2
+  username: user
+  password: !@•?
 ```
+
+for reminder:
+bundle.pem, for own certificates, is made of, in this order:
+
+- vault certificate
+- intermediate certificate
+- root certificate

get_hc_secrets-1.5.21.dist-info/RECORD

@@ -0,0 +1,6 @@
+getSecrets/__init__.py,sha256=nw77NNCuIzKJWdVlJb4QNqEtCRg7H2b7I-3SfT7X2CI,6382
+get_hc_secrets-1.5.21.dist-info/licenses/LICENSE,sha256=2bm9uFabQZ3Ykb_SaSU_uUbAj2-htc6WJQmS_65qD00,1073
+get_hc_secrets-1.5.21.dist-info/METADATA,sha256=W05DxI_EGK3Ss9GsjY0_4Gs8Di-3A4X3rMV0CzvY314,1410
+get_hc_secrets-1.5.21.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+get_hc_secrets-1.5.21.dist-info/top_level.txt,sha256=X_v6_cB4900TWZoDSDtFDhZrxKcH4dJiPCIAcyL5Z7k,11
+get_hc_secrets-1.5.21.dist-info/RECORD,,

{get_hc_secrets-1.5.10.dist-info → get_hc_secrets-1.5.21.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (72.2.0)
+Generator: setuptools (80.9.0)
 Root-Is-Purelib: true
 Tag: py3-none-any
 

get_hc_secrets-1.5.10.dist-info/RECORD

@@ -1,6 +0,0 @@
-getSecrets/__init__.py,sha256=U2J8nInxyA5jv5JMjc3yAt7WUTWSHC0ZI0ODoFlJ8-8,5304
-get_hc_secrets-1.5.10.dist-info/LICENSE,sha256=2bm9uFabQZ3Ykb_SaSU_uUbAj2-htc6WJQmS_65qD00,1073
-get_hc_secrets-1.5.10.dist-info/METADATA,sha256=DwFHqkDHQvfKAtgtFBLLwB6tDW0i5m-4--zLNMlMek4,1051
-get_hc_secrets-1.5.10.dist-info/WHEEL,sha256=HiCZjzuy6Dw0hdX5R3LCFPDmFS4BWl8H-8W39XfmgX4,91
-get_hc_secrets-1.5.10.dist-info/top_level.txt,sha256=X_v6_cB4900TWZoDSDtFDhZrxKcH4dJiPCIAcyL5Z7k,11
-get_hc_secrets-1.5.10.dist-info/RECORD,,