get-hc-secrets 1.5.10__tar.gz → 1.5.21__tar.gz

{get_hc_secrets-1.5.10 → get_hc_secrets-1.5.21}/PKG-INFO

@@ -1,7 +1,7 @@
-Metadata-Version: 2.1
+Metadata-Version: 2.4
 Name: get_hc_secrets
-Version: 1.5.10
-Summary: A package to read secrets from Hashicorp vault
+Version: 1.5.21
+Summary: A package to read secrets from Hashicorp vault or from a local file
 Author-email: Xavier Mayeur <xavier@mayeur.be>
 Project-URL: Homepage, https://github.com/xmayeur/getSecrets
 Project-URL: Bug Tracker, https://github.com/xmayeur/getSecrets/issues
@@ -13,19 +13,23 @@ Description-Content-Type: text/markdown
 License-File: LICENSE
 Requires-Dist: pyyaml
 Requires-Dist: requests
+Dynamic: license-file
 
 # getSecrets package
 
 getSecrets is a simple package that reads from the given engine ('secret' by default) of a Hashicorp vault
+It can also read data from the local vault.yml file
 
 usage:
 
 ```
 from getSecrets import *
 
-data = get_secret(<id>, [<secret>])
+data = get_secret(<id>, [repo:<secret>])
 
-usr_pwd = get_user_pwd(<id>, <new k_v_dict> , [<secret>])
+usr, pwd = get_user_pwd(<id> , [repo:<secret>])
+
+updater = update_secret(<id>, <new_object>, [repo:<secret>])
 
 list = list_secret([<secret>]
 
@@ -38,4 +42,17 @@ vault:
   token: "<access token>"
   vault_addr: "https://vault:8200"
   certs: "<path>/bundle.pem"
+ 
+id:
+  item1: 1
+  item2: 2
+  username: user
+  password: !@•?
 ```
+
+for reminder:
+bundle.pem, for own certificates, is made of, in this order:
+
+- vault certificate
+- intermediate certificate
+- root certificate

get_hc_secrets-1.5.21/README.md

@@ -0,0 +1,41 @@
+# getSecrets package
+
+getSecrets is a simple package that reads from the given engine ('secret' by default) of a Hashicorp vault
+It can also read data from the local vault.yml file
+
+usage:
+
+```
+from getSecrets import *
+
+data = get_secret(<id>, [repo:<secret>])
+
+usr, pwd = get_user_pwd(<id> , [repo:<secret>])
+
+updater = update_secret(<id>, <new_object>, [repo:<secret>])
+
+list = list_secret([<secret>]
+
+```
+
+Vault parameters are stored in a config file ~/.config/.vault/.vault.yml
+
+```
+vault:
+  token: "<access token>"
+  vault_addr: "https://vault:8200"
+  certs: "<path>/bundle.pem"
+ 
+id:
+  item1: 1
+  item2: 2
+  username: user
+  password: !@•?
+```
+
+for reminder:
+bundle.pem, for own certificates, is made of, in this order:
+
+- vault certificate
+- intermediate certificate
+- root certificate

{get_hc_secrets-1.5.10 → get_hc_secrets-1.5.21}/pyproject.toml

@@ -1,10 +1,10 @@
 [project]
 name = "get_hc_secrets"
-version = '1.5.10'
+version = '1.5.21'
 authors = [
     { name = "Xavier Mayeur", email = "xavier@mayeur.be" }
 ]
-description = "A package to read secrets from Hashicorp vault"
+description = "A package to read secrets from Hashicorp vault or from a local file"
 readme = "README.md"
 requires-python = ">=3.7"
 classifiers = [

get_hc_secrets-1.5.21/src/getSecrets/__init__.py

@@ -0,0 +1,180 @@
+import logging
+import os
+import sys
+from os import getenv
+from os.path import join
+
+import requests
+import urllib3
+import yaml
+
+logging.basicConfig(level=logging.INFO, format='%(asctime)s %(message)s',
+                    datefmt='%m/%d/%Y %I:%M:%S %p')
+
+_config_file = ".config/.vault/vault.yml"
+_home = getenv("HOME")
+
+try:
+    _config = yaml.safe_load(open(join(_home, _config_file)))
+except (FileNotFoundError, TypeError):
+    if not os.path.exists("/etc/vault"):
+        os.makedirs("/etc/vault")
+    _home = "/etc/vault"
+    _config_file = "vault.yml"
+    try:
+        _config = yaml.safe_load(open(join(_home, _config_file)))
+    except FileNotFoundError:
+        logging.error(f"No vault configuration found in {_home}")
+        sys.exit(1)
+
+
+def get_secret(id: str, repo: str = 'secret') -> dict:
+    """
+    :param id: The ID of the secret to retrieve
+    :param repo: The name of the secrets repository to retrieve the secret from - defaults to 'secret'
+    :return: a json object with key/value pairs
+             or an empty object if the secret retrieval fails
+
+    This method retrieves a secret from a Vault server using the provided ID.
+    If the request is successful (status code 200), the method extracts the key-value pairs JSON object.
+    If the request fails, the method logs an HTTP error message and returns a n empty json {}.
+    """
+
+    # check if data is available in config file
+    if id in _config:
+        return _config[id]
+    else:
+        base_url = _config['vault']['vault_addr']
+        if _home == '/etc/vault':
+            certs = '/etc/vault/bundle.pem'
+        else:
+            certs = join(_home, _config['vault']['certs'].replace("~/", ''))
+        # check if file exist, else make insecure
+        if not (os.path.exists(certs)):
+            certs = False
+            urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
+            logging.warning(f"No vault bundle.pem found at {certs} - working insecure !!")
+
+        token = _config['vault']['token']
+        headers = {"X-Vault-Token": token}
+        uri = f"/v1/{repo}/data/"
+        url = f"{base_url}{uri}{id}"
+        resp = requests.get(url, headers=headers, verify=certs)
+        if resp.status_code == 200:
+            secret = resp.json()["data"]["data"]
+            return secret
+
+        else:
+            print(f"http error {resp.status_code}")
+            logging.error(f"Vault api error {resp}")
+            return {}
+
+
+def get_user_pwd(id: str, repo: str = 'secret') -> tuple:
+    """
+    :param id: The ID of the secret to retrieve
+    :param repo: The name of the secret repository to retrieve the seret from - defaults to 'secret'
+    :return: a tuple username, password values if the secrets has such keys, else None, None
+
+    This method retrieves a secret from a Vault server using the provided ID.
+    If the request is successful (status code 200), the method extracts the  username and password key value
+    if such keys exist.
+    If the request fails, the method prints an HTTP error message and returns (None, None).
+    """
+
+    # check if data is available in config file
+    if id in _config:
+        return _config[id]['username'], _config[id]['password']
+    else:
+        base_url = _config['vault']['vault_addr']
+        certs = join(_home, _config['vault']['certs'].replace("~/", ''))
+        token = _config['vault']['token']
+
+        headers = {"X-Vault-Token": token}
+        uri = f"/v1/{repo}/data/"
+        url = f"{base_url}{uri}{id}"
+        resp = requests.get(url, headers=headers, verify=certs)
+        if resp.status_code == 200:
+            secret = resp.json()["data"]["data"]
+            if 'username' in secret and 'password' in secret:
+                return secret['username'], secret['password']
+            else:
+                return None, None
+
+        else:
+            print(f"http error {resp.status_code}")
+            logging.error(f"Vault api error {resp}")
+            return None, None
+
+
+def list_secret(repo: str = 'secret'):
+    """
+    :param repo: The name of a secret repository to retrieve the secret from - defaults to 'secret'
+    :return: A list containing all items keys from the repository
+
+    """
+
+    base_url = _config['vault']['vault_addr']
+    certs = join(_home, _config['vault']['certs'].replace("~/", ''))
+    token = _config['vault']['token']
+
+    headers = {"X-Vault-Token": token}
+    uri = f"/v1/{repo}/metadata"
+    url = f"{base_url}{uri}"
+    resp = requests.request('LIST', url, headers=headers, verify=certs)
+    if resp.status_code == 200:
+        return resp.json()["data"]["keys"]
+
+    else:
+        print(f"http error {resp.status_code}")
+        logging.error(f"Vault api error {resp}")
+        return None, None
+
+
+def upd_secret(id: str, data, repo: str = 'secret'):
+    """
+    :param id: The ID of the secret to retrieve
+    :param data: The data to be uploaded in place of the exitisting one
+    :param repo: The name of the repository to retrieve the secret from - defaults to 'secret'
+    :return: the response status code from the vault - 200 if successful.
+
+    """
+
+    # check if data is available in config file
+    if id in _config:
+        _config[id] = data
+        with open(join(_home, _config_file), 'w') as fd:
+            yaml.safe_dump(_config, fd)
+        return 200
+
+    else:
+        base_url = _config['vault']['vault_addr']
+        certs = join(_home, _config['vault']['certs'].replace("~/", ''))
+        token = _config['vault']['token']
+
+        headers = {"X-Vault-Token": token}
+        uri = f"/v1/{repo}/data/"
+        url = f"{base_url}{uri}{id}"
+        resp = requests.request('GET', url, headers=headers, verify=certs)
+        if resp.status_code == 200:
+            version = resp.json()["data"]['metadata']['version']
+            obj = {
+                "options": {
+                    "cas": version
+                },
+                "data": data
+            }
+
+            resp2 = requests.request('POST', url, headers=headers, json=obj, verify=certs)
+            if resp2.status_code != 200:
+                logging.warning(f"Vault update error for {id} with new {data}")
+            return resp2.status_code
+
+        else:
+            print(f"http error {resp.status_code}")
+            logging.error(f"Vault api error {resp}")
+            return None, None
+
+
+if __name__ == "__main__":
+    secret = get_secret('test')

{get_hc_secrets-1.5.10 → get_hc_secrets-1.5.21}/src/get_hc_secrets.egg-info/PKG-INFO

@@ -1,7 +1,7 @@
-Metadata-Version: 2.1
+Metadata-Version: 2.4
 Name: get_hc_secrets
-Version: 1.5.10
-Summary: A package to read secrets from Hashicorp vault
+Version: 1.5.21
+Summary: A package to read secrets from Hashicorp vault or from a local file
 Author-email: Xavier Mayeur <xavier@mayeur.be>
 Project-URL: Homepage, https://github.com/xmayeur/getSecrets
 Project-URL: Bug Tracker, https://github.com/xmayeur/getSecrets/issues
@@ -13,19 +13,23 @@ Description-Content-Type: text/markdown
 License-File: LICENSE
 Requires-Dist: pyyaml
 Requires-Dist: requests
+Dynamic: license-file
 
 # getSecrets package
 
 getSecrets is a simple package that reads from the given engine ('secret' by default) of a Hashicorp vault
+It can also read data from the local vault.yml file
 
 usage:
 
 ```
 from getSecrets import *
 
-data = get_secret(<id>, [<secret>])
+data = get_secret(<id>, [repo:<secret>])
 
-usr_pwd = get_user_pwd(<id>, <new k_v_dict> , [<secret>])
+usr, pwd = get_user_pwd(<id> , [repo:<secret>])
+
+updater = update_secret(<id>, <new_object>, [repo:<secret>])
 
 list = list_secret([<secret>]
 
@@ -38,4 +42,17 @@ vault:
   token: "<access token>"
   vault_addr: "https://vault:8200"
   certs: "<path>/bundle.pem"
+ 
+id:
+  item1: 1
+  item2: 2
+  username: user
+  password: !@•?
 ```
+
+for reminder:
+bundle.pem, for own certificates, is made of, in this order:
+
+- vault certificate
+- intermediate certificate
+- root certificate

{get_hc_secrets-1.5.10 → get_hc_secrets-1.5.21}/tests/test_getsecrets.py

@@ -1,6 +1,7 @@
 import unittest
 
-import getSecrets as gs
+# import getSecrets as gs
+from src import getSecrets as gs
 
 
 class TestGetSecrets(unittest.TestCase):
@@ -10,9 +11,13 @@ class TestGetSecrets(unittest.TestCase):
         self.assertTrue('test' in secrets)
 
     def test_getsecrets(self):
+
+        secret = gs.get_secret('test')
+        secret['test'] = 'test1'
+        gs.upd_secret('test', secret)
         secret = gs.get_secret('test')
         self.assertTrue('test' in secret)
-        self.assertEqual(secret['test'], 'test')
+        self.assertEqual(secret['test'], 'test1')
 
     def test_usr_pwd(self):
         usr, pwd = gs.get_user_pwd('test')

get_hc_secrets-1.5.10/README.md

@@ -1,25 +0,0 @@
-# getSecrets package
-
-getSecrets is a simple package that reads from the given engine ('secret' by default) of a Hashicorp vault
-
-usage:
-
-```
-from getSecrets import *
-
-data = get_secret(<id>, [<secret>])
-
-usr_pwd = get_user_pwd(<id>, <new k_v_dict> , [<secret>])
-
-list = list_secret([<secret>]
-
-```
-
-Vault parameters are stored in a config file ~/.config/.vault/.vault.yml
-
-```
-vault:
-  token: "<access token>"
-  vault_addr: "https://vault:8200"
-  certs: "<path>/bundle.pem"
-```

get_hc_secrets-1.5.10/src/getSecrets/__init__.py

@@ -1,153 +0,0 @@
-import logging
-import os
-import sys
-from os import getenv
-from os.path import join
-
-import requests
-import yaml
-
-logging.basicConfig(level=logging.INFO, format='%(asctime)s %(message)s',
-                    datefmt='%m/%d/%Y %I:%M:%S %p')
-
-_config_file = "~/.config/.vault/vault.yml"
-_home = getenv("HOME")
-
-try:
-    _config = yaml.safe_load(open(join(_home, _config_file.replace("~/", ''))))
-except (FileNotFoundError, TypeError):
-    if not os.path.exists("/etc/vault"):
-        os.makedirs("/etc/vault")
-    _home = "/etc/vault"
-    try:
-        _config = yaml.safe_load(open(join(_home, 'vault.yml')))
-    except FileNotFoundError:
-        logging.error(f"No vault configuration found in {_home}")
-        sys.exit(1)
-
-
-def get_secret(id: str, repo: str = 'secret') -> dict:
-    """
-    :param id: The ID of the secret to retrieve
-    :param repo: The name of the secrets repository to retrieve the secret from - defaults to 'secret'
-    :return: a json object with key/value pairs
-             or an empty object if the secret retrieval fails
-
-    This method retrieves a secret from a Vault server using the provided ID.
-    If the request is successful (status code 200), the method extracts the key-value pairs JSON object.
-    If the request fails, the method logs an HTTP error message and returns a n empty json {}.
-    """
-
-    base_url = _config['vault']['vault_addr']
-    if _home == '/etc/vault':
-        certs = '/etc/vault/bundle.pem'
-    else:
-        certs = join(_home, _config['vault']['certs'].replace("~/", ''))
-
-    token = _config['vault']['token']
-    headers = {"X-Vault-Token": token}
-    uri = f"/v1/{repo}/data/"
-    url = f"{base_url}{uri}{id}"
-    resp = requests.get(url, headers=headers, verify=certs)
-    if resp.status_code == 200:
-        secret = resp.json()["data"]["data"]
-        return secret
-
-    else:
-        print(f"http error {resp.status_code}")
-        logging.error(f"Vault api error {resp}")
-        return {}
-
-
-def get_user_pwd(id: str, repo: str = 'secret') -> tuple:
-    """
-    :param id: The ID of the secret to retrieve
-    :param repo: The name of the secret repository to retrieve the seret from - defaults to 'secret'
-    :return: a tuple username, password values if the secrets has such keys, else None, None
-
-    This method retrieves a secret from a Vault server using the provided ID.
-    If the request is successful (status code 200), the method extracts the  username and password key value
-    if such keys exist.
-    If the request fails, the method prints an HTTP error message and returns (None, None).
-    """
-
-    base_url = _config['vault']['vault_addr']
-    certs = join(_home, _config['vault']['certs'].replace("~/", ''))
-    token = _config['vault']['token']
-
-    headers = {"X-Vault-Token": token}
-    uri = f"/v1/{repo}/data/"
-    url = f"{base_url}{uri}{id}"
-    resp = requests.get(url, headers=headers, verify=certs)
-    if resp.status_code == 200:
-        secret = resp.json()["data"]["data"]
-        if 'username' in secret and 'password' in secret:
-            return secret['username'], secret['password']
-        else:
-            return None, None
-
-    else:
-        print(f"http error {resp.status_code}")
-        logging.error(f"Vault api error {resp}")
-        return None, None
-
-
-def list_secret(repo: str = 'secret'):
-    """
-    :param repo: The name of a secret repository to retrieve the secret from - defaults to 'secret'
-    :return: A list containing all items keys from the repository
-
-    """
-
-    base_url = _config['vault']['vault_addr']
-    certs = join(_home, _config['vault']['certs'].replace("~/", ''))
-    token = _config['vault']['token']
-
-    headers = {"X-Vault-Token": token}
-    uri = f"/v1/{repo}/metadata"
-    url = f"{base_url}{uri}"
-    resp = requests.request('LIST', url, headers=headers, verify=certs)
-    if resp.status_code == 200:
-        return resp.json()["data"]["keys"]
-
-    else:
-        print(f"http error {resp.status_code}")
-        logging.error(f"Vault api error {resp}")
-        return None, None
-
-
-def upd_secret(id: str, data, repo: str = 'secret'):
-    """
-    :param id: The ID of the secret to retrieve
-    :param data: The data to be uploaded in place of the exitisting one
-    :param repo: The name of the repository to retrieve the secret from - defaults to 'secret'
-    :return: the response status code from the vault - 200 if successful.
-
-    """
-
-    base_url = _config['vault']['vault_addr']
-    certs = join(_home, _config['vault']['certs'].replace("~/", ''))
-    token = _config['vault']['token']
-
-    headers = {"X-Vault-Token": token}
-    uri = f"/v1/{repo}/data/"
-    url = f"{base_url}{uri}{id}"
-    resp = requests.request('GET', url, headers=headers, verify=certs)
-    if resp.status_code == 200:
-        version = resp.json()["data"]['metadata']['version']
-        obj = {
-            "options": {
-                "cas": version
-            },
-            "data": data
-        }
-
-        resp2 = requests.request('POST', url, headers=headers, json=obj, verify=certs)
-        if resp2.status_code != 200:
-            logging.warning(f"Vault update error for {id} with new {data}")
-        return resp2.status_code
-
-    else:
-        print(f"http error {resp.status_code}")
-        logging.error(f"Vault api error {resp}")
-        return None, None