8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
# File 'lib/jerakia/datasource/vault.rb', line 8
def run
option :host, type: String, default: '127.0.0.1'
option :port, type: Integer, default: 8200
option :scheme, type: Symbol, default: :http
option :token, type: String
option :searchpath, type: Array, default: [ 'secret' ]
option :field, type: Symbol, default: lookup.request.key.to_sym
option :dig, type: [FalseClass, TrueClass], default: true
option :map_key, type: [FalseClass, TrueClass], default: false
addr = "#{options[:scheme].to_s}://#{options[:host]}:#{options[:port]}"
Jerakia.log.debug("[jerakia-vault]: Using address #{addr}")
begin
vault = ::Vault::Client.new
vault.configure do |conf|
conf.address = addr
conf.token = options[:token] if options[:token]
end
sealed = vault.sys.seal_status.sealed?
rescue ::Vault::HTTPConnectionError => e
raise Jerakia::Error, "Cannot connect to vault server. #{e.message}"
end
raise Jerakia::Error, "Connected to sealed vault" if sealed
hierarchy = options[:searchpath].map { |s|
[s, lookup.request.namespace ].flatten.join("/")
}
hierarchy.each do |level|
break unless response.want?
level << "/#{lookup.request.key}" if options[:map_key]
Jerakia.log.debug("[jerakia-vault]: looking up #{level}")
secret = vault.logical.read(level)
if secret.is_a?(::Vault::Secret)
Jerakia.log.debug("[jerakia-vault]: valid answer returned #{secret.data}")
if options[:dig]
if result = secret.data[options[:field]]
Jerakia.log.debug("[jerakia-vault]: found key #{lookup.request.key.to_sym}")
response.submit result
end
else
response.submit secret.data unless secret.data.empty?
end
end
end
end
|