Module: Legion::Crypt::Vault

Included in:
Legion::Crypt
Defined in:
lib/legion/crypt/vault.rb,
lib/legion/crypt/vault_renewer.rb

Defined Under Namespace

Classes: Renewer

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#sessionsObject

Returns the value of attribute sessions.



6
7
8
 
# File 'lib/legion/crypt/vault.rb', line 6

def sessions
  @sessions
end

Instance Method Details

#add_session(path:) ⇒ Object 



53
54
55
 
# File 'lib/legion/crypt/vault.rb', line 53

def add_session(path:)
  @sessions.push(path)
end

#close_session(session:) ⇒ Object 



75
76
77
 
# File 'lib/legion/crypt/vault.rb', line 75

def close_session(session:)
  ::Vault.sys.revoke(session)
end

#close_sessionsObject 



57
58
59
60
61
62
63
64
65
 
# File 'lib/legion/crypt/vault.rb', line 57

def close_sessions
  return if @sessions.nil?

  Legion::Logging.info 'Closing all Legion::Crypt vault sessions'

  @sessions.each do |session|
    close_session(session: session)
  end
end

#connect_vaultObject

rubocop:disable Metrics/AbcSize



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/legion/crypt/vault.rb', line 12

def connect_vault # rubocop:disable Metrics/AbcSize
  @sessions = []
  ::Vault.address = "#{Legion::Settings[:crypt][:vault][:protocol]}://#{Legion::Settings[:crypt][:vault][:address]}:#{Legion::Settings[:crypt][:vault][:port]}" # rubocop:disable Layout/LineLength

  Legion::Settings[:crypt][:vault][:token] = ENV['VAULT_DEV_ROOT_TOKEN_ID'] if ENV.key? 'VAULT_DEV_ROOT_TOKEN_ID'
  return nil if Legion::Settings[:crypt][:vault][:token].nil?

  ::Vault.token = Legion::Settings[:crypt][:vault][:token]
  Legion::Settings[:crypt][:vault][:connected] = true if ::Vault.sys.health_status.initialized?
  return unless Legion.const_defined? 'Extensions::Actors::Every'

  require_relative 'vault_renewer'
  @renewer = Legion::Crypt::Vault::Renewer.new
rescue StandardError => e
  Legion::Logging.error e.message
  Legion::Settings[:crypt][:vault][:connected] = false
  false
end

#exist?(path) ⇒ Boolean

Returns:

  • (Boolean) 


49
50
51
 
# File 'lib/legion/crypt/vault.rb', line 49

def exist?(path)
  !::Vault.kv(settings[:vault][:kv_path]).read_metadata(path).nil?
end

#get(path) ⇒ Object 



38
39
40
41
42
43
 
# File 'lib/legion/crypt/vault.rb', line 38

def get(path)
  result = ::Vault.kv(settings[:vault][:kv_path]).read(path)
  return nil if result.nil?

  result.data
end

#read(path, type = 'legion') ⇒ Object 



31
32
33
34
35
36
 
# File 'lib/legion/crypt/vault.rb', line 31

def read(path, type = 'legion')
  full_path = type.nil? || type.empty? ? "#{type}/#{path}" : path
  lease = ::Vault.logical.read(full_path)
  add_session(path: lease.lease_id) if lease.respond_to? :lease_id
  lease.data
end

#renew_session(session:) ⇒ Object 



79
80
81
 
# File 'lib/legion/crypt/vault.rb', line 79

def renew_session(session:)
  ::Vault.sys.renew(session)
end

#renew_sessions(**_opts) ⇒ Object 



83
84
85
86
87
 
# File 'lib/legion/crypt/vault.rb', line 83

def renew_sessions(**_opts)
  @sessions.each do |session|
    renew_session(session: session)
  end
end

#settingsObject 



8
9
10
 
# File 'lib/legion/crypt/vault.rb', line 8

def settings
  Legion::Settings[:crypt][:vault]
end

#shutdown_renewerObject 



67
68
69
70
71
72
73
 
# File 'lib/legion/crypt/vault.rb', line 67

def shutdown_renewer
  return unless Legion::Settings[:crypt][:vault][:connected]
  return if @renewer.nil?

  Legion::Logging.debug 'Shutting down Legion::Crypt::Vault::Renewer'
  @renewer.cancel
end

#vault_exists?(name) ⇒ Boolean

Returns:

  • (Boolean) 


89
90
91
 
# File 'lib/legion/crypt/vault.rb', line 89

def vault_exists?(name)
  ::Vault.sys.mounts.key?(name.to_sym)
end

#write(path, **hash) ⇒ Object 



45
46
47
 
# File 'lib/legion/crypt/vault.rb', line 45

def write(path, **hash)
  ::Vault.kv(settings[:vault][:kv_path]).write(path, **hash)
end