Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update hvac to version 1.0.2 #957

Closed
wants to merge 28 commits into from
Closed

Update hvac to version 1.0.2 #957

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
ea1bf87
Add write support for vaultkv secrets
MatteoVoges Jan 20, 2023
31ac2f6
Add default values for path and mount
MatteoVoges Jan 20, 2023
9de7a9f
Support appended functions
MatteoVoges Jan 27, 2023
6171d71
Remove unneccessary variables
MatteoVoges Jan 27, 2023
42cd693
Add documentation
MatteoVoges Jan 27, 2023
4f1300e
Fix encoding in __init__()
MatteoVoges Jan 27, 2023
e33213c
Add test for vaultkv writing with tag
MatteoVoges Jan 27, 2023
a593dba
Add cli support
MatteoVoges Feb 3, 2023
f04daf7
Add tests
MatteoVoges Feb 3, 2023
07670a4
Refactor vaultkv engine
MatteoVoges Feb 3, 2023
d13efa1
Fix tests
MatteoVoges Feb 3, 2023
30d5e71
Merge branch 'master' into vaultkv-write-secrets
MatteoVoges Feb 3, 2023
1136821
Remove unreachable variable
MatteoVoges Feb 3, 2023
32bc70c
Try testing with vault in docker
MatteoVoges Feb 3, 2023
05bf7fe
Find open port dynamically
MatteoVoges Feb 10, 2023
7177a8c
Add more tests (params and base64)
MatteoVoges Feb 10, 2023
12e0eac
Simplify attribute reading
MatteoVoges Feb 10, 2023
6df8b8a
Merge branch 'master' into vaultkv-write-secrets
MatteoVoges Feb 10, 2023
0260690
Add new interface to server and client
MatteoVoges Feb 10, 2023
3a7359d
Adapt secret engines (clients)
MatteoVoges Feb 10, 2023
4f7e9a9
Adapt tests (as server)
MatteoVoges Feb 10, 2023
ca35b8e
Try to fix tests
MatteoVoges Feb 14, 2023
c7c7b1f
Add commentary
MatteoVoges Feb 14, 2023
5715407
Merge branch 'master' into restructure-vault-resources
MatteoVoges Feb 18, 2023
cb1eeec
Merge branch 'master' into restructure-vault-resources
MatteoVoges Feb 23, 2023
f3d2333
Merge branch 'master' into restructure-vault-resources
MatteoVoges Feb 24, 2023
2dd2c2b
bump hvac to 1.0.2
MatteoVoges Feb 24, 2023
2ed458a
Replace depricated api functions
MatteoVoges Feb 24, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
303 changes: 160 additions & 143 deletions docs/references.md
View file
Open in desktop

Large diffs are not rendered by default.

18 changes: 18 additions & 0 deletions kapitan/cli.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -493,6 +493,24 @@ def build_parser():
default=from_dot_kapitan("refs", "vault-auth", ""),
metavar="AUTH",
)
refs_parser.add_argument(
"--vault-mount",
help="set mount point for vault secrets, default is 'secret'",
default=from_dot_kapitan("refs", "vault-mount", "secret"),
metavar="MOUNT",
)
refs_parser.add_argument(
"--vault-path",
help="set path for vault secrets where the secret gets stored on vault, default is the secret_path",
default=from_dot_kapitan("refs", "vault-path", ""),
metavar="PATH",
)
refs_parser.add_argument(
"--vault-key",
help="set key for vault secrets",
default=from_dot_kapitan("refs", "vault-key", ""),
metavar="KEY",
)
refs_parser.add_argument(
"--refs-path",
help='set refs path, default is "./refs"',
Expand Down
21 changes: 20 additions & 1 deletion kapitan/refs/base.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -598,13 +598,29 @@ def _get_from_token(self, token):
token, ref.token
)
)

# "type_name:path/to/ref:vault_mount:path/in/vault:key"
elif len(attrs) == 5:
type_name = attrs[0]
path_to_ref = attrs[1]
key = attrs[4]

if key is None:
raise RefError(f"{token} is not a valid token (key in vault is needed)")
else:
backend = self._get_backend(type_name)
ref = backend[path_to_ref]
return ref

else:
return None

def _set_to_token(self, token, ref_obj):
attrs = token.split(":")

if len(attrs) == 2:
# 2: default ref tag
# 5: used for writing(creating) secrets in vaultkv
if len(attrs) in (2, 5):
type_name = attrs[0]
path = attrs[1]
backend = self._get_backend(type_name)
Expand Down Expand Up @@ -685,6 +701,9 @@ def __setitem__(self, key, value):
ctx.ref_controller = self
ctx.token = token

# pass the token as ref param
value.kwargs["token"] = token

self._eval_func_str(ctx, func_str)
ref_type = self.token_type(token)

Expand Down
26 changes: 23 additions & 3 deletions kapitan/refs/cmd_parser.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
import sys
import mimetypes

from kapitan.errors import KapitanError, RefHashMismatchError
from kapitan.errors import KapitanError, RefHashMismatchError, RefError
from kapitan.refs.base import PlainRef, RefController, Revealer
from kapitan.refs.base64 import Base64Ref
from kapitan.refs.env import EnvRef
Expand Down Expand Up @@ -219,8 +219,28 @@ def ref_write(args, ref_controller):
"No Authentication type parameter specified. Specify it"
" in parameters.kapitan.secrets.vaultkv.auth and use --target-name or use --vault-auth"
)

secret_obj = VaultSecret(_data, vault_params)
kwargs = {}

# set mount
mount = args.vault_mount
if not mount:
mount = vault_params.get("mount", "secret") # secret is default mount point
kwargs["mount_in_vault"] = mount

# set path in vault
path_in_vault = args.vault_path
if not path_in_vault:
path_in_vault = token_path # token path in kapitan as default
kwargs["path_in_vault"] = path_in_vault

# set key
key = args.vault_key
if key:
kwargs["key_in_vault"] = key
else:
raise RefError("Could not create VaultSecret: vaultkv: key is missing")

secret_obj = VaultSecret(_data, vault_params, **kwargs)
tag = "?{{vaultkv:{}}}".format(token_path)
ref_controller[tag] = secret_obj

Expand Down
Loading