valitydev/salt
14
0
Fork 0
mirror of https://github.com/valitydev/salt.git synced 2024-11-07 00:55:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add wrapped token auth method for vault module

Browse Source
This commit is contained in:
Beorn Facchini 2018-04-14 15:56:30 +10:00
parent 68546d27ea
commit 3934336b3b
No known key found for this signature in database
GPG Key ID: C9EB78DC1CC5B308
1 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
salt/utils/vault.py
View File

@ -114,6 +114,16 @@ def _get_vault_connection():
errmsg = 'An error occured while getting a token from approle'
raise salt.exceptions.CommandExecutionError(errmsg)
__opts__['vault']['auth']['token'] = response.json()['auth']['client_token']
if __opts__['vault']['auth']['method'] == 'wrapped_token':
verify = __opts__['vault'].get('verify', None)
if _wrapped_token_valid():
url = '{0}/v1/sys/wrapping/unwrap'.format(__opts__['vault']['url'])
headers = {'X-Vault-Token': __opts__['vault']['auth']['token']}
response = requests.post(url, headers=headers, verify=verify)
if response.status_code != 200:
errmsg = 'An error occured while unwrapping vault token'
raise salt.exceptions.CommandExecutionError(errmsg)
__opts__['vault']['auth']['token'] = response.json()['auth']['client_token']
return {
'url': __opts__['vault']['url'],
'token': __opts__['vault']['auth']['token'],
@ -170,3 +180,23 @@ def _selftoken_expired():
raise salt.exceptions.CommandExecutionError(
'Error while looking up self token : {0}'.format(e)
)
def _wrapped_token_valid():
'''
Validate the wrapped token exists and is still valid
'''
try:
verify = __opts__['vault'].get('verify', None)
url = '{0}/v1/sys/wrapping/lookup'.format(__opts__['vault']['url'])
if 'token' not in __opts__['vault']['auth']:
return False
headers = {'X-Vault-Token': __opts__['vault']['auth']['token']}
response = requests.post(url, headers=headers, verify=verify)
if response.status_code != 200:
return False
return True
except Exception as e:
raise salt.exceptions.CommandExecutionError(
'Error while looking up wrapped token : {0}'.format(e)
)