Beispiel #1
0
 def _get_secret(self, path):
     if path in self.forbidden_get_paths:
         raise exceptions.VaultForbidden()
     try:
         return self.db[path]
     except KeyError:
         raise exceptions.VaultSecretNotFound()
Beispiel #2
0
 def _get_secret(self, path: str) -> Dict[str, types.JSONValue]:
     secret = self.client.read(path)
     if not secret:
         raise exceptions.VaultSecretNotFound(
             errors=[f"Secret not found at path '{path}'"]
         )
     return secret["data"]
Beispiel #3
0
    def get_secret(self,
                   path: str,
                   key: Optional[str] = None,
                   render: bool = True
                   ) -> Union[types.JSONValue, utils.RecursiveValue]:
        """
        Retrieve the value of a single secret

        Parameters
        ----------
        path : str
            Path of the secret

        key : str, optional
            If set, return only this key

        render : bool, optional
            Whether to render templated secret or not, by default True

        Returns
        -------
        types.JSONValue
            Secret value
        """
        full_path = self._build_full_path(path)
        if full_path in self._currently_fetching:
            return utils.RecursiveValue(path)

        self._currently_fetching.add(full_path)
        try:
            assert self.cache is not None
            try:
                mapping = self.cache[full_path]
            except KeyError:
                mapping = self.cache[full_path] = self._get_secret(
                    path=full_path)

            if mapping and render and self.render:
                try:
                    mapping = self._render_template_dict(mapping)
                except exceptions.VaultRenderTemplateError as exc:
                    message = f'Error while rendering secret at path "{path}"'
                    raise exceptions.VaultRenderTemplateError(message) from exc

        finally:
            self._currently_fetching.remove(full_path)

        if key is not None:
            try:
                secret = mapping[key]
            except KeyError:
                raise exceptions.VaultSecretNotFound(errors=[
                    f"Key '{key}' not found in secret at path '{full_path}'"
                ])
        else:
            secret = mapping

        return secret
Beispiel #4
0
    def get_secret(self,
                   path: str,
                   key: Optional[str] = None) -> types.JSONValue:
        """
        Retrieve the value of a single secret

        Parameters
        ----------
        path : str
            Path of the secret

        key : str, optional
            If set, return only this key

        Returns
        -------
        types.JSONValue
            Secret value
        """
        full_path = self._build_full_path(path)

        assert self.cache is not None
        try:
            mapping = self.cache[full_path]
        except KeyError:
            mapping = self.cache[full_path] = self._get_secret(path=full_path)

        if key is not None:
            try:
                secret = mapping[key]
            except KeyError:
                raise exceptions.VaultSecretNotFound(errors=[
                    f"Key '{key}' not found in secret at path '{full_path}'"
                ])
        else:
            secret = mapping

        return secret