def init_vault_client(self):
url = getenv("VAULT_ADDR", "http://127.0.0.1:8200")
self.vault_client = VaultClient(url=url, token=getenv("VAULT_TOKEN"))
if self.vault_client.sys.is_sealed(
) and self.settings["vault"]["unseal_vault"]:
keys = [getenv(f"UNSEAL_VAULT_KEY{i}") for i in range(1, 6)]
self.vault_client.sys.submit_unseal_keys(filter(None, keys))
def init_vault_client(self):
self.vault_client = VaultClient()
self.vault_client.token = environ.get("VAULT_TOKEN")
if self.vault_client.sys.is_sealed(
) and self.settings["vault"]["unseal"]:
keys = [environ.get(f"UNSEAL_VAULT_KEY{i}") for i in range(1, 6)]
self.vault_client.sys.submit_unseal_keys(filter(None, keys))
def init_vault_client(self) -> None:
self.vault_client = VaultClient()
self.vault_client.url = self.vault_addr
self.vault_client.token = environ.get("VAULT_TOKEN")
if self.vault_client.sys.is_sealed() and self.unseal_vault:
keys = [environ.get(f"UNSEAL_VAULT_KEY{i}") for i in range(1, 6)]
self.vault_client.sys.submit_unseal_keys(filter(None, keys))
def create_vault_client(app):
client = VaultClient(url=app.config['VAULT_ADDR'],
token=app.config['VAULT_TOKEN'])
if client.is_sealed() and app.config['UNSEAL_VAULT']:
keys = [app.config[f'UNSEAL_VAULT_KEY{i}'] for i in range(1, 6)]
client.unseal_multi(filter(None, keys))
return client
def login_vault():
if 'VAULT_TOKEN' in os.environ:
vault_token = os.environ['VAULT_TOKEN']
else:
raise Exception('Vault token not defined')
vc = VaultClient(url='https://vault.pentair.io', token=vault_token)
vc.renew_token()
secret = vc.read('secret/data/lambdas/ami')
username = secret['data']['data']['username']
password = secret['data']['data']['password']
resp = requests.post(AMI_URL + '/Login', json={'username': username, 'password': password})
if resp.status_code == 200:
return resp.json()['token']
else:
raise Exception(resp)
def _auth(self):
client = VaultClient(url=self._config['addr'])
auth = self._config['auth_type']
token = self._config['token']
if token and auth == 'token':
client.token = token
elif auth == 'aws_iam':
session = boto3.Session()
creds = session.get_credentials()
kwargs = [self._config['header_value'], self._config['role']]
client.auth_aws_iam(
creds.access_key, creds.secret_key, creds.token,
**{k: v
for k, v in self._config.items() if v and k in kwargs})
if client.is_authenticated() is False:
raise VaultUnauthorized(f'auth_type: {auth}')
return client.secrets.kv
})
ldap_client = Server(environ.get("LDAP_SERVER"),
get_info=ALL) if USE_LDAP else None
login_manager = LoginManager()
login_manager.session_protection = "strong"
mail_client = Mail()
scheduler = BackgroundScheduler({
"apscheduler.jobstores.default": {
"type": "sqlalchemy",
"url": "sqlite:///jobs.sqlite",
},
"apscheduler.executors.default": {
"class": "apscheduler.executors.pool:ThreadPoolExecutor",
"max_workers": "50",
},
"apscheduler.job_defaults.misfire_grace_time": "5",
"apscheduler.job_defaults.coalesce": "true",
"apscheduler.job_defaults.max_instances": "3",
})
scheduler.start()
tacacs_client = (TACACSClient(environ.get("TACACS_ADDR"), 49,
environ.get("TACACS_PASSWORD"))
if USE_TACACS else None)
vault_client = VaultClient()
def get_client(dev=False):
if dev is False:
return VaultClient(url=getenv(
'VAULT_ADDR', 'http://127.0.0.1:8200'), token=getenv('VAULT_TOKEN'))
return VaultClient() # No authentication needed if dev mode.
def create_vault_client(app):
return VaultClient(url=app.config['VAULT_ADDR'],
token=app.config['VAULT_TOKEN'])