Python VaultClient Examples

Programming Language: Python

Namespace/Package Name: utils.vault

Class/Type: VaultClient

Examples at hotexamples.com: 7

Python VaultClient - 7 examples found. These are the top rated real world Python examples of utils.vault.VaultClient extracted from open source projects. You can rate examples to help us improve the quality of examples.

Frequently Used Methods

Show Hide

VaultClient(7)

write(3)

read_all(2)

read(1)

Example #1

Show file

File: openshift_resources_base.py Project: aproddut/qontract-reconcile

def fetch_provider_vault_secret(path, version, name, labels, annotations, type,
                                integration, integration_version):
    # get the fields from vault
    vault_client = VaultClient()
    raw_data = vault_client.read_all({'path': path, 'version': version})

    # construct oc resource
    body = {
        "apiVersion": "v1",
        "kind": "Secret",
        "type": type,
        "metadata": {
            "name": name,
            "annotations": annotations
        }
    }
    if labels:
        body['metadata']['labels'] = labels
    if raw_data.items():
        body['data'] = {}

    # populate data
    for k, v in raw_data.items():
        if v == "":
            continue
        if k.lower().endswith(QONTRACT_BASE64_SUFFIX):
            k = k[:-len(QONTRACT_BASE64_SUFFIX)]
        elif v is not None:
            v = base64.b64encode(v.encode()).decode('utf-8')
        body['data'][k] = v

    try:
        return OR(body, integration, integration_version, error_details=path)
    except ConstructResourceError as e:
        raise FetchResourceError(str(e))

Example #2

Show file

File: aws_ecr_image_pull_secrets.py Project: aproddut/qontract-reconcile

def write_output_to_vault(dry_run, vault_path, account, secret_data, name):
    integration_name = QONTRACT_INTEGRATION
    secret_path = f"{vault_path}/{integration_name}/{account}/{name}"
    secret = {'path': secret_path, 'data': secret_data}
    logging.info(['write_secret', secret_path])
    vault_client = VaultClient()
    if not dry_run:
        vault_client.write(secret)

Example #3

Show file

File: terraform_resources.py Project: aproddut/qontract-reconcile

def write_outputs_to_vault(vault_path, ri):
    integration_name = QONTRACT_INTEGRATION.replace('_', '-')
    vault_client = VaultClient()
    for cluster, namespace, _, data in ri:
        for name, d_item in data['desired'].items():
            secret_path = \
                f"{vault_path}/{integration_name}/{cluster}/{namespace}/{name}"
            secret = {'path': secret_path, 'data': d_item.body['data']}
            vault_client.write(secret)

Example #4

Show file

def lookup_vault_secret(path, key, version=None, tvars=None):
    if tvars is not None:
        path = process_jinja2_template(path, vars=tvars)
        key = process_jinja2_template(key, vars=tvars)
        if version and not isinstance(version, int):
            version = process_jinja2_template(version, vars=tvars)
    secret = {'path': path, 'field': key, 'version': version}
    try:
        vault_client = VaultClient()
        return vault_client.read(secret)
    except Exception as e:
        raise FetchVaultSecretError(e)

Example #5

Show file

def fetch_provider_route(path, tls_path, tls_version):
    global _log_lock

    openshift_resource = fetch_provider_resource(path)

    if tls_path is None or tls_version is None:
        return openshift_resource

    # override existing tls fields from vault secret
    openshift_resource.body['spec'].setdefault('tls', {})
    tls = openshift_resource.body['spec']['tls']
    # get tls fields from vault
    vault_client = VaultClient()
    raw_data = vault_client.read_all({
        'path': tls_path,
        'version': tls_version
    })
    valid_keys = [
        'termination', 'insecureEdgeTerminationPolicy', 'certificate', 'key',
        'caCertificate', 'destinationCACertificate'
    ]
    for k, v in raw_data.items():
        if k in valid_keys:
            tls[k] = v
            continue

        msg = "Route secret '{}' key '{}' not in valid keys {}".format(
            tls_path, k, valid_keys)
        _log_lock.acquire()
        logging.info(msg)
        _log_lock.release()

    host = openshift_resource.body['spec'].get('host')
    certificate = openshift_resource.body['spec']['tls'].get('certificate')
    if host and certificate:
        match = openssl.certificate_matches_host(certificate, host)
        if not match:
            e_msg = "Route host does not match CN (common name): {}"
            raise FetchRouteError(e_msg.format(path))

    return openshift_resource

Example #6

Show file

File: openshift_serviceaccount_tokens.py Project: aproddut/qontract-reconcile

def write_outputs_to_vault(vault_path, ri):
    integration_name = QONTRACT_INTEGRATION.replace('_', '-')
    vault_client = VaultClient()
    for cluster, namespace, _, data in ri:
        for name, d_item in data['desired'].items():
            body_data = d_item.body['data']
            # write secret to per-namespace location
            secret_path = \
                f"{vault_path}/{integration_name}/" + \
                f"{cluster}/{namespace}/{name}"
            secret = {'path': secret_path, 'data': body_data}
            vault_client.write(secret)
            # write secret to shared-resources location
            secret_path = \
                f"{vault_path}/{integration_name}/" + \
                f"shared-resources/{name}"
            secret = {'path': secret_path, 'data': body_data}
            vault_client.write(secret)

Example #7

Show file

File: secret_reader.py Project: aproddut/qontract-reconcile

 def vault_client(self):
     if self._vault_client is None:
         self._vault_client = VaultClient()
     return self._vault_client