def raw_file(client, src, dest, opt):
"""Write the contents of a vault path/key to a file"""
path, key = path_pieces(src)
resp = client.read(path)
if not resp:
client.revoke_self_token()
raise aomi.exceptions.VaultData("Unable to retrieve %s" % path)
else:
if 'data' in resp and key in resp['data']:
secret = resp['data'][key]
if is_base64(secret):
log('decoding base64 entry', opt)
secret = portable_b64decode(secret)
if is_aws(resp['data']):
renew_secret(client, resp, opt)
secret_file = None
if sys.version_info >= (3, 0):
if not isinstance(secret, str):
secret_file = open(abspath(dest), 'wb')
if not secret_file:
secret_file = open(abspath(dest), 'w')
secret_file.write(secret)
else:
client.revoke_self_token()
e_msg = "Key %s not found in %s" % (key, path)
raise aomi.exceptions.VaultData(e_msg)
def update_generic_password(client, path):
"""Will update a single key in a generic secret backend as
thought it were a password"""
vault_path, key = path_pieces(path)
mount = mount_for_path(vault_path, client)
if not mount:
client.revoke_self_token()
raise aomi.exceptions.VaultConstraint('invalid path')
if backend_type(mount, client) != 'generic':
client.revoke_self_token()
raise aomi.exceptions.AomiData("Unsupported backend type")
LOG.debug("Updating generic password at %s", path)
existing = client.read(vault_path)
if not existing or 'data' not in existing:
LOG.debug("Nothing exists yet at %s!", vault_path)
existing = {}
else:
LOG.debug("Updating %s at %s", key, vault_path)
existing = existing['data']
new_password = get_password()
if key in existing and existing[key] == new_password:
client.revoke_self_token()
raise aomi.exceptions.AomiData("Password is same as existing")
existing[key] = new_password
client.write(vault_path, **existing)
def update_generic_password(client, path):
"""Will update a single key in a generic secret backend as
thought it were a password"""
vault_path, key = path_pieces(path)
mount = mount_for_path(vault_path, client)
if not mount:
client.revoke_self_token()
raise aomi.exceptions.VaultConstraint('invalid path')
if backend_type(mount, client) != 'generic':
client.revoke_self_token()
raise aomi.exceptions.AomiData("Unsupported backend type")
LOG.debug("Updating generic password at %s", path)
existing = client.read(vault_path)
if not existing or 'data' not in existing:
LOG.debug("Nothing exists yet at %s!", vault_path)
existing = {}
else:
LOG.debug("Updating %s at %s", key, vault_path)
existing = existing['data']
new_password = get_password()
if key in existing and existing[key] == new_password:
client.revoke_self_token()
raise aomi.exceptions.AomiData("Password is same as existing")
existing[key] = new_password
client.write(vault_path, **existing)
def raw_file(client, src, dest, opt):
"""Write the contents of a vault path/key to a file"""
path, key = path_pieces(src)
resp = client.read(path)
if not resp:
client.revoke_self_token()
raise aomi.exceptions.VaultData("Unable to retrieve %s" % path)
else:
if 'data' in resp and key in resp['data']:
secret = resp['data'][key]
if is_aws(resp['data']):
renew_secret(client, resp, opt)
open(abspath(dest), 'w').write(secret)
else:
client.revoke_self_token()
e_msg = "Key %s not found in %s" % (key, path)
raise aomi.exceptions.VaultData(e_msg)
def raw_file(client, src, dest, opt):
"""Write the contents of a vault path/key to a file. Is
smart enough to attempt and handle binary files that are
base64 encoded."""
path, key = path_pieces(src)
resp = client.read(path)
if not resp:
client.revoke_self_token()
raise aomi.exceptions.VaultData("Unable to retrieve %s" % path)
else:
if 'data' in resp and key in resp['data']:
secret = resp['data'][key]
if is_base64(secret):
LOG.debug('decoding base64 entry')
secret = portable_b64decode(secret)
if is_aws(resp['data']):
renew_secret(client, resp, opt)
write_raw_file(secret, dest)
else:
client.revoke_self_token()
e_msg = "Key %s not found in %s" % (key, path)
raise aomi.exceptions.VaultData(e_msg)
def raw_file(client, src, dest, opt):
"""Write the contents of a vault path/key to a file. Is
smart enough to attempt and handle binary files that are
base64 encoded."""
path, key = path_pieces(src)
resp = client.read(path)
if not resp:
client.revoke_self_token()
raise aomi.exceptions.VaultData("Unable to retrieve %s" % path)
else:
if 'data' in resp and key in resp['data']:
secret = resp['data'][key]
if is_base64(secret):
LOG.debug('decoding base64 entry')
secret = portable_b64decode(secret)
if is_aws(resp['data']) and 'sts' not in path:
renew_secret(client, resp, opt)
write_raw_file(secret, dest)
else:
client.revoke_self_token()
e_msg = "Key %s not found in %s" % (key, path)
raise aomi.exceptions.VaultData(e_msg)