def test_is_aws(self):
assert is_aws({'access_key': True, 'secret_key': True})
assert is_aws({
'access_key': True,
'secret_key': True,
'security_token': True
})
def template(client, src, dest, paths, opt):
"""Writes a template using variables from a vault path"""
key_map = cli_hash(opt.key_map)
obj = {}
for path in paths:
response = client.read(path)
if not response:
raise aomi.exceptions.VaultData("Unable to retrieve %s" % path)
if is_aws(response['data']) and 'sts' not in path:
renew_secret(client, response, opt)
for s_k, s_v in response['data'].items():
o_key = s_k
if s_k in key_map:
o_key = key_map[s_k]
k_name = secret_key_name(path, o_key, opt) \
.lower() \
.replace('-', '_')
obj[k_name] = s_v
template_obj = blend_vars(obj, opt)
output = render(grok_template_file(src),
template_obj)
write_raw_file(output, abspath(dest))
def env(client, paths, opt):
"""Renders a shell snippet based on paths in a Secretfile"""
old_prefix = False
old_prefix = opt.prefix and not (opt.add_prefix or opt.add_suffix
or not opt.merge_path)
if old_prefix:
LOG.warning("the prefix option is deprecated "
"please use"
"--no-merge-path --add-prefix $OLDPREFIX_ instead")
elif opt.prefix:
LOG.warning("the prefix option is deprecated"
"please use"
"--no-merge-path --add-prefix $OLDPREFIX_ instead")
key_map = cli_hash(opt.key_map)
for path in paths:
secrets = client.read(path)
if secrets and 'data' in secrets:
if is_aws(secrets['data']) and 'sts' not in path:
renew_secret(client, secrets, opt)
for s_key, s_val in secrets['data'].items():
o_key = s_key
if s_key in key_map:
o_key = key_map[s_key]
# see https://github.com/Autodesk/aomi/issues/40
env_name = None
if old_prefix:
env_name = ("%s_%s" % (opt.prefix, o_key)).upper()
else:
env_name = secret_key_name(path, o_key, opt).upper()
print("%s=\"%s\"" % (env_name, s_val))
if opt.export:
print("export %s" % env_name)
def raw_file(client, src, dest, opt):
"""Write the contents of a vault path/key to a file. Is
smart enough to attempt and handle binary files that are
base64 encoded."""
path, key = path_pieces(src)
resp = client.read(path)
if not resp:
client.revoke_self_token()
raise aomi.exceptions.VaultData("Unable to retrieve %s" % path)
else:
if 'data' in resp and key in resp['data']:
secret = resp['data'][key]
if is_base64(secret):
LOG.debug('decoding base64 entry')
secret = portable_b64decode(secret)
if is_aws(resp['data']) and 'sts' not in path:
renew_secret(client, resp, opt)
write_raw_file(secret, dest)
else:
client.revoke_self_token()
e_msg = "Key %s not found in %s" % (key, path)
raise aomi.exceptions.VaultData(e_msg)
def env(client, paths, opt):
"""Renders a shell snippet based on paths in a Secretfile"""
old_prefix = False
old_prefix = opt.prefix and not (opt.add_prefix or
opt.add_suffix or
not opt.merge_path)
if old_prefix:
LOG.warning("the prefix option is deprecated "
"please use"
"--no-merge-path --add-prefix $OLDPREFIX_ instead")
elif opt.prefix:
LOG.warning("the prefix option is deprecated"
"please use"
"--no-merge-path --add-prefix $OLDPREFIX_ instead")
key_map = cli_hash(opt.key_map)
for path in paths:
secrets = client.read(path)
if secrets and 'data' in secrets:
if is_aws(secrets['data']) and 'sts' not in path:
renew_secret(client, secrets, opt)
for s_key, s_val in secrets['data'].items():
o_key = s_key
if s_key in key_map:
o_key = key_map[s_key]
# see https://github.com/Autodesk/aomi/issues/40
env_name = None
if old_prefix:
env_name = ("%s_%s" % (opt.prefix, o_key)).upper()
else:
env_name = secret_key_name(path, o_key, opt).upper()
print("%s=\"%s\"" % (env_name, s_val))
if opt.export:
print("export %s" % env_name)
def raw_file(client, src, dest, opt):
"""Write the contents of a vault path/key to a file. Is
smart enough to attempt and handle binary files that are
base64 encoded."""
path, key = path_pieces(src)
resp = client.read(path)
if not resp:
client.revoke_self_token()
raise aomi.exceptions.VaultData("Unable to retrieve %s" % path)
else:
if 'data' in resp and key in resp['data']:
secret = resp['data'][key]
if is_base64(secret):
LOG.debug('decoding base64 entry')
secret = portable_b64decode(secret)
if is_aws(resp['data']) and 'sts' not in path:
renew_secret(client, resp, opt)
write_raw_file(secret, dest)
else:
client.revoke_self_token()
e_msg = "Key %s not found in %s" % (key, path)
raise aomi.exceptions.VaultData(e_msg)
def template(client, src, dest, paths, opt):
"""Writes a template using variables from a vault path"""
key_map = cli_hash(opt.key_map)
obj = {}
for path in paths:
response = client.read(path)
if not response:
raise aomi.exceptions.VaultData("Unable to retrieve %s" % path)
if is_aws(response['data']) and 'sts' not in path:
renew_secret(client, response, opt)
for s_k, s_v in response['data'].items():
o_key = s_k
if s_k in key_map:
o_key = key_map[s_k]
k_name = secret_key_name(path, o_key, opt) \
.lower() \
.replace('-', '_')
obj[k_name] = s_v
template_obj = blend_vars(obj, opt)
output = render(grok_template_file(src), template_obj)
write_raw_file(output, abspath(dest))
def test_is_not_aws(self):
assert not is_aws({'aaa': True})
def test_is_not_aws(self):
assert not is_aws({'aaa': True})
def test_is_aws(self):
assert is_aws({'access_key': True, 'secret_key': True})
assert is_aws({'access_key': True, 'secret_key': True, 'security_token': True})