def template(client, src, dest, paths, opt): """Writes a template using variables from a vault path""" key_map = cli_hash(opt.key_map) obj = {} for path in paths: response = client.read(path) if not response: raise aomi.exceptions.VaultData("Unable to retrieve %s" % path) if is_aws(response['data']) and 'sts' not in path: renew_secret(client, response, opt) for s_k, s_v in response['data'].items(): o_key = s_k if s_k in key_map: o_key = key_map[s_k] k_name = secret_key_name(path, o_key, opt) \ .lower() \ .replace('-', '_') obj[k_name] = s_v template_obj = blend_vars(obj, opt) output = render(grok_template_file(src), template_obj) write_raw_file(output, abspath(dest))
def seed_aws_roles(client, mount, roles, opt): """Handles the seeding of roles associated with an AWS account""" for role in roles: aomi.validation.aws_role_obj(role) role_path = "%s/roles/%s" % (mount, role['name']) if role.get('state', 'present') == 'present': if 'policy' in role: role_file = hard_path(role['policy'], opt.policies) role_template_obj = role.get('vars', {}) cli_obj = merge_dicts(load_var_files(opt), cli_hash(opt.extra_vars)) obj = merge_dicts(role_template_obj, cli_obj) data = render(role_file, obj) log( 'writing inline role %s from %s' % (role['name'], role_file), opt) write(client, role_path, {'policy': data}, opt) elif 'arn' in role: log('writing role %s for %s' % (role['name'], role['arn']), opt) write(client, role_path, {'arn': role['arn']}, opt) else: log('removing role %s' % role['name'], opt) delete(client, role_path, opt)
def obj(self): s_obj = {} if 'policy' in self._obj: role_template_obj = self._obj.get('vars', {}) cli_obj = merge_dicts(load_var_files(self.opt), cli_hash(self.opt.extra_vars)) template_obj = merge_dicts(role_template_obj, cli_obj) s_obj = {'policy': render(self._obj['policy'], template_obj)} elif 'arn' in self._obj: s_obj = {'arn': self._obj['arn']} return s_obj
def obj(self): s_obj = {} if 'policy' in self._obj: role_template_obj = self._obj.get('vars', {}) base_obj = load_vars(self.opt) template_obj = merge_dicts(role_template_obj, base_obj) aws_role = render(self._obj['policy'], template_obj) aws_role = aws_role.replace(" ", "").replace("\n", "") s_obj = {'policy': aws_role} elif 'arn' in self._obj: s_obj = {'arn': self._obj['arn']} return s_obj
def template(client, src, dest, paths, opt): """Writes a template using variables from a vault path""" key_map = cli_hash(opt.key_map) obj = {} for path in paths: response = client.read(path) if is_aws(response['data']): renew_secret(client, response, opt) for s_k, s_v in response['data'].items(): o_key = s_k if s_k in key_map: o_key = key_map[s_k] k_name = secret_key_name(path, o_key, opt) \ .lower() \ .replace('-', '_') obj[k_name] = s_v template_obj = blend_vars(obj, opt) output = render(grok_template_file(src), template_obj) open(abspath(dest), 'w').write(output)
def obj(self): return render(hard_path(self.filename, self.opt.policies), self._obj) \ .lstrip() \ .strip() \ .replace("\n\n", "\n")
def write(self, client): client.set_policy(self.path, render(self.filename, self._obj))
def policy_data(file_name, policy_vars, opt): """Returns the rendered policy""" policy_path = hard_path(file_name, opt.policies) cli_obj = merge_dicts(load_var_files(opt), cli_hash(opt.extra_vars)) obj = merge_dicts(policy_vars, cli_obj) return render(policy_path, obj)
def get_secretfile(opt): """Renders, YAMLs, and returns the Secretfile construct""" secretfile_path = abspath(opt.secretfile) obj = merge_dicts(load_var_files(opt), cli_hash(opt.extra_vars)) return yaml.safe_load(render(secretfile_path, obj))