def template(client, src, dest, paths, opt):
"""Writes a template using variables from a vault path"""
key_map = cli_hash(opt.key_map)
obj = {}
for path in paths:
response = client.read(path)
if not response:
raise aomi.exceptions.VaultData("Unable to retrieve %s" % path)
if is_aws(response['data']) and 'sts' not in path:
renew_secret(client, response, opt)
for s_k, s_v in response['data'].items():
o_key = s_k
if s_k in key_map:
o_key = key_map[s_k]
k_name = secret_key_name(path, o_key, opt) \
.lower() \
.replace('-', '_')
obj[k_name] = s_v
template_obj = blend_vars(obj, opt)
output = render(grok_template_file(src),
template_obj)
write_raw_file(output, abspath(dest))
def seed_aws_roles(client, mount, roles, opt):
"""Handles the seeding of roles associated with an AWS account"""
for role in roles:
aomi.validation.aws_role_obj(role)
role_path = "%s/roles/%s" % (mount, role['name'])
if role.get('state', 'present') == 'present':
if 'policy' in role:
role_file = hard_path(role['policy'], opt.policies)
role_template_obj = role.get('vars', {})
cli_obj = merge_dicts(load_var_files(opt),
cli_hash(opt.extra_vars))
obj = merge_dicts(role_template_obj, cli_obj)
data = render(role_file, obj)
log(
'writing inline role %s from %s' %
(role['name'], role_file), opt)
write(client, role_path, {'policy': data}, opt)
elif 'arn' in role:
log('writing role %s for %s' % (role['name'], role['arn']),
opt)
write(client, role_path, {'arn': role['arn']}, opt)
else:
log('removing role %s' % role['name'], opt)
delete(client, role_path, opt)
def obj(self):
s_obj = {}
if 'policy' in self._obj:
role_template_obj = self._obj.get('vars', {})
cli_obj = merge_dicts(load_var_files(self.opt),
cli_hash(self.opt.extra_vars))
template_obj = merge_dicts(role_template_obj, cli_obj)
s_obj = {'policy': render(self._obj['policy'], template_obj)}
elif 'arn' in self._obj:
s_obj = {'arn': self._obj['arn']}
return s_obj
def obj(self):
s_obj = {}
if 'policy' in self._obj:
role_template_obj = self._obj.get('vars', {})
base_obj = load_vars(self.opt)
template_obj = merge_dicts(role_template_obj, base_obj)
aws_role = render(self._obj['policy'], template_obj)
aws_role = aws_role.replace(" ", "").replace("\n", "")
s_obj = {'policy': aws_role}
elif 'arn' in self._obj:
s_obj = {'arn': self._obj['arn']}
return s_obj
def obj(self):
s_obj = {}
if 'policy' in self._obj:
role_template_obj = self._obj.get('vars', {})
base_obj = load_vars(self.opt)
template_obj = merge_dicts(role_template_obj, base_obj)
aws_role = render(self._obj['policy'], template_obj)
aws_role = aws_role.replace(" ", "").replace("\n", "")
s_obj = {'policy': aws_role}
elif 'arn' in self._obj:
s_obj = {'arn': self._obj['arn']}
return s_obj
def template(client, src, dest, paths, opt):
"""Writes a template using variables from a vault path"""
key_map = cli_hash(opt.key_map)
obj = {}
for path in paths:
response = client.read(path)
if is_aws(response['data']):
renew_secret(client, response, opt)
for s_k, s_v in response['data'].items():
o_key = s_k
if s_k in key_map:
o_key = key_map[s_k]
k_name = secret_key_name(path, o_key, opt) \
.lower() \
.replace('-', '_')
obj[k_name] = s_v
template_obj = blend_vars(obj, opt)
output = render(grok_template_file(src), template_obj)
open(abspath(dest), 'w').write(output)
def template(client, src, dest, paths, opt):
"""Writes a template using variables from a vault path"""
key_map = cli_hash(opt.key_map)
obj = {}
for path in paths:
response = client.read(path)
if not response:
raise aomi.exceptions.VaultData("Unable to retrieve %s" % path)
if is_aws(response['data']) and 'sts' not in path:
renew_secret(client, response, opt)
for s_k, s_v in response['data'].items():
o_key = s_k
if s_k in key_map:
o_key = key_map[s_k]
k_name = secret_key_name(path, o_key, opt) \
.lower() \
.replace('-', '_')
obj[k_name] = s_v
template_obj = blend_vars(obj, opt)
output = render(grok_template_file(src), template_obj)
write_raw_file(output, abspath(dest))
def obj(self):
return render(hard_path(self.filename, self.opt.policies), self._obj) \
.lstrip() \
.strip() \
.replace("\n\n", "\n")
def write(self, client):
client.set_policy(self.path, render(self.filename, self._obj))
def policy_data(file_name, policy_vars, opt):
"""Returns the rendered policy"""
policy_path = hard_path(file_name, opt.policies)
cli_obj = merge_dicts(load_var_files(opt), cli_hash(opt.extra_vars))
obj = merge_dicts(policy_vars, cli_obj)
return render(policy_path, obj)
def get_secretfile(opt):
"""Renders, YAMLs, and returns the Secretfile construct"""
secretfile_path = abspath(opt.secretfile)
obj = merge_dicts(load_var_files(opt),
cli_hash(opt.extra_vars))
return yaml.safe_load(render(secretfile_path, obj))
def obj(self):
return render(hard_path(self.filename, self.opt.policies), self._obj) \
.lstrip() \
.strip() \
.replace("\n\n", "\n")