def hashivault_initialize(params):
client = hashivault_client(params)
if client.sys.is_initialized():
return {'changed': False}
result = {'changed': True}
secret_shares = params.get('secret_shares')
secret_threshold = params.get('secret_threshold')
pgp_keys = params.get('pgp_keys')
root_token_pgp_key = params.get('root_token_pgp_key')
stored_shares = params.get('stored_shares')
recovery_shares = params.get('recovery_shares')
recovery_threshold = params.get('recovery_threshold')
recovery_pgp_keys = params.get('recovery_pgp_keys')
result.update(
client.sys.initialize(
secret_shares=secret_shares,
secret_threshold=secret_threshold,
pgp_keys=pgp_keys,
root_token_pgp_key=root_token_pgp_key,
stored_shares=stored_shares,
recovery_shares=recovery_shares,
recovery_threshold=recovery_threshold,
recovery_pgp_keys=recovery_pgp_keys,
))
return result
def hashivault_rekey_cancel(params):
client = hashivault_client(params)
# Check if rekey is on-going & return when rekey not in progress
status = client.rekey_status
if not status['started']:
return {'changed': False}
return {'status': client.sys.cancel_rekey().ok, 'changed': True}
def hashivault_generate_root_cancel(params):
client = hashivault_client(params)
# Check if generate_root is on-going & return when generate_root not in progress
status = client.generate_root_status
if not status['started']:
return {'changed': False}
return {'status': client.cancel_generate_root(), 'changed': True}
def hashivault_rekey_cancel(params):
client = hashivault_client(params)
# Check if rekey is on-going & return when rekey not in progress
status = client.rekey_status
if not status['started']:
return {'changed': False}
return {'status': client.sys.cancel_rekey().ok, 'changed': True}
def hashivault_generate_root_init(params):
client = hashivault_client(params)
# Check if rekey is on-going
status = client.generate_root_status
if status['started']:
return {'changed': False}
pgp = params.get('pgp_key')
return {'status': client.start_generate_root(pgp, otp=False), 'changed': True}
def hashivault_generate_root_init(params):
client = hashivault_client(params)
# Check if rekey is on-going
status = client.generate_root_status
if status['started']:
return {'changed': False}
pgp = params.get('pgp_key')
return {'status': client.start_generate_root(pgp, otp=False), 'changed': True}
def hashivault_unseal(params):
keys = params.get('keys')
client = hashivault_client(params)
if client.sys.is_sealed():
return {
'status': client.sys.submit_unseal_keys(keys.split()),
'changed': True
}
else:
return {'changed': False}
def hashivault_rekey_init(params):
client = hashivault_client(params)
# Check if rekey is on-going, exit if there is a rekey in progress
status = client.rekey_status
if status['started']:
return {'changed': False}
secret_shares = params.get('secret_shares')
secret_threshold = params.get('secret_threshold')
pgp_keys = params.get('pgp_keys')
backup = params.get('backup')
return {'status': client.sys.start_rekey(secret_shares, secret_threshold, pgp_keys, backup), 'changed': True}
def hashivault_cluster_status(params):
client = hashivault_client(params)
response = client.sys.read_health_status(standby_ok=params.get("standby_ok"), method=params.get("method"))
from requests.models import Response
if isinstance(response, Response):
try:
status = response.json()
except Exception:
status = response.content
else:
status = response
return {'status': status}
def hashivault_cluster_status(params):
client = hashivault_client(params)
response = client.sys.read_health_status(
standby_ok=params.get("standby_ok"), method=params.get("method"))
from requests.models import Response
if isinstance(response, Response):
try:
status = response.json()
except Exception:
status = response.content
else:
status = response
return {'status': status}
def hashivault_generate_root_status(params):
client = hashivault_client(params)
return {'status': client.generate_root_status}
def hashivault_generate_root_status(params):
client = hashivault_client(params)
return {'status': client.generate_root_status}
def hashivault_generate_root(params):
key = params.get('key')
nonce = params.get('nonce')
client = hashivault_client(params)
return {'status': client.generate_root(key, nonce), 'changed': True}
def hashivault_rekey(params):
key = params.get('key')
nonce = params.get('nonce')
client = hashivault_client(params)
return {'status': client.sys.rekey(key, nonce), 'changed': True}
def hashivault_status(params):
client = hashivault_client(params)
return {'status': client.sys.read_seal_status()}
def hashivault_status(params):
client = hashivault_client(params)
return {'status': client.sys.read_seal_status()}
def hashivault_generate_root(params):
key = params.get('key')
nonce = params.get('nonce')
client = hashivault_client(params)
return {'status': client.generate_root(key, nonce), 'changed': True}
def hashivault_rekey_status(params):
client = hashivault_client(params)
return {'status': client.rekey_status}
def hashivault_leader(params):
client = hashivault_client(params)
return {'status': client.sys.read_leader_status()}
