def export(vault_client, opt): """Export contents of a Secretfile from the Vault server into a specified directory.""" ctx = Context.load(get_secretfile(opt), opt) \ .fetch(vault_client) for resource in ctx.resources(): resource.export(opt.directory)
def diff(vault_client, opt): """Derive a comparison between what is represented in the Secretfile and what is actually live on a Vault instance""" if opt.thaw_from: opt.secrets = tempfile.mkdtemp('aomi-thaw') auto_thaw(opt) ctx = Context.load(get_secretfile(opt), opt) \ .fetch(vault_client) for resource in ctx.resources(): changed = resource.diff() if changed == ADD: print("%s %s" % (maybe_colored("+", "green", opt), str(resource))) elif changed == DEL: print("%s %s" % (maybe_colored("-", "red", opt), str(resource))) elif changed == CHANGED: print("%s %s" % (maybe_colored("~", "yellow", opt), str(resource))) elif changed == OVERWRITE: print("%s %s" % (maybe_colored("+", "yellow", opt), str(resource))) if changed != OVERWRITE and changed != NOOP: maybe_details(resource, opt) if opt.thaw_from: rmtree(opt.secrets)
def seed(vault_client, opt): """Will provision vault based on the definition within a Secretfile""" if opt.thaw_from: opt.secrets = tempfile.mkdtemp('aomi-thaw') auto_thaw(opt) Context.load(get_secretfile(opt), opt) \ .fetch(vault_client) \ .sync(vault_client, opt) if opt.thaw_from: rmtree(opt.secrets)
def seed(vault_client, opt): """Will provision vault based on the definition within a Secretfile""" if opt.thaw_from: opt.secrets = tempfile.mkdtemp('aomi-thaw') auto_thaw(vault_client, opt) Context.load(get_secretfile(opt), opt) \ .fetch(vault_client) \ .sync(vault_client, opt) if opt.thaw_from: rmtree(opt.secrets)
def freeze(dest_dir, opt): """Iterates over the Secretfile looking for secrets to freeze""" tmp_dir = ensure_tmpdir() dest_prefix = "%s/dest" % tmp_dir ensure_dir(dest_dir) ensure_dir(dest_prefix) config = get_secretfile(opt) ctx = Context.load(config, opt) ctx.freeze(dest_prefix) zip_filename = freeze_archive(tmp_dir, dest_prefix) ice_file = freeze_encrypt(dest_dir, zip_filename, config, opt) shutil.rmtree(tmp_dir) log("Generated file is %s" % ice_file, opt)
def freeze(dest_dir, opt): """Iterates over the Secretfile looking for secrets to freeze""" tmp_dir = ensure_tmpdir() dest_prefix = "%s/dest" % tmp_dir ensure_dir(dest_dir) ensure_dir(dest_prefix) config = get_secretfile(opt) Context.load(config, opt) \ .freeze(dest_prefix) zip_filename = freeze_archive(tmp_dir, dest_prefix) ice_file = freeze_encrypt(dest_dir, zip_filename, config, opt) shutil.rmtree(tmp_dir) LOG.debug("Generated file is %s", ice_file)
def thaw(src_file, opt): """Given the combination of a Secretfile and the output of a freeze operation, will restore secrets to usable locations""" if not os.path.exists(src_file): raise aomi.exceptions.AomiFile("%s does not exist" % src_file) tmp_dir = ensure_tmpdir() zip_file = thaw_decrypt(src_file, tmp_dir, opt) archive = zipfile.ZipFile(zip_file, 'r') for archive_file in archive.namelist(): archive.extract(archive_file, tmp_dir) os.chmod("%s/%s" % (tmp_dir, archive_file), 0o640) log("Extracted %s from archive" % archive_file, opt) log("Thawing secrets into %s" % opt.secrets, opt) config = get_secretfile(opt) ctx = Context.load(config, opt) ctx.thaw(tmp_dir)
def diff(vault_client, opt): """Derive a comparison between what is represented in the Secretfile and what is actually live on a Vault instance""" if opt.thaw_from: opt.secrets = tempfile.mkdtemp('aomi-thaw') auto_thaw(vault_client, opt) ctx = Context.load(get_secretfile(opt), opt) \ .fetch(vault_client) for backend in ctx.mounts(): diff_a_thing(backend, opt) for resource in ctx.resources(): diff_a_thing(resource, opt) if opt.thaw_from: rmtree(opt.secrets)
def thaw(vault_client, src_file, opt): """Given the combination of a Secretfile and the output of a freeze operation, will restore secrets to usable locations""" if not os.path.exists(src_file): raise aomi.exceptions.AomiFile("%s does not exist" % src_file) tmp_dir = ensure_tmpdir() zip_file = thaw_decrypt(vault_client, src_file, tmp_dir, opt) archive = zipfile.ZipFile(zip_file, 'r') for archive_file in archive.namelist(): archive.extract(archive_file, tmp_dir) os.chmod("%s/%s" % (tmp_dir, archive_file), 0o640) LOG.debug("Extracted %s from archive", archive_file) LOG.info("Thawing secrets into %s", opt.secrets) config = get_secretfile(opt) Context.load(config, opt) \ .thaw(tmp_dir)