Skip to content

Commit

Permalink
Initial run at kv2 support RFC
Browse files Browse the repository at this point in the history
  • Loading branch information
@firstnevyn
firstnevyn committed Aug 4, 2022
1 parent 373729b commit d087e1c
Showing 1 changed file with 14 additions and 4 deletions.
18 changes: 14 additions & 4 deletions lib/puppet/functions/vault_lookup/lookup.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
optional_param 'Optional[String]', :vault_cert_path_segment
optional_param 'String', :vault_cert_role
optional_param 'String', :vault_namespace
optional_param 'String', :vault_key
return_type 'Sensitive'
end

Expand All @@ -14,7 +15,8 @@ def lookup(path,
vault_url = nil,
vault_cert_path_segment = nil,
vault_cert_role = nil,
vault_namespace = nil)
vault_namespace = nil,
vault_key = nil)
if vault_url.nil?
Puppet.debug 'No Vault address was set on function, defaulting to value from VAULT_ADDR env value'
vault_url = ENV['VAULT_ADDR']
Expand Down Expand Up @@ -44,7 +46,11 @@ def lookup(path,
vault_namespace)

secret_uri = vault_base_uri + "/v1/#{path.delete_prefix('/')}"
data = get_secret(client, secret_uri, token, vault_namespace)
data = get_secret(client,
secret_uri,
token,
vault_namespace,
vault_key)
Puppet::Pops::Types::PSensitiveType::Sensitive.new(data)
end

Expand All @@ -58,7 +64,7 @@ def auth_login_body(vault_cert_role)
end
end

def get_secret(client, uri, token, namespace)
def get_secret(client, uri, token, namespace, key)
headers = { 'X-Vault-Token' => token, 'X-Vault-Namespace' => namespace }.delete_if { |_key, value| value.nil? }
secret_response = client.get(uri,
headers: headers,
Expand All @@ -68,7 +74,11 @@ def get_secret(client, uri, token, namespace)
raise Puppet::Error, append_api_errors(message, secret_response)
end
begin
JSON.parse(secret_response.body)['data']
if key.nil?
JSON.parse(secret_response.body)['data']
else
JSON.parse(secret_response.body)['data']['data'][key]
end
rescue StandardError
raise Puppet::Error, 'Error parsing json secret data from vault response'
end
Expand Down

0 comments on commit d087e1c

Please sign in to comment.