Class: Constancy::VaultTokenSource
- Inherits:
-
Object
- Object
- Constancy::VaultTokenSource
- Defined in:
- lib/constancy/token_source.rb
Instance Attribute Summary collapse
-
#consul_token_field ⇒ Object
Returns the value of attribute consul_token_field.
-
#consul_token_path ⇒ Object
Returns the value of attribute consul_token_path.
-
#name ⇒ Object
Returns the value of attribute name.
-
#vault_addr ⇒ Object
Returns the value of attribute vault_addr.
-
#vault_token ⇒ Object
Returns the value of attribute vault_token.
Instance Method Summary collapse
- #consul_token ⇒ Object
-
#initialize(name:, config:) ⇒ VaultTokenSource
constructor
A new instance of VaultTokenSource.
Constructor Details
#initialize(name:, config:) ⇒ VaultTokenSource
Returns a new instance of VaultTokenSource.
32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 |
# File 'lib/constancy/token_source.rb', line 32 def initialize(name:, config:) self.name = name config ||= {} if not config.is_a? Hash raise Constancy::ConfigFileInvalid.new("'#{name}' must be a hash") end if (config.keys - Constancy::Config::VALID_VAULT_CONFIG_KEYS) != [] raise Constancy::ConfigFileInvalid.new("Only the following keys are valid in a vault config: #{Constancy::Config::VALID_VAULT_CONFIG_KEYS.join(", ")}") end self.consul_token_path = config['consul_token_path'] if self.consul_token_path.nil? or self.consul_token_path == "" raise Constancy::ConfigFileInvalid.new("consul_token_path must be specified to use '#{name}' as a token source") end # prioritize the config file over environment variables for vault address self.vault_addr = config['url'] || ENV['VAULT_ADDR'] if self.vault_addr.nil? or self.vault_addr == "" raise Constancy::VaultConfigInvalid.new("Vault address must be set in #{name}.vault_addr or VAULT_ADDR") end self.vault_token = ENV['VAULT_TOKEN'] if self.vault_token.nil? or self.vault_token == "" vault_token_file = File.("~/.vault-token") if File.exist?(vault_token_file) self.vault_token = File.read(vault_token_file) else raise Constancy::VaultConfigInvalid.new("Vault token must be set in ~/.vault-token or VAULT_TOKEN") end end self.consul_token_field = config['consul_token_field'] || Constancy::Config::DEFAULT_VAULT_CONSUL_TOKEN_FIELD end |
Instance Attribute Details
#consul_token_field ⇒ Object
Returns the value of attribute consul_token_field.
30 31 32 |
# File 'lib/constancy/token_source.rb', line 30 def consul_token_field @consul_token_field end |
#consul_token_path ⇒ Object
Returns the value of attribute consul_token_path.
30 31 32 |
# File 'lib/constancy/token_source.rb', line 30 def consul_token_path @consul_token_path end |
#name ⇒ Object
Returns the value of attribute name.
30 31 32 |
# File 'lib/constancy/token_source.rb', line 30 def name @name end |
#vault_addr ⇒ Object
Returns the value of attribute vault_addr.
30 31 32 |
# File 'lib/constancy/token_source.rb', line 30 def vault_addr @vault_addr end |
#vault_token ⇒ Object
Returns the value of attribute vault_token.
30 31 32 |
# File 'lib/constancy/token_source.rb', line 30 def vault_token @vault_token end |
Instance Method Details
#consul_token ⇒ Object
68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 |
# File 'lib/constancy/token_source.rb', line 68 def consul_token if @consul_token.nil? begin response = Vault::Client.new(address: self.vault_addr, token: self.vault_token).logical.read(self.consul_token_path) @consul_token = response.data[self.consul_token_field.to_sym] if response.lease_id at_exit { begin Vault::Client.new(address: self.vault_addr, token: self.vault_token).sys.revoke(response.lease_id) rescue => e # this is fine end } end rescue => e raise Constancy::VaultConfigInvalid.new("Are you logged in to Vault?\n\n#{e}") end if @consul_token.nil? or @consul_token == "" raise Constancy::VaultConfigInvalid.new("Could not acquire a Consul token from Vault") end end @consul_token end |