Class: Constancy::VaultTokenSource

Inherits:
Object
  • Object
show all
Defined in:
lib/constancy/token_source.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(name:, config:) ⇒ VaultTokenSource

Returns a new instance of VaultTokenSource.



32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
 
# File 'lib/constancy/token_source.rb', line 32

def initialize(name:, config:)
  self.name = name

  config ||= {}
  if not config.is_a? Hash
    raise Constancy::ConfigFileInvalid.new("'#{name}' must be a hash")
  end

  if (config.keys - Constancy::Config::VALID_VAULT_CONFIG_KEYS) != []
    raise Constancy::ConfigFileInvalid.new("Only the following keys are valid in a vault config: #{Constancy::Config::VALID_VAULT_CONFIG_KEYS.join(", ")}")
  end

  self.consul_token_path = config['consul_token_path']
  if self.consul_token_path.nil? or self.consul_token_path == ""
    raise Constancy::ConfigFileInvalid.new("consul_token_path must be specified to use '#{name}' as a token source")
  end

  # prioritize the config file over environment variables for vault address
  self.vault_addr = config['url'] || ENV['VAULT_ADDR']
  if self.vault_addr.nil? or self.vault_addr == ""
    raise Constancy::VaultConfigInvalid.new("Vault address must be set in #{name}.vault_addr or VAULT_ADDR")
  end

  self.vault_token = ENV['VAULT_TOKEN']
  if self.vault_token.nil? or self.vault_token == ""
    vault_token_file = File.expand_path("~/.vault-token")
    if File.exist?(vault_token_file)
      self.vault_token = File.read(vault_token_file)
    else
      raise Constancy::VaultConfigInvalid.new("Vault token must be set in ~/.vault-token or VAULT_TOKEN")
    end
  end

  self.consul_token_field = config['consul_token_field'] || Constancy::Config::DEFAULT_VAULT_CONSUL_TOKEN_FIELD
end

Instance Attribute Details

#consul_token_fieldObject

Returns the value of attribute consul_token_field.



30
31
32
 
# File 'lib/constancy/token_source.rb', line 30

def consul_token_field
  @consul_token_field
end

#consul_token_pathObject

Returns the value of attribute consul_token_path.



30
31
32
 
# File 'lib/constancy/token_source.rb', line 30

def consul_token_path
  @consul_token_path
end

#nameObject

Returns the value of attribute name.



30
31
32
 
# File 'lib/constancy/token_source.rb', line 30

def name
  @name
end

#vault_addrObject

Returns the value of attribute vault_addr.



30
31
32
 
# File 'lib/constancy/token_source.rb', line 30

def vault_addr
  @vault_addr
end

#vault_tokenObject

Returns the value of attribute vault_token.



30
31
32
 
# File 'lib/constancy/token_source.rb', line 30

def vault_token
  @vault_token
end

Instance Method Details

#consul_tokenObject 



68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
 
# File 'lib/constancy/token_source.rb', line 68

def consul_token
  if @consul_token.nil?
    begin
      response = Vault::Client.new(address: self.vault_addr, token: self.vault_token).logical.read(self.consul_token_path)
      @consul_token = response.data[self.consul_token_field.to_sym]
      if response.lease_id
        at_exit {
          begin
            Vault::Client.new(address: self.vault_addr, token: self.vault_token).sys.revoke(response.lease_id)
          rescue => e
            # this is fine
          end
        }
      end

    rescue => e
      raise Constancy::VaultConfigInvalid.new("Are you logged in to Vault?\n\n#{e}")
    end

    if @consul_token.nil? or @consul_token == ""
      raise Constancy::VaultConfigInvalid.new("Could not acquire a Consul token from Vault")
    end
  end
  @consul_token
end