Class: Vault::Provision::Auth::Ldap::Config

Inherits:

Prototype

• Object
• Prototype
• Vault::Provision::Auth::Ldap::Config

Defined in:

lib/vault/provision/auth/ldap/config.rb

Overview

config LDAP authn

Instance Method Summary

• #ap_file(auth_point) ⇒ Object
• #provision! ⇒ Object
• #repo_files ⇒ Object

Instance Method Details

#ap_file(auth_point) ⇒ Object

# File 'lib/vault/provision/auth/ldap/config.rb', line 3

def ap_file auth_point
  "#{@instance_dir}/auth/#{auth_point}/config.json"
end

#provision! ⇒ Object

# File 'lib/vault/provision/auth/ldap/config.rb', line 31

def provision!
  repo_files.each do |rf|
    auth_point = rf.split('/')[-2]
    @vault.post "v1/auth/#{auth_point}/config", File.read(rf)
  end
end

#repo_files ⇒ Object

# File 'lib/vault/provision/auth/ldap/config.rb', line 7

def repo_files
  return @repo_files if @repo_files
  auths = @vault.sys.auths

  aps = auths.keys.select do |auth_point|
    next unless auths[auth_point].type == 'ldap'
    next unless FileTest.file? ap_file(auth_point)

    repo_config  = JSON.parse(File.read(ap_file(auth_point)))
    vault_config = begin
                     @vault.get("auth/#{auth_point}config")['data']
                   rescue Vault::HTTPClientError => e
                     raise e unless e.code == 404
                     {}
                   end

    # for each key in the repo JSON file's hash, compare to current
    # vault state. If they're identical, go on to the next mount point.
    !repo_config.keys.inject(true) { |acc,elem| acc && vault_config[elem] == repo_config[elem]}
  end
  map_out = aps.map { |auth_point| ap_file(auth_point) }
  @repo_files = map_out
end