module Legion::Crypt::Vault

Attributes

sessions[RW]

Public Instance Methods

add_session(path:) click to toggle source
# File lib/legion/crypt/vault.rb, line 53
def add_session(path:)
  @sessions.push(path)
end
close_session(session:) click to toggle source
# File lib/legion/crypt/vault.rb, line 75
def close_session(session:)
  ::Vault.sys.revoke(session)
end
close_sessions() click to toggle source
# File lib/legion/crypt/vault.rb, line 57
def close_sessions
  return if @sessions.nil?

  Legion::Logging.info 'Closing all Legion::Crypt vault sessions'

  @sessions.each do |session|
    close_session(session: session)
  end
end
connect_vault() click to toggle source
# File lib/legion/crypt/vault.rb, line 12
def connect_vault # rubocop:disable Metrics/AbcSize
  @sessions = []
  ::Vault.address = "#{Legion::Settings[:crypt][:vault][:protocol]}://#{Legion::Settings[:crypt][:vault][:address]}:#{Legion::Settings[:crypt][:vault][:port]}" # rubocop:disable Layout/LineLength

  Legion::Settings[:crypt][:vault][:token] = ENV['VAULT_DEV_ROOT_TOKEN_ID'] if ENV.key? 'VAULT_DEV_ROOT_TOKEN_ID'
  return nil if Legion::Settings[:crypt][:vault][:token].nil?

  ::Vault.token = Legion::Settings[:crypt][:vault][:token]
  Legion::Settings[:crypt][:vault][:connected] = true if ::Vault.sys.health_status.initialized?
  return unless Legion.const_defined? 'Extensions::Actors::Every'

  require_relative 'vault_renewer'
  @renewer = Legion::Crypt::Vault::Renewer.new
rescue StandardError => e
  Legion::Logging.error e.message
  Legion::Settings[:crypt][:vault][:connected] = false
  false
end
exist?(path) click to toggle source
# File lib/legion/crypt/vault.rb, line 49
def exist?(path)
  !::Vault.kv(settings[:vault][:kv_path]).read_metadata(path).nil?
end
get(path) click to toggle source
# File lib/legion/crypt/vault.rb, line 38
def get(path)
  result = ::Vault.kv(settings[:vault][:kv_path]).read(path)
  return nil if result.nil?

  result.data
end
read(path, type = 'legion') click to toggle source
# File lib/legion/crypt/vault.rb, line 31
def read(path, type = 'legion')
  full_path = type.nil? || type.empty? ? "#{type}/#{path}" : path
  lease = ::Vault.logical.read(full_path)
  add_session(path: lease.lease_id) if lease.respond_to? :lease_id
  lease.data
end
renew_session(session:) click to toggle source
# File lib/legion/crypt/vault.rb, line 79
def renew_session(session:)
  ::Vault.sys.renew(session)
end
renew_sessions(**_opts) click to toggle source
# File lib/legion/crypt/vault.rb, line 83
def renew_sessions(**_opts)
  @sessions.each do |session|
    renew_session(session: session)
  end
end
settings() click to toggle source
# File lib/legion/crypt/vault.rb, line 8
def settings
  Legion::Settings[:crypt][:vault]
end
shutdown_renewer() click to toggle source
# File lib/legion/crypt/vault.rb, line 67
def shutdown_renewer
  return unless Legion::Settings[:crypt][:vault][:connected]
  return if @renewer.nil?

  Legion::Logging.debug 'Shutting down Legion::Crypt::Vault::Renewer'
  @renewer.cancel
end
vault_exists?(name) click to toggle source
# File lib/legion/crypt/vault.rb, line 89
def vault_exists?(name)
  ::Vault.sys.mounts.key?(name.to_sym)
end
write(path, **hash) click to toggle source
# File lib/legion/crypt/vault.rb, line 45
def write(path, **hash)
  ::Vault.kv(settings[:vault][:kv_path]).write(path, **hash)
end