/
app.py
132 lines (107 loc) · 3.13 KB
/
app.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
"""API to inteface Vault.
Little web app to interface with Vault.
"""
import os
import hvac
import ast
from flask import Flask, jsonify, request, abort
app = Flask(__name__)
VERSION = '0.0.4'
client = hvac.Client()
@app.route("/")
def hello():
"""Base entrypoint."""
return jsonify(
{
'message': 'Well, Hello! I am vaultweb',
'version': VERSION})
@app.route("/validate/token", methods=['POST'])
def login_token():
"""Login to Vault using a token."""
url = request.form['url']
token = request.form['token']
client = hvac.Client(
url=url,
token=token,
verify=ast.literal_eval(os.environ['VERIFY']))
if client.is_authenticated():
return 200
else:
return 401
@app.route("/readValue")
def read_value():
"""Read KVs from Vault inside a value attr."""
key = request.args.get('key')
host = os.environ['VAULT_URL'],
token = os.environ['VAULT_TOKEN'],
try:
resp = read_key(key, host, token)
val = resp['val']
data = val['data']
value = data['value']
entries = value.split()
list_val = []
for entry in entries:
list_val.append(entry)
return jsonify(resp)
except Exception as e:
return jsonify(key=str(e))
@app.route("/read")
def read():
"""Read KVs from Vault."""
key = request.args.get('key')
url = os.environ['VAULT_URL'],
token = os.environ['VAULT_TOKEN'],
try:
resp = read_key(key, url, token)
return jsonify(resp)
except Exception as e:
return jsonify(key=str(e))
def read_key(key, url, token):
"""Read key from Vault."""
client = hvac.Client(
url=url,
token=token,
verify=ast.literal_eval(os.environ['VERIFY']))
val = client.read(key)
app.logger.debug(val)
obj = {'key': key, 'val': val}
return obj
@app.route("/write", methods=['POST'])
def write():
"""Write KVs to Vault."""
key = request.form['key']
pair_key = request.form['pair_key']
pair_value = request.form['pair_value']
lease = request.form["lease"]
client = hvac.Client(
url=os.environ['VAULT_URL'],
token=os.environ['VAULT_TOKEN'],
verify=ast.literal_eval(os.environ['VERIFY']))
obj = {pair_key: pair_value, "lease": lease}
client.write(key, **obj)
return jsonify(obj)
@app.route("/healthcheck")
def health():
"""Healthcheck that verifies if the service can talk to Vault."""
client = hvac.Client(
url=os.environ['VAULT_URL'],
token=os.environ['VAULT_TOKEN'],
verify=ast.literal_eval(os.environ['VERIFY']))
if client:
return "ok", 200
else:
abort(409)
@app.route("/login/read")
def read_with_login():
"""Read KVs from Vault."""
key = request.args.get('key')
host = request.headers.get('VAULT_URL')
token = request.headers.get('VAULT_TOKEN')
try:
resp = read_key(key, host, token)
return jsonify(resp)
except Exception as e:
return jsonify(key=str(e))
if __name__ == "__main__":
app.run(host='0.0.0.0', port=5000, debug=True, threaded=True)