-
Notifications
You must be signed in to change notification settings - Fork 16
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* add Azure secret provider * -- fix mistakenly upgraded nautobot dependency version * Updates to azure.oy and poetry * Change fragment * Formatting * Additional minor formatting * Update lock file * Update docs/admin/install.md Co-authored-by: Gary Snider <75227981+gsnider2195@users.noreply.github.com> --------- Co-authored-by: Jonathan Nathanson <jonathan.nathanson@layereight.io> Co-authored-by: Gary Snider <75227981+gsnider2195@users.noreply.github.com>
- Loading branch information
1 parent
d6a8d7f
commit 8db834f
Showing
19 changed files
with
1,385 additions
and
973 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Added a secrets provider for Azure Key Vault. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,5 @@ | ||
"""Nautobot development configuration file.""" | ||
|
||
import os | ||
import sys | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
"""Secrets Provider for Azure Key Vault.""" | ||
|
||
try: | ||
from azure.identity import DefaultAzureCredential | ||
from azure.keyvault.secrets import SecretClient | ||
|
||
azure_available = True # pylint: disable=invalid-name | ||
except ImportError: | ||
azure_available = False # pylint: disable=invalid-name | ||
|
||
from django import forms | ||
from nautobot.core.forms import BootstrapMixin | ||
from nautobot.extras.secrets import exceptions, SecretsProvider | ||
|
||
__all__ = ("AzureKeyVaultSecretsProvider",) | ||
|
||
|
||
class AzureKeyVaultSecretsProvider(SecretsProvider): | ||
"""A secrets provider for Azure Key Vault.""" | ||
|
||
slug = "azure-key-vault" | ||
name = "Azure Key Vault" | ||
is_available = azure_available | ||
|
||
# pylint: disable-next=nb-incorrect-base-class | ||
class ParametersForm(BootstrapMixin, forms.Form): | ||
"""Required parameters for Azure Key Vault.""" | ||
|
||
vault_url = forms.CharField( | ||
required=True, | ||
help_text="The URL of the Azure Key Vault", | ||
) | ||
secret_name = forms.CharField( | ||
required=True, | ||
help_text="The name of the secret in the Azure Key Vault", | ||
) | ||
|
||
@classmethod | ||
def get_value_for_secret(cls, secret, obj=None, **kwargs): | ||
"""Return the secret value by name from Azure Key Vault.""" | ||
# Extract the parameters from the Secret. | ||
parameters = secret.rendered_parameters(obj=obj) | ||
vault_url = parameters.get("vault_url") | ||
secret_name = parameters.get("secret_name") | ||
|
||
# Authenticate with Azure Key Vault using default credentials. | ||
# This assumes that environment variables for Azure authentication are set. | ||
credential = DefaultAzureCredential() | ||
client = SecretClient(vault_url=vault_url, credential=credential) | ||
|
||
try: | ||
# Retrieve the secret from Azure Key Vault. | ||
response = client.get_secret(secret_name) | ||
except Exception as err: | ||
# Handle exceptions from the Azure SDK. | ||
raise exceptions.SecretProviderError(secret, cls, str(err)) | ||
|
||
# The value is in the 'value' attribute of the response. | ||
secret_value = response.value | ||
|
||
# Return the secret value. | ||
return secret_value |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,5 @@ | ||
"""Choices for Thycotic Secret Server Plugin.""" | ||
|
||
from nautobot.core.choices import ChoiceSet | ||
|
||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,5 @@ | ||
"""Secrets Provider for Thycotic Secret Server.""" | ||
|
||
import os | ||
from pathlib import Path | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,5 @@ | ||
"""Basic tests that do not require Django.""" | ||
|
||
import unittest | ||
import os | ||
import toml | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,5 @@ | ||
"""Unit tests for Secrets Providers.""" | ||
|
||
import os | ||
from unittest.mock import patch, mock_open | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.