/
requires.py
108 lines (89 loc) · 3.78 KB
/
requires.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import base64
import socket
from charmhelpers.core import hookenv
from charms.reactive import toggle_flag
from charms.reactive import Endpoint
class VaultKVRequires(Endpoint):
def manage_flags(self):
toggle_flag(self.expand_name('{endpoint_name}.connected'),
self.is_joined)
toggle_flag(self.expand_name('{endpoint_name}.available'),
all([self.is_joined,
self.unit_role_id,
self.unit_token,
self.vault_url]))
@property
def endpoint_address(self):
""" Determine the local endpoint network address """
try:
return hookenv.network_get_primary_address(
self.expand_name('{endpoint_name}')
)
except NotImplementedError:
return hookenv.unit_private_ip()
def request_secret_backend(self, name, isolated=True):
"""Request creation and access to a secret backend
:param name: name of secret backend to create/access
:type name: str
:param isolated: enforce isolation in backend between units
:type isolated: bool"""
for relation in self.relations:
relation.to_publish['secret_backend'] = name
relation.to_publish['access_address'] = self.endpoint_address
relation.to_publish['hostname'] = socket.gethostname()
relation.to_publish['isolated'] = isolated
relation.to_publish['unit_name'] = hookenv.local_unit()
@property
def unit_role_id(self):
"""Retrieve the AppRole ID for this application unit or None
:returns role_id: AppRole ID for unit
:rtype role_id: str"""
role_key = '{}_role_id'.format(hookenv.local_unit())
return self.all_joined_units.received.get(role_key)
@property
def unit_token(self):
"""Retrieve the one-shot token for secret_id retrieval for
this application unit or None
:returns token: Vault one-shot toekn for secret_id response
:rtype token: str"""
token_key = '{}_token'.format(hookenv.local_unit())
return self.all_joined_units.received.get(token_key)
@property
def all_unit_tokens(self):
"""Retrieve the one-shot token(s) for secret_id retrieval for
all application units or empty list.
:returns token: Vault one-shot token for secret_id response
:rtype token: str"""
token_key = '{}_token'.format(hookenv.local_unit())
tokens = set()
for relation in self.relations:
for unit in relation.units:
token = unit.received.get(token_key)
if token:
tokens.add(token)
return list(tokens)
@property
def vault_url(self):
"""Retrieve the URL to access Vault
:returns vault_url: URL to access vault
:rtype vault_url: str"""
return self.all_joined_units.received.get('vault_url')
@property
def vault_ca(self):
"""Retrieve the CA published by Vault
:returns vault_ca: Vault CA Certificate data
:rtype vault_ca: str"""
encoded_ca = self.all_joined_units.received.get('vault_ca')
if encoded_ca:
return base64.b64decode(encoded_ca)