Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature/vault filter #33

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Feature/vault filter #33

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
b390aae
add vault_filter option to allow vault lookups to limited by a prefix…
mindriot88 Aug 19, 2017
900acdc
ensure previous behaviour is maintained if vault_filter is not set
mindriot88 Aug 19, 2017
b60a459
rework documentation
mindriot88 Aug 20, 2017
1176fdb
renaming variable for filter_prefix and added filter_mode to allow re…
mindriot88 Aug 20, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,21 @@ In case the single field does not contain a parseable JSON string, the string wi
When used in Hash lookups, this will result in an error as normal.


#### Filter Prefix - optional
Only applicable when `:filter_prefix` is used.
To use Filter by prefix, set, for example:

:vault:
:filter_prefix: 'vault::'
:filter_mode: 0

This will cause only keys prefixed with `vault::` to be looked up against vault, all other keys will skip the vault backend.

`filter_mode` option `1` will remove your given `filter_prefix` from the key prior to the look up against the vault backend, this
could be useful in some cases to avoid rewriting keys in vault to meet the requirements of your filter, if unset or set to `0` the exact
key name used in the hiera function will be used in the vault lookup.


### Lookup type behavior

In case Array or Hash lookup is done, usual array or hash merging takes place based on the configured global `:merge_behavior` setting.
Expand Down
2 changes: 1 addition & 1 deletion hiera-vault.gemspec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ require 'rubygems/package_task'

spec = Gem::Specification.new do |gem|
gem.name = "hiera-vault"
gem.version = "0.2.2"
gem.version = "0.2.2.1"
gem.license = "Apache-2.0"
gem.summary = "Module for using vault as a hiera backend"
gem.email = "[email protected]"
Expand Down
17 changes: 17 additions & 0 deletions lib/hiera/backend/vault_backend.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,16 @@ def initialize()
config.ssl_ca_cert = @config[:ssl_ca_cert] if config.respond_to? :ssl_ca_cert
config.ssl_ca_path = @config[:ssl_ca_path] if config.respond_to? :ssl_ca_path
config.ssl_ciphers = @config[:ssl_ciphers] if config.respond_to? :ssl_ciphers
if @config[:filter_prefix].nil?
@filter_prefix = nil
else
@filter_prefix = @config[:filter_prefix]
end
if @config[:filter_mode].nil?
@filter_mode = 0
else
@filter_mode = @config[:filter_mode]
end
end

fail if @vault.sys.seal_status.sealed?
Expand All @@ -47,6 +57,13 @@ def initialize()

def lookup(key, scope, order_override, resolution_type)
return nil if @vault.nil?
if not @config[:filter_prefix].nil?
filter = @config[:filter_prefix]
return nil if not (key[/^#{filter}/])
if @config[:filter_mode] > 0
key = key.sub(/^#{filter}/, '')
end
end

Hiera.debug("[hiera-vault] Looking up #{key} in vault backend")

Expand Down