Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow field to be used with v1 data format #76

Merged
merged 1 commit into from
Apr 21, 2023
Merged

Allow field to be used with v1 data format #76

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -172,6 +172,7 @@ Looked up values are cached based on a combination of their:
* Path in the Vault URI
* Vault Address
* Namespace
* Field

This means that you can call `vault_lookup::lookup()` multiple times for the
same piece of data or refer to the same `Deferred` value multiple times and
Expand Down
14 changes: 10 additions & 4 deletions lib/puppet/functions/vault_lookup/lookup.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ def lookup(cache,
# Check the cache.
# The path, vault_addr, and namepsace fields could result in a different
# secret value, so use them for the cache key.
cache_key = [path, vault_addr, namespace]
cache_key = [path, vault_addr, namespace, field]
cache_hash = cache.retrieve(self)
prior_result = cache_hash[cache_key]
unless prior_result.nil?
Expand Down Expand Up @@ -187,10 +187,16 @@ def get_secret(client:, uri:, token:, namespace:, key:)
raise Puppet::Error, append_api_errors(message, secret_response)
end
begin
if key.nil?
JSON.parse(secret_response.body)['data']
json_data = JSON.parse(secret_response.body)
puts "KEY=#{key} DATA=#{json_data}"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@treydock Ah shoot... this puts should not be here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@natemccurdy My bad, I removed here: #78

if key.nil? && json_data['data'].key?('data')
json_data['data']['data']
elsif key.nil?
json_data['data']
elsif json_data['data'].key?('data')
json_data['data']['data'][key]
else
JSON.parse(secret_response.body)['data']['data'][key]
json_data['data'][key]
end
rescue StandardError
raise Puppet::Error, 'Error parsing json secret data from vault response'
Expand Down
8 changes: 8 additions & 0 deletions spec/functions/lookup_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,10 @@
result_opts = function.execute('kv/test', 'vault_addr' => "http://127.0.0.1:#{port}")
expect(result_opts).to be_a(Puppet::Pops::Types::PSensitiveType::Sensitive)
expect(result_opts.unwrap).to eq('foo' => 'bar')

result_field = function.execute('kv/test', 'vault_addr' => "http://127.0.0.1:#{port}", 'field' => 'foo')
expect(result_field).to be_a(Puppet::Pops::Types::PSensitiveType::Sensitive)
expect(result_field.unwrap).to eq('bar')
end
end

Expand All @@ -97,6 +101,10 @@
result_opts = function.execute('kv/test', 'vault_addr' => "http://127.0.0.1:#{port}", 'cert_path_segment' => custom_auth_segment, 'field' => 'bar')
expect(result_opts).to be_a(Puppet::Pops::Types::PSensitiveType::Sensitive)
expect(result_opts.unwrap).to eq('baz')

result_no_field = function.execute('kv/test', 'vault_addr' => "http://127.0.0.1:#{port}", 'cert_path_segment' => custom_auth_segment)
expect(result_no_field).to be_a(Puppet::Pops::Types::PSensitiveType::Sensitive)
expect(result_no_field.unwrap).to eq('bar' => 'baz')
end
end

Expand Down