Ginja/smartproxy-vault-helpers.rb

## smartproxy-vault-helpers.rb
# For use with https://github.com/theforeman/smart_proxy_vault
module Vault
  module Helpers
    def client_key_path
      Chef::Config[:client_key]
    end

    def node_name
      Chef::Config[:node_name]
    end

    def smartproxy_server
      'smartproxy.example.com'
    end

    def token_url(ttl=nil, port='8443')
      "https://#{smartproxy_server}:%{port}/vault/token/issue%{ttl}" % {ttl: ttl, port: port}
    end

    def sign_request
      rsa = OpenSSL::PKey::RSA.new File.read client_key_path
      body = Digest::MD5.hexdigest rsa.public_key.to_s
      Base64.strict_encode64(rsa.sign(OpenSSL::Digest::SHA512.new, body))
    end

    def vault_http(url)
      uri = URI.parse(url)
      http = Net::HTTP.new(uri.host, uri.port)
      http.use_ssl = true
      # http.verify_mode = OpenSSL::SSL::VERIFY_NONE
      http.verify_mode = OpenSSL::SSL::VERIFY_PEER
      return http, uri
    end

    def vault_request(uri)
      request = Net::HTTP::Get.new(uri.request_uri)
      request['X-VAULT-CLIENT'] = node_name
      request['X-VAULT-SIGNATURE'] = sign_request
      request
    end

    def vault_connection(url)
      http, uri = vault_http(url)
      request = vault_request(uri)
      return http, request
    end

    def success?(status_code)
      Chef::Application.fatal!("Could not get a valid Vault token.") unless status_code.eql? '200'
    end

    def request_token(ttl)
      http, request = vault_connection token_url(ttl)
      response = http.request(request)
      success? response.code
      response.body
    end

    def set_token(ttl='?ttl=10m')
      request_token(ttl)
    end

    def secret(path)
      node.run_state[path].data
    end
  end
end
	# For use with https://github.com/theforeman/smart_proxy_vault
	module Vault
	module Helpers
	def client_key_path
	Chef::Config[:client_key]
	end

	def node_name
	Chef::Config[:node_name]
	end

	def smartproxy_server
	'smartproxy.example.com'
	end

	def token_url(ttl=nil, port='8443')
	"https://#{smartproxy_server}:%{port}/vault/token/issue%{ttl}" % {ttl: ttl, port: port}
	end

	def sign_request
	rsa = OpenSSL::PKey::RSA.new File.read client_key_path
	body = Digest::MD5.hexdigest rsa.public_key.to_s
	Base64.strict_encode64(rsa.sign(OpenSSL::Digest::SHA512.new, body))
	end

	def vault_http(url)
	uri = URI.parse(url)
	http = Net::HTTP.new(uri.host, uri.port)
	http.use_ssl = true
	# http.verify_mode = OpenSSL::SSL::VERIFY_NONE
	http.verify_mode = OpenSSL::SSL::VERIFY_PEER
	return http, uri
	end

	def vault_request(uri)
	request = Net::HTTP::Get.new(uri.request_uri)
	request['X-VAULT-CLIENT'] = node_name
	request['X-VAULT-SIGNATURE'] = sign_request
	request
	end

	def vault_connection(url)
	http, uri = vault_http(url)
	request = vault_request(uri)
	return http, request
	end

	def success?(status_code)
	Chef::Application.fatal!("Could not get a valid Vault token.") unless status_code.eql? '200'
	end

	def request_token(ttl)
	http, request = vault_connection token_url(ttl)
	response = http.request(request)
	success? response.code
	response.body
	end

	def set_token(ttl='?ttl=10m')
	request_token(ttl)
	end

	def secret(path)
	node.run_state[path].data
	end
	end
	end