Created
August 17, 2021 16:28
-
-
Save wandermonk/c2efcea841f807e151fd4c1be4ef3b04 to your computer and use it in GitHub Desktop.
Sample client to work with vault
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
from requests.adapters import HTTPAdapter | |
from requests.exceptions import HTTPError | |
from requests.packages.urllib3.util.retry import Retry | |
import properties | |
retries = properties.getenv('VAULT','REQUEST_RETRIES_ON_FAILURE') | |
backoff = properties.getenv('VAULT','REQUEST_BACKOFF_FACTOR') | |
timeout_in_seconds = properties.getenv('VAULT','REQUEST_TIMEOUT_IN_SECONDS') | |
retry_strategy = Retry( | |
total=retries, | |
backoff_factor=backoff, | |
) | |
adapter = HTTPAdapter(max_retries=retry_strategy) | |
http = requests.Session() | |
http.mount("https://", adapter=adapter) | |
http.mount("http://",adapter=adapter) | |
def get_vault_token(vault_login_url, role_id, secret_id, namespace): | |
'''Returns generated token created by vault using url, role id, secret id, namespace.''' | |
try: | |
login_data = {"role_id": role_id, "secret_id": secret_id} | |
headers = {'X-Vault-Namespace': namespace} | |
response = http.post(url=vault_login_url, data=login_data, headers=headers, timeout=timeout_in_seconds) | |
response.raise_for_status() | |
return response.json()["auth"]["client_token"] | |
except requests.exceptions.HTTPError as httpErr: | |
raise HTTPError(message="An Http Error occurred : {}".format(httpErr)) | |
except requests.exceptions.ConnectionError as connErr: | |
raise ConnectionError(message="An error occured while connecting with the server : {}".format(connErr)) | |
except requests.exceptions.Timeout as timeoutErr: | |
raise TimeoutError(message="A timeout occurred : {}".format(timeoutErr)) | |
except requests.exceptions.RequestException as genErr: | |
raise Exception(message="An error occured : {}".format(genErr)) | |
finally: | |
http.close() | |
def get_vault_secrets(namespace, vault_token, vault_secret_path): | |
'''Returns secrets stored in vault using the vault namespace, token, secret path.''' | |
try: | |
auth_secrets = dict() | |
headers={"X-Vault-Namespace": namespace, "X-Vault-token": vault_token} | |
response = http.get(url=vault_secret_path, headers=headers, timeout=timeout_in_seconds) | |
response.raise_for_status() | |
data = response.json()["data"] | |
auth_secrets['resourceId'] = data['resourceId'] | |
auth_secrets['resourceSecret'] = data['resourceSecret'] | |
return auth_secrets | |
except requests.exceptions.HTTPError as httpErr: | |
raise HTTPError(message="An Http Error occurred : {}".format(httpErr)) | |
except requests.exceptions.ConnectionError as connErr: | |
raise ConnectionError(message="An error occured while connecting with the server : {}".format(connErr)) | |
except requests.exceptions.Timeout as timeoutErr: | |
raise TimeoutError(message="A timeout occurred : {}".format(timeoutErr)) | |
except requests.exceptions.RequestException as genErr: | |
raise Exception(message="An error occured : {}".format(genErr)) | |
finally: | |
http.close() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment