Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add format support

This commit is contained in:
Ilya Makarov 2020-03-11 02:27:31 +03:00
parent ad86cf1fd9
commit d3cb0b517a
1 changed files with 35 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
lemur/plugins/lemur_vault_dest/plugin.py
View File

@ -14,7 +14,7 @@ import re
import hvac import hvac
from flask import current_app from flask import current_app
from lemur.common.defaults import common_name from lemur.common.defaults import common_name,country,state,location,organizational_unit,organization
from lemur.common.utils import parse_certificate from lemur.common.utils import parse_certificate
from lemur.plugins.bases import DestinationPlugin from lemur.plugins.bases import DestinationPlugin
from lemur.plugins.bases import SourcePlugin from lemur.plugins.bases import SourcePlugin
@ -202,22 +202,15 @@ class VaultDestinationPlugin(DestinationPlugin):
"name": "vaultPath", "name": "vaultPath",
"type": "str", "type": "str",
"required": True, "required": True,
"validation": "^([a-zA-Z0-9._-]+/?)+$", "validation": "^(([a-zA-Z0-9._-]+|{(CN|OU|O|L|S|C)})+/?)+$",
"helpMessage": "Must be a valid Vault secrets path", "helpMessage": "Must be a valid Vault secrets path. Support vars: {CN|OU|O|L|S|C}",
},
{
"name": "vaultSuffix",
"type": "str",
"required": False,
"validation": "^([a-zA-Z0-9._-]+/?)+$",
"helpMessage": "Must be a valid Vault secrets path",
}, },
{ {
"name": "objectName", "name": "objectName",
"type": "str", "type": "str",
"required": False, "required": False,
"validation": "[0-9a-zA-Z.:_-]+", "validation": "^([0-9a-zA-Z.:_-]+|{(CN|OU|O|L|S|C)})+$",
"helpMessage": "Name to bundle certs under, if blank use cn", "helpMessage": "Name to bundle certs under, if blank use {CN}. Support vars: {CN|OU|O|L|S|C}",
}, },
{ {
"name": "bundleChain", "name": "bundleChain",
@ -248,14 +241,20 @@ class VaultDestinationPlugin(DestinationPlugin):
:param cert_chain: :param cert_chain:
:return: :return:
""" """
cname = common_name(parse_certificate(body)) cert = parse_certificate(body)
cn = common_name(cert)
ou= organizational_unit(cert)
o= organization(cert)
l= location(cert)
s= state(cert)
c= country(cert)
url = self.get_option("vaultUrl", options) url = self.get_option("vaultUrl", options)
auth_method = self.get_option("authenticationMethod", options) auth_method = self.get_option("authenticationMethod", options)
auth_key = self.get_option("tokenFile/vaultRole", options) auth_key = self.get_option("tokenFile/vaultRole", options)
mount = self.get_option("vaultMount", options) mount = self.get_option("vaultMount", options)
path = self.get_option("vaultPath", options) path = self.get_option("vaultPath", options)
suffix = self.get_option("vaultSuffix", options)
bundle = self.get_option("bundleChain", options) bundle = self.get_option("bundleChain", options)
obj_name = self.get_option("objectName", options) obj_name = self.get_option("objectName", options)
api_version = self.get_option("vaultKvApiVersion", options) api_version = self.get_option("vaultKvApiVersion", options)
@ -293,15 +292,30 @@ class VaultDestinationPlugin(DestinationPlugin):
client.secrets.kv.default_kv_version = api_version client.secrets.kv.default_kv_version = api_version
if obj_name: t_path = path.format(
path = "{0}/{1}".format(path, obj_name) CN=cn,
else: OU=ou,
path = "{0}/{1}".format(path, cname) O=o,
L=l,
S=s,
C=c
)
if not obj_name:
obj_name = '{CN}'
if suffix: f_obj_name = obj_name.format(
path = "{0}/{1}".format(path, suffix) CN=cn,
OU=ou,
O=o,
L=l,
S=s,
C=c
)
secret = get_secret(client, mount, path) path = "{0}/{1}".format(t_path, obj_name)
# TODO: obj_name support for vars
secret_t = get_secret(client, mount, path)
secret["data"][cname] = {} secret["data"][cname] = {}
if not cert_chain: if not cert_chain: