default port is 8200, not 8000
This commit is contained in:
parent
a904f158da
commit
7e839f7058
@ -48,7 +48,7 @@ for how default values/behaviour are determined.] This element is a container fo
|
||||
Vault server. This consists of:
|
||||
... A single `uri` element.footnote:optelem[] It should be the same as the **base** URL for your Vault server.
|
||||
The default (if not specified) is to first check for a **`VAULT_SERVER`** environment variable and, if not found, to use
|
||||
`http://localhost:8000/`.
|
||||
`http://localhost:8200/`.
|
||||
... An unseal directive, which can be used to (attempt to) automatically unseal the server if it is sealed.
|
||||
This isn't required, but can assist in automatic operation.
|
||||
One of either:footnote:optelem[]
|
||||
@ -72,7 +72,7 @@ Let's look at an example configuration.
|
||||
xsi:schemaLocation="https://git.square-r00t.net/VaultPass/ http://schema.xml.r00t2.io/projects/vaultpass.xsd">
|
||||
|
||||
<server>
|
||||
<uri>http://localhost:8000/</uri>
|
||||
<uri>http://localhost:8200/</uri>
|
||||
<unseal>YOUR_UNSEAL_SHARD</unseal>
|
||||
</server>
|
||||
<auth>
|
||||
@ -82,7 +82,7 @@ Let's look at an example configuration.
|
||||
</vaultpass>
|
||||
----
|
||||
|
||||
In the above, we can see that it would use the vault server at `http://localhost:8000/` using whatever token is either
|
||||
In the above, we can see that it would use the vault server at `http://localhost:8200/` using whatever token is either
|
||||
in the **`VAULT_TOKEN`** environment variable or, if empty, the `~/.vault-token` file. Because an unseal shard was
|
||||
provided, it will be able to attempt to automatically unseal the Vault (assuming its shard will complete the threshold
|
||||
needed).
|
||||
@ -266,7 +266,7 @@ Let's look at an example of GPG-encrypted elements.
|
||||
xsi:schemaLocation="https://git.square-r00t.net/VaultPass/ http://schema.xml.r00t2.io/projects/vaultpass.xsd">
|
||||
|
||||
<server>
|
||||
<uri>http://localhost:8000/</uri>
|
||||
<uri>http://localhost:8200/</uri>
|
||||
<unsealGpg gpgHome="~/.gnupg">~/.private/vaultpass/unseal.asc</unsealGpg>
|
||||
</server>
|
||||
<authGpg gpgHome="~/.gnupg">~/.private/vaultpass/auth.gpg</unsealGpg>
|
||||
|
@ -3,8 +3,8 @@
|
||||
xmlns="https://git.square-r00t.net/VaultPass/"
|
||||
xsi:schemaLocation="https://git.square-r00t.net/VaultPass/ http://schema.xml.r00t2.io/projects/vaultpass.xsd">
|
||||
<server>
|
||||
<!-- Optional; defaults to http://localhost:8000/ -->
|
||||
<uri>http://localhost:8000/</uri>
|
||||
<!-- Optional; defaults to http://localhost:8200/ -->
|
||||
<uri>http://localhost:8200/</uri>
|
||||
<!-- OPTIONAL! If an unseal shard is provided and the server is sealed, we will attempt
|
||||
unsealing with the shard(s) provided. -->
|
||||
<unseal>WU9VUiBVTlNFQUwgU0hBUkQgSEVSRQo=</unseal>
|
||||
|
@ -1,12 +1,12 @@
|
||||
import logging
|
||||
import os
|
||||
##
|
||||
from . import logger
|
||||
_logger = logging.getLogger('VaultPass')
|
||||
from . import auth
|
||||
from . import clipboard
|
||||
from . import config
|
||||
from . import logger
|
||||
|
||||
|
||||
_logger = logging.getLogger('VaultPass')
|
||||
from . import mounts
|
||||
|
||||
|
||||
class PassMan(object):
|
||||
@ -18,19 +18,50 @@ class PassMan(object):
|
||||
self.cfg = config.getConfig(cfg)
|
||||
self._getURI()
|
||||
self.getClient()
|
||||
self._checkSeal()
|
||||
|
||||
def _checkSeal(self):
|
||||
_logger.debug('Checking and attempting unseal if necessary and possible.')
|
||||
if not self.client.sys.is_sealed():
|
||||
_logger.debug('Unsealing unnecessary; Vault is already unsealed.')
|
||||
return(None)
|
||||
shard = self.cfg.xml.find('unseal')
|
||||
if shard is None:
|
||||
_logger.debug('Vault is sealed but no key shard was provided.')
|
||||
_logger.error('Vault is sealed')
|
||||
raise RuntimeError('Vault is sealed')
|
||||
self.client.sys.submit_unseal_key(shard.text)
|
||||
if self.client.sys.is_sealed:
|
||||
_logger.debug(('Vault is sealed and either our unseal shard is incorrect or it is not enough to meet the '
|
||||
'unseal shard threshold.'))
|
||||
_logger.error('Unable to unseal')
|
||||
raise RuntimeError('Unable to unseal')
|
||||
return(None)
|
||||
|
||||
def _getURI(self):
|
||||
uri = self.cfg.xml.find('uri')
|
||||
uri = self.cfg.xml.find('.//uri')
|
||||
if uri is None:
|
||||
uri = 'http://localhost:8000/'
|
||||
pass
|
||||
_logger.debug('No server URI specified; checking ${VAULT_ADDR}')
|
||||
_uri = os.environ.get('VAULT_ADDR')
|
||||
if not _uri:
|
||||
_logger.debug('No ${VAULT_ADDR}; using default of http://localhost:8200/')
|
||||
uri = 'http://localhost:8200/'
|
||||
else:
|
||||
uri = _uri
|
||||
else:
|
||||
uri = uri.text
|
||||
self.uri = uri
|
||||
_logger.debug('Set URI to {0}'.format(self.uri))
|
||||
return(None)
|
||||
|
||||
def getClient(self):
|
||||
# This may need to be re-tooled in the future.
|
||||
auth_xml = self.cfg.xml.find('auth')
|
||||
auth_xml = self.cfg.xml.find('.//auth')
|
||||
if auth_xml is None:
|
||||
_logger.debug('No auth section was found in the configuration file.')
|
||||
_logger.error('Could not find authentication')
|
||||
raise RuntimeError('Could not find authentication')
|
||||
authmethod_xml = auth_xml.getchildren()[0]
|
||||
_logger.debug('Attempting to auto-detect the authentication method...')
|
||||
for a in dir(auth):
|
||||
if a.startswith('_'):
|
||||
continue
|
||||
@ -42,10 +73,15 @@ class PassMan(object):
|
||||
continue
|
||||
self.auth = c(self.uri,
|
||||
authmethod_xml)
|
||||
_logger.debug('Found auth method: {0}'.format(self.auth.name))
|
||||
break
|
||||
if not self.auth:
|
||||
_logger.error('Invalid auth configuration')
|
||||
_logger.debug('Auth specified ({0}) was not found or is not supported'.format(authmethod_xml.tag))
|
||||
_logger.error('Invalid auth configuration')
|
||||
raise RuntimeError('Invalid auth configuration')
|
||||
self.client = self.auth.client
|
||||
if not self.client.sys.is_initialized():
|
||||
_logger.debug('Vault instance is not initialized. Please initialize (and configure, if necessary) first.')
|
||||
_logger.error('Not initialized')
|
||||
raise RuntimeError('Not initialized')
|
||||
return(None)
|
||||
|
13
vaultpass/mounts.py
Normal file
13
vaultpass/mounts.py
Normal file
@ -0,0 +1,13 @@
|
||||
class MountHandler(object):
|
||||
def __init__(self, client, mounts_xml = None):
|
||||
self.client = client
|
||||
self.mounts = {}
|
||||
|
||||
def getSysMounts(self):
|
||||
pass
|
||||
|
||||
def print(self):
|
||||
pass
|
||||
|
||||
def search(self):
|
||||
pass
|
Reference in New Issue
Block a user