lib/proxy_rb/password_fetchers/vault_password_fetcher.rb
# frozen_string_literal: true
require 'proxy_rb/password_fetchers/basic_password_fetcher'
require 'proxy_rb/user_passwords/vault_user_password'
begin
require 'vault'
rescue LoadError
ProxyRb.logger.error 'Please add `vault` to your `Gemfile` to use this password fetcher'
end
module ProxyRb
# Fetch password for user...
module PasswordFetchers
# ... from HashiCorp Vault
class VaultPasswordFetcher < BasicPasswordFetcher
include Contracts::Core
include Contracts::Builtin
protected
attr_reader :prefix, :client
public
# @param [String] prefix
# Prefix used to look up password for user name
#
# @param [Vault::Client] client
# The client used to connect to central "Vault" server
def initialize(prefix:, client: ::Vault::Client.new(address: ENV['VAULT_ADDR']))
@prefix = prefix
@client = client
end
# @param [String] user_name
# Look up user name
Contract String => String
def call(user_name)
client.with_retries(::Vault::HTTPConnectionError, ::Vault::HTTPError) do |_attempt, _e|
UserPasswords::VaultUserPassword.new(
fetch_password_for_user(user_name)
).to_s
end
end
private
def read(string)
::Vault.logical.read(File.join(prefix, string))
end
end
end
end