Why Gemfury?
Push, build, and install
RubyGems
npm packages
Python packages
Maven artifacts
PHP packages
Go Modules
Debian packages
RPM packages
NuGet packages
tmf
tmf / @doodle/vault js
Repository URL to install this package:
|
Version:
1.0.3-rc.0 ▾
|
@doodle/vault
/
index.js
|
|---|
function _objectSpread(target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i] != null ? arguments[i] : {}; var ownKeys = Object.keys(source); if (typeof Object.getOwnPropertySymbols === 'function') { ownKeys = ownKeys.concat(Object.getOwnPropertySymbols(source).filter(function (sym) { return Object.getOwnPropertyDescriptor(source, sym).enumerable; })); } ownKeys.forEach(function (key) { _defineProperty(target, key, source[key]); }); } return target; }
function _defineProperty(obj, key, value) { if (key in obj) { Object.defineProperty(obj, key, { value: value, enumerable: true, configurable: true, writable: true }); } else { obj[key] = value; } return obj; }
function _objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = _objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }
function _objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }
/**
* Helper module for supplying tokens to `node-vault`
*
* @module @doodle/vault
* @see node-vault
*/
const path = require('path');
const os = require('os');
const NodeVault = require('node-vault');
const readToken = require('./readToken');
const mapData = require('./mapData');
const kubernetesLogin = require('./kubernetesLogin');
const homeDir = process.env.HOME || os.homedir();
const defaultLocalVaultTokenPath = path.join(homeDir, '.vault-token');
/**
* Wrapped node-vault "constructor"
*
* @param {Object} options
* @param {String} [options.endpoint=process.env.VAULT_ADDR] automatically provide the Vault address from the environment variable `VAULT_ADDR`
* @returns {NodeVault} wrapped node-vault instance
*/
const Vault = (_ref) => {
let {
endpoint = process.env.VAULT_ADDR
} = _ref,
options = _objectWithoutProperties(_ref, ["endpoint"]);
return NodeVault(_objectSpread({
endpoint
}, options));
};
/**
* Get a Vault token by supplying the volume-mounted Kubernetes service account secret
*
* @param {Object} options
* @param {String} options.role Vault role for service account
* @param {String} [options.endpoint=process.env.VAULT_ADDR] Vault address
* @param {String} [options.serviceAccountTokenPath='/var/run/secrets/kubernetes.io/serviceaccount/token'] Path of the service account token
* @param {...*} options further options for the Kubernetes login call
* @returns {String} Vault token
*/
const getKubernetesToken = async (_ref2) => {
let {
role,
endpoint = process.env.VAULT_ADDR,
serviceAccountTokenPath = '/var/run/secrets/kubernetes.io/serviceaccount/token'
} = _ref2,
options = _objectWithoutProperties(_ref2, ["role", "endpoint", "serviceAccountTokenPath"]);
const jwt = await readToken(serviceAccountTokenPath);
return kubernetesLogin(_objectSpread({
jwt,
role,
endpoint
}, options));
};
/**
* Get a Vault token by reading out the local vault token
*
* @param {Object} options
* @param {String} options.vaultTokenPath Path of the local Vault token
* @requires
* @returns {String} Vault token
*/
const getLocalToken = async ({
vaultTokenPath = defaultLocalVaultTokenPath
}) => readToken(vaultTokenPath);
/**
* Helper for wrapping getKubernetesToken or getLocalToken depending on environment
*
* @param {Object} options
* @param {String} [options.env=process.env.NODE_ENV] environment, for 'production' we get a Vault token with the Kubernetes service account token, and for everything else we try to read out the local Vault token
* @param {...*} options further options for the getKubernetesToken or getLocalToken calls
*/
const getToken = async (_ref3) => {
let {
env = process.env.NODE_ENV,
role
} = _ref3,
options = _objectWithoutProperties(_ref3, ["env", "role"]);
return env === 'production' ? getKubernetesToken(_objectSpread({
role
}, options)) : getLocalToken(options);
};
module.exports = {
getLocalToken,
getKubernetesToken,
getToken,
mapData,
Vault
};