Class: GDK::OpenBao

Inherits:
Object
  • Object
show all
Defined in:
lib/gdk/open_bao.rb

Overview

This class configures OpenBao dev server secrets persistence for GitLab

Constant Summary collapse

NotRunningError = 
Class.new(StandardError)

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeOpenBao

Returns a new instance of OpenBao.



12
13
14
15
16
 
# File 'lib/gdk/open_bao.rb', line 12

def initialize
  @unseal_key = nil
  @root_token = nil
  @init_output = nil
end

Instance Attribute Details

#init_outputObject (readonly)

Returns the value of attribute init_output.



10
11
12
 
# File 'lib/gdk/open_bao.rb', line 10

def init_output
  @init_output
end

#root_tokenObject (readonly)

Returns the value of attribute root_token.



10
11
12
 
# File 'lib/gdk/open_bao.rb', line 10

def root_token
  @root_token
end

#unseal_keyObject (readonly)

Returns the value of attribute unseal_key.



10
11
12
 
# File 'lib/gdk/open_bao.rb', line 10

def unseal_key
  @unseal_key
end

Instance Method Details

#configureObject 



18
19
20
21
22
23
24
25
 
# File 'lib/gdk/open_bao.rb', line 18

def configure
  initialize_server
  set_unseal_key
  set_root_token
  unseal_vault(unseal_key)

  true
end

#initialize_serverObject 



27
28
29
30
31
32
 
# File 'lib/gdk/open_bao.rb', line 27

def initialize_server
  return if vault_already_initialized?

  args = %w[operator init -key-shares=1 -key-threshold=1 -format=json]
  @init_output = shellout(args)
end

#set_root_tokenObject 



66
67
68
69
70
71
72
73
74
75
76
77
 
# File 'lib/gdk/open_bao.rb', line 66

def set_root_token
  if init_output
    @root_token = JSON.parse(init_output)['root_token']

    config.bury!('openbao.root_token', root_token)
    config.save_yaml!
  else
    @root_token = config.openbao.root_token
  end

  GDK::Output.puts("The root token is: #{root_token}") unless root_token.empty?
end

#set_unseal_keyObject 



55
56
57
58
59
60
61
62
63
64
 
# File 'lib/gdk/open_bao.rb', line 55

def set_unseal_key
  if init_output
    @unseal_key = JSON.parse(init_output)['unseal_keys_hex'].pop

    config.bury!('openbao.unseal_key', unseal_key)
    config.save_yaml!
  else
    @unseal_key = config.openbao.unseal_key
  end
end

#unseal_vault(unseal_key) ⇒ Object 



34
35
36
37
38
39
40
41
 
# File 'lib/gdk/open_bao.rb', line 34

def unseal_vault(unseal_key)
  return GDK::Output.puts('OpenBao is already unsealed') unless vault_sealed?

  args = ['operator', 'unseal', unseal_key]
  shellout(args)

  GDK::Output.success('OpenBao has been unsealed successfully')
end

#vault_already_initialized?Boolean

Returns:

  • (Boolean) 


49
50
51
52
53
 
# File 'lib/gdk/open_bao.rb', line 49

def vault_already_initialized?
  args = %w[operator init -status -format json]

  JSON.parse(shellout(args))['Initialized']
end

#vault_sealed?Boolean

Returns:

  • (Boolean) 


43
44
45
46
47
 
# File 'lib/gdk/open_bao.rb', line 43

def vault_sealed?
  args = %w[status -format json]

  JSON.parse(shellout(args))['sealed']
end