Skip to content

feat(approle): add an optional profile config mount_point #27

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
cognifloyd merged 3 commits into from
Feb 27, 2025
+31 −7
Merged

feat(approle): add an optional profile config mount_point #27

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
56d9925
feat(approle): add an optional profile config `mount_point`
flavono123 Feb 26, 2025
c7bd538
chore: change log and bump
flavono123 Feb 26, 2025
3c6e8ec
docs: fix the description of mount_point
flavono123 Feb 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion CHANGES.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
# Change Log

## 2.1.0

- Support mount_point parameter for profiles config.

## 2.0.0

- Add action to generate secrets.
Expand Down Expand Up @@ -48,4 +52,4 @@ The next version will be 1.0.0 and "2" will be dropped from python_versions.

## 0.1.0

- First release
- First release
24 changes: 19 additions & 5 deletions actions/lib/action.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ class VaultBaseAction(Action):
Base Action includes st2 profile and vault client functions
for child classes.
"""

def __init__(self, config):
super().__init__(config)
self.config = config
Expand All @@ -19,7 +20,9 @@ def run(self, profile_name=None):
if profile_name is None:
profile_name = self.config.get("default_profile")
if profile_name is None:
raise ValueError("No default profile found, check the pack configuration.")
raise ValueError(
"No default profile found, check the pack configuration."
)

for profile in self.config.get("profiles", []):
if profile_name == profile["name"]:
Expand Down Expand Up @@ -78,7 +81,18 @@ def _auth_approle(self, profile):
"""
Authenticate using a vault app role to acquire the vault token.
"""
self.vault.auth.approle.login(
role_id=profile["role_id"],
secret_id=profile["secret_id"],
)
# Check if mount_point is provided in the profile
mount_point = profile.get("mount_point")

# Prepare login arguments
login_kwargs = {
"role_id": profile["role_id"],
"secret_id": profile["secret_id"],
}

# Add mount_point to kwargs if it exists in the profile
if mount_point:
login_kwargs["mount_point"] = mount_point

# Replace the direct login call with kwargs-based call
self.vault.auth.approle.login(**login_kwargs)
5 changes: 5 additions & 0 deletions config.schema.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,3 +62,8 @@ profiles:
type: "string"
secret: true
required: false
mount_point:
description: "Authentication mount point (method=approle)"
type: "string"
secret: false
required: false
2 changes: 1 addition & 1 deletion pack.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
ref: vault
name: vault
description: StackStorm pack integration with HashiCorp Vault
version: 2.0.0
version: 2.1.0
python_versions:
- "3"
author: steve.neuharth
Expand Down
1 change: 1 addition & 0 deletions vault.yaml.example
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ profiles:
auth_method: approle
role_id: '00000000-0000-0000-0000-000000000000'
secret_id: '00000000-0000-0000-0000-000000000000'
mount_point: 'my-approle'
- name: development
url: 'https://127.0.0.1:8200'
verify: false
Expand Down