diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..bd95a98 --- /dev/null +++ b/.gitignore @@ -0,0 +1,71 @@ +# Editors +.vscode/ +.idea/ + +# Vagrant +.vagrant/ + +# Mac/OSX +.DS_Store + +# Windows +Thumbs.db + +# Source for the following rules: https://raw.githubusercontent.com/github/gitignore/master/Python.gitignore +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +*.egg-info/ +.installed.cfg +*.egg +MANIFEST + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.nox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +.hypothesis/ +.pytest_cache/ + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ +.dmypy.json +dmypy.json \ No newline at end of file diff --git a/.idea/vcs.xml b/.idea/vcs.xml new file mode 100644 index 0000000..94a25f7 --- /dev/null +++ b/.idea/vcs.xml @@ -0,0 +1,6 @@ + + + + + + \ No newline at end of file diff --git a/build/lib/vault/__init__.py b/build/lib/vault/__init__.py deleted file mode 100644 index 97b561e..0000000 --- a/build/lib/vault/__init__.py +++ /dev/null @@ -1,85 +0,0 @@ -import logging -from base64 import b64decode -from importlib import import_module -from json import loads -from os import environ -from typing import Dict - -from datadog import statsd - -logger = logging.getLogger(__name__) - - -def _load_de_secrets() -> Dict: - """ - Imports de_secrets module and returns a dictionary of its attributes. - """ - de_secrets = import_module("de_secrets") - return {k: getattr(de_secrets, k) for k in dir(de_secrets) if not k.startswith("_")} - - -def _load_vault_secrets() -> Dict: - """ - Load Vault injected secrets file located at VAULT_SECRETS_PATH, then perform - base 64 decode followed by JSON decode on file contents. This function - should not be called anywhere except within this module! - """ - with open(environ["VAULT_SECRETS_PATH"]) as file: - contents = file.read() - - json_secrets = b64decode(contents) - return loads(json_secrets) - - -def _get_secrets() -> Dict: - """ - Get secrets from de_secrets.py in local dev, or from Vault injected secrets file - located at path in VAULT_SECRETS_PATH. Performs base 64 decode followed by JSON - decode on file contents. - """ - if not environ.get("USE_VAULT"): - # Use dev secrets when available. - return _load_de_secrets() - - return _load_vault_secrets() - - -class VaultSecretsWrapper: - """ - Provide access to secrets as attributes and send secret-usage analytics to Datadog. - """ - - def __init__(self, secrets: Dict): - self._keys = secrets.keys() - self._env = environ.get("DD_ENV") - - for key, value in secrets.items(): - statsd.increment( - "vault.secrets.access_count", - value=1, - tags=[f"env:{self._env}", f"secret_key:{key}"], - ) - setattr(self, key, value) - - def __getattribute__(self, key: str): - """ - Override the default getattribute method so that we can track secret key - usage with Datadog. Non-secret attributes are passed on to the default method. - """ - if key not in ["_keys", "_env"] and key in self._keys: - try: - statsd.increment( - "vault.secrets.access_count", - value=1, - tags=[f"env:{self._env}", f"secret_key:{key}"], - ) - return super().__getattribute__(key) - except AttributeError as error: - logger.error(f"Requested secret could not be loaded: {key}") - raise error - - return super().__getattribute__(key) - - -secrets = VaultSecretsWrapper(_get_secrets()) -__all__ = ("secrets",) diff --git a/dist/vaultpy-0.0.1-py3-none-any.whl b/dist/vaultpy-0.0.1-py3-none-any.whl deleted file mode 100644 index 331a480..0000000 Binary files a/dist/vaultpy-0.0.1-py3-none-any.whl and /dev/null differ diff --git a/dist/vaultpy-0.0.1.tar.gz b/dist/vaultpy-0.0.1.tar.gz deleted file mode 100644 index b2dfc67..0000000 Binary files a/dist/vaultpy-0.0.1.tar.gz and /dev/null differ diff --git a/vaultpy.egg-info/PKG-INFO b/vaultpy.egg-info/PKG-INFO deleted file mode 100644 index ec41023..0000000 --- a/vaultpy.egg-info/PKG-INFO +++ /dev/null @@ -1,21 +0,0 @@ -Metadata-Version: 2.1 -Name: vaultpy -Version: 0.0.1 -Summary: A module to parse injected Vault secrets and track their usage with Datadog. -Home-page: https://github.com/DirectEmployers/vaultpy -Author: Tim Loyer -Author-email: tloyer@apps.directemployers.org -License: UNKNOWN -Description: # Vaultpy - A module to parse injected [Vault](https://www.vaultproject.io/) secrets and track their usage with Datadog. - - ## Requirements - - Local Datadog agent - - Environment variables to access it - - ## Usage - - -Platform: UNKNOWN -Requires-Python: >=3.6 -Description-Content-Type: text/markdown diff --git a/vaultpy.egg-info/SOURCES.txt b/vaultpy.egg-info/SOURCES.txt deleted file mode 100644 index 0c4a161..0000000 --- a/vaultpy.egg-info/SOURCES.txt +++ /dev/null @@ -1,8 +0,0 @@ -README.md -pyproject.toml -setup.cfg -vault/__init__.py -vaultpy.egg-info/PKG-INFO -vaultpy.egg-info/SOURCES.txt -vaultpy.egg-info/dependency_links.txt -vaultpy.egg-info/top_level.txt \ No newline at end of file diff --git a/vaultpy.egg-info/dependency_links.txt b/vaultpy.egg-info/dependency_links.txt deleted file mode 100644 index 8b13789..0000000 --- a/vaultpy.egg-info/dependency_links.txt +++ /dev/null @@ -1 +0,0 @@ - diff --git a/vaultpy.egg-info/top_level.txt b/vaultpy.egg-info/top_level.txt deleted file mode 100644 index 4c0870e..0000000 --- a/vaultpy.egg-info/top_level.txt +++ /dev/null @@ -1 +0,0 @@ -vault