Module: Conjur::PuppetModule::Identity

Defined in:
lib/conjur/puppet_module/identity.rb

Overview

This module is in charge of retrieving Conjur identity information from the agent

Constant Summary collapse

NETRC_FILE_PATH = 
'/etc/conjur.identity'

Class Method Summary collapse

Class Method Details

.from_file(uri, config) ⇒ Object 



23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'lib/conjur/puppet_module/identity.rb', line 23

def from_file(uri, config)
  netrc_path = config['netrc_path'] || NETRC_FILE_PATH

  return unless File.exist?(netrc_path)

  File.open netrc_path do |netrc|
    found =  = password = nil
    netrc.each_line do |line|
      key, value, = line.split
      case key
      when 'machine'
        found = value.start_with?(uri.to_s) || value == uri.host
      when 'login'
         = value if found
      when 'password'
        password = value if found
      end

      return [, password] if  && password
    end

    Puppet.warning "Could not find Conjur authentication info for host '#{uri}'" unless found
    return []
  end
end

.from_wincred(uri) ⇒ Object 



49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
 
# File 'lib/conjur/puppet_module/identity.rb', line 49

def from_wincred(uri)
  raise 'Conjur::PuppetModule::Identity#from_wincred is only supported on Windows' \
    unless Puppet.features.microsoft_windows?

  require 'wincred/wincred'

  Puppet.debug "Finding Conjur credentials in WinCred storage for uri: #{uri}"
  matching_creds = WinCred.enumerate_credentials.select do |cred|
    cred[:target].start_with?(uri.to_s) || \
      cred[:target] == "#{uri.host}:#{uri.port}" || \
      cred[:target] == uri.host
  end

  if matching_creds.empty?
    Puppet.warning 'Could not find any pre-populated Conjur credentials in WinCred ' \
                   "storage for #{uri}"
    return []
  end

  # We select the first one if there's multiple matches
  matching_cred = matching_creds.first

  Puppet.debug "Using Conjur credential '#{matching_cred[:target]}' for identity"
  [matching_cred[:username], matching_cred[:value].force_encoding('utf-16le').encode('utf-8')]
end

.load(config) ⇒ Object 



11
12
13
14
15
16
17
18
19
20
21
 
# File 'lib/conjur/puppet_module/identity.rb', line 11

def load(config)
  appliance_url = config['appliance_url']

  unless appliance_url
    Puppet.warning('Conjur identity cannot be found as the appliance_url is empty')
    return []
  end

  uri = URI.parse(appliance_url)
  Puppet.features.microsoft_windows? ? from_wincred(uri) : from_file(uri, config)
end