Skip to content

Commit

Permalink
feat: add skip_verify
Browse files Browse the repository at this point in the history
  • Loading branch information
Andreas Gruhler committed Nov 26, 2024
1 parent 2472d29 commit 238c967
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 5 deletions.
5 changes: 3 additions & 2 deletions kubernetes/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,9 @@ After the snapshot is created in a temporary directory, `s3cmd` is used to sync
## Configuration over environment variables

* `VAULT_ADDR` - Vault address to access
* `VAULT_TOKEN` - optional Vault token (if provided, overrules `VAULT_ROLE`)
* `VAULT_ROLE` - Vault role to use to create the snapshot
* `VAULT_TOKEN` - Vault token (if provided, overrules `VAULT_ROLE`)
* `VAULT_SKIP_VERIFY` - optional, set to any value to skip TLS verification
* `VAULT_ROLE` - Vault role to create the snapshot. Required when no `VAULT_TOKEN`.
* `S3_BUCKET` - S3 bucket to point to
* `S3_HOST` - S3 endpoint
* `S3_EXPIRE_DAYS` - Delete files older than this threshold (expired)
Expand Down
14 changes: 11 additions & 3 deletions kubernetes/vault_snapshot/vault_snapshot.py
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,13 @@ def __init__(self, **kwargs):
else:
raise NameError("VAULT_ADDR undefined")

if "vault_skip_verify" in kwargs:
self.verify = False
elif "VAULT_SKIP_VERIFY" in os.environ:
self.verify = False
else:
self.verify = True

if "vault_token" in kwargs:
self.vault_token = kwargs["vault_token"]
elif "VAULT_TOKEN" in os.environ:
Expand Down Expand Up @@ -91,7 +98,8 @@ def __init__(self, **kwargs):
aws_secret_access_key=self.s3_secret_access_key)

self.logger.info(f"Connecting to Vault API {self.vault_addr}")
self.hvac_client = hvac.Client(url=self.vault_addr)
self.hvac_client = hvac.Client(url=self.vault_addr,
verify=self.verify)

# try setting VAULT_TOKEN if exists
if hasattr(self, "vault_token") and len(self.vault_token) > 0:
Expand Down Expand Up @@ -153,8 +161,8 @@ def snapshot(self):
for o in objs:
self.logger.info(f"LastModified: {o['LastModified']}")
# expire keys when older than S3_EXPIRE_DAYS
if self.s3_expire_days >= 0:
if o["LastModified"] <= datetime.now(UTC) - timedelta(days=self.s3_expire_days):
if int(self.s3_expire_days) >= 0:
if o["LastModified"] <= datetime.now(UTC) - timedelta(days=int(self.s3_expire_days)):
self.logger.info(f"Deleting expired snapshot {o['Key']}")
s3.Object(self.s3_bucket, o["Key"]).delete()

Expand Down

0 comments on commit 238c967

Please sign in to comment.