Skip to content

Commit

Permalink
feat: add skip_verify
Browse files Browse the repository at this point in the history
  • Loading branch information
Andreas Gruhler committed Nov 26, 2024
1 parent 2472d29 commit 39e7de9
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 3 deletions.
5 changes: 3 additions & 2 deletions kubernetes/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,9 @@ After the snapshot is created in a temporary directory, `s3cmd` is used to sync
## Configuration over environment variables

* `VAULT_ADDR` - Vault address to access
* `VAULT_TOKEN` - optional Vault token (if provided, overrules `VAULT_ROLE`)
* `VAULT_ROLE` - Vault role to use to create the snapshot
* `VAULT_TOKEN` - Vault token (if provided, overrules `VAULT_ROLE`)
* `VAULT_SKIP_VERIFY` - optional, set to any value to skip TLS verification
* `VAULT_ROLE` - Vault role to create the snapshot. Required when no `VAULT_TOKEN`.
* `S3_BUCKET` - S3 bucket to point to
* `S3_HOST` - S3 endpoint
* `S3_EXPIRE_DAYS` - Delete files older than this threshold (expired)
Expand Down
10 changes: 9 additions & 1 deletion kubernetes/vault_snapshot/vault_snapshot.py
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,13 @@ def __init__(self, **kwargs):
else:
raise NameError("VAULT_ADDR undefined")

if "vault_skip_verify" in kwargs:
self.skip_verify = True
elif "VAULT_SKIP_VERIFY" in os.environ:
self.skip_verify = True
else:
self.skip_verify = False

if "vault_token" in kwargs:
self.vault_token = kwargs["vault_token"]
elif "VAULT_TOKEN" in os.environ:
Expand Down Expand Up @@ -103,7 +110,8 @@ def __init__(self, **kwargs):
# https://hvac.readthedocs.io/en/stable/usage/auth_methods/kubernetes.html
login_resp = hvac.api.auth_methods.Kubernetes(self.hvac_client.adapter).login(
role=self.vault_role,
jwt=f.read()
jwt=f.read(),
verify=self.skip_verify
)
self.hvac_client.token = login_resp["auth"]["client_token"]
else:
Expand Down

0 comments on commit 39e7de9

Please sign in to comment.