This repository has been archived by the owner on May 23, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 22
/
Copy pathapp.py
117 lines (87 loc) · 3.5 KB
/
app.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
""" Main application logic
This contains all the routing information for the app
"""
import os
from flask import Flask, abort, render_template
from vault import *
from flask_material import Material
from decorators import *
import werkzeug.exceptions
app = Flask(__name__)
Material(app)
app.config.from_pyfile('settings.py', silent=True)
if "VAULT_ADDR" in os.environ:
app.config['VAULT_URL'] = os.environ['VAULT_ADDR']
if "VAULT_SKIP_VERIFY" in os.environ:
app.config['VAULT_SKIP_VERIFY'] = True
if "AUTH_METHODS" in os.environ:
app.config['AUTH_METHODS'] = os.environ['AUTH_METHODS'].split(',')
if "VAULT_PORT" in os.environ:
app.config['VAULT_PORT'] = os.environ['VAULT_PORT'].split(',')
@app.route('/')
@login_required
def index():
return render_template('index.html', username=session['username'])
@app.route('/login', methods=['GET', 'POST'])
def login():
if request.method == 'POST':
try:
token = vault_auth(request.form['username'], request.form['password'], str(request.form.get('auth_type')))
session['vault_token'] = token
session['username'] = request.form['username']
return redirect(url_for('index'))
except Exception as error: #pylint: disable=broad-except
print "Error logging in:", str(error)
return render_template('login.html', error=True, methods=app.config["AUTH_METHODS"])
else:
return render_template('login.html', methods=app.config["AUTH_METHODS"])
@app.route('/logout')
@login_required
def logout():
session.pop('vault_token', None)
return redirect(url_for('index'))
@app.route("/health")
@login_required
def health():
return render_template('health.html', servers=vault_health())
@app.route("/secrets")
@login_required
def secrets():
return render_template('secrets.html', secrets=vault_secrets(session['vault_token']))
@app.route("/users")
@login_required
def users():
return render_template('users.html', users=list_users(session['vault_token']))
@app.route("/policies")
@login_required
def policies():
return render_template('policies.html', policies=list_policies(session['vault_token']))
@app.route("/mounts")
@login_required
def mounts():
return render_template('mounts.html', secrets=list_secret_backend(session['vault_token']),
audits=list_audit(session['vault_token']), auths=list_auth(session['vault_token']))
@app.route("/read/<path:path>")
@login_required
def read_secret(path):
return render_template('secret.html', path=path, secret=list_secret(session['vault_token'], path))
@app.route('/healthcheck')
def healthcheck():
return 'Healthy'
@app.errorhandler(werkzeug.exceptions.NotFound)
def handle_404_request(error):
return render_template('404.html', error=error)
@app.errorhandler(werkzeug.exceptions.InternalServerError)
def handle_505_request(error):
return render_template('500.html', error=error)
# Implement HTTP 418
@app.route('/teapot')
def teapot():
abort(418)
if __name__ == "__main__":
if app.config['VAULT_SSL_CERT'] and app.config['VAULT_SSL_KEY']:
app.run(host='0.0.0.0', port=app.config.get('VAULT_UI_HTTPS_PORT', 443), ssl_context=(app.config['VAULT_SSL_CERT'],app.config['VAULT_SSL_KEY']))
else:
print 'Warning: Your secrets are being sent unencrypted over the network.'
print 'To enable SSL support. update the VAULT_SSL_CERT, VAULT_SSL_KEY, and VAULT_SSL_CA variables in settings.py'
app.run(host='0.0.0.0', port=app.config.get('VAULT_UI_HTTP_PORT', 80))