vault and tokens implemenation

library/servicenow/env_user.py

-#!/usr/bin/env python3
+#!/usr/bin/env /opt/gvenv/venv_csui/bin/python3
 # -*- coding: utf-8 -*-
 import requests
 import base64
+from library.vault.client import clientV
 
 # User Input
 http_proxy = 'http://x50l002:x52503@vip-proxy-l4s.snmc.cec.eu.int:8012'
 
 username = 'DIGIT-WS-SNET-SMART'
-password = ''
+password = '+Xg76;CwCr4TgBCs'
+#password =  clientV.getKV('SNOW')
 base_url = "https://digituat.service-now.com/api/emdig/v1/itsm"
 
 credentials = f"{username}:{password}"

library/vault/client.py

+#!/opt/gvenv/venv_csui/bin/python3
+import logging
+import requests
+from requests import Response, Request
+from pprint import pformat
+from json import dumps as json_dumps
+from datetime import datetime
+import time
+import sys
+import hvac
+#from library.servicenow.env_user import http_proxy
+
+class Vault(object):
+
+    def __init__(self):
+        self.session = requests.Session()
+        self.path_change = "apps-kv/dev/"
+        #self.proxies = {'http':http_proxy , 'https': http_proxy}
+        self.client = client = hvac.Client(url='https://sam-hcavault.cec.eu.int',token='hvs.CAESIAf5OKUewOGeIXP2QrUSsH-vxQ_o7MEufKxlyALb02N-GikKImh2cy45cmZWamJWQ0ZJdHZGTktlM29LWW9rbloucHhUUWIQ7IaQDw',
+                        namespace="EC/DIGIT_C4_SNET_ADMIN-ACC", verify="/etc/ssl/certs/")
+
+        print(f"Am I authenticated? : {client.is_authenticated()}")
+        #kv_configuration = client.secrets.kv.read_configuration(
+        #    mount_point='secret/apps-kv/dev',
+        #)
+        #print(f"Configuration: {kv_configuration}")
+        #list_secrets_result = client.secrets.kv.v2.list_secrets(path='SNOW', mount_point='secret/apps-kv/dev')
+        #print(f"List of Secrets: {list_secrets_result}")
+        #exit(1)
+        #secret = 'secret/apps-kv/dev/SNOW'
+        #mount_point, secret_path = secret.split('/', 1)
+        #secret_version_response = client.secrets.kv.v2.read_secret_version(
+        #    path=secret_path,
+        #    mount_point=mount_point
+        #)
+        #list_secrets_result = client.secrets.kv.v2.list_secrets(path='SNOW', mount_point='secret/apps-kv')
+        #print(f"List of Secrets: {list_secrets_result}")
+        #exit(1)
+
+
+
+    def getKV(self, key, url_params={}, **json_kwargs):
+        log.debug('GET {}'.format(key))
+        try:
+            key_request = self.path_change + key
+            read_response = self.client.secrets.kv.v2.read_secret_version(path=key_request)
+            password = read_response['data']['data']['password']
+        except Exception as error:
+            raise ConnectionError("Unable to make request")
+        return password
+
+    def createKV(self, pathK, passwordK, url_params={}, **json_kwargs):
+        log.debug('GET {}'.format(url))
+        try:
+           create_response = self.client.secrets.kv.v2.create_or_update_secret(path=pathK ,secret=dict(password=passwordK))
+        except Exception as error:
+            raise ConnectionError("Unable to make request")
+        return create_response
+
+
+log = logging.getLogger(__name__)
+clientV = Vault()

library/vault/examples/alternative.py

+#!/home/blondsi/learning/hashicorp-vault/python_hello_world/venv/bin/python
+import requests
+
+VAULT_DIEGO_URL = "https://sam-hcavault.cec.eu.int/v1/kv/data/dev-DIEGO"
+
+headers = {
+    "X-Vault-Namespace": "EC/DIGIT_C4_SNET_DEV_ACC-ENV",
+    "X-Vault-Token": "hvs.CAESIKnpu_C6vTlQmblBTIwzNkWYnKIzIwO40yMAKNnHaq1aGikKImh2cy5WVGxaS1R3bUFKajF0Sm03MTNHR1lEVkUuYTQ5SVAQ277IAg",
+    "accept": "*/*"
+}
+
+r = requests.get(VAULT_DIEGO_URL, headers=headers, verify=False)
+json = r.json()
+data = json["data"]["data"]
+print(f"Data: {data}")

library/vault/examples/configure_jwt.py

+#!/home/blondsi/learning/hashicorp-vault/python_hello_world/venv/bin/python
+import hvac
+
+client = hvac.Client(
+    url='https://sam-hcavault.cec.eu.int',
+    token='hvs.CAESIKnpu_C6vTlQmblBTIwzNkWYnKIzIwO40yMAKNnHaq1aGikKImh2cy5WVGxaS1R3bUFKajF0Sm03MTNHR1lEVkUuYTQ5SVAQ277IAg',
+    namespace="EC/DIGIT_C4_SNET_DEV_ACC-ENV",
+    verify=False
+)
+print(f"Auth ok? {client.is_authenticated()}")
+
+r = client.auth.jwt.configure(
+    jwks_url="https://code.europa.eu/-/jwks",
+    bound_issuer="code.europa.eu"
+)
+
+print(r)

library/vault/examples/main.py

+#!/home/blondsi/learning/hashicorp-vault/python_hello_world/venv/bin/python
+import hvac
+
+client = hvac.Client(
+    url='https://sam-hcavault.cec.eu.int',
+    token='hvs.CAESIKnpu_C6vTlQmblBTIwzNkWYnKIzIwO40yMAKNnHaq1aGikKImh2cy5WVGxaS1R3bUFKajF0Sm03MTNHR1lEVkUuYTQ5SVAQ277IAg',
+    namespace="EC/DIGIT_C4_SNET_DEV_ACC-ENV",
+    verify=False
+)
+print(f"Auth ok? {client.is_authenticated()}")
+
+secret = 'kv/dev-DIEGO'
+mount_point, secret_path = secret.split('/', 1)
+read_response = client.secrets.kv.v2.read_secret_version(
+    mount_point=mount_point,
+    path=secret_path,
+    version=1
+)
+print('Value under path "dev-DIEGO": {val}'.format(
+    val=read_response['data']['data'],
+))

library/vault/examples/requirement.txt

+certifi==2022.12.7
+charset-normalizer==3.0.1
+hvac==1.0.2
+idna==3.4
+pkg-resources==0.0.0
+pyhcl==0.4.4
+requests==2.28.2
+urllib3==1.26.14