Vault secret fetch redesign (#15)

* Changed the fetch secrets logic * Updated the tests for the changed fetch secret logic * Removed mount point code from this branch * Incremented the verson
clear-street · May 10, 2021 · c335388 · c335388
1 parent 2dae25b
commit c335388
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 16 deletions.
diff --git a/gestalt/__init__.py b/gestalt/__init__.py
@@ -130,20 +130,8 @@ def add_config_file(self, path: str) -> None:
             raise ValueError(f'Given file path of {tmp} is not a file')
         self.__conf_files.append(tmp)
 
-    def __fetch_secrets_from_vault(self) -> None:
-
-        if len(self.__vault_paths) <= 0:
-            return
-        print("Fetching secrets from VAULT")
-        for vault_secret_path in self.__vault_paths:
-            secret_token = self.vault_client.secrets.kv.v2.read_secret_version(
-                path=vault_secret_path)
-            self.__conf_data.update(secret_token['data']['data'])
-
     def build_config(self) -> None:
         """Renders all configuration paths into the internal data structure.
-        It fetches any secrets available in vault as well and updates the
-        internal data structure.
 
         This does not affect if environment variables are used, it just deals
         with the files that need to be loaded.
@@ -196,8 +184,6 @@ def build_config(self) -> None:
         self.__conf_data = self.__flatten(self.__conf_data,
                                           sep=self.__delim_char)
 
-        self.__fetch_secrets_from_vault()
-
     def auto_env(self) -> None:
         """Auto env provides sane defaults for using environment variables
 
@@ -607,3 +593,12 @@ def add_vault_secret_path(self, path: str) -> None:
             path (str): The path to the secret in vault cluster
         """
         self.__vault_paths.append(path)
+
+    def fetch_vault_secrets(self) -> None:
+        if len(self.__vault_paths) <= 0:
+            return
+        print("Fetching secrets from VAULT")
+        for vault_secret_path in self.__vault_paths:
+            secret_token = self.vault_client.secrets.kv.v2.read_secret_version(
+                path=vault_secret_path)
+            self.__conf_data.update(secret_token['data']['data'])
diff --git a/setup.py b/setup.py
@@ -7,7 +7,7 @@ def readme():
 
 
 setup(name='gestalt-cfg',
-      version='1.0.6',
+      version='1.0.7',
       description='A sensible configuration library for Python',
       long_description=readme(),
       long_description_content_type="text/markdown",

diff --git a/tests/test_gestalt.py b/tests/test_gestalt.py
@@ -463,6 +463,7 @@ def test_vault_fail_kubernetes_auth():
 
 def test_vault_get():
     g = gestalt.Gestalt()
+    g.build_config()
     client_config = gestalt.HVAC_ClientConfig()
     client_config['url'] = ""
     client_config['token'] = "myroot"
@@ -472,6 +473,6 @@ def test_vault_get():
     print("Requires the user to set a token in the client")
     CLIENT_ID = "test_client"
     g.add_vault_secret_path("test")
-    g.build_config()
+    g.fetch_vault_secrets()
     secret = g.get_string(CLIENT_ID)
     assert secret == 'test_client_password'