Module: Legion::Crypt::VaultEntity
- Extended by:
- Logging::Helper
- Defined in:
- lib/legion/crypt/vault_entity.rb
Constant Summary
Constants included from Logging::Helper
Class Method Summary collapse
-
.ensure_alias(entity_id:, mount_accessor:, alias_name:) ⇒ Object
Create an alias linking an auth method mount to the entity.
-
.ensure_entity(principal_id:, canonical_name:, metadata: {}) ⇒ Object
Create or lookup a Vault entity for a Legion principal.
-
.find_by_name(canonical_name) ⇒ Object
Look up a Vault entity by its Legion canonical name.
Methods included from Logging::Helper
Class Method Details
.ensure_alias(entity_id:, mount_accessor:, alias_name:) ⇒ Object
Create an alias linking an auth method mount to the entity. Idempotent — swallows “already exists” 4xx errors.
33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 |
# File 'lib/legion/crypt/vault_entity.rb', line 33 def self.ensure_alias(entity_id:, mount_accessor:, alias_name:) vault_logical.write( 'identity/entity-alias', name: alias_name, canonical_id: entity_id, mount_accessor: mount_accessor ) rescue ::Vault::HTTPClientError => e if e..include?('already exists') log.debug 'Vault entity alias already exists (idempotent)' else handle_exception(e, level: :warn, operation: 'crypt.vault_entity.ensure_alias', alias_name: alias_name) end nil rescue StandardError => e handle_exception(e, level: :warn, operation: 'crypt.vault_entity.ensure_alias', alias_name: alias_name) nil end |
.ensure_entity(principal_id:, canonical_name:, metadata: {}) ⇒ Object
Create or lookup a Vault entity for a Legion principal. Returns the Vault entity ID string, or nil on failure.
12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
# File 'lib/legion/crypt/vault_entity.rb', line 12 def self.ensure_entity(principal_id:, canonical_name:, metadata: {}) existing = find_by_name(canonical_name) return existing if existing response = vault_logical.write( 'identity/entity', name: "legion-#{canonical_name}", metadata: .merge( legion_principal_id: principal_id, legion_canonical_name: canonical_name, managed_by: 'legion' ) ) extract_id(response) rescue StandardError => e handle_exception(e, level: :warn, operation: 'crypt.vault_entity.ensure_entity', canonical_name: canonical_name) nil end |
.find_by_name(canonical_name) ⇒ Object
Look up a Vault entity by its Legion canonical name. Returns the Vault entity ID string, or nil if not found.
54 55 56 57 58 59 60 61 62 63 64 65 |
# File 'lib/legion/crypt/vault_entity.rb', line 54 def self.find_by_name(canonical_name) response = vault_logical.read("identity/entity/name/legion-#{canonical_name}") extract_id(response) rescue ::Vault::HTTPClientError => e unless e..match?(/not found|does not exist|404/i) handle_exception(e, level: :warn, operation: 'crypt.vault_entity.find_by_name', canonical_name: canonical_name) end nil rescue StandardError => e handle_exception(e, level: :warn, operation: 'crypt.vault_entity.find_by_name', canonical_name: canonical_name) nil end |