~ K A L I ~
UNAME : Linux web64.extendcp.co.uk 4.18.0-553.81.1.el8_10.x86_64 #1 SMP Mon Oct 27 11:29:19 EDT 2025 x86_64SERVER IP : 10.0.187.64 -________-
CLIENT IP : 216.73.216.163 MINI SHELL D ZAB '
| Current File : //usr/share/perl5/vendor_perl/HI/VAULT.pm |
package HI::VAULT;
use strict;
use warnings;
use Term::ReadKey;
use JSON qw( encode_json decode_json );
use LWP::UserAgent;
use constant URL_BASE => 'https://vault.extendcp.co.uk/v1/';
use constant ORG => 'gpe-uk-north/';
use constant DNS_CREDENTIALS => 'heart-internet/misc/prepare-server/dns';
use constant DB_CREDENTIALS => 'heart-internet/misc/prepare-server/db';
use constant HIVE_CREDENTIALS => 'misc/hive-api';
use constant IPMI_STUB => 'heart-internet/ipmi/';
use constant LOOKUP_SELF => 'auth/token/lookup-self';
use constant SERVER_STUB => 'heart-internet/servers/';
our $VERSION = '1.5';
sub new {
my $class = shift;
my $param = {@_};
my $self = {};
$self->{token_file} = defined($ENV{IAM}) ? '/tmp/vault_' . $ENV{IAM} : '/tmp/vault_' . $>;
$self->{vault_token} = ( defined $param->{vault_token} ) ? $param->{vault_token} : undef;
$self->{noninteractive} = ( defined $param->{noninteractive} ) ? $param->{noninteractive} : undef;
bless ($self, $class);
$self->init($param->{ua_opts});
return $self;
}
sub init {
my $self = shift;
my $ua_opts = shift;
$self->{ua} = LWP::UserAgent->new(%$ua_opts);
$self->{ua}->agent(__PACKAGE__ . '/' . $VERSION);
my $Token;
## Token has been provided to the module, this overrules any other token
if($self->{vault_token}){
$self->use_token($self->{vault_token});
## Verify that the token is valid
if (!$self->get_ttl($self->{vault_token})){
$self->{vault_token} = undef;
}else{
return;
}
}
if($Token = $self->read_token_file()) {
$self->use_token($Token);
return;
}
unless ($self->{noninteractive}){
print "\n********** VAULT Token **********\n";
## Get Vault token info
while (!$self->{vault_token}){
print "Enter token: ";
ReadMode('noecho');
chomp(my $Token = <STDIN>);
ReadMode(0);
print "\n";
$self->use_token($Token);
unless ($self->get_ttl($Token)){
print "Token invalid, reauthenticate and try again\n";
$self->{vault_token} = undef;
}
}
}
## This will trigger if we're noninteractive and the token provided isn't valid
die "No valid vault token has been provided" unless $self->{vault_token};
$self->write_token_file();
return 1;
}
sub get_token {
my $self = shift;
return (defined $self->{vault_token}) ? $self->{vault_token} : undef;
}
sub use_token {
my $self = shift;
my $token = shift;
$self->{ua}->default_header('X-Vault-Token' => $token);
$self->{"vault_token"} = $token;
return 1;
}
sub add_password {
my $self = shift;
my $server = shift;
my $password = shift;
my $server_path = server_path_for_server($server);
my $data = { data => { rootpw => $password } };
$self->write_to_uri(SERVER_STUB . $server_path, $data);
# retrieve password and check for match
my $pw = $self->get_ref_from_uri(SERVER_STUB . $server_path);
unless($pw && $pw->{'data'}->{'rootpw'} && $pw->{'data'}->{'rootpw'} eq $password) {
warn "Problem setting and/or retrieving password in vault";
}
}
sub add_ipmi_password {
my $self = shift;
my $server = shift;
my $password = shift;
my $server_path = server_path_for_server($server);
my $data = { data => { IpmiPassword => $password } };
$self->write_to_uri(IPMI_STUB . $server_path, $data);
# retrieve password and check for match
my $creds = $self->get_ipmi_credentials($server);
unless($creds && $creds->{'IpmiPassword'} && $creds->{'IpmiPassword'} eq $password) {
warn "Problem setting and/or retrieving password in vault";
}
}
sub get_ttl {
# LOOKUP_SELF is special, note url rather than uri
my $self = shift;
my $creds = $self->get_ref_from_url(URL_BASE . LOOKUP_SELF);
return $creds->{ttl};
}
sub get_dns_api_key {
my $self = shift;
my $dnscreds = $self->get_ref_from_uri(DNS_CREDENTIALS);
return $dnscreds->{'data'}->{'apikey'};
}
sub get_db_credentials {
my $self = shift;
my $dbcreds = $self->get_ref_from_uri(DB_CREDENTIALS);
return ($dbcreds->{'data'}->{'pass'}, $dbcreds->{'data'}->{'user'});
}
sub get_hive_credentials {
my $self = shift;
my $hivecreds = $self->get_ref_from_uri(HIVE_CREDENTIALS);
return ($hivecreds->{'data'}->{'team-HI-123reg'});
}
sub get_ipmi_credentials {
my $self = shift;
my $server = shift;
my $server_path = server_path_for_server($server);
my $creds = $self->get_ref_from_uri(IPMI_STUB . $server_path);
return $creds->{'data'};
}
sub get_secret_id {
my $self = shift;
my $url = shift;
my $data = shift;
my $req = HTTP::Request->new(POST => $url);
$req->content_type('application/json');
$req->content(encode_json($data));
my $res = $self->{ua}->request($req);
if ($res->is_success && $res->content) {
my $secret_data = decode_json ( $res->content );
return $secret_data->{'data'};
}
}
sub write_to_url {
my $self = shift;
my $url = shift;
my $data = shift;
my $req = HTTP::Request->new(POST => $url);
$req->content_type('application/json');
$req->content(encode_json($data));
my $res = $self->{ua}->request($req);
unless ($res->is_success) {
print $res->status_line, "\n";
}
}
sub write_to_uri {
my $self = shift;
my $uri = shift;
my $data = shift;
return $self->write_to_url(URL_BASE . ORG . 'data/' . $uri, $data);
}
sub get_ref_from_url {
my $self = shift;
my $url = shift;
my $req = HTTP::Request->new(GET => $url);
my $res = $self->{ua}->request($req);
if ($res->is_success && $res->content) {
my $creds = decode_json ( $res->content );
return $creds->{'data'};
} else {
print $res->status_line, "\n";
return undef;
}
}
sub list_ref_from_url {
my $self = shift;
my $url = shift;
my $req = HTTP::Request->new(LIST => $url);
my $res = $self->{ua}->request($req);
if ($res->is_success && $res->content) {
my $creds = decode_json ( $res->content );
return $creds->{'data'}->{'keys'};
} else {
print $res->status_line, "\n";
}
}
sub get_ref_from_uri {
my $self = shift;
my $uri = shift;
return $self->get_ref_from_url(URL_BASE . ORG . 'data/' . $uri);
}
sub list_ref_from_uri {
my $self = shift;
my $uri = shift;
return $self->list_ref_from_url(URL_BASE . ORG . 'metadata/' . $uri);
}
sub delete_url {
my $self = shift;
my $url = shift;
my $req = HTTP::Request->new(DELETE => $url);
my $res = $self->{ua}->request($req);
unless ($res->is_success) {
print $res->status_line, "\n";
return undef;
}
}
sub delete_uri {
my $self = shift;
my $uri = shift;
return $self->delete_url(URL_BASE . ORG . 'metadata/' . $uri);
}
sub read_token_file {
my $self = shift;
return undef unless -r $self->{token_file};
open(my $fh, '<', $self->{token_file}) or die "Problem opening $self->{token_file} $!";
my $jsonblob = <$fh>;
close $fh;
return undef unless $jsonblob;
my $json;
eval {
#Without the eval this will die if the file has invalid JSON content
$json = decode_json($jsonblob);
};
return undef unless defined $json;
if(defined $json->{expiry} && defined $json->{token} && $json->{expiry} > time()) {
return $json->{token};
}
return undef;
}
sub write_token_file {
my $self = shift;
my $ttl = $self->get_ttl();
my $expiry = time() + $ttl;
my $data = {
token => $self->{vault_token},
expiry => $expiry,
};
my $jsonblob = encode_json($data);
my $orig_umask = umask 0066;
open(my $fh, '>', $self->{token_file}) or die "Problem writing $self->{token_file} $!";
print $fh $jsonblob;
close $fh;
umask $orig_umask;
return 1;
}
sub server_path_for_server {
my $server = shift;
my $server_type = $server;
$server_type =~ s|\d*$||;
my $path = $server_type . '/' . $server;
return $path;
}
1
Coded by KALI :v Greetz to DR HARD ../ kali.zbi@hotmail.com