This repository has been archived by the owner on Dec 18, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrotate.py
50 lines (39 loc) · 2.3 KB
/
rotate.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
import requests
import json
import os
##### Create local variables based on environment variables
# Rubrik Variables
rubrikUrl = os.environ['rubrikBaseUrl'] + os.environ['rubrikEndpoint'] # URL to the Rubrik API
rubrikExpiration = os.environ['rubrikExpiration'] # Expiration in minutes (1440 = 1 day)
rubrikTag = os.environ['rubrikTag'] # Tag to help identify the token
rubrikBasicAuth = 'Basic ' + os.environ['rubrikBasicAuth'] # Creds to auth as the service account in Rubrik
# Vault Variables
vaultUrl = os.environ['vaultUrl'] # URL to the Vault API
vaultToken = os.environ['vaultToken'] # Token to auth as the service account in Vault
def lambda_handler(event, context):
##################################################################################################################
##### Create the Rubrik payload (body) as a dict
payload_raw = {'initParams': {'apiToken': {'expiration': int(rubrikExpiration), 'tag': rubrikTag}}}
payload = json.dumps(payload_raw)
# Create the Rubrik header using Basic Authentication with Base64 encoded value
headers = {
'Authorization': rubrikBasicAuth
}
# Create new Rubrik API Token for the service account
# Note: Due to using a self-signed certificate on the Rubrik demo cluster, verify is set to False
print('Sending request to Rubrik')
response = requests.post(rubrikUrl, headers=headers, data=payload, verify=False)
# Store the new Rubrik API token by looking inside of the session response details
token = response.json()['session']['token']
##################################################################################################################
##### Create the Vault payload (body) as a dict using the Rubrik API Token
payload_raw = {'data': {'token': token}}
payload = json.dumps(payload_raw)
# Create the Vault header using Basic Authentication Base64 encoded value
headers = {
'X-Vault-Token': vaultToken
}
# Create new Rubrik API Token for the service account
# Note: Due to using a self-signed certificate on the Vault demo instance, verify is set to False
print('Sending request to Vault')
response = requests.post(vaultUrl, headers=headers, data=payload, verify=False)