add "key-cert-bundle" output format

this is a useful format for mongo's PEMKeyFile option which expects the provided key file to be the private key + cert concatenated together
2017-11-13 15:02:28 -05:00 · 2017-11-13 15:02:28 -05:00 · 00a4f08638
parent 33384b4f1c
commit 00a4f08638
3 changed files with 37 additions and 1 deletions
--- a/formats.go
+++ b/formats.go
@ -124,6 +124,40 @@ func writeCertificateBundleFile(filename string, data map[string]interface{}, mo
 	return nil
 }

+func writeKeyCertificateBundleFile(filename string, data map[string]interface{}, mode os.FileMode) error {
+	bundleFile := fmt.Sprintf("%s-bundle.pem", filename)
+	keyFile := fmt.Sprintf("%s-key.pem", filename)
+	caFile := fmt.Sprintf("%s-ca.pem", filename)
+	certFile := fmt.Sprintf("%s.pem", filename)
+
+	bundle := fmt.Sprintf("%s\n%s", data["private_key"], data["certificate"])
+	key := fmt.Sprintf("%s\n", data["private_key"])
+	ca := fmt.Sprintf("%s\n", data["issuing_ca"])
+	certificate := fmt.Sprintf("%s\n", data["certificate"])
+
+	if err := writeFile(bundleFile, []byte(bundle), mode); err != nil {
+		glog.Errorf("failed to write the bundled certificate file, error: %s", err)
+		return err
+	}
+
+	if err := writeFile(certFile, []byte(certificate), mode); err != nil {
+		glog.Errorf("failed to write the certificate file, errro: %s", err)
+		return err
+	}
+
+	if err := writeFile(caFile, []byte(ca), mode); err != nil {
+		glog.Errorf("failed to write the ca file, errro: %s", err)
+		return err
+	}
+
+	if err := writeFile(keyFile, []byte(key), mode); err != nil {
+		glog.Errorf("failed to write the key file, errro: %s", err)
+		return err
+	}
+
+	return nil
+}
+
 func writeTxtFile(filename string, data map[string]interface{}, mode os.FileMode) error {
 	keys := getKeys(data)
 	if len(keys) > 1 {
--- a/utils.go
+++ b/utils.go
@ -191,6 +191,8 @@ func processResource(rn *VaultResource, data map[string]interface{}) (err error)
 		err = writeTxtFile(filename, data, rn.fileMode)
 	case "bundle":
 		err = writeCertificateBundleFile(filename, data, rn.fileMode)
+	case "key-cert-bundle":
+		err = writeKeyCertificateBundleFile(filename, data, rn.fileMode)
 	default:
 		return fmt.Errorf("unknown output format: %s", rn.format)
 	}
--- a/vault_resource.go
+++ b/vault_resource.go
@ -57,7 +57,7 @@ const (
 )

 var (
-	resourceFormatRegex = regexp.MustCompile("^(yaml|yml|json|env|ini|txt|cert|bundle|csv)$")
+	resourceFormatRegex = regexp.MustCompile("^(yaml|yml|json|env|ini|txt|cert|bundle|key-cert-bundle|csv)$")

 	// a map of valid resource to retrieve from vault
 	validResources = map[string]bool{