From 9c90a63f5e411e57e164c637f3ac9a31a726e4f1 Mon Sep 17 00:00:00 2001 From: Rohith Date: Mon, 21 Sep 2015 11:09:38 +0100 Subject: [PATCH 1/3] - fixed up the Makefile --- Makefile | 1 + auth.go | 0 2 files changed, 1 insertion(+) create mode 100644 auth.go diff --git a/Makefile b/Makefile index 199a7c9..10f2e89 100644 --- a/Makefile +++ b/Makefile @@ -14,6 +14,7 @@ build: docker: build sudo docker build -t ${AUTHOR}/${NAME} . + sudo docker build -t ${AUTHOR}/${NAME} . clean: rm -rf ./build 2>/dev/null diff --git a/auth.go b/auth.go new file mode 100644 index 0000000..e69de29 From b6e5503615c9b7d4bb8b4a61b6623cbc6be7b030 Mon Sep 17 00:00:00 2001 From: Rohith Date: Mon, 21 Sep 2015 11:11:19 +0100 Subject: [PATCH 2/3] - removing the auth from master for now --- auth.go | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 auth.go diff --git a/auth.go b/auth.go deleted file mode 100644 index e69de29..0000000 From 20baf582fe0a2cb6b2744d2d5e1dbe4e4cbacb2e Mon Sep 17 00:00:00 2001 From: Rohith Date: Fri, 18 Sep 2015 17:58:52 +0100 Subject: [PATCH 3/3] - fixed up the formatting - fixing up the imports --- config.go | 5 +++-- main.go | 4 ++-- utils.go | 18 +++++++++--------- vault.go | 31 ++++++++++++++++--------------- vault_resource.go | 41 ++++++++++++++++++----------------------- vault_resource_test.go | 1 - vault_resources.go | 4 ---- vault_resources_test.go | 8 -------- vault_test.go | 1 - version.go | 2 +- 10 files changed, 49 insertions(+), 66 deletions(-) diff --git a/config.go b/config.go index d445acf..bf2e8ff 100644 --- a/config.go +++ b/config.go @@ -21,8 +21,9 @@ import ( "fmt" "io/ioutil" "net/url" - "github.com/golang/glog" "time" + + "github.com/golang/glog" ) // config ... the command line configuration @@ -57,7 +58,7 @@ func init() { flag.StringVar(&options.secretsDirectory, "output", getEnv("VAULT_OUTPUT", "/etc/secrets"), "the full path to write the protected resources (VAULT_OUTPUT if available)") flag.BoolVar(&options.deleteToken, "delete-token", false, "once the we have connected to vault, delete the token file from disk") flag.BoolVar(&options.dryRun, "dry-run", false, "perform a dry run, printing the content to screen") - flag.DurationVar(&options.statsInterval, "stats", time.Duration(5) * time.Minute, "the interval to produce statistics on the accessed resources") + flag.DurationVar(&options.statsInterval, "stats", time.Duration(5)*time.Minute, "the interval to produce statistics on the accessed resources") flag.Var(options.resources, "cn", "a resource to retrieve and monitor from vault (e.g. pki:name:cert.name, secret:db_password, aws:s3_backup)") } diff --git a/main.go b/main.go index e9453fb..9fee736 100644 --- a/main.go +++ b/main.go @@ -102,7 +102,7 @@ func processResource(rn *vaultResource, data map[string]interface{}) error { case "cert": files := map[string]string{ "certificate": "crt", - "issuing_ca": "ca", + "issuing_ca": "ca", "private_key": "key", } for key, suffix := range files { @@ -169,4 +169,4 @@ func writeFile(filename string, content []byte) error { } return nil -} \ No newline at end of file +} diff --git a/utils.go b/utils.go index e7f38f2..a0bbb86 100644 --- a/utils.go +++ b/utils.go @@ -17,11 +17,11 @@ limitations under the License. package main import ( -"os" -"math/rand" -"time" "flag" "fmt" + "math/rand" + "os" + "time" ) func init() { @@ -30,10 +30,10 @@ func init() { // showUsage ... prints the command usage and exits // message : an error message to display if exiting with an error -func showUsage(message string, args ... interface{}) { +func showUsage(message string, args ...interface{}) { flag.PrintDefaults() if message != "" { - fmt.Printf("\n[error] " + message + "\n", args...) + fmt.Printf("\n[error] "+message+"\n", args...) os.Exit(1) } @@ -41,14 +41,14 @@ func showUsage(message string, args ... interface{}) { } // randomWait ... wait for a random amout of time -func randomWait(min, max int ) <-chan time.Time { - return time.After(time.Duration(getRandomWithin(min,max)) * time.Second) +func randomWait(min, max int) <-chan time.Time { + return time.After(time.Duration(getRandomWithin(min, max)) * time.Second) } // getKeys ... retrieve a list of keys from the map func getKeys(data map[string]interface{}) []string { var list []string - for key, _ := range data { + for key := range data { list = append(list, key) } return list @@ -58,7 +58,7 @@ func getKeys(data map[string]interface{}) []string { // min : the smallest number we can accept // max : the largest number we can accept func getRandomWithin(min, max int) int { - return rand.Intn(max - min) + min + return rand.Intn(max-min) + min } // getEnv ... checks to see if an environment variable exists otherwise uses the default diff --git a/vault.go b/vault.go index e752b03..05d9481 100644 --- a/vault.go +++ b/vault.go @@ -17,11 +17,11 @@ limitations under the License. package main import ( + "fmt" "time" - "github.com/hashicorp/vault/api" "github.com/golang/glog" - "fmt" + "github.com/hashicorp/vault/api" ) // a channel to send resource @@ -75,13 +75,13 @@ func (r *watchedResource) notifyOnRenewal(ch chan *watchedResource) { if r.renewalTime <= 0 { glog.V(10).Infof("calculating the renewal between 80-95 pcent of lease time: %d seconds", r.secret.LeaseDuration) r.renewalTime = time.Duration(getRandomWithin( - int(float64(r.secret.LeaseDuration) * 0.8), - int(float64(r.secret.LeaseDuration) * 0.95))) * time.Second + int(float64(r.secret.LeaseDuration)*0.8), + int(float64(r.secret.LeaseDuration)*0.95))) * time.Second } glog.V(3).Infof("setting a renewal notification on resource: %s, time: %s", r.resource, r.renewalTime) // step: wait for the duration - <- time.After(r.renewalTime) + <-time.After(r.renewalTime) // step: send the notification on the renewal channel ch <- r }() @@ -122,9 +122,10 @@ func newVaultService(url, token string) (*vaultService, error) { func (r vaultService) vaultServiceProcessor() { go func() { // a list of resource being watched - items := make([]*watchedResource, 0) + var items []*watchedResource + // the channel to receive renewal notifications on - renewChannel:= make(chan *watchedResource, 10) + renewChannel := make(chan *watchedResource, 10) retrieveChannel := make(chan *watchedResource, 10) revokeChannel := make(chan string, 10) statsChannel := time.NewTicker(options.statsInterval) @@ -142,12 +143,12 @@ func (r vaultService) vaultServiceProcessor() { // step: push into the retrieval channel retrieveChannel <- x - case x := <- retrieveChannel: + case x := <-retrieveChannel: // step: save the current lease if we have one - leaseId := "" + leaseID := "" if x.secret != nil && x.secret.LeaseID != "" { - leaseId = x.secret.LeaseID - glog.V(10).Infof("resource: %s has a previous lease: %s", x.resource, leaseId) + leaseID = x.secret.LeaseID + glog.V(10).Infof("resource: %s has a previous lease: %s", x.resource, leaseID) } // step: retrieve the resource from vault @@ -163,8 +164,8 @@ func (r vaultService) vaultServiceProcessor() { glog.Infof("succesfully retrieved resournce: %s, leaseID: %s", x.resource, x.secret.LeaseID) // step: if we had a previous lease and the option is to revoke, lets throw into the revoke channel - if leaseId != "" && x.resource.revoked { - revokeChannel <- leaseId + if leaseID != "" && x.resource.revoked { + revokeChannel <- leaseID } // step: setup a timer for renewal @@ -255,7 +256,7 @@ func (r vaultService) upstream(item *watchedResource, s *api.Secret) { glog.V(6).Infof("sending the event for resource: %s upstream to listener: %v", item.resource, item.listener) item.listener <- vaultResourceEvent{ resource: item.resource, - secret: s.Data, + secret: s.Data, } }() } @@ -336,7 +337,7 @@ func (r vaultService) get(rn *watchedResource) (err error) { rn.leaseExpireTime = rn.lastUpdated.Add(time.Duration(secret.LeaseDuration)) glog.V(3).Infof("retrieved resource: %s, leaseId: %s, lease_time: %s", - rn.resource, rn.secret.LeaseID, time.Duration(rn.secret.LeaseDuration) * time.Second) + rn.resource, rn.secret.LeaseID, time.Duration(rn.secret.LeaseDuration)*time.Second) return err } diff --git a/vault_resource.go b/vault_resource.go index 76025d5..f8a5a7d 100644 --- a/vault_resource.go +++ b/vault_resource.go @@ -19,28 +19,25 @@ package main import ( "fmt" "regexp" - "time" "strconv" -"github.com/golang/glog" + "time" ) const ( // OptionFilename ... option to set the filename of the resource OptionFilename = "fn" - // OptionsFormat ... option to set the output format (yaml, xml, json) - OptionFormat = "fmt" - // OptionsCommonName ... use by the PKI resource + // OptionFormat ... option to set the output format (yaml, xml, json) + OptionFormat = "fmt" + // OptionCommonName ... use by the PKI resource OptionCommonName = "cn" // OptionTemplatePath ... the full path to a template - OptionsTemplatePath = "tpl" - // OptionRenew ... a duration to renew the resource + OptionTemplatePath = "tpl" + // OptionRenewal ... a duration to renew the resource OptionRenewal = "rn" // OptionRevoke ... revoke an old lease when retrieving a new one OptionRevoke = "rv" // OptionUpdate ... override the lease of the resource OptionUpdate = "up" - - DefaultRenewable = "false" ) var ( @@ -48,20 +45,22 @@ var ( // a map of valid resource to retrieve from vault validResources = map[string]bool{ - "pki": true, - "aws": true, - "secret": true, - "mysql": true, - "tpl": true, + "pki": true, + "aws": true, + "secret": true, + "mysql": true, + "tpl": true, + "postgres": true, + "cassandra": true, } ) func defaultVaultResource() *vaultResource { return &vaultResource{ - format: "yaml", + format: "yaml", renewable: false, - revoked: false, - options: make(map[string]string, 0), + revoked: false, + options: make(map[string]string, 0), } } @@ -111,7 +110,7 @@ func (r *vaultResource) isValidResource() error { return fmt.Errorf("pki resource requires a common name specified") } case "tpl": - if _, found := r.options[OptionsTemplatePath]; !found { + if _, found := r.options[OptionTemplatePath]; !found { return fmt.Errorf("template resource requires a template path option") } } @@ -128,34 +127,30 @@ func (r *vaultResource) isValidOptions() error { if matched := resourceFormatRegex.MatchString(r.options[OptionFormat]); !matched { return fmt.Errorf("unsupported output format: %s", r.options[OptionFormat]) } - glog.V(20).Infof("setting the format: %s on resource: %s", val, r) r.format = val case OptionUpdate: duration, err := time.ParseDuration(val) if err != nil { return fmt.Errorf("the update option: %s is not value, should be a duration format", val) } - glog.V(20).Infof("setting the update time: %s on resource: %s", duration, r) r.update = duration case OptionRevoke: choice, err := strconv.ParseBool(val) if err != nil { return fmt.Errorf("the revoke option: %s is invalid, should be a boolean", val) } - glog.V(20).Infof("setting the revoked: %t on resource: %s", choice, r) r.revoked = choice case OptionRenewal: choice, err := strconv.ParseBool(val) if err != nil { return fmt.Errorf("the renewal option: %s is invalid, should be a boolean", val) } - glog.V(20).Infof("setting the renewable: %t on resource: %s", choice, r) r.renewable = choice case OptionFilename: // @TODO need to check it's valid filename / path case OptionCommonName: // @TODO need to check it's a valid hostname - case OptionsTemplatePath: + case OptionTemplatePath: if exists, _ := fileExists(val); !exists { return fmt.Errorf("the template file: %s does not exist", val) } diff --git a/vault_resource_test.go b/vault_resource_test.go index e03795c..f5b4d13 100644 --- a/vault_resource_test.go +++ b/vault_resource_test.go @@ -33,7 +33,6 @@ func TestResourceFilename(t *testing.T) { assert.Equal(t, "credentials", rn.filename()) } - func TestIsValid(t *testing.T) { resource := defaultVaultResource() resource.name = "/test/name" diff --git a/vault_resources.go b/vault_resources.go index 3f6b140..1c84f8d 100644 --- a/vault_resources.go +++ b/vault_resources.go @@ -33,10 +33,6 @@ type vaultResources struct { items []*vaultResource } -func (r vaultResources) size() int { - return len(r.items) -} - // Set ... implementation for the parser func (r *vaultResources) Set(value string) error { rn := defaultVaultResource() diff --git a/vault_resources_test.go b/vault_resources_test.go index c0e5b7a..57ab5ab 100644 --- a/vault_resources_test.go +++ b/vault_resources_test.go @@ -22,7 +22,6 @@ import ( "github.com/stretchr/testify/assert" ) - func TestSetResources(t *testing.T) { var items vaultResources @@ -41,13 +40,6 @@ func TestSetResources(t *testing.T) { assert.NotNil(t, items.Set("fn=filename.test,fmt=yaml")) } -func TestResourceSize(t *testing.T) { - var items vaultResources - items.Set("secret:test:fn=filename.test,fmt=yaml") - items.Set("secret:test:fn=fileame.test") - assert.Equal(t, 2, items.size()) -} - func TestResources(t *testing.T) { var items vaultResources items.Set("secret:test:fn=filename.test,fmt=yaml") diff --git a/vault_test.go b/vault_test.go index 82a3d2c..a34bf67 100644 --- a/vault_test.go +++ b/vault_test.go @@ -15,4 +15,3 @@ limitations under the License. */ package main - diff --git a/version.go b/version.go index 337c284..9b7c137 100644 --- a/version.go +++ b/version.go @@ -19,4 +19,4 @@ package main const ( Version = "0.0.1" GitSha = "" -) \ No newline at end of file +)