gered/vault-sidekick
Archived
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge pull request #2 from gambol99/fix/cert_format

Browse source 
cert format
This commit is contained in:
Rohith 2015-09-18 17:46:27 +01:00
parent feff72415a b2e19a1bb2
commit 09dfcb2120
3 changed files with 48 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
README.md
View file

@ -74,7 +74,7 @@ Or you want to rotate the secret every **1h** and **revoke** the previous one
**Output Formatting** **Output Formatting**
The following output formats are supported: json, yaml, ini, txt The following output formats are supported: json, yaml, ini, txt, cert
Using the following at the demo secrets Using the following at the demo secrets
@ -102,6 +102,8 @@ In order to change the output format:
The default format is 'txt' which has the following behavour. If the number of keys in a resource is > 1, a file is created per key. Thus using the example The default format is 'txt' which has the following behavour. If the number of keys in a resource is > 1, a file is created per key. Thus using the example
(build/vault-sidekick -cn=secret:password:fn=test) we would end up with files: test.this, test.nothing and test.demo (build/vault-sidekick -cn=secret:password:fn=test) we would end up with files: test.this, test.nothing and test.demo
Format: 'cert' is less of a format of more file scheme i.e. is just extracts the 'certificate', 'issuing_ca' and 'private_key' and creates the three files FILE.{ca,key,crt}
**Resource Options** **Resource Options**
- **fn**: (filaname) by default all file are relative to the output directory specified and will have the name NAME.RESOURCE; the fn options allows you to switch names and paths to write the files - **fn**: (filaname) by default all file are relative to the output directory specified and will have the name NAME.RESOURCE; the fn options allows you to switch names and paths to write the files

30
main.go
View file

@ -20,6 +20,7 @@ import (
"bytes" "bytes"
"encoding/json" "encoding/json"
"fmt" "fmt"
"io/ioutil"
"os" "os"
"os/signal" "os/signal"
"strings" "strings"
@ -97,6 +98,28 @@ func processResource(rn *vaultResource, data map[string]interface{}) error {
buf.WriteString(fmt.Sprintf("%s = %s\n", key, val)) buf.WriteString(fmt.Sprintf("%s = %s\n", key, val))
} }
content = buf.Bytes() content = buf.Bytes()
// Less of a format and more of a standard naming scheme
case "cert":
files := map[string]string{
"certificate": "crt",
"issuing_ca": "ca",
"private_key": "key",
}
for key, suffix := range files {
filename := fmt.Sprintf("%s.%s", resourcePath, suffix)
content, found := data[key]
if !found {
continue
}
// step: write the file
if err := writeFile(filename, []byte(fmt.Sprintf("%s", content))); err != nil {
glog.Errorf("failed to write resource: %s, elemment: %s, filename: %s, error: %s", rn, suffix, filename, err)
continue
}
}
return nil
case "txt": case "txt":
keys := getKeys(data) keys := getKeys(data)
if len(keys) > 1 { if len(keys) > 1 {
@ -140,15 +163,10 @@ func writeFile(filename string, content []byte) error {
return nil return nil
} }
file, err := os.Create(filename) err := ioutil.WriteFile(filename, content, 0660)
if err != nil { if err != nil {
return err return err
} }
defer file.Close()
if _, err := file.Write(content); err != nil {
return err
}
return nil return nil
} }

2
vault_resource.go
View file

@ -44,7 +44,7 @@ const (
) )
var ( var (
resourceFormatRegex = regexp.MustCompile("^(yaml|json|ini|txt)$") resourceFormatRegex = regexp.MustCompile("^(yaml|json|ini|txt|cert)$")
// a map of valid resource to retrieve from vault // a map of valid resource to retrieve from vault
validResources = map[string]bool{ validResources = map[string]bool{