Rohith
commit
09dfcb2120
|
|
@ -74,7 +74,7 @@ Or you want to rotate the secret every **1h** and **revoke** the previous one
|
|||
|
||||
**Output Formatting**
|
||||
|
||||
The following output formats are supported: json, yaml, ini, txt
|
||||
The following output formats are supported: json, yaml, ini, txt, cert
|
||||
|
||||
Using the following at the demo secrets
|
||||
|
||||
|
|
@ -102,6 +102,8 @@ In order to change the output format:
|
|||
The default format is 'txt' which has the following behavour. If the number of keys in a resource is > 1, a file is created per key. Thus using the example
|
||||
(build/vault-sidekick -cn=secret:password:fn=test) we would end up with files: test.this, test.nothing and test.demo
|
||||
|
||||
Format: 'cert' is less of a format of more file scheme i.e. is just extracts the 'certificate', 'issuing_ca' and 'private_key' and creates the three files FILE.{ca,key,crt}
|
||||
|
||||
**Resource Options**
|
||||
|
||||
- **fn**: (filaname) by default all file are relative to the output directory specified and will have the name NAME.RESOURCE; the fn options allows you to switch names and paths to write the files
|
||||
|
|
|
|||
30
main.go
30
main.go
|
|
@ -20,6 +20,7 @@ import (
|
|||
"bytes"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"os/signal"
|
||||
"strings"
|
||||
|
|
@ -97,6 +98,28 @@ func processResource(rn *vaultResource, data map[string]interface{}) error {
|
|||
buf.WriteString(fmt.Sprintf("%s = %s\n", key, val))
|
||||
}
|
||||
content = buf.Bytes()
|
||||
// Less of a format and more of a standard naming scheme
|
||||
case "cert":
|
||||
files := map[string]string{
|
||||
"certificate": "crt",
|
||||
"issuing_ca": "ca",
|
||||
"private_key": "key",
|
||||
}
|
||||
for key, suffix := range files {
|
||||
filename := fmt.Sprintf("%s.%s", resourcePath, suffix)
|
||||
content, found := data[key]
|
||||
if !found {
|
||||
continue
|
||||
}
|
||||
|
||||
// step: write the file
|
||||
if err := writeFile(filename, []byte(fmt.Sprintf("%s", content))); err != nil {
|
||||
glog.Errorf("failed to write resource: %s, elemment: %s, filename: %s, error: %s", rn, suffix, filename, err)
|
||||
continue
|
||||
}
|
||||
}
|
||||
return nil
|
||||
|
||||
case "txt":
|
||||
keys := getKeys(data)
|
||||
if len(keys) > 1 {
|
||||
|
|
@ -140,15 +163,10 @@ func writeFile(filename string, content []byte) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
file, err := os.Create(filename)
|
||||
err := ioutil.WriteFile(filename, content, 0660)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer file.Close()
|
||||
|
||||
if _, err := file.Write(content); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
|
@ -44,7 +44,7 @@ const (
|
|||
)
|
||||
|
||||
var (
|
||||
resourceFormatRegex = regexp.MustCompile("^(yaml|json|ini|txt)$")
|
||||
resourceFormatRegex = regexp.MustCompile("^(yaml|json|ini|txt|cert)$")
|
||||
|
||||
// a map of valid resource to retrieve from vault
|
||||
validResources = map[string]bool{
|
||||
|
|
|
|||
Reference in a new issue