From 15817c517362341e4ec61e25ad2efe6bead9a15e Mon Sep 17 00:00:00 2001 From: Darron Froese Date: Sun, 7 May 2017 21:05:03 -0600 Subject: [PATCH] Adding kubernetes-vault support - slightly different file format. --- auth_token.go | 3 ++- config.go | 7 +++++-- utils.go | 21 +++++++++++++++------ vault.go | 1 + 4 files changed, 23 insertions(+), 9 deletions(-) diff --git a/auth_token.go b/auth_token.go index 42ac9ae..ae3e0eb 100644 --- a/auth_token.go +++ b/auth_token.go @@ -39,8 +39,9 @@ func NewUserTokenPlugin(client *api.Client) AuthInterface { // Create retrieves the token from an environment variable or file func (r authTokenPlugin) Create(cfg map[string]string) (string, error) { filename, _ := cfg["filename"] + fileFormat, _ := cfg["fileFormat"] if filename != "" { - content, err := readConfigFile(filename) + content, err := readConfigFile(filename, fileFormat) if err != nil { return "", err } diff --git a/config.go b/config.go index 0753a3b..b542ca8 100644 --- a/config.go +++ b/config.go @@ -28,6 +28,8 @@ type config struct { vaultURL string // a file containing the authenticate options vaultAuthFile string + // whether or not the auth file format is default + vaultAuthFileFormat string // the authentication options vaultAuthOptions map[string]string // the vault ca file @@ -56,7 +58,8 @@ func init() { options.vaultAuthOptions = map[string]string{VaultAuth: "token"} flag.StringVar(&options.vaultURL, "vault", getEnv("VAULT_ADDR", "https://127.0.0.1:8200"), "url the vault service or VAULT_ADDR") - flag.StringVar(&options.vaultAuthFile, "auth", "", "a configuration file in json or yaml containing authentication arguments") + flag.StringVar(&options.vaultAuthFile, "auth", getEnv("AUTH_FILE", ""), "a configuration file in json or yaml containing authentication arguments") + flag.StringVar(&options.vaultAuthFileFormat, "format", getEnv("AUTH_FORMAT", "default"), "the auth file format") flag.StringVar(&options.outputDir, "output", getEnv("VAULT_OUTPUT", "/etc/secrets"), "the full path to write resources or VAULT_OUTPUT") flag.BoolVar(&options.dryRun, "dryrun", false, "perform a dry run, printing the content to screen") flag.BoolVar(&options.tlsVerify, "tls-skip-verify", false, "whether to check and verify the vault service certificate") @@ -85,7 +88,7 @@ func validateOptions(cfg *config) (err error) { if exists, _ := fileExists(cfg.vaultAuthFile); !exists { return fmt.Errorf("the token file: %s does not exists, please check", cfg.vaultAuthFile) } - options.vaultAuthOptions, err = readConfigFile(options.vaultAuthFile) + options.vaultAuthOptions, err = readConfigFile(options.vaultAuthFile, options.vaultAuthFileFormat) if err != nil { return fmt.Errorf("unable to read in authentication options from: %s, error: %s", cfg.vaultAuthFile, err) } diff --git a/utils.go b/utils.go index 6606046..ddc3a45 100644 --- a/utils.go +++ b/utils.go @@ -27,10 +27,11 @@ import ( "strings" "time" - "github.com/golang/glog" - "gopkg.in/yaml.v2" "os/exec" "path/filepath" + + "github.com/golang/glog" + "gopkg.in/yaml.v2" ) func init() { @@ -69,7 +70,7 @@ func getKeys(data map[string]interface{}) []string { // readConfigFile read in a configuration file // filename : the path to the file -func readConfigFile(filename string) (map[string]string, error) { +func readConfigFile(filename, fileFormat string) (map[string]string, error) { // step: check the file exists if exists, err := fileExists(filename); !exists { return nil, fmt.Errorf("the file: %s does not exist", filename) @@ -84,14 +85,14 @@ func readConfigFile(filename string) (map[string]string, error) { case ".yml": return readYAMLFile(filename) default: - return readJSONFile(filename) + return readJSONFile(filename, fileFormat) } return nil, fmt.Errorf("unsupported config file format: %s", suffix) } // readJsonFile read in and unmarshall the data into a map // filename : the path to the file container the json data -func readJSONFile(filename string) (map[string]string, error) { +func readJSONFile(filename, format string) (map[string]string, error) { data := make(map[string]string, 0) content, err := ioutil.ReadFile(filename) @@ -100,7 +101,15 @@ func readJSONFile(filename string) (map[string]string, error) { } // unmarshall the data err = json.Unmarshal(content, &data) - if err != nil { + if err != nil && format == "default" { + return data, err + } + if err != nil && format == "kubernetes-vault" { + if data["clientToken"] != "" { + data[VaultAuth] = "token" + data["token"] = data["clientToken"] + return data, nil + } return data, err } diff --git a/vault.go b/vault.go index f61353a..dcc9d73 100644 --- a/vault.go +++ b/vault.go @@ -433,6 +433,7 @@ func newVaultClient(opts *config) (*api.Client, error) { token, err = NewAppRolePlugin(client).Create(opts.vaultAuthOptions) case "token": opts.vaultAuthOptions["filename"] = options.vaultAuthFile + opts.vaultAuthOptions["fileFormat"] = options.vaultAuthFileFormat token, err = NewUserTokenPlugin(client).Create(opts.vaultAuthOptions) default: return nil, fmt.Errorf("unsupported authentication plugin: %s", plugin)