Adding kubernetes-vault support - slightly different file format.
This commit is contained in:
Darron Froese
parent
f0b715ce2a
commit
15817c5173
|
|
@ -39,8 +39,9 @@ func NewUserTokenPlugin(client *api.Client) AuthInterface {
|
|||
// Create retrieves the token from an environment variable or file
|
||||
func (r authTokenPlugin) Create(cfg map[string]string) (string, error) {
|
||||
filename, _ := cfg["filename"]
|
||||
fileFormat, _ := cfg["fileFormat"]
|
||||
if filename != "" {
|
||||
content, err := readConfigFile(filename)
|
||||
content, err := readConfigFile(filename, fileFormat)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -28,6 +28,8 @@ type config struct {
|
|||
vaultURL string
|
||||
// a file containing the authenticate options
|
||||
vaultAuthFile string
|
||||
// whether or not the auth file format is default
|
||||
vaultAuthFileFormat string
|
||||
// the authentication options
|
||||
vaultAuthOptions map[string]string
|
||||
// the vault ca file
|
||||
|
|
@ -56,7 +58,8 @@ func init() {
|
|||
options.vaultAuthOptions = map[string]string{VaultAuth: "token"}
|
||||
|
||||
flag.StringVar(&options.vaultURL, "vault", getEnv("VAULT_ADDR", "https://127.0.0.1:8200"), "url the vault service or VAULT_ADDR")
|
||||
flag.StringVar(&options.vaultAuthFile, "auth", "", "a configuration file in json or yaml containing authentication arguments")
|
||||
flag.StringVar(&options.vaultAuthFile, "auth", getEnv("AUTH_FILE", ""), "a configuration file in json or yaml containing authentication arguments")
|
||||
flag.StringVar(&options.vaultAuthFileFormat, "format", getEnv("AUTH_FORMAT", "default"), "the auth file format")
|
||||
flag.StringVar(&options.outputDir, "output", getEnv("VAULT_OUTPUT", "/etc/secrets"), "the full path to write resources or VAULT_OUTPUT")
|
||||
flag.BoolVar(&options.dryRun, "dryrun", false, "perform a dry run, printing the content to screen")
|
||||
flag.BoolVar(&options.tlsVerify, "tls-skip-verify", false, "whether to check and verify the vault service certificate")
|
||||
|
|
@ -85,7 +88,7 @@ func validateOptions(cfg *config) (err error) {
|
|||
if exists, _ := fileExists(cfg.vaultAuthFile); !exists {
|
||||
return fmt.Errorf("the token file: %s does not exists, please check", cfg.vaultAuthFile)
|
||||
}
|
||||
options.vaultAuthOptions, err = readConfigFile(options.vaultAuthFile)
|
||||
options.vaultAuthOptions, err = readConfigFile(options.vaultAuthFile, options.vaultAuthFileFormat)
|
||||
if err != nil {
|
||||
return fmt.Errorf("unable to read in authentication options from: %s, error: %s", cfg.vaultAuthFile, err)
|
||||
}
|
||||
|
|
|
|||
21
utils.go
21
utils.go
|
|
@ -27,10 +27,11 @@ import (
|
|||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/golang/glog"
|
||||
"gopkg.in/yaml.v2"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
|
||||
"github.com/golang/glog"
|
||||
"gopkg.in/yaml.v2"
|
||||
)
|
||||
|
||||
func init() {
|
||||
|
|
@ -69,7 +70,7 @@ func getKeys(data map[string]interface{}) []string {
|
|||
|
||||
// readConfigFile read in a configuration file
|
||||
// filename : the path to the file
|
||||
func readConfigFile(filename string) (map[string]string, error) {
|
||||
func readConfigFile(filename, fileFormat string) (map[string]string, error) {
|
||||
// step: check the file exists
|
||||
if exists, err := fileExists(filename); !exists {
|
||||
return nil, fmt.Errorf("the file: %s does not exist", filename)
|
||||
|
|
@ -84,14 +85,14 @@ func readConfigFile(filename string) (map[string]string, error) {
|
|||
case ".yml":
|
||||
return readYAMLFile(filename)
|
||||
default:
|
||||
return readJSONFile(filename)
|
||||
return readJSONFile(filename, fileFormat)
|
||||
}
|
||||
return nil, fmt.Errorf("unsupported config file format: %s", suffix)
|
||||
}
|
||||
|
||||
// readJsonFile read in and unmarshall the data into a map
|
||||
// filename : the path to the file container the json data
|
||||
func readJSONFile(filename string) (map[string]string, error) {
|
||||
func readJSONFile(filename, format string) (map[string]string, error) {
|
||||
data := make(map[string]string, 0)
|
||||
|
||||
content, err := ioutil.ReadFile(filename)
|
||||
|
|
@ -100,7 +101,15 @@ func readJSONFile(filename string) (map[string]string, error) {
|
|||
}
|
||||
// unmarshall the data
|
||||
err = json.Unmarshal(content, &data)
|
||||
if err != nil {
|
||||
if err != nil && format == "default" {
|
||||
return data, err
|
||||
}
|
||||
if err != nil && format == "kubernetes-vault" {
|
||||
if data["clientToken"] != "" {
|
||||
data[VaultAuth] = "token"
|
||||
data["token"] = data["clientToken"]
|
||||
return data, nil
|
||||
}
|
||||
return data, err
|
||||
}
|
||||
|
||||
|
|
|
|||
1
vault.go
1
vault.go
|
|
@ -433,6 +433,7 @@ func newVaultClient(opts *config) (*api.Client, error) {
|
|||
token, err = NewAppRolePlugin(client).Create(opts.vaultAuthOptions)
|
||||
case "token":
|
||||
opts.vaultAuthOptions["filename"] = options.vaultAuthFile
|
||||
opts.vaultAuthOptions["fileFormat"] = options.vaultAuthFileFormat
|
||||
token, err = NewUserTokenPlugin(client).Create(opts.vaultAuthOptions)
|
||||
default:
|
||||
return nil, fmt.Errorf("unsupported authentication plugin: %s", plugin)
|
||||
|
|
|
|||
Reference in a new issue