From 5b481fc19e475f9c5f0f40eb5c971c44026d70cc Mon Sep 17 00:00:00 2001 From: Rohith Date: Wed, 23 Sep 2015 14:21:54 +0100 Subject: [PATCH] - added the docker push test - added the option to skip tls verify --- Makefile | 6 +++++- config.go | 3 +++ vault.go | 11 ++++++++++- 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 38de639..d607089 100644 --- a/Makefile +++ b/Makefile @@ -13,12 +13,16 @@ build: go build -o bin/${NAME} docker: build - sudo docker build -t ${AUTHOR}/${NAME} . + sudo docker build -t ${AUTHOR}/${NAME}:${VERSION} . static: mkdir -p bin CGO_ENABLED=0 GOOS=linux go build -a -tags netgo -ldflags '-w' -o bin/${NAME} +push: docker + sudo docker tag -f ${AUTHOR}/${NAME}:${VERSION} docker.io/${AUTHOR}/${NAME}:${VERSION} + sudo docker push docker.io/${AUTHOR}/${NAME}:${VERSION} + release: static mkdir -p release gzip -c bin/${NAME} > release/${NAME}_${VERSION}_linux_${HARDWARE}.gz diff --git a/config.go b/config.go index 16ff437..01ad64c 100644 --- a/config.go +++ b/config.go @@ -39,6 +39,8 @@ type config struct { deleteToken bool // switch on dry run dryRun bool + // skip tls verify + skipTLSVerify bool // the resource items to retrieve resources *vaultResources // the interval for producing statistics @@ -57,6 +59,7 @@ func init() { flag.StringVar(&options.outputDir, "output", getEnv("VAULT_OUTPUT", "/etc/secrets"), "the full path to write the protected resources (VAULT_OUTPUT if available)") flag.BoolVar(&options.deleteToken, "delete-token", false, "once the we have connected to vault, delete the token file from disk") flag.BoolVar(&options.dryRun, "dryrun", false, "perform a dry run, printing the content to screen") + flag.BoolVar(&options.skipTLSVerify, "tls-skip-verify", false, "skip verifying the vault certificate") flag.DurationVar(&options.statsInterval, "stats", time.Duration(5)*time.Minute, "the interval to produce statistics on the accessed resources") flag.Var(options.resources, "cn", "a resource to retrieve and monitor from vault (e.g. pki:name:cert.name, secret:db_password, aws:s3_backup)") } diff --git a/vault.go b/vault.go index aa2b9ff..4111d36 100644 --- a/vault.go +++ b/vault.go @@ -22,6 +22,8 @@ import ( "github.com/golang/glog" "github.com/hashicorp/vault/api" + "crypto/tls" +"net/http" ) // a channel to send resource @@ -56,6 +58,13 @@ func newVaultService(url string) (*vaultService, error) { service.config = api.DefaultConfig() service.config.Address = url + // step: skip the cert verification if requested + if options.skipTLSVerify { + service.config.HttpClient.Transport = &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, + } + } + // step: create the service processor channels service.resourceChannel = make(chan *watchedResource, 20) @@ -245,7 +254,7 @@ func (r vaultService) authenticate(auth map[string]string) (string, error) { // max : the maximum amount of time i'm willing to wait func (r vaultService) reschedule(rn *watchedResource, ch chan *watchedResource, min, max int) { go func(x *watchedResource) { - glog.V(3).Infof("rescheduling the resource: %s, channel: %s", rn.resource, ch) + glog.V(3).Infof("rescheduling the resource: %s, channel: %v", rn.resource, ch) <-randomWait(min, max) ch <- x }(rn)