- added the docker push test
- added the option to skip tls verify
This commit is contained in:
Rohith
parent
12c5c37746
commit
5b481fc19e
6
Makefile
6
Makefile
|
|
@ -13,12 +13,16 @@ build:
|
|||
go build -o bin/${NAME}
|
||||
|
||||
docker: build
|
||||
sudo docker build -t ${AUTHOR}/${NAME} .
|
||||
sudo docker build -t ${AUTHOR}/${NAME}:${VERSION} .
|
||||
|
||||
static:
|
||||
mkdir -p bin
|
||||
CGO_ENABLED=0 GOOS=linux go build -a -tags netgo -ldflags '-w' -o bin/${NAME}
|
||||
|
||||
push: docker
|
||||
sudo docker tag -f ${AUTHOR}/${NAME}:${VERSION} docker.io/${AUTHOR}/${NAME}:${VERSION}
|
||||
sudo docker push docker.io/${AUTHOR}/${NAME}:${VERSION}
|
||||
|
||||
release: static
|
||||
mkdir -p release
|
||||
gzip -c bin/${NAME} > release/${NAME}_${VERSION}_linux_${HARDWARE}.gz
|
||||
|
|
|
|||
|
|
@ -39,6 +39,8 @@ type config struct {
|
|||
deleteToken bool
|
||||
// switch on dry run
|
||||
dryRun bool
|
||||
// skip tls verify
|
||||
skipTLSVerify bool
|
||||
// the resource items to retrieve
|
||||
resources *vaultResources
|
||||
// the interval for producing statistics
|
||||
|
|
@ -57,6 +59,7 @@ func init() {
|
|||
flag.StringVar(&options.outputDir, "output", getEnv("VAULT_OUTPUT", "/etc/secrets"), "the full path to write the protected resources (VAULT_OUTPUT if available)")
|
||||
flag.BoolVar(&options.deleteToken, "delete-token", false, "once the we have connected to vault, delete the token file from disk")
|
||||
flag.BoolVar(&options.dryRun, "dryrun", false, "perform a dry run, printing the content to screen")
|
||||
flag.BoolVar(&options.skipTLSVerify, "tls-skip-verify", false, "skip verifying the vault certificate")
|
||||
flag.DurationVar(&options.statsInterval, "stats", time.Duration(5)*time.Minute, "the interval to produce statistics on the accessed resources")
|
||||
flag.Var(options.resources, "cn", "a resource to retrieve and monitor from vault (e.g. pki:name:cert.name, secret:db_password, aws:s3_backup)")
|
||||
}
|
||||
|
|
|
|||
11
vault.go
11
vault.go
|
|
@ -22,6 +22,8 @@ import (
|
|||
|
||||
"github.com/golang/glog"
|
||||
"github.com/hashicorp/vault/api"
|
||||
"crypto/tls"
|
||||
"net/http"
|
||||
)
|
||||
|
||||
// a channel to send resource
|
||||
|
|
@ -56,6 +58,13 @@ func newVaultService(url string) (*vaultService, error) {
|
|||
service.config = api.DefaultConfig()
|
||||
service.config.Address = url
|
||||
|
||||
// step: skip the cert verification if requested
|
||||
if options.skipTLSVerify {
|
||||
service.config.HttpClient.Transport = &http.Transport{
|
||||
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
|
||||
}
|
||||
}
|
||||
|
||||
// step: create the service processor channels
|
||||
service.resourceChannel = make(chan *watchedResource, 20)
|
||||
|
||||
|
|
@ -245,7 +254,7 @@ func (r vaultService) authenticate(auth map[string]string) (string, error) {
|
|||
// max : the maximum amount of time i'm willing to wait
|
||||
func (r vaultService) reschedule(rn *watchedResource, ch chan *watchedResource, min, max int) {
|
||||
go func(x *watchedResource) {
|
||||
glog.V(3).Infof("rescheduling the resource: %s, channel: %s", rn.resource, ch)
|
||||
glog.V(3).Infof("rescheduling the resource: %s, channel: %v", rn.resource, ch)
|
||||
<-randomWait(min, max)
|
||||
ch <- x
|
||||
}(rn)
|
||||
|
|
|
|||
Reference in a new issue