gered/vault-sidekick
Archived
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge pull request #17 from UKHomeOffice/env_expansion

Browse source 
environment variable expansion
This commit is contained in:
Rohith 2016-04-28 00:30:37 +01:00
parent 422bd58d66 890021c0e2
commit af20eefbba
4 changed files with 68 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
config.go
View file

@ -62,7 +62,7 @@ func init() {
flag.BoolVar(&options.tlsVerify, "tls-skip-verify", false, "whether to check and verify the vault service certificate") flag.BoolVar(&options.tlsVerify, "tls-skip-verify", false, "whether to check and verify the vault service certificate")
flag.StringVar(&options.vaultCaFile, "ca-cert", "", "the path to the file container the CA used to verify the vault service") flag.StringVar(&options.vaultCaFile, "ca-cert", "", "the path to the file container the CA used to verify the vault service")
flag.DurationVar(&options.statsInterval, "stats", time.Duration(1)*time.Hour, "the interval to produce statistics on the accessed resources") flag.DurationVar(&options.statsInterval, "stats", time.Duration(1)*time.Hour, "the interval to produce statistics on the accessed resources")
flag.DurationVar(&options.execTimeout, "exec-timeout", time.Duration(60) * time.Second, "the timeout applied to commands on the exec option") flag.DurationVar(&options.execTimeout, "exec-timeout", time.Duration(60)*time.Second, "the timeout applied to commands on the exec option")
flag.Var(options.resources, "cn", "a resource to retrieve and monitor from vault") flag.Var(options.resources, "cn", "a resource to retrieve and monitor from vault")
} }

3
generate.go
View file

@ -17,9 +17,8 @@ limitations under the License.
package main package main
import ( import (
"io"
"crypto/rand" "crypto/rand"
"io"
) )
var StdChars = []byte("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()-_=+,.?/:;{}[]`~") var StdChars = []byte("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()-_=+,.?/:;{}[]`~")

15
vault_resources.go
View file

@ -18,11 +18,17 @@ package main
import ( import (
"fmt" "fmt"
"os"
"regexp"
"strconv" "strconv"
"strings" "strings"
"time" "time"
) )
var (
envRegex = regexp.MustCompile("%[[:alnum:]]+%")
)
// VaultResources is a collection of type resource // VaultResources is a collection of type resource
type VaultResources struct { type VaultResources struct {
// an array of resource to retrieve // an array of resource to retrieve
@ -46,6 +52,15 @@ func (r *VaultResources) Set(value string) error {
return fmt.Errorf("invalid resource, neither type or path can be empty") return fmt.Errorf("invalid resource, neither type or path can be empty")
} }
// step: look for any token in the resource
tokens := envRegex.FindAllStringSubmatch(items[1], -1)
if len(tokens) > 0 {
for _, x := range tokens {
// step: replace the token with the environment variable
items[1] = strings.Replace(items[1], x[0], os.Getenv(strings.Replace(x[0], "%", "", -1)), -1)
}
}
// step: extract the elements // step: extract the elements
rn.resource = items[0] rn.resource = items[0]
rn.path = items[1] rn.path = items[1]

51
vault_resources_test.go
View file

@ -17,6 +17,7 @@ limitations under the License.
package main package main
import ( import (
"os"
"testing" "testing"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
@ -33,6 +34,8 @@ func TestSetResources(t *testing.T) {
assert.Nil(t, items.Set("pki:example-dot-com:common_name=blah.example.com")) assert.Nil(t, items.Set("pki:example-dot-com:common_name=blah.example.com"))
assert.Nil(t, items.Set("pki:example-dot-com:common_name=blah.example.com,file=/etc/certs/ssl/blah.example.com")) assert.Nil(t, items.Set("pki:example-dot-com:common_name=blah.example.com,file=/etc/certs/ssl/blah.example.com"))
assert.Nil(t, items.Set("pki:example-dot-com:common_name=blah.example.com,renew=true")) assert.Nil(t, items.Set("pki:example-dot-com:common_name=blah.example.com,renew=true"))
assert.Nil(t, items.Set("secret:secrets/%ENV%/me:file=filename.test,fmt=yaml"))
assert.NotNil(t, items.Set("secret:")) assert.NotNil(t, items.Set("secret:"))
assert.NotNil(t, items.Set("secret:test:file=filename.test,fmt=")) assert.NotNil(t, items.Set("secret:test:file=filename.test,fmt="))
assert.NotNil(t, items.Set("secret::file=filename.test,fmt=yaml")) assert.NotNil(t, items.Set("secret::file=filename.test,fmt=yaml"))
@ -40,6 +43,54 @@ func TestSetResources(t *testing.T) {
assert.NotNil(t, items.Set("file=filename.test,fmt=yaml")) assert.NotNil(t, items.Set("file=filename.test,fmt=yaml"))
} }
func TestSetEnvironmentResource(t *testing.T) {
tests := []struct {
ResourceText string
ExpectedPath string
Vars map[string]string
}{
{
ResourceText: "secret:secrets/%ENV/me:file=filename.test,fmt=yaml",
ExpectedPath: "secrets/%ENV/me",
},
{
ResourceText: "secret:secrets/%ENV%/me:file=filename.test,fmt=yaml",
ExpectedPath: "secrets/dev/me",
Vars: map[string]string{
"ENV": "dev",
},
},
{
ResourceText: "secret:secrets/%ENV%/me/%ENV%:file=filename.test,fmt=yaml",
ExpectedPath: "secrets/dev/me/dev",
Vars: map[string]string{
"ENV": "dev",
},
},
{
ResourceText: "secret:secrets/%ENV%/me/%THING%:file=filename.test,fmt=yaml",
ExpectedPath: "secrets/dev/me/yes",
Vars: map[string]string{
"ENV": "dev",
"THING": "yes",
},
},
}
for i, c := range tests {
var resource VaultResources
if len(c.Vars) > 0 {
for k, v := range c.Vars {
os.Setenv(k, v)
}
}
if !assert.NoError(t, resource.Set(c.ResourceText), "case %d, should not have failed", i) {
continue
}
assert.Equal(t, c.ExpectedPath, resource.items[0].path, "case %d, the paths do not match", i)
}
}
/* /*
func TestResources(t *testing.T) { func TestResources(t *testing.T) {
var items VaultResources var items VaultResources