From 2c07214d3d225d681ee7d3d137918509103dd43a Mon Sep 17 00:00:00 2001
From: James Munnelly <james@munnelly.eu>
Date: Wed, 21 Jun 2017 18:33:49 +0100
Subject: [PATCH 1/2] Add one-shot mode

---
 config.go |  3 +++
 main.go   | 20 ++++++++++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/config.go b/config.go
index 6382ab9..e801102 100644
--- a/config.go
+++ b/config.go
@@ -48,6 +48,8 @@ type config struct {
 	execTimeout time.Duration
 	// version flag
 	showVersion bool
+	// one-shot mode
+	oneShot bool
 }
 
 var (
@@ -70,6 +72,7 @@ func init() {
 	flag.DurationVar(&options.execTimeout, "exec-timeout", time.Duration(60)*time.Second, "the timeout applied to commands on the exec option")
 	flag.BoolVar(&options.showVersion, "version", false, "show the vault-sidekick version")
 	flag.Var(options.resources, "cn", "a resource to retrieve and monitor from vault")
+	flag.BoolVar(&options.oneShot, "one-shot", false, "retrieve resources from vault once and then exit")
 }
 
 // parseOptions validate the command line options and validates them
diff --git a/main.go b/main.go
index 70d7d1d..d9eb80b 100644
--- a/main.go
+++ b/main.go
@@ -20,6 +20,7 @@ import (
 	"fmt"
 	"os"
 	"os/signal"
+	"sync"
 	"syscall"
 
 	"github.com/golang/glog"
@@ -43,6 +44,10 @@ func main() {
 	}
 	glog.Infof("starting the %s, %s", prog, version)
 
+	if options.oneShot {
+		glog.Infof("running in one-shot mode")
+	}
+
 	// step: create a client to vault
 	vault, err := NewVaultService(options.vaultURL)
 	if err != nil {
@@ -64,6 +69,8 @@ func main() {
 		vault.Watch(rn)
 	}
 
+	toProcess := options.resources.items
+	toProcessLock := &sync.Mutex{}
 	// step: we simply wait for events i.e. secrets from vault and write them to the output directory
 	for {
 		select {
@@ -73,6 +80,19 @@ func main() {
 				if err := processResource(evt.Resource, evt.Secret); err != nil {
 					glog.Errorf("failed to write out the update, error: %s", err)
 				}
+				if options.oneShot {
+					toProcessLock.Lock()
+					defer toProcessLock.Unlock()
+					for i, r := range toProcess {
+						if evt.Resource == r {
+							toProcess = append(toProcess[:i], toProcess[i+1:]...)
+						}
+					}
+					if len(toProcess) == 0 {
+						glog.Infof("retrieved all requested resources from vault. exiting...")
+						os.Exit(0)
+					}
+				}
 			}(evt)
 		case <-signalChannel:
 			glog.Infof("recieved a termination signal, shutting down the service")

From 643f7ba6a978eb3812a81b763a46a2ce9075939c Mon Sep 17 00:00:00 2001
From: James Munnelly <james@munnelly.eu>
Date: Wed, 21 Jun 2017 19:36:13 +0100
Subject: [PATCH 2/2] Exit if there are no items to retrieve in one-shot mode

---
 main.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/main.go b/main.go
index d9eb80b..d50c095 100644
--- a/main.go
+++ b/main.go
@@ -71,6 +71,10 @@ func main() {
 
 	toProcess := options.resources.items
 	toProcessLock := &sync.Mutex{}
+	if options.oneShot && len(toProcess) == 0 {
+		glog.Infof("nothing to retrieve from vault. exiting...")
+		os.Exit(0)
+	}
 	// step: we simply wait for events i.e. secrets from vault and write them to the output directory
 	for {
 		select {