Compare commits
1 commit
master
...
create_sec
| Author | SHA1 | Date | |
|---|---|---|---|
|
e6b637f3fe |
|
|
@ -46,7 +46,7 @@ spec:
|
||||||
- -output=/etc/secrets
|
- -output=/etc/secrets
|
||||||
- -cn=pki:project1/certs/example.com:common_name=commons.example.com,revoke=true,update=2h
|
- -cn=pki:project1/certs/example.com:common_name=commons.example.com,revoke=true,update=2h
|
||||||
- -cn=secret:secret/db/prod/username:file=.credentials
|
- -cn=secret:secret/db/prod/username:file=.credentials
|
||||||
- -cn=secret:secret/db/prod/password
|
- -cn=secret:secret/db/prod/password:create=true,file=.credentials
|
||||||
- -cn=aws:aws/creds/s3_backup_policy:file=.s3_creds
|
- -cn=aws:aws/creds/s3_backup_policy:file=.s3_creds
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: secrets
|
- name: secrets
|
||||||
|
|
|
||||||
3
vault.go
3
vault.go
|
|
@ -28,6 +28,7 @@ import (
|
||||||
"github.com/golang/glog"
|
"github.com/golang/glog"
|
||||||
"github.com/hashicorp/vault/api"
|
"github.com/hashicorp/vault/api"
|
||||||
"strings"
|
"strings"
|
||||||
|
"path/filepath"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
|
@ -369,7 +370,7 @@ func (r VaultService) get(rn *watchedResource) (err error) {
|
||||||
// We must generate the secret if we have the create flag
|
// We must generate the secret if we have the create flag
|
||||||
if rn.resource.create && secret == nil && err == nil {
|
if rn.resource.create && secret == nil && err == nil {
|
||||||
glog.V(3).Infof("Create param specified, creating resource: %s", rn.resource.path)
|
glog.V(3).Infof("Create param specified, creating resource: %s", rn.resource.path)
|
||||||
params["value"] = NewPassword(int(rn.resource.size))
|
params[filepath.Base(rn.resource.path)] = NewPassword(int(rn.resource.size))
|
||||||
secret, err = r.client.Logical().Write(fmt.Sprintf(rn.resource.path), params)
|
secret, err = r.client.Logical().Write(fmt.Sprintf(rn.resource.path), params)
|
||||||
glog.V(3).Infof("Secret created: %s", rn.resource.path)
|
glog.V(3).Infof("Secret created: %s", rn.resource.path)
|
||||||
if err == nil {
|
if err == nil {
|
||||||
|
|
|
||||||
|
|
@ -41,8 +41,6 @@ const (
|
||||||
optionExec = "exec"
|
optionExec = "exec"
|
||||||
// optionCreate creates a secret if it doesn't exist
|
// optionCreate creates a secret if it doesn't exist
|
||||||
optionCreate = "create"
|
optionCreate = "create"
|
||||||
// optionSize sets the initial size of a password secret
|
|
||||||
optionSize = "size"
|
|
||||||
// defaultSize sets the default size of a generic secret
|
// defaultSize sets the default size of a generic secret
|
||||||
defaultSize = 20
|
defaultSize = 20
|
||||||
)
|
)
|
||||||
|
|
|
||||||
|
|
@ -21,6 +21,7 @@ import (
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
"path/filepath"
|
||||||
)
|
)
|
||||||
|
|
||||||
// VaultResources is a collection of type resource
|
// VaultResources is a collection of type resource
|
||||||
|
|
@ -105,12 +106,10 @@ func (r *VaultResources) Set(value string) error {
|
||||||
return fmt.Errorf("the create option is only supported for 'cn=secret' at this time")
|
return fmt.Errorf("the create option is only supported for 'cn=secret' at this time")
|
||||||
}
|
}
|
||||||
rn.create = choice
|
rn.create = choice
|
||||||
case optionSize:
|
if rn.filename == nil && choice {
|
||||||
size, err := strconv.ParseInt(value, 10, 16)
|
// Use the path basename
|
||||||
if err != nil {
|
rn.filename = filepath.Base(rn.path)
|
||||||
return fmt.Errorf("the size option: %s is invalid, should be an integer", value)
|
|
||||||
}
|
}
|
||||||
rn.size = size
|
|
||||||
case optionExec:
|
case optionExec:
|
||||||
rn.execPath = value
|
rn.execPath = value
|
||||||
case optionFilename:
|
case optionFilename:
|
||||||
|
|
|
||||||
Reference in a new issue