Will save created secrets using the basepath of the vault secret

2016-03-23 18:05:58 +00:00
4 changed files with 7 additions and 9 deletions
--- a/README.md
+++ b/README.md
@ -46,7 +46,7 @@ spec:
          - -output=/etc/secrets
          - -cn=pki:project1/certs/example.com:common_name=commons.example.com,revoke=true,update=2h
          - -cn=secret:secret/db/prod/username:file=.credentials
-          - -cn=secret:secret/db/prod/password
+          - -cn=secret:secret/db/prod/password:create=true,file=.credentials
          - -cn=aws:aws/creds/s3_backup_policy:file=.s3_creds
        volumeMounts:
          - name: secrets
--- a/vault.go
+++ b/vault.go
@ -28,6 +28,7 @@ import (
 	"github.com/golang/glog"
 	"github.com/hashicorp/vault/api"
 	"strings"
+	"path/filepath"
 )

 const (
@ -369,7 +370,7 @@ func (r VaultService) get(rn *watchedResource) (err error) {
 		// We must generate the secret if we have the create flag
 		if rn.resource.create && secret == nil && err == nil {
 			glog.V(3).Infof("Create param specified, creating resource: %s", rn.resource.path)
-			params["value"] = NewPassword(int(rn.resource.size))
+			params[filepath.Base(rn.resource.path)] = NewPassword(int(rn.resource.size))
 			secret, err = r.client.Logical().Write(fmt.Sprintf(rn.resource.path), params)
 			glog.V(3).Infof("Secret created: %s", rn.resource.path)
 			if err == nil {
--- a/vault_resource.go
+++ b/vault_resource.go
@ -41,8 +41,6 @@ const (
 	optionExec = "exec"
 	// optionCreate creates a secret if it doesn't exist
 	optionCreate = "create"
-	// optionSize sets the initial size of a password secret
-	optionSize = "size"
 	// defaultSize sets the default size of a generic secret
 	defaultSize = 20
 )
--- a/vault_resources.go
+++ b/vault_resources.go
@ -21,6 +21,7 @@ import (
 	"strconv"
 	"strings"
 	"time"
+	"path/filepath"
 )

 // VaultResources is a collection of type resource
@ -105,12 +106,10 @@ func (r *VaultResources) Set(value string) error {
 					return fmt.Errorf("the create option is only supported for 'cn=secret' at this time")
 				}
 				rn.create = choice
-			case optionSize:
-				size, err := strconv.ParseInt(value, 10, 16)
-				if err != nil {
-					return fmt.Errorf("the size option: %s is invalid, should be an integer", value)
+				if rn.filename == nil && choice {
+					// Use the path basename
+					rn.filename = filepath.Base(rn.path)
 				}
-				rn.size = size
 			case optionExec:
 				rn.execPath = value
 			case optionFilename: