1
0
Fork 0
mirror of https://github.com/Luzifer/vault-openvpn.git synced 2024-12-25 14:21:21 +00:00

Include feedback from #7

Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
Knut Ahlers 2018-05-27 10:30:28 +02:00
parent 3bd30a693c
commit 470ecccfec
Signed by: luzifer
GPG key ID: DC2729FDD34BE99E

31
main.go
View file

@ -45,7 +45,7 @@ var (
AutoRevoke bool `flag:"auto-revoke" vardefault:"auto-revoke" description:"Automatically revoke older certificates for this FQDN"` AutoRevoke bool `flag:"auto-revoke" vardefault:"auto-revoke" description:"Automatically revoke older certificates for this FQDN"`
CertTTL time.Duration `flag:"ttl" vardefault:"ttl" description:"Set the TTL for this certificate"` CertTTL time.Duration `flag:"ttl" vardefault:"ttl" description:"Set the TTL for this certificate"`
OvpnKey string `flag:"ovpn-key" vardefault:"secret/ovpn" description:"Specify a secret name that holds an OpenVPN shared key"` OVPNKey string `flag:"ovpn-key" vardefault:"ovpn-key" description:"Specify a secret name that holds an OpenVPN shared key"`
LogLevel string `flag:"log-level" vardefault:"log-level" description:"Log level to use (debug, info, warning, error)"` LogLevel string `flag:"log-level" vardefault:"log-level" description:"Log level to use (debug, info, warning, error)"`
Sort string `flag:"sort" vardefault:"sort" description:"How to sort list output (fqdn, issuedate, expiredate)"` Sort string `flag:"sort" vardefault:"sort" description:"How to sort list output (fqdn, issuedate, expiredate)"`
@ -54,13 +54,14 @@ var (
}{} }{}
defaultConfig = map[string]string{ defaultConfig = map[string]string{
"auto-revoke": "true",
"log-level": "info",
"ovpn-key": "",
"pki-mountpoint": "/pki", "pki-mountpoint": "/pki",
"pki-role": "openvpn", "pki-role": "openvpn",
"auto-revoke": "true",
"ttl": "8760h",
"log-level": "info",
"sort": "fqdn", "sort": "fqdn",
"template-path": ".", "template-path": ".",
"ttl": "8760h",
} }
version = "dev" version = "dev"
@ -72,7 +73,7 @@ type templateVars struct {
CertAuthority string CertAuthority string
Certificate string Certificate string
PrivateKey string PrivateKey string
TlsAuth string TLSAuth string
} }
type listCertificatesTableRow struct { type listCertificatesTableRow struct {
@ -292,10 +293,10 @@ func generateCertificateConfig(tplName, fqdn string) error {
tplv.CertAuthority = caCert tplv.CertAuthority = caCert
if cfg.OvpnKey != "" { if cfg.OVPNKey != "" {
tplv.TlsAuth, err = fetchOvpnKey(fqdn) tplv.TLSAuth, err = fetchOVPNKey()
if err != nil { if err != nil {
return fmt.Errorf("Could not fetch TlsAuth key: %s", err) return fmt.Errorf("Could not fetch TLSAuth key: %s", err)
} }
} }
@ -443,18 +444,24 @@ func getCACert() (string, error) {
return cs.Data["certificate"].(string), nil return cs.Data["certificate"].(string), nil
} }
func fetchOvpnKey(fqdn string) (string, error) { func fetchOVPNKey() (string, error) {
path := strings.Join([]string{"secret", "data", strings.Trim(cfg.OvpnKey, "/")}, "/") path := strings.Trim(cfg.OVPNKey, "/")
secret, err := client.Logical().Read(path) secret, err := client.Logical().Read(path)
if err != nil { if err != nil {
return "", err return "", err
} }
if secret == nil { if secret == nil || secret.Data == nil {
return "", errors.New("Got no data from backend") return "", errors.New("Got no data from backend")
} }
return secret.Data["data"].(map[string]interface {})["key"].(string), nil
key, ok := secret.Data["key"]
if !ok {
return "", errors.New("Within specified secret no entry named 'key' was found")
}
return key.(string), nil
} }
func generateCertificate(fqdn string) (*templateVars, error) { func generateCertificate(fqdn string) (*templateVars, error) {