luzifer/vault2env
1
0
Fork 0
mirror of https://github.com/Luzifer/vault2env.git synced 2024-11-09 16:50:06 +00:00
Code Issues Releases Wiki Activity

Added command execution in addition to execution

Browse source
This commit is contained in:
Knut Ahlers 2016-05-29 02:04:23 +02:00
parent 9d6a623494
commit 55a1666b22
Signed by: luzifer
GPG key ID: DC2729FDD34BE99E
2 changed files with 48 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
README.md
View file

@ -8,7 +8,15 @@
## Usage ## Usage
You have two ways to set the four input values the tool needs. In general this program can either output your ENV variables to use with `eval` or similar or it can run a program with populated environment.
```
# vault2env [secret path] [command]
<program is started, you see its output>
# vault2env --export [secret path]
export ...
```
### Using evironment variables ### Using evironment variables
```bash ```bash

48
main.go
View file

@ -3,16 +3,21 @@ package main
import ( import (
"fmt" "fmt"
"log" "log"
"os"
"os/exec"
"github.com/Luzifer/go_helpers/env"
"github.com/Luzifer/rconfig" "github.com/Luzifer/rconfig"
"github.com/hashicorp/vault/api" "github.com/hashicorp/vault/api"
) )
var ( var (
cfg = struct { cfg = struct {
VaultAddress string `flag:"vault-addr" env:"VAULT_ADDR" default:"https://127.0.0.1:8200" description:"Vault API address"` VaultAddress string `flag:"vault-addr" env:"VAULT_ADDR" default:"https://127.0.0.1:8200" description:"Vault API address"`
VaultAppID string `flag:"vault-app-id" env:"VAULT_APP_ID" default:"" description:"The app-id to use for authentication"` VaultAppID string `flag:"vault-app-id" env:"VAULT_APP_ID" default:"" description:"The app-id to use for authentication"`
VaultUserID string `flag:"vault-user-id" env:"VAULT_USER_ID" default:"" description:"The user-id to use for authentication"` VaultUserID string `flag:"vault-user-id" env:"VAULT_USER_ID" default:"" description:"The user-id to use for authentication"`
Export bool `flag:"export,e" default:"false" description:"Show export statements instead of running the command specified"`
VersionAndExit bool `flag:"version" default:"false" description:"Print program version and exit"`
}{} }{}
version = "dev" version = "dev"
) )
@ -20,12 +25,23 @@ var (
func init() { func init() {
rconfig.Parse(&cfg) rconfig.Parse(&cfg)
if cfg.VersionAndExit {
fmt.Printf("vault2env %s\n", version)
os.Exit(0)
}
if cfg.VaultAppID == "" || cfg.VaultUserID == "" { if cfg.VaultAppID == "" || cfg.VaultUserID == "" {
log.Fatalf("[ERR] You need to set vault-app-id and vault-user-id") log.Fatalf("[ERR] You need to set vault-app-id and vault-user-id")
} }
if len(rconfig.Args()) != 2 { if cfg.Export {
log.Fatalf("[ERR] Exactly one argument is supported: The path of the key containing env variables") if len(rconfig.Args()) != 2 {
log.Fatalf("[ERR] Usage: vault2env --export [secret path]")
}
} else {
if len(rconfig.Args()) < 3 {
log.Fatalf("[ERR] Usage: vault2env [secret path] [command]")
}
} }
} }
@ -45,17 +61,31 @@ func main() {
} }
client.SetToken(loginSecret.Auth.ClientToken) client.SetToken(loginSecret.Auth.ClientToken)
defer client.Auth().Token().RevokeSelf(client.Token())
data, err := client.Logical().Read(rconfig.Args()[1]) data, err := client.Logical().Read(rconfig.Args()[1])
if err != nil { if err != nil {
log.Fatalf("Unable to fetch data: %s", err) log.Fatalf("Unable to fetch data: %s", err)
} }
for k, v := range data.Data { if cfg.Export {
fmt.Printf("export %s=\"%s\"\n", k, v) for k, v := range data.Data {
fmt.Printf("export %s=\"%s\"\n", k, v)
}
return
} }
if err := client.Auth().Token().RevokeSelf(client.Token()); err != nil { emap := env.ListToMap(os.Environ())
log.Printf("Unable to clean up: %s", err) for k, v := range data.Data {
emap[k] = v.(string)
}
cmd := exec.Command(rconfig.Args()[2], rconfig.Args()[2:]...)
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
cmd.Stdin = os.Stdin
cmd.Env = env.MapToList(emap)
if err := cmd.Run(); err != nil {
log.Fatal("Command exitted unclean (code != 0)")
} }
} }