Breaking: Move vault keys to parameters

Signed-off-by: Knut Ahlers <knut@ahlers.me>

main.go

@@ -3,29 +3,31 @@ package main
 import (
 	"fmt"
 	"io/ioutil"
-	"log"
 	"os"
 	"os/exec"
 	"strings"
 
 	"github.com/Luzifer/go_helpers/env"
 	"github.com/Luzifer/rconfig"
+	log "github.com/Sirupsen/logrus"
 	"github.com/hashicorp/vault/api"
 	"github.com/mitchellh/go-homedir"
 )
 
 var (
 	cfg = struct {
-		VaultAddress string `flag:"vault-addr" env:"VAULT_ADDR" default:"https://127.0.0.1:8200" description:"Vault API address"`
-		AppRoleAuth  struct {
+		AppRoleAuth struct {
 			RoleID   string `flag:"vault-role-id" env:"VAULT_ROLE_ID" default:"" description:"ID of the role to use"`
 			SecretID string `flag:"vault-secret-id" env:"VAULT_SECRET_ID" default:"" description:"Corresponding secret ID to the role"`
 		}
+		Export    bool   `flag:"export,e" default:"false" description:"Show export statements instead of running the command specified"`
+		LogLevel  string `flag:"log-level" default:"info" description:"Verbosity of logs to use (debug, info, warning, error, ...)"`
 		TokenAuth struct {
 			Token string `flag:"vault-token" env:"VAULT_TOKEN" vardefault:"vault-token" description:"Specify a token to use instead of app-id auth"`
 		}
-		Export         bool     `flag:"export,e" default:"false" description:"Show export statements instead of running the command specified"`
 		Transform      []string `flag:"transform,t" default:"" description:"Translates keys to different names (oldkey=newkey)"`
+		VaultAddress   string   `flag:"vault-addr" env:"VAULT_ADDR" default:"https://127.0.0.1:8200" description:"Vault API address"`
+		VaultKeys      []string `flag:"key,k" default:"" description:"Keys to read and use for environment variables"`
 		VersionAndExit bool     `flag:"version" default:"false" description:"Print program version and exit"`
 	}{}
 	version = "dev"
@@ -56,14 +58,18 @@ func init() {
 		os.Exit(0)
 	}
 
-	if cfg.Export {
-		if len(rconfig.Args()) != 2 {
-			log.Fatalf("[ERR] Usage: vault2env --export [secret path]")
-		}
+	if logLevel, err := log.ParseLevel(cfg.LogLevel); err == nil {
+		log.SetLevel(logLevel)
 	} else {
-		if len(rconfig.Args()) < 3 {
-			log.Fatalf("[ERR] Usage: vault2env [secret path] [command]")
-		}
+		log.Fatalf("Unable to parse log level: %s", err)
+	}
+
+	if len(cfg.VaultKeys) == 0 || (len(cfg.VaultKeys) == 1 && cfg.VaultKeys[0] == "") {
+		log.Fatalf("[ERR] You need to specify at least one --key to read")
+	}
+
+	if !cfg.Export && len(rconfig.Args()) == 1 {
+		log.Fatalf("[ERR] Usage: vault2env [command]")
 	}
 }
 
@@ -102,20 +108,26 @@ func main() {
 		}, "\n"))
 	}
 
-	data, err := client.Logical().Read(rconfig.Args()[1])
-	if err != nil {
-		log.Fatalf("Unable to fetch data: %s", err)
-	}
-
+	envData := map[string]string{}
 	transformMap := env.ListToMap(cfg.Transform)
 
-	envData := map[string]string{}
-	for k, v := range data.Data {
-		key := k
-		if newKey, ok := transformMap[key]; ok {
-			key = newKey
+	for _, vaultKey := range cfg.VaultKeys {
+		data, err := client.Logical().Read(vaultKey)
+		if err != nil {
+			log.Errorf("Unable to fetch data: %s", err)
 		}
-		envData[key] = v.(string)
+
+		for k, v := range data.Data {
+			key := k
+			if newKey, ok := transformMap[key]; ok {
+				key = newKey
+			}
+			envData[key] = v.(string)
+		}
+	}
+
+	if len(envData) == 0 {
+		log.Fatalf("No environment data could be extracted")
 	}
 
 	if cfg.Export {
@@ -132,7 +144,7 @@ func main() {
 		}
 	}
 
-	cmd := exec.Command(rconfig.Args()[2], rconfig.Args()[3:]...)
+	cmd := exec.Command(rconfig.Args()[1], rconfig.Args()[2:]...)
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr
 	cmd.Stdin = os.Stdin