mirror of
https://github.com/Luzifer/vault2env.git
synced 2024-12-20 20:21:20 +00:00
Breaking: Move vault keys to parameters
Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
parent
3d36311495
commit
fa236753ec
1 changed files with 35 additions and 23 deletions
44
main.go
44
main.go
|
@ -3,29 +3,31 @@ package main
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"log"
|
|
||||||
"os"
|
"os"
|
||||||
"os/exec"
|
"os/exec"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/Luzifer/go_helpers/env"
|
"github.com/Luzifer/go_helpers/env"
|
||||||
"github.com/Luzifer/rconfig"
|
"github.com/Luzifer/rconfig"
|
||||||
|
log "github.com/Sirupsen/logrus"
|
||||||
"github.com/hashicorp/vault/api"
|
"github.com/hashicorp/vault/api"
|
||||||
"github.com/mitchellh/go-homedir"
|
"github.com/mitchellh/go-homedir"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
cfg = struct {
|
cfg = struct {
|
||||||
VaultAddress string `flag:"vault-addr" env:"VAULT_ADDR" default:"https://127.0.0.1:8200" description:"Vault API address"`
|
|
||||||
AppRoleAuth struct {
|
AppRoleAuth struct {
|
||||||
RoleID string `flag:"vault-role-id" env:"VAULT_ROLE_ID" default:"" description:"ID of the role to use"`
|
RoleID string `flag:"vault-role-id" env:"VAULT_ROLE_ID" default:"" description:"ID of the role to use"`
|
||||||
SecretID string `flag:"vault-secret-id" env:"VAULT_SECRET_ID" default:"" description:"Corresponding secret ID to the role"`
|
SecretID string `flag:"vault-secret-id" env:"VAULT_SECRET_ID" default:"" description:"Corresponding secret ID to the role"`
|
||||||
}
|
}
|
||||||
|
Export bool `flag:"export,e" default:"false" description:"Show export statements instead of running the command specified"`
|
||||||
|
LogLevel string `flag:"log-level" default:"info" description:"Verbosity of logs to use (debug, info, warning, error, ...)"`
|
||||||
TokenAuth struct {
|
TokenAuth struct {
|
||||||
Token string `flag:"vault-token" env:"VAULT_TOKEN" vardefault:"vault-token" description:"Specify a token to use instead of app-id auth"`
|
Token string `flag:"vault-token" env:"VAULT_TOKEN" vardefault:"vault-token" description:"Specify a token to use instead of app-id auth"`
|
||||||
}
|
}
|
||||||
Export bool `flag:"export,e" default:"false" description:"Show export statements instead of running the command specified"`
|
|
||||||
Transform []string `flag:"transform,t" default:"" description:"Translates keys to different names (oldkey=newkey)"`
|
Transform []string `flag:"transform,t" default:"" description:"Translates keys to different names (oldkey=newkey)"`
|
||||||
|
VaultAddress string `flag:"vault-addr" env:"VAULT_ADDR" default:"https://127.0.0.1:8200" description:"Vault API address"`
|
||||||
|
VaultKeys []string `flag:"key,k" default:"" description:"Keys to read and use for environment variables"`
|
||||||
VersionAndExit bool `flag:"version" default:"false" description:"Print program version and exit"`
|
VersionAndExit bool `flag:"version" default:"false" description:"Print program version and exit"`
|
||||||
}{}
|
}{}
|
||||||
version = "dev"
|
version = "dev"
|
||||||
|
@ -56,14 +58,18 @@ func init() {
|
||||||
os.Exit(0)
|
os.Exit(0)
|
||||||
}
|
}
|
||||||
|
|
||||||
if cfg.Export {
|
if logLevel, err := log.ParseLevel(cfg.LogLevel); err == nil {
|
||||||
if len(rconfig.Args()) != 2 {
|
log.SetLevel(logLevel)
|
||||||
log.Fatalf("[ERR] Usage: vault2env --export [secret path]")
|
|
||||||
}
|
|
||||||
} else {
|
} else {
|
||||||
if len(rconfig.Args()) < 3 {
|
log.Fatalf("Unable to parse log level: %s", err)
|
||||||
log.Fatalf("[ERR] Usage: vault2env [secret path] [command]")
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if len(cfg.VaultKeys) == 0 || (len(cfg.VaultKeys) == 1 && cfg.VaultKeys[0] == "") {
|
||||||
|
log.Fatalf("[ERR] You need to specify at least one --key to read")
|
||||||
|
}
|
||||||
|
|
||||||
|
if !cfg.Export && len(rconfig.Args()) == 1 {
|
||||||
|
log.Fatalf("[ERR] Usage: vault2env [command]")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -102,14 +108,15 @@ func main() {
|
||||||
}, "\n"))
|
}, "\n"))
|
||||||
}
|
}
|
||||||
|
|
||||||
data, err := client.Logical().Read(rconfig.Args()[1])
|
envData := map[string]string{}
|
||||||
if err != nil {
|
|
||||||
log.Fatalf("Unable to fetch data: %s", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
transformMap := env.ListToMap(cfg.Transform)
|
transformMap := env.ListToMap(cfg.Transform)
|
||||||
|
|
||||||
envData := map[string]string{}
|
for _, vaultKey := range cfg.VaultKeys {
|
||||||
|
data, err := client.Logical().Read(vaultKey)
|
||||||
|
if err != nil {
|
||||||
|
log.Errorf("Unable to fetch data: %s", err)
|
||||||
|
}
|
||||||
|
|
||||||
for k, v := range data.Data {
|
for k, v := range data.Data {
|
||||||
key := k
|
key := k
|
||||||
if newKey, ok := transformMap[key]; ok {
|
if newKey, ok := transformMap[key]; ok {
|
||||||
|
@ -117,6 +124,11 @@ func main() {
|
||||||
}
|
}
|
||||||
envData[key] = v.(string)
|
envData[key] = v.(string)
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(envData) == 0 {
|
||||||
|
log.Fatalf("No environment data could be extracted")
|
||||||
|
}
|
||||||
|
|
||||||
if cfg.Export {
|
if cfg.Export {
|
||||||
for k, v := range envData {
|
for k, v := range envData {
|
||||||
|
@ -132,7 +144,7 @@ func main() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
cmd := exec.Command(rconfig.Args()[2], rconfig.Args()[3:]...)
|
cmd := exec.Command(rconfig.Args()[1], rconfig.Args()[2:]...)
|
||||||
cmd.Stdout = os.Stdout
|
cmd.Stdout = os.Stdout
|
||||||
cmd.Stderr = os.Stderr
|
cmd.Stderr = os.Stderr
|
||||||
cmd.Stdin = os.Stdin
|
cmd.Stdin = os.Stdin
|
||||||
|
|
Loading…
Reference in a new issue