Skip to content

Commit

Permalink
Supporting copy cmd and refactoring.
Browse files Browse the repository at this point in the history
  • Loading branch information
Otávio Fernandes committed Apr 7, 2019
1 parent 263093d commit 79fc724
Show file tree
Hide file tree
Showing 3 changed files with 104 additions and 28 deletions.
56 changes: 56 additions & 0 deletions cmd/vault-handler/copy.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
package main

import (
"os"

vh "github.com/otaviof/vault-handler/pkg/vault-handler"
log "github.com/sirupsen/logrus"
"github.com/spf13/cobra"
"github.com/spf13/viper"
)

var copyCmd = &cobra.Command{
Use: "copy [manifest-files]",
Run: runCopyCmd,
Short: `Copy secrets from Vault to Kubernetes, based in manifest`,
Long: `# vault-handler copy
Copy secrets from Vault into Kubernetes, following the manifest. If the secret is already present in
Kubernetes it will be updated, if different than in Vault.
The manifest file defines which type of secret will be created in Kubernetes, and based in the Secret
type, certain keys will be mandatory, so be aware about setting up mandatory items.
`,
}

func runCopyCmd(cmd *cobra.Command, args []string) {
logger := log.WithField("cmd", "copy")
logger.Info("Starting copy")

h := bootstrap()
if err := config.ValidateKubernetes(); err != nil {
log.Fatalf("[ERROR] On validating parameters: '%s'", err)
}

loopManifests(logger, args, func(logger *log.Entry, m *vh.Manifest) {
if err := h.Copy(m); err != nil {
logger.Fatalf("On realization of manifest: '%s'", err)
os.Exit(1)
}
})
}

func init() {
flags := copyCmd.PersistentFlags()

flags.String("context", "", "Kubernetes context")
flags.String("namespace", "", "Kubernetes namespace")
flags.String("kube-config", "", "Kubernetes '~/.kube/config' alternative path")
flags.Bool("in-cluster", false, "Peek is running inside Kubernetes")

rootCmd.AddCommand(copyCmd)

if err := viper.BindPFlags(flags); err != nil {
log.Panic(err)
}
}
20 changes: 5 additions & 15 deletions cmd/vault-handler/download.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ package main
import (
"os"

vaulthandler "github.com/otaviof/vault-handler/pkg/vault-handler"
vh "github.com/otaviof/vault-handler/pkg/vault-handler"
log "github.com/sirupsen/logrus"
"github.com/spf13/cobra"
"github.com/spf13/viper"
Expand All @@ -22,27 +22,17 @@ output location is informed by "--output-dir" parameter.

// runDownloadCmd execute the download of secrets from Vault.
func runDownloadCmd(cmd *cobra.Command, args []string) {
var manifest *vaulthandler.Manifest
var err error

logger := log.WithField("cmd", "download")
logger.Info("Starting download")

handler := bootstrap()

for _, manifestFile := range args {
logger = logger.WithField("manifest", manifestFile)
logger.Info("Handling manifest definitions")
h := bootstrap()

if manifest, err = vaulthandler.NewManifest(manifestFile); err != nil {
logger.Fatalf("On parsing manifest: '%s'", err)
os.Exit(1)
}
if err = handler.Download(manifest); err != nil {
loopManifests(logger, args, func(logger *log.Entry, m *vh.Manifest) {
if err := h.Download(m); err != nil {
logger.Fatalf("On realization of manifest: '%s'", err)
os.Exit(1)
}
}
})
}

func init() {
Expand Down
56 changes: 43 additions & 13 deletions cmd/vault-handler/vault_handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ import (
"os"
"strings"

vaulthandler "github.com/otaviof/vault-handler/pkg/vault-handler"
vh "github.com/otaviof/vault-handler/pkg/vault-handler"
log "github.com/sirupsen/logrus"
"github.com/spf13/cobra"
"github.com/spf13/viper"
Expand Down Expand Up @@ -35,55 +35,65 @@ YAML based manifest files are the last argument in "vault-handler" command-line.
layout of files in the file-system, and will drive the reflection of this data in Vault. Please
consider the GitHub project page for manifest documentation:
https://github.com/otaviof/vault-handler
https://github.com/otaviof/vault-handler
## Example
First you may want to export configuration in the environment:
$ export VAULT_HANDLER_VAULT_ADDR="http://127.0.0.1:8200"
$ export VAULT_HANDLER_VAULT_ROLE_ID="role-id"
$ export VAULT_HANDLER_VAULT_SECRET_ID="secret-id"
$ export VAULT_HANDLER_VAULT_ADDR="http://127.0.0.1:8200"
$ export VAULT_HANDLER_VAULT_ROLE_ID="role-id"
$ export VAULT_HANDLER_VAULT_SECRET_ID="secret-id"
And later call "vault-handler" with additional arguments, and the manifest files:
$ vault-handler upload --input-dir /var/tmp --dry-run /path/to/manifest.yaml
$ vault-handler download --output-dir /tmp --dry-run /path/to/manifest.yaml
$ vault-handler upload --input-dir /var/tmp --dry-run /path/to/manifest.yaml
$ vault-handler download --output-dir /tmp --dry-run /path/to/manifest.yaml
## Command-Line
`,
}

var config *vh.Config // global configuration instance

// actOnManifest method to be called per manifest instance
type actOnManifest func(logger *log.Entry, m *vh.Manifest)

// configFromEnv creates a configuration object using Viper, which brings overwritten values from
// environment variables.
func configFromEnv() *vaulthandler.Config {
return &vaulthandler.Config{
func configFromEnv() *vh.Config {
return &vh.Config{
DryRun: viper.GetBool("dry-run"),
OutputDir: viper.GetString("output-dir"),
InputDir: viper.GetString("input-dir"),
VaultAddr: viper.GetString("vault-addr"),
VaultToken: viper.GetString("vault-token"),
VaultRoleID: viper.GetString("vault-role-id"),
VaultSecretID: viper.GetString("vault-secret-id"),
InCluster: viper.GetBool("in-cluster"),
Context: viper.GetString("context"),
Namespace: viper.GetString("namespace"),
KubeConfig: viper.GetString("kube-config"),
}
}

// bootstrap creates connection with vault, by instantiating Handler.
func bootstrap() *vaulthandler.Handler {
func bootstrap() *vh.Handler {
var level log.Level
var handler *vaulthandler.Handler
var handler *vh.Handler
var err error

if level, err = log.ParseLevel(viper.GetString("log-level")); err != nil {
log.Fatalf("[ERROR] On parsing log-level: '%s'", err)
}
log.SetLevel(level)

config := configFromEnv()
config = configFromEnv()

if err = config.Validate(); err != nil {
log.Fatalf("[ERROR] On validating parameters: '%s'", err)
}
if handler, err = vaulthandler.NewHandler(config); err != nil {
if handler, err = vh.NewHandler(config); err != nil {
log.Fatalf("[ERROR] On instantiating Vault-API: '%s'", err)
}
if err = handler.Authenticate(); err != nil {
Expand All @@ -93,6 +103,26 @@ func bootstrap() *vaulthandler.Handler {
return handler
}

// loopManifests loop args and tranform them in manifest instances, yielding informed func.
func loopManifests(logger *log.Entry, args []string, fn actOnManifest) error {
var m *vh.Manifest
var err error

for _, manifestFile := range args {
logger = logger.WithField("manifest", manifestFile)
logger.Info("Handling manifest definitions")

if m, err = vh.NewManifest(manifestFile); err != nil {
logger.Fatalf("On parsing manifest: '%s'", err)
os.Exit(1)
}

fn(logger, m)
}

return nil
}

// init command-line flags and configuration coming from environment.
func init() {
var err error
Expand Down

0 comments on commit 79fc724

Please sign in to comment.