From 0ec37c1987aba4d946d8667ecea3bf0c469cccdb Mon Sep 17 00:00:00 2001 From: Southclaws Date: Mon, 23 Mar 2020 15:14:51 +0000 Subject: [PATCH] resolve #24 --- main.go | 2 ++ service/service.go | 62 ++++++++++++++++++++++++++++++++++++---------- 2 files changed, 51 insertions(+), 13 deletions(-) diff --git a/main.go b/main.go index 5e96276..0de84fa 100644 --- a/main.go +++ b/main.go @@ -49,6 +49,7 @@ this repository has new commits, Pico will automatically reconfigure.`, cli.StringFlag{Name: "vault-token", EnvVar: "VAULT_TOKEN"}, cli.StringFlag{Name: "vault-path", EnvVar: "VAULT_PATH", Value: "/secret"}, cli.DurationFlag{Name: "vault-renew-interval", EnvVar: "VAULT_RENEW_INTERVAL", Value: time.Hour * 24}, + cli.StringFlag{Name: "vault-config-path", EnvVar: "VAULT_CONFIG_PATH", Value: "pico"}, }, Action: func(c *cli.Context) (err error) { if !c.Args().Present() { @@ -84,6 +85,7 @@ this repository has new commits, Pico will automatically reconfigure.`, VaultToken: c.String("vault-token"), VaultPath: c.String("vault-path"), VaultRenewal: c.Duration("vault-renew-interval"), + VaultConfig: c.String("vault-config-path"), }) if err != nil { return errors.Wrap(err, "failed to initialise") diff --git a/service/service.go b/service/service.go index 20b0f3e..2db7c54 100644 --- a/service/service.go +++ b/service/service.go @@ -35,6 +35,7 @@ type Config struct { VaultToken string VaultPath string VaultRenewal time.Duration + VaultConfig string } // App stores application state @@ -52,19 +53,6 @@ func Initialise(c Config) (app *App, err error) { app.config = c - var authMethod transport.AuthMethod - if c.SSH { - authMethod, err = ssh.NewSSHAgentAuth("git") - if err != nil { - return nil, errors.Wrap(err, "failed to set up SSH authentication") - } - } else if c.Target.User != "" { - authMethod = &http.BasicAuth{ - Username: c.Target.User, - Password: c.Target.Pass, - } - } - var secretStore secret.Store if c.VaultAddress != "" { zap.L().Debug("connecting to vault", @@ -83,6 +71,18 @@ func Initialise(c Config) (app *App, err error) { } } + secretConfig, err := secretStore.GetSecretsForTarget(c.VaultConfig) + if err != nil { + zap.L().Info("could not read additional config from vault", zap.String("path", c.VaultConfig)) + err = nil + } + zap.L().Debug("read configuration secrets from secret store", zap.Strings("keys", getKeys(secretConfig))) + + authMethod, err := getAuthMethod(c, secretConfig) + if err != nil { + return nil, errors.Wrap(err, "failed to create an authentication method from the given config") + } + app.secrets = secretStore app.bus = make(chan task.ExecutionTask, 100) @@ -143,3 +143,39 @@ func (app *App) Start(ctx context.Context) error { return g.Wait() } + +func getAuthMethod(c Config, secretConfig map[string]string) (transport.AuthMethod, error) { + if c.SSH { + authMethod, err := ssh.NewSSHAgentAuth("git") + if err != nil { + return nil, errors.Wrap(err, "failed to set up SSH authentication") + } + return authMethod, nil + } + + if c.Target.User != "" && c.Target.Pass != "" { + return &http.BasicAuth{ + Username: c.Target.User, + Password: c.Target.Pass, + }, nil + } + + user, userok := secretConfig["GIT_USERNAME"] + pass, passok := secretConfig["GIT_PASSWORD"] + if userok && passok { + return &http.BasicAuth{ + Username: user, + Password: pass, + }, nil + } + + return nil, nil +} + +func getKeys(m map[string]string) []string { + keys := make([]string, 0, len(m)) + for k := range m { + keys = append(keys, k) + } + return keys +}