Working with current vault !

cloudwatt · Jan 2, 2017 · ae07077 · ae07077
1 parent e3e9da8
commit ae07077
Show file tree

Hide file tree

Showing 3 changed files with 61 additions and 2 deletions.
diff --git a/cmd/app.go b/cmd/app.go
@@ -34,7 +34,6 @@ func newVaultCtl() *cli.App {
 	app.Commands = []cli.Command{
 		newSyncCommand(),
 		newTransitCommand(),
-		newKubeCommand(),
 	}
 
 	return app

diff --git a/cmd/util.go b/cmd/util.go
@@ -20,6 +20,9 @@ import (
 
 	"github.com/fcantournet/vault-sync/pkg/api"
 	"github.com/fcantournet/vault-sync/pkg/utils"
+	"github.com/fcantournet/vault-sync/pkg/vault"
+
+	"github.com/codegangsta/cli"
 )
 
 // parseConfigFiles parses the configuration files and extracts the resources
@@ -41,3 +44,31 @@ func parseConfigFiles(files []string) (*resources, error) {
 
 	return r, nil
 }
+
+// getVaultClient retrieves a vault client for use
+func getVaultClient(cx *cli.Context) (*vault.Client, error) {
+	host := cx.GlobalString("vault-addr")
+	username := cx.GlobalString("vault-username")
+	password := cx.GlobalString("vault-password")
+	token := cx.GlobalString("vault-token")
+	creds := cx.GlobalString("credentials")
+
+	// step: validate we have the requirements
+	if creds != "" {
+		if !utils.IsFile(creds) {
+			printUsage("the vault credentials file does not exist")
+		}
+	} else if token == "" {
+		if username == "" || password == "" {
+			return nil, fmt.Errorf("you need to specify a username and password if no token")
+		}
+	}
+
+	// step: create a vault client
+	client, err := vault.New(host, username, password, creds, token)
+	if err != nil {
+		return nil, err
+	}
+
+	return client, nil
+}
diff --git a/tests/config.yml b/tests/config.yml
@@ -1,5 +1,14 @@
 
 auths:
+- path: token
+  type: token
+  attributes:
+  - uri: roles/applications
+    allowed_policies: ""
+    disallowed_policies: "admin"
+    orphan: true
+    period: 1h
+    path_suffix: jan2017
 - path: userpass
   type: userpass
 - path: extra/userpass
@@ -8,7 +17,27 @@ auths:
   type: github
   attributes:
   - uri: config
-    organization: UKHomeOffice
+    organization: Cloudwatt
+- path: ldap
+  type: ldap
+  attributes:
+  - uri: config
+    binddn: "uid=vault,ou=users,dc=infra,dc=cloudwatt,dc=net"
+    bindpass: "youplaboum"
+    certificate: ""
+    deny_null_bind: true
+    discoverdn: false
+    groupattr: "cn"
+    groupdn: "ou=applications,dc=infra,dc=cloudwatt,dc=net"
+    groupfilter: "(uniqueMember={{.UserDN}})"
+    insecure_tls: true
+    starttls: false
+    tls_max_version: "tls12"
+    tls_min_version: "tls12"
+    upndomain: ""
+    url: "ldaps://ldap.int4.aub.cloudwatt.net:636"
+    userattr: "uid"
+    userdn: "ou=users,dc=infra,dc=cloudwatt,dc=net"
 
 users:
 - userpass: