2016-09-01 18:02:19 +00:00
|
|
|
package fingerprint
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"log"
|
|
|
|
"strconv"
|
|
|
|
"strings"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
client "github.com/hashicorp/nomad/client/config"
|
|
|
|
"github.com/hashicorp/nomad/nomad/structs"
|
|
|
|
vapi "github.com/hashicorp/vault/api"
|
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
|
|
|
vaultAvailable = "available"
|
|
|
|
vaultUnavailable = "unavailable"
|
|
|
|
)
|
|
|
|
|
2016-09-01 20:38:31 +00:00
|
|
|
// VaultFingerprint is used to fingerprint for Vault
|
2016-09-01 18:02:19 +00:00
|
|
|
type VaultFingerprint struct {
|
|
|
|
logger *log.Logger
|
|
|
|
client *vapi.Client
|
|
|
|
lastState string
|
|
|
|
}
|
|
|
|
|
|
|
|
// NewVaultFingerprint is used to create a Vault fingerprint
|
|
|
|
func NewVaultFingerprint(logger *log.Logger) Fingerprint {
|
|
|
|
return &VaultFingerprint{logger: logger, lastState: vaultUnavailable}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (f *VaultFingerprint) Fingerprint(config *client.Config, node *structs.Node) (bool, error) {
|
2016-10-11 01:04:39 +00:00
|
|
|
if config.VaultConfig == nil || !config.VaultConfig.IsEnabled() {
|
2016-09-01 18:02:19 +00:00
|
|
|
return false, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Only create the client once to avoid creating too many connections to
|
|
|
|
// Vault.
|
|
|
|
if f.client == nil {
|
|
|
|
vaultConfig, err := config.VaultConfig.ApiConfig()
|
|
|
|
if err != nil {
|
|
|
|
return false, fmt.Errorf("Failed to initialize the Vault client config: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
f.client, err = vapi.NewClient(vaultConfig)
|
|
|
|
if err != nil {
|
|
|
|
return false, fmt.Errorf("Failed to initialize Vault client: %s", err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Connect to vault and parse its information
|
|
|
|
status, err := f.client.Sys().SealStatus()
|
|
|
|
if err != nil {
|
|
|
|
// Clear any attributes set by a previous fingerprint.
|
|
|
|
f.clearVaultAttributes(node)
|
|
|
|
|
|
|
|
// Print a message indicating that Vault is not available anymore
|
|
|
|
if f.lastState == vaultAvailable {
|
2016-09-01 20:38:31 +00:00
|
|
|
f.logger.Printf("[INFO] fingerprint.vault: Vault is unavailable")
|
2016-09-01 18:02:19 +00:00
|
|
|
}
|
|
|
|
f.lastState = vaultUnavailable
|
|
|
|
return false, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
node.Attributes["vault.accessible"] = strconv.FormatBool(true)
|
2017-09-26 22:26:33 +00:00
|
|
|
// We strip the Vault prefix because < 0.6.2 the version looks like:
|
2016-09-01 18:02:19 +00:00
|
|
|
// status.Version = "Vault v0.6.1"
|
|
|
|
node.Attributes["vault.version"] = strings.TrimPrefix(status.Version, "Vault ")
|
|
|
|
node.Attributes["vault.cluster_id"] = status.ClusterID
|
|
|
|
node.Attributes["vault.cluster_name"] = status.ClusterName
|
|
|
|
|
|
|
|
// If Vault was previously unavailable print a message to indicate the Agent
|
|
|
|
// is available now
|
|
|
|
if f.lastState == vaultUnavailable {
|
|
|
|
f.logger.Printf("[INFO] fingerprint.vault: Vault is available")
|
|
|
|
}
|
|
|
|
f.lastState = vaultAvailable
|
|
|
|
return true, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (f *VaultFingerprint) clearVaultAttributes(n *structs.Node) {
|
|
|
|
delete(n.Attributes, "vault.accessible")
|
|
|
|
delete(n.Attributes, "vault.version")
|
|
|
|
delete(n.Attributes, "vault.cluster_id")
|
|
|
|
delete(n.Attributes, "vault.cluster_name")
|
|
|
|
}
|
|
|
|
|
|
|
|
func (f *VaultFingerprint) Periodic() (bool, time.Duration) {
|
|
|
|
return true, 15 * time.Second
|
|
|
|
}
|