Commit Vault Accessors to vault and return the response
This commit is contained in:
Alex Dadgar
parent
901000f789
commit
10cd844ca8
|
|
@ -922,9 +922,9 @@ func (n *Node) DeriveVaultToken(args *structs.DeriveVaultTokenRequest,
|
|||
if node == nil {
|
||||
return fmt.Errorf("Node %q does not exist", args.NodeID)
|
||||
}
|
||||
//if node.SecretID != args.SecretID {
|
||||
//return fmt.Errorf("SecretID mismatch")
|
||||
//}
|
||||
if node.SecretID != args.SecretID {
|
||||
return fmt.Errorf("SecretID mismatch")
|
||||
}
|
||||
|
||||
alloc, err := snap.AllocByID(args.AllocID)
|
||||
if err != nil {
|
||||
|
|
@ -1007,6 +1007,41 @@ func (n *Node) DeriveVaultToken(args *structs.DeriveVaultTokenRequest,
|
|||
|
||||
// Wait for everything to complete or for an error
|
||||
err = g.Wait()
|
||||
if err != nil {
|
||||
// TODO Revoke any created token
|
||||
return err
|
||||
}
|
||||
|
||||
// Commit to Raft before returning any of the tokens
|
||||
accessors := make([]*structs.VaultAccessor, 0, len(results))
|
||||
tokens := make(map[string]string, len(results))
|
||||
for task, secret := range results {
|
||||
w := secret.WrapInfo
|
||||
if w == nil {
|
||||
return fmt.Errorf("Vault returned Secret without WrapInfo")
|
||||
}
|
||||
|
||||
tokens[task] = w.Token
|
||||
accessor := &structs.VaultAccessor{
|
||||
Accessor: w.WrappedAccessor,
|
||||
Task: task,
|
||||
NodeID: alloc.NodeID,
|
||||
AllocID: alloc.ID,
|
||||
CreationTTL: w.TTL,
|
||||
}
|
||||
|
||||
accessors = append(accessors, accessor)
|
||||
}
|
||||
|
||||
req := structs.VaultAccessorRegisterRequest{Accessors: accessors}
|
||||
_, index, err := n.srv.raftApply(structs.VaultAccessorRegisterRequestType, &req)
|
||||
if err != nil {
|
||||
n.srv.logger.Printf("[ERR] nomad.client: Register Vault accessors failed: %v", err)
|
||||
return err
|
||||
}
|
||||
|
||||
reply.Index = index
|
||||
reply.Tasks = tokens
|
||||
n.srv.setQueryMeta(&reply.QueryMeta)
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -377,7 +377,7 @@ type VaultAccessor struct {
|
|||
Task string
|
||||
NodeID string
|
||||
Accessor string
|
||||
CreationTTL int64
|
||||
CreationTTL int
|
||||
|
||||
// Raft Indexes
|
||||
CreateIndex uint64
|
||||
|
|
@ -385,6 +385,7 @@ type VaultAccessor struct {
|
|||
|
||||
// DeriveVaultTokenResponse returns the wrapped tokens for each requested task
|
||||
type DeriveVaultTokenResponse struct {
|
||||
// Tasks is a mapping between the task name and the wrapped token
|
||||
Tasks map[string]string
|
||||
QueryMeta
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue