luxolus
/
open-nomad
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

Read from env

This commit is contained in:
Alex Dadgar 2016-11-01 12:37:27 -07:00
parent caa8aeef07
commit 1156c79e1b
2 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
command/agent/command.go
View File

@ -272,6 +272,13 @@ func (c *Command) readConfig() *Config {
c.Ui.Error("WARNING: Bootstrap mode enabled! Potentially unsafe operation.") c.Ui.Error("WARNING: Bootstrap mode enabled! Potentially unsafe operation.")
} }
// Check to see if we should read the Vault token from the environment
if config.Vault.Token == "" {
if token, ok := os.LookupEnv("VAULT_TOKEN"); ok {
config.Vault.Token = token
}
}
return config return config
} }
@ -918,7 +925,8 @@ Vault Options:
-vault-token=<token> -vault-token=<token>
The Vault token used to derive tokens from Vault on behalf of clients. The Vault token used to derive tokens from Vault on behalf of clients.
This only needs to be set on Servers. This only needs to be set on Servers. Overrides the Vault token read from
the VAULT_TOKEN environment variable.
-vault-allow-unauthenticated -vault-allow-unauthenticated
Whether to allow jobs to be sumbitted that request Vault Tokens but do not Whether to allow jobs to be sumbitted that request Vault Tokens but do not

7
website/source/docs/agent/config.html.md
View File

@ -333,7 +333,9 @@ integration and are entirely optional.
* `token`: Token is used by Servers to derive child token's for jobs * `token`: Token is used by Servers to derive child token's for jobs
requesting tokens. As such it does not need to be specified by the Client. requesting tokens. As such it does not need to be specified by the Client.
Visit the [Vault Integration](/docs/vault-integration/index.html) Visit the [Vault Integration](/docs/vault-integration/index.html)
documentation to see how to generate an appropriate token. documentation to see how to generate an appropriate token. The VAULT_TOKEN
environment variable is used when starting the agent. If a flag or
configuration specifies a value they take precedence.
* `allow_unauthenticated`: allows users to submit jobs requiring Vault tokens * `allow_unauthenticated`: allows users to submit jobs requiring Vault tokens
without providing a Vault token proving they have access to these policies. without providing a Vault token proving they have access to these policies.
@ -662,7 +664,8 @@ via CLI arguments. The `agent` command accepts the following arguments:
* `-vault-enabled`: Whether to enable or disabled Vault integration. * `-vault-enabled`: Whether to enable or disabled Vault integration.
* `-vault-address=<addr>`: The address to communicate with Vault. * `-vault-address=<addr>`: The address to communicate with Vault.
* `-vault-token=<token>`: The Vault token used to derive tokens. Only needs to * `-vault-token=<token>`: The Vault token used to derive tokens. Only needs to
be set on Servers. be set on Servers. Overrides the Vault token read from the VAULT_TOKEN
environment variable.
* `-vault-ca-file=<path>`: Path to a PEM-encoded CA cert file used to verify the * `-vault-ca-file=<path>`: Path to a PEM-encoded CA cert file used to verify the
Vault server SSL certificate. Vault server SSL certificate.
* `-vault-ca-path=<path>`: Path to a directory of PEM-encoded CA cert files used * `-vault-ca-path=<path>`: Path to a directory of PEM-encoded CA cert files used