Merge pull request #1931 from hashicorp/rename-vault-config

Rename vault config
This commit is contained in:
Diptanu Choudhury 2016-11-06 10:14:25 -08:00 committed by GitHub
commit 15f085a4d7
4 changed files with 26 additions and 24 deletions

View file

@ -115,10 +115,10 @@ vault {
task_token_ttl = "1s"
enabled = false
token = "12345"
tls_ca_file = "/path/to/ca/file"
tls_ca_path = "/path/to/ca"
tls_cert_file = "/path/to/cert/file"
tls_key_file = "/path/to/key/file"
ca_file = "/path/to/ca/file"
ca_path = "/path/to/ca"
cert_file = "/path/to/cert/file"
key_file = "/path/to/key/file"
tls_server_name = "foobar"
tls_skip_verify = true
}

View file

@ -704,10 +704,10 @@ func parseVaultConfig(result **config.VaultConfig, list *ast.ObjectList) error {
"allow_unauthenticated",
"enabled",
"task_token_ttl",
"tls_ca_file",
"tls_ca_path",
"tls_cert_file",
"tls_key_file",
"ca_file",
"ca_path",
"cert_file",
"key_file",
"tls_server_name",
"tls_skip_verify",
"token",

View file

@ -50,17 +50,17 @@ type VaultConfig struct {
// TLSCaFile is the path to a PEM-encoded CA cert file to use to verify the
// Vault server SSL certificate.
TLSCaFile string `mapstructure:"tls_ca_file"`
TLSCaFile string `mapstructure:"ca_file"`
// TLSCaFile is the path to a directory of PEM-encoded CA cert files to
// verify the Vault server SSL certificate.
TLSCaPath string `mapstructure:"tls_ca_path"`
TLSCaPath string `mapstructure:"ca_path"`
// TLSCertFile is the path to the certificate for Vault communication
TLSCertFile string `mapstructure:"tls_cert_file"`
TLSCertFile string `mapstructure:"cert_file"`
// TLSKeyFile is the path to the private key for Vault communication
TLSKeyFile string `mapstructure:"tls_key_file"`
TLSKeyFile string `mapstructure:"key_file"`
// TLSSkipVerify enables or disables SSL verification
TLSSkipVerify *bool `mapstructure:"tls_skip_verify"`
@ -75,6 +75,9 @@ func DefaultVaultConfig() *VaultConfig {
return &VaultConfig{
Addr: "https://vault.service.consul:8200",
ConnectionRetryIntv: DefaultVaultConnectRetryIntv,
AllowUnauthenticated: func(b bool) *bool {
return &b
}(true),
}
}

View file

@ -39,11 +39,10 @@ vault {
given in the format `protocol://host:port`. If your Vault installation is
behind a load balancer, this should be the address of the load balancer.
- `allow_unauthenticated` `(bool: false)` - Specifies if users submitting jobs
to the Nomad server should be required to provide their own Vault token,
proving they have access to the policies listed in the job. This option should
only ever be enabled in a trusted environment, because, if enabled, users
could escalate privilege in a job.
- `allow_unauthenticated` `(bool: true)` - Specifies if users submitting jobs to
the Nomad server should be required to provide their own Vault token, proving
they have access to the policies listed in the job. This option should be
disabled in an untrusted environment.
- `enabled` `(bool: false)` - Specifies if the Vault integration should be
activated.
@ -51,20 +50,20 @@ vault {
- `task_token_ttl` `(string: "")` - Specifies the TTL of created tokens when
using a root token. This is specified using a label suffix like "30s" or "1h".
- `tls_ca_file` `(string: "")` - Specifies an optional path to the CA
- `ca_file` `(string: "")` - Specifies an optional path to the CA
certificate used for Vault communication. If unspecified, this will fallback
to the default system CA bundle, which varies by OS and version.
- `tls_ca_path` `(string: "")` - Specifies an optional path to a folder
- `ca_path` `(string: "")` - Specifies an optional path to a folder
containing CA certificates to be used for Vault communication. If unspecified,
this will fallback to the default system CA bundle, which varies by OS and
version.
- `tls_cert_file` `(string: "")` - Specifies the path to the certificate used
- `cert_file` `(string: "")` - Specifies the path to the certificate used
for Vault communication. If this is set then you need to also set
`tls_key_file`.
- `tls_key_file` `(string: "")` - Specifies the path to the private key used for
- `key_file` `(string: "")` - Specifies the path to the private key used for
Vault communication. If this is set then you need to also set `tls_cert_file`.
- `tls_server_name` `(string: "")` - Specifies an optional string used to set
@ -112,9 +111,9 @@ Nomad and Vault:
```hcl
vault {
enabled = true
tls_ca_path = "/etc/certs/ca"
tls_cert_file = "/var/certs/vault.crt"
tls_key_file = "/var/certs/vault.key"
ca_path = "/etc/certs/ca"
cert_file = "/var/certs/vault.crt"
key_file = "/var/certs/vault.key"
tls_server_name = "nomad.service.consul"
}
```