Address field name feedback

2016-08-12 21:59:31 -07:00 · 2016-08-12 21:59:31 -07:00 · 4135b4ece7
parent bd0a89bdae
commit 4135b4ece7
5 changed files with 20 additions and 32 deletions
--- a/command/agent/config-test-fixtures/basic.hcl
+++ b/command/agent/config-test-fixtures/basic.hcl
@ -110,14 +110,13 @@ consul {
 vault {
    address = "127.0.0.1:9500"
    allow_unauthenticated = true
-    child_token_ttl = "1s"
+    task_token_ttl = "1s"
    enabled = false
-    periodic_token = "12345"
+    token = "12345"
    tls_ca_file = "/path/to/ca/file"
    tls_ca_path = "/path/to/ca"
    tls_cert_file = "/path/to/cert/file"
    tls_key_file = "/path/to/key/file"
    tls_server_name = "foobar"
    tls_skip_verify = true
-    token_role_name = "roleFoo"
 }
--- a/command/agent/config_parse.go
+++ b/command/agent/config_parse.go
@ -655,16 +655,15 @@ func parseVaultConfig(result **config.VaultConfig, list *ast.ObjectList) error {
 	valid := []string{
 		"address",
 		"allow_unauthenticated",
-		"child_token_ttl",
 		"enabled",
-		"periodic_token",
+		"task_token_ttl",
 		"tls_ca_file",
 		"tls_ca_path",
 		"tls_cert_file",
 		"tls_key_file",
 		"tls_server_name",
 		"tls_skip_verify",
-		"token_role_name",
+		"token",
 	}

 	if err := checkHCLKeys(listVal, valid); err != nil {
--- a/command/agent/config_parse_test.go
+++ b/command/agent/config_parse_test.go
@ -125,16 +125,15 @@ func TestConfig_Parse(t *testing.T) {
 				Vault: &config.VaultConfig{
 					Addr:                 "127.0.0.1:9500",
 					AllowUnauthenticated: true,
-					ChildTokenTTL:        "1s",
 					Enabled:              false,
-					PeriodicToken:        "12345",
 					TLSCaFile:            "/path/to/ca/file",
 					TLSCaPath:            "/path/to/ca",
 					TLSCertFile:          "/path/to/cert/file",
 					TLSKeyFile:           "/path/to/key/file",
 					TLSServerName:        "foobar",
 					TLSSkipVerify:        true,
-					TokenRoleName:        "roleFoo",
+					TaskTokenTTL:         "1s",
+					Token:                "12345",
 				},
 				HTTPAPIResponseHeaders: map[string]string{
 					"Access-Control-Allow-Origin": "*",
--- a/command/agent/config_test.go
+++ b/command/agent/config_test.go
@ -96,10 +96,9 @@ func TestConfig_Merge(t *testing.T) {
 			"Access-Control-Allow-Origin": "*",
 		},
 		Vault: &config.VaultConfig{
-			TokenRoleName:        "1",
-			PeriodicToken:        "1",
+			Token:                "1",
 			AllowUnauthenticated: false,
-			ChildTokenTTL:        "1",
+			TaskTokenTTL:         "1",
 			Addr:                 "1",
 			TLSCaFile:            "1",
 			TLSCaPath:            "1",
@ -223,10 +222,9 @@ func TestConfig_Merge(t *testing.T) {
 			"Access-Control-Allow-Methods": "GET, POST, OPTIONS",
 		},
 		Vault: &config.VaultConfig{
-			TokenRoleName:        "2",
-			PeriodicToken:        "2",
+			Token:                "2",
 			AllowUnauthenticated: true,
-			ChildTokenTTL:        "2",
+			TaskTokenTTL:         "2",
 			Addr:                 "2",
 			TLSCaFile:            "2",
 			TLSCaPath:            "2",
--- a/nomad/structs/config/vault.go
+++ b/nomad/structs/config/vault.go
@ -15,24 +15,20 @@ type VaultConfig struct {
 	// Enabled enables or disables Vault support.
 	Enabled bool `mapstructure:"enabled"`

-	// TokenRoleName is the Vault role in which Nomad will derive child tokens using
-	// /auth/token/create/[token_role_name]
-	TokenRoleName string `mapstructure:"token_role_name"`
-
-	// PeriodicToken is the periodic Vault token given to Nomad such that it can
-	// derive child tokens. The PeriodicToken should be created from the passed
-	// TokenRoleName. Nomad will renew this token at half its lease lifetime.
-	PeriodicToken string `mapstructure:"periodic_token"`
+	// Token is the Vault token given to Nomad such that it can
+	// derive child tokens. Nomad will renew this token at half its lease
+	// lifetime.
+	Token string `mapstructure:"token"`

 	// AllowUnauthenticated allows users to submit jobs requiring Vault tokens
 	// without providing a Vault token proving they have access to these
 	// policies.
 	AllowUnauthenticated bool `mapstructure:"allow_unauthenticated"`

-	// ChildTokenTTL is the TTL of the tokens created by Nomad Servers and used
+	// TaskTokenTTL is the TTL of the tokens created by Nomad Servers and used
 	// by the client.  There should be a minimum time value such that the client
 	// does not have to renew with Vault at a very high frequency
-	ChildTokenTTL string `mapstructure:"child_token_ttl"`
+	TaskTokenTTL string `mapstructure:"task_token_ttl"`

 	// Addr is the address of the local Vault agent
 	Addr string `mapstructure:"address"`
@ -72,14 +68,11 @@ func DefaultVaultConfig() *VaultConfig {
 func (a *VaultConfig) Merge(b *VaultConfig) *VaultConfig {
 	result := *a

-	if b.TokenRoleName != "" {
-		result.TokenRoleName = b.TokenRoleName
+	if b.Token != "" {
+		result.Token = b.Token
 	}
-	if b.PeriodicToken != "" {
-		result.PeriodicToken = b.PeriodicToken
-	}
-	if b.ChildTokenTTL != "" {
-		result.ChildTokenTTL = b.ChildTokenTTL
+	if b.TaskTokenTTL != "" {
+		result.TaskTokenTTL = b.TaskTokenTTL
 	}
 	if b.Addr != "" {
 		result.Addr = b.Addr