From 4135b4ece719628b4b2d0c968cf976fd38a969e8 Mon Sep 17 00:00:00 2001 From: Alex Dadgar Date: Fri, 12 Aug 2016 21:59:31 -0700 Subject: [PATCH] Address field name feedback --- command/agent/config-test-fixtures/basic.hcl | 5 ++-- command/agent/config_parse.go | 5 ++-- command/agent/config_parse_test.go | 5 ++-- command/agent/config_test.go | 10 +++----- nomad/structs/config/vault.go | 27 ++++++++------------ 5 files changed, 20 insertions(+), 32 deletions(-) diff --git a/command/agent/config-test-fixtures/basic.hcl b/command/agent/config-test-fixtures/basic.hcl index a36f88014..62a2992a2 100644 --- a/command/agent/config-test-fixtures/basic.hcl +++ b/command/agent/config-test-fixtures/basic.hcl @@ -110,14 +110,13 @@ consul { vault { address = "127.0.0.1:9500" allow_unauthenticated = true - child_token_ttl = "1s" + task_token_ttl = "1s" enabled = false - periodic_token = "12345" + token = "12345" tls_ca_file = "/path/to/ca/file" tls_ca_path = "/path/to/ca" tls_cert_file = "/path/to/cert/file" tls_key_file = "/path/to/key/file" tls_server_name = "foobar" tls_skip_verify = true - token_role_name = "roleFoo" } diff --git a/command/agent/config_parse.go b/command/agent/config_parse.go index 833434b88..fbc3a2322 100644 --- a/command/agent/config_parse.go +++ b/command/agent/config_parse.go @@ -655,16 +655,15 @@ func parseVaultConfig(result **config.VaultConfig, list *ast.ObjectList) error { valid := []string{ "address", "allow_unauthenticated", - "child_token_ttl", "enabled", - "periodic_token", + "task_token_ttl", "tls_ca_file", "tls_ca_path", "tls_cert_file", "tls_key_file", "tls_server_name", "tls_skip_verify", - "token_role_name", + "token", } if err := checkHCLKeys(listVal, valid); err != nil { diff --git a/command/agent/config_parse_test.go b/command/agent/config_parse_test.go index b29051e4d..1809fffee 100644 --- a/command/agent/config_parse_test.go +++ b/command/agent/config_parse_test.go @@ -125,16 +125,15 @@ func TestConfig_Parse(t *testing.T) { Vault: &config.VaultConfig{ Addr: "127.0.0.1:9500", AllowUnauthenticated: true, - ChildTokenTTL: "1s", Enabled: false, - PeriodicToken: "12345", TLSCaFile: "/path/to/ca/file", TLSCaPath: "/path/to/ca", TLSCertFile: "/path/to/cert/file", TLSKeyFile: "/path/to/key/file", TLSServerName: "foobar", TLSSkipVerify: true, - TokenRoleName: "roleFoo", + TaskTokenTTL: "1s", + Token: "12345", }, HTTPAPIResponseHeaders: map[string]string{ "Access-Control-Allow-Origin": "*", diff --git a/command/agent/config_test.go b/command/agent/config_test.go index bd0aa70e7..18aefb8b6 100644 --- a/command/agent/config_test.go +++ b/command/agent/config_test.go @@ -96,10 +96,9 @@ func TestConfig_Merge(t *testing.T) { "Access-Control-Allow-Origin": "*", }, Vault: &config.VaultConfig{ - TokenRoleName: "1", - PeriodicToken: "1", + Token: "1", AllowUnauthenticated: false, - ChildTokenTTL: "1", + TaskTokenTTL: "1", Addr: "1", TLSCaFile: "1", TLSCaPath: "1", @@ -223,10 +222,9 @@ func TestConfig_Merge(t *testing.T) { "Access-Control-Allow-Methods": "GET, POST, OPTIONS", }, Vault: &config.VaultConfig{ - TokenRoleName: "2", - PeriodicToken: "2", + Token: "2", AllowUnauthenticated: true, - ChildTokenTTL: "2", + TaskTokenTTL: "2", Addr: "2", TLSCaFile: "2", TLSCaPath: "2", diff --git a/nomad/structs/config/vault.go b/nomad/structs/config/vault.go index b12f7ab6d..b149c14a7 100644 --- a/nomad/structs/config/vault.go +++ b/nomad/structs/config/vault.go @@ -15,24 +15,20 @@ type VaultConfig struct { // Enabled enables or disables Vault support. Enabled bool `mapstructure:"enabled"` - // TokenRoleName is the Vault role in which Nomad will derive child tokens using - // /auth/token/create/[token_role_name] - TokenRoleName string `mapstructure:"token_role_name"` - - // PeriodicToken is the periodic Vault token given to Nomad such that it can - // derive child tokens. The PeriodicToken should be created from the passed - // TokenRoleName. Nomad will renew this token at half its lease lifetime. - PeriodicToken string `mapstructure:"periodic_token"` + // Token is the Vault token given to Nomad such that it can + // derive child tokens. Nomad will renew this token at half its lease + // lifetime. + Token string `mapstructure:"token"` // AllowUnauthenticated allows users to submit jobs requiring Vault tokens // without providing a Vault token proving they have access to these // policies. AllowUnauthenticated bool `mapstructure:"allow_unauthenticated"` - // ChildTokenTTL is the TTL of the tokens created by Nomad Servers and used + // TaskTokenTTL is the TTL of the tokens created by Nomad Servers and used // by the client. There should be a minimum time value such that the client // does not have to renew with Vault at a very high frequency - ChildTokenTTL string `mapstructure:"child_token_ttl"` + TaskTokenTTL string `mapstructure:"task_token_ttl"` // Addr is the address of the local Vault agent Addr string `mapstructure:"address"` @@ -72,14 +68,11 @@ func DefaultVaultConfig() *VaultConfig { func (a *VaultConfig) Merge(b *VaultConfig) *VaultConfig { result := *a - if b.TokenRoleName != "" { - result.TokenRoleName = b.TokenRoleName + if b.Token != "" { + result.Token = b.Token } - if b.PeriodicToken != "" { - result.PeriodicToken = b.PeriodicToken - } - if b.ChildTokenTTL != "" { - result.ChildTokenTTL = b.ChildTokenTTL + if b.TaskTokenTTL != "" { + result.TaskTokenTTL = b.TaskTokenTTL } if b.Addr != "" { result.Addr = b.Addr