Address field name feedback
This commit is contained in:
Alex Dadgar
parent
bd0a89bdae
commit
4135b4ece7
|
|
@ -110,14 +110,13 @@ consul {
|
||||||
vault {
|
vault {
|
||||||
address = "127.0.0.1:9500"
|
address = "127.0.0.1:9500"
|
||||||
allow_unauthenticated = true
|
allow_unauthenticated = true
|
||||||
child_token_ttl = "1s"
|
task_token_ttl = "1s"
|
||||||
enabled = false
|
enabled = false
|
||||||
periodic_token = "12345"
|
token = "12345"
|
||||||
tls_ca_file = "/path/to/ca/file"
|
tls_ca_file = "/path/to/ca/file"
|
||||||
tls_ca_path = "/path/to/ca"
|
tls_ca_path = "/path/to/ca"
|
||||||
tls_cert_file = "/path/to/cert/file"
|
tls_cert_file = "/path/to/cert/file"
|
||||||
tls_key_file = "/path/to/key/file"
|
tls_key_file = "/path/to/key/file"
|
||||||
tls_server_name = "foobar"
|
tls_server_name = "foobar"
|
||||||
tls_skip_verify = true
|
tls_skip_verify = true
|
||||||
token_role_name = "roleFoo"
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -655,16 +655,15 @@ func parseVaultConfig(result **config.VaultConfig, list *ast.ObjectList) error {
|
||||||
valid := []string{
|
valid := []string{
|
||||||
"address",
|
"address",
|
||||||
"allow_unauthenticated",
|
"allow_unauthenticated",
|
||||||
"child_token_ttl",
|
|
||||||
"enabled",
|
"enabled",
|
||||||
"periodic_token",
|
"task_token_ttl",
|
||||||
"tls_ca_file",
|
"tls_ca_file",
|
||||||
"tls_ca_path",
|
"tls_ca_path",
|
||||||
"tls_cert_file",
|
"tls_cert_file",
|
||||||
"tls_key_file",
|
"tls_key_file",
|
||||||
"tls_server_name",
|
"tls_server_name",
|
||||||
"tls_skip_verify",
|
"tls_skip_verify",
|
||||||
"token_role_name",
|
"token",
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := checkHCLKeys(listVal, valid); err != nil {
|
if err := checkHCLKeys(listVal, valid); err != nil {
|
||||||
|
|
|
||||||
|
|
@ -125,16 +125,15 @@ func TestConfig_Parse(t *testing.T) {
|
||||||
Vault: &config.VaultConfig{
|
Vault: &config.VaultConfig{
|
||||||
Addr: "127.0.0.1:9500",
|
Addr: "127.0.0.1:9500",
|
||||||
AllowUnauthenticated: true,
|
AllowUnauthenticated: true,
|
||||||
ChildTokenTTL: "1s",
|
|
||||||
Enabled: false,
|
Enabled: false,
|
||||||
PeriodicToken: "12345",
|
|
||||||
TLSCaFile: "/path/to/ca/file",
|
TLSCaFile: "/path/to/ca/file",
|
||||||
TLSCaPath: "/path/to/ca",
|
TLSCaPath: "/path/to/ca",
|
||||||
TLSCertFile: "/path/to/cert/file",
|
TLSCertFile: "/path/to/cert/file",
|
||||||
TLSKeyFile: "/path/to/key/file",
|
TLSKeyFile: "/path/to/key/file",
|
||||||
TLSServerName: "foobar",
|
TLSServerName: "foobar",
|
||||||
TLSSkipVerify: true,
|
TLSSkipVerify: true,
|
||||||
TokenRoleName: "roleFoo",
|
TaskTokenTTL: "1s",
|
||||||
|
Token: "12345",
|
||||||
},
|
},
|
||||||
HTTPAPIResponseHeaders: map[string]string{
|
HTTPAPIResponseHeaders: map[string]string{
|
||||||
"Access-Control-Allow-Origin": "*",
|
"Access-Control-Allow-Origin": "*",
|
||||||
|
|
|
||||||
|
|
@ -96,10 +96,9 @@ func TestConfig_Merge(t *testing.T) {
|
||||||
"Access-Control-Allow-Origin": "*",
|
"Access-Control-Allow-Origin": "*",
|
||||||
},
|
},
|
||||||
Vault: &config.VaultConfig{
|
Vault: &config.VaultConfig{
|
||||||
TokenRoleName: "1",
|
Token: "1",
|
||||||
PeriodicToken: "1",
|
|
||||||
AllowUnauthenticated: false,
|
AllowUnauthenticated: false,
|
||||||
ChildTokenTTL: "1",
|
TaskTokenTTL: "1",
|
||||||
Addr: "1",
|
Addr: "1",
|
||||||
TLSCaFile: "1",
|
TLSCaFile: "1",
|
||||||
TLSCaPath: "1",
|
TLSCaPath: "1",
|
||||||
|
|
@ -223,10 +222,9 @@ func TestConfig_Merge(t *testing.T) {
|
||||||
"Access-Control-Allow-Methods": "GET, POST, OPTIONS",
|
"Access-Control-Allow-Methods": "GET, POST, OPTIONS",
|
||||||
},
|
},
|
||||||
Vault: &config.VaultConfig{
|
Vault: &config.VaultConfig{
|
||||||
TokenRoleName: "2",
|
Token: "2",
|
||||||
PeriodicToken: "2",
|
|
||||||
AllowUnauthenticated: true,
|
AllowUnauthenticated: true,
|
||||||
ChildTokenTTL: "2",
|
TaskTokenTTL: "2",
|
||||||
Addr: "2",
|
Addr: "2",
|
||||||
TLSCaFile: "2",
|
TLSCaFile: "2",
|
||||||
TLSCaPath: "2",
|
TLSCaPath: "2",
|
||||||
|
|
|
||||||
|
|
@ -15,24 +15,20 @@ type VaultConfig struct {
|
||||||
// Enabled enables or disables Vault support.
|
// Enabled enables or disables Vault support.
|
||||||
Enabled bool `mapstructure:"enabled"`
|
Enabled bool `mapstructure:"enabled"`
|
||||||
|
|
||||||
// TokenRoleName is the Vault role in which Nomad will derive child tokens using
|
// Token is the Vault token given to Nomad such that it can
|
||||||
// /auth/token/create/[token_role_name]
|
// derive child tokens. Nomad will renew this token at half its lease
|
||||||
TokenRoleName string `mapstructure:"token_role_name"`
|
// lifetime.
|
||||||
|
Token string `mapstructure:"token"`
|
||||||
// PeriodicToken is the periodic Vault token given to Nomad such that it can
|
|
||||||
// derive child tokens. The PeriodicToken should be created from the passed
|
|
||||||
// TokenRoleName. Nomad will renew this token at half its lease lifetime.
|
|
||||||
PeriodicToken string `mapstructure:"periodic_token"`
|
|
||||||
|
|
||||||
// AllowUnauthenticated allows users to submit jobs requiring Vault tokens
|
// AllowUnauthenticated allows users to submit jobs requiring Vault tokens
|
||||||
// without providing a Vault token proving they have access to these
|
// without providing a Vault token proving they have access to these
|
||||||
// policies.
|
// policies.
|
||||||
AllowUnauthenticated bool `mapstructure:"allow_unauthenticated"`
|
AllowUnauthenticated bool `mapstructure:"allow_unauthenticated"`
|
||||||
|
|
||||||
// ChildTokenTTL is the TTL of the tokens created by Nomad Servers and used
|
// TaskTokenTTL is the TTL of the tokens created by Nomad Servers and used
|
||||||
// by the client. There should be a minimum time value such that the client
|
// by the client. There should be a minimum time value such that the client
|
||||||
// does not have to renew with Vault at a very high frequency
|
// does not have to renew with Vault at a very high frequency
|
||||||
ChildTokenTTL string `mapstructure:"child_token_ttl"`
|
TaskTokenTTL string `mapstructure:"task_token_ttl"`
|
||||||
|
|
||||||
// Addr is the address of the local Vault agent
|
// Addr is the address of the local Vault agent
|
||||||
Addr string `mapstructure:"address"`
|
Addr string `mapstructure:"address"`
|
||||||
|
|
@ -72,14 +68,11 @@ func DefaultVaultConfig() *VaultConfig {
|
||||||
func (a *VaultConfig) Merge(b *VaultConfig) *VaultConfig {
|
func (a *VaultConfig) Merge(b *VaultConfig) *VaultConfig {
|
||||||
result := *a
|
result := *a
|
||||||
|
|
||||||
if b.TokenRoleName != "" {
|
if b.Token != "" {
|
||||||
result.TokenRoleName = b.TokenRoleName
|
result.Token = b.Token
|
||||||
}
|
}
|
||||||
if b.PeriodicToken != "" {
|
if b.TaskTokenTTL != "" {
|
||||||
result.PeriodicToken = b.PeriodicToken
|
result.TaskTokenTTL = b.TaskTokenTTL
|
||||||
}
|
|
||||||
if b.ChildTokenTTL != "" {
|
|
||||||
result.ChildTokenTTL = b.ChildTokenTTL
|
|
||||||
}
|
}
|
||||||
if b.Addr != "" {
|
if b.Addr != "" {
|
||||||
result.Addr = b.Addr
|
result.Addr = b.Addr
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue