Address field name feedback
This commit is contained in:
parent
bd0a89bdae
commit
4135b4ece7
|
@ -110,14 +110,13 @@ consul {
|
|||
vault {
|
||||
address = "127.0.0.1:9500"
|
||||
allow_unauthenticated = true
|
||||
child_token_ttl = "1s"
|
||||
task_token_ttl = "1s"
|
||||
enabled = false
|
||||
periodic_token = "12345"
|
||||
token = "12345"
|
||||
tls_ca_file = "/path/to/ca/file"
|
||||
tls_ca_path = "/path/to/ca"
|
||||
tls_cert_file = "/path/to/cert/file"
|
||||
tls_key_file = "/path/to/key/file"
|
||||
tls_server_name = "foobar"
|
||||
tls_skip_verify = true
|
||||
token_role_name = "roleFoo"
|
||||
}
|
||||
|
|
|
@ -655,16 +655,15 @@ func parseVaultConfig(result **config.VaultConfig, list *ast.ObjectList) error {
|
|||
valid := []string{
|
||||
"address",
|
||||
"allow_unauthenticated",
|
||||
"child_token_ttl",
|
||||
"enabled",
|
||||
"periodic_token",
|
||||
"task_token_ttl",
|
||||
"tls_ca_file",
|
||||
"tls_ca_path",
|
||||
"tls_cert_file",
|
||||
"tls_key_file",
|
||||
"tls_server_name",
|
||||
"tls_skip_verify",
|
||||
"token_role_name",
|
||||
"token",
|
||||
}
|
||||
|
||||
if err := checkHCLKeys(listVal, valid); err != nil {
|
||||
|
|
|
@ -125,16 +125,15 @@ func TestConfig_Parse(t *testing.T) {
|
|||
Vault: &config.VaultConfig{
|
||||
Addr: "127.0.0.1:9500",
|
||||
AllowUnauthenticated: true,
|
||||
ChildTokenTTL: "1s",
|
||||
Enabled: false,
|
||||
PeriodicToken: "12345",
|
||||
TLSCaFile: "/path/to/ca/file",
|
||||
TLSCaPath: "/path/to/ca",
|
||||
TLSCertFile: "/path/to/cert/file",
|
||||
TLSKeyFile: "/path/to/key/file",
|
||||
TLSServerName: "foobar",
|
||||
TLSSkipVerify: true,
|
||||
TokenRoleName: "roleFoo",
|
||||
TaskTokenTTL: "1s",
|
||||
Token: "12345",
|
||||
},
|
||||
HTTPAPIResponseHeaders: map[string]string{
|
||||
"Access-Control-Allow-Origin": "*",
|
||||
|
|
|
@ -96,10 +96,9 @@ func TestConfig_Merge(t *testing.T) {
|
|||
"Access-Control-Allow-Origin": "*",
|
||||
},
|
||||
Vault: &config.VaultConfig{
|
||||
TokenRoleName: "1",
|
||||
PeriodicToken: "1",
|
||||
Token: "1",
|
||||
AllowUnauthenticated: false,
|
||||
ChildTokenTTL: "1",
|
||||
TaskTokenTTL: "1",
|
||||
Addr: "1",
|
||||
TLSCaFile: "1",
|
||||
TLSCaPath: "1",
|
||||
|
@ -223,10 +222,9 @@ func TestConfig_Merge(t *testing.T) {
|
|||
"Access-Control-Allow-Methods": "GET, POST, OPTIONS",
|
||||
},
|
||||
Vault: &config.VaultConfig{
|
||||
TokenRoleName: "2",
|
||||
PeriodicToken: "2",
|
||||
Token: "2",
|
||||
AllowUnauthenticated: true,
|
||||
ChildTokenTTL: "2",
|
||||
TaskTokenTTL: "2",
|
||||
Addr: "2",
|
||||
TLSCaFile: "2",
|
||||
TLSCaPath: "2",
|
||||
|
|
|
@ -15,24 +15,20 @@ type VaultConfig struct {
|
|||
// Enabled enables or disables Vault support.
|
||||
Enabled bool `mapstructure:"enabled"`
|
||||
|
||||
// TokenRoleName is the Vault role in which Nomad will derive child tokens using
|
||||
// /auth/token/create/[token_role_name]
|
||||
TokenRoleName string `mapstructure:"token_role_name"`
|
||||
|
||||
// PeriodicToken is the periodic Vault token given to Nomad such that it can
|
||||
// derive child tokens. The PeriodicToken should be created from the passed
|
||||
// TokenRoleName. Nomad will renew this token at half its lease lifetime.
|
||||
PeriodicToken string `mapstructure:"periodic_token"`
|
||||
// Token is the Vault token given to Nomad such that it can
|
||||
// derive child tokens. Nomad will renew this token at half its lease
|
||||
// lifetime.
|
||||
Token string `mapstructure:"token"`
|
||||
|
||||
// AllowUnauthenticated allows users to submit jobs requiring Vault tokens
|
||||
// without providing a Vault token proving they have access to these
|
||||
// policies.
|
||||
AllowUnauthenticated bool `mapstructure:"allow_unauthenticated"`
|
||||
|
||||
// ChildTokenTTL is the TTL of the tokens created by Nomad Servers and used
|
||||
// TaskTokenTTL is the TTL of the tokens created by Nomad Servers and used
|
||||
// by the client. There should be a minimum time value such that the client
|
||||
// does not have to renew with Vault at a very high frequency
|
||||
ChildTokenTTL string `mapstructure:"child_token_ttl"`
|
||||
TaskTokenTTL string `mapstructure:"task_token_ttl"`
|
||||
|
||||
// Addr is the address of the local Vault agent
|
||||
Addr string `mapstructure:"address"`
|
||||
|
@ -72,14 +68,11 @@ func DefaultVaultConfig() *VaultConfig {
|
|||
func (a *VaultConfig) Merge(b *VaultConfig) *VaultConfig {
|
||||
result := *a
|
||||
|
||||
if b.TokenRoleName != "" {
|
||||
result.TokenRoleName = b.TokenRoleName
|
||||
if b.Token != "" {
|
||||
result.Token = b.Token
|
||||
}
|
||||
if b.PeriodicToken != "" {
|
||||
result.PeriodicToken = b.PeriodicToken
|
||||
}
|
||||
if b.ChildTokenTTL != "" {
|
||||
result.ChildTokenTTL = b.ChildTokenTTL
|
||||
if b.TaskTokenTTL != "" {
|
||||
result.TaskTokenTTL = b.TaskTokenTTL
|
||||
}
|
||||
if b.Addr != "" {
|
||||
result.Addr = b.Addr
|
||||
|
|
Loading…
Reference in a new issue