Address field name feedback

This commit is contained in:
Alex Dadgar 2016-08-12 21:59:31 -07:00
parent bd0a89bdae
commit 4135b4ece7
5 changed files with 20 additions and 32 deletions

View file

@ -110,14 +110,13 @@ consul {
vault {
address = "127.0.0.1:9500"
allow_unauthenticated = true
child_token_ttl = "1s"
task_token_ttl = "1s"
enabled = false
periodic_token = "12345"
token = "12345"
tls_ca_file = "/path/to/ca/file"
tls_ca_path = "/path/to/ca"
tls_cert_file = "/path/to/cert/file"
tls_key_file = "/path/to/key/file"
tls_server_name = "foobar"
tls_skip_verify = true
token_role_name = "roleFoo"
}

View file

@ -655,16 +655,15 @@ func parseVaultConfig(result **config.VaultConfig, list *ast.ObjectList) error {
valid := []string{
"address",
"allow_unauthenticated",
"child_token_ttl",
"enabled",
"periodic_token",
"task_token_ttl",
"tls_ca_file",
"tls_ca_path",
"tls_cert_file",
"tls_key_file",
"tls_server_name",
"tls_skip_verify",
"token_role_name",
"token",
}
if err := checkHCLKeys(listVal, valid); err != nil {

View file

@ -125,16 +125,15 @@ func TestConfig_Parse(t *testing.T) {
Vault: &config.VaultConfig{
Addr: "127.0.0.1:9500",
AllowUnauthenticated: true,
ChildTokenTTL: "1s",
Enabled: false,
PeriodicToken: "12345",
TLSCaFile: "/path/to/ca/file",
TLSCaPath: "/path/to/ca",
TLSCertFile: "/path/to/cert/file",
TLSKeyFile: "/path/to/key/file",
TLSServerName: "foobar",
TLSSkipVerify: true,
TokenRoleName: "roleFoo",
TaskTokenTTL: "1s",
Token: "12345",
},
HTTPAPIResponseHeaders: map[string]string{
"Access-Control-Allow-Origin": "*",

View file

@ -96,10 +96,9 @@ func TestConfig_Merge(t *testing.T) {
"Access-Control-Allow-Origin": "*",
},
Vault: &config.VaultConfig{
TokenRoleName: "1",
PeriodicToken: "1",
Token: "1",
AllowUnauthenticated: false,
ChildTokenTTL: "1",
TaskTokenTTL: "1",
Addr: "1",
TLSCaFile: "1",
TLSCaPath: "1",
@ -223,10 +222,9 @@ func TestConfig_Merge(t *testing.T) {
"Access-Control-Allow-Methods": "GET, POST, OPTIONS",
},
Vault: &config.VaultConfig{
TokenRoleName: "2",
PeriodicToken: "2",
Token: "2",
AllowUnauthenticated: true,
ChildTokenTTL: "2",
TaskTokenTTL: "2",
Addr: "2",
TLSCaFile: "2",
TLSCaPath: "2",

View file

@ -15,24 +15,20 @@ type VaultConfig struct {
// Enabled enables or disables Vault support.
Enabled bool `mapstructure:"enabled"`
// TokenRoleName is the Vault role in which Nomad will derive child tokens using
// /auth/token/create/[token_role_name]
TokenRoleName string `mapstructure:"token_role_name"`
// PeriodicToken is the periodic Vault token given to Nomad such that it can
// derive child tokens. The PeriodicToken should be created from the passed
// TokenRoleName. Nomad will renew this token at half its lease lifetime.
PeriodicToken string `mapstructure:"periodic_token"`
// Token is the Vault token given to Nomad such that it can
// derive child tokens. Nomad will renew this token at half its lease
// lifetime.
Token string `mapstructure:"token"`
// AllowUnauthenticated allows users to submit jobs requiring Vault tokens
// without providing a Vault token proving they have access to these
// policies.
AllowUnauthenticated bool `mapstructure:"allow_unauthenticated"`
// ChildTokenTTL is the TTL of the tokens created by Nomad Servers and used
// TaskTokenTTL is the TTL of the tokens created by Nomad Servers and used
// by the client. There should be a minimum time value such that the client
// does not have to renew with Vault at a very high frequency
ChildTokenTTL string `mapstructure:"child_token_ttl"`
TaskTokenTTL string `mapstructure:"task_token_ttl"`
// Addr is the address of the local Vault agent
Addr string `mapstructure:"address"`
@ -72,14 +68,11 @@ func DefaultVaultConfig() *VaultConfig {
func (a *VaultConfig) Merge(b *VaultConfig) *VaultConfig {
result := *a
if b.TokenRoleName != "" {
result.TokenRoleName = b.TokenRoleName
if b.Token != "" {
result.Token = b.Token
}
if b.PeriodicToken != "" {
result.PeriodicToken = b.PeriodicToken
}
if b.ChildTokenTTL != "" {
result.ChildTokenTTL = b.ChildTokenTTL
if b.TaskTokenTTL != "" {
result.TaskTokenTTL = b.TaskTokenTTL
}
if b.Addr != "" {
result.Addr = b.Addr