Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit 42d7c8d

Browse files
resolve #24 (#47)
1 parent 6fdd812 commit 42d7c8d

File tree

2 files changed

+51
-13
lines changed

2 files changed

+51
-13
lines changed

‎main.go‎

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,7 @@ this repository has new commits, Pico will automatically reconfigure.`,
4949
cli.StringFlag{Name: "vault-token", EnvVar: "VAULT_TOKEN"},
5050
cli.StringFlag{Name: "vault-path", EnvVar: "VAULT_PATH", Value: "/secret"},
5151
cli.DurationFlag{Name: "vault-renew-interval", EnvVar: "VAULT_RENEW_INTERVAL", Value: time.Hour * 24},
52+
cli.StringFlag{Name: "vault-config-path", EnvVar: "VAULT_CONFIG_PATH", Value: "pico"},
5253
},
5354
Action: func(c *cli.Context) (err error) {
5455
if !c.Args().Present() {
@@ -84,6 +85,7 @@ this repository has new commits, Pico will automatically reconfigure.`,
8485
VaultToken: c.String("vault-token"),
8586
VaultPath: c.String("vault-path"),
8687
VaultRenewal: c.Duration("vault-renew-interval"),
88+
VaultConfig: c.String("vault-config-path"),
8789
})
8890
if err != nil {
8991
return errors.Wrap(err, "failed to initialise")

‎service/service.go‎

Lines changed: 49 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,7 @@ type Config struct {
3535
VaultToken string
3636
VaultPath string
3737
VaultRenewal time.Duration
38+
VaultConfig string
3839
}
3940

4041
// App stores application state
@@ -52,19 +53,6 @@ func Initialise(c Config) (app *App, err error) {
5253

5354
app.config = c
5455

55-
var authMethod transport.AuthMethod
56-
if c.SSH {
57-
authMethod, err = ssh.NewSSHAgentAuth("git")
58-
if err != nil {
59-
return nil, errors.Wrap(err, "failed to set up SSH authentication")
60-
}
61-
} else if c.Target.User != "" {
62-
authMethod = &http.BasicAuth{
63-
Username: c.Target.User,
64-
Password: c.Target.Pass,
65-
}
66-
}
67-
6856
var secretStore secret.Store
6957
if c.VaultAddress != "" {
7058
zap.L().Debug("connecting to vault",
@@ -83,6 +71,18 @@ func Initialise(c Config) (app *App, err error) {
8371
}
8472
}
8573

74+
secretConfig, err := secretStore.GetSecretsForTarget(c.VaultConfig)
75+
if err != nil {
76+
zap.L().Info("could not read additional config from vault", zap.String("path", c.VaultConfig))
77+
err = nil
78+
}
79+
zap.L().Debug("read configuration secrets from secret store", zap.Strings("keys", getKeys(secretConfig)))
80+
81+
authMethod, err := getAuthMethod(c, secretConfig)
82+
if err != nil {
83+
return nil, errors.Wrap(err, "failed to create an authentication method from the given config")
84+
}
85+
8686
app.secrets = secretStore
8787

8888
app.bus = make(chan task.ExecutionTask, 100)
@@ -143,3 +143,39 @@ func (app *App) Start(ctx context.Context) error {
143143

144144
return g.Wait()
145145
}
146+
147+
func getAuthMethod(c Config, secretConfig map[string]string) (transport.AuthMethod, error) {
148+
if c.SSH {
149+
authMethod, err := ssh.NewSSHAgentAuth("git")
150+
if err != nil {
151+
return nil, errors.Wrap(err, "failed to set up SSH authentication")
152+
}
153+
return authMethod, nil
154+
}
155+
156+
if c.Target.User != "" && c.Target.Pass != "" {
157+
return &http.BasicAuth{
158+
Username: c.Target.User,
159+
Password: c.Target.Pass,
160+
}, nil
161+
}
162+
163+
user, userok := secretConfig["GIT_USERNAME"]
164+
pass, passok := secretConfig["GIT_PASSWORD"]
165+
if userok && passok {
166+
return &http.BasicAuth{
167+
Username: user,
168+
Password: pass,
169+
}, nil
170+
}
171+
172+
return nil, nil
173+
}
174+
175+
func getKeys(m map[string]string) []string {
176+
keys := make([]string, 0, len(m))
177+
for k := range m {
178+
keys = append(keys, k)
179+
}
180+
return keys
181+
}

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /