Merge pull request kelseyhightower#210 from philipsoutham/crypt

Template integration with https://github.com/xordataexchange/crypt provided values
frankswu · Oct 9, 2017 · cb53644 · cb53644
2 parents 2e1b45c + 45edb08
commit cb53644
Show file tree

Hide file tree

Showing 114 changed files with 21,674 additions and 39 deletions.
diff --git a/config.go b/config.go
@@ -37,6 +37,7 @@ var (
 	onetime           bool
 	prefix            string
 	printVersion      bool
+	secretKeyring     string
 	scheme            string
 	srvDomain         string
 	srvRecord         string
@@ -54,30 +55,32 @@ var (
 
 // A Config structure is used to configure confd.
 type Config struct {
-	AuthToken    string   `toml:"auth_token"`
-	AuthType     string   `toml:"auth_type"`
-	Backend      string   `toml:"backend"`
-	BasicAuth    bool     `toml:"basic_auth"`
-	BackendNodes []string `toml:"nodes"`
-	ClientCaKeys string   `toml:"client_cakeys"`
-	ClientCert   string   `toml:"client_cert"`
-	ClientKey    string   `toml:"client_key"`
-	ConfDir      string   `toml:"confdir"`
-	Interval     int      `toml:"interval"`
-	Noop         bool     `toml:"noop"`
-	Password     string   `toml:"password"`
-	Prefix       string   `toml:"prefix"`
-	SRVDomain    string   `toml:"srv_domain"`
-	SRVRecord    string   `toml:"srv_record"`
-	Scheme       string   `toml:"scheme"`
-	SyncOnly     bool     `toml:"sync-only"`
-	Table        string   `toml:"table"`
-	Username     string   `toml:"username"`
-	LogLevel     string   `toml:"log-level"`
-	Watch        bool     `toml:"watch"`
-	AppID        string   `toml:"app_id"`
-	UserID       string   `toml:"user_id"`
-	YAMLFile     string   `toml:"file"`
+	AuthToken     string   `toml:"auth_token"`
+	AuthType      string   `toml:"auth_type"`
+	Backend       string   `toml:"backend"`
+	BasicAuth     bool     `toml:"basic_auth"`
+	BackendNodes  []string `toml:"nodes"`
+	ClientCaKeys  string   `toml:"client_cakeys"`
+	ClientCert    string   `toml:"client_cert"`
+	ClientKey     string   `toml:"client_key"`
+	ConfDir       string   `toml:"confdir"`
+	Interval      int      `toml:"interval"`
+	SecretKeyring string   `toml:"secret_keyring"`
+	Noop          bool     `toml:"noop"`
+	Password      string   `toml:"password"`
+	Prefix        string   `toml:"prefix"`
+	SRVDomain     string   `toml:"srv_domain"`
+	SRVRecord     string   `toml:"srv_record"`
+	Scheme        string   `toml:"scheme"`
+	SyncOnly      bool     `toml:"sync-only"`
+	Table         string   `toml:"table"`
+	Username      string   `toml:"username"`
+	LogLevel      string   `toml:"log-level"`
+	Watch         bool     `toml:"watch"`
+	AppID         string   `toml:"app_id"`
+	UserID        string   `toml:"user_id"`
+	YAMLFile      string   `toml:"file"`
+	PGPPrivateKey []byte
 }
 
 func init() {
@@ -99,6 +102,7 @@ func init() {
 	flag.StringVar(&prefix, "prefix", "", "key path prefix")
 	flag.BoolVar(&printVersion, "version", false, "print version and exit")
 	flag.StringVar(&scheme, "scheme", "http", "the backend URI scheme for nodes retrieved from DNS SRV records (http or https)")
+	flag.StringVar(&secretKeyring, "secret-keyring", "", "path to armored PGP secret keyring (for use with crypt functions)")
 	flag.StringVar(&srvDomain, "srv-domain", "", "the name of the resource record")
 	flag.StringVar(&srvRecord, "srv-record", "", "the SRV record to search for backends nodes. Example: _etcd-client._tcp.example.com")
 	flag.BoolVar(&syncOnly, "sync-only", false, "sync without check_cmd and reload_cmd")
@@ -150,6 +154,17 @@ func initConfig() error {
 
 	// Update config from commandline flags.
 	processFlags()
+	if config.SecretKeyring != "" {
+		kr, err := os.Open(config.SecretKeyring)
+		if err != nil {
+			log.Fatal(err.Error())
+		}
+		defer kr.Close()
+		config.PGPPrivateKey, err = ioutil.ReadAll(kr)
+		if err != nil {
+			log.Fatal(err.Error())
+		}
+	}
 
 	if config.LogLevel != "" {
 		log.SetLevel(config.LogLevel)
@@ -235,6 +250,7 @@ func initConfig() error {
 		Prefix:        config.Prefix,
 		SyncOnly:      config.SyncOnly,
 		TemplateDir:   filepath.Join(config.ConfDir, "templates"),
+		PGPPrivateKey: config.PGPPrivateKey,
 	}
 	return nil
 }
@@ -308,6 +324,8 @@ func setConfigFromFlag(f *flag.Flag) {
 		config.Prefix = prefix
 	case "scheme":
 		config.Scheme = scheme
+	case "secret-keyring":
+		config.SecretKeyring = secretKeyring
 	case "srv-domain":
 		config.SRVDomain = srvDomain
 	case "srv-record":

diff --git a/config_test.go b/config_test.go
@@ -10,18 +10,19 @@ import (
 func TestInitConfigDefaultConfig(t *testing.T) {
 	log.SetLevel("warn")
 	want := Config{
-		Backend:      "etcd",
-		BackendNodes: []string{"http://127.0.0.1:4001"},
-		ClientCaKeys: "",
-		ClientCert:   "",
-		ClientKey:    "",
-		ConfDir:      "/etc/confd",
-		Interval:     600,
-		Noop:         false,
-		Prefix:       "",
-		SRVDomain:    "",
-		Scheme:       "http",
-		Table:        "",
+		Backend:       "etcd",
+		BackendNodes:  []string{"http://127.0.0.1:4001"},
+		ClientCaKeys:  "",
+		ClientCert:    "",
+		ClientKey:     "",
+		ConfDir:       "/etc/confd",
+		Interval:      600,
+		Noop:          false,
+		Prefix:        "",
+		SRVDomain:     "",
+		Scheme:        "http",
+		SecretKeyring: "",
+		Table:         "",
 	}
 	if err := initConfig(); err != nil {
 		t.Errorf(err.Error())

diff --git a/docs/command-line-flags.md b/docs/command-line-flags.md
@@ -46,6 +46,8 @@ Usage of confd:
       key path prefix (default "/")
   -scheme string
       the backend URI scheme for nodes retrieved from DNS SRV records (http or https) (default "http")
+  -secret-keyring
+      path to armored PGP secret keyring
   -srv-domain string
       the name of the resource record
   -srv-record string
@@ -62,7 +64,6 @@ Usage of confd:
       print version and exit
   -watch
       enable watch support
-
 ```
 
 > The -scheme flag is only used to set the URL scheme for nodes retrieved from DNS SRV records.