forked from mch1307/vaultlib
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathconf.go
93 lines (82 loc) · 2.27 KB
/
conf.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
package vaultlib
import (
"os"
"strconv"
"time"
)
// AppRoleCredentials holds the app role secret and role ids
type AppRoleCredentials struct {
RoleID string `json:"role_id"`
SecretID string `json:"secret_id"`
MountPoint string `json:"-"`
}
// Config holds the vault client config
type Config struct {
Address string
MaxRetries int
Timeout time.Duration
CACert string
InsecureSSL bool
AppRoleCredentials *AppRoleCredentials
Token string
}
// NewConfig returns a new configuration based on env vars or default value.
//
// Reads ENV:
// VAULT_ADDR Vault server URL (default http://localhost:8200)
// VAULT_ROLEID Vault app role id
// VAULT_SECRETID Vault app role secret id
// VAULT_MOUNTPOINT Vault app role mountpoint (default "approle")
// VAULT_TOKEN Vault Token (in case approle is not used)
// VAULT_CACERT Path to CA pem file
// VAULT_SKIP_VERIFY Do not check SSL
// VAULT_CLIENT_TIMEOUT Client timeout
//
// Modify the returned config object to adjust your configuration.
func NewConfig() *Config {
var cfg Config
appRoleCredentials := new(AppRoleCredentials)
if v := os.Getenv("VAULT_ADDR"); v != "" {
cfg.Address = v
} else {
cfg.Address = "http://localhost:8200"
}
if v := os.Getenv("VAULT_CACERT"); v != "" {
cfg.CACert = v
}
if v := os.Getenv("VAULT_TOKEN"); v != "" {
cfg.Token = v
}
if v := os.Getenv("VAULT_ROLEID"); v != "" {
appRoleCredentials.RoleID = v
}
if v := os.Getenv("VAULT_SECRETID"); v != "" {
appRoleCredentials.SecretID = v
}
if v := os.Getenv("VAULT_MOUNTPOINT"); v != "" {
appRoleCredentials.MountPoint = v
} else {
appRoleCredentials.MountPoint = "approle"
}
if t := os.Getenv("VAULT_CLIENT_TIMEOUT"); t != "" {
to, err := strconv.Atoi(t)
if err != nil {
cfg.Timeout = time.Duration(30) * time.Second
}
clientTimeout := time.Duration(to) * time.Second
cfg.Timeout = clientTimeout
} else {
cfg.Timeout = time.Duration(30 * time.Second)
}
if v := os.Getenv("VAULT_SKIP_VERIFY"); v != "" {
var err error
cfg.InsecureSSL, err = strconv.ParseBool(v)
if err != nil {
cfg.InsecureSSL = true
}
} else {
cfg.InsecureSSL = true
}
cfg.AppRoleCredentials = appRoleCredentials
return &cfg
}