Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Spire trustsource #14

Open
wants to merge 14 commits into
base: develop
Choose a base branch
from
Prev Previous commit
Next Next commit
Fix error messages truth -> trust
Signed-off-by: Peyton Walters <[email protected]>
  • Loading branch information
Peyton Walters committed Jan 8, 2020
commit e6906561281e30f884e5feabe11c501e2b637ff3
6 changes: 3 additions & 3 deletions cmd/plugin/vault-auth-spire.go
Original file line number Diff line number Diff line change
@@ -114,14 +114,14 @@ func BackendFactory(ctx context.Context, backendConfig *logical.BackendConfig) (
spirePlugin.verifier.AddTrustSource(&trustSource)
}
if settings.SourceOfTrust.Spire != nil {
trustSource, err := common.NewSpireTrustSource(settings.SourceOfTrust.Spire.URLs, settings.SourceOfTrust.Spire.CertLocation)
trustSource, err := common.NewSpireTrustSource(settings.SourceOfTrust.Spire.SpireEndpoints, settings.SourceOfTrust.Spire.CertStorePath)
if err != nil {
return nil, errors.New("vault-auth-spire: Failed to initialize file TrustSource - " + err.Error())
return nil, errors.New("vault-auth-spire: Failed to initialize spire TrustSource - " + err.Error())
}
spirePlugin.verifier.AddTrustSource(trustSource)
}
if settings.SourceOfTrust.File == nil && settings.SourceOfTrust.Spire == nil {
return nil, errors.New("vault-auth-spire: No sources of truth in settings")
return nil, errors.New("vault-auth-spire: No sources of trust in settings")
}

// Calls standard Vault plugin setup - magic happens here I bet :shrugs: but if it fails then we're gonna
10 changes: 5 additions & 5 deletions internal/common/settings.go
Original file line number Diff line number Diff line change
@@ -36,8 +36,8 @@ type FileTrustSourceSettings struct {
}

type SpireTrustSourceSettings struct {
URLs map[string]string
CertLocation string
SpireEndpoints map[string]string
CertStorePath string
}

type LogSettings struct {
@@ -144,12 +144,12 @@ func readSpireSourceOfTrustSettings() (*SpireTrustSourceSettings, error) {
}

spireSettings := new(SpireTrustSourceSettings)
pawalt marked this conversation as resolved.
Show resolved Hide resolved
spireSettings.URLs = viper.GetStringMapString("trustsource.spire.domains")
spireSettings.SpireEndpoints = viper.GetStringMapString("trustsource.spire.domains")
viper.SetDefault("trustsource.spire.certLocation", "/tmp/vault-spire-certs.json")
pawalt marked this conversation as resolved.
Show resolved Hide resolved
viper.SetDefault("trustsource.spire.storeEnabled", true)
spireSettings.CertLocation = viper.GetString("trustsource.spire.certLocation")
spireSettings.CertStorePath = viper.GetString("trustsource.spire.certLocation")
if !viper.GetBool("trustsource.spire.storeEnabled") {
spireSettings.CertLocation = ""
spireSettings.CertStorePath = ""
}

return spireSettings, nil