From 4cba36604177aea01a60a0ccf83cd59915fcfd4a Mon Sep 17 00:00:00 2001 From: Simon Marsh Date: Tue, 26 Jul 2022 08:33:30 +0100 Subject: [PATCH] add token renew and drone --- .drone.yml | 42 ++++++++++++++++++++++++++++++++++++++++ mini-vault/mini-vault.go | 1 + mini-vault/tls.go | 17 ++++++++++++---- 3 files changed, 56 insertions(+), 4 deletions(-) create mode 100644 .drone.yml diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..6ea7d67 --- /dev/null +++ b/.drone.yml @@ -0,0 +1,42 @@ +--- +kind: pipeline +type: docker +name: default + +steps: + - name: build + image: golang + environment: + CGO_ENABLED: 0 + commands: + - cd mini-vault + - go vet + - go build + + - name: upload + image: plugins/s3 + settings: + bucket: artifacts + access_key: + from_secret: MINIO_ACCESS_KEY + secret_key: + from_secret: MINIO_SECRET_KEY + endpoint: https://minio.burble.dn42 + region: uk-lon3 + path_style: true + source: mini-vault/mini-vault + target: /mini-vault/${DRONE_BRANCH} + +--- +kind: secret +name: MINIO_ACCESS_KEY +get: + path: burble.dn42/kv/data/drone/minio + name: ACCESS_KEY + +--- +kind: secret +name: MINIO_SECRET_KEY +get: + path: burble.dn42/kv/data/drone/minio + name: SECRET_KEY diff --git a/mini-vault/mini-vault.go b/mini-vault/mini-vault.go index d3cb844..a6adc08 100644 --- a/mini-vault/mini-vault.go +++ b/mini-vault/mini-vault.go @@ -56,6 +56,7 @@ func main() { cmdTLSRenew.MarkFlagRequired("ca") cmdTLSRenew.Flags().StringVarP(&TLSRequest, "request", "r", "", "Request Parameters") cmdTLSRenew.MarkFlagRequired("request") + cmdTLSRenew.Flags().BoolVarP(&TLSRenewToken, "renew-token", "n", true, "Also renew the token") cmdRoot.AddCommand(cmdToken, cmdTLS) cmdToken.AddCommand(cmdTokenRenew) diff --git a/mini-vault/tls.go b/mini-vault/tls.go index b73f046..3f65711 100644 --- a/mini-vault/tls.go +++ b/mini-vault/tls.go @@ -19,10 +19,11 @@ import ( ////////////////////////////////////////////////////////////////////////// var ( - TLSCertPEM string - TLSKeyPEM string - TLSCAPEM string - TLSRequest string + TLSCertPEM string + TLSKeyPEM string + TLSCAPEM string + TLSRequest string + TLSRenewToken bool ) ////////////////////////////////////////////////////////////////////////// @@ -75,6 +76,14 @@ func CmdTLSRenew(cmd *cobra.Command, args []string) { token := loadToken() request := loadRequest(TLSRequest) + if TLSRenewToken { + err := token.Renew(vault.VAULT_TTL) + if err != nil { + fmt.Printf("ERROR: failed to renew token: %s\n", err) + os.Exit(1) + } + } + // load existing cert if it existed if _, err := os.Stat(TLSCertPEM); err == nil { fmt.Printf("Loading existing certificate: %s\n", TLSCertPEM)