vault support

paramah · Dec 9, 2021 · 0d8819f · 0d8819f
1 parent caaa4e8
commit 0d8819f
Show file tree

Hide file tree

Showing 21 changed files with 628 additions and 155 deletions.
diff --git a/app/cmd/docker/exec.go b/app/cmd/docker/exec.go
@@ -1,9 +1,9 @@
 package docker
 
 import (
-	"github.com/urfave/cli/v2"
 	"github.com/paramah/ledo/app/modules/compose"
 	"github.com/paramah/ledo/app/modules/context"
+	"github.com/urfave/cli/v2"
 )
 
 var CmdComposeExec = cli.Command{

diff --git a/app/cmd/docker/login.go b/app/cmd/docker/login.go
@@ -17,31 +17,31 @@ var CmdDockerLogin = cli.Command{
 }
 
 var CmdDockerEcrLogin = cli.Command{
-	Name:        "ecr",
-	Aliases:     []string{"e"},
-	Flags: []cli.Flag {
-      &cli.StringFlag{
-        Name:    "region",
-        Aliases: []string{"r"},
-        Usage:   "aws-region",
-		Required: true,
-        EnvVars: []string{"AWS_REGION"},
-      },
-	  &cli.StringFlag{
-        Name:    "key",
-        Aliases: []string{"k"},
-        Usage:   "AWS access key",
-		Required: true,
-        EnvVars: []string{"AWS_ACCESS_KEY_ID"},
-      },
-	  &cli.StringFlag{
-        Name:    "secret",
-        Aliases: []string{"s"},
-        Usage:   "AWS secret key",
-		Required: true,
-        EnvVars: []string{"AWS_SECRET_ACCESS_KEY"},
-      },
-    },
+	Name:    "ecr",
+	Aliases: []string{"e"},
+	Flags: []cli.Flag{
+		&cli.StringFlag{
+			Name:     "region",
+			Aliases:  []string{"r"},
+			Usage:    "aws-region",
+			Required: true,
+			EnvVars:  []string{"AWS_REGION"},
+		},
+		&cli.StringFlag{
+			Name:     "key",
+			Aliases:  []string{"k"},
+			Usage:    "AWS access key",
+			Required: true,
+			EnvVars:  []string{"AWS_ACCESS_KEY_ID"},
+		},
+		&cli.StringFlag{
+			Name:     "secret",
+			Aliases:  []string{"s"},
+			Usage:    "AWS secret key",
+			Required: true,
+			EnvVars:  []string{"AWS_SECRET_ACCESS_KEY"},
+		},
+	},
 	Usage:       "AWS Elastic Docker Registry",
 	Description: `Login to docker registry`,
 	Action:      RunDockerEcrLogin,
@@ -52,4 +52,3 @@ func RunDockerEcrLogin(cmd *cli.Context) error {
 	docker.DockerEcrLogin(ctx)
 	return nil
 }
-
diff --git a/app/cmd/docker/rm.go b/app/cmd/docker/rm.go
@@ -1,9 +1,9 @@
 package docker
 
 import (
-	"github.com/urfave/cli/v2"
 	"github.com/paramah/ledo/app/modules/compose"
 	"github.com/paramah/ledo/app/modules/context"
+	"github.com/urfave/cli/v2"
 )
 
 var CmdDockerRm = cli.Command{

diff --git a/app/cmd/image.go b/app/cmd/image.go
@@ -19,5 +19,3 @@ var CmdImage = cli.Command{
 		&image.CmdDockerBuild,
 	},
 }
-
-
diff --git a/app/cmd/image/build.go b/app/cmd/image/build.go
@@ -14,28 +14,28 @@ var CmdDockerBuild = cli.Command{
 	ArgsUsage:   "version",
 	Action:      RunDockerBuild,
 	Flags: []cli.Flag{
-      &cli.StringFlag{
-        Name:    "stage",
-        Aliases: []string{"s"},
-        Value:   "",
-        Usage:   "select stage to build (multi-stage dockerfile)",
-		Required: false,
-      },
-      &cli.StringFlag{
-		  Name:     "dockerfile",
-		  Aliases:  []string{"f"},
-		  Value:    "./Dockerfile",
-		  Usage:    "select dockerfile",
-		  Required: false,
-	  },
-      &cli.StringFlag{
-		  Name:     "opts",
-		  Aliases:  []string{"o"},
-		  Value:    "--compress",
-		  Usage:    "Additional build options",
-		  Required: false,
-	  },
-    },
+		&cli.StringFlag{
+			Name:     "stage",
+			Aliases:  []string{"s"},
+			Value:    "",
+			Usage:    "select stage to build (multi-stage dockerfile)",
+			Required: false,
+		},
+		&cli.StringFlag{
+			Name:     "dockerfile",
+			Aliases:  []string{"f"},
+			Value:    "./Dockerfile",
+			Usage:    "select dockerfile",
+			Required: false,
+		},
+		&cli.StringFlag{
+			Name:     "opts",
+			Aliases:  []string{"o"},
+			Value:    "--compress",
+			Usage:    "Additional build options",
+			Required: false,
+		},
+	},
 }
 
 func RunDockerBuild(cmd *cli.Context) error {

diff --git a/app/cmd/init.go b/app/cmd/init.go
@@ -67,14 +67,13 @@ func runInitLedo(cmd *cli.Context) error {
 		var dockerComposeServices []helper.DockerProjectAdditionalServiceCfg
 		var dockerComposeModeConfig []helper.DockerComposeModeCfg
 
-
 		for _, composeMode := range interact.PredefinedDockerComposeModes {
 			var configMode bool
 
 			if composeMode == "base" {
 				configMode = true
 			} else {
-				configMode = interact.InitAdvancedConfigurationAsk("Configure "+composeMode+" stack?")
+				configMode = interact.InitAdvancedConfigurationAsk("Configure " + composeMode + " stack?")
 			}
 
 			if configMode == true {
@@ -89,7 +88,7 @@ func runInitLedo(cmd *cli.Context) error {
 				}
 				composeFilename := "./docker/docker-compose.yml"
 				if composeMode != "base" {
-					composeFilename = "./docker/docker-compose."+composeMode+".yml"
+					composeFilename = "./docker/docker-compose." + composeMode + ".yml"
 				}
 				mdCfg := helper.DockerComposeModeCfg{
 					DockerComposeName:     composeFilename,

diff --git a/app/cmd/secrets.go b/app/cmd/secrets.go
@@ -0,0 +1,24 @@
+package cmd
+
+import (
+	"github.com/paramah/ledo/app/cmd/secrets"
+	"github.com/urfave/cli/v2"
+)
+
+var CmdSecrets = cli.Command{
+	Name:        "secrets",
+	Aliases:     []string{"s"},
+	Category:    catHelpers,
+	Usage:       "secrets helper",
+	Description: `Managing secrets with hashicorp vault.
+
+Requires a vault server with a KV2 resource prefixed /environment to function properly.
+
+The vault path is created from project namespace, project name and selected mode. 
+
+`,
+	Subcommands: []*cli.Command{
+		&secrets.CmdSecretsRead,
+		&secrets.CmdSecretsWrite,
+	},
+}
diff --git a/app/cmd/secrets/read.go b/app/cmd/secrets/read.go
@@ -0,0 +1,44 @@
+package secrets
+
+import (
+	"github.com/paramah/ledo/app/modules/context"
+	"github.com/paramah/ledo/app/modules/secrets"
+	"github.com/urfave/cli/v2"
+)
+
+var CmdSecretsRead = cli.Command{
+	Name:        "read",
+	Aliases:     []string{"r"},
+	Usage:       "read secrets",
+	Description: `Read secrets from vault`,
+	Action:      RunSecretsRead,
+	Flags: []cli.Flag{
+		&cli.StringFlag{
+			Name:     "addr",
+			Aliases:  []string{"a"},
+			Usage:    "vault address",
+			Required: true,
+			EnvVars:  []string{"VAULT_ADDR"},
+		},
+		&cli.StringFlag{
+			Name:     "token",
+			Aliases:  []string{"t"},
+			Usage:    "vault token",
+			Required: true,
+			EnvVars:  []string{"VAULT_TOKEN"},
+		},
+		&cli.BoolFlag{
+			Name:    "debug",
+			Aliases: []string{"d"},
+			Usage:   "Debug output",
+			Value:   false,
+		},
+	},
+}
+
+func RunSecretsRead(cmd *cli.Context) error {
+	ctx := context.InitCommand(cmd)
+	envs := secrets.SecretRead(ctx, cmd)
+	secrets.ParseVaultOutput(envs)
+	return nil
+}
diff --git a/app/cmd/secrets/write.go b/app/cmd/secrets/write.go
@@ -0,0 +1,49 @@
+package secrets
+
+import (
+	"github.com/paramah/ledo/app/modules/context"
+	"github.com/paramah/ledo/app/modules/secrets"
+	"github.com/urfave/cli/v2"
+)
+
+var CmdSecretsWrite = cli.Command{
+	Name:        "write",
+	Aliases:     []string{"w"},
+	Usage:       "write secrets",
+	Description: `Write secrets to vault`,
+	Action:      RunSecretsWrite,
+	Flags: []cli.Flag{
+		&cli.StringFlag{
+			Name:     "addr",
+			Aliases:  []string{"a"},
+			Usage:    "vault address",
+			Required: true,
+			EnvVars:  []string{"VAULT_ADDR"},
+		},
+		&cli.StringFlag{
+			Name:     "token",
+			Aliases:  []string{"t"},
+			Usage:    "vault token",
+			Required: true,
+			EnvVars:  []string{"VAULT_TOKEN"},
+		},
+		&cli.BoolFlag{
+			Name:    "debug",
+			Aliases: []string{"d"},
+			Usage:   "Debug output",
+			Value:   false,
+		},
+		&cli.PathFlag{
+			Name:     "input",
+			Aliases:  []string{"i"},
+			Usage:    "read env from file",
+			Required: false,
+		},
+	},
+}
+
+func RunSecretsWrite(cmd *cli.Context) error {
+	ctx := context.InitCommand(cmd)
+	secrets.SecretWrite(ctx, cmd)
+	return nil
+}
diff --git a/app/modules/aws_ledo/ecr_login.go b/app/modules/aws_ledo/ecr_login.go
@@ -22,11 +22,11 @@ func EcrLogin() (*ecr.GetAuthorizationTokenOutput, error) {
 	var token *ecr.GetAuthorizationTokenOutput
 
 	config := &aws.Config{
-    	Region:      aws.String(getRegion()),
+		Region: aws.String(getRegion()),
 	}
 	sess, _ := session.NewSession(config)
 	_, err := sess.Config.Credentials.Get()
-		if err != nil {
+	if err != nil {
 		return token, err
 	}
 

diff --git a/app/modules/compose/compose.go b/app/modules/compose/compose.go
@@ -35,7 +35,7 @@ func CheckDockerComposeVersion() {
 	composeSemVer, _ := semver.NewVersion(composeVersion)
 
 	if !verConstraint.Check(composeSemVer) {
-		log.Fatal("Wrong docker-compose version, please update to "+DockerComposeVersion+" or higher.")
+		log.Fatal("Wrong docker-compose version, please update to " + DockerComposeVersion + " or higher.")
 	}
 }
 

diff --git a/app/modules/compose/create_compose.go b/app/modules/compose/create_compose.go
@@ -11,10 +11,10 @@ import (
 
 func CreateComposeFile(ctx *context.LedoContext, dockerProject helper.DockerProjectCfg, composeMode string) error {
 	if _, err := os.Stat("./docker"); os.IsNotExist(err) {
-	    err := os.Mkdir("./docker", 0755)
-    	if err != nil {
-        	log.Fatal(err)
-    	}
+		err := os.Mkdir("./docker", 0755)
+		if err != nil {
+			log.Fatal(err)
+		}
 	}
 
 	log.Printf("%v", dockerProject)
@@ -29,7 +29,7 @@ func CreateComposeFile(ctx *context.LedoContext, dockerProject helper.DockerProj
 	composeFilename := "./docker/docker-compose.yml"
 
 	if composeMode != "base" {
-		composeFilename = "./docker/docker-compose."+composeMode+".yml"
+		composeFilename = "./docker/docker-compose." + composeMode + ".yml"
 	}
 
 	f, err := os.Create(composeFilename)
@@ -39,4 +39,4 @@ func CreateComposeFile(ctx *context.LedoContext, dockerProject helper.DockerProj
 	err = tpl.Execute(f, ctx)
 
 	return err
-}
+}
Original file line number	Diff line number	Diff line change
Expand Up		@@ -19,5 +19,3 @@ var CmdImage = cli.Command{
		&image.CmdDockerBuild,
		},
		}