Skip to content
This repository has been archived by the owner on Jan 8, 2024. It is now read-only.

Commit

Permalink
Merge branch 'master' of github.com:nemosupremo/vault-gatekeeper
Browse files Browse the repository at this point in the history
  • Loading branch information
nemosupremo committed Jul 30, 2019
2 parents 313b52c + d47c505 commit eaf47c4
Show file tree
Hide file tree
Showing 24 changed files with 767 additions and 97 deletions.
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -13,4 +13,4 @@ COPY --from=0 /go/src/github.com/nemosupremo/vault-gatekeeper/dist/gatekeeper /
WORKDIR /tmp
WORKDIR /
ENTRYPOINT ["/gatekeeper"]
CMD ["server"]
CMD ["server"]
91 changes: 16 additions & 75 deletions Gopkg.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions cmd/gatekeeper/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"runtime"

// import schedulers before cmd
_ "github.com/nemosupremo/vault-gatekeeper/scheduler/dcosee_mesos"
_ "github.com/nemosupremo/vault-gatekeeper/scheduler/ecs"
_ "github.com/nemosupremo/vault-gatekeeper/scheduler/mesos"

Expand Down
3 changes: 2 additions & 1 deletion cmd/policy.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,12 @@ import (
"net/url"
"os"

"github.com/franela/goreq"
"github.com/nemosupremo/vault-gatekeeper"
"github.com/nemosupremo/vault-gatekeeper/policy"
"github.com/nemosupremo/vault-gatekeeper/scheduler"
"github.com/nemosupremo/vault-gatekeeper/vault"

"github.com/franela/goreq"
log "github.com/sirupsen/logrus"
"github.com/spf13/cobra"
"github.com/spf13/viper"
Expand Down
1 change: 1 addition & 0 deletions cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"time"

"github.com/nemosupremo/vault-gatekeeper/scheduler"

"github.com/sirupsen/logrus"
"github.com/spf13/cobra"
"github.com/spf13/viper"
Expand Down
1 change: 1 addition & 0 deletions cmd/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (
"github.com/nemosupremo/vault-gatekeeper"
"github.com/nemosupremo/vault-gatekeeper/scheduler"
"github.com/nemosupremo/vault-gatekeeper/vault/unsealer"

"github.com/sirupsen/logrus"
"github.com/spf13/cobra"
"github.com/spf13/viper"
Expand Down
3 changes: 2 additions & 1 deletion cmd/unseal.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,9 @@ package cmd
import (
"net/url"

"github.com/franela/goreq"
"github.com/nemosupremo/vault-gatekeeper/scheduler"

"github.com/franela/goreq"
log "github.com/sirupsen/logrus"
"github.com/spf13/cobra"
"github.com/spf13/viper"
Expand Down
6 changes: 4 additions & 2 deletions gatekeeper.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,14 +14,15 @@ import (
"sync/atomic"
"time"

"github.com/cenkalti/backoff"
"github.com/franela/goreq"
gkClient "github.com/nemosupremo/vault-gatekeeper/gatekeeper"
"github.com/nemosupremo/vault-gatekeeper/policy"
"github.com/nemosupremo/vault-gatekeeper/scheduler"
"github.com/nemosupremo/vault-gatekeeper/usagestore"
"github.com/nemosupremo/vault-gatekeeper/vault"
"github.com/nemosupremo/vault-gatekeeper/vault/unsealer"

"github.com/cenkalti/backoff"
"github.com/franela/goreq"
"github.com/segmentio/ksuid"
log "github.com/sirupsen/logrus"
)
Expand Down Expand Up @@ -480,6 +481,7 @@ func (g *Gatekeeper) RequestToken(providerKey string, taskId string, requestedRo
currentPolicies := g.Policies
g.RUnlock()

log.Debugf("Find Policy: %s\n", policyKey)
if policy, ok := currentPolicies.Get(policyKey); ok && len(policy.Roles) > 0 {
if err := g.Store.Acquire(g.Token, providerKey+":"+task.Id(), policy.NumUses, g.config.MaxTaskLife+1*time.Minute); err == nil {
roleName := policy.Roles[0]
Expand Down
6 changes: 3 additions & 3 deletions gatekeeper/gatekeeper.go
Original file line number Diff line number Diff line change
Expand Up @@ -155,9 +155,9 @@ func (c *Client) requestTempToken(taskID string) (string, error) {
return "", err
}

if !gkTokResp.OK {
return "", errors.New(gkTokResp.Error)
}
// if !gkTokResp.OK {
// return "", errors.New(gkTokResp.Error)
// }

return gkTokResp.Token, nil
}
Expand Down
8 changes: 4 additions & 4 deletions gatekeeper/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,10 +34,10 @@ type gkTokenReq struct {
}

type gkTokenResp struct {
OK bool `json:"ok"`
Token string `json:"token"`
Status string `json:"status"`
Error string `json:"error"`
Unsealed bool `json:"unsealed"`
Token string `json:"token"`
Ttl string `json:"ttl"`
VaultAddr string `json:"vault_addr"`
}

type vaultWrappedResponse struct {
Expand Down
3 changes: 2 additions & 1 deletion gatekeeper_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,13 @@ import (
"testing"
"time"

"github.com/franela/goreq"
"github.com/nemosupremo/vault-gatekeeper/policy"
"github.com/nemosupremo/vault-gatekeeper/scheduler"
"github.com/nemosupremo/vault-gatekeeper/scheduler/mock"
"github.com/nemosupremo/vault-gatekeeper/vault"
"github.com/nemosupremo/vault-gatekeeper/vault/unsealer"

"github.com/franela/goreq"
"github.com/segmentio/ksuid"
"github.com/spf13/viper"
)
Expand Down
21 changes: 19 additions & 2 deletions policy.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,14 @@ import (
"encoding/json"
"errors"
"fmt"
log "github.com/sirupsen/logrus"
"strings"

"github.com/franela/goreq"
log "github.com/sirupsen/logrus"

"github.com/nemosupremo/vault-gatekeeper/policy"
"github.com/nemosupremo/vault-gatekeeper/vault"

"github.com/franela/goreq"
)

var policyNotFound = errors.New("No policy saved at configured location.")
Expand All @@ -33,21 +35,28 @@ func (g *Gatekeeper) loadPolicies() (*policy.Policies, error) {
func (g *Gatekeeper) GetPolicyConfig() ([]byte, error) {
initialPolicyDir := g.config.PolicyPath
policies := make(map[string]policy.Policy)
log.Debugf("Policy Dir: %s\n", initialPolicyDir)
if policyDirectories, err := g.getNestedPolicyDirs(initialPolicyDir, g.Token); err == nil {
for _, dir := range policyDirectories {
log.Debugf("Dir: %s\n", dir)
if policy, err := getPolicy(dir, g.Token); err == nil {
log.Debugf("Policies: %+v\n", policy)
for k, v := range policy {
policies[k] = v
}
} else if err == policyNotFound {
log.Warnf("%v\n", policyNotFound)
continue
} else {
return nil, err
}
}
} else {
log.Errorf("Failed to find direcotries in %s\n", initialPolicyDir)
return nil, err
}

log.Debugf("Policies: %+v\n", policies)
if len(policies) == 0 {
return nil, policyNotFound
}
Expand All @@ -64,6 +73,7 @@ func (g *Gatekeeper) getNestedPolicyDirs(initialPolicyDir string, authToken stri

err := g.getDirList(initialPolicyDir, authToken, &nestedPolicyDirs, &subDirs)
if err != nil {
log.Errorf("Error getting dir list: %v\n", err)
return nestedPolicyDirs, err
}

Expand All @@ -84,6 +94,9 @@ func (g *Gatekeeper) getNestedPolicyDirs(initialPolicyDir string, authToken stri
}
}
}

log.Debugf("Nested Policy Dirs: %+v\n", nestedPolicyDirs)

return nestedPolicyDirs, err
}

Expand Down Expand Up @@ -111,6 +124,7 @@ func (g *Gatekeeper) getDirList(path string, authToken string, nestedPolicies *[
Renewable bool `json:"renewable"`
}
if err := r.Body.FromJsonTo(&scrts); err == nil {
log.Debugf("Secrets List Data: %+v\n", scrts)
for i := range scrts.Data.Keys {
//add to sub dir list when "/" suffix
if strings.HasSuffix(scrts.Data.Keys[i], "/") {
Expand All @@ -121,10 +135,12 @@ func (g *Gatekeeper) getDirList(path string, authToken string, nestedPolicies *[
}
return nil
} else {
log.Errorf("Get Dir List: %+v\n", err)
return err
}
case 404:
/* A 404 is returned when no sub directories exist below the current directory which is ok. */
log.Infof("Get Dir List is empty\n")
return nil

case 403:
Expand Down Expand Up @@ -160,6 +176,7 @@ func getPolicy(path string, authToken string) (map[string]policy.Policy, error)
} `json:"data"`
}
if err := r.Body.FromJsonTo(&resp); err == nil {
log.Debugf("Response Body: %+v\n", resp)
return resp.Data.Data, nil
} else {
return nil, policyLoadError{fmt.Errorf("There was an error decoding policy from vault. This can occur " +
Expand Down
4 changes: 4 additions & 0 deletions policy/policy.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ import (
"errors"
"strings"

log "github.com/sirupsen/logrus"

"github.com/hashicorp/go-immutable-radix"
)

Expand Down Expand Up @@ -95,6 +97,8 @@ func (p *Policies) Get(path string) (*Policy, bool) {
}

p.Tree.Root().WalkPath([]byte(path), walkFn)

log.Debugf("Get Policy: Found: %t Ret: %+v\n", foundPolicy, ret)
return ret, foundPolicy
}

Expand Down
Loading

0 comments on commit eaf47c4

Please sign in to comment.