From 8599051c492d7df22305e4c65659395d9102955c Mon Sep 17 00:00:00 2001 From: networkException Date: Thu, 19 Oct 2023 03:39:02 +0200 Subject: [PATCH] garage: support specifying token / secret as environment variables this patch adds support for specifying the `rpc_secret_file`, `metrics_token_file` and `admin_token_file` as environment variables. --- src/garage/main.rs | 30 +++++++++++++++++++++++++++--- src/garage/repair/offline.rs | 2 +- src/garage/server.rs | 2 +- 3 files changed, 29 insertions(+), 5 deletions(-) diff --git a/src/garage/main.rs b/src/garage/main.rs index 09e77b35..ab84fa11 100644 --- a/src/garage/main.rs +++ b/src/garage/main.rs @@ -25,7 +25,7 @@ use structopt::StructOpt; use netapp::util::parse_and_resolve_peer_addr; use netapp::NetworkKey; -use garage_util::config::Config; +use garage_util::config::{read_secret_file, Config}; use garage_util::error::*; use garage_rpc::system::*; @@ -70,15 +70,30 @@ pub struct Secrets { #[structopt(short = "s", long = "rpc-secret", env = "GARAGE_RPC_SECRET")] pub rpc_secret: Option, + /// RPC secret network key, used to replace rpc_secret in config.toml and rpc-secret + /// when running the daemon or doing admin operations + #[structopt(long = "rpc-secret-file", env = "GARAGE_RPC_SECRET_FILE")] + pub rpc_secret_file: Option, + /// Admin API authentication token, replaces admin.admin_token in config.toml when /// running the Garage daemon #[structopt(long = "admin-token", env = "GARAGE_ADMIN_TOKEN")] pub admin_token: Option, + /// Admin API authentication token file path, replaces admin.admin_token in config.toml + /// and admin-token when running the Garage daemon + #[structopt(long = "admin-token-file", env = "GARAGE_ADMIN_TOKEN_FILE")] + pub admin_token_file: Option, + /// Metrics API authentication token, replaces admin.metrics_token in config.toml when /// running the Garage daemon #[structopt(long = "metrics-token", env = "GARAGE_METRICS_TOKEN")] pub metrics_token: Option, + + /// Metrics API authentication token file path, replaces admin.metrics_token in config.toml + /// and metrics-token when running the Garage daemon + #[structopt(long = "metrics-token-file", env = "GARAGE_METRICS_TOKEN_FILE")] + pub metrics_token_file: Option, } #[tokio::main] @@ -256,15 +271,24 @@ async fn cli_command(opt: Opt) -> Result<(), Error> { } } -fn fill_secrets(mut config: Config, secrets: Secrets) -> Config { +fn fill_secrets(mut config: Config, secrets: Secrets) -> Result { if secrets.rpc_secret.is_some() { config.rpc_secret = secrets.rpc_secret; + } else if secrets.rpc_secret_file.is_some() { + config.rpc_secret = Some(read_secret_file(&secrets.rpc_secret_file.unwrap())?); } + if secrets.admin_token.is_some() { config.admin.admin_token = secrets.admin_token; + } else if secrets.admin_token_file.is_some() { + config.admin.admin_token = Some(read_secret_file(&secrets.admin_token_file.unwrap())?); } + if secrets.metrics_token.is_some() { config.admin.metrics_token = secrets.metrics_token; + } else if secrets.metrics_token_file.is_some() { + config.admin.metrics_token = Some(read_secret_file(&secrets.metrics_token_file.unwrap())?); } - config + + Ok(config) } diff --git a/src/garage/repair/offline.rs b/src/garage/repair/offline.rs index f4edcf03..beb48d65 100644 --- a/src/garage/repair/offline.rs +++ b/src/garage/repair/offline.rs @@ -20,7 +20,7 @@ pub async fn offline_repair( } info!("Loading configuration..."); - let config = fill_secrets(read_config(config_file)?, secrets); + let config = fill_secrets(read_config(config_file)?, secrets)?; info!("Initializing Garage main data store..."); let garage = Garage::new(config)?; diff --git a/src/garage/server.rs b/src/garage/server.rs index 3ad10b72..96ea900d 100644 --- a/src/garage/server.rs +++ b/src/garage/server.rs @@ -29,7 +29,7 @@ async fn wait_from(mut chan: watch::Receiver) { pub async fn run_server(config_file: PathBuf, secrets: Secrets) -> Result<(), Error> { info!("Loading configuration..."); - let config = fill_secrets(read_config(config_file)?, secrets); + let config = fill_secrets(read_config(config_file)?, secrets)?; // ---- Initialize Garage internals ----