forked from Deuxfleurs/garage
garage: support specifying token / secret as environment variables
this patch adds support for specifying the `rpc_secret_file`, `metrics_token_file` and `admin_token_file` as environment variables.
This commit is contained in:
parent
4a19ee94bb
commit
8599051c49
3 changed files with 29 additions and 5 deletions
|
@ -25,7 +25,7 @@ use structopt::StructOpt;
|
||||||
use netapp::util::parse_and_resolve_peer_addr;
|
use netapp::util::parse_and_resolve_peer_addr;
|
||||||
use netapp::NetworkKey;
|
use netapp::NetworkKey;
|
||||||
|
|
||||||
use garage_util::config::Config;
|
use garage_util::config::{read_secret_file, Config};
|
||||||
use garage_util::error::*;
|
use garage_util::error::*;
|
||||||
|
|
||||||
use garage_rpc::system::*;
|
use garage_rpc::system::*;
|
||||||
|
@ -70,15 +70,30 @@ pub struct Secrets {
|
||||||
#[structopt(short = "s", long = "rpc-secret", env = "GARAGE_RPC_SECRET")]
|
#[structopt(short = "s", long = "rpc-secret", env = "GARAGE_RPC_SECRET")]
|
||||||
pub rpc_secret: Option<String>,
|
pub rpc_secret: Option<String>,
|
||||||
|
|
||||||
|
/// RPC secret network key, used to replace rpc_secret in config.toml and rpc-secret
|
||||||
|
/// when running the daemon or doing admin operations
|
||||||
|
#[structopt(long = "rpc-secret-file", env = "GARAGE_RPC_SECRET_FILE")]
|
||||||
|
pub rpc_secret_file: Option<String>,
|
||||||
|
|
||||||
/// Admin API authentication token, replaces admin.admin_token in config.toml when
|
/// Admin API authentication token, replaces admin.admin_token in config.toml when
|
||||||
/// running the Garage daemon
|
/// running the Garage daemon
|
||||||
#[structopt(long = "admin-token", env = "GARAGE_ADMIN_TOKEN")]
|
#[structopt(long = "admin-token", env = "GARAGE_ADMIN_TOKEN")]
|
||||||
pub admin_token: Option<String>,
|
pub admin_token: Option<String>,
|
||||||
|
|
||||||
|
/// Admin API authentication token file path, replaces admin.admin_token in config.toml
|
||||||
|
/// and admin-token when running the Garage daemon
|
||||||
|
#[structopt(long = "admin-token-file", env = "GARAGE_ADMIN_TOKEN_FILE")]
|
||||||
|
pub admin_token_file: Option<String>,
|
||||||
|
|
||||||
/// Metrics API authentication token, replaces admin.metrics_token in config.toml when
|
/// Metrics API authentication token, replaces admin.metrics_token in config.toml when
|
||||||
/// running the Garage daemon
|
/// running the Garage daemon
|
||||||
#[structopt(long = "metrics-token", env = "GARAGE_METRICS_TOKEN")]
|
#[structopt(long = "metrics-token", env = "GARAGE_METRICS_TOKEN")]
|
||||||
pub metrics_token: Option<String>,
|
pub metrics_token: Option<String>,
|
||||||
|
|
||||||
|
/// Metrics API authentication token file path, replaces admin.metrics_token in config.toml
|
||||||
|
/// and metrics-token when running the Garage daemon
|
||||||
|
#[structopt(long = "metrics-token-file", env = "GARAGE_METRICS_TOKEN_FILE")]
|
||||||
|
pub metrics_token_file: Option<String>,
|
||||||
}
|
}
|
||||||
|
|
||||||
#[tokio::main]
|
#[tokio::main]
|
||||||
|
@ -256,15 +271,24 @@ async fn cli_command(opt: Opt) -> Result<(), Error> {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
fn fill_secrets(mut config: Config, secrets: Secrets) -> Config {
|
fn fill_secrets(mut config: Config, secrets: Secrets) -> Result<Config, Error> {
|
||||||
if secrets.rpc_secret.is_some() {
|
if secrets.rpc_secret.is_some() {
|
||||||
config.rpc_secret = secrets.rpc_secret;
|
config.rpc_secret = secrets.rpc_secret;
|
||||||
|
} else if secrets.rpc_secret_file.is_some() {
|
||||||
|
config.rpc_secret = Some(read_secret_file(&secrets.rpc_secret_file.unwrap())?);
|
||||||
}
|
}
|
||||||
|
|
||||||
if secrets.admin_token.is_some() {
|
if secrets.admin_token.is_some() {
|
||||||
config.admin.admin_token = secrets.admin_token;
|
config.admin.admin_token = secrets.admin_token;
|
||||||
|
} else if secrets.admin_token_file.is_some() {
|
||||||
|
config.admin.admin_token = Some(read_secret_file(&secrets.admin_token_file.unwrap())?);
|
||||||
}
|
}
|
||||||
|
|
||||||
if secrets.metrics_token.is_some() {
|
if secrets.metrics_token.is_some() {
|
||||||
config.admin.metrics_token = secrets.metrics_token;
|
config.admin.metrics_token = secrets.metrics_token;
|
||||||
|
} else if secrets.metrics_token_file.is_some() {
|
||||||
|
config.admin.metrics_token = Some(read_secret_file(&secrets.metrics_token_file.unwrap())?);
|
||||||
}
|
}
|
||||||
config
|
|
||||||
|
Ok(config)
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,7 +20,7 @@ pub async fn offline_repair(
|
||||||
}
|
}
|
||||||
|
|
||||||
info!("Loading configuration...");
|
info!("Loading configuration...");
|
||||||
let config = fill_secrets(read_config(config_file)?, secrets);
|
let config = fill_secrets(read_config(config_file)?, secrets)?;
|
||||||
|
|
||||||
info!("Initializing Garage main data store...");
|
info!("Initializing Garage main data store...");
|
||||||
let garage = Garage::new(config)?;
|
let garage = Garage::new(config)?;
|
||||||
|
|
|
@ -29,7 +29,7 @@ async fn wait_from(mut chan: watch::Receiver<bool>) {
|
||||||
|
|
||||||
pub async fn run_server(config_file: PathBuf, secrets: Secrets) -> Result<(), Error> {
|
pub async fn run_server(config_file: PathBuf, secrets: Secrets) -> Result<(), Error> {
|
||||||
info!("Loading configuration...");
|
info!("Loading configuration...");
|
||||||
let config = fill_secrets(read_config(config_file)?, secrets);
|
let config = fill_secrets(read_config(config_file)?, secrets)?;
|
||||||
|
|
||||||
// ---- Initialize Garage internals ----
|
// ---- Initialize Garage internals ----
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue