1
0
mirror of https://github.com/StackExchange/dnscontrol.git synced 2024-05-11 05:55:12 +00:00

Abstraction for Certificate Storage (+ vault storage) (#406)

* new abstraction around storage

* re-work completely to fit new acme package pre-solving paradigm

* vault storage plugin

* add some vendor

* delete old vendor pinning mechanism
This commit is contained in:
Craig Peterson
2018-10-08 16:11:19 -04:00
committed by GitHub
parent 06ee4d6fb1
commit 6764811c5f
211 changed files with 58862 additions and 376 deletions

View File

@ -37,6 +37,8 @@ type GetCertsArgs struct {
Email string
AgreeTOS bool
Verbose bool
Vault bool
VaultPath string
IgnoredProviders string
}
@ -80,6 +82,17 @@ func (args *GetCertsArgs) flags() []cli.Flag {
Destination: &args.AgreeTOS,
Usage: `Must provide this to agree to Let's Encrypt terms of service`,
})
flags = append(flags, cli.BoolFlag{
Name: "vault",
Destination: &args.Vault,
Usage: `Store certificates as secrets in hashicorp vault instead of on disk.`,
})
flags = append(flags, cli.StringFlag{
Name: "vaultPath",
Destination: &args.VaultPath,
Value: "/secret/certs",
Usage: `Path in vault to store certificates`,
})
flags = append(flags, cli.StringFlag{
Name: "skip",
Destination: &args.IgnoredProviders,
@ -140,13 +153,21 @@ func GetCerts(args GetCertsArgs) error {
if err = validateCertificateList(certList, cfg); err != nil {
return err
}
acmeServer := args.ACMEServer
if acmeServer == "live" {
acmeServer = acme.LetsEncryptLive
} else if acmeServer == "staging" {
acmeServer = acme.LetsEncryptStage
}
client, err := acme.New(cfg, args.CertDirectory, args.Email, acmeServer)
var client acme.Client
if args.Vault {
client, err = acme.NewVault(cfg, args.VaultPath, args.Email, acmeServer)
} else {
client, err = acme.New(cfg, args.CertDirectory, args.Email, acmeServer)
}
if err != nil {
return err
}