Changed the default behavior to not include the vault token in the en…

…v by default
hashicorp · Nov 30, 2018 · b16450c · b16450c
1 parent 0c2a75c
commit b16450c
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 2 deletions.
diff --git a/command/deploy.go b/command/deploy.go
@@ -65,8 +65,13 @@ General Options:
     can be changed using this flag so that Levant will exit cleanly ensuring CD
     pipelines don't fail when no changes are detected.
 
+  -vault
+    This flag makes levant load the vault token from the current ENV.
+    It can not be used at the same time than -vault-token=<vault-token> flag
+
   -vault-token=<vault-token>
     The vault token used to deploy the application to nomad with vault support
+    This flag can not be used at the same time than -vault flag
 
   -log-level=<level>
     Specify the verbosity level of Levant's logs. Valid values include DEBUG,
@@ -115,6 +120,8 @@ func (c *DeployCommand) Run(args []string) int {
 	flags.StringVar(&level, "log-level", "INFO", "")
 	flags.StringVar(&format, "log-format", "HUMAN", "")
 	flags.StringVar(&config.Deploy.VaultToken, "vault-token", "", "")
+	flags.BoolVar(&config.Deploy.EnvVault, "vault", false, "")
+
 	flags.Var((*helper.FlagStringSlice)(&config.Template.VariableFiles), "var-file", "")
 
 	if err = flags.Parse(args); err != nil {
@@ -123,6 +130,12 @@ func (c *DeployCommand) Run(args []string) int {
 
 	args = flags.Args()
 
+	if config.Deploy.EnvVault == true && config.Deploy.VaultToken != "" {
+		c.UI.Error(c.Help())
+		c.UI.Error("\nERROR: Can not used -vault and -vault-token flag at the same time")
+		return 1
+	}
+
 	if err = logging.SetupLogger(level, format); err != nil {
 		c.UI.Error(err.Error())
 		return 1

diff --git a/levant/deploy.go b/levant/deploy.go
@@ -33,7 +33,7 @@ type DeployConfig struct {
 func newLevantDeployment(config *DeployConfig, nomadClient *nomad.Client) (*levantDeployment, error) {
 
 	var err error
-	if config.Deploy.VaultToken == "" {
+	if config.Deploy.EnvVault == true {
 		config.Deploy.VaultToken = os.Getenv("VAULT_TOKEN")
 	}
 

diff --git a/levant/structs/config.go b/levant/structs/config.go
@@ -35,8 +35,12 @@ type DeployConfig struct {
 	// and force the count based on the rendered job file.
 	ForceCount bool
 
-	// VaultToken is a string with the vault token
+	// VaultToken is a string with the vault token.
 	VaultToken string
+
+	// EnvVault is a boolean flag that can be used to enable reading the VAULT_TOKEN
+	// from the enviromment.
+	EnvVault bool
 }
 
 // ClientConfig is the config struct which houses all the information needed to connect