diff --git a/command/deploy.go b/command/deploy.go index 9a59424d0..6584e70c3 100644 --- a/command/deploy.go +++ b/command/deploy.go @@ -46,7 +46,7 @@ General Options: -canary-auto-promote= The time in seconds, after which Levant will auto-promote a canary job if all canaries within the deployment are healthy. - + -consul-address= The Consul host and port to use when making Consul KeyValue lookups for template rendering. @@ -65,6 +65,14 @@ General Options: can be changed using this flag so that Levant will exit cleanly ensuring CD pipelines don't fail when no changes are detected. + -vault + This flag makes levant load the vault token from the current ENV. + It can not be used at the same time than -vault-token= flag + + -vault-token= + The vault token used to deploy the application to nomad with vault support + This flag can not be used at the same time than -vault flag + -log-level= Specify the verbosity level of Levant's logs. Valid values include DEBUG, INFO, and WARN, in decreasing order of verbosity. The default is INFO. @@ -111,6 +119,9 @@ func (c *DeployCommand) Run(args []string) int { flags.BoolVar(&config.Plan.IgnoreNoChanges, "ignore-no-changes", false, "") flags.StringVar(&level, "log-level", "INFO", "") flags.StringVar(&format, "log-format", "HUMAN", "") + flags.StringVar(&config.Deploy.VaultToken, "vault-token", "", "") + flags.BoolVar(&config.Deploy.EnvVault, "vault", false, "") + flags.Var((*helper.FlagStringSlice)(&config.Template.VariableFiles), "var-file", "") if err = flags.Parse(args); err != nil { @@ -119,6 +130,12 @@ func (c *DeployCommand) Run(args []string) int { args = flags.Args() + if config.Deploy.EnvVault == true && config.Deploy.VaultToken != "" { + c.UI.Error(c.Help()) + c.UI.Error("\nERROR: Can not used -vault and -vault-token flag at the same time") + return 1 + } + if err = logging.SetupLogger(level, format); err != nil { c.UI.Error(err.Error()) return 1 diff --git a/levant/deploy.go b/levant/deploy.go index 40c2d8389..1d8bda339 100644 --- a/levant/deploy.go +++ b/levant/deploy.go @@ -2,6 +2,7 @@ package levant import ( "fmt" + "os" "strings" "time" @@ -32,6 +33,9 @@ type DeployConfig struct { func newLevantDeployment(config *DeployConfig, nomadClient *nomad.Client) (*levantDeployment, error) { var err error + if config.Deploy.EnvVault == true { + config.Deploy.VaultToken = os.Getenv("VAULT_TOKEN") + } dep := &levantDeployment{} dep.config = config @@ -110,6 +114,8 @@ func (l *levantDeployment) deploy() (success bool) { log.Info().Msgf("levant/deploy: triggering a deployment") + l.config.Template.Job.VaultToken = &l.config.Deploy.VaultToken + eval, _, err := l.nomad.Jobs().Register(l.config.Template.Job, nil) if err != nil { log.Error().Err(err).Msg("levant/deploy: unable to register job with Nomad") diff --git a/levant/structs/config.go b/levant/structs/config.go index ce0d39b57..4839c25c9 100644 --- a/levant/structs/config.go +++ b/levant/structs/config.go @@ -34,6 +34,13 @@ type DeployConfig struct { // ForceCount is a boolean flag that can be used to ignore running job counts // and force the count based on the rendered job file. ForceCount bool + + // VaultToken is a string with the vault token. + VaultToken string + + // EnvVault is a boolean flag that can be used to enable reading the VAULT_TOKEN + // from the enviromment. + EnvVault bool } // ClientConfig is the config struct which houses all the information needed to connect