scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-31 10:37:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Sync over changes to config.go

Browse Source
This commit is contained in:
Jeff Mitchell
2018-05-30 08:34:27 -04:00
parent e7335efad4
commit 7dce56bf73
1 changed files with 38 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
command/server/config.go
View File

@@ -56,12 +56,14 @@ type Config struct {
ClusterAddr string `hcl:"cluster_addr"` ClusterAddr string `hcl:"cluster_addr"`
DisableClustering bool `hcl:"-"` DisableClustering bool `hcl:"-"`
DisableClusteringRaw interface{} `hcl:"disable_clustering"` DisableClusteringRaw interface{} `hcl:"disable_clustering"`
DisableSealWrap bool `hcl:"-"`
DisableSealWrapRaw interface{} `hcl:"disable_sealwrap"`
} }
// DevConfig is a Config that is used for dev mode of Vault. // DevConfig is a Config that is used for dev mode of Vault.
func DevConfig(ha, transactional bool) *Config { func DevConfig(ha, transactional bool) *Config {
ret := &Config{ ret := &Config{
DisableCache: false,
DisableMlock: true, DisableMlock: true,
EnableRawEndpoint: true, EnableRawEndpoint: true,
@@ -314,6 +316,11 @@ func (c *Config) Merge(c2 *Config) *Config {
result.PidFile = c2.PidFile result.PidFile = c2.PidFile
} }
result.DisableSealWrap = c.DisableSealWrap
if c2.DisableSealWrap {
result.DisableSealWrap = c2.DisableSealWrap
}
return result return result
} }
@@ -395,6 +402,12 @@ func ParseConfig(d string, logger log.Logger) (*Config, error) {
} }
} }
if result.DisableSealWrapRaw != nil {
if result.DisableSealWrap, err = parseutil.ParseBool(result.DisableSealWrapRaw); err != nil {
return nil, err
}
}
list, ok := obj.Node.(*ast.ObjectList) list, ok := obj.Node.(*ast.ObjectList)
if !ok { if !ok {
return nil, fmt.Errorf("error parsing: file doesn't contain a root object") return nil, fmt.Errorf("error parsing: file doesn't contain a root object")
@@ -423,6 +436,7 @@ func ParseConfig(d string, logger log.Logger) (*Config, error) {
"api_addr", "api_addr",
"cluster_addr", "cluster_addr",
"disable_clustering", "disable_clustering",
"disable_sealwrap",
} }
if err := checkHCLKeys(list, valid); err != nil { if err := checkHCLKeys(list, valid); err != nil {
return nil, err return nil, err
@@ -711,14 +725,20 @@ func parseSeal(result *Config, list *ast.ObjectList, blockName string) error {
valid = []string{ valid = []string{
"lib", "lib",
"slot", "slot",
"token_label",
"pin", "pin",
"mechanism", "mechanism",
"hmac_mechanism", "hmac_mechanism",
"key_label", "key_label",
"default_key_label",
"hmac_key_label", "hmac_key_label",
"hmac_default_key_label",
"generate_key", "generate_key",
"regenerate_key", "regenerate_key",
"max_parallel", "max_parallel",
"disable_auto_reinit_on_error",
"rsa_encrypt_local",
"rsa_oaep_hash",
} }
case "awskms": case "awskms":
valid = []string{ valid = []string{
@@ -728,6 +748,23 @@ func parseSeal(result *Config, list *ast.ObjectList, blockName string) error {
"kms_key_id", "kms_key_id",
"max_parallel", "max_parallel",
} }
case "gcpckms":
valid = []string{
"credentials",
"project",
"region",
"key_ring",
"crypto_key",
}
case "azurekeyvault":
valid = []string{
"tenant_id",
"client_id",
"client_secret",
"environment",
"vault_name",
"key_name",
}
default: default:
return fmt.Errorf("invalid seal type %q", key) return fmt.Errorf("invalid seal type %q", key)
} }