From dd7d827eb0a596740cf09099a6e30cf2279d5cf8 Mon Sep 17 00:00:00 2001 From: Alex Dadgar Date: Tue, 16 Aug 2016 21:32:25 -0700 Subject: [PATCH] Run command --- api/jobs.go | 1 + api/tasks.go | 5 +++++ command/run.go | 23 +++++++++++++++++++- website/source/docs/commands/run.html.md.erb | 9 ++++++++ 4 files changed, 37 insertions(+), 1 deletion(-) diff --git a/api/jobs.go b/api/jobs.go index 2690c0a4c..0caa4366c 100644 --- a/api/jobs.go +++ b/api/jobs.go @@ -201,6 +201,7 @@ type Job struct { Update *UpdateStrategy Periodic *PeriodicConfig Meta map[string]string + VaultToken string Status string StatusDescription string CreateIndex uint64 diff --git a/api/tasks.go b/api/tasks.go index f3a60abd4..ab5fbbc52 100644 --- a/api/tasks.go +++ b/api/tasks.go @@ -140,6 +140,7 @@ type Task struct { KillTimeout time.Duration LogConfig *LogConfig Artifacts []*TaskArtifact + Vault *Vault } // TaskArtifact is used to download artifacts before running a task. @@ -149,6 +150,10 @@ type TaskArtifact struct { RelativeDest string } +type Vault struct { + Policies []string +} + // NewTask creates and initializes a new Task. func NewTask(name, driver string) *Task { return &Task{ diff --git a/command/run.go b/command/run.go index 3395eb3d0..e89e1b571 100644 --- a/command/run.go +++ b/command/run.go @@ -51,6 +51,10 @@ Usage: nomad run [options] If the job has specified the region, the -region flag and NOMAD_REGION environment variable are overridden and the the job's region is used. + The run command will set the vault_token of the job based on the following + precedence, going from highest to lowest: the -vault-token flag, the + $VAULT_TOKEN environment variable and finally the value in the job file. + General Options: ` + generalOptionsUsage() + ` @@ -73,6 +77,12 @@ Run Options: -verbose Display full information. + -vault-token + If set, the passed Vault token is stored in the job before sending to the + Nomad servers. This allows passing the Vault token without storing it in + the job file. This overrides the token found in $VAULT_TOKEN environment + variable and that found in the job. + -output Output the JSON that would be submitted to the HTTP API without submitting the job. @@ -86,7 +96,7 @@ func (c *RunCommand) Synopsis() string { func (c *RunCommand) Run(args []string) int { var detach, verbose, output bool - var checkIndexStr string + var checkIndexStr, vaultToken string flags := c.Meta.FlagSet("run", FlagSetClient) flags.Usage = func() { c.Ui.Output(c.Help()) } @@ -94,6 +104,7 @@ func (c *RunCommand) Run(args []string) int { flags.BoolVar(&verbose, "verbose", false, "") flags.BoolVar(&output, "output", false, "") flags.StringVar(&checkIndexStr, "check-index", "", "") + flags.StringVar(&vaultToken, "vault-token", "", "") if err := flags.Parse(args); err != nil { return 1 @@ -138,6 +149,16 @@ func (c *RunCommand) Run(args []string) int { // Check if the job is periodic. periodic := job.IsPeriodic() + // Parse the Vault token + if vaultToken == "" { + // Check the environment variable + vaultToken = os.Getenv("VAULT_TOKEN") + } + + if vaultToken != "" { + job.VaultToken = vaultToken + } + // Convert it to something we can use apiJob, err := convertStructJob(job) if err != nil { diff --git a/website/source/docs/commands/run.html.md.erb b/website/source/docs/commands/run.html.md.erb index e3590b396..da3743c51 100644 --- a/website/source/docs/commands/run.html.md.erb +++ b/website/source/docs/commands/run.html.md.erb @@ -39,6 +39,10 @@ client connection issues or internal errors, are indicated by exit code 1. If the job has specified the region, the -region flag and NOMAD_REGION environment variable are overridden and the the job's region is used. +The run command will set the `vault_token` of the job based on the following +precedence, going from highest to lowest: the `-vault-token` flag, the +`$VAULT_TOKEN` environment variable and finally the value in the job file. + ## General Options <%= general_options_usage %> @@ -56,6 +60,11 @@ environment variable are overridden and the the job's region is used. will be output, which can be used to examine the evaluation using the [eval-status](/docs/commands/eval-status.html) command +* `-vault-token`: If set, the passed Vault token is stored in the job before + sending to the Nomad servers. This allows passing the Vault token without + storing it in the job file. This overrides the token found in $VAULT_TOKEN + environment variable and that found in the job. + * `-output`: Output the JSON that would be submitted to the HTTP API without submitting the job.