From abf324762cd3d9fd29fd0dbdf23c0e8b836a51c9 Mon Sep 17 00:00:00 2001 From: Thomas Mitchell Date: Wed, 16 Oct 2019 18:34:52 -0400 Subject: [PATCH] Add trace option for Vault --- docs/ddayconfig.yml | 4 ++++ storage/vault.go | 11 ++++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/docs/ddayconfig.yml b/docs/ddayconfig.yml index fd54c46..b77d1a8 100644 --- a/docs/ddayconfig.yml +++ b/docs/ddayconfig.yml @@ -29,6 +29,10 @@ backends: # (string) This is the path to begin looking for Vault secrets. Everything under this # path will be searched. Defaults to "secret/" if not present. base_path: "secret/" + # (boolean) If set to true, requests to and responses from the Vault will + # be logged to stdout. You probably only want this if you're debugging. + #trace: true + # # (hash) Options for authorizing to Vault # Must either provide "token" for Token auth or "role_id" and "secret_id" for AppRole # If a token is given, it should either have no expiry or be renewable. diff --git a/storage/vault.go b/storage/vault.go index f756c39..2e37d99 100644 --- a/storage/vault.go +++ b/storage/vault.go @@ -3,8 +3,10 @@ package storage import ( "crypto/tls" "fmt" + "io" "net/http" "net/url" + "os" "regexp" "runtime" "strings" @@ -27,6 +29,7 @@ type VaultConfig struct { Address string `yaml:"address"` InsecureSkipVerify bool `yaml:"insecure_skip_verify"` BasePath string `yaml:"base_path"` + Trace bool `yaml:"trace"` Auth struct { Token string `yaml:"token"` RoleID string `yaml:"role_id"` @@ -52,6 +55,12 @@ func newVaultAccessor(conf VaultConfig) (*VaultAccessor, error) { conf.BasePath = "secret/" } + var tracer io.Writer + if conf.Trace { + //I'm already tracer + tracer = os.Stdout + } + client := &vaultkv.Client{ VaultURL: u, AuthToken: conf.Auth.Token, @@ -63,7 +72,7 @@ func newVaultAccessor(conf VaultConfig) (*VaultAccessor, error) { MaxIdleConnsPerHost: runtime.NumCPU(), }, }, - //Trace: os.Stdout, + Trace: tracer, } var shouldRenew bool