Added --auth-k8s-mount

Author: Manatsawin Hanmongkolchai

CHANGELOG.md

@@ -103,8 +103,7 @@ and this project adheres to [0ver](https://0ver.org) (more or less).
 - LICENSE
 - README
 
-[Unreleased]: https://github.com/mvisonneau/vac/compare/v0.0.8...HEAD
-[v0.0.8]: https://github.com/mvisonneau/vac/tree/v0.0.8
+[Unreleased]: https://github.com/mvisonneau/vac/compare/v0.0.7...HEAD
 [v0.0.7]: https://github.com/mvisonneau/vac/tree/v0.0.7
 [v0.0.6]: https://github.com/mvisonneau/vac/tree/v0.0.6
 [v0.0.5]: https://github.com/mvisonneau/vac/tree/v0.0.5

Makefile

@@ -3,6 +3,14 @@ COVERAGE_FILE := coverage.out
 REPOSITORY    := mvisonneau/$(NAME)
 .DEFAULT_GOAL := help
 
+.PHONY: setup
+setup: ## Install required libraries/tools for build tasks
+	@command -v gofumpt 2>&1 >/dev/null     || go install mvdan.cc/gofumpt@v0.2.1
+	@command -v gosec 2>&1 >/dev/null       || go install github.com/securego/gosec/v2/cmd/gosec@v2.9.6
+	@command -v ineffassign 2>&1 >/dev/null || go install github.com/gordonklaus/ineffassign@v0.0.0-20210914165742-4cc7213b9bc8
+	@command -v misspell 2>&1 >/dev/null    || go install github.com/client9/misspell/cmd/misspell@v0.3.4
+	@command -v revive 2>&1 >/dev/null      || go install github.com/mgechev/revive@v1.1.3
+
 .PHONY: fmt
 fmt: ## Format source code
 	go run mvdan.cc/gofumpt@v0.6.0 -w $(shell git ls-files **/*.go)
@@ -14,13 +22,7 @@ lint: ## Run all lint related tests upon the codebase
 
 .PHONY: test
 test: ## Run the tests against the codebase
-	@rm -rf $(COVERAGE_FILE)
-	go test -v -count=1 -race ./... -coverprofile=$(COVERAGE_FILE)
-	@go tool cover -func $(COVERAGE_FILE) | awk '/^total/ {print "coverage: " $$3}'
-
-.PHONY: coverage
-coverage: ## Prints coverage report
-	go tool cover -func $(COVERAGE_FILE)
+	go test -v -count=1 -race ./...
 
 .PHONY: install
 install: ## Build and install locally the binary (dev purpose)
@@ -47,6 +49,28 @@ prerelease: ## Build & prerelease the binaries (edge)
 clean: ## Remove binary if it exists
 	rm -f $(NAME)
 
+.PHONY: coverage
+coverage: ## Generates coverage report
+	rm -rf *.out
+	go test -count=1 -race -v ./... -coverpkg=./... -coverprofile=coverage.out
+
+.PHONY: coverage-html
+coverage-html: ## Generates coverage report and displays it in the browser
+	go tool cover -html=coverage.out
+
+.PHONY: dev-env
+dev-env: ## Build a local development environment using Docker
+	@docker run -it --rm \
+		-v $(shell pwd):/go/src/github.com/mvisonneau/$(NAME) \
+		-w /go/src/github.com/mvisonneau/$(NAME) \
+		golang:1.17 \
+		/bin/bash -c 'make setup; make install; bash'
+
+.PHONY: is-git-dirty
+is-git-dirty: ## Tests if git is in a dirty state
+	@git status --porcelain
+	@test $(shell git status --porcelain | grep -c .) -eq 0
+
 .PHONY: all
 all: lint test build coverage ## Test, builds and ship package for all supported platforms
 

README.md

@@ -130,6 +130,7 @@ GLOBAL OPTIONS:
    --log-format format     log format (json,text) (default: "text") [$VAC_LOG_FORMAT]
    --auth value            auth method (token, kubernetes) (default: "token") [$VAC_AUTH]
    --auth-k8s-role value   Kubernetes role to authenticate to (for --auth kubernetes) [$VAC_AUTH_K8S_ROLE]
+   --auth-k8s-mount value  Kubernetes auth mount path (for --auth kubernetes) (default: "kubernetes") [$VAC_AUTH_K8S_MOUNT]
    --help, -h              show help
 ```
 

internal/cli/cli.go

@@ -36,6 +36,7 @@ func NewApp(version string, start time.Time) (app *cli.App) {
 		flags.State,
 		flags.Auth,
 		flags.AuthK8sRole,
+		flags.AuthK8sMount,
 	}
 
 	app.Action = cmd.ExecWrapper(cmd.Switch)

internal/cli/flags/flags.go

@@ -73,4 +73,11 @@ var (
 		EnvVars: []string{"VAC_AUTH_K8S_ROLE"},
 		Usage:   "Kubernetes role to authenticate to (for --auth kubernetes)",
 	}
+
+	AuthK8sMount = &cli.StringFlag{
+		Name:    "auth-k8s-mount",
+		EnvVars: []string{"VAC_AUTH_K8S_MOUNT"},
+		Usage:   "Kubernetes auth mount path (for --auth kubernetes)",
+		Value:   "kubernetes",
+	}
 )

internal/cmd/utils.go

@@ -50,8 +50,9 @@ func configure(ctx *cli.Context) (*Config, error) {
 		LockPath:  fmt.Sprintf("%s.lock", statePath),
 
 		AuthInfo: client.AuthInfo{
-			Method:   ctx.String("auth"),
-			RoleName: ctx.String("auth-k8s-role"),
+			Method:    ctx.String("auth"),
+			MountPath: ctx.String("auth-k8s-mount"),
+			RoleName:  ctx.String("auth-k8s-role"),
 		},
 	}, nil
 }

pkg/client/vault.go

@@ -45,13 +45,14 @@ func getVaultClient() (*vault.Client, error) {
 type AuthInfo struct {
 	Method string
 
-	RoleName string
+	MountPath string
+	RoleName  string
 }
 
 func (c *Client) Authenticate(info AuthInfo) error {
 	switch info.Method {
 	case "kubernetes":
-		authMethod, err := k8sauth.NewKubernetesAuth(info.RoleName)
+		authMethod, err := k8sauth.NewKubernetesAuth(info.RoleName, k8sauth.WithMountPath(info.MountPath))
 		if err != nil {
 			return err
 		}