From 9574d635c162015a91a9aa8a3fd2c2886689d06a Mon Sep 17 00:00:00 2001 From: Grant Limberg Date: Wed, 10 Jan 2018 16:05:39 -0800 Subject: Add Vault configuration option parsing to local.conf { "settings": { ... "valut": { "vaultURL": "...", "vaultKey": "...", "vaultPath": "..." } } } --- service/OneService.cpp | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/service/OneService.cpp b/service/OneService.cpp index 4854d68d..56f2551e 100644 --- a/service/OneService.cpp +++ b/service/OneService.cpp @@ -477,6 +477,12 @@ public: PortMapper *_portMapper; #endif + // HashiCorp Vault Settings + bool _vaultEnabled; + std::string _vaultURL; + std::string _vaultKey; + std::string _vaultPath; // defaults to cubbyhole/zerotier/identity.secret for per-access key storage + // Set to false to force service to stop volatile bool _run; Mutex _run_m; @@ -509,6 +515,10 @@ public: #ifdef ZT_USE_MINIUPNPC ,_portMapper((PortMapper *)0) #endif + ,_vaultEnabled(false) + ,_vaultURL() + ,_vaultKey() + ,_vaultPath("cubbyhole/zerotier/identity.secret") ,_run(true) { _ports[0] = 0; @@ -653,6 +663,9 @@ public: for(std::map::iterator i(ppc.begin());i!=ppc.end();++i) _node->setPhysicalPathConfiguration(reinterpret_cast(&(i->first)),&(i->second)); } + + json &vaultConfig = _localConfig["vault"]; + } // Apply other runtime configuration from local.conf @@ -1510,6 +1523,24 @@ public: _allowManagementFrom.push_back(nw); } } + + json &vault = settings["valut"]; + if (vault.is_object()) { + const std::string url(OSUtils::jsonString(vault["vaultURL"], "").c_str()); + if (!url.empty()) + _vaultURL = url; + + const std::string key(OSUtils::jsonString(vault["vaultKey"], "").c_str()); + if (!key.empty()) + _vaultKey = key; + + const std::string path(OSUtils::jsonString(vault["vaultPath"], "").c_str()); + if (!path.empty()) + _vaultPath = path; + + if (!_vaultURL.empty() && !_vaultKey.empty()) + _vaultEnabled = true; + } } // Checks if a managed IP or route target is allowed -- cgit v1.2.3