made ENV vars have sane defaults

outlaw · Mar 8, 2016 · 840f486 · 840f486
1 parent dbf4dee
commit 840f486
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 21 deletions.
diff --git a/src/roo/roo.go b/src/roo/roo.go
@@ -6,7 +6,6 @@ import (
   "io"
   "log"
   "fmt"
-  "strings"
   "github.com/codegangsta/cli"
   "github.com/spf13/viper"
   "github.com/remind101/empire/cmd/emp/hkclient"
@@ -50,13 +49,17 @@ func main() {
   app.Name = "roo"
   app.Usage = ""
 
+  viper.BindEnv("AWS_REGION")
+  viper.SetDefault("AWS_REGION", "ap-southeast-2")
+
   viper.SetEnvPrefix("roo")
   viper.AutomaticEnv()
   viper.BindEnv("lockbox_s3_path")
   viper.BindEnv("env_s3_path")
 
   viper.SetDefault("api_url", os.Getenv("EMPIRE_API_URL"))
 
+  viper.SetDefault("env_master_key", "alias/roo")
   viper.SetDefault("lockbox_s3_path", "s3://hooroo-lockbox")
   viper.SetDefault("lockbox_master_key", viper.GetString("env_master_key"))
   viper.SetDefault("env_s3_path", "s3://hooroo-test")
@@ -92,22 +95,6 @@ func main() {
   app.Run(os.Args)
 }
 
-func parseContext(s string) (map[string]string, error) {
-  if s == "" {
-    return nil, nil
-  }
-
-  context := map[string]string{}
-  for _, v := range strings.Split(s, ",") {
-    parts := strings.SplitN(v, "=", 2)
-    if len(parts) != 2 {
-      return nil, fmt.Errorf("unable to parse context: %q", v)
-    }
-    context[parts[0]] = parts[1]
-  }
-  return context, nil
-}
-
 func openPath(file string, o func(string) (*os.File, error), def *os.File) *os.File {
   if file == "-" {
     return def

diff --git a/src/roo/secrets.go b/src/roo/secrets.go
@@ -9,6 +9,7 @@ import (
   "fmt"
   "github.com/codegangsta/cli"
   "github.com/codahale/sneaker"
+  "github.com/aws/aws-sdk-go/aws"
   "github.com/aws/aws-sdk-go/service/kms"
   "github.com/aws/aws-sdk-go/aws/session"
   "github.com/aws/aws-sdk-go/service/s3"
@@ -154,6 +155,26 @@ func envManager(context string) SecretManager {
   return createManager(context, viper.GetString("env_master_key"))
 }
 
+func parseContext(s string) (map[string]string, error) {
+  if s == "" {
+    return nil, nil
+  }
+
+  context := map[string]string{}
+  keys    := []string{"application", "environment"}
+  values  := strings.Split(s, "/")
+  fmt.Println(values)
+
+  if len(values) >= 2 {
+    context[keys[0]] = values[0]
+    context[keys[1]] = values[1]
+  } else {
+    return nil, fmt.Errorf("unable to parse context: %q", values)
+  }
+
+  return context, nil
+}
+
 func createManager(s3Url string, keyId string) SecretManager {
   u, err := url.Parse(s3Url)
   if err != nil { log.Fatalf("bad s3Url: %s", err) }
@@ -162,14 +183,16 @@ func createManager(s3Url string, keyId string) SecretManager {
     u.Path = u.Path[1:]
   }
 
-  ctxt, err := parseContext(os.Getenv("SNEAKER_MASTER_CONTEXT"))
-  if err != nil { log.Fatalf("bad SNEAKER_MASTER_CONTEXT: %s", err) }
+  ctxt, err := parseContext(u.Path)
+  if err != nil { log.Fatalf("bad encryption context: %s", err) }
 
   session := session.New()
+
+  config := &aws.Config{Region: aws.String(viper.GetString("AWS_REGION"))}
   return &sneaker.Manager{
-    Objects: s3.New(session),
+    Objects: s3.New(session, config),
     Envelope: sneaker.Envelope{
-      KMS: kms.New(session),
+      KMS: kms.New(session, config),
     },
     Bucket:            u.Host,
     Prefix:            u.Path,