Merge pull request #12 from gbevan/D20180909_img_pull_policy

added support for image-pull-policy

Author: gbevan

clientapi/clientapi.go

@@ -29,6 +29,7 @@ import (
 	"fmt"
 	"io"
 	"io/ioutil"
+	"log"
 	"net/http"
 	"os"
 	"path/filepath"
@@ -59,36 +60,38 @@ func Debug(format string, a ...interface{}) {
 
 // APIRequest structure the job request passed to the client api
 type APIRequest struct {
-	AppRoleID      *string
-	AppSecretID    *string // AppRole auth or Token
-	Token          *string
-	GoStintRole    *string
-	JobJSON        *string // request can be whole JSON:
-	QName          *string // or can be passed as parameters:
-	ContainerImage *string
-	Content        *string
-	EntryPoint     *string
-	Run            *string
-	WorkingDir     *string
-	EnvVars        *string
-	SecretRefs     *string
-	SecretFileType *string
-	ContOnWarnings *bool
-	URL            *string
-	VaultURL       *string
+	AppRoleID       *string
+	AppSecretID     *string // AppRole auth or Token
+	Token           *string
+	GoStintRole     *string
+	JobJSON         *string // request can be whole JSON:
+	QName           *string // or can be passed as parameters:
+	ContainerImage  *string
+	ImagePullPolicy *string
+	Content         *string
+	EntryPoint      *string
+	Run             *string
+	WorkingDir      *string
+	EnvVars         *string
+	SecretRefs      *string
+	SecretFileType  *string
+	ContOnWarnings  *bool
+	URL             *string
+	VaultURL        *string
 }
 
 type job struct {
-	QName          string   `json:"qname"`
-	ContainerImage string   `json:"container_image"`
-	Content        string   `json:"content"`
-	EntryPoint     []string `json:"entrypoint"`
-	Run            []string `json:"run"`
-	WorkingDir     string   `json:"working_directory"`
-	EnvVars        []string `json:"env_vars"`
-	SecretRefs     []string `json:"secret_refs"`
-	SecretFileType string   `json:"secret_file_type"`
-	ContOnWarnings bool     `json:"cont_on_warnings"`
+	QName           string   `json:"qname"`
+	ContainerImage  string   `json:"container_image"`
+	ImagePullPolicy string   `json:"image_pull_policy"`
+	Content         string   `json:"content"`
+	EntryPoint      []string `json:"entrypoint"`
+	Run             []string `json:"run"`
+	WorkingDir      string   `json:"working_directory"`
+	EnvVars         []string `json:"env_vars"`
+	SecretRefs      []string `json:"secret_refs"`
+	SecretFileType  string   `json:"secret_file_type"`
+	ContOnWarnings  bool     `json:"cont_on_warnings"`
 }
 
 // func buildJob(c APIRequest) (*[]byte, error) {
@@ -108,6 +111,9 @@ func buildJob(c APIRequest) (*job, error) {
 	if *c.ContainerImage != "" {
 		j.ContainerImage = *c.ContainerImage
 	}
+	if *c.ImagePullPolicy != "" {
+		j.ImagePullPolicy = *c.ImagePullPolicy
+	}
 	if *c.Content != "" {
 		j.Content = *c.Content
 	}
@@ -341,6 +347,14 @@ func RunJob(c *APIRequest, debugLogging bool, pollSecs int, waitFor bool) (*GetR
 	}
 	apiToken := sec.Auth.ClientToken
 
+	defer func() {
+		debug("Revoking the minimal authentication token after use")
+		_, err = vc.Logical().Write("auth/token/revoke-self", nil)
+		if err != nil {
+			log.Printf("Error: revoking token after job completed: %s", err)
+		}
+	}()
+
 	debug("Getting Wrapped Secret_ID for the AppRole")
 	vc.SetWrappingLookupFunc(func(op, path string) string { return "1h" })
 	sec, err = vc.Logical().Write(

main.go

@@ -62,6 +62,10 @@ func validate(c clientapi.APIRequest) error {
 		return fmt.Errorf("vault-token cannot be used with vault-roleid")
 	}
 
+	if *c.ImagePullPolicy != "IfNotPresent" && *c.ImagePullPolicy != "Always" {
+		return fmt.Errorf("invalid image-pull-policy, must be 'IfNotPresetn' or 'Always'")
+	}
+
 	return nil
 }
 
@@ -100,6 +104,7 @@ func main() {
 
 	c.QName = flag.String("qname", "", "Job Queue to submit to, overrides value in job-json")
 	c.ContainerImage = flag.String("image", "", "Docker image to run job within, overrides value in job-json")
+	c.ImagePullPolicy = flag.String("image-pull-policy", "IfNotPresent", "Docker image pull policy: IfNotPresent or Always")
 	c.Content = flag.String("content", "", "Folder or targz to inject into the container relative to root '/' folder, overrides value in job-json")
 	c.EntryPoint = flag.String("entrypoint", "", "JSON array of string parts defining the container's entrypoint, e.g.: '[\"ansible\"]', overrides value in job-json")
 	c.Run = flag.String("run", "", "JSON array of string parts defining the command to run in the container - aka the job, e.g.: '[\"-m\", \"ping\", \"127.0.0.1\"]', overrides value in job-json")