Get --auth-credentials from a VAULT instance

[albertostratio]

As you might know if your Marathon requires authentication it is possible to pass in the auth-credentials parameter to marathon_lb.py in order to get authorized.

This PR includes the changes to get the user & password from a running VAULT instance defining environment variables. If this PR gets approved we will able to add these variables to the config.json of the marathon-lb package in the DC/OS universe.

[robsonpeixoto]

if [ -n "${VAULT_TOKEN-}" ] && [ -n "$VAULT_URL-" ]; then
  MARATHON_LB_USER=$(curl -k -L -H "X-Vault-Token:$VAULT_TOKEN" "$VAULT_URL" -s | jq -r '.data .user')
  MARATHON_LB_PASSWORD=$(curl -k -L -H "X-Vault-Token:$VAULT_TOKEN" "$VAULT_URL" -s | jq -r '.data .pass')
  CREDENTIALS="$MARATHON_LB_USER:$MARATHON_LB_PASSWORD"
  ARGS="$ARGS --auth-credentials $CREDENTIALS"
fi

It's only tips. I'm not a marathon-lb developer.

[robsonpeixoto]

You need to install jq

[robsonpeixoto]

The jq can simplified: | jq -r '.data.user'

[robsonpeixoto]

IMO you do need of all theses env vars: https://$VAULT_HOST:$VAULT_PORT$VAULT_PATH
Replace all with VAULT_URL

[robsonpeixoto]

And you do not need to export the variables MARATHON_LB_USER, MARATHON_LB_PASSWORD and CREDENTIALS.

[albertostratio]

Thank you for your comments @robsonpeixoto , my colleague @MPenate have made some changes to get rid of the jq dependency. I like your suggestion regarding the unique VAULT_URL, I'll add these changes ASAP.

[albertostratio]

Anyone from Mesosphere could please have a look at this PR? Thank you in advance.

[lloesche]

Thank you for the PR!

LGTM 🚢