Add support for Hashicorp Vault

Vault is supported for the following:
As a well-known filesystem for TLS cert, TLS key and SSH signing key.
For configuration secrets for cookie_secret, csrf_secret, oauth_client_id and oauth_client_secret options.

1 files changed, 43 insertions, 0 deletions

diff --git a/vendor/github.com/hashicorp/vault/api/sys_capabilities.go b/vendor/github.com/hashicorp/vault/api/sys_capabilities.go
new file mode 100644
index 0000000..80f6218
--- /dev/null
+++ b/vendor/github.com/hashicorp/vault/api/sys_capabilities.go
@@ -0,0 +1,43 @@
+package api
+
+import "fmt"
+
+func (c *Sys) CapabilitiesSelf(path string) ([]string, error) {
+	return c.Capabilities(c.c.Token(), path)
+}
+
+func (c *Sys) Capabilities(token, path string) ([]string, error) {
+	body := map[string]string{
+		"token": token,
+		"path":  path,
+	}
+
+	reqPath := "/v1/sys/capabilities"
+	if token == c.c.Token() {
+		reqPath = fmt.Sprintf("%s-self", reqPath)
+	}
+
+	r := c.c.NewRequest("POST", reqPath)
+	if err := r.SetJSONBody(body); err != nil {
+		return nil, err
+	}
+
+	resp, err := c.c.RawRequest(r)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	var result map[string]interface{}
+	err = resp.DecodeJSON(&result)
+	if err != nil {
+		return nil, err
+	}
+
+	var capabilities []string
+	capabilitiesRaw := result["capabilities"].([]interface{})
+	for _, capability := range capabilitiesRaw {
+		capabilities = append(capabilities, capability.(string))
+	}
+	return capabilities, nil
+}