aboutsummaryrefslogtreecommitdiff
path: root/vendor/github.com/hashicorp/vault/api/logical.go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/github.com/hashicorp/vault/api/logical.go')
-rw-r--r--vendor/github.com/hashicorp/vault/api/logical.go176
1 files changed, 176 insertions, 0 deletions
diff --git a/vendor/github.com/hashicorp/vault/api/logical.go b/vendor/github.com/hashicorp/vault/api/logical.go
new file mode 100644
index 0000000..f1cea7d
--- /dev/null
+++ b/vendor/github.com/hashicorp/vault/api/logical.go
@@ -0,0 +1,176 @@
+package api
+
+import (
+ "bytes"
+ "fmt"
+ "net/http"
+ "os"
+
+ "github.com/hashicorp/vault/helper/jsonutil"
+)
+
+const (
+ wrappedResponseLocation = "cubbyhole/response"
+)
+
+var (
+ // The default TTL that will be used with `sys/wrapping/wrap`, can be
+ // changed
+ DefaultWrappingTTL = "5m"
+
+ // The default function used if no other function is set, which honors the
+ // env var and wraps `sys/wrapping/wrap`
+ DefaultWrappingLookupFunc = func(operation, path string) string {
+ if os.Getenv(EnvVaultWrapTTL) != "" {
+ return os.Getenv(EnvVaultWrapTTL)
+ }
+
+ if (operation == "PUT" || operation == "POST") && path == "sys/wrapping/wrap" {
+ return DefaultWrappingTTL
+ }
+
+ return ""
+ }
+)
+
+// Logical is used to perform logical backend operations on Vault.
+type Logical struct {
+ c *Client
+}
+
+// Logical is used to return the client for logical-backend API calls.
+func (c *Client) Logical() *Logical {
+ return &Logical{c: c}
+}
+
+func (c *Logical) Read(path string) (*Secret, error) {
+ r := c.c.NewRequest("GET", "/v1/"+path)
+ resp, err := c.c.RawRequest(r)
+ if resp != nil {
+ defer resp.Body.Close()
+ }
+ if resp != nil && resp.StatusCode == 404 {
+ return nil, nil
+ }
+ if err != nil {
+ return nil, err
+ }
+
+ return ParseSecret(resp.Body)
+}
+
+func (c *Logical) List(path string) (*Secret, error) {
+ r := c.c.NewRequest("LIST", "/v1/"+path)
+ // Set this for broader compatibility, but we use LIST above to be able to
+ // handle the wrapping lookup function
+ r.Method = "GET"
+ r.Params.Set("list", "true")
+ resp, err := c.c.RawRequest(r)
+ if resp != nil {
+ defer resp.Body.Close()
+ }
+ if resp != nil && resp.StatusCode == 404 {
+ return nil, nil
+ }
+ if err != nil {
+ return nil, err
+ }
+
+ return ParseSecret(resp.Body)
+}
+
+func (c *Logical) Write(path string, data map[string]interface{}) (*Secret, error) {
+ r := c.c.NewRequest("PUT", "/v1/"+path)
+ if err := r.SetJSONBody(data); err != nil {
+ return nil, err
+ }
+
+ resp, err := c.c.RawRequest(r)
+ if resp != nil {
+ defer resp.Body.Close()
+ }
+ if err != nil {
+ return nil, err
+ }
+
+ if resp.StatusCode == 200 {
+ return ParseSecret(resp.Body)
+ }
+
+ return nil, nil
+}
+
+func (c *Logical) Delete(path string) (*Secret, error) {
+ r := c.c.NewRequest("DELETE", "/v1/"+path)
+ resp, err := c.c.RawRequest(r)
+ if resp != nil {
+ defer resp.Body.Close()
+ }
+ if err != nil {
+ return nil, err
+ }
+
+ if resp.StatusCode == 200 {
+ return ParseSecret(resp.Body)
+ }
+
+ return nil, nil
+}
+
+func (c *Logical) Unwrap(wrappingToken string) (*Secret, error) {
+ var data map[string]interface{}
+ if wrappingToken != "" {
+ data = map[string]interface{}{
+ "token": wrappingToken,
+ }
+ }
+
+ r := c.c.NewRequest("PUT", "/v1/sys/wrapping/unwrap")
+ if err := r.SetJSONBody(data); err != nil {
+ return nil, err
+ }
+
+ resp, err := c.c.RawRequest(r)
+ if resp != nil {
+ defer resp.Body.Close()
+ }
+ if err != nil && resp.StatusCode != 404 {
+ return nil, err
+ }
+
+ switch resp.StatusCode {
+ case http.StatusOK: // New method is supported
+ return ParseSecret(resp.Body)
+ case http.StatusNotFound: // Fall back to old method
+ default:
+ return nil, nil
+ }
+
+ if wrappingToken == "" {
+ origToken := c.c.Token()
+ defer c.c.SetToken(origToken)
+ c.c.SetToken(wrappingToken)
+ }
+
+ secret, err := c.Read(wrappedResponseLocation)
+ if err != nil {
+ return nil, fmt.Errorf("error reading %s: %s", wrappedResponseLocation, err)
+ }
+ if secret == nil {
+ return nil, fmt.Errorf("no value found at %s", wrappedResponseLocation)
+ }
+ if secret.Data == nil {
+ return nil, fmt.Errorf("\"data\" not found in wrapping response")
+ }
+ if _, ok := secret.Data["response"]; !ok {
+ return nil, fmt.Errorf("\"response\" not found in wrapping response \"data\" map")
+ }
+
+ wrappedSecret := new(Secret)
+ buf := bytes.NewBufferString(secret.Data["response"].(string))
+ if err := jsonutil.DecodeJSONFromReader(buf, wrappedSecret); err != nil {
+ return nil, fmt.Errorf("error unmarshaling wrapped secret: %s", err)
+ }
+
+ return wrappedSecret, nil
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-26 12:35:01 +0000