Work in progress

webapp/sources/rudder/rudder-rest/src/main/scala/com/normation/rudder/rest/EndpointsDefinition.scala

@@ -753,6 +753,33 @@ object UserApi extends ApiModuleProvider[UserApi] {
   def endpoints = ca.mrvisser.sealerate.values[UserApi].toList.sortBy( _.z )
 }
 
+
+sealed trait SecretVaultApi extends EndpointSchema with GeneralApi with SortIndex
+object SecretVaultApi extends ApiModuleProvider[SecretVaultApi] {
+  final case object GetSecrets extends SecretVaultApi with ZeroParam with StartsAtVersion13 with SortIndex { val z = implicitly[Line].value
+    val description = "Get the list of key-value pair secret"
+    val (action, path) = GET / "secret"
+  }
+
+  final case object  AddSecret extends SecretVaultApi with OneParam with StartsAtVersion13 with SortIndex { val z = implicitly[Line].value
+    val description = "Add a key-value pair secret"
+    val (action, path) = PUT / "secret"
+  }
+
+  final case object UpdateSecret extends SecretVaultApi with OneParam with StartsAtVersion13 with SortIndex { val z = implicitly[Line].value
+    val description = "Update an existing key-value pair secret"
+    val (action, path) = POST / "secret"
+  }
+
+  final case object DeleteSecret extends SecretVaultApi with OneParam with StartsAtVersion13 with SortIndex { val z = implicitly[Line].value
+    val description = "Delete a secret"
+    val (action, path) = DELETE / "secret"
+  }
+
+  def endpoints = ca.mrvisser.sealerate.values[SecretVaultApi].toList.sortBy( _.z )
+
+}
+
 /*
  * All API.
  */
@@ -770,6 +797,7 @@ object AllApi {
     RuleApi.endpoints :::
     InventoryApi.endpoints :::
     InfoApi.endpoints :::
+    SecretVaultApi.endpoints :::
     // UserApi is not declared here, it will be contributed by plugin
     Nil
 }

webapp/sources/rudder/rudder-rest/src/main/scala/com/normation/rudder/rest/RoleApiMapping.scala

@@ -106,7 +106,8 @@ final case object OnlyAdmin extends AuthorizationApiMapping {
                                      SystemApi.ArchivesFullList.x :: SystemApi.ArchivesGroupsList.x :: SystemApi.ArchivesRulesList.x ::
                                      SystemApi.GetAllZipArchive.x :: SystemApi.GetDirectivesZipArchive.x :: SystemApi.GetGroupsZipArchive.x ::
                                      SystemApi.GetRulesZipArchive.x :: SystemApi.Info.x :: SystemApi.Status.x :: SystemApi.ArchivesParametersList.x ::
-                                     SystemApi.GetParametersZipArchive.x :: SystemApi.GetHealthcheckResult.x :: Nil
+                                     SystemApi.GetParametersZipArchive.x :: SystemApi.GetHealthcheckResult.x ::  SecretVaultApi.GetSecrets.x ::
+                                     SecretVaultApi.AddSecret.x :: SecretVaultApi.DeleteSecret.x :: SecretVaultApi.UpdateSecret.x :: Nil
         case Administration.Write => SettingsApi.ModifySettings.x :: SettingsApi.ModifySetting.x :: SystemApi.endpoints.map(_.x)
         case Administration.Edit  => SettingsApi.ModifySettings.x :: SettingsApi.ModifySetting.x :: SystemApi.endpoints.map(_.x)
 

webapp/sources/rudder/rudder-rest/src/main/scala/com/normation/rudder/rest/lift/SecretVaultApi.scala

@@ -0,0 +1,122 @@
+/*
+*************************************************************************************
+* Copyright 2021 Normation SAS
+*************************************************************************************
+*
+* This file is part of Rudder.
+*
+* Rudder is free software: you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation, either version 3 of the License, or
+* (at your option) any later version.
+*
+* In accordance with the terms of section 7 (7. Additional Terms.) of
+* the GNU General Public License version 3, the copyright holders add
+* the following Additional permissions:
+* Notwithstanding to the terms of section 5 (5. Conveying Modified Source
+* Versions) and 6 (6. Conveying Non-Source Forms.) of the GNU General
+* Public License version 3, when you create a Related Module, this
+* Related Module is not considered as a part of the work and may be
+* distributed under the license agreement of your choice.
+* A "Related Module" means a set of sources files including their
+* documentation that, without modification of the Source Code, enables
+* supplementary functions or services in addition to those offered by
+* the Software.
+*
+* Rudder is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with Rudder.  If not, see <http://www.gnu.org/licenses/>.
+
+*
+*************************************************************************************
+*/
+package com.normation.rudder.rest.lift
+
+import com.normation.rudder.rest.RestExtractorService
+import com.normation.rudder.web.services.SecretVaultService
+import com.normation.rudder.rest.RestExtractorService
+import com.normation.rudder.rest.{SecretVaultApi => API}
+import com.normation.rudder.rest.ApiPath
+import com.normation.rudder.rest.ApiVersion
+import com.normation.rudder.rest.AuthzToken
+import com.normation.rudder.rest.EndpointSchema0
+import com.normation.rudder.rest.RestDataSerializer
+import com.normation.rudder.rest.RestExtractorService
+import com.normation.rudder.rest.RestUtils
+import com.normation.rudder.rest.RestUtils.getActor
+import com.normation.rudder.rest.RestUtils.toJsonError
+import com.normation.rudder.rest.RestUtils.toJsonResponse
+import com.normation.rudder.rest.SecretVaultApi.AddSecret
+import com.normation.rudder.rest.SecretVaultApi.DeleteSecret
+import com.normation.rudder.rest.SecretVaultApi.UpdateSecret
+import com.normation.rudder.rest.data._
+import net.liftweb.common._
+import net.liftweb.http.JsonResponse
+import net.liftweb.http.LiftResponse
+import net.liftweb.http.Req
+import net.liftweb.json.JArray
+import net.liftweb.json.JsonAST.JValue
+import net.liftweb.json.JsonDSL._
+class SecretVaultApi(
+    restExtractorService : RestExtractorService
+  , secretVaultService   : SecretVaultService
+) extends LiftApiModuleProvider[API] {
+
+  import RestUtils._
+
+  def schemas = API
+
+  def getLiftEndpoints(): List[LiftApiModule] = {
+    API.endpoints.map(
+      e => e match {
+        case API.GetSecrets   => GetSecrets
+        case API.AddSecret    => AddSecret
+        case API.UpdateSecret => UpdateSecret
+        case API.DeleteSecret => DeleteSecret
+
+      }
+    )
+  }
+
+  object GetSecrets extends LiftApiModule0 {
+    val schema        = API.GetSecrets
+    val restExtractor = restExtractorService
+
+    def process0(version: ApiVersion, path: ApiPath, req: Req, params: DefaultParams, authzToken: AuthzToken): LiftResponse = {
+      JsonResponse("get secret")
+    }
+  }
+
+  object AddSecret extends LiftApiModule {
+    val schema        = API.AddSecret
+    val restExtractor = restExtractorService
+
+    def process(version: ApiVersion, path: ApiPath, id: String, req: Req, params: DefaultParams, authzToken: AuthzToken): LiftResponse = {
+      JsonResponse("add secret")
+    }
+  }
+
+
+  object DeleteSecret extends LiftApiModule {
+    val schema        = API.AddSecret
+    val restExtractor = restExtractorService
+
+    def process(version: ApiVersion, path: ApiPath, id: String, req: Req, params: DefaultParams, authzToken: AuthzToken): LiftResponse = {
+      JsonResponse("delete secret")
+    }
+  }
+
+  object UpdateSecret extends LiftApiModule {
+    val schema        = API.AddSecret
+    val restExtractor = restExtractorService
+
+    def process(version: ApiVersion, path: ApiPath, id: String, req: Req, params: DefaultParams, authzToken: AuthzToken): LiftResponse = {
+      JsonResponse("delete secret")
+    }
+  }
+
+}

webapp/sources/rudder/rudder-rest/src/main/scala/com/normation/rudder/web/services/SecretVaultService.scala

@@ -0,0 +1,47 @@
+package com.normation.rudder.web.services
+
+import com.normation.errors.IOResult
+
+import java.nio.file.Path
+
+// todo reuse RudderEngineProperty ?
+case class SecretVaultEntry(val name: String, val value: String, val engine: String)
+
+class SecretVaultService(
+  db: Path
+) {
+
+  def getSecrets: IOResult[List[SecretVaultService]] = {
+    for {
+
+    } yield {
+
+    }
+  }
+
+  def addSecret(secret: SecretVaultEntry): IOResult[Unit] = {
+    for {
+
+    } yield {
+
+    }
+  }
+
+  def deleteSecret(secret: SecretVaultEntry): IOResult[Unit] = {
+    for {
+
+    } yield {
+
+    }
+  }
+
+  def updateSecret(secret: SecretVaultEntry): IOResult[Unit] = {
+    for {
+
+    } yield {
+
+    }
+  }
+
+
+}

webapp/sources/rudder/rudder-web/src/main/scala/bootstrap/liftweb/RudderConfig.scala

@@ -840,6 +840,7 @@ object RudderConfig extends Loggable {
   val restQuicksearch       = new RestQuicksearch(new FullQuickSearchService()(roLDAPConnectionProvider, nodeDit, acceptedNodesDit, rudderDit, roDirectiveRepository, nodeInfoService), userService, linkUtil)
   val restCompletion        = new RestCompletion(new RestCompletionService(roDirectiveRepository, roRuleRepository))
 
+  val secretVaultService = new SecretVaultService()
   val ruleApiService2 =
     new RuleApiService2(
         roRuleRepository
@@ -1175,7 +1176,7 @@ object RudderConfig extends Loggable {
       , new RuleApi(restExtractorService, ruleApiService2, ruleApiService6, stringUuidGenerator)
       , new SystemApi(restExtractorService,systemApiService11, systemApiService13, rudderMajorVersion, rudderFullVersion, builtTimestamp)
       , new InventoryApi(restExtractorService, inventoryProcessor, inventoryWatcher)
-//      , new HealthcheckApi(restExtractorService, restDataSerializer, healthcheckService, healthcheckNotificationService)
+      , new SecretVaultApi(restExtractorService, secretVaultService)
         // info api must be resolved latter, because else it misses plugin apis !
     )