Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Modify vault search api #111

Merged
merged 9 commits into from
Sep 30, 2021
Merged

Modify vault search api #111

Changes from 7 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
1189125
correct secretid struct naming
hokenssh Sep 28, 2021
06cece6
make ownerId and name public
hokenssh Sep 28, 2021
8ceeb5c
add filter to search function
hokenssh Sep 29, 2021
ac46aed
break when find filter
hokenssh Sep 29, 2021
8d0845b
refactoring
hokenssh Sep 29, 2021
684d246
refactoring
hokenssh Sep 29, 2021
2c5ac73
added filter to request body instead of query params
hokenssh Sep 29, 2021
232057c
code optimization
hokenssh Sep 30, 2021
0a14f5a
code styling
hokenssh Sep 30, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
64 changes: 43 additions & 21 deletions api/vault/vault.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ package vault

import (
"encoding/json"
"fmt"
"net/url"

"github.com/SSHcom/privx-sdk-go/api/rolestore"
Expand All @@ -24,9 +25,9 @@ type secretResult struct {
Items []Secret `json:"items"`
}

type secretID struct {
ownerID string
name string
type SecretID struct {
OwnerID string
Name string
}

// tVaultReq t vault request definition
Expand Down Expand Up @@ -63,14 +64,14 @@ func (vault *Vault) CreateSecret(

//CreateUserSecret creates a user secret
func (vault *Vault) CreateUserSecret(
secretID secretID,
secretID SecretID,
allowReadBy []string,
allowWriteBy []string,
secret interface{},
) error {
req := vault.mkVaultReq(allowReadBy, allowWriteBy, secret)
req.Name = secretID.name
req.OwnerID = url.PathEscape(secretID.ownerID)
req.Name = secretID.Name
req.OwnerID = url.PathEscape(secretID.OwnerID)

_, err := vault.api.
URL("/vault/api/v1/user/%s/secrets", req.OwnerID).
Expand All @@ -96,15 +97,15 @@ func (vault *Vault) Secrets(offset, limit int) ([]Secret, error) {
}

// UserSecrets returns user secrets client has access to
func (vault *Vault) UserSecrets(secretID secretID, offset, limit int) ([]Secret, error) {
func (vault *Vault) UserSecrets(secretID SecretID, offset, limit int) ([]Secret, error) {
result := secretResult{}
filters := Params{
Offset: offset,
Limit: limit,
}

_, err := vault.api.
URL("/vault/api/v1/user/%s/secrets", url.PathEscape(secretID.ownerID)).
URL("/vault/api/v1/user/%s/secrets", url.PathEscape(secretID.OwnerID)).
Query(&filters).
Get(&result)

Expand All @@ -122,10 +123,10 @@ func (vault *Vault) Secret(name string) (*Secret, error) {
}

// UserSecret gets the content of the argument user secret.
func (vault *Vault) UserSecret(secretID secretID) (*Secret, error) {
func (vault *Vault) UserSecret(secretID SecretID) (*Secret, error) {
bag := &Secret{}
_, err := vault.api.
URL("/vault/api/v1/user/%s/secrets/%s", url.PathEscape(secretID.ownerID), url.PathEscape(secretID.name)).
URL("/vault/api/v1/user/%s/secrets/%s", url.PathEscape(secretID.OwnerID), url.PathEscape(secretID.Name)).
Get(&bag)

return bag, err
Expand All @@ -149,14 +150,14 @@ func (vault *Vault) UpdateSecret(

// UpdateUserSecret existing secret at PrivX Vault
func (vault *Vault) UpdateUserSecret(
secretID secretID,
secretID SecretID,
allowReadTo []string,
allowWriteTo []string,
secret interface{},
) error {
req := vault.mkVaultReq(allowReadTo, allowWriteTo, secret)
req.Name = url.PathEscape(secretID.name)
req.OwnerID = url.PathEscape(secretID.ownerID)
req.Name = url.PathEscape(secretID.Name)
req.OwnerID = url.PathEscape(secretID.OwnerID)
_, err := vault.api.
URL("/vault/api/v1/user/%s/secrets/%s", req.OwnerID, req.Name).
Put(req)
Expand All @@ -174,9 +175,9 @@ func (vault *Vault) DeleteSecret(name string) error {
}

// DeleteSecret delete existing secret from PrivX vault
func (vault *Vault) DeleteUserSecret(secretID secretID) error {
ownerID := url.PathEscape(secretID.ownerID)
name := url.PathEscape(secretID.name)
func (vault *Vault) DeleteUserSecret(secretID SecretID) error {
ownerID := url.PathEscape(secretID.OwnerID)
name := url.PathEscape(secretID.Name)

_, err := vault.api.
URL("/vault/api/v1/user/%s/secrets/%s", ownerID, name).
Expand All @@ -197,10 +198,10 @@ func (vault *Vault) SecretMetadata(name string) (*Secret, error) {
}

// SecretMetadata returns secret metadata
func (vault *Vault) UserSecretMetadata(secretID secretID) (*Secret, error) {
func (vault *Vault) UserSecretMetadata(secretID SecretID) (*Secret, error) {
metadata := &Secret{}
ownerID := url.PathEscape(secretID.ownerID)
name := url.PathEscape(secretID.name)
ownerID := url.PathEscape(secretID.OwnerID)
name := url.PathEscape(secretID.Name)

_, err := vault.api.
URL("/vault/api/v1/user/%s/metadata/secrets/%s", ownerID, name).
Expand All @@ -209,8 +210,28 @@ func (vault *Vault) UserSecretMetadata(secretID secretID) (*Secret, error) {
return metadata, err
}

func validateFilter(filter string) error {
filterAllowedValues := []string{"personal", "shared", "accessible", "readable", "writable", ""}
isValidFilter := false
for _, a := range filterAllowedValues {
if a == filter {
isValidFilter = true
break
cuongssh marked this conversation as resolved.
Show resolved Hide resolved
}
}
if !isValidFilter {
return fmt.Errorf("filter field must be one of these values %q", filterAllowedValues)
}
return nil
}

// SearchSecrets search for existing secrets
func (vault *Vault) SearchSecrets(offset, limit int, keywords, sortkey, sortdir string) ([]Secret, error) {
func (vault *Vault) SearchSecrets(offset, limit int, keywords, sortkey, sortdir string, filter string) ([]Secret, error) {
cuongssh marked this conversation as resolved.
Show resolved Hide resolved

err := validateFilter(filter)
if err != nil {
return nil, err
}
result := secretResult{}
filters := Params{
Offset: offset,
Expand All @@ -219,11 +240,12 @@ func (vault *Vault) SearchSecrets(offset, limit int, keywords, sortkey, sortdir
Sortdir: sortdir,
}

_, err := vault.api.
_, err = vault.api.
URL("/vault/api/v1/search/secrets").
Query(&filters).
Post(map[string]string{
"keywords": keywords,
"filter": filter,
}, &result)

return result.Items, err
Expand Down