forked from Caiyeon/goldfish
/
helper.go
142 lines (122 loc) · 3.1 KB
/
helper.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
package vault
import (
"errors"
"io/ioutil"
"log"
"net/http"
"github.com/hashicorp/vault/api"
)
func VaultHealth() (string, error) {
resp, err := http.Get(vaultConfig.Address + "/v1/sys/health")
if err != nil {
return "", err
}
body, err := ioutil.ReadAll(resp.Body)
resp.Body.Close()
if err != nil {
return "", err
}
return string(body), nil
}
// lookup current root generation status
func GenerateRootStatus() (*api.GenerateRootStatusResponse, error) {
client, err := NewVaultClient()
if err != nil {
return nil, err
}
return client.Sys().GenerateRootStatus()
}
func GenerateRootInit(otp string) (*api.GenerateRootStatusResponse, error) {
client, err := NewVaultClient()
if err != nil {
return nil, err
}
return client.Sys().GenerateRootInit(otp, "")
}
func GenerateRootUpdate(shard, nonce string) (*api.GenerateRootStatusResponse, error) {
client, err := NewVaultClient()
if err != nil {
return nil, err
}
return client.Sys().GenerateRootUpdate(shard, nonce)
}
func GenerateRootCancel() error {
client, err := NewVaultClient()
if err != nil {
return err
}
return client.Sys().GenerateRootCancel()
}
func WriteToCubbyhole(name string, data map[string]interface{}) (interface{}, error) {
client, err := NewGoldfishVaultClient()
if err != nil {
return nil, err
}
return client.Logical().Write("cubbyhole/"+name, data)
}
func ReadFromCubbyhole(name string) (*api.Secret, error) {
client, err := NewGoldfishVaultClient()
if err != nil {
return nil, err
}
return client.Logical().Read("cubbyhole/" + name)
}
func DeleteFromCubbyhole(name string) (*api.Secret, error) {
client, err := NewGoldfishVaultClient()
if err != nil {
return nil, err
}
return client.Logical().Delete("cubbyhole/" + name)
}
func renewServerToken() error {
client, err := NewGoldfishVaultClient()
if err != nil {
return err
}
resp, err := client.Auth().Token().RenewSelf(0)
if err != nil {
return err
}
if resp == nil {
return errors.New("Could not renew token... response from vault was nil")
}
log.Println("[INFO ]: Server token renewed")
return nil
}
func WrapData(wrapttl string, data map[string]interface{}) (string, error) {
client, err := NewGoldfishVaultClient()
if err != nil {
return "", err
}
client.SetWrappingLookupFunc(func(operation, path string) string {
return wrapttl
})
resp, err := client.Logical().Write("/sys/wrapping/wrap", data)
if err != nil {
return "", err
}
return resp.WrapInfo.Token, nil
}
func UnwrapData(wrappingToken string) (map[string]interface{}, error) {
client, err := NewGoldfishVaultClient()
if err != nil {
return nil, err
}
// make a raw unwrap call. This will use the token as a header
resp, err := client.Logical().Unwrap(wrappingToken)
if err != nil {
return nil, errors.New("Failed to unwrap provided token, revoke it if possible\nReason:" + err.Error())
}
return resp.Data, nil
}
func LookupSelf() (map[string]interface{}, error) {
client, err := NewGoldfishVaultClient()
if err != nil {
return nil, err
}
resp, err := client.Logical().Read("/auth/token/lookup-self")
if err != nil {
return nil, err
}
return resp.Data, nil
}