-
Notifications
You must be signed in to change notification settings - Fork 17
/
mounts.clj
133 lines (96 loc) · 3.21 KB
/
mounts.clj
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
(ns vault.sys.mounts
"The `/sys/mounts` endpoint is used to manage secrets engines in Vault.
Reference: https://www.vaultproject.io/api-docs/system/mounts"
(:require
[vault.client.http :as http]
[vault.util :as u])
(:import
vault.client.http.HTTPClient))
;; ## API Protocol
(defprotocol API
"Methods for managing secrets engines in Vault."
(list-mounts
[client]
"List all the mounted secrets engines. Returns a map of secrets engines to
their configurations.")
(enable-secrets!
[client path params]
"Enable a new secrets engine at the given path. After enabling, this engine
can be accessed and configured via the specified path. Returns nil.
Parameters:
- `:type` (string)
The type of the backend, such as \"aws\" or \"openldap\".
- `:description (optional, string)
Human-friendly description of the mount.
- `:config` (optional, map)
Configuration options for this mount.
- `:options` (optional, map)
Mount type specific options that are passed to the backend.
See the Vault API docs for details.")
(disable-secrets!
[client path]
"Disable the mount point specified by the given path.")
(read-secrets-configuration
[client path]
"Read the configuration of the secrets engine mounted at the given path.")
(read-mount-configuration
[client path]
"Read the given mount's configuration.
Unlike the [[read-secrets-configuration]] method, this will return the
current time in seconds for each TTL, which may be the system default or a
mount-specific value.")
(tune-mount-configuration!
[client path params]
"Tune the configuration parameters for the given mount point. Returns
`nil`.
See the Vault API docs for available parameters."))
;; ## HTTP Client
(extend-type HTTPClient
API
(list-mounts
[client]
(http/call-api
client ::list-mounts
:get "sys/mounts"
{:handle-response
(fn handle-response
[body]
(into {}
(map (juxt key (comp u/kebabify-keys val)))
(get body "data")))}))
(enable-secrets!
[client path params]
(http/call-api
client ::enable-secrets!
:post (u/join-path "sys/mounts" path)
{:info {::path path, ::type (:type params)}
:content-type :json
:body (u/snakify-keys params)}))
(disable-secrets!
[client path]
(http/call-api
client ::disable-secrets!
:delete (u/join-path "sys/mounts" path)
{:info {::path path}}))
(read-secrets-configuration
[client path]
(http/call-api
client ::read-secrets-configuration
:get (u/join-path "sys/mounts" path)
{:info {::path path}
:handle-response u/kebabify-body-data}))
(read-mount-configuration
[client path]
(http/call-api
client ::read-mount-configuration
:get (u/join-path "sys/mounts" path "tune")
{:info {::path path}
:handle-response u/kebabify-body-data}))
(tune-mount-configuration!
[client path params]
(http/call-api
client ::tune-mount-configuration!
:post (u/join-path "sys/mounts" path "tune")
{:info {::path path}
:content-type :json
:body (u/snakify-keys params)})))