This repository has been archived by the owner on Mar 24, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 15
/
credstore.go
94 lines (75 loc) · 2.35 KB
/
credstore.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
package credstore
import (
"io/ioutil"
"github.com/pkg/errors"
"code.cloudfoundry.org/credhub-cli/credhub"
"code.cloudfoundry.org/credhub-cli/credhub/auth"
"code.cloudfoundry.org/credhub-cli/credhub/permissions"
"github.com/sirupsen/logrus"
)
//go:generate counterfeiter ./ CredStore
type CredStore interface {
Put(key string, credentials interface{}) (interface{}, error)
Get(key string) (interface{}, error)
Delete(key string) error
AddPermission(path string, actor string, ops []string) (*permissions.Permission, error)
DeletePermission(path string) error
}
type credhubStore struct {
credHubClient *credhub.CredHub
logger *logrus.Logger
}
func NewCredhubStore(credHubURL, uaaURL, uaaClientName, uaaClientSecret string, skipSSLValidation bool, caCertFile string, logger *logrus.Logger) (CredStore, error) {
options := []credhub.Option{
credhub.SkipTLSValidation(skipSSLValidation),
credhub.Auth(auth.UaaClientCredentials(uaaClientName, uaaClientSecret)),
credhub.AuthURL(uaaURL),
}
if caCertFile != "" {
dat, err := ioutil.ReadFile(caCertFile)
if err != nil {
return nil, err
}
if dat == nil {
return nil, errors.Errorf("CredHub certificate is not valid: %s", caCertFile)
}
options = append(options, credhub.CaCerts(string(dat)))
}
ch, err := credhub.New(credHubURL, options...)
if err != nil {
return nil, err
}
return &credhubStore{
credHubClient: ch,
logger: logger,
}, err
}
func (c *credhubStore) Put(key string, credentials interface{}) (interface{}, error) {
return c.credHubClient.SetCredential(key, "json", credentials)
}
func (c *credhubStore) Get(key string) (interface{}, error) {
return c.credHubClient.GetLatestValue(key)
}
func (c *credhubStore) Delete(key string) error {
return c.credHubClient.Delete(key)
}
func (c *credhubStore) AddPermission(path string, actor string, ops []string) (*permissions.Permission, error) {
return c.credHubClient.AddPermission(path, actor, ops)
}
func (c *credhubStore) DeletePermission(path string) error {
allPermissions, err := c.credHubClient.GetPermissions(path)
if err != nil {
return err
}
for _, permission := range allPermissions {
p, err := c.credHubClient.GetPermissionByPathActor(path, permission.Actor)
if err != nil {
return err
}
_, err = c.credHubClient.DeletePermission(p.UUID)
if err != nil {
return err
}
}
return err
}