forked from hashicorp/vault
-
Notifications
You must be signed in to change notification settings - Fork 0
/
secret.go
90 lines (73 loc) · 2.27 KB
/
secret.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
package framework
import (
"time"
"github.com/hashicorp/vault/logical"
)
// Secret is a type of secret that can be returned from a backend.
type Secret struct {
// Type is the name of this secret type. This is used to setup the
// vault ID and to look up the proper secret structure when revocation/
// renewal happens. Once this is set this should not be changed.
//
// The format of this must match (case insensitive): ^a-Z0-9_$
Type string
// Fields is the mapping of data fields and schema that comprise
// the structure of this secret.
Fields map[string]*FieldSchema
// DefaultDuration is the default value for the duration of the lease for
// this secret. This can be manually overwritten with the result of
// Response().
//
// If these aren't set, Vault core will set a default lease period which
// may come from a mount tuning.
DefaultDuration time.Duration
// Renew is the callback called to renew this secret. If Renew is
// not specified then renewable is set to false in the secret.
// See lease.go for helpers for this value.
Renew OperationFunc
// Revoke is the callback called to revoke this secret. This is required.
Revoke OperationFunc
}
func (s *Secret) Renewable() bool {
return s.Renew != nil
}
func (s *Secret) Response(
data, internal map[string]interface{}) *logical.Response {
internalData := make(map[string]interface{})
for k, v := range internal {
internalData[k] = v
}
internalData["secret_type"] = s.Type
return &logical.Response{
Secret: &logical.Secret{
LeaseOptions: logical.LeaseOptions{
TTL: s.DefaultDuration,
Renewable: s.Renewable(),
},
InternalData: internalData,
},
Data: data,
}
}
// HandleRenew is the request handler for renewing this secret.
func (s *Secret) HandleRenew(req *logical.Request) (*logical.Response, error) {
if !s.Renewable() {
return nil, logical.ErrUnsupportedOperation
}
data := &FieldData{
Raw: req.Data,
Schema: s.Fields,
}
return s.Renew(req, data)
}
// HandleRevoke is the request handler for renewing this secret.
func (s *Secret) HandleRevoke(req *logical.Request) (*logical.Response, error) {
data := &FieldData{
Raw: req.Data,
Schema: s.Fields,
}
if s.Revoke != nil {
return s.Revoke(req, data)
}
return nil, logical.ErrUnsupportedOperation
}