-
Notifications
You must be signed in to change notification settings - Fork 0
/
grafanacloud_key.go
127 lines (110 loc) · 3.26 KB
/
grafanacloud_key.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
package secretsengine
import (
"context"
"fmt"
uuid "github.com/google/uuid"
grafanclient "github.com/grafana/grafana-api-golang-client"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/logical"
)
type GrafanaCloudKey struct {
Name string
Token string
User string
PrometheusUser string
PrometheusURL string
LokiUser string
LokiURL string
TempoUser string
TempoURL string
AlertmanagerUser string
AlertmanagerURL string
GraphiteUser string
GraphiteURL string
}
func (b *grafanaCloudBackend) grafanaCloudKey() *framework.Secret {
return &framework.Secret{
Type: grafanaCloudKeyType,
Fields: map[string]*framework.FieldSchema{
"user": {
Type: framework.TypeString,
Description: "Grafana cloud api credentials username",
},
"token": {
Type: framework.TypeString,
Description: "Grafana cloud api credentials Token",
},
},
Revoke: b.keyRevoke,
Renew: b.keyRenew,
}
}
func (b *grafanaCloudBackend) keyRevoke(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
c, err := b.getClient(ctx, req.Storage)
if err != nil {
return nil, fmt.Errorf("error getting client: %w", err)
}
config, err := getConfig(ctx, req.Storage)
if err != nil {
return nil, err
}
org := config.Organisation
tokenID := req.Secret.InternalData["name"].(string)
err = c.DeleteCloudAPIKey(org, tokenID)
if err != nil {
return nil, err
}
return &logical.Response{}, nil
}
func (b *grafanaCloudBackend) keyRenew(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
roleRaw, ok := req.Secret.InternalData["role"]
if !ok {
return nil, NewInternalError("secret is missing role internal data", nil)
}
role := roleRaw.(string)
roleEntry, err := b.getRole(ctx, req.Storage, role)
if err != nil {
return nil, NewInternalError("error retrieving role", err)
}
if roleEntry == nil {
return nil, NewInternalError("error retrieving role: role is nil", nil)
}
resp := &logical.Response{Secret: req.Secret}
if roleEntry.TTL > 0 {
resp.Secret.TTL = roleEntry.TTL
}
if roleEntry.MaxTTL > 0 {
resp.Secret.MaxTTL = roleEntry.MaxTTL
}
return resp, nil
}
func createKey(_ context.Context, c *grafanclient.Client, organisation, roleName string,
config *grafanaCloudConfig, grafanaCloudRole string,
) (*GrafanaCloudKey, error) {
suffix := uuid.New().String()
tokenName := fmt.Sprintf("%s_%s", roleName, suffix)
key, err := c.CreateCloudAPIKey(
organisation,
&grafanclient.CreateCloudAPIKeyInput{
Name: tokenName,
Role: grafanaCloudRole,
})
if err != nil {
return nil, fmt.Errorf("error creating Grafana Cloud key: %w", err)
}
return &GrafanaCloudKey{
Name: key.Name,
Token: key.Token,
User: config.User,
PrometheusUser: config.PrometheusUser,
PrometheusURL: config.PrometheusURL,
LokiUser: config.LokiUser,
LokiURL: config.LokiURL,
TempoUser: config.TempoUser,
TempoURL: config.TempoURL,
AlertmanagerUser: config.AlertmanagerUser,
AlertmanagerURL: config.AlertmanagerURL,
GraphiteUser: config.GraphiteUser,
GraphiteURL: config.GraphiteURL,
}, nil
}