/
path_credentials.go
96 lines (81 loc) · 2.63 KB
/
path_credentials.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package mongodbatlas
import (
"context"
"errors"
"fmt"
"regexp"
"github.com/hashicorp/errwrap"
"github.com/hashicorp/go-secure-stdlib/base62"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/logical"
)
var displayNameRegex = regexp.MustCompile("[^a-zA-Z0-9+=,.@_-]")
func (b *Backend) pathCredentials() *framework.Path {
return &framework.Path{
Pattern: "creds/" + framework.GenericNameRegex("name"),
DisplayAttrs: &framework.DisplayAttributes{
OperationPrefix: operationPrefixMongoDBAtlas,
OperationVerb: "generate",
},
Fields: map[string]*framework.FieldSchema{
"name": {
Type: framework.TypeLowerCaseString,
Description: "Name of the role",
Required: true,
},
},
Operations: map[logical.Operation]framework.OperationHandler{
logical.ReadOperation: &framework.PathOperation{
Callback: b.pathCredentialsRead,
DisplayAttrs: &framework.DisplayAttributes{
OperationSuffix: "credentials",
},
},
logical.UpdateOperation: &framework.PathOperation{
Callback: b.pathCredentialsRead,
DisplayAttrs: &framework.DisplayAttributes{
OperationSuffix: "credentials2",
},
},
},
HelpSynopsis: pathCredentialsHelpSyn,
HelpDescription: pathCredentialsHelpDesc,
}
}
func (b *Backend) pathCredentialsRead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
role := d.Get("name").(string)
cred, err := b.credentialRead(ctx, req.Storage, role)
if err != nil {
return nil, errwrap.Wrapf("error retrieving credential: {{err}}", err)
}
if cred == nil {
return nil, errors.New("error retrieving credential: credential is nil")
}
return b.programmaticAPIKeyCreate(ctx, req.Storage, role, cred)
}
type walEntry struct {
Role string
ProjectID string `mapstructure:"project_id"`
OrganizationID string `mapstructure:"organization_id"`
ProgrammaticAPIKeyID string `mapstructure:"programmatic_api_key_id"`
}
func genAPIKeyDescription(displayName string) (string, error) {
midString := displayNameRegex.ReplaceAllString(displayName, "_")
id, err := base62.Random(20)
if err != nil {
return "", err
}
ret := fmt.Sprintf("vault-%s-%s", midString, id)
return ret, nil
}
const pathCredentialsHelpSyn = `
Generate MongoDB Atlas Programmatic API from a specific Vault role.
`
const pathCredentialsHelpDesc = `
This path reads generates MongoDB Atlas Programmatic API Keys for
a particular role. Atlas Programmatic API Keys will be
generated on demand and will be automatically revoked when
the lease is up.
`