/
vault.go
70 lines (57 loc) · 1.5 KB
/
vault.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
package main
import (
"html/template"
"io"
)
const (
// ServicePolicyTemplate is the template used to generate a Vault policy on
// service create.
ServicePolicyTemplate string = `
path "cf/{{ .InstanceID }}" {
capabilities = ["list"]
}
path "cf/{{ .InstanceID }}/*" {
capabilities = ["create", "read", "update", "delete", "list"]
}
path "cf/{{ .SpaceID }}" {
capabilities = ["list"]
}
path "cf/{{ .SpaceID }}/*" {
capabilities = ["create", "read", "update", "delete", "list"]
}
path "cf/{{ .OrgID }}" {
capabilities = ["list"]
}
path "cf/{{ .OrgID }}/*" {
capabilities = ["read", "list"]
}
{{ if ne .ApplicationID "" }}
path "cf/{{ .ApplicationID }}" {
capabilities = ["list"]
}
path "cf/{{ .ApplicationID }}/*" {
capabilities = ["create", "read", "update", "delete", "list"]
}
{{ end -}}
`
)
// ServicePolicyTemplateInput is used as input to the ServicePolicyTemplate.
type ServicePolicyTemplateInput struct {
// InstanceID is the unique ID of the service instance.
InstanceID string
// SpaceID is the unique ID of the space.
SpaceID string
// OrgID is the unique ID of the space.
OrgID string
// ApplicationID is the unique ID of the service.
ApplicationID string
}
// GeneratePolicy takes an io.Writer object and template input and renders the
// resulting template into the writer.
func GeneratePolicy(w io.Writer, info *ServicePolicyTemplateInput) error {
tmpl, err := template.New("service").Parse(ServicePolicyTemplate)
if err != nil {
return err
}
return tmpl.Execute(w, info)
}