-
Notifications
You must be signed in to change notification settings - Fork 4.2k
/
helper_internal.go
101 lines (86 loc) · 2.54 KB
/
helper_internal.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
package token
import (
"bytes"
"fmt"
"io"
"os"
"path/filepath"
"strings"
homedir "github.com/mitchellh/go-homedir"
"github.com/natefinch/atomic"
)
var _ TokenHelper = (*InternalTokenHelper)(nil)
// InternalTokenHelper fulfills the TokenHelper interface when no external
// token-helper is configured, and avoids shelling out
type InternalTokenHelper struct {
tokenPath string
homeDir string
}
func NewInternalTokenHelper() (*InternalTokenHelper, error) {
homeDir, err := homedir.Dir()
if err != nil {
panic(fmt.Sprintf("error getting user's home directory: %v", err))
}
return &InternalTokenHelper{homeDir: homeDir}, err
}
// populateTokenPath figures out the token path using homedir to get the user's
// home directory
func (i *InternalTokenHelper) populateTokenPath() {
i.tokenPath = filepath.Join(i.homeDir, ".vault-token")
}
func (i *InternalTokenHelper) Path() string {
return i.tokenPath
}
// Get gets the value of the stored token, if any
func (i *InternalTokenHelper) Get() (string, error) {
i.populateTokenPath()
f, err := os.Open(i.tokenPath)
if os.IsNotExist(err) {
return "", nil
}
if err != nil {
return "", err
}
defer f.Close()
buf := bytes.NewBuffer(nil)
if _, err := io.Copy(buf, f); err != nil {
return "", err
}
return strings.TrimSpace(buf.String()), nil
}
// Store stores the value of the token to the file. We always overwrite any
// existing file atomically to ensure that ownership and permissions are set
// appropriately.
func (i *InternalTokenHelper) Store(input string) error {
i.populateTokenPath()
tmpFile := i.tokenPath + ".tmp"
f, err := os.OpenFile(tmpFile, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0o600)
if err != nil {
return err
}
defer f.Close()
defer os.Remove(tmpFile)
_, err = io.WriteString(f, input)
if err != nil {
return err
}
err = f.Close()
if err != nil {
return err
}
// We don't care so much about atomic writes here. We're using this package
// because we don't have a portable way of verifying that the target file
// is owned by the correct user. The simplest way of ensuring that is
// to simply re-write it, and the simplest way to ensure that we don't
// damage an existing working file due to error is the write-rename pattern.
// os.Rename on Windows will return an error if the target already exists.
return atomic.ReplaceFile(tmpFile, i.tokenPath)
}
// Erase erases the value of the token
func (i *InternalTokenHelper) Erase() error {
i.populateTokenPath()
if err := os.Remove(i.tokenPath); err != nil && !os.IsNotExist(err) {
return err
}
return nil
}