/
rule.go
48 lines (40 loc) · 1.14 KB
/
rule.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
package vault
import (
"strings"
"github.com/pkg/errors"
"github.com/rodaine/hclencoder"
)
const (
DenyCapability = "deny"
CreateCapability = "create"
ReadCapability = "read"
UpdateCapability = "update"
DeleteCapability = "delete"
ListCapability = "list"
SudoCapability = "sudo"
RootCapability = "root"
PathRulesName = "allow_secrets"
DefaultSecretsPathPrefix = "secret/*"
PoliciesName = "policies"
DefaultSecretsPath = "secret"
)
var (
DefaultSecretsCapabiltities = []string{CreateCapability, ReadCapability, UpdateCapability, DeleteCapability, ListCapability}
)
// PathRule defines a path rule
type PathRule struct {
Path []PathPolicy `hcl:"path" hcle:"omitempty"`
}
// PathPolicy defiens a vault path policy
type PathPolicy struct {
Prefix string `hcl:",key"`
Capabilities []string `hcl:"capabilities" hcle:"omitempty"`
}
// String encodes a Vault path rule to a string
func (r *PathRule) String() (string, error) {
output, err := hclencoder.Encode(r)
if err != nil {
return "", errors.Wrap(err, "encodeing the path policy")
}
return strings.Replace(string(output), "\n", "", -1), nil
}