-
Notifications
You must be signed in to change notification settings - Fork 11
/
credentials.go
72 lines (59 loc) · 2.05 KB
/
credentials.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
// Copyright 2019 The Morning Consult, LLC or its affiliates. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License"). You may
// not use this file except in compliance with the License. A copy of the
// License is located at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// or in the "license" file accompanying this file. This file is distributed
// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
// express or implied. See the License for the specific language governing
// permissions and limitations under the License.
package vault
import (
"strings"
"github.com/hashicorp/vault/api"
"golang.org/x/xerrors"
)
// Credentials represent Docker credentials.
type Credentials struct {
Username string
Password string
}
// GetCredentials uses the Vault client to read the secret at
// path.
func GetCredentials(path string, client *api.Client) (Credentials, error) {
var (
username, password string
ok bool
missingSecrets []string
)
secret, err := client.Logical().Read(path)
if err != nil {
return Credentials{}, xerrors.Errorf("error reading secret: %v", err)
}
if secret == nil {
return Credentials{}, xerrors.Errorf("No secret found in Vault at path %q", path)
}
creds := secret.Data
// Check for metadata in the response which will only exist if this is a kv-v2 mount
// https://www.vaultproject.io/api/secret/kv/kv-v2.html#sample-response-1
_, isKvv2 := secret.Data["metadata"].(map[string]interface{})
if isKvv2 {
creds = secret.Data["data"].(map[string]interface{})
}
if username, ok = creds["username"].(string); !ok || username == "" {
missingSecrets = append(missingSecrets, "username")
}
if password, ok = creds["password"].(string); !ok || password == "" {
missingSecrets = append(missingSecrets, "password")
}
if len(missingSecrets) > 0 {
return Credentials{}, xerrors.Errorf("No %s found in Vault at path %q", strings.Join(missingSecrets, " or "), path)
}
return Credentials{
Username: username,
Password: password,
}, nil
}