Update client to read wrapped responses, remove leftover code to allo…

…w for optional wrapping instead of as-standard
nemosupremo · Jul 7, 2016 · f814066 · f814066
1 parent c2d2a47
commit f814066
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 9 deletions.
diff --git a/gatekeeper/gatekeeper.go b/gatekeeper/gatekeeper.go
@@ -102,7 +102,7 @@ func requestPermToken(tempToken string) (string, error) {
 	if err != nil {
 		return "", err
 	}
-	vaultAddr.Path = "/v1/cubbyhole/vault-token"
+	vaultAddr.Path = "/v1/cubbyhole/response"
 
 	req, err := http.NewRequest("GET", vaultAddr.String(), nil)
 	if err != nil {
@@ -120,12 +120,12 @@ func requestPermToken(tempToken string) (string, error) {
 		return "", err
 	}
 
-	vaultSecret := &vaultSecret{}
-	if err := json.NewDecoder(vaultResp.Body).Decode(vaultSecret); err != nil {
+	cubbyholeSecret := &cubbyholeSecret{}
+	if err := json.NewDecoder(vaultResp.Body).Decode(cubbyholeSecret); err != nil {
 		return "", err
 	}
 
-	return vaultSecret.Data.Token, nil
+	return cubbyholeSecret.Data.WrappedSecret.Token, nil
 }
 
 func EnvRequestVaultToken() (string, error) {

diff --git a/gatekeeper/types.go b/gatekeeper/types.go
@@ -40,8 +40,12 @@ type gkTokenResp struct {
 	Error  string `json:"error"`
 }
 
-type vaultSecret struct {
-	Data vaultSecretData `json:"data"`
+type cubbyholeSecret struct {
+	Data wrappedResponseData `json:"data"`
+}
+
+type wrappedResponseData struct {
+	WrappedSecret vaultSecretData `json:"response"`
 }
 
 type vaultSecretData struct {

diff --git a/provider.go b/provider.go
@@ -89,7 +89,7 @@ func createWrappedToken(token string, opts interface{}, wrapTTL time.Duration) (
 	return t.WrapInfo.Token, nil
 }
 
-func createTokenPair(token string, p *policy, wrap bool) (string, error) {
+func createTokenPair(token string, p *policy) (string, error) {
 	pol := p.Policies
 	if len(pol) == 0 { // explicitly set the policy, else the token will inherit ours
 		pol = []string{"default"}
@@ -130,7 +130,6 @@ func Provide(c *gin.Context) {
 
 	var reqParams struct {
 		TaskId    string `json:"task_id"`
-		WrapToken bool   `json:"wrap_token"`
 	}
 	decoder := json.NewDecoder(c.Request.Body)
 	if err := decoder.Decode(&reqParams); err == nil {
@@ -185,7 +184,7 @@ func Provide(c *gin.Context) {
 			state.RLock()
 			policy := activePolicies.Get(task.Name)
 			state.RUnlock()
-			if tempToken, err := createTokenPair(token, policy, reqParams.WrapToken); err == nil {
+			if tempToken, err := createTokenPair(token, policy); err == nil {
 				log.Printf("Provided token pair for %s in %v. (Task Id: %s) (Task Name: %s). Policies: %v", remoteIp, time.Now().Sub(requestStartTime), reqParams.TaskId, task.Name, policy.Policies)
 				atomic.AddInt32(&state.Stats.Successful, 1)
 				usedTaskIds.Put(reqParams.TaskId, config.MaxTaskLife+1*time.Minute)