forked from jonasvinther/medusa
-
Notifications
You must be signed in to change notification settings - Fork 0
/
vaultclient.go
103 lines (83 loc) · 2.22 KB
/
vaultclient.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
package vaultengine
import (
"errors"
"strings"
vault "github.com/hashicorp/vault/api"
)
// Client describes the arguments that is needed to to establish a connecting to a Vault instance
type Client struct {
token string
addr string
namespace string
engine string
engineType string
insecure bool
vc *vault.Client
}
// NewClient creates a instance of the VaultClient struct
func NewClient(addr, token string, insecure bool, namespace string) *Client {
client := &Client{
token: token,
addr: addr,
insecure: insecure,
namespace: namespace}
client.newVaultClient()
return client
}
// UseEngine defines which engine the Vault client will use
func (client *Client) UseEngine(engine string) {
client.engine = engine
}
func (client *Client) MountpathSplitPrefix(path string) (string, string, error) {
// Split Engine mountpath from path
r := client.vc.NewRequest("GET", "/v1/sys/internal/ui/mounts/"+path)
resp, err := client.vc.RawRequest(r)
if resp != nil {
defer resp.Body.Close()
}
if err != nil {
// any 404 indicates k/v v1
if resp != nil && resp.StatusCode == 404 {
return "", "path", nil
}
return "", "", err
}
secret, err := vault.ParseSecret(resp.Body)
if err != nil {
return "", "", err
}
if secret == nil {
return "", "", errors.New("nil response from pre-flight request")
}
var mountPath string
if mountPathRaw, ok := secret.Data["path"]; ok {
mountPath = mountPathRaw.(string)
}
mountPath = strings.TrimSuffix(mountPath, "/")
suffix := strings.Replace(path, mountPath, "", 1)
suffix = EnsureFolder(strings.TrimPrefix(suffix, "/"))
return mountPath, suffix, nil
}
// SetEngineType defines which vault secret engine type that is being used
func (client *Client) SetEngineType(engineType string) {
client.engineType = engineType
}
func (client *Client) newVaultClient() error {
config := vault.Config{Address: client.addr}
// Enable insecure
config.ConfigureTLS(&vault.TLSConfig{
Insecure: client.insecure,
})
vc, err := vault.NewClient(&config)
if err != nil {
return err
}
client.vc = vc
if client.namespace != "" {
client.vc.SetNamespace(client.namespace)
}
if client.token != "" {
client.vc.SetToken(client.token)
}
return nil
}