-
Notifications
You must be signed in to change notification settings - Fork 1
/
secret.go
119 lines (100 loc) · 3.31 KB
/
secret.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
package hcvault
import (
"encoding/json"
"fmt"
)
//
// Getters
//
func (c *HCVaultSecretStore) GetSecretAsByte(root string, path string) ([]byte, error) {
secretData, err := c.GetSecret(root, path)
if err != nil {
return nil, err
}
secretDataByte, err := json.Marshal(secretData)
if err != nil {
return nil, fmt.Errorf("failed to parse private data for '%s'/'%s' secret; %w", root, path, err)
}
return secretDataByte, nil
}
func (c *HCVaultSecretStore) GetSecret(root string, path string) (map[string]interface{}, error) {
return c.GetSecretWithPath(fmt.Sprintf("%s/data/%s", root, path))
}
func (c *HCVaultSecretStore) GetSecretWithPath(path string) (map[string]interface{}, error) {
resp, err := c.Client.Logical().Read(path)
if err != nil {
return nil, fmt.Errorf("failed to get '%s' secret from Vega Vault: %w", path, err)
}
if resp == nil || resp.Data == nil || resp.Data["data"] == nil {
return nil, fmt.Errorf("secret '%s' from Vega Vault is empty", path)
}
data, conversionOk := resp.Data["data"].(map[string]interface{})
if !conversionOk {
return nil, fmt.Errorf("failed to convert secret %s", path)
}
if data == nil {
return nil, fmt.Errorf("value for secret '%s' is empty", path)
}
return data, nil
}
//
// Check Existence
//
func (c *HCVaultSecretStore) DoesExist(root string, path string) (bool, error) {
return c.DoesExistWithPath(fmt.Sprintf("%s/data/%s", root, path))
}
func (c *HCVaultSecretStore) DoesExistWithPath(path string) (bool, error) {
resp, err := c.Client.Logical().Read(path)
if err != nil {
return false, fmt.Errorf("failed to get '%s' secret from Vega Vault %w", path, err)
}
if resp == nil || resp.Data["data"] == nil {
return false, nil
}
return true, nil
}
//
// Setters
//
func (c *HCVaultSecretStore) UpsertSecretFromByte(root string, path string, secretDataByte []byte) error {
var secretData map[string]interface{}
if err := json.Unmarshal(secretDataByte, &secretData); err != nil {
return fmt.Errorf("failed to parse private data for '%s'/'%s'; %w", root, path, err)
}
return c.UpsertSecret(root, path, secretData)
}
func (c *HCVaultSecretStore) UpsertSecret(root string, path string, secret map[string]interface{}) error {
return c.UpsertSecretWithPath(fmt.Sprintf("%s/data/%s", root, path), secret)
}
func (c *HCVaultSecretStore) UpsertSecretWithPath(path string, secret map[string]interface{}) error {
secretData := map[string]interface{}{
"data": secret,
}
_, err := c.Client.Logical().Write(path, secretData)
if err != nil {
return fmt.Errorf("failed to upsert '%s' secret in Vega Vault %w", path, err)
}
return nil
}
//
// List
//
func (c *HCVaultSecretStore) GetSecretList(root string, path string) ([]string, error) {
fullPath := fmt.Sprintf("%s/metadata/%s", root, path)
resp, err := c.Client.Logical().List(fullPath)
if err != nil {
return nil, fmt.Errorf("failed to get secret list for '%s/%s' from Vega Vault %w", root, path, err)
}
if resp == nil {
return nil, fmt.Errorf("empty response for get secret list for '%s/%s' from Vega Vault", root, path)
}
respList := resp.Data["keys"].([]interface{})
if respList == nil {
return nil, fmt.Errorf("list of secrets for '%s/%s' is empty", root, path)
}
secretNameList := make([]string, len(respList))
for i, name := range respList {
secretNameList[i] = name.(string)
}
return secretNameList, nil
}