/
path_keys_deregister.go
49 lines (41 loc) · 1.56 KB
/
path_keys_deregister.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
package awskms
import (
"context"
"github.com/hashicorp/errwrap"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/logical"
)
func (b *backend) pathKeysDeregister() *framework.Path {
return &framework.Path{
Pattern: "keys/deregister/" + framework.GenericNameRegex("key"),
HelpSynopsis: "Deregister an existing key in Vault",
HelpDescription: `
This endpoint deregisters an existing reference Vault has to a crypto key in
Google Cloud KMS. The underlying Google Cloud KMS key remains unchanged.
`,
Fields: map[string]*framework.FieldSchema{
"key": &framework.FieldSchema{
Type: framework.TypeString,
Description: `
Name of the key to deregister in Vault. If the key exists in Google Cloud KMS,
it will be left untouched.
`,
},
},
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.CreateOperation: withFieldValidator(b.pathKeysDeregisterWrite),
logical.UpdateOperation: withFieldValidator(b.pathKeysDeregisterWrite),
logical.DeleteOperation: withFieldValidator(b.pathKeysDeregisterWrite),
},
}
}
// pathKeysDeregisterWrite corresponds to POST awskms/keys/deregister/:key
// and deregisters a key for use in Vault. It does not delete or disable the
// underlying GCP KMS keys.
func (b *backend) pathKeysDeregisterWrite(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
key := d.Get("key").(string)
if err := req.Storage.Delete(ctx, "keys/"+key); err != nil {
return nil, errwrap.Wrapf("failed to delete from storage: {{err}}", err)
}
return nil, nil
}