deb.open-vault/builtin/logical/ssh/path_cleanup_dynamic_host_keys.go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0

package ssh

import (
	"context"
	"fmt"

	"github.com/hashicorp/vault/sdk/framework"
	"github.com/hashicorp/vault/sdk/logical"
)

const keysStoragePrefix = "keys/"

func pathCleanupKeys(b *backend) *framework.Path {
	return &framework.Path{
		Pattern: "tidy/dynamic-keys",
		DisplayAttrs: &framework.DisplayAttributes{
			OperationPrefix: operationPrefixSSH,
			OperationVerb:   "tidy",
			OperationSuffix: "dynamic-host-keys",
		},
		Callbacks: map[logical.Operation]framework.OperationFunc{
			logical.DeleteOperation: b.handleCleanupKeys,
		},
		HelpSynopsis:    `This endpoint removes the stored host keys used for the removed Dynamic Key feature, if present.`,
		HelpDescription: `For more information, refer to the API documentation.`,
	}
}

func (b *backend) handleCleanupKeys(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
	names, err := req.Storage.List(ctx, keysStoragePrefix)
	if err != nil {
		return nil, fmt.Errorf("unable to list keys for removal: %w", err)
	}

	for index, name := range names {
		keyPath := keysStoragePrefix + name
		if err := req.Storage.Delete(ctx, keyPath); err != nil {
			return nil, fmt.Errorf("unable to delete key %v of %v: %w", index+1, len(names), err)
		}
	}

	return &logical.Response{
		Data: map[string]interface{}{
			"message": fmt.Sprintf("Removed %v of %v host keys.", len(names), len(names)),
		},
	}, nil
}