50 lines
1.4 KiB
Go
50 lines
1.4 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
package ssh
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/hashicorp/vault/sdk/framework"
|
|
"github.com/hashicorp/vault/sdk/logical"
|
|
)
|
|
|
|
func pathFetchPublicKey(b *backend) *framework.Path {
|
|
return &framework.Path{
|
|
Pattern: `public_key`,
|
|
|
|
DisplayAttrs: &framework.DisplayAttributes{
|
|
OperationPrefix: operationPrefixSSH,
|
|
OperationSuffix: "public-key",
|
|
},
|
|
|
|
Callbacks: map[logical.Operation]framework.OperationFunc{
|
|
logical.ReadOperation: b.pathFetchPublicKey,
|
|
},
|
|
|
|
HelpSynopsis: `Retrieve the public key.`,
|
|
HelpDescription: `This allows the public key of the SSH CA certificate that this backend has been configured with to be fetched. This is a raw response endpoint without JSON encoding; use -format=raw or an external tool (e.g., curl) to fetch this value.`,
|
|
}
|
|
}
|
|
|
|
func (b *backend) pathFetchPublicKey(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
|
|
publicKeyEntry, err := caKey(ctx, req.Storage, caPublicKey)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if publicKeyEntry == nil || publicKeyEntry.Key == "" {
|
|
return nil, nil
|
|
}
|
|
|
|
response := &logical.Response{
|
|
Data: map[string]interface{}{
|
|
logical.HTTPContentType: "text/plain",
|
|
logical.HTTPRawBody: []byte(publicKeyEntry.Key),
|
|
logical.HTTPStatusCode: 200,
|
|
},
|
|
}
|
|
|
|
return response, nil
|
|
}
|