luxolus/open-nomad
2
0
Fork 0
Code Issues 1 Pull requests Packages Releases Wiki Activity
open-nomad/command/agent/secure_variable_endpoint.go
Charlie Voiselle 06c6a950c4 Secure Variables: Seperate Encrypted and Decrypted structs (#13355) 
This PR splits SecureVariable into SecureVariableDecrypted and
SecureVariableEncrypted in order to use the type system to help
verify that cleartext secret material is not committed to file.

* Make Encrypt function return KeyID
* Split SecureVariable

Co-authored-by: Tim Gross <tgross@hashicorp.com>
2022-07-11 13:34:05 -04:00

113 lines
3.2 KiB
Go
Raw Blame History

package agent
import (
"net/http"
"strings"
"github.com/hashicorp/nomad/nomad/structs"
)
func (s *HTTPServer) SecureVariablesListRequest(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
if req.Method != "GET" {
return nil, CodedError(http.StatusMethodNotAllowed, ErrInvalidMethod)
}
args := structs.SecureVariablesListRequest{}
if s.parse(resp, req, &args.Region, &args.QueryOptions) {
return nil, nil
}
var out structs.SecureVariablesListResponse
if err := s.agent.RPC(structs.SecureVariablesListRPCMethod, &args, &out); err != nil {
return nil, err
}
setMeta(resp, &out.QueryMeta)
if out.Data == nil {
out.Data = make([]*structs.SecureVariableMetadata, 0)
}
return out.Data, nil
}
func (s *HTTPServer) SecureVariableSpecificRequest(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
path := strings.TrimPrefix(req.URL.Path, "/v1/var/")
if len(path) == 0 {
return nil, CodedError(http.StatusBadRequest, "Missing secure variable path")
}
switch req.Method {
case http.MethodGet:
return s.secureVariableQuery(resp, req, path)
case http.MethodPut, http.MethodPost:
return s.secureVariableUpsert(resp, req, path)
case http.MethodDelete:
return s.secureVariableDelete(resp, req, path)
default:
return nil, CodedError(http.StatusBadRequest, ErrInvalidMethod)
}
}
func (s *HTTPServer) secureVariableQuery(resp http.ResponseWriter, req *http.Request,
path string) (interface{}, error) {
args := structs.SecureVariablesReadRequest{
Path: path,
}
if s.parse(resp, req, &args.Region, &args.QueryOptions) {
return nil, nil
}
var out structs.SecureVariablesReadResponse
if err := s.agent.RPC(structs.SecureVariablesReadRPCMethod, &args, &out); err != nil {
return nil, err
}
setMeta(resp, &out.QueryMeta)
if out.Data == nil {
return nil, CodedError(http.StatusNotFound, "Secure variable not found")
}
return out.Data, nil
}
func (s *HTTPServer) secureVariableUpsert(resp http.ResponseWriter, req *http.Request,
path string) (interface{}, error) {
// Parse the SecureVariable
var SecureVariable structs.SecureVariableDecrypted
if err := decodeBody(req, &SecureVariable); err != nil {
return nil, CodedError(http.StatusBadRequest, err.Error())
}
if SecureVariable.Items == nil {
return nil, CodedError(http.StatusBadRequest, "Secure variable missing required Items object.")
}
SecureVariable.Path = path
// Format the request
args := structs.SecureVariablesUpsertRequest{
Data: []*structs.SecureVariableDecrypted{&SecureVariable},
}
s.parseWriteRequest(req, &args.WriteRequest)
var out structs.SecureVariablesUpsertResponse
if err := s.agent.RPC(structs.SecureVariablesUpsertRPCMethod, &args, &out); err != nil {
return nil, err
}
setIndex(resp, out.WriteMeta.Index)
return nil, nil
}
func (s *HTTPServer) secureVariableDelete(resp http.ResponseWriter, req *http.Request,
path string) (interface{}, error) {
args := structs.SecureVariablesDeleteRequest{
Path: path,
}
s.parseWriteRequest(req, &args.WriteRequest)
var out structs.SecureVariablesDeleteResponse
if err := s.agent.RPC(structs.SecureVariablesDeleteRPCMethod, &args, &out); err != nil {
return nil, err
}
setIndex(resp, out.WriteMeta.Index)
return nil, nil
}
Reference in a new issue View git blame Copy permalink