open-vault/logical/response.go

package logical

// Response is a struct that stores the response of a request.
// It is used to abstract the details of the higher level request protocol.
type Response struct {
	// Secret, if not nil, denotes that this response represents a secret.
	Secret *Secret

	// Auth, if not nil, contains the authentication information for
	// this response. This is only checked and means something for
	// credential backends.
	Auth *Auth

	// Response data is an opaque map that must have string keys. For
	// secrets, this data is sent down to the user as-is. To store internal
	// data that you don't want the user to see, store it in
	// Secret.InternalData.
	Data map[string]interface{}

	// Redirect is an HTTP URL to redirect to for further authentication.
	// This is only valid for credential backends. This will be blanked
	// for any logical backend and ignored.
	Redirect string
}

// IsError returns true if this response seems to indicate an error.
func (r *Response) IsError() bool {
	return r != nil && len(r.Data) == 1 && r.Data["error"] != nil
}

// HelpResponse is used to format a help response
func HelpResponse(text string, seeAlso []string) *Response {
	return &Response{
		Data: map[string]interface{}{
			"help":     text,
			"see_also": seeAlso,
		},
	}
}

// ErrorResponse is used to format an error response
func ErrorResponse(text string) *Response {
	return &Response{
		Data: map[string]interface{}{
			"error": text,
		},
	}
}

// ListResponse is used to format a response to a list operation.
func ListResponse(keys []string) *Response {
	return &Response{
		Data: map[string]interface{}{
			"keys": keys,
		},
	}
}
logical: put structs here, vault uses them 2015-03-15 20:52:43 +00:00			`package logical`

			`// Response is a struct that stores the response of a request.`
			`// It is used to abstract the details of the higher level request protocol.`
			`type Response struct {`
vault: clean up VaultID duplications, make secret responses clearer /cc @armon - This is a reasonably major refactor that I think cleans up a lot of the logic with secrets in responses. The reason for the refactor is that while implementing Renew/Revoke in logical/framework I found the existing API to be really awkward to work with. Primarily, we needed a way to send down internal data for Vault core to store since not all the data you need to revoke a key is always sent down to the user (for example the user than AWS key belongs to). At first, I was doing this manually in logical/framework with req.Storage, but this is going to be such a common event that I think its something core should assist with. Additionally, I think the added context for secrets will be useful in the future when we have a Vault API for returning orphaned out keys: we can also return the internal data that might help an operator. So this leads me to this refactor. I've removed most of the fields in `logical.Response` and replaced it with a single `*Secret` pointer. If this is non-nil, then the response represents a secret. The Secret struct encapsulates all the lease info and such. It also has some fields on it that are only populated at _request_ time for Revoke/Renew operations. There is precedent for this sort of behavior in the Go stdlib where http.Request/http.Response have fields that differ based on client/server. I copied this style. All core unit tests pass. The APIs fail for obvious reasons but I'll fix that up in the next commit. 2015-03-19 22:11:42 +00:00			`// Secret, if not nil, denotes that this response represents a secret.`
			`Secret *Secret`
logical: put structs here, vault uses them 2015-03-15 20:52:43 +00:00
logical: add credential info to logical backend structures 2015-03-30 21:23:32 +00:00			`// Auth, if not nil, contains the authentication information for`
			`// this response. This is only checked and means something for`
			`// credential backends.`
			`Auth *Auth`

vault: clean up VaultID duplications, make secret responses clearer /cc @armon - This is a reasonably major refactor that I think cleans up a lot of the logic with secrets in responses. The reason for the refactor is that while implementing Renew/Revoke in logical/framework I found the existing API to be really awkward to work with. Primarily, we needed a way to send down internal data for Vault core to store since not all the data you need to revoke a key is always sent down to the user (for example the user than AWS key belongs to). At first, I was doing this manually in logical/framework with req.Storage, but this is going to be such a common event that I think its something core should assist with. Additionally, I think the added context for secrets will be useful in the future when we have a Vault API for returning orphaned out keys: we can also return the internal data that might help an operator. So this leads me to this refactor. I've removed most of the fields in `logical.Response` and replaced it with a single `*Secret` pointer. If this is non-nil, then the response represents a secret. The Secret struct encapsulates all the lease info and such. It also has some fields on it that are only populated at _request_ time for Revoke/Renew operations. There is precedent for this sort of behavior in the Go stdlib where http.Request/http.Response have fields that differ based on client/server. I copied this style. All core unit tests pass. The APIs fail for obvious reasons but I'll fix that up in the next commit. 2015-03-19 22:11:42 +00:00			`// Response data is an opaque map that must have string keys. For`
			`// secrets, this data is sent down to the user as-is. To store internal`
			`// data that you don't want the user to see, store it in`
			`// Secret.InternalData.`
logical: put structs here, vault uses them 2015-03-15 20:52:43 +00:00			`Data map[string]interface{}`
logical: add Redirect to response 2015-03-31 00:56:24 +00:00
			`// Redirect is an HTTP URL to redirect to for further authentication.`
			`// This is only valid for credential backends. This will be blanked`
			`// for any logical backend and ignored.`
			`Redirect string`
logical: put structs here, vault uses them 2015-03-15 20:52:43 +00:00			`}`

logical/aws 2015-03-20 16:59:48 +00:00			`// IsError returns true if this response seems to indicate an error.`
			`func (r *Response) IsError() bool {`
			`return r != nil && len(r.Data) == 1 && r.Data["error"] != nil`
logical: put structs here, vault uses them 2015-03-15 20:52:43 +00:00			`}`

			`// HelpResponse is used to format a help response`
			`func HelpResponse(text string, seeAlso []string) *Response {`
			`return &Response{`
			`Data: map[string]interface{}{`
			`"help": text,`
			`"see_also": seeAlso,`
			`},`
			`}`
			`}`

			`// ErrorResponse is used to format an error response`
			`func ErrorResponse(text string) *Response {`
			`return &Response{`
			`Data: map[string]interface{}{`
			`"error": text,`
			`},`
			`}`
			`}`
vault: Passthrough backend uses logical.Backend 2015-03-15 21:26:48 +00:00
			`// ListResponse is used to format a response to a list operation.`
			`func ListResponse(keys []string) *Response {`
			`return &Response{`
			`Data: map[string]interface{}{`
			`"keys": keys,`
			`},`
			`}`
			`}`