open-vault/builtin/logical/ssh/path_fetch.go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0

package ssh

import (
	"context"

	"github.com/hashicorp/vault/sdk/framework"
	"github.com/hashicorp/vault/sdk/logical"
)

func pathFetchPublicKey(b *backend) *framework.Path {
	return &framework.Path{
		Pattern: `public_key`,

		DisplayAttrs: &framework.DisplayAttributes{
			OperationPrefix: operationPrefixSSH,
			OperationSuffix: "public-key",
		},

		Callbacks: map[logical.Operation]framework.OperationFunc{
			logical.ReadOperation: b.pathFetchPublicKey,
		},

		HelpSynopsis:    `Retrieve the public key.`,
		HelpDescription: `This allows the public key of the SSH CA certificate that this backend has been configured with to be fetched. This is a raw response endpoint without JSON encoding; use -format=raw or an external tool (e.g., curl) to fetch this value.`,
	}
}

func (b *backend) pathFetchPublicKey(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
	publicKeyEntry, err := caKey(ctx, req.Storage, caPublicKey)
	if err != nil {
		return nil, err
	}
	if publicKeyEntry == nil || publicKeyEntry.Key == "" {
		return nil, nil
	}

	response := &logical.Response{
		Data: map[string]interface{}{
			logical.HTTPContentType: "text/plain",
			logical.HTTPRawBody:     []byte(publicKeyEntry.Key),
			logical.HTTPStatusCode:  200,
		},
	}

	return response, nil
}
adding copyright header (#19555) * adding copyright header * fix fmt and a test 2023-03-15 16:00:52 +00:00			`// Copyright (c) HashiCorp, Inc.`
			`// SPDX-License-Identifier: MPL-2.0`

Add ability to create SSH certificates 2016-12-26 14:03:27 +00:00			`package ssh`

			`import (`
Pass context to backends (#3750) * Start work on passing context to backends * More work on passing context * Unindent logical system * Unindent token store * Unindent passthrough * Unindent cubbyhole * Fix tests * use requestContext in rollback and expiration managers 2018-01-08 18:31:38 +00:00			`"context"`

Create sdk/ and api/ submodules (#6583) 2019-04-12 21:54:35 +00:00			`"github.com/hashicorp/vault/sdk/framework"`
Switch to go modules (#6585) * Switch to go modules * Make fmt 2019-04-13 07:44:06 +00:00			`"github.com/hashicorp/vault/sdk/logical"`
Add ability to create SSH certificates 2016-12-26 14:03:27 +00:00			`)`

			`func pathFetchPublicKey(b backend) framework.Path {`
			`return &framework.Path{`
			Pattern: `public_key`,

openapi: Add display attributes for SSH plugin (#19543) 2023-04-10 18:18:00 +00:00			`DisplayAttrs: &framework.DisplayAttributes{`
			`OperationPrefix: operationPrefixSSH,`
			`OperationSuffix: "public-key",`
			`},`

Add ability to create SSH certificates 2016-12-26 14:03:27 +00:00			`Callbacks: map[logical.Operation]framework.OperationFunc{`
			`logical.ReadOperation: b.pathFetchPublicKey,`
			`},`

			HelpSynopsis: `Retrieve the public key.`,
Remove dynamic keys from SSH Secrets Engine (#18874) * Remove dynamic keys from SSH Secrets Engine This removes the functionality of Vault creating keys and adding them to the authorized keys file on hosts. This functionality has been deprecated since Vault version 0.7.2. The preferred alternative is to use the SSH CA method, which also allows key generation but places limits on TTL and doesn't require Vault reach out to provision each key on the specified host, making it much more secure. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Remove dynamic ssh references from documentation Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add changelog entry Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Remove dynamic key secret type entirely Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Clarify changelog language Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add removal notice to the website Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> --------- Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> 2023-01-31 21:02:22 +00:00			HelpDescription: `This allows the public key of the SSH CA certificate that this backend has been configured with to be fetched. This is a raw response endpoint without JSON encoding; use -format=raw or an external tool (e.g., curl) to fetch this value.`,
Add ability to create SSH certificates 2016-12-26 14:03:27 +00:00			`}`
			`}`

Pass context to backends (#3750) * Start work on passing context to backends * More work on passing context * Unindent logical system * Unindent token store * Unindent passthrough * Unindent cubbyhole * Fix tests * use requestContext in rollback and expiration managers 2018-01-08 18:31:38 +00:00			`func (b backend) pathFetchPublicKey(ctx context.Context, req logical.Request, data framework.FieldData) (logical.Response, error) {`
Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`publicKeyEntry, err := caKey(ctx, req.Storage, caPublicKey)`
Add ability to create SSH certificates 2016-12-26 14:03:27 +00:00			`if err != nil {`
			`return nil, err`
			`}`
SSH CA enhancements (#2442) * Use constants for storage paths * Upgrade path for public key storage * Fix calculateValidPrincipals, upgrade ca_private_key, and other changes * Remove a print statement * Added tests for upgrade case * Make exporting consistent in creation bundle * unexporting and constants * Move keys into a struct instead of plain string * minor changes 2017-03-08 22:36:21 +00:00			`if publicKeyEntry == nil \|\| publicKeyEntry.Key == "" {`
Rework ssh ca (#2419) * docs: input format for default_critical_options and default_extensions * s/sshca/ssh * Added default_critical_options and default_extensions to the read endpoint of role * Change default time return value to 0 2017-03-01 20:50:23 +00:00			`return nil, nil`
			`}`

Add ability to create SSH certificates 2016-12-26 14:03:27 +00:00			`response := &logical.Response{`
			`Data: map[string]interface{}{`
			`logical.HTTPContentType: "text/plain",`
SSH CA enhancements (#2442) * Use constants for storage paths * Upgrade path for public key storage * Fix calculateValidPrincipals, upgrade ca_private_key, and other changes * Remove a print statement * Added tests for upgrade case * Make exporting consistent in creation bundle * unexporting and constants * Move keys into a struct instead of plain string * minor changes 2017-03-08 22:36:21 +00:00			`logical.HTTPRawBody: []byte(publicKeyEntry.Key),`
Add ability to create SSH certificates 2016-12-26 14:03:27 +00:00			`logical.HTTPStatusCode: 200,`
Rework ssh ca (#2419) * docs: input format for default_critical_options and default_extensions * s/sshca/ssh * Added default_critical_options and default_extensions to the read endpoint of role * Change default time return value to 0 2017-03-01 20:50:23 +00:00			`},`
			`}`
Add ability to create SSH certificates 2016-12-26 14:03:27 +00:00
			`return response, nil`
			`}`