open-vault/builtin/logical/aws/backend.go

package aws

import (
	"strings"
	"time"

	"github.com/hashicorp/vault/logical"
	"github.com/hashicorp/vault/logical/framework"
)

func Factory(conf *logical.BackendConfig) (logical.Backend, error) {
	return Backend().Setup(conf)
}

func Backend() *framework.Backend {
	var b backend
	b.Backend = &framework.Backend{
		Help: strings.TrimSpace(backendHelp),

		PathsSpecial: &logical.Paths{
			Root: []string{
				"config/*",
			},
		},

		Paths: []*framework.Path{
			pathConfigRoot(),
			pathConfigLease(&b),
			pathRoles(),
			pathUser(&b),
			pathSTS(&b),
		},

		Secrets: []*framework.Secret{
			secretAccessKeys(&b),
		},

		Rollback:       rollback,
		RollbackMinAge: 5 * time.Minute,
	}

	return b.Backend
}

type backend struct {
	*framework.Backend
}

const backendHelp = `
The AWS backend dynamically generates AWS access keys for a set of
IAM policies. The AWS access keys have a configurable lease set and
are automatically revoked at the end of the lease.

After mounting this backend, credentials to generate IAM keys must
be configured with the "root" path and policies must be written using
the "roles/" endpoints before any access keys can be generated.
`
logical/aws 2015-03-20 16:59:48 +00:00			`package aws`

			`import (`
logical/framework: support root help 2015-04-04 03:36:47 +00:00			`"strings"`
logical/aws: WAL entry for users, rollback 2015-03-21 10:18:46 +00:00			`"time"`

main: enable AWS backend 2015-03-20 18:32:18 +00:00			`"github.com/hashicorp/vault/logical"`
logical/aws 2015-03-20 16:59:48 +00:00			`"github.com/hashicorp/vault/logical/framework"`
			`)`

Remove SetLogger, and unify on framework.Setup 2015-07-01 00:45:20 +00:00			`func Factory(conf *logical.BackendConfig) (logical.Backend, error) {`
			`return Backend().Setup(conf)`
main: enable AWS backend 2015-03-20 18:32:18 +00:00			`}`

logical/aws 2015-03-20 16:59:48 +00:00			`func Backend() *framework.Backend {`
			`var b backend`
			`b.Backend = &framework.Backend{`
logical/framework: support root help 2015-04-04 03:36:47 +00:00			`Help: strings.TrimSpace(backendHelp),`

logical/*: fix compilation errors 2015-03-31 03:30:07 +00:00			`PathsSpecial: &logical.Paths{`
			`Root: []string{`
logical/aws: move root creds config to config/root 2015-04-19 05:21:31 +00:00			`"config/*",`
logical/*: fix compilation errors 2015-03-31 03:30:07 +00:00			`},`
logical/aws 2015-03-20 16:59:48 +00:00			`},`

			`Paths: []*framework.Path{`
logical/aws: move root creds config to config/root 2015-04-19 05:21:31 +00:00			`pathConfigRoot(),`
logical/aws: leasing/renewal support 2015-04-19 05:25:37 +00:00			`pathConfigLease(&b),`
secret/aws: Using roles instead of policy 2015-04-27 21:20:28 +00:00			`pathRoles(),`
logical/aws 2015-03-20 16:59:48 +00:00			`pathUser(&b),`
Add STS path to AWS backend. The new STS path allows for obtaining the same credentials that you would get from the AWS "creds" path, except it will also provide a security token, and will not have an annoyingly long propagation time before returning to the user. 2015-12-08 04:32:49 +00:00			`pathSTS(&b),`
logical/aws 2015-03-20 16:59:48 +00:00			`},`

			`Secrets: []*framework.Secret{`
logical/aws: leasing/renewal support 2015-04-19 05:25:37 +00:00			`secretAccessKeys(&b),`
logical/aws 2015-03-20 16:59:48 +00:00			`},`
logical/aws: WAL entry for users, rollback 2015-03-21 10:18:46 +00:00
			`Rollback: rollback,`
			`RollbackMinAge: 5 * time.Minute,`
logical/aws 2015-03-20 16:59:48 +00:00			`}`

			`return b.Backend`
			`}`

			`type backend struct {`
			`*framework.Backend`
			`}`
logical/framework: support root help 2015-04-04 03:36:47 +00:00
			const backendHelp = `
			`The AWS backend dynamically generates AWS access keys for a set of`
			`IAM policies. The AWS access keys have a configurable lease set and`
			`are automatically revoked at the end of the lease.`
logical/aws: help 2015-04-04 04:10:54 +00:00
			`After mounting this backend, credentials to generate IAM keys must`
			`be configured with the "root" path and policies must be written using`
secret/aws: Using roles instead of policy 2015-04-27 21:20:28 +00:00			`the "roles/" endpoints before any access keys can be generated.`
logical/framework: support root help 2015-04-04 03:36:47 +00:00			`