open-vault/builtin/logical/nomad/backend.go

83 lines
1.6 KiB
Go
Raw Normal View History

2017-09-20 20:59:35 +00:00
package nomad
import (
"context"
"github.com/hashicorp/nomad/api"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/logical"
2017-09-20 20:59:35 +00:00
)
// Factory returns a Nomad backend that satisfies the logical.Backend interface
func Factory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error) {
2017-09-20 20:59:35 +00:00
b := Backend()
if err := b.Setup(ctx, conf); err != nil {
2017-09-20 20:59:35 +00:00
return nil, err
}
return b, nil
}
// Backend returns the configured Nomad backend
2017-09-20 20:59:35 +00:00
func Backend() *backend {
var b backend
b.Backend = &framework.Backend{
PathsSpecial: &logical.Paths{
SealWrapStorage: []string{
"config/access",
},
},
2017-09-20 20:59:35 +00:00
Paths: []*framework.Path{
2017-11-06 21:34:20 +00:00
pathConfigAccess(&b),
pathConfigLease(&b),
2017-09-20 20:59:35 +00:00
pathListRoles(&b),
2017-11-06 21:34:20 +00:00
pathRoles(&b),
pathCredsCreate(&b),
2017-09-20 20:59:35 +00:00
},
Secrets: []*framework.Secret{
secretToken(&b),
},
BackendType: logical.TypeLogical,
}
return &b
}
type backend struct {
*framework.Backend
}
func (b *backend) client(ctx context.Context, s logical.Storage) (*api.Client, error) {
conf, err := b.readConfigAccess(ctx, s)
2017-11-06 21:34:20 +00:00
if err != nil {
return nil, err
}
nomadConf := api.DefaultConfig()
if conf != nil {
if conf.Address != "" {
nomadConf.Address = conf.Address
}
if conf.Token != "" {
nomadConf.SecretID = conf.Token
}
if conf.CACert != "" {
nomadConf.TLSConfig.CACertPEM = []byte(conf.CACert)
}
if conf.ClientCert != "" {
nomadConf.TLSConfig.ClientCertPEM = []byte(conf.ClientCert)
}
if conf.ClientKey != "" {
nomadConf.TLSConfig.ClientKeyPEM = []byte(conf.ClientKey)
}
}
2017-11-06 21:34:20 +00:00
client, err := api.NewClient(nomadConf)
if err != nil {
return nil, err
}
2017-11-06 21:34:20 +00:00
return client, nil
2017-09-20 20:59:35 +00:00
}