open-vault/builtin/credential/github/path_config.go

package github

import (
	"context"
	"fmt"
	"net/url"
	"strings"
	"time"

	"github.com/hashicorp/errwrap"
	"github.com/hashicorp/vault/sdk/framework"
	"github.com/hashicorp/vault/sdk/helper/tokenutil"
	"github.com/hashicorp/vault/sdk/logical"
)

func pathConfig(b *backend) *framework.Path {
	p := &framework.Path{
		Pattern: "config",
		Fields: map[string]*framework.FieldSchema{
			"organization": {
				Type:        framework.TypeString,
				Description: "The organization users must be part of",
			},

			"base_url": {
				Type: framework.TypeString,
				Description: `The API endpoint to use. Useful if you
are running GitHub Enterprise or an
API-compatible authentication server.`,
				DisplayAttrs: &framework.DisplayAttributes{
					Name:  "Base URL",
					Group: "GitHub Options",
				},
			},
			"ttl": {
				Type:        framework.TypeDurationSecond,
				Description: tokenutil.DeprecationText("token_ttl"),
				Deprecated:  true,
			},
			"max_ttl": {
				Type:        framework.TypeDurationSecond,
				Description: tokenutil.DeprecationText("token_max_ttl"),
				Deprecated:  true,
			},
		},

		Callbacks: map[logical.Operation]framework.OperationFunc{
			logical.UpdateOperation: b.pathConfigWrite,
			logical.ReadOperation:   b.pathConfigRead,
		},
	}

	tokenutil.AddTokenFields(p.Fields)
	p.Fields["token_policies"].Description += ". This will apply to all tokens generated by this auth method, in addition to any policies configured for specific users/groups."
	return p
}

func (b *backend) pathConfigWrite(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
	c, err := b.Config(ctx, req.Storage)
	if err != nil {
		return nil, err
	}
	if c == nil {
		c = &config{}
	}

	if organizationRaw, ok := data.GetOk("organization"); ok {
		c.Organization = organizationRaw.(string)
	}

	if baseURLRaw, ok := data.GetOk("base_url"); ok {
		baseURL := baseURLRaw.(string)
		_, err := url.Parse(baseURL)
		if err != nil {
			return logical.ErrorResponse(fmt.Sprintf("Error parsing given base_url: %s", err)), nil
		}
		if !strings.HasSuffix(baseURL, "/") {
			baseURL += "/"
		}
		c.BaseURL = baseURL
	}

	if err := c.ParseTokenFields(req, data); err != nil {
		return logical.ErrorResponse(err.Error()), logical.ErrInvalidRequest
	}

	// Handle upgrade cases
	{
		if err := tokenutil.UpgradeValue(data, "ttl", "token_ttl", &c.TTL, &c.TokenTTL); err != nil {
			return logical.ErrorResponse(err.Error()), nil
		}

		if err := tokenutil.UpgradeValue(data, "max_ttl", "token_max_ttl", &c.MaxTTL, &c.TokenMaxTTL); err != nil {
			return logical.ErrorResponse(err.Error()), nil
		}
	}

	entry, err := logical.StorageEntryJSON("config", c)
	if err != nil {
		return nil, err
	}

	if err := req.Storage.Put(ctx, entry); err != nil {
		return nil, err
	}

	return nil, nil
}

func (b *backend) pathConfigRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
	config, err := b.Config(ctx, req.Storage)
	if err != nil {
		return nil, err
	}
	if config == nil {
		return nil, nil
	}

	d := map[string]interface{}{
		"organization": config.Organization,
		"base_url":     config.BaseURL,
	}
	config.PopulateTokenData(d)

	if config.TTL > 0 {
		d["ttl"] = int64(config.TTL.Seconds())
	}
	if config.MaxTTL > 0 {
		d["max_ttl"] = int64(config.MaxTTL.Seconds())
	}

	return &logical.Response{
		Data: d,
	}, nil
}

// Config returns the configuration for this backend.
func (b *backend) Config(ctx context.Context, s logical.Storage) (*config, error) {
	entry, err := s.Get(ctx, "config")
	if err != nil {
		return nil, err
	}
	if entry == nil {
		return nil, nil
	}

	var result config
	if entry != nil {
		if err := entry.DecodeJSON(&result); err != nil {
			return nil, errwrap.Wrapf("error reading configuration: {{err}}", err)
		}
	}

	if result.TokenTTL == 0 && result.TTL > 0 {
		result.TokenTTL = result.TTL
	}
	if result.TokenMaxTTL == 0 && result.MaxTTL > 0 {
		result.TokenMaxTTL = result.MaxTTL
	}

	return &result, nil
}

type config struct {
	tokenutil.TokenParams

	Organization string        `json:"organization" structs:"organization" mapstructure:"organization"`
	BaseURL      string        `json:"base_url" structs:"base_url" mapstructure:"base_url"`
	TTL          time.Duration `json:"ttl" structs:"ttl" mapstructure:"ttl"`
	MaxTTL       time.Duration `json:"max_ttl" structs:"max_ttl" mapstructure:"max_ttl"`
}
credential/github: auth with github 2015-04-01 22:46:21 +00:00			`package github`

			`import (`
Pass context to backends (#3750) * Start work on passing context to backends * More work on passing context * Unindent logical system * Unindent token store * Unindent passthrough * Unindent cubbyhole * Fix tests * use requestContext in rollback and expiration managers 2018-01-08 18:31:38 +00:00			`"context"`
credential/github: auth with github 2015-04-01 22:46:21 +00:00			`"fmt"`
Add base_url option to GitHub auth provider to allow selecting a custom endpoint. Fixes #572. 2015-08-28 13:28:35 +00:00			`"net/url"`
Update github to tokenutil (#7031) * Update github to tokenutil * Update phrasing 2019-07-01 20:31:30 +00:00			`"strings"`
Revert "Refactor common token fields and operations into a helper (#5953)" This reverts commit 66c226c593bb1cd48cfd8364ac8510cb42b7d67a. 2019-02-01 16:23:40 +00:00			`"time"`
credential/github: auth with github 2015-04-01 22:46:21 +00:00
Errwrap everywhere (#4252) * package api * package builtin/credential * package builtin/logical * package command * package helper * package http and logical * package physical * package shamir * package vault * package vault * address feedback * more fixes 2018-04-05 15:49:21 +00:00			`"github.com/hashicorp/errwrap"`
Create sdk/ and api/ submodules (#6583) 2019-04-12 21:54:35 +00:00			`"github.com/hashicorp/vault/sdk/framework"`
Update github to tokenutil (#7031) * Update github to tokenutil * Update phrasing 2019-07-01 20:31:30 +00:00			`"github.com/hashicorp/vault/sdk/helper/tokenutil"`
Switch to go modules (#6585) * Switch to go modules * Make fmt 2019-04-13 07:44:06 +00:00			`"github.com/hashicorp/vault/sdk/logical"`
credential/github: auth with github 2015-04-01 22:46:21 +00:00			`)`

Github backend: enable auth renewals 2015-10-02 17:33:19 +00:00			`func pathConfig(b backend) framework.Path {`
Update github to tokenutil (#7031) * Update github to tokenutil * Update phrasing 2019-07-01 20:31:30 +00:00			`p := &framework.Path{`
credential/github: auth with github 2015-04-01 22:46:21 +00:00			`Pattern: "config",`
			`Fields: map[string]*framework.FieldSchema{`
Run a more strict formatter over the code (#11312) * Update tooling * Run gofumpt * go mod vendor 2021-04-08 16:43:39 +00:00			`"organization": {`
credential/github: auth with github 2015-04-01 22:46:21 +00:00			`Type: framework.TypeString,`
			`Description: "The organization users must be part of",`
			`},`
Add base_url option to GitHub auth provider to allow selecting a custom endpoint. Fixes #572. 2015-08-28 13:28:35 +00:00
Run a more strict formatter over the code (#11312) * Update tooling * Run gofumpt * go mod vendor 2021-04-08 16:43:39 +00:00			`"base_url": {`
Add base_url option to GitHub auth provider to allow selecting a custom endpoint. Fixes #572. 2015-08-28 13:28:35 +00:00			`Type: framework.TypeString,`
			Description: `The API endpoint to use. Useful if you
			`are running GitHub Enterprise or an`
			API-compatible authentication server.`,
update OpenAPI output to use DisplayAttributes struct (#6928) 2019-06-21 15:08:08 +00:00			`DisplayAttrs: &framework.DisplayAttributes{`
			`Name: "Base URL",`
			`Group: "GitHub Options",`
			`},`
Add base_url option to GitHub auth provider to allow selecting a custom endpoint. Fixes #572. 2015-08-28 13:28:35 +00:00			`},`
Run a more strict formatter over the code (#11312) * Update tooling * Run gofumpt * go mod vendor 2021-04-08 16:43:39 +00:00			`"ttl": {`
Update github to tokenutil (#7031) * Update github to tokenutil * Update phrasing 2019-07-01 20:31:30 +00:00			`Type: framework.TypeDurationSecond,`
			`Description: tokenutil.DeprecationText("token_ttl"),`
			`Deprecated: true,`
Revert "Refactor common token fields and operations into a helper (#5953)" This reverts commit 66c226c593bb1cd48cfd8364ac8510cb42b7d67a. 2019-02-01 16:23:40 +00:00			`},`
Run a more strict formatter over the code (#11312) * Update tooling * Run gofumpt * go mod vendor 2021-04-08 16:43:39 +00:00			`"max_ttl": {`
Update github to tokenutil (#7031) * Update github to tokenutil * Update phrasing 2019-07-01 20:31:30 +00:00			`Type: framework.TypeDurationSecond,`
			`Description: tokenutil.DeprecationText("token_max_ttl"),`
			`Deprecated: true,`
Revert "Refactor common token fields and operations into a helper (#5953)" This reverts commit 66c226c593bb1cd48cfd8364ac8510cb42b7d67a. 2019-02-01 16:23:40 +00:00			`},`
credential/github: auth with github 2015-04-01 22:46:21 +00:00			`},`

			`Callbacks: map[logical.Operation]framework.OperationFunc{`
WriteOperation -> UpdateOperation 2016-01-07 15:30:47 +00:00			`logical.UpdateOperation: b.pathConfigWrite,`
add gofmt checks to Vault and format existing code (#2745) 2017-05-19 12:34:17 +00:00			`logical.ReadOperation: b.pathConfigRead,`
credential/github: auth with github 2015-04-01 22:46:21 +00:00			`},`
			`}`
Update github to tokenutil (#7031) * Update github to tokenutil * Update phrasing 2019-07-01 20:31:30 +00:00
			`tokenutil.AddTokenFields(p.Fields)`
			`p.Fields["token_policies"].Description += ". This will apply to all tokens generated by this auth method, in addition to any policies configured for specific users/groups."`
			`return p`
credential/github: auth with github 2015-04-01 22:46:21 +00:00			`}`

Pass context to backends (#3750) * Start work on passing context to backends * More work on passing context * Unindent logical system * Unindent token store * Unindent passthrough * Unindent cubbyhole * Fix tests * use requestContext in rollback and expiration managers 2018-01-08 18:31:38 +00:00			`func (b backend) pathConfigWrite(ctx context.Context, req logical.Request, data framework.FieldData) (logical.Response, error) {`
Update github to tokenutil (#7031) * Update github to tokenutil * Update phrasing 2019-07-01 20:31:30 +00:00			`c, err := b.Config(ctx, req.Storage)`
			`if err != nil {`
			`return nil, err`
			`}`
			`if c == nil {`
			`c = &config{}`
			`}`

			`if organizationRaw, ok := data.GetOk("organization"); ok {`
			`c.Organization = organizationRaw.(string)`
			`}`

			`if baseURLRaw, ok := data.GetOk("base_url"); ok {`
			`baseURL := baseURLRaw.(string)`
Add base_url option to GitHub auth provider to allow selecting a custom endpoint. Fixes #572. 2015-08-28 13:28:35 +00:00			`_, err := url.Parse(baseURL)`
			`if err != nil {`
			`return logical.ErrorResponse(fmt.Sprintf("Error parsing given base_url: %s", err)), nil`
			`}`
Update github to tokenutil (#7031) * Update github to tokenutil * Update phrasing 2019-07-01 20:31:30 +00:00			`if !strings.HasSuffix(baseURL, "/") {`
			`baseURL += "/"`
			`}`
			`c.BaseURL = baseURL`
Add base_url option to GitHub auth provider to allow selecting a custom endpoint. Fixes #572. 2015-08-28 13:28:35 +00:00			`}`

Update github to tokenutil (#7031) * Update github to tokenutil * Update phrasing 2019-07-01 20:31:30 +00:00			`if err := c.ParseTokenFields(req, data); err != nil {`
			`return logical.ErrorResponse(err.Error()), logical.ErrInvalidRequest`
Use SanitizeTTL in credential request path instead of config 2015-10-02 19:41:35 +00:00			`}`

Update github to tokenutil (#7031) * Update github to tokenutil * Update phrasing 2019-07-01 20:31:30 +00:00			`// Handle upgrade cases`
			`{`
Add UpgradeValue path to tokenutil (#7041) This drastically reduces boilerplate for upgrading existing values 2019-07-02 13:52:05 +00:00			`if err := tokenutil.UpgradeValue(data, "ttl", "token_ttl", &c.TTL, &c.TokenTTL); err != nil {`
			`return logical.ErrorResponse(err.Error()), nil`
Revert "Refactor common token fields and operations into a helper (#5953)" This reverts commit 66c226c593bb1cd48cfd8364ac8510cb42b7d67a. 2019-02-01 16:23:40 +00:00			`}`
Github backend: enable auth renewals 2015-10-02 17:33:19 +00:00
Add UpgradeValue path to tokenutil (#7041) This drastically reduces boilerplate for upgrading existing values 2019-07-02 13:52:05 +00:00			`if err := tokenutil.UpgradeValue(data, "max_ttl", "token_max_ttl", &c.MaxTTL, &c.TokenMaxTTL); err != nil {`
			`return logical.ErrorResponse(err.Error()), nil`
Update github to tokenutil (#7031) * Update github to tokenutil * Update phrasing 2019-07-01 20:31:30 +00:00			`}`
			`}`
Github backend: enable auth renewals 2015-10-02 17:33:19 +00:00
Update github to tokenutil (#7031) * Update github to tokenutil * Update phrasing 2019-07-01 20:31:30 +00:00			`entry, err := logical.StorageEntryJSON("config", c)`
credential/github: auth with github 2015-04-01 22:46:21 +00:00			`if err != nil {`
			`return nil, err`
			`}`

Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`if err := req.Storage.Put(ctx, entry); err != nil {`
credential/github: auth with github 2015-04-01 22:46:21 +00:00			`return nil, err`
			`}`

			`return nil, nil`
			`}`

Pass context to backends (#3750) * Start work on passing context to backends * More work on passing context * Unindent logical system * Unindent token store * Unindent passthrough * Unindent cubbyhole * Fix tests * use requestContext in rollback and expiration managers 2018-01-08 18:31:38 +00:00			`func (b backend) pathConfigRead(ctx context.Context, req logical.Request, data framework.FieldData) (logical.Response, error) {`
Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`config, err := b.Config(ctx, req.Storage)`
Added a 'read' for github config 2017-01-11 00:21:31 +00:00			`if err != nil {`
			`return nil, err`
			`}`
Added a nil check for config and renamed org field internally. 2017-01-11 17:04:15 +00:00			`if config == nil {`
Fix github config path returning 500 instead of 404 2019-07-02 16:57:48 +00:00			`return nil, nil`
Added a nil check for config and renamed org field internally. 2017-01-11 17:04:15 +00:00			`}`

Update github to tokenutil (#7031) * Update github to tokenutil * Update phrasing 2019-07-01 20:31:30 +00:00			`d := map[string]interface{}{`
			`"organization": config.Organization,`
			`"base_url": config.BaseURL,`
			`}`
			`config.PopulateTokenData(d)`
Refactor common token fields and operations into a helper (#5953) 2019-01-30 21:23:28 +00:00
Update github to tokenutil (#7031) * Update github to tokenutil * Update phrasing 2019-07-01 20:31:30 +00:00			`if config.TTL > 0 {`
			`d["ttl"] = int64(config.TTL.Seconds())`
Revert "Refactor common token fields and operations into a helper (#5953)" This reverts commit 66c226c593bb1cd48cfd8364ac8510cb42b7d67a. 2019-02-01 16:23:40 +00:00			`}`
Update github to tokenutil (#7031) * Update github to tokenutil * Update phrasing 2019-07-01 20:31:30 +00:00			`if config.MaxTTL > 0 {`
			`d["max_ttl"] = int64(config.MaxTTL.Seconds())`
			`}`

			`return &logical.Response{`
			`Data: d,`
			`}, nil`
Added a 'read' for github config 2017-01-11 00:21:31 +00:00			`}`

credential/github: auth with github 2015-04-01 22:46:21 +00:00			`// Config returns the configuration for this backend.`
Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`func (b backend) Config(ctx context.Context, s logical.Storage) (config, error) {`
			`entry, err := s.Get(ctx, "config")`
credential/github: auth with github 2015-04-01 22:46:21 +00:00			`if err != nil {`
			`return nil, err`
			`}`
Update github to tokenutil (#7031) * Update github to tokenutil * Update phrasing 2019-07-01 20:31:30 +00:00			`if entry == nil {`
			`return nil, nil`
			`}`

credential/github: auth with github 2015-04-01 22:46:21 +00:00			`var result config`
			`if entry != nil {`
			`if err := entry.DecodeJSON(&result); err != nil {`
Errwrap everywhere (#4252) * package api * package builtin/credential * package builtin/logical * package command * package helper * package http and logical * package physical * package shamir * package vault * package vault * address feedback * more fixes 2018-04-05 15:49:21 +00:00			`return nil, errwrap.Wrapf("error reading configuration: {{err}}", err)`
credential/github: auth with github 2015-04-01 22:46:21 +00:00			`}`
			`}`

Update github to tokenutil (#7031) * Update github to tokenutil * Update phrasing 2019-07-01 20:31:30 +00:00			`if result.TokenTTL == 0 && result.TTL > 0 {`
			`result.TokenTTL = result.TTL`
			`}`
			`if result.TokenMaxTTL == 0 && result.MaxTTL > 0 {`
			`result.TokenMaxTTL = result.MaxTTL`
			`}`

credential/github: auth with github 2015-04-01 22:46:21 +00:00			`return &result, nil`
			`}`

			`type config struct {`
Update github to tokenutil (#7031) * Update github to tokenutil * Update phrasing 2019-07-01 20:31:30 +00:00			`tokenutil.TokenParams`

Revert "Refactor common token fields and operations into a helper (#5953)" This reverts commit 66c226c593bb1cd48cfd8364ac8510cb42b7d67a. 2019-02-01 16:23:40 +00:00			Organization string `json:"organization" structs:"organization" mapstructure:"organization"`
			BaseURL string `json:"base_url" structs:"base_url" mapstructure:"base_url"`
			TTL time.Duration `json:"ttl" structs:"ttl" mapstructure:"ttl"`
			MaxTTL time.Duration `json:"max_ttl" structs:"max_ttl" mapstructure:"max_ttl"`
credential/github: auth with github 2015-04-01 22:46:21 +00:00			`}`