luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity
open-vault/vault/logical_passthrough.go

237 lines
6.4 KiB
Go
Raw Normal View History

vault: Passthrough backend uses logical.Backend
2015-03-15 21:26:48 +00:00
package vault
import (
"encoding/json"
"fmt"
vault: passthrough backend uses logical/framework
2015-03-16 00:07:54 +00:00
"strings"
vault: Passthrough backend uses logical.Backend
2015-03-15 21:26:48 +00:00
Rename helper 'duration' to 'parseutil'. (#2449) Add a ParseBool function that accepts various kinds of ways of specifying booleans. Have config use ParseBool for UI and disabling mlock/cache.
2017-03-07 16:21:22 +00:00
"github.com/hashicorp/vault/helper/parseutil"
Added JSON Decode and Encode helpers. Changed all the occurances of Unmarshal to use the helpers. Fixed http/ package tests.
2016-07-06 16:25:40 +00:00
"github.com/hashicorp/vault/helper/jsonutil"
vault: Passthrough backend uses logical.Backend
2015-03-15 21:26:48 +00:00
"github.com/hashicorp/vault/logical"
vault: passthrough backend uses logical/framework
2015-03-16 00:07:54 +00:00
"github.com/hashicorp/vault/logical/framework"
vault: Passthrough backend uses logical.Backend
2015-03-15 21:26:48 +00:00
)
Don't use leases on the generic backend...with a caveat. You can now turn on and off the lease behavior in the generic backend by using one of two factories. Core uses the normal one if it's not already set, so unit tests can use the custom one and all stay working. This also adds logic into core to check, when the response is coming from a generic backend, whether that backend has leases enabled. This adds some slight overhead.
2015-09-19 22:24:53 +00:00
// PassthroughBackendFactory returns a PassthroughBackend
// with leases switched off
Push a lot of logic into Router to make a bunch of it nicer and enable a lot of cleanup. Plumb config and calls to framework.Backend.Setup() into logical_system and elsewhere, including tests.
2015-09-04 20:58:12 +00:00
func PassthroughBackendFactory(conf *logical.BackendConfig) (logical.Backend, error) {
Don't use leases on the generic backend...with a caveat. You can now turn on and off the lease behavior in the generic backend by using one of two factories. Core uses the normal one if it's not already set, so unit tests can use the custom one and all stay working. This also adds logic into core to check, when the response is coming from a generic backend, whether that backend has leases enabled. This adds some slight overhead.
2015-09-19 22:24:53 +00:00
return LeaseSwitchedPassthroughBackend(conf, false)
}
// PassthroughBackendWithLeasesFactory returns a PassthroughBackend
// with leases switched on
func LeasedPassthroughBackendFactory(conf *logical.BackendConfig) (logical.Backend, error) {
return LeaseSwitchedPassthroughBackend(conf, true)
}
// LeaseSwitchedPassthroughBackendFactory returns a PassthroughBackend
// with leases switched on or off
func LeaseSwitchedPassthroughBackend(conf *logical.BackendConfig, leases bool) (logical.Backend, error) {
vault: passthrough backend uses logical/framework
2015-03-16 00:07:54 +00:00
var b PassthroughBackend
Don't use leases on the generic backend...with a caveat. You can now turn on and off the lease behavior in the generic backend by using one of two factories. Core uses the normal one if it's not already set, so unit tests can use the custom one and all stay working. This also adds logic into core to check, when the response is coming from a generic backend, whether that backend has leases enabled. This adds some slight overhead.
2015-09-19 22:24:53 +00:00
b.generateLeases = leases
vault: clean up VaultID duplications, make secret responses clearer /cc @armon - This is a reasonably major refactor that I think cleans up a lot of the logic with secrets in responses. The reason for the refactor is that while implementing Renew/Revoke in logical/framework I found the existing API to be really awkward to work with. Primarily, we needed a way to send down internal data for Vault core to store since not all the data you need to revoke a key is always sent down to the user (for example the user than AWS key belongs to). At first, I was doing this manually in logical/framework with req.Storage, but this is going to be such a common event that I think its something core should assist with. Additionally, I think the added context for secrets will be useful in the future when we have a Vault API for returning orphaned out keys: we can also return the internal data that might help an operator. So this leads me to this refactor. I've removed most of the fields in `logical.Response` and replaced it with a single `*Secret` pointer. If this is non-nil, then the response represents a secret. The Secret struct encapsulates all the lease info and such. It also has some fields on it that are only populated at _request_ time for Revoke/Renew operations. There is precedent for this sort of behavior in the Go stdlib where http.Request/http.Response have fields that differ based on client/server. I copied this style. All core unit tests pass. The APIs fail for obvious reasons but I'll fix that up in the next commit.
2015-03-19 22:11:42 +00:00
b.Backend = &framework.Backend{
vault: allow mount point queries without trailing /
2015-04-04 03:45:00 +00:00
Help: strings.TrimSpace(passthroughHelp),
vault: passthrough backend uses logical/framework
2015-03-16 00:07:54 +00:00
Paths: []*framework.Path{
&framework.Path{
Pattern: ".*",
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.ReadOperation: b.handleRead,
Create more granular ACL capabilities. This commit splits ACL policies into more fine-grained capabilities. This both drastically simplifies the checking code and makes it possible to support needed workflows that are not possible with the previous method. It is backwards compatible; policies containing a "policy" string are simply converted to a set of capabilities matching previous behavior. Fixes #724 (and others).
2016-01-07 20:10:05 +00:00
logical.CreateOperation: b.handleWrite,
logical.UpdateOperation: b.handleWrite,
vault: passthrough backend uses logical/framework
2015-03-16 00:07:54 +00:00
logical.DeleteOperation: b.handleDelete,
logical.ListOperation: b.handleList,
},
Create more granular ACL capabilities. This commit splits ACL policies into more fine-grained capabilities. This both drastically simplifies the checking code and makes it possible to support needed workflows that are not possible with the previous method. It is backwards compatible; policies containing a "policy" string are simply converted to a set of capabilities matching previous behavior. Fixes #724 (and others).
2016-01-07 20:10:05 +00:00
ExistenceCheck: b.handleExistenceCheck,
vault: passthrough backend uses logical/framework
2015-03-16 00:07:54 +00:00
HelpSynopsis: strings.TrimSpace(passthroughHelpSynopsis),
HelpDescription: strings.TrimSpace(passthroughHelpDescription),
},
},
Don't use leases on the generic backend...with a caveat. You can now turn on and off the lease behavior in the generic backend by using one of two factories. Core uses the normal one if it's not already set, so unit tests can use the custom one and all stay working. This also adds logic into core to check, when the response is coming from a generic backend, whether that backend has leases enabled. This adds some slight overhead.
2015-09-19 22:24:53 +00:00
}
logical/framework: support renew
2015-03-19 19:20:25 +00:00
Add revocation/renewal functions in all cases in the generic backend. Fixes #673.
2015-10-07 15:42:23 +00:00
b.Backend.Secrets = []*framework.Secret{
&framework.Secret{
Type: "generic",
logical/framework: support renew
2015-03-19 19:20:25 +00:00
Add revocation/renewal functions in all cases in the generic backend. Fixes #673.
2015-10-07 15:42:23 +00:00
Renew: b.handleRead,
Revoke: b.handleRevoke,
},
vault: clean up VaultID duplications, make secret responses clearer /cc @armon - This is a reasonably major refactor that I think cleans up a lot of the logic with secrets in responses. The reason for the refactor is that while implementing Renew/Revoke in logical/framework I found the existing API to be really awkward to work with. Primarily, we needed a way to send down internal data for Vault core to store since not all the data you need to revoke a key is always sent down to the user (for example the user than AWS key belongs to). At first, I was doing this manually in logical/framework with req.Storage, but this is going to be such a common event that I think its something core should assist with. Additionally, I think the added context for secrets will be useful in the future when we have a Vault API for returning orphaned out keys: we can also return the internal data that might help an operator. So this leads me to this refactor. I've removed most of the fields in `logical.Response` and replaced it with a single `*Secret` pointer. If this is non-nil, then the response represents a secret. The Secret struct encapsulates all the lease info and such. It also has some fields on it that are only populated at _request_ time for Revoke/Renew operations. There is precedent for this sort of behavior in the Go stdlib where http.Request/http.Response have fields that differ based on client/server. I copied this style. All core unit tests pass. The APIs fail for obvious reasons but I'll fix that up in the next commit.
2015-03-19 22:11:42 +00:00
}
Push a lot of logic into Router to make a bunch of it nicer and enable a lot of cleanup. Plumb config and calls to framework.Backend.Setup() into logical_system and elsewhere, including tests.
2015-09-04 20:58:12 +00:00
if conf == nil {
return nil, fmt.Errorf("Configuation passed into backend is nil")
}
b.Backend.Setup(conf)
Don't use leases on the generic backend...with a caveat. You can now turn on and off the lease behavior in the generic backend by using one of two factories. Core uses the normal one if it's not already set, so unit tests can use the custom one and all stay working. This also adds logic into core to check, when the response is coming from a generic backend, whether that backend has leases enabled. This adds some slight overhead.
2015-09-19 22:24:53 +00:00
return &b, nil
vault: convert to logical.Request and friends
2015-03-15 21:53:41 +00:00
}
vault: Passthrough backend uses logical.Backend
2015-03-15 21:26:48 +00:00
// PassthroughBackend is used storing secrets directly into the physical
Rename View to StorageView to make it more distinct from SystemView
2015-09-09 19:42:29 +00:00
// backend. The secrets are encrypted in the durable storage and custom TTL
vault: Passthrough backend uses logical.Backend
2015-03-15 21:26:48 +00:00
// information can be specified, but otherwise this backend doesn't do anything
// fancy.
vault: clean up VaultID duplications, make secret responses clearer /cc @armon - This is a reasonably major refactor that I think cleans up a lot of the logic with secrets in responses. The reason for the refactor is that while implementing Renew/Revoke in logical/framework I found the existing API to be really awkward to work with. Primarily, we needed a way to send down internal data for Vault core to store since not all the data you need to revoke a key is always sent down to the user (for example the user than AWS key belongs to). At first, I was doing this manually in logical/framework with req.Storage, but this is going to be such a common event that I think its something core should assist with. Additionally, I think the added context for secrets will be useful in the future when we have a Vault API for returning orphaned out keys: we can also return the internal data that might help an operator. So this leads me to this refactor. I've removed most of the fields in `logical.Response` and replaced it with a single `*Secret` pointer. If this is non-nil, then the response represents a secret. The Secret struct encapsulates all the lease info and such. It also has some fields on it that are only populated at _request_ time for Revoke/Renew operations. There is precedent for this sort of behavior in the Go stdlib where http.Request/http.Response have fields that differ based on client/server. I copied this style. All core unit tests pass. The APIs fail for obvious reasons but I'll fix that up in the next commit.
2015-03-19 22:11:42 +00:00
type PassthroughBackend struct {
*framework.Backend
Don't use leases on the generic backend...with a caveat. You can now turn on and off the lease behavior in the generic backend by using one of two factories. Core uses the normal one if it's not already set, so unit tests can use the custom one and all stay working. This also adds logic into core to check, when the response is coming from a generic backend, whether that backend has leases enabled. This adds some slight overhead.
2015-09-19 22:24:53 +00:00
generateLeases bool
vault: clean up VaultID duplications, make secret responses clearer /cc @armon - This is a reasonably major refactor that I think cleans up a lot of the logic with secrets in responses. The reason for the refactor is that while implementing Renew/Revoke in logical/framework I found the existing API to be really awkward to work with. Primarily, we needed a way to send down internal data for Vault core to store since not all the data you need to revoke a key is always sent down to the user (for example the user than AWS key belongs to). At first, I was doing this manually in logical/framework with req.Storage, but this is going to be such a common event that I think its something core should assist with. Additionally, I think the added context for secrets will be useful in the future when we have a Vault API for returning orphaned out keys: we can also return the internal data that might help an operator. So this leads me to this refactor. I've removed most of the fields in `logical.Response` and replaced it with a single `*Secret` pointer. If this is non-nil, then the response represents a secret. The Secret struct encapsulates all the lease info and such. It also has some fields on it that are only populated at _request_ time for Revoke/Renew operations. There is precedent for this sort of behavior in the Go stdlib where http.Request/http.Response have fields that differ based on client/server. I copied this style. All core unit tests pass. The APIs fail for obvious reasons but I'll fix that up in the next commit.
2015-03-19 22:11:42 +00:00
}
vault: Passthrough backend uses logical.Backend
2015-03-15 21:26:48 +00:00
vault: Adding sys/revoke
2015-03-16 23:26:34 +00:00
func (b *PassthroughBackend) handleRevoke(
vault: clean up VaultID duplications, make secret responses clearer /cc @armon - This is a reasonably major refactor that I think cleans up a lot of the logic with secrets in responses. The reason for the refactor is that while implementing Renew/Revoke in logical/framework I found the existing API to be really awkward to work with. Primarily, we needed a way to send down internal data for Vault core to store since not all the data you need to revoke a key is always sent down to the user (for example the user than AWS key belongs to). At first, I was doing this manually in logical/framework with req.Storage, but this is going to be such a common event that I think its something core should assist with. Additionally, I think the added context for secrets will be useful in the future when we have a Vault API for returning orphaned out keys: we can also return the internal data that might help an operator. So this leads me to this refactor. I've removed most of the fields in `logical.Response` and replaced it with a single `*Secret` pointer. If this is non-nil, then the response represents a secret. The Secret struct encapsulates all the lease info and such. It also has some fields on it that are only populated at _request_ time for Revoke/Renew operations. There is precedent for this sort of behavior in the Go stdlib where http.Request/http.Response have fields that differ based on client/server. I copied this style. All core unit tests pass. The APIs fail for obvious reasons but I'll fix that up in the next commit.
2015-03-19 22:11:42 +00:00
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
vault: Adding sys/revoke
2015-03-16 23:26:34 +00:00
// This is a no-op
return nil, nil
}
Create more granular ACL capabilities. This commit splits ACL policies into more fine-grained capabilities. This both drastically simplifies the checking code and makes it possible to support needed workflows that are not possible with the previous method. It is backwards compatible; policies containing a "policy" string are simply converted to a set of capabilities matching previous behavior. Fixes #724 (and others).
2016-01-07 20:10:05 +00:00
func (b *PassthroughBackend) handleExistenceCheck(
req *logical.Request, data *framework.FieldData) (bool, error) {
out, err := req.Storage.Get(req.Path)
if err != nil {
return false, fmt.Errorf("existence check failed: %v", err)
}
return out != nil, nil
}
vault: passthrough backend uses logical/framework
2015-03-16 00:07:54 +00:00
func (b *PassthroughBackend) handleRead(
vault: clean up VaultID duplications, make secret responses clearer /cc @armon - This is a reasonably major refactor that I think cleans up a lot of the logic with secrets in responses. The reason for the refactor is that while implementing Renew/Revoke in logical/framework I found the existing API to be really awkward to work with. Primarily, we needed a way to send down internal data for Vault core to store since not all the data you need to revoke a key is always sent down to the user (for example the user than AWS key belongs to). At first, I was doing this manually in logical/framework with req.Storage, but this is going to be such a common event that I think its something core should assist with. Additionally, I think the added context for secrets will be useful in the future when we have a Vault API for returning orphaned out keys: we can also return the internal data that might help an operator. So this leads me to this refactor. I've removed most of the fields in `logical.Response` and replaced it with a single `*Secret` pointer. If this is non-nil, then the response represents a secret. The Secret struct encapsulates all the lease info and such. It also has some fields on it that are only populated at _request_ time for Revoke/Renew operations. There is precedent for this sort of behavior in the Go stdlib where http.Request/http.Response have fields that differ based on client/server. I copied this style. All core unit tests pass. The APIs fail for obvious reasons but I'll fix that up in the next commit.
2015-03-19 22:11:42 +00:00
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
vault: Passthrough backend uses logical.Backend
2015-03-15 21:26:48 +00:00
// Read the path
out, err := req.Storage.Get(req.Path)
if err != nil {
return nil, fmt.Errorf("read failed: %v", err)
}
// Fast-path the no data case
if out == nil {
return nil, nil
}
// Decode the data
vault: convert to new callback style
2015-03-19 14:05:22 +00:00
var rawData map[string]interface{}
Added JSON Decode and Encode helpers. Changed all the occurances of Unmarshal to use the helpers. Fixed http/ package tests.
2016-07-06 16:25:40 +00:00
if err := jsonutil.DecodeJSON(out.Value, &rawData); err != nil {
vault: Passthrough backend uses logical.Backend
2015-03-15 21:26:48 +00:00
return nil, fmt.Errorf("json decoding failed: %v", err)
}
Don't use leases on the generic backend...with a caveat. You can now turn on and off the lease behavior in the generic backend by using one of two factories. Core uses the normal one if it's not already set, so unit tests can use the custom one and all stay working. This also adds logic into core to check, when the response is coming from a generic backend, whether that backend has leases enabled. This adds some slight overhead.
2015-09-19 22:24:53 +00:00
var resp *logical.Response
if b.generateLeases {
// Generate the response
resp = b.Secret("generic").Response(rawData, nil)
resp.Secret.Renewable = false
} else {
resp = &logical.Response{
Secret: &logical.Secret{},
Data: rawData,
}
}
logical/framework: support renew
2015-03-19 19:20:25 +00:00
Rejig Lease terminology internally; also, put a few JSON names back to their original values
2015-08-21 05:27:01 +00:00
// Check if there is a ttl key
var ttl string
Check TTL provided to generic backend on write If existing entries have unparseable TTLs, return the value plus a warning, rather than an error. Fixes #718
2015-10-29 15:05:21 +00:00
ttl, _ = rawData["ttl"].(string)
Rejig Lease terminology internally; also, put a few JSON names back to their original values
2015-08-21 05:27:01 +00:00
if len(ttl) == 0 {
Check TTL provided to generic backend on write If existing entries have unparseable TTLs, return the value plus a warning, rather than an error. Fixes #718
2015-10-29 15:05:21 +00:00
ttl, _ = rawData["lease"].(string)
Change "lease" parameter in the generic backend to be "ttl" to reduce confusion. "lease" is now deprecated but will remain valid until 0.4. Fixes #528.
2015-08-20 23:41:25 +00:00
}
Minor updates to passthrough and additional tests
2015-09-21 20:57:41 +00:00
ttlDuration := b.System().DefaultLeaseTTL()
Rejig Lease terminology internally; also, put a few JSON names back to their original values
2015-08-21 05:27:01 +00:00
if len(ttl) != 0 {
Rename helper 'duration' to 'parseutil'. (#2449) Add a ParseBool function that accepts various kinds of ways of specifying booleans. Have config use ParseBool for UI and disabling mlock/cache.
2017-03-07 16:21:22 +00:00
dur, err := parseutil.ParseDurationSecond(ttl)
Return a duration instead and port a few other places to use it
2016-07-11 18:19:35 +00:00
if err == nil {
ttlDuration = dur
Don't use leases on the generic backend...with a caveat. You can now turn on and off the lease behavior in the generic backend by using one of two factories. Core uses the normal one if it's not already set, so unit tests can use the custom one and all stay working. This also adds logic into core to check, when the response is coming from a generic backend, whether that backend has leases enabled. This adds some slight overhead.
2015-09-19 22:24:53 +00:00
}
Don't check parsability of a `ttl` key on write. On read we already ignore bad values, so we shouldn't be restricting this on write; doing so alters expected data-in-data-out behavior. In addition, don't issue a warning if a given `ttl` value can't be parsed, as this can quickly get annoying if it's on purpose. The documentation has been updated/clarified to make it clear that this is optional behavior that doesn't affect the status of the key as POD and the `lease_duration` returned will otherwise default to the system/mount defaults. Fixes #1505
2016-06-09 00:14:36 +00:00
Don't use leases on the generic backend...with a caveat. You can now turn on and off the lease behavior in the generic backend by using one of two factories. Core uses the normal one if it's not already set, so unit tests can use the custom one and all stay working. This also adds logic into core to check, when the response is coming from a generic backend, whether that backend has leases enabled. This adds some slight overhead.
2015-09-19 22:24:53 +00:00
if b.generateLeases {
Change "lease" parameter in the generic backend to be "ttl" to reduce confusion. "lease" is now deprecated but will remain valid until 0.4. Fixes #528.
2015-08-20 23:41:25 +00:00
resp.Secret.Renewable = true
vault: Passthrough backend uses logical.Backend
2015-03-15 21:26:48 +00:00
}
}
Don't use leases on the generic backend...with a caveat. You can now turn on and off the lease behavior in the generic backend by using one of two factories. Core uses the normal one if it's not already set, so unit tests can use the custom one and all stay working. This also adds logic into core to check, when the response is coming from a generic backend, whether that backend has leases enabled. This adds some slight overhead.
2015-09-19 22:24:53 +00:00
resp.Secret.TTL = ttlDuration
vault: Passthrough backend uses logical.Backend
2015-03-15 21:26:48 +00:00
return resp, nil
}
vault: passthrough backend uses logical/framework
2015-03-16 00:07:54 +00:00
func (b *PassthroughBackend) handleWrite(
vault: clean up VaultID duplications, make secret responses clearer /cc @armon - This is a reasonably major refactor that I think cleans up a lot of the logic with secrets in responses. The reason for the refactor is that while implementing Renew/Revoke in logical/framework I found the existing API to be really awkward to work with. Primarily, we needed a way to send down internal data for Vault core to store since not all the data you need to revoke a key is always sent down to the user (for example the user than AWS key belongs to). At first, I was doing this manually in logical/framework with req.Storage, but this is going to be such a common event that I think its something core should assist with. Additionally, I think the added context for secrets will be useful in the future when we have a Vault API for returning orphaned out keys: we can also return the internal data that might help an operator. So this leads me to this refactor. I've removed most of the fields in `logical.Response` and replaced it with a single `*Secret` pointer. If this is non-nil, then the response represents a secret. The Secret struct encapsulates all the lease info and such. It also has some fields on it that are only populated at _request_ time for Revoke/Renew operations. There is precedent for this sort of behavior in the Go stdlib where http.Request/http.Response have fields that differ based on client/server. I copied this style. All core unit tests pass. The APIs fail for obvious reasons but I'll fix that up in the next commit.
2015-03-19 22:11:42 +00:00
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
vault: Passthrough backend uses logical.Backend
2015-03-15 21:26:48 +00:00
// Check that some fields are given
if len(req.Data) == 0 {
Return 400 instead of 500 if generic backend is written to without data. Fixes #825
2015-12-09 15:39:22 +00:00
return logical.ErrorResponse("missing data fields"), nil
vault: Passthrough backend uses logical.Backend
2015-03-15 21:26:48 +00:00
}
// JSON encode the data
buf, err := json.Marshal(req.Data)
if err != nil {
return nil, fmt.Errorf("json encoding failed: %v", err)
}
// Write out a new key
entry := &logical.StorageEntry{
Address more list feedback
2016-01-19 23:19:38 +00:00
Key: req.Path,
vault: Passthrough backend uses logical.Backend
2015-03-15 21:26:48 +00:00
Value: buf,
}
if err := req.Storage.Put(entry); err != nil {
return nil, fmt.Errorf("failed to write: %v", err)
}
return nil, nil
}
vault: passthrough backend uses logical/framework
2015-03-16 00:07:54 +00:00
func (b *PassthroughBackend) handleDelete(
vault: clean up VaultID duplications, make secret responses clearer /cc @armon - This is a reasonably major refactor that I think cleans up a lot of the logic with secrets in responses. The reason for the refactor is that while implementing Renew/Revoke in logical/framework I found the existing API to be really awkward to work with. Primarily, we needed a way to send down internal data for Vault core to store since not all the data you need to revoke a key is always sent down to the user (for example the user than AWS key belongs to). At first, I was doing this manually in logical/framework with req.Storage, but this is going to be such a common event that I think its something core should assist with. Additionally, I think the added context for secrets will be useful in the future when we have a Vault API for returning orphaned out keys: we can also return the internal data that might help an operator. So this leads me to this refactor. I've removed most of the fields in `logical.Response` and replaced it with a single `*Secret` pointer. If this is non-nil, then the response represents a secret. The Secret struct encapsulates all the lease info and such. It also has some fields on it that are only populated at _request_ time for Revoke/Renew operations. There is precedent for this sort of behavior in the Go stdlib where http.Request/http.Response have fields that differ based on client/server. I copied this style. All core unit tests pass. The APIs fail for obvious reasons but I'll fix that up in the next commit.
2015-03-19 22:11:42 +00:00
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
vault: Passthrough backend uses logical.Backend
2015-03-15 21:26:48 +00:00
// Delete the key at the request path
if err := req.Storage.Delete(req.Path); err != nil {
return nil, err
}
return nil, nil
}
vault: passthrough backend uses logical/framework
2015-03-16 00:07:54 +00:00
func (b *PassthroughBackend) handleList(
vault: clean up VaultID duplications, make secret responses clearer /cc @armon - This is a reasonably major refactor that I think cleans up a lot of the logic with secrets in responses. The reason for the refactor is that while implementing Renew/Revoke in logical/framework I found the existing API to be really awkward to work with. Primarily, we needed a way to send down internal data for Vault core to store since not all the data you need to revoke a key is always sent down to the user (for example the user than AWS key belongs to). At first, I was doing this manually in logical/framework with req.Storage, but this is going to be such a common event that I think its something core should assist with. Additionally, I think the added context for secrets will be useful in the future when we have a Vault API for returning orphaned out keys: we can also return the internal data that might help an operator. So this leads me to this refactor. I've removed most of the fields in `logical.Response` and replaced it with a single `*Secret` pointer. If this is non-nil, then the response represents a secret. The Secret struct encapsulates all the lease info and such. It also has some fields on it that are only populated at _request_ time for Revoke/Renew operations. There is precedent for this sort of behavior in the Go stdlib where http.Request/http.Response have fields that differ based on client/server. I copied this style. All core unit tests pass. The APIs fail for obvious reasons but I'll fix that up in the next commit.
2015-03-19 22:11:42 +00:00
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
Only allow listing on folders and enforce this. Also remove string sorting from Consul backend as it's not a requirement and other backends don't do it.
2016-01-19 22:05:01 +00:00
// Right now we only handle directories, so ensure it ends with /; however,
// some physical backends may not handle the "/" case properly, so only add
// it if we're not listing the root
path := req.Path
if path != "" && !strings.HasSuffix(path, "/") {
path = path + "/"
}
vault: Passthrough backend uses logical.Backend
2015-03-15 21:26:48 +00:00
// List the keys at the prefix given by the request
Only allow listing on folders and enforce this. Also remove string sorting from Consul backend as it's not a requirement and other backends don't do it.
2016-01-19 22:05:01 +00:00
keys, err := req.Storage.List(path)
vault: Passthrough backend uses logical.Backend
2015-03-15 21:26:48 +00:00
if err != nil {
return nil, err
}
// Generate the response
Only allow listing on folders and enforce this. Also remove string sorting from Consul backend as it's not a requirement and other backends don't do it.
2016-01-19 22:05:01 +00:00
return logical.ListResponse(keys), nil
vault: Passthrough backend uses logical.Backend
2015-03-15 21:26:48 +00:00
}
vault: passthrough backend uses logical/framework
2015-03-16 00:07:54 +00:00
Don't use leases on the generic backend...with a caveat. You can now turn on and off the lease behavior in the generic backend by using one of two factories. Core uses the normal one if it's not already set, so unit tests can use the custom one and all stay working. This also adds logic into core to check, when the response is coming from a generic backend, whether that backend has leases enabled. This adds some slight overhead.
2015-09-19 22:24:53 +00:00
func (b *PassthroughBackend) GeneratesLeases() bool {
return b.generateLeases
}
vault: allow mount point queries without trailing /
2015-04-04 03:45:00 +00:00
const passthroughHelp = `
The generic backend reads and writes arbitrary secrets to the backend.
The secrets are encrypted/decrypted by Vault: they are never stored
unencrypted in the backend and the backend never has an opportunity to
see the unencrypted value.
Change "lease" parameter in the generic backend to be "ttl" to reduce confusion. "lease" is now deprecated but will remain valid until 0.4. Fixes #528.
2015-08-20 23:41:25 +00:00
TTLs can be set on a per-secret basis. These TTLs will be sent down
vault: allow mount point queries without trailing /
2015-04-04 03:45:00 +00:00
when that secret is read, and it is assumed that some outside process will
revoke and/or replace the secret at that path.
`
vault: passthrough backend uses logical/framework
2015-03-16 00:07:54 +00:00
const passthroughHelpSynopsis = `
vault: physical -> storage for clarity
2015-05-27 21:33:58 +00:00
Pass-through secret storage to the storage backend, allowing you to
vault: passthrough backend uses logical/framework
2015-03-16 00:07:54 +00:00
read/write arbitrary data into secret storage.
`
const passthroughHelpDescription = `
The pass-through backend reads and writes arbitrary data into secret storage,
encrypting it along the way.
Update help text for TTL values in generic backend
2015-08-21 00:59:30 +00:00
A TTL can be specified when writing with the "ttl" field. If given, the
duration of leases returned by this backend will be set to this value. This
can be used as a hint from the writer of a secret to the consumer of a secret
that the consumer should re-read the value before the TTL has expired.
However, any revocation must be handled by the user of this backend; the lease
duration does not affect the provided data in any way.
vault: passthrough backend uses logical/framework
2015-03-16 00:07:54 +00:00
`