open-vault/api/logical.go

186 lines
4 KiB
Go
Raw Normal View History

2015-03-16 02:47:32 +00:00
package api
import (
"bytes"
"fmt"
2016-09-29 04:01:28 +00:00
"net/http"
"os"
"github.com/hashicorp/vault/helper/jsonutil"
)
const (
wrappedResponseLocation = "cubbyhole/response"
)
2016-09-29 04:01:28 +00:00
var (
// The default TTL that will be used with `sys/wrapping/wrap`, can be
// changed
DefaultWrappingTTL = "5m"
// The default function used if no other function is set, which honors the
// env var and wraps `sys/wrapping/wrap`
DefaultWrappingLookupFunc = func(operation, path string) string {
if os.Getenv(EnvVaultWrapTTL) != "" {
return os.Getenv(EnvVaultWrapTTL)
}
if (operation == "PUT" || operation == "POST") && path == "sys/wrapping/wrap" {
return DefaultWrappingTTL
}
return ""
}
)
2015-03-16 02:47:32 +00:00
// Logical is used to perform logical backend operations on Vault.
type Logical struct {
c *Client
}
// Logical is used to return the client for logical-backend API calls.
func (c *Client) Logical() *Logical {
return &Logical{c: c}
}
func (c *Logical) Read(path string) (*Secret, error) {
r := c.c.NewRequest("GET", "/v1/"+path)
resp, err := c.c.RawRequest(r)
if resp != nil {
defer resp.Body.Close()
}
2015-04-07 18:15:20 +00:00
if resp != nil && resp.StatusCode == 404 {
return nil, nil
}
2015-03-16 02:47:32 +00:00
if err != nil {
return nil, err
}
return ParseSecret(resp.Body)
}
func (c *Logical) List(path string) (*Secret, error) {
r := c.c.NewRequest("LIST", "/v1/"+path)
// Set this for broader compatibility, but we use LIST above to be able to
// handle the wrapping lookup function
r.Method = "GET"
2016-01-14 19:18:27 +00:00
r.Params.Set("list", "true")
resp, err := c.c.RawRequest(r)
2015-09-14 21:30:42 +00:00
if resp != nil {
defer resp.Body.Close()
}
if resp != nil && resp.StatusCode == 404 {
return nil, nil
}
if err != nil {
return nil, err
}
return ParseSecret(resp.Body)
}
2015-04-06 16:53:43 +00:00
func (c *Logical) Write(path string, data map[string]interface{}) (*Secret, error) {
2015-03-16 02:47:32 +00:00
r := c.c.NewRequest("PUT", "/v1/"+path)
if err := r.SetJSONBody(data); err != nil {
2015-04-06 16:53:43 +00:00
return nil, err
2015-03-16 02:47:32 +00:00
}
resp, err := c.c.RawRequest(r)
if resp != nil {
defer resp.Body.Close()
}
2015-03-16 02:47:32 +00:00
if err != nil {
2015-04-06 16:53:43 +00:00
return nil, err
2015-03-16 02:47:32 +00:00
}
2015-04-06 16:53:43 +00:00
if resp.StatusCode == 200 {
return ParseSecret(resp.Body)
}
return nil, nil
2015-03-16 02:47:32 +00:00
}
2015-04-07 18:04:56 +00:00
func (c *Logical) Delete(path string) (*Secret, error) {
r := c.c.NewRequest("DELETE", "/v1/"+path)
resp, err := c.c.RawRequest(r)
if resp != nil {
defer resp.Body.Close()
}
2015-04-07 18:04:56 +00:00
if err != nil {
return nil, err
}
2015-04-07 18:15:20 +00:00
if resp.StatusCode == 200 {
return ParseSecret(resp.Body)
}
return nil, nil
2015-04-07 18:04:56 +00:00
}
func (c *Logical) Unwrap(wrappingToken string) (*Secret, error) {
2016-09-29 04:01:28 +00:00
var data map[string]interface{}
if wrappingToken != "" {
if c.c.Token() == "" {
c.c.SetToken(wrappingToken)
} else if wrappingToken != c.c.Token() {
data = map[string]interface{}{
"token": wrappingToken,
}
2016-09-29 04:01:28 +00:00
}
}
r := c.c.NewRequest("PUT", "/v1/sys/wrapping/unwrap")
if err := r.SetJSONBody(data); err != nil {
return nil, err
}
2016-09-29 04:01:28 +00:00
resp, err := c.c.RawRequest(r)
if resp != nil {
defer resp.Body.Close()
}
if err != nil {
if resp != nil && resp.StatusCode != 404 {
return nil, err
}
}
if resp == nil {
return nil, nil
2016-09-29 04:01:28 +00:00
}
switch resp.StatusCode {
case http.StatusOK: // New method is supported
return ParseSecret(resp.Body)
case http.StatusNotFound: // Fall back to old method
default:
return nil, nil
}
2016-10-18 13:51:45 +00:00
if wrappingToken != "" {
2016-09-29 04:01:28 +00:00
origToken := c.c.Token()
defer c.c.SetToken(origToken)
c.c.SetToken(wrappingToken)
}
secret, err := c.Read(wrappedResponseLocation)
if err != nil {
return nil, fmt.Errorf("error reading %s: %s", wrappedResponseLocation, err)
}
if secret == nil {
return nil, fmt.Errorf("no value found at %s", wrappedResponseLocation)
}
if secret.Data == nil {
return nil, fmt.Errorf("\"data\" not found in wrapping response")
}
if _, ok := secret.Data["response"]; !ok {
return nil, fmt.Errorf("\"response\" not found in wrapping response \"data\" map")
}
wrappedSecret := new(Secret)
buf := bytes.NewBufferString(secret.Data["response"].(string))
if err := jsonutil.DecodeJSONFromReader(buf, wrappedSecret); err != nil {
return nil, fmt.Errorf("error unmarshaling wrapped secret: %s", err)
}
return wrappedSecret, nil
}