2023-03-15 16:00:52 +00:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
|
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
2015-04-02 00:59:41 +00:00
|
|
|
package api
|
|
|
|
|
2018-07-24 22:49:55 +00:00
|
|
|
import (
|
|
|
|
"context"
|
2018-08-14 19:29:22 +00:00
|
|
|
"errors"
|
2018-07-24 22:49:55 +00:00
|
|
|
"fmt"
|
2022-03-24 17:58:03 +00:00
|
|
|
"net/http"
|
2018-08-14 19:29:22 +00:00
|
|
|
|
|
|
|
"github.com/mitchellh/mapstructure"
|
2018-07-24 22:49:55 +00:00
|
|
|
)
|
2015-04-02 00:59:41 +00:00
|
|
|
|
|
|
|
func (c *Sys) ListPolicies() ([]string, error) {
|
2022-03-23 21:47:43 +00:00
|
|
|
return c.ListPoliciesWithContext(context.Background())
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *Sys) ListPoliciesWithContext(ctx context.Context) ([]string, error) {
|
|
|
|
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
|
|
|
|
defer cancelFunc()
|
|
|
|
|
2018-10-29 17:11:19 +00:00
|
|
|
r := c.c.NewRequest("LIST", "/v1/sys/policies/acl")
|
2019-01-11 00:57:00 +00:00
|
|
|
// Set this for broader compatibility, but we use LIST above to be able to
|
|
|
|
// handle the wrapping lookup function
|
2022-03-24 17:58:03 +00:00
|
|
|
r.Method = http.MethodGet
|
2019-01-11 00:57:00 +00:00
|
|
|
r.Params.Set("list", "true")
|
2018-07-24 22:49:55 +00:00
|
|
|
|
2022-03-23 21:47:43 +00:00
|
|
|
resp, err := c.c.rawRequestWithContext(ctx, r)
|
2015-04-02 00:59:41 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
defer resp.Body.Close()
|
|
|
|
|
2018-08-14 19:29:22 +00:00
|
|
|
secret, err := ParseSecret(resp.Body)
|
2016-08-08 20:00:31 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2018-08-14 19:29:22 +00:00
|
|
|
if secret == nil || secret.Data == nil {
|
|
|
|
return nil, errors.New("data from server response is empty")
|
2016-08-08 20:00:31 +00:00
|
|
|
}
|
|
|
|
|
2018-08-14 19:29:22 +00:00
|
|
|
var result []string
|
2018-10-29 17:11:19 +00:00
|
|
|
err = mapstructure.Decode(secret.Data["keys"], &result)
|
2018-08-14 19:29:22 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
2016-08-08 20:00:31 +00:00
|
|
|
}
|
|
|
|
|
2018-08-14 19:29:22 +00:00
|
|
|
return result, err
|
2015-04-02 00:59:41 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (c *Sys) GetPolicy(name string) (string, error) {
|
2022-03-23 21:47:43 +00:00
|
|
|
return c.GetPolicyWithContext(context.Background(), name)
|
|
|
|
}
|
2018-07-24 22:49:55 +00:00
|
|
|
|
2022-03-23 21:47:43 +00:00
|
|
|
func (c *Sys) GetPolicyWithContext(ctx context.Context, name string) (string, error) {
|
|
|
|
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
|
2018-07-24 22:49:55 +00:00
|
|
|
defer cancelFunc()
|
2022-03-23 21:47:43 +00:00
|
|
|
|
2022-03-24 17:58:03 +00:00
|
|
|
r := c.c.NewRequest(http.MethodGet, fmt.Sprintf("/v1/sys/policies/acl/%s", name))
|
2022-03-23 21:47:43 +00:00
|
|
|
|
|
|
|
resp, err := c.c.rawRequestWithContext(ctx, r)
|
2015-07-13 09:20:00 +00:00
|
|
|
if resp != nil {
|
|
|
|
defer resp.Body.Close()
|
|
|
|
if resp.StatusCode == 404 {
|
|
|
|
return "", nil
|
|
|
|
}
|
|
|
|
}
|
2015-04-02 00:59:41 +00:00
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
|
2018-08-14 19:29:22 +00:00
|
|
|
secret, err := ParseSecret(resp.Body)
|
2016-08-08 20:00:31 +00:00
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
2018-08-14 19:29:22 +00:00
|
|
|
if secret == nil || secret.Data == nil {
|
|
|
|
return "", errors.New("data from server response is empty")
|
2017-10-23 20:52:56 +00:00
|
|
|
}
|
2018-08-14 19:29:22 +00:00
|
|
|
|
|
|
|
if policyRaw, ok := secret.Data["policy"]; ok {
|
2017-10-23 20:52:56 +00:00
|
|
|
return policyRaw.(string), nil
|
2016-08-08 20:00:31 +00:00
|
|
|
}
|
|
|
|
|
2017-10-23 20:52:56 +00:00
|
|
|
return "", fmt.Errorf("no policy found in response")
|
2015-04-02 00:59:41 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (c *Sys) PutPolicy(name, rules string) error {
|
2022-03-23 21:47:43 +00:00
|
|
|
return c.PutPolicyWithContext(context.Background(), name, rules)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *Sys) PutPolicyWithContext(ctx context.Context, name, rules string) error {
|
|
|
|
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
|
|
|
|
defer cancelFunc()
|
|
|
|
|
2015-04-02 00:59:41 +00:00
|
|
|
body := map[string]string{
|
2018-10-29 17:11:19 +00:00
|
|
|
"policy": rules,
|
2015-04-02 00:59:41 +00:00
|
|
|
}
|
|
|
|
|
2022-03-24 17:58:03 +00:00
|
|
|
r := c.c.NewRequest(http.MethodPut, fmt.Sprintf("/v1/sys/policies/acl/%s", name))
|
2015-04-02 00:59:41 +00:00
|
|
|
if err := r.SetJSONBody(body); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2022-03-23 21:47:43 +00:00
|
|
|
resp, err := c.c.rawRequestWithContext(ctx, r)
|
2015-04-02 00:59:41 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
defer resp.Body.Close()
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *Sys) DeletePolicy(name string) error {
|
2022-03-23 21:47:43 +00:00
|
|
|
return c.DeletePolicyWithContext(context.Background(), name)
|
|
|
|
}
|
2018-07-24 22:49:55 +00:00
|
|
|
|
2022-03-23 21:47:43 +00:00
|
|
|
func (c *Sys) DeletePolicyWithContext(ctx context.Context, name string) error {
|
|
|
|
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
|
2018-07-24 22:49:55 +00:00
|
|
|
defer cancelFunc()
|
2022-03-23 21:47:43 +00:00
|
|
|
|
2022-03-24 17:58:03 +00:00
|
|
|
r := c.c.NewRequest(http.MethodDelete, fmt.Sprintf("/v1/sys/policies/acl/%s", name))
|
2022-03-23 21:47:43 +00:00
|
|
|
|
|
|
|
resp, err := c.c.rawRequestWithContext(ctx, r)
|
2015-04-02 00:59:41 +00:00
|
|
|
if err == nil {
|
|
|
|
defer resp.Body.Close()
|
|
|
|
}
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
type getPoliciesResp struct {
|
|
|
|
Rules string `json:"rules"`
|
|
|
|
}
|
|
|
|
|
|
|
|
type listPoliciesResp struct {
|
|
|
|
Policies []string `json:"policies"`
|
|
|
|
}
|