open-vault/api/sys_policy.go

138 lines
3.1 KiB
Go
Raw Normal View History

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
2015-04-02 00:59:41 +00:00
package api
import (
"context"
"errors"
"fmt"
"net/http"
"github.com/mitchellh/mapstructure"
)
2015-04-02 00:59:41 +00:00
func (c *Sys) ListPolicies() ([]string, error) {
return c.ListPoliciesWithContext(context.Background())
}
func (c *Sys) ListPoliciesWithContext(ctx context.Context) ([]string, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest("LIST", "/v1/sys/policies/acl")
// Set this for broader compatibility, but we use LIST above to be able to
// handle the wrapping lookup function
r.Method = http.MethodGet
r.Params.Set("list", "true")
resp, err := c.c.rawRequestWithContext(ctx, r)
2015-04-02 00:59:41 +00:00
if err != nil {
return nil, err
}
defer resp.Body.Close()
secret, err := ParseSecret(resp.Body)
2016-08-08 20:00:31 +00:00
if err != nil {
return nil, err
}
if secret == nil || secret.Data == nil {
return nil, errors.New("data from server response is empty")
2016-08-08 20:00:31 +00:00
}
var result []string
err = mapstructure.Decode(secret.Data["keys"], &result)
if err != nil {
return nil, err
2016-08-08 20:00:31 +00:00
}
return result, err
2015-04-02 00:59:41 +00:00
}
func (c *Sys) GetPolicy(name string) (string, error) {
return c.GetPolicyWithContext(context.Background(), name)
}
func (c *Sys) GetPolicyWithContext(ctx context.Context, name string) (string, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest(http.MethodGet, fmt.Sprintf("/v1/sys/policies/acl/%s", name))
resp, err := c.c.rawRequestWithContext(ctx, r)
2015-07-13 09:20:00 +00:00
if resp != nil {
defer resp.Body.Close()
if resp.StatusCode == 404 {
return "", nil
}
}
2015-04-02 00:59:41 +00:00
if err != nil {
return "", err
}
secret, err := ParseSecret(resp.Body)
2016-08-08 20:00:31 +00:00
if err != nil {
return "", err
}
if secret == nil || secret.Data == nil {
return "", errors.New("data from server response is empty")
2017-10-23 20:52:56 +00:00
}
if policyRaw, ok := secret.Data["policy"]; ok {
2017-10-23 20:52:56 +00:00
return policyRaw.(string), nil
2016-08-08 20:00:31 +00:00
}
2017-10-23 20:52:56 +00:00
return "", fmt.Errorf("no policy found in response")
2015-04-02 00:59:41 +00:00
}
func (c *Sys) PutPolicy(name, rules string) error {
return c.PutPolicyWithContext(context.Background(), name, rules)
}
func (c *Sys) PutPolicyWithContext(ctx context.Context, name, rules string) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
2015-04-02 00:59:41 +00:00
body := map[string]string{
"policy": rules,
2015-04-02 00:59:41 +00:00
}
r := c.c.NewRequest(http.MethodPut, fmt.Sprintf("/v1/sys/policies/acl/%s", name))
2015-04-02 00:59:41 +00:00
if err := r.SetJSONBody(body); err != nil {
return err
}
resp, err := c.c.rawRequestWithContext(ctx, r)
2015-04-02 00:59:41 +00:00
if err != nil {
return err
}
defer resp.Body.Close()
return nil
}
func (c *Sys) DeletePolicy(name string) error {
return c.DeletePolicyWithContext(context.Background(), name)
}
func (c *Sys) DeletePolicyWithContext(ctx context.Context, name string) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest(http.MethodDelete, fmt.Sprintf("/v1/sys/policies/acl/%s", name))
resp, err := c.c.rawRequestWithContext(ctx, r)
2015-04-02 00:59:41 +00:00
if err == nil {
defer resp.Body.Close()
}
return err
}
type getPoliciesResp struct {
Rules string `json:"rules"`
}
type listPoliciesResp struct {
Policies []string `json:"policies"`
}