2018-07-06 16:09:34 +00:00
|
|
|
package azureauth
|
2018-03-21 21:35:31 +00:00
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
|
|
|
|
"sync"
|
|
|
|
|
|
2019-04-12 21:54:35 +00:00
|
|
|
"github.com/hashicorp/vault/sdk/framework"
|
2019-04-15 18:59:52 +00:00
|
|
|
"github.com/hashicorp/vault/sdk/logical"
|
2018-03-21 21:35:31 +00:00
|
|
|
)
|
|
|
|
|
|
2018-04-07 15:20:22 +00:00
|
|
|
// Factory is used by framework
|
2018-03-21 21:35:31 +00:00
|
|
|
func Factory(ctx context.Context, c *logical.BackendConfig) (logical.Backend, error) {
|
2018-04-07 15:20:22 +00:00
|
|
|
b := backend(c)
|
2018-03-21 21:35:31 +00:00
|
|
|
if err := b.Setup(ctx, c); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return b, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type azureAuthBackend struct {
|
|
|
|
|
*framework.Backend
|
|
|
|
|
|
|
|
|
|
l sync.RWMutex
|
|
|
|
|
|
2018-03-23 20:48:05 +00:00
|
|
|
provider provider
|
2018-03-21 21:35:31 +00:00
|
|
|
}
|
|
|
|
|
|
2018-04-07 15:20:22 +00:00
|
|
|
func backend(c *logical.BackendConfig) *azureAuthBackend {
|
2018-03-21 21:35:31 +00:00
|
|
|
b := new(azureAuthBackend)
|
|
|
|
|
|
|
|
|
|
b.Backend = &framework.Backend{
|
|
|
|
|
AuthRenew: b.pathLoginRenew,
|
|
|
|
|
BackendType: logical.TypeCredential,
|
|
|
|
|
Invalidate: b.invalidate,
|
|
|
|
|
Help: backendHelp,
|
|
|
|
|
PathsSpecial: &logical.Paths{
|
|
|
|
|
Unauthenticated: []string{
|
|
|
|
|
"login",
|
|
|
|
|
},
|
|
|
|
|
SealWrapStorage: []string{
|
|
|
|
|
"config",
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
Paths: framework.PathAppend(
|
|
|
|
|
[]*framework.Path{
|
|
|
|
|
pathLogin(b),
|
|
|
|
|
pathConfig(b),
|
|
|
|
|
},
|
|
|
|
|
pathsRole(b),
|
|
|
|
|
),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return b
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (b *azureAuthBackend) invalidate(ctx context.Context, key string) {
|
|
|
|
|
switch key {
|
|
|
|
|
case "config":
|
|
|
|
|
b.reset()
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (b *azureAuthBackend) getProvider(config *azureConfig) (provider, error) {
|
|
|
|
|
b.l.RLock()
|
|
|
|
|
unlockFunc := b.l.RUnlock
|
|
|
|
|
defer func() { unlockFunc() }()
|
|
|
|
|
|
|
|
|
|
if b.provider != nil {
|
|
|
|
|
return b.provider, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Upgrade lock
|
|
|
|
|
b.l.RUnlock()
|
|
|
|
|
b.l.Lock()
|
|
|
|
|
unlockFunc = b.l.Unlock
|
|
|
|
|
|
|
|
|
|
if b.provider != nil {
|
|
|
|
|
return b.provider, nil
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-23 20:48:05 +00:00
|
|
|
provider, err := newAzureProvider(config)
|
2018-03-21 21:35:31 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
b.provider = provider
|
|
|
|
|
return b.provider, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (b *azureAuthBackend) reset() {
|
|
|
|
|
b.l.Lock()
|
|
|
|
|
defer b.l.Unlock()
|
|
|
|
|
|
|
|
|
|
b.provider = nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const backendHelp = `
|
|
|
|
|
The Azure backend plugin allows authentication for Azure .
|
|
|
|
|
`
|
