open-vault/builtin/logical/consul/secret_token.go

package consul

import (
	"fmt"

	"github.com/hashicorp/vault/logical"
	"github.com/hashicorp/vault/logical/framework"
)

const (
	SecretTokenType = "token"
)

func secretToken(b *backend) *framework.Secret {
	return &framework.Secret{
		Type: SecretTokenType,
		Fields: map[string]*framework.FieldSchema{
			"token": &framework.FieldSchema{
				Type:        framework.TypeString,
				Description: "Request token",
			},
		},

		Renew:  b.secretTokenRenew,
		Revoke: secretTokenRevoke,
	}
}

func (b *backend) secretTokenRenew(
	req *logical.Request, d *framework.FieldData) (*logical.Response, error) {

	return framework.LeaseExtend(0, 0, b.System())(req, d)
}

func secretTokenRevoke(
	req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
	c, err := client(req.Storage)
	if err != nil {
		return nil, err
	}

	tokenRaw, ok := req.Secret.InternalData["token"]
	if !ok {
		return nil, fmt.Errorf("secret is missing internal data: token")
	}

	_, err = c.ACL().Destroy(tokenRaw.(string), nil)
	if err != nil {
		return nil, err
	}

	return nil, nil
}
logical/consul 2015-03-21 16:19:37 +00:00			`package consul`

			`import (`
Fix the consul secret backends renewal revocation problem 2016-05-26 03:24:10 +00:00			`"fmt"`

logical/consul 2015-03-21 16:19:37 +00:00			`"github.com/hashicorp/vault/logical"`
			`"github.com/hashicorp/vault/logical/framework"`
			`)`

logical/consul: custom lease time for roles 2015-05-26 00:33:31 +00:00			`const (`
Make backends much more consistent: 1) Use the new LeaseExtend 2) Use default values controlled by mount tuning/system defaults instead of a random hard coded value 3) Remove grace periods 2016-01-29 22:44:09 +00:00			`SecretTokenType = "token"`
logical/consul: custom lease time for roles 2015-05-26 00:33:31 +00:00			`)`
logical/consul 2015-03-21 16:19:37 +00:00
Make backends much more consistent: 1) Use the new LeaseExtend 2) Use default values controlled by mount tuning/system defaults instead of a random hard coded value 3) Remove grace periods 2016-01-29 22:44:09 +00:00			`func secretToken(b backend) framework.Secret {`
logical/consul 2015-03-21 16:19:37 +00:00			`return &framework.Secret{`
			`Type: SecretTokenType,`
			`Fields: map[string]*framework.FieldSchema{`
			`"token": &framework.FieldSchema{`
			`Type: framework.TypeString,`
			`Description: "Request token",`
			`},`
			`},`

Make backends much more consistent: 1) Use the new LeaseExtend 2) Use default values controlled by mount tuning/system defaults instead of a random hard coded value 3) Remove grace periods 2016-01-29 22:44:09 +00:00			`Renew: b.secretTokenRenew,`
logical/consul 2015-03-21 16:19:37 +00:00			`Revoke: secretTokenRevoke,`
			`}`
			`}`

Make backends much more consistent: 1) Use the new LeaseExtend 2) Use default values controlled by mount tuning/system defaults instead of a random hard coded value 3) Remove grace periods 2016-01-29 22:44:09 +00:00			`func (b *backend) secretTokenRenew(`
			`req logical.Request, d framework.FieldData) (*logical.Response, error) {`

			`return framework.LeaseExtend(0, 0, b.System())(req, d)`
			`}`

logical/consul 2015-03-21 16:19:37 +00:00			`func secretTokenRevoke(`
			`req logical.Request, d framework.FieldData) (*logical.Response, error) {`
			`c, err := client(req.Storage)`
			`if err != nil {`
s/logical.ErrorResponse/fmt.Errorf in revocation functions of secrets 2016-05-26 14:04:11 +00:00			`return nil, err`
logical/consul 2015-03-21 16:19:37 +00:00			`}`

Fix the consul secret backends renewal revocation problem 2016-05-26 03:24:10 +00:00			`tokenRaw, ok := req.Secret.InternalData["token"]`
			`if !ok {`
			`return nil, fmt.Errorf("secret is missing internal data: token")`
			`}`

			`_, err = c.ACL().Destroy(tokenRaw.(string), nil)`
logical/consul 2015-03-21 16:19:37 +00:00			`if err != nil {`
s/logical.ErrorResponse/fmt.Errorf in revocation functions of secrets 2016-05-26 14:04:11 +00:00			`return nil, err`
logical/consul 2015-03-21 16:19:37 +00:00			`}`

			`return nil, nil`
			`}`