logical/framework: can specify renew/revoke functins for secret

logical/framework/backend.go

@@ -27,17 +27,17 @@ type Backend struct {
 	Paths     []*Path
 	PathsRoot []string
 
+	// Secrets is the list of secret types that this backend can
+	// return. It is used to automatically generate proper responses,
+	// and ease specifying callbacks for revocation, renewal, etc.
+	Secrets []*Secret
+
 	// Rollback is called when a WAL entry (see wal.go) has to be rolled
 	// back. It is called with the data from the entry. Boolean true should
 	// be returned on success. Errors should just be logged.
 	Rollback       func(kind string, data interface{}) bool
 	RollbackMinAge time.Duration
 
-	// Secrets is the list of secret types that this backend can
-	// return. It is used to automatically generate proper responses,
-	// and ease specifying callbacks for revocation, renewal, etc.
-	Secrets []*Secret
-
 	once    sync.Once
 	pathsRe []*regexp.Regexp
 }

logical/framework/secret.go

@@ -21,14 +21,19 @@ type Secret struct {
 	// the structure of this secret.
 	Fields map[string]*FieldSchema
 
-	// Renewable is whether or not this secret type can be renewed.
-	Renewable bool
-
 	// DefaultDuration and DefaultGracePeriod are the default values for
 	// the duration of the lease for this secret and its grace period. These
 	// can be manually overwritten with the result of Response().
 	DefaultDuration    time.Duration
 	DefaultGracePeriod time.Duration
+
+	// Below are the operations that can be called on the secret.
+	//
+	// Renew, if not set, will mark the secret as not renewable.
+	//
+	// Revoke is required.
+	Renew  OperationFunc
+	Revoke OperationFunc
 }
 
 // SecretType is the type of the secret with the given ID.
@@ -53,7 +58,7 @@ func (s *Secret) Response(
 		IsSecret: true,
 		Lease: &logical.Lease{
 			VaultID:     id,
-			Renewable:   s.Renewable,
+			Renewable:   s.Renew != nil,
 			Duration:    s.DefaultDuration,
 			GracePeriod: s.DefaultGracePeriod,
 		},