diff --git a/builtin/credential/aws/path_config_client.go b/builtin/credential/aws/path_config_client.go index 05e080af5..58a8cea2c 100644 --- a/builtin/credential/aws/path_config_client.go +++ b/builtin/credential/aws/path_config_client.go @@ -4,7 +4,6 @@ import ( "context" "github.com/aws/aws-sdk-go/aws" - "github.com/fatih/structs" "github.com/hashicorp/vault/logical" "github.com/hashicorp/vault/logical/framework" ) @@ -115,7 +114,15 @@ func (b *backend) pathConfigClientRead(ctx context.Context, req *logical.Request } return &logical.Response{ - Data: structs.New(clientConfig).Map(), + Data: map[string]interface{}{ + "access_key": clientConfig.AccessKey, + "secret_key": clientConfig.SecretKey, + "endpoint": clientConfig.Endpoint, + "iam_endpoint": clientConfig.IAMEndpoint, + "sts_endpoint": clientConfig.STSEndpoint, + "iam_server_id_header_value": clientConfig.IAMServerIdHeaderValue, + "max_retries": clientConfig.MaxRetries, + }, }, nil } @@ -261,12 +268,12 @@ func (b *backend) pathConfigClientCreateUpdate(ctx context.Context, req *logical // Struct to hold 'aws_access_key' and 'aws_secret_key' that are required to // interact with the AWS EC2 API. type clientConfig struct { - AccessKey string `json:"access_key" structs:"access_key" mapstructure:"access_key"` - SecretKey string `json:"secret_key" structs:"secret_key" mapstructure:"secret_key"` - Endpoint string `json:"endpoint" structs:"endpoint" mapstructure:"endpoint"` - IAMEndpoint string `json:"iam_endpoint" structs:"iam_endpoint" mapstructure:"iam_endpoint"` - STSEndpoint string `json:"sts_endpoint" structs:"sts_endpoint" mapstructure:"sts_endpoint"` - IAMServerIdHeaderValue string `json:"iam_server_id_header_value" structs:"iam_server_id_header_value" mapstructure:"iam_server_id_header_value"` + AccessKey string `json:"access_key" mapstructure:"access_key"` + SecretKey string `json:"secret_key" mapstructure:"secret_key"` + Endpoint string `json:"endpoint" mapstructure:"endpoint"` + IAMEndpoint string `json:"iam_endpoint" mapstructure:"iam_endpoint"` + STSEndpoint string `json:"sts_endpoint" mapstructure:"sts_endpoint"` + IAMServerIdHeaderValue string `json:"iam_server_id_header_value" mapstructure:"iam_server_id_header_value"` MaxRetries int `json:"max_retries"` } diff --git a/builtin/credential/aws/path_config_sts.go b/builtin/credential/aws/path_config_sts.go index 067ebffab..a01f3fc00 100644 --- a/builtin/credential/aws/path_config_sts.go +++ b/builtin/credential/aws/path_config_sts.go @@ -4,14 +4,13 @@ import ( "context" "fmt" - "github.com/fatih/structs" "github.com/hashicorp/vault/logical" "github.com/hashicorp/vault/logical/framework" ) // awsStsEntry is used to store details of an STS role for assumption type awsStsEntry struct { - StsRole string `json:"sts_role" structs:"sts_role" mapstructure:"sts_role"` + StsRole string `json:"sts_role" mapstructure:"sts_role"` } func pathListSts(b *backend) *framework.Path { @@ -170,7 +169,9 @@ func (b *backend) pathConfigStsRead(ctx context.Context, req *logical.Request, d } return &logical.Response{ - Data: structs.New(stsEntry).Map(), + Data: map[string]interface{}{ + "sts_role": stsEntry.StsRole, + }, }, nil } diff --git a/builtin/credential/aws/path_config_tidy_identity_whitelist.go b/builtin/credential/aws/path_config_tidy_identity_whitelist.go index c18fc06f3..7e4f706b0 100644 --- a/builtin/credential/aws/path_config_tidy_identity_whitelist.go +++ b/builtin/credential/aws/path_config_tidy_identity_whitelist.go @@ -4,7 +4,6 @@ import ( "context" "fmt" - "github.com/fatih/structs" "github.com/hashicorp/vault/logical" "github.com/hashicorp/vault/logical/framework" ) @@ -123,7 +122,10 @@ func (b *backend) pathConfigTidyIdentityWhitelistRead(ctx context.Context, req * } return &logical.Response{ - Data: structs.New(clientConfig).Map(), + Data: map[string]interface{}{ + "safety_buffer": clientConfig.SafetyBuffer, + "disable_periodic_tidy": clientConfig.DisablePeriodicTidy, + }, }, nil } @@ -135,8 +137,8 @@ func (b *backend) pathConfigTidyIdentityWhitelistDelete(ctx context.Context, req } type tidyWhitelistIdentityConfig struct { - SafetyBuffer int `json:"safety_buffer" structs:"safety_buffer" mapstructure:"safety_buffer"` - DisablePeriodicTidy bool `json:"disable_periodic_tidy" structs:"disable_periodic_tidy" mapstructure:"disable_periodic_tidy"` + SafetyBuffer int `json:"safety_buffer" mapstructure:"safety_buffer"` + DisablePeriodicTidy bool `json:"disable_periodic_tidy" mapstructure:"disable_periodic_tidy"` } const pathConfigTidyIdentityWhitelistHelpSyn = ` diff --git a/builtin/credential/aws/path_config_tidy_roletag_blacklist.go b/builtin/credential/aws/path_config_tidy_roletag_blacklist.go index 69f0b7cf0..33ab8049a 100644 --- a/builtin/credential/aws/path_config_tidy_roletag_blacklist.go +++ b/builtin/credential/aws/path_config_tidy_roletag_blacklist.go @@ -4,7 +4,6 @@ import ( "context" "fmt" - "github.com/fatih/structs" "github.com/hashicorp/vault/logical" "github.com/hashicorp/vault/logical/framework" ) @@ -124,7 +123,10 @@ func (b *backend) pathConfigTidyRoletagBlacklistRead(ctx context.Context, req *l } return &logical.Response{ - Data: structs.New(clientConfig).Map(), + Data: map[string]interface{}{ + "safety_buffer": clientConfig.SafetyBuffer, + "disable_periodic_tidy": clientConfig.DisablePeriodicTidy, + }, }, nil } @@ -136,8 +138,8 @@ func (b *backend) pathConfigTidyRoletagBlacklistDelete(ctx context.Context, req } type tidyBlacklistRoleTagConfig struct { - SafetyBuffer int `json:"safety_buffer" structs:"safety_buffer" mapstructure:"safety_buffer"` - DisablePeriodicTidy bool `json:"disable_periodic_tidy" structs:"disable_periodic_tidy" mapstructure:"disable_periodic_tidy"` + SafetyBuffer int `json:"safety_buffer" mapstructure:"safety_buffer"` + DisablePeriodicTidy bool `json:"disable_periodic_tidy" mapstructure:"disable_periodic_tidy"` } const pathConfigTidyRoletagBlacklistHelpSyn = ` diff --git a/builtin/credential/aws/path_identity_whitelist.go b/builtin/credential/aws/path_identity_whitelist.go index 8ae93baa3..1e4b82870 100644 --- a/builtin/credential/aws/path_identity_whitelist.go +++ b/builtin/credential/aws/path_identity_whitelist.go @@ -4,7 +4,6 @@ import ( "context" "time" - "github.com/fatih/structs" "github.com/hashicorp/vault/logical" "github.com/hashicorp/vault/logical/framework" ) @@ -109,25 +108,28 @@ func (b *backend) pathIdentityWhitelistRead(ctx context.Context, req *logical.Re return nil, nil } - resp := &logical.Response{ - Data: structs.New(entry).Map(), - } - resp.Data["creation_time"] = entry.CreationTime.Format(time.RFC3339Nano) - resp.Data["expiration_time"] = entry.ExpirationTime.Format(time.RFC3339Nano) - resp.Data["last_updated_time"] = entry.LastUpdatedTime.Format(time.RFC3339Nano) - - return resp, nil + return &logical.Response{ + Data: map[string]interface{}{ + "role": entry.Role, + "client_nonce": entry.ClientNonce, + "creation_time": entry.CreationTime.Format(time.RFC3339Nano), + "disallow_reauthentication": entry.DisallowReauthentication, + "pending_time": entry.PendingTime, + "expiration_time": entry.ExpirationTime.Format(time.RFC3339Nano), + "last_updated_time": entry.LastUpdatedTime.Format(time.RFC3339Nano), + }, + }, nil } // Struct to represent each item in the identity whitelist. type whitelistIdentity struct { - Role string `json:"role" structs:"role" mapstructure:"role"` - ClientNonce string `json:"client_nonce" structs:"client_nonce" mapstructure:"client_nonce"` - CreationTime time.Time `json:"creation_time" structs:"creation_time" mapstructure:"creation_time"` - DisallowReauthentication bool `json:"disallow_reauthentication" structs:"disallow_reauthentication" mapstructure:"disallow_reauthentication"` - PendingTime string `json:"pending_time" structs:"pending_time" mapstructure:"pending_time"` - ExpirationTime time.Time `json:"expiration_time" structs:"expiration_time" mapstructure:"expiration_time"` - LastUpdatedTime time.Time `json:"last_updated_time" structs:"last_updated_time" mapstructure:"last_updated_time"` + Role string `json:"role" mapstructure:"role"` + ClientNonce string `json:"client_nonce" mapstructure:"client_nonce"` + CreationTime time.Time `json:"creation_time" mapstructure:"creation_time"` + DisallowReauthentication bool `json:"disallow_reauthentication" mapstructure:"disallow_reauthentication"` + PendingTime string `json:"pending_time" mapstructure:"pending_time"` + ExpirationTime time.Time `json:"expiration_time" mapstructure:"expiration_time"` + LastUpdatedTime time.Time `json:"last_updated_time" mapstructure:"last_updated_time"` } const pathIdentityWhitelistSyn = ` diff --git a/builtin/credential/aws/path_role.go b/builtin/credential/aws/path_role.go index a1903724e..a7eae04f0 100644 --- a/builtin/credential/aws/path_role.go +++ b/builtin/credential/aws/path_role.go @@ -6,7 +6,6 @@ import ( "strings" "time" - "github.com/fatih/structs" "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/helper/policyutil" "github.com/hashicorp/vault/logical" @@ -405,19 +404,29 @@ func (b *backend) pathRoleRead(ctx context.Context, req *logical.Request, data * return nil, nil } - // Prepare the map of all the entries in the roleEntry. - respData := structs.New(roleEntry).Map() - - // HMAC key belonging to the role should NOT be exported. - delete(respData, "hmac_key") - - // Display all the durations in seconds - respData["ttl"] = roleEntry.TTL / time.Second - respData["max_ttl"] = roleEntry.MaxTTL / time.Second - respData["period"] = roleEntry.Period / time.Second - return &logical.Response{ - Data: respData, + Data: map[string]interface{}{ + "auth_type": roleEntry.AuthType, + "bound_ami_id": roleEntry.BoundAmiID, + "bound_account_id": roleEntry.BoundAccountID, + "bound_iam_principal_arn": roleEntry.BoundIamPrincipalARN, + "bound_iam_principal_id": roleEntry.BoundIamPrincipalID, + "bound_iam_role_arn": roleEntry.BoundIamRoleARN, + "bound_iam_instance_profile_arn": roleEntry.BoundIamInstanceProfileARN, + "bound_region": roleEntry.BoundRegion, + "bound_subnet_id": roleEntry.BoundSubnetID, + "bound_vpc_id": roleEntry.BoundVpcID, + "inferred_entity_type": roleEntry.InferredEntityType, + "inferred_aws_region": roleEntry.InferredAWSRegion, + "resolve_aws_unique_ids": roleEntry.ResolveAWSUniqueIDs, + "role_tag": roleEntry.RoleTag, + "allow_instance_migration": roleEntry.AllowInstanceMigration, + "ttl": roleEntry.TTL / time.Second, + "max_ttl": roleEntry.MaxTTL / time.Second, + "policies": roleEntry.Policies, + "disallow_reauthentication": roleEntry.DisallowReauthentication, + "period": roleEntry.Period / time.Second, + }, }, nil } @@ -744,27 +753,27 @@ func (b *backend) pathRoleCreateUpdate(ctx context.Context, req *logical.Request // Struct to hold the information associated with an AMI ID in Vault. type awsRoleEntry struct { - AuthType string `json:"auth_type" structs:"auth_type" mapstructure:"auth_type"` - BoundAmiID string `json:"bound_ami_id" structs:"bound_ami_id" mapstructure:"bound_ami_id"` - BoundAccountID string `json:"bound_account_id" structs:"bound_account_id" mapstructure:"bound_account_id"` - BoundIamPrincipalARN string `json:"bound_iam_principal_arn" structs:"bound_iam_principal_arn" mapstructure:"bound_iam_principal_arn"` - BoundIamPrincipalID string `json:"bound_iam_principal_id" structs:"bound_iam_principal_id" mapstructure:"bound_iam_principal_id"` - BoundIamRoleARN string `json:"bound_iam_role_arn" structs:"bound_iam_role_arn" mapstructure:"bound_iam_role_arn"` - BoundIamInstanceProfileARN string `json:"bound_iam_instance_profile_arn" structs:"bound_iam_instance_profile_arn" mapstructure:"bound_iam_instance_profile_arn"` - BoundRegion string `json:"bound_region" structs:"bound_region" mapstructure:"bound_region"` - BoundSubnetID string `json:"bound_subnet_id" structs:"bound_subnet_id" mapstructure:"bound_subnet_id"` - BoundVpcID string `json:"bound_vpc_id" structs:"bound_vpc_id" mapstructure:"bound_vpc_id"` - InferredEntityType string `json:"inferred_entity_type" structs:"inferred_entity_type" mapstructure:"inferred_entity_type"` - InferredAWSRegion string `json:"inferred_aws_region" structs:"inferred_aws_region" mapstructure:"inferred_aws_region"` - ResolveAWSUniqueIDs bool `json:"resolve_aws_unique_ids" structs:"resolve_aws_unique_ids" mapstructure:"resolve_aws_unique_ids"` - RoleTag string `json:"role_tag" structs:"role_tag" mapstructure:"role_tag"` - AllowInstanceMigration bool `json:"allow_instance_migration" structs:"allow_instance_migration" mapstructure:"allow_instance_migration"` - TTL time.Duration `json:"ttl" structs:"ttl" mapstructure:"ttl"` - MaxTTL time.Duration `json:"max_ttl" structs:"max_ttl" mapstructure:"max_ttl"` - Policies []string `json:"policies" structs:"policies" mapstructure:"policies"` - DisallowReauthentication bool `json:"disallow_reauthentication" structs:"disallow_reauthentication" mapstructure:"disallow_reauthentication"` - HMACKey string `json:"hmac_key" structs:"hmac_key" mapstructure:"hmac_key"` - Period time.Duration `json:"period" mapstructure:"period" structs:"period"` + AuthType string `json:"auth_type" mapstructure:"auth_type"` + BoundAmiID string `json:"bound_ami_id" mapstructure:"bound_ami_id"` + BoundAccountID string `json:"bound_account_id" mapstructure:"bound_account_id"` + BoundIamPrincipalARN string `json:"bound_iam_principal_arn" mapstructure:"bound_iam_principal_arn"` + BoundIamPrincipalID string `json:"bound_iam_principal_id" mapstructure:"bound_iam_principal_id"` + BoundIamRoleARN string `json:"bound_iam_role_arn" mapstructure:"bound_iam_role_arn"` + BoundIamInstanceProfileARN string `json:"bound_iam_instance_profile_arn" mapstructure:"bound_iam_instance_profile_arn"` + BoundRegion string `json:"bound_region" mapstructure:"bound_region"` + BoundSubnetID string `json:"bound_subnet_id" mapstructure:"bound_subnet_id"` + BoundVpcID string `json:"bound_vpc_id" mapstructure:"bound_vpc_id"` + InferredEntityType string `json:"inferred_entity_type" mapstructure:"inferred_entity_type"` + InferredAWSRegion string `json:"inferred_aws_region" mapstructure:"inferred_aws_region"` + ResolveAWSUniqueIDs bool `json:"resolve_aws_unique_ids" mapstructure:"resolve_aws_unique_ids"` + RoleTag string `json:"role_tag" mapstructure:"role_tag"` + AllowInstanceMigration bool `json:"allow_instance_migration" mapstructure:"allow_instance_migration"` + TTL time.Duration `json:"ttl" mapstructure:"ttl"` + MaxTTL time.Duration `json:"max_ttl" mapstructure:"max_ttl"` + Policies []string `json:"policies" mapstructure:"policies"` + DisallowReauthentication bool `json:"disallow_reauthentication" mapstructure:"disallow_reauthentication"` + HMACKey string `json:"hmac_key" mapstructure:"hmac_key"` + Period time.Duration `json:"period" mapstructure:"period"` } const pathRoleSyn = `