vault: spec out expiration manager API
This commit is contained in:
parent
86c7a4c155
commit
e77ce26d31
|
@ -1,5 +1,7 @@
|
||||||
package vault
|
package vault
|
||||||
|
|
||||||
|
import "time"
|
||||||
|
|
||||||
const (
|
const (
|
||||||
// expirationSubPath is the sub-path used for the expiration manager
|
// expirationSubPath is the sub-path used for the expiration manager
|
||||||
// view. This is nested under the system view.
|
// view. This is nested under the system view.
|
||||||
|
@ -11,13 +13,15 @@ const (
|
||||||
// If a secret is not renewed in timely manner, it may be expired, and
|
// If a secret is not renewed in timely manner, it may be expired, and
|
||||||
// the ExpirationManager will handle doing automatic revocation.
|
// the ExpirationManager will handle doing automatic revocation.
|
||||||
type ExpirationManager struct {
|
type ExpirationManager struct {
|
||||||
|
router *Router
|
||||||
view *BarrierView
|
view *BarrierView
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewExpirationManager creates a new ExpirationManager that is backed
|
// NewExpirationManager creates a new ExpirationManager that is backed
|
||||||
// using a given view.
|
// using a given view, and uses the provided router for revocation.
|
||||||
func NewExpirationManager(view *BarrierView) *ExpirationManager {
|
func NewExpirationManager(router *Router, view *BarrierView) *ExpirationManager {
|
||||||
exp := &ExpirationManager{
|
exp := &ExpirationManager{
|
||||||
|
router: router,
|
||||||
view: view,
|
view: view,
|
||||||
}
|
}
|
||||||
return exp
|
return exp
|
||||||
|
@ -30,7 +34,32 @@ func (c *Core) setupExpiration() error {
|
||||||
view := c.systemView.SubView(expirationSubPath)
|
view := c.systemView.SubView(expirationSubPath)
|
||||||
|
|
||||||
// Create the manager
|
// Create the manager
|
||||||
mgr := NewExpirationManager(view)
|
mgr := NewExpirationManager(c.router, view)
|
||||||
c.expiration = mgr
|
c.expiration = mgr
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Revoke is used to revoke a secret named by the given vaultID
|
||||||
|
func (m *ExpirationManager) Revoke(vaultID string) error {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// RevokePrefix is used to revoke all secrets with a given prefix.
|
||||||
|
// The prefix maps to that of the mount table to make this simpler
|
||||||
|
// to reason about.
|
||||||
|
func (m *ExpirationManager) RevokePrefix(prefix string) error {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Renew is used to renew a secret using the given vaultID
|
||||||
|
// and a renew interval. The increment may be ignored.
|
||||||
|
func (m *ExpirationManager) Renew(vaultID string, increment time.Duration) (*Lease, error) {
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Register is used to take a request and response with an associated
|
||||||
|
// lease. The secret gets assigned a vaultId and the management of
|
||||||
|
// of lease is assumed by the expiration manager.
|
||||||
|
func (m *ExpirationManager) Register(req *Request, resp *Response) (string, error) {
|
||||||
|
return "", nil
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue