707e270f54
* Added lookup endpoint for entity * Address review comments
305 lines
8.7 KiB
Go
305 lines
8.7 KiB
Go
package vault
|
|
|
|
import (
|
|
"fmt"
|
|
"strings"
|
|
|
|
"github.com/hashicorp/vault/helper/identity"
|
|
"github.com/hashicorp/vault/logical"
|
|
"github.com/hashicorp/vault/logical/framework"
|
|
)
|
|
|
|
func lookupPaths(i *IdentityStore) []*framework.Path {
|
|
return []*framework.Path{
|
|
{
|
|
Pattern: "lookup/entity$",
|
|
Fields: map[string]*framework.FieldSchema{
|
|
"type": {
|
|
Type: framework.TypeString,
|
|
Description: "Type of lookup. Current supported values are 'id' and 'name'.",
|
|
},
|
|
"name": {
|
|
Type: framework.TypeString,
|
|
Description: "Name of the entity.",
|
|
},
|
|
"id": {
|
|
Type: framework.TypeString,
|
|
Description: "ID of the entity.",
|
|
},
|
|
},
|
|
Callbacks: map[logical.Operation]framework.OperationFunc{
|
|
logical.UpdateOperation: i.pathLookupEntityUpdate,
|
|
},
|
|
|
|
HelpSynopsis: strings.TrimSpace(lookupHelp["lookup-entity"][0]),
|
|
HelpDescription: strings.TrimSpace(lookupHelp["lookup-entity"][1]),
|
|
},
|
|
{
|
|
Pattern: "lookup/group$",
|
|
Fields: map[string]*framework.FieldSchema{
|
|
"type": {
|
|
Type: framework.TypeString,
|
|
Description: "Type of lookup. Current supported values are 'id' and 'name'",
|
|
},
|
|
"name": {
|
|
Type: framework.TypeString,
|
|
Description: "Name of the group.",
|
|
},
|
|
"id": {
|
|
Type: framework.TypeString,
|
|
Description: "ID of the group.",
|
|
},
|
|
},
|
|
Callbacks: map[logical.Operation]framework.OperationFunc{
|
|
logical.UpdateOperation: i.pathLookupGroupUpdate,
|
|
},
|
|
|
|
HelpSynopsis: strings.TrimSpace(lookupHelp["lookup-group"][0]),
|
|
HelpDescription: strings.TrimSpace(lookupHelp["lookup-group"][1]),
|
|
},
|
|
{
|
|
Pattern: "lookup/entity-alias$",
|
|
Fields: map[string]*framework.FieldSchema{
|
|
"type": {
|
|
Type: framework.TypeString,
|
|
Description: "Type of lookup. Current supported values are 'id', 'canonical_id' and 'factors'.",
|
|
},
|
|
"id": {
|
|
Type: framework.TypeString,
|
|
Description: "ID of the entity.",
|
|
},
|
|
"canonical_id": {
|
|
Type: framework.TypeString,
|
|
Description: "ID of the entity to which the alias belongs to.",
|
|
},
|
|
"name": {
|
|
Type: framework.TypeString,
|
|
Description: "Name of the alias.",
|
|
},
|
|
"mount_accessor": {
|
|
Type: framework.TypeString,
|
|
Description: "Accessor of the mount to which the entity alias belongs to.",
|
|
},
|
|
},
|
|
Callbacks: map[logical.Operation]framework.OperationFunc{
|
|
logical.UpdateOperation: i.pathLookupEntityAliasUpdate,
|
|
},
|
|
|
|
HelpSynopsis: strings.TrimSpace(lookupHelp["lookup-entity-alias"][0]),
|
|
HelpDescription: strings.TrimSpace(lookupHelp["lookup-entity-alias"][1]),
|
|
},
|
|
{
|
|
Pattern: "lookup/group-alias$",
|
|
Fields: map[string]*framework.FieldSchema{
|
|
"type": {
|
|
Type: framework.TypeString,
|
|
Description: "Type of lookup. Current supported values are 'id', 'canonical_id' and 'factors'.",
|
|
},
|
|
"id": {
|
|
Type: framework.TypeString,
|
|
Description: "ID of the group.",
|
|
},
|
|
"canonical_id": {
|
|
Type: framework.TypeString,
|
|
Description: "ID of the group to which the alias belongs to.",
|
|
},
|
|
"name": {
|
|
Type: framework.TypeString,
|
|
Description: "Name of the alias.",
|
|
},
|
|
"mount_accessor": {
|
|
Type: framework.TypeString,
|
|
Description: "Accessor of the mount to which the group alias belongs to.",
|
|
},
|
|
},
|
|
Callbacks: map[logical.Operation]framework.OperationFunc{
|
|
logical.UpdateOperation: i.pathLookupGroupAliasUpdate,
|
|
},
|
|
|
|
HelpSynopsis: strings.TrimSpace(lookupHelp["lookup-group-alias"][0]),
|
|
HelpDescription: strings.TrimSpace(lookupHelp["lookup-group-alias"][1]),
|
|
},
|
|
}
|
|
}
|
|
|
|
func (i *IdentityStore) pathLookupEntityUpdate(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
|
|
lookupType := d.Get("type").(string)
|
|
if lookupType == "" {
|
|
return logical.ErrorResponse("empty type"), nil
|
|
}
|
|
|
|
var entity *identity.Entity
|
|
var err error
|
|
|
|
switch lookupType {
|
|
case "id":
|
|
entityID := d.Get("id").(string)
|
|
if entityID == "" {
|
|
return logical.ErrorResponse("empty id"), nil
|
|
}
|
|
entity, err = i.MemDBEntityByID(entityID, false)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
case "name":
|
|
entityName := d.Get("name").(string)
|
|
if entityName == "" {
|
|
return logical.ErrorResponse("empty name"), nil
|
|
}
|
|
entity, err = i.MemDBEntityByName(entityName, false)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
default:
|
|
return logical.ErrorResponse(fmt.Sprintf("unrecognized type %q", lookupType)), nil
|
|
}
|
|
|
|
if entity == nil {
|
|
return nil, nil
|
|
}
|
|
|
|
return i.handleEntityReadCommon(entity)
|
|
}
|
|
|
|
func (i *IdentityStore) pathLookupGroupUpdate(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
|
|
lookupType := d.Get("type").(string)
|
|
if lookupType == "" {
|
|
return logical.ErrorResponse("empty type"), nil
|
|
}
|
|
|
|
switch lookupType {
|
|
case "id":
|
|
groupID := d.Get("id").(string)
|
|
if groupID == "" {
|
|
return logical.ErrorResponse("empty ID"), nil
|
|
}
|
|
group, err := i.MemDBGroupByID(groupID, false)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return i.handleGroupReadCommon(group)
|
|
case "name":
|
|
groupName := d.Get("name").(string)
|
|
if groupName == "" {
|
|
return logical.ErrorResponse("empty name"), nil
|
|
}
|
|
group, err := i.MemDBGroupByName(groupName, false)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return i.handleGroupReadCommon(group)
|
|
default:
|
|
return logical.ErrorResponse(fmt.Sprintf("unrecognized type %q", lookupType)), nil
|
|
}
|
|
|
|
return nil, nil
|
|
}
|
|
|
|
func (i *IdentityStore) pathLookupEntityAliasUpdate(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
|
|
return i.handleLookupAliasUpdateCommon(req, d, false)
|
|
}
|
|
|
|
func (i *IdentityStore) pathLookupGroupAliasUpdate(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
|
|
return i.handleLookupAliasUpdateCommon(req, d, true)
|
|
}
|
|
|
|
func (i *IdentityStore) handleLookupAliasUpdateCommon(req *logical.Request, d *framework.FieldData, groupAlias bool) (*logical.Response, error) {
|
|
lookupType := d.Get("type").(string)
|
|
if lookupType == "" {
|
|
return logical.ErrorResponse("empty type"), nil
|
|
}
|
|
|
|
switch lookupType {
|
|
case "id":
|
|
aliasID := d.Get("id").(string)
|
|
if aliasID == "" {
|
|
return logical.ErrorResponse("empty ID"), nil
|
|
}
|
|
|
|
alias, err := i.MemDBAliasByID(aliasID, false, groupAlias)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return i.handleAliasReadCommon(alias)
|
|
|
|
case "canonical_id":
|
|
canonicalID := d.Get("canonical_id").(string)
|
|
if canonicalID == "" {
|
|
return logical.ErrorResponse("empty canonical_id"), nil
|
|
}
|
|
|
|
alias, err := i.MemDBAliasByCanonicalID(canonicalID, false, groupAlias)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return i.handleAliasReadCommon(alias)
|
|
|
|
case "factors":
|
|
aliasName := d.Get("name").(string)
|
|
if aliasName == "" {
|
|
return logical.ErrorResponse("empty name"), nil
|
|
}
|
|
mountAccessor := d.Get("mount_accessor").(string)
|
|
if mountAccessor == "" {
|
|
return logical.ErrorResponse("empty 'mount_accessor'"), nil
|
|
}
|
|
|
|
alias, err := i.MemDBAliasByFactors(mountAccessor, aliasName, false, groupAlias)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return i.handleAliasReadCommon(alias)
|
|
|
|
default:
|
|
return logical.ErrorResponse(fmt.Sprintf("unrecognized type %q", lookupType)), nil
|
|
}
|
|
}
|
|
|
|
var lookupHelp = map[string][2]string{
|
|
"lookup-entity": {
|
|
"Query entities based on types.",
|
|
`Supported types:
|
|
- 'id'
|
|
To query the entity by its ID. This requires 'id' parameter to be set.
|
|
- 'name'
|
|
To query the entity by its name. This requires 'name' parameter to be set.
|
|
`,
|
|
},
|
|
"lookup-group": {
|
|
"Query groups based on types.",
|
|
`Supported types:
|
|
- 'id'
|
|
To query the group by its ID. This requires 'id' parameter to be set.
|
|
- 'name'
|
|
To query the group by its name. This requires 'name' parameter to be set.
|
|
`,
|
|
},
|
|
"lookup-group-alias": {
|
|
"Query group alias based on types.",
|
|
`Supported types:
|
|
- 'id'
|
|
To query the group alias by its ID. This requires 'id' parameter to be set.
|
|
- 'canonical_id'
|
|
To query the group alias by the ID of the group it belongs to. This requires the 'canonical_id' parameter to be set.
|
|
- 'factors'
|
|
To query the group alias using the factors that uniquely identifies a group alias; its name and the mount accessor. This requires the 'name' and 'mount_accessor' parameters to be set.
|
|
`,
|
|
},
|
|
"lookup-entity-alias": {
|
|
"Query entity alias based on types.",
|
|
`Supported types:
|
|
- 'id'
|
|
To query the entity alias by its ID. This requires 'id' parameter to be set.
|
|
- 'canonical_id'
|
|
To query the entity alias by the ID of the entity it belongs to. This requires the 'canonical_id' parameter to be set.
|
|
- 'factors'
|
|
To query the entity alias using the factors that uniquely identifies an entity alias; its name and the mount accessor. This requires the 'name' and 'mount_accessor' parameters to be set.
|
|
`,
|
|
},
|
|
}
|