db9d9e6415
* Store original request path in WrapInfo as CreationPath * Add wrapping_token_creation_path to CLI output * Add CreationPath to AuditResponseWrapInfo * Fix tests * Add and fix tests, update API docs with new sample responses
70 lines
2.2 KiB
Go
70 lines
2.2 KiB
Go
package api
|
|
|
|
import (
|
|
"io"
|
|
"time"
|
|
|
|
"github.com/hashicorp/vault/helper/jsonutil"
|
|
)
|
|
|
|
// Secret is the structure returned for every secret within Vault.
|
|
type Secret struct {
|
|
// The request ID that generated this response
|
|
RequestID string `json:"request_id"`
|
|
|
|
LeaseID string `json:"lease_id"`
|
|
LeaseDuration int `json:"lease_duration"`
|
|
Renewable bool `json:"renewable"`
|
|
|
|
// Data is the actual contents of the secret. The format of the data
|
|
// is arbitrary and up to the secret backend.
|
|
Data map[string]interface{} `json:"data"`
|
|
|
|
// Warnings contains any warnings related to the operation. These
|
|
// are not issues that caused the command to fail, but that the
|
|
// client should be aware of.
|
|
Warnings []string `json:"warnings"`
|
|
|
|
// Auth, if non-nil, means that there was authentication information
|
|
// attached to this response.
|
|
Auth *SecretAuth `json:"auth,omitempty"`
|
|
|
|
// WrapInfo, if non-nil, means that the initial response was wrapped in the
|
|
// cubbyhole of the given token (which has a TTL of the given number of
|
|
// seconds)
|
|
WrapInfo *SecretWrapInfo `json:"wrap_info,omitempty"`
|
|
}
|
|
|
|
// SecretWrapInfo contains wrapping information if we have it. If what is
|
|
// contained is an authentication token, the accessor for the token will be
|
|
// available in WrappedAccessor.
|
|
type SecretWrapInfo struct {
|
|
Token string `json:"token"`
|
|
TTL int `json:"ttl"`
|
|
CreationTime time.Time `json:"creation_time"`
|
|
CreationPath string `json:"creation_path"`
|
|
WrappedAccessor string `json:"wrapped_accessor"`
|
|
}
|
|
|
|
// SecretAuth is the structure containing auth information if we have it.
|
|
type SecretAuth struct {
|
|
ClientToken string `json:"client_token"`
|
|
Accessor string `json:"accessor"`
|
|
Policies []string `json:"policies"`
|
|
Metadata map[string]string `json:"metadata"`
|
|
|
|
LeaseDuration int `json:"lease_duration"`
|
|
Renewable bool `json:"renewable"`
|
|
}
|
|
|
|
// ParseSecret is used to parse a secret value from JSON from an io.Reader.
|
|
func ParseSecret(r io.Reader) (*Secret, error) {
|
|
// First decode the JSON into a map[string]interface{}
|
|
var secret Secret
|
|
if err := jsonutil.DecodeJSONFromReader(r, &secret); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return &secret, nil
|
|
}
|