27ad920399
* feat: add redshift database plugin * build: update vendored libraries * docs: add reference doc for redshift variant of the database secrets engine * feat: set middlewear type name for better metrics naming (#8346) Co-authored-by: Becca Petrin <beccapetrin@gmail.com>
88 lines
2.1 KiB
Go
88 lines
2.1 KiB
Go
package credsutil
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/hashicorp/vault/sdk/database/dbplugin"
|
|
)
|
|
|
|
const (
|
|
NoneLength int = -1
|
|
)
|
|
|
|
// SQLCredentialsProducer implements CredentialsProducer and provides a generic credentials producer for most sql database types.
|
|
type SQLCredentialsProducer struct {
|
|
DisplayNameLen int
|
|
RoleNameLen int
|
|
UsernameLen int
|
|
Separator string
|
|
LowercaseUsername bool
|
|
}
|
|
|
|
func (scp *SQLCredentialsProducer) GenerateCredentials(ctx context.Context) (string, error) {
|
|
password, err := scp.GeneratePassword()
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
return password, nil
|
|
}
|
|
|
|
func (scp *SQLCredentialsProducer) GenerateUsername(config dbplugin.UsernameConfig) (string, error) {
|
|
username := "v"
|
|
|
|
displayName := config.DisplayName
|
|
if scp.DisplayNameLen > 0 && len(displayName) > scp.DisplayNameLen {
|
|
displayName = displayName[:scp.DisplayNameLen]
|
|
} else if scp.DisplayNameLen == NoneLength {
|
|
displayName = ""
|
|
}
|
|
|
|
if len(displayName) > 0 {
|
|
username = fmt.Sprintf("%s%s%s", username, scp.Separator, displayName)
|
|
}
|
|
|
|
roleName := config.RoleName
|
|
if scp.RoleNameLen > 0 && len(roleName) > scp.RoleNameLen {
|
|
roleName = roleName[:scp.RoleNameLen]
|
|
} else if scp.RoleNameLen == NoneLength {
|
|
roleName = ""
|
|
}
|
|
|
|
if len(roleName) > 0 {
|
|
username = fmt.Sprintf("%s%s%s", username, scp.Separator, roleName)
|
|
}
|
|
|
|
userUUID, err := RandomAlphaNumeric(20, false)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
username = fmt.Sprintf("%s%s%s", username, scp.Separator, userUUID)
|
|
username = fmt.Sprintf("%s%s%s", username, scp.Separator, fmt.Sprint(time.Now().Unix()))
|
|
if scp.UsernameLen > 0 && len(username) > scp.UsernameLen {
|
|
username = username[:scp.UsernameLen]
|
|
}
|
|
|
|
if scp.LowercaseUsername {
|
|
username = strings.ToLower(username)
|
|
}
|
|
|
|
return username, nil
|
|
}
|
|
|
|
func (scp *SQLCredentialsProducer) GeneratePassword() (string, error) {
|
|
password, err := RandomAlphaNumeric(20, true)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
return password, nil
|
|
}
|
|
|
|
func (scp *SQLCredentialsProducer) GenerateExpiration(ttl time.Time) (string, error) {
|
|
return ttl.Format("2006-01-02 15:04:05-0700"), nil
|
|
}
|