open-vault/builtin/logical/nomad/backend.go

86 lines
1.8 KiB
Go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package nomad
import (
"context"
"github.com/hashicorp/nomad/api"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/logical"
)
const operationPrefixNomad = "nomad"
// Factory returns a Nomad backend that satisfies the logical.Backend interface
func Factory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error) {
b := Backend()
if err := b.Setup(ctx, conf); err != nil {
return nil, err
}
return b, nil
}
// Backend returns the configured Nomad backend
func Backend() *backend {
var b backend
b.Backend = &framework.Backend{
PathsSpecial: &logical.Paths{
SealWrapStorage: []string{
"config/access",
},
},
Paths: []*framework.Path{
pathConfigAccess(&b),
pathConfigLease(&b),
pathListRoles(&b),
pathRoles(&b),
pathCredsCreate(&b),
},
Secrets: []*framework.Secret{
secretToken(&b),
},
BackendType: logical.TypeLogical,
}
return &b
}
type backend struct {
*framework.Backend
}
func clientFromConfig(conf *accessConfig) (*api.Client, error) {
nomadConf := api.DefaultConfig()
if conf != nil {
if conf.Address != "" {
nomadConf.Address = conf.Address
}
if conf.Token != "" {
nomadConf.SecretID = conf.Token
}
if conf.CACert != "" {
nomadConf.TLSConfig.CACertPEM = []byte(conf.CACert)
}
if conf.ClientCert != "" {
nomadConf.TLSConfig.ClientCertPEM = []byte(conf.ClientCert)
}
if conf.ClientKey != "" {
nomadConf.TLSConfig.ClientKeyPEM = []byte(conf.ClientKey)
}
}
return api.NewClient(nomadConf)
}
func (b *backend) client(ctx context.Context, s logical.Storage) (*api.Client, error) {
conf, err := b.readConfigAccess(ctx, s)
if err != nil {
return nil, err
}
return clientFromConfig(conf)
}