open-vault/api/sys_rekey.go

483 lines
13 KiB
Go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
import (
"context"
"errors"
"net/http"
"github.com/mitchellh/mapstructure"
)
func (c *Sys) RekeyStatus() (*RekeyStatusResponse, error) {
return c.RekeyStatusWithContext(context.Background())
}
func (c *Sys) RekeyStatusWithContext(ctx context.Context) (*RekeyStatusResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest(http.MethodGet, "/v1/sys/rekey/init")
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
defer resp.Body.Close()
var result RekeyStatusResponse
err = resp.DecodeJSON(&result)
return &result, err
}
func (c *Sys) RekeyRecoveryKeyStatus() (*RekeyStatusResponse, error) {
return c.RekeyRecoveryKeyStatusWithContext(context.Background())
}
func (c *Sys) RekeyRecoveryKeyStatusWithContext(ctx context.Context) (*RekeyStatusResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest(http.MethodGet, "/v1/sys/rekey-recovery-key/init")
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
defer resp.Body.Close()
var result RekeyStatusResponse
err = resp.DecodeJSON(&result)
return &result, err
}
func (c *Sys) RekeyVerificationStatus() (*RekeyVerificationStatusResponse, error) {
return c.RekeyVerificationStatusWithContext(context.Background())
}
func (c *Sys) RekeyVerificationStatusWithContext(ctx context.Context) (*RekeyVerificationStatusResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest(http.MethodGet, "/v1/sys/rekey/verify")
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
defer resp.Body.Close()
var result RekeyVerificationStatusResponse
err = resp.DecodeJSON(&result)
return &result, err
}
func (c *Sys) RekeyRecoveryKeyVerificationStatus() (*RekeyVerificationStatusResponse, error) {
return c.RekeyRecoveryKeyVerificationStatusWithContext(context.Background())
}
func (c *Sys) RekeyRecoveryKeyVerificationStatusWithContext(ctx context.Context) (*RekeyVerificationStatusResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest(http.MethodGet, "/v1/sys/rekey-recovery-key/verify")
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
defer resp.Body.Close()
var result RekeyVerificationStatusResponse
err = resp.DecodeJSON(&result)
return &result, err
}
func (c *Sys) RekeyInit(config *RekeyInitRequest) (*RekeyStatusResponse, error) {
return c.RekeyInitWithContext(context.Background(), config)
}
func (c *Sys) RekeyInitWithContext(ctx context.Context, config *RekeyInitRequest) (*RekeyStatusResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest(http.MethodPut, "/v1/sys/rekey/init")
if err := r.SetJSONBody(config); err != nil {
return nil, err
}
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
defer resp.Body.Close()
var result RekeyStatusResponse
err = resp.DecodeJSON(&result)
return &result, err
}
func (c *Sys) RekeyRecoveryKeyInit(config *RekeyInitRequest) (*RekeyStatusResponse, error) {
return c.RekeyRecoveryKeyInitWithContext(context.Background(), config)
}
func (c *Sys) RekeyRecoveryKeyInitWithContext(ctx context.Context, config *RekeyInitRequest) (*RekeyStatusResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest(http.MethodPut, "/v1/sys/rekey-recovery-key/init")
if err := r.SetJSONBody(config); err != nil {
return nil, err
}
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
defer resp.Body.Close()
var result RekeyStatusResponse
err = resp.DecodeJSON(&result)
return &result, err
}
func (c *Sys) RekeyCancel() error {
return c.RekeyCancelWithContext(context.Background())
}
func (c *Sys) RekeyCancelWithContext(ctx context.Context) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest(http.MethodDelete, "/v1/sys/rekey/init")
resp, err := c.c.rawRequestWithContext(ctx, r)
if err == nil {
defer resp.Body.Close()
}
return err
}
func (c *Sys) RekeyRecoveryKeyCancel() error {
return c.RekeyRecoveryKeyCancelWithContext(context.Background())
}
func (c *Sys) RekeyRecoveryKeyCancelWithContext(ctx context.Context) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest(http.MethodDelete, "/v1/sys/rekey-recovery-key/init")
resp, err := c.c.rawRequestWithContext(ctx, r)
if err == nil {
defer resp.Body.Close()
}
return err
}
func (c *Sys) RekeyVerificationCancel() error {
return c.RekeyVerificationCancelWithContext(context.Background())
}
func (c *Sys) RekeyVerificationCancelWithContext(ctx context.Context) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest(http.MethodDelete, "/v1/sys/rekey/verify")
resp, err := c.c.rawRequestWithContext(ctx, r)
if err == nil {
defer resp.Body.Close()
}
return err
}
func (c *Sys) RekeyRecoveryKeyVerificationCancel() error {
return c.RekeyRecoveryKeyVerificationCancelWithContext(context.Background())
}
func (c *Sys) RekeyRecoveryKeyVerificationCancelWithContext(ctx context.Context) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest(http.MethodDelete, "/v1/sys/rekey-recovery-key/verify")
resp, err := c.c.rawRequestWithContext(ctx, r)
if err == nil {
defer resp.Body.Close()
}
return err
}
func (c *Sys) RekeyUpdate(shard, nonce string) (*RekeyUpdateResponse, error) {
return c.RekeyUpdateWithContext(context.Background(), shard, nonce)
}
func (c *Sys) RekeyUpdateWithContext(ctx context.Context, shard, nonce string) (*RekeyUpdateResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
body := map[string]interface{}{
"key": shard,
"nonce": nonce,
}
r := c.c.NewRequest(http.MethodPut, "/v1/sys/rekey/update")
if err := r.SetJSONBody(body); err != nil {
return nil, err
}
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
defer resp.Body.Close()
var result RekeyUpdateResponse
err = resp.DecodeJSON(&result)
return &result, err
}
func (c *Sys) RekeyRecoveryKeyUpdate(shard, nonce string) (*RekeyUpdateResponse, error) {
return c.RekeyRecoveryKeyUpdateWithContext(context.Background(), shard, nonce)
}
func (c *Sys) RekeyRecoveryKeyUpdateWithContext(ctx context.Context, shard, nonce string) (*RekeyUpdateResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
body := map[string]interface{}{
"key": shard,
"nonce": nonce,
}
r := c.c.NewRequest(http.MethodPut, "/v1/sys/rekey-recovery-key/update")
if err := r.SetJSONBody(body); err != nil {
return nil, err
}
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
defer resp.Body.Close()
var result RekeyUpdateResponse
err = resp.DecodeJSON(&result)
return &result, err
}
func (c *Sys) RekeyRetrieveBackup() (*RekeyRetrieveResponse, error) {
return c.RekeyRetrieveBackupWithContext(context.Background())
}
func (c *Sys) RekeyRetrieveBackupWithContext(ctx context.Context) (*RekeyRetrieveResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest(http.MethodGet, "/v1/sys/rekey/backup")
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
defer resp.Body.Close()
secret, err := ParseSecret(resp.Body)
if err != nil {
return nil, err
}
if secret == nil || secret.Data == nil {
return nil, errors.New("data from server response is empty")
}
var result RekeyRetrieveResponse
err = mapstructure.Decode(secret.Data, &result)
if err != nil {
return nil, err
}
return &result, err
}
func (c *Sys) RekeyRetrieveRecoveryBackup() (*RekeyRetrieveResponse, error) {
return c.RekeyRetrieveRecoveryBackupWithContext(context.Background())
}
func (c *Sys) RekeyRetrieveRecoveryBackupWithContext(ctx context.Context) (*RekeyRetrieveResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest(http.MethodGet, "/v1/sys/rekey/recovery-key-backup")
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
defer resp.Body.Close()
secret, err := ParseSecret(resp.Body)
if err != nil {
return nil, err
}
if secret == nil || secret.Data == nil {
return nil, errors.New("data from server response is empty")
}
var result RekeyRetrieveResponse
err = mapstructure.Decode(secret.Data, &result)
if err != nil {
return nil, err
}
return &result, err
}
func (c *Sys) RekeyDeleteBackup() error {
return c.RekeyDeleteBackupWithContext(context.Background())
}
func (c *Sys) RekeyDeleteBackupWithContext(ctx context.Context) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest(http.MethodDelete, "/v1/sys/rekey/backup")
resp, err := c.c.rawRequestWithContext(ctx, r)
if err == nil {
defer resp.Body.Close()
}
return err
}
func (c *Sys) RekeyDeleteRecoveryBackup() error {
return c.RekeyDeleteRecoveryBackupWithContext(context.Background())
}
func (c *Sys) RekeyDeleteRecoveryBackupWithContext(ctx context.Context) error {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
r := c.c.NewRequest(http.MethodDelete, "/v1/sys/rekey/recovery-key-backup")
resp, err := c.c.rawRequestWithContext(ctx, r)
if err == nil {
defer resp.Body.Close()
}
return err
}
func (c *Sys) RekeyVerificationUpdate(shard, nonce string) (*RekeyVerificationUpdateResponse, error) {
return c.RekeyVerificationUpdateWithContext(context.Background(), shard, nonce)
}
func (c *Sys) RekeyVerificationUpdateWithContext(ctx context.Context, shard, nonce string) (*RekeyVerificationUpdateResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
body := map[string]interface{}{
"key": shard,
"nonce": nonce,
}
r := c.c.NewRequest(http.MethodPut, "/v1/sys/rekey/verify")
if err := r.SetJSONBody(body); err != nil {
return nil, err
}
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
defer resp.Body.Close()
var result RekeyVerificationUpdateResponse
err = resp.DecodeJSON(&result)
return &result, err
}
func (c *Sys) RekeyRecoveryKeyVerificationUpdate(shard, nonce string) (*RekeyVerificationUpdateResponse, error) {
return c.RekeyRecoveryKeyVerificationUpdateWithContext(context.Background(), shard, nonce)
}
func (c *Sys) RekeyRecoveryKeyVerificationUpdateWithContext(ctx context.Context, shard, nonce string) (*RekeyVerificationUpdateResponse, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
body := map[string]interface{}{
"key": shard,
"nonce": nonce,
}
r := c.c.NewRequest(http.MethodPut, "/v1/sys/rekey-recovery-key/verify")
if err := r.SetJSONBody(body); err != nil {
return nil, err
}
resp, err := c.c.rawRequestWithContext(ctx, r)
if err != nil {
return nil, err
}
defer resp.Body.Close()
var result RekeyVerificationUpdateResponse
err = resp.DecodeJSON(&result)
return &result, err
}
type RekeyInitRequest struct {
SecretShares int `json:"secret_shares"`
SecretThreshold int `json:"secret_threshold"`
StoredShares int `json:"stored_shares"`
PGPKeys []string `json:"pgp_keys"`
Backup bool
RequireVerification bool `json:"require_verification"`
}
type RekeyStatusResponse struct {
Nonce string `json:"nonce"`
Started bool `json:"started"`
T int `json:"t"`
N int `json:"n"`
Progress int `json:"progress"`
Required int `json:"required"`
PGPFingerprints []string `json:"pgp_fingerprints"`
Backup bool `json:"backup"`
VerificationRequired bool `json:"verification_required"`
VerificationNonce string `json:"verification_nonce"`
}
type RekeyUpdateResponse struct {
Nonce string `json:"nonce"`
Complete bool `json:"complete"`
Keys []string `json:"keys"`
KeysB64 []string `json:"keys_base64"`
PGPFingerprints []string `json:"pgp_fingerprints"`
Backup bool `json:"backup"`
VerificationRequired bool `json:"verification_required"`
VerificationNonce string `json:"verification_nonce,omitempty"`
}
type RekeyRetrieveResponse struct {
Nonce string `json:"nonce" mapstructure:"nonce"`
Keys map[string][]string `json:"keys" mapstructure:"keys"`
KeysB64 map[string][]string `json:"keys_base64" mapstructure:"keys_base64"`
}
type RekeyVerificationStatusResponse struct {
Nonce string `json:"nonce"`
Started bool `json:"started"`
T int `json:"t"`
N int `json:"n"`
Progress int `json:"progress"`
}
type RekeyVerificationUpdateResponse struct {
Nonce string `json:"nonce"`
Complete bool `json:"complete"`
}