/
vault.go
117 lines (97 loc) · 2.16 KB
/
vault.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
package vault
import (
"bytes"
"encoding/json"
"log"
"net/url"
"github.com/pkg/errors"
vaultapi "github.com/hashicorp/vault/api"
)
// logFatal is defined so log.Fatal calls can be overridden for testing
var logFatal = log.Fatal
// Vault -
type Vault struct {
client *vaultapi.Client
}
// New -
func New(u *url.URL) *Vault {
vaultConfig := vaultapi.DefaultConfig()
err := vaultConfig.ReadEnvironment()
if err != nil {
logFatal("Vault setup failed", err)
}
setVaultURL(vaultConfig, u)
client, err := vaultapi.NewClient(vaultConfig)
if err != nil {
logFatal("Vault setup failed", err)
}
return &Vault{client}
}
func setVaultURL(c *vaultapi.Config, u *url.URL) {
if u != nil && u.Host != "" {
scheme := "https"
if u.Scheme == "vault+http" {
scheme = "http"
}
c.Address = scheme + "://" + u.Host
}
}
// Login -
func (v *Vault) Login() {
v.client.SetToken(v.GetToken())
}
// Logout -
func (v *Vault) Logout() {
}
// Read - returns the value of a given path. If no value is found at the given
// path, returns empty slice.
func (v *Vault) Read(path string) ([]byte, error) {
secret, err := v.client.Logical().Read(path)
if err != nil {
return nil, err
}
if secret == nil {
return []byte{}, nil
}
var buf bytes.Buffer
enc := json.NewEncoder(&buf)
if err := enc.Encode(secret.Data); err != nil {
return nil, err
}
return buf.Bytes(), nil
}
func (v *Vault) Write(path string, data map[string]interface{}) ([]byte, error) {
secret, err := v.client.Logical().Write(path, data)
if secret == nil {
return []byte{}, err
}
if err != nil {
return nil, err
}
var buf bytes.Buffer
enc := json.NewEncoder(&buf)
if err := enc.Encode(secret.Data); err != nil {
return nil, err
}
return buf.Bytes(), nil
}
// List -
func (v *Vault) List(path string) ([]byte, error) {
secret, err := v.client.Logical().List(path)
if err != nil {
return nil, err
}
if secret == nil {
return nil, nil
}
keys, ok := secret.Data["keys"]
if !ok {
return nil, errors.Errorf("keys param missing from vault list")
}
var buf bytes.Buffer
enc := json.NewEncoder(&buf)
if err := enc.Encode(keys); err != nil {
return nil, err
}
return buf.Bytes(), nil
}