-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathpath_secrets.go
86 lines (69 loc) · 2.39 KB
/
path_secrets.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
package kubesecrets
import (
"context"
"errors"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/logical"
)
const secretsPrefix = "secret_name"
// pathSecrets returns the path configuration for reading kubernetes secrets.
func pathSecrets(b *secretsReaderBackend) *framework.Path {
return &framework.Path{
Pattern: framework.MatchAllRegex(secretsPrefix),
Fields: map[string]*framework.FieldSchema{
secretsPrefix: {
Type: framework.TypeString,
Description: "Specifies the name of the kubernetes secret.",
Query: true,
Required: true,
},
"namespace": {
Type: framework.TypeString,
Description: "Specifies the name of the kubernetes secret namespace.",
Query: true,
Required: true,
},
},
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.ReadOperation: b.handleRead,
},
HelpDescription: pathInvalidHelp,
}
}
// handleRead handles a read request: it extracts the secret name and namespace
// and returns the secret content if no error occured.
func (b *secretsReaderBackend) handleRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
secretName := data.Get(secretsPrefix).(string)
namespace := data.Get("namespace").(string)
b.Logger().Info("In handleRead() secretName: " + secretName + ", namespace: " + namespace)
if secretName == "" {
resp := logical.ErrorResponse("missing secret name")
return resp, errors.New("missing secret name")
}
if namespace == "" {
resp := logical.ErrorResponse("missing secret namespace")
return resp, errors.New("missing sceret namespace")
}
fetchedData, err := b.KubeSecretReader.GetSecret(ctx, secretName, namespace, b.Logger())
if err != nil {
resp := logical.ErrorResponse("Error reading the secret data: " + err.Error())
return resp, err
}
// Generate the response
resp := &logical.Response{
Data: fetchedData,
}
return resp, nil
}
var backendHelp string = `
This backend reads kubernetes secrets.`
var pathInvalidHelp string = backendHelp + `
## PATHS
The following paths are supported by this backend. To view help for
any of the paths below, use the help command with any route matching
the path pattern. Note that depending on the policy of your auth token,
you may or may not be able to access certain paths.
{{range .Paths}}{{indent 4 .Path}}
{{indent 8 .Help}}
{{end}}
`