mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-10-31 02:28:09 +00:00
e644050e37
* Fix a couple of instances where we are using LIST verb We specify it for the wrapping lookup function but for broader compatibility with proxies and such we want to filter it to a GET. In a couple of places we weren't doing that, so this updates those locations.
114 lines
2.4 KiB
Go
114 lines
2.4 KiB
Go
package api
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"fmt"
|
|
|
|
"github.com/mitchellh/mapstructure"
|
|
)
|
|
|
|
func (c *Sys) ListPolicies() ([]string, error) {
|
|
r := c.c.NewRequest("LIST", "/v1/sys/policies/acl")
|
|
// Set this for broader compatibility, but we use LIST above to be able to
|
|
// handle the wrapping lookup function
|
|
r.Method = "GET"
|
|
r.Params.Set("list", "true")
|
|
|
|
ctx, cancelFunc := context.WithCancel(context.Background())
|
|
defer cancelFunc()
|
|
resp, err := c.c.RawRequestWithContext(ctx, r)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer resp.Body.Close()
|
|
|
|
secret, err := ParseSecret(resp.Body)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if secret == nil || secret.Data == nil {
|
|
return nil, errors.New("data from server response is empty")
|
|
}
|
|
|
|
var result []string
|
|
err = mapstructure.Decode(secret.Data["keys"], &result)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return result, err
|
|
}
|
|
|
|
func (c *Sys) GetPolicy(name string) (string, error) {
|
|
r := c.c.NewRequest("GET", fmt.Sprintf("/v1/sys/policies/acl/%s", name))
|
|
|
|
ctx, cancelFunc := context.WithCancel(context.Background())
|
|
defer cancelFunc()
|
|
resp, err := c.c.RawRequestWithContext(ctx, r)
|
|
if resp != nil {
|
|
defer resp.Body.Close()
|
|
if resp.StatusCode == 404 {
|
|
return "", nil
|
|
}
|
|
}
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
secret, err := ParseSecret(resp.Body)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
if secret == nil || secret.Data == nil {
|
|
return "", errors.New("data from server response is empty")
|
|
}
|
|
|
|
if policyRaw, ok := secret.Data["policy"]; ok {
|
|
return policyRaw.(string), nil
|
|
}
|
|
|
|
return "", fmt.Errorf("no policy found in response")
|
|
}
|
|
|
|
func (c *Sys) PutPolicy(name, rules string) error {
|
|
body := map[string]string{
|
|
"policy": rules,
|
|
}
|
|
|
|
r := c.c.NewRequest("PUT", fmt.Sprintf("/v1/sys/policies/acl/%s", name))
|
|
if err := r.SetJSONBody(body); err != nil {
|
|
return err
|
|
}
|
|
|
|
ctx, cancelFunc := context.WithCancel(context.Background())
|
|
defer cancelFunc()
|
|
resp, err := c.c.RawRequestWithContext(ctx, r)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer resp.Body.Close()
|
|
|
|
return nil
|
|
}
|
|
|
|
func (c *Sys) DeletePolicy(name string) error {
|
|
r := c.c.NewRequest("DELETE", fmt.Sprintf("/v1/sys/policies/acl/%s", name))
|
|
|
|
ctx, cancelFunc := context.WithCancel(context.Background())
|
|
defer cancelFunc()
|
|
resp, err := c.c.RawRequestWithContext(ctx, r)
|
|
if err == nil {
|
|
defer resp.Body.Close()
|
|
}
|
|
return err
|
|
}
|
|
|
|
type getPoliciesResp struct {
|
|
Rules string `json:"rules"`
|
|
}
|
|
|
|
type listPoliciesResp struct {
|
|
Policies []string `json:"policies"`
|
|
}
|