github.com/anth0d/nomad@v0.0.0-20221214183521-ae3a0a2cad06/nomad/structs/vault.go (about)

     1  package structs
     2  
     3  import (
     4  	"fmt"
     5  
     6  	"github.com/hashicorp/go-secure-stdlib/strutil"
     7  	vapi "github.com/hashicorp/vault/api"
     8  	"github.com/mitchellh/mapstructure"
     9  )
    10  
    11  // VaultTokenData represents some of the fields returned in the Data map of the
    12  // sercret returned by the Vault API when doing a token lookup request.
    13  type VaultTokenData struct {
    14  	CreationTTL   int      `mapstructure:"creation_ttl"`
    15  	TTL           int      `mapstructure:"ttl"`
    16  	Renewable     bool     `mapstructure:"renewable"`
    17  	Policies      []string `mapstructure:"policies"`
    18  	Role          string   `mapstructure:"role"`
    19  	NamespacePath string   `mapstructure:"namespace_path"`
    20  
    21  	// root caches if the token has the "root" policy to avoid travesring the
    22  	// policies list every time.
    23  	root *bool
    24  }
    25  
    26  // Root returns true if the token has the `root` policy.
    27  func (d VaultTokenData) Root() bool {
    28  	if d.root != nil {
    29  		return *d.root
    30  	}
    31  
    32  	root := strutil.StrListContains(d.Policies, "root")
    33  	d.root = &root
    34  
    35  	return root
    36  }
    37  
    38  // VaultTokenRoleData represents some of the fields returned in the Data map of
    39  // the sercret returned by the Vault API when reading a token role.
    40  type VaultTokenRoleData struct {
    41  	Name                 string `mapstructure:"name"`
    42  	ExplicitMaxTtl       int    `mapstructure:"explicit_max_ttl"`
    43  	TokenExplicitMaxTtl  int    `mapstructure:"token_explicit_max_ttl"`
    44  	Orphan               bool
    45  	Period               int
    46  	TokenPeriod          int `mapstructure:"token_period"`
    47  	Renewable            bool
    48  	DisallowedPolicies   []string `mapstructure:"disallowed_policies"`
    49  	AllowedEntityAliases []string `mapstructure:"allowed_entity_aliases"`
    50  	AllowedPolicies      []string `mapstructure:"allowed_policies"`
    51  }
    52  
    53  // DecodeVaultSecretData decodes a Vault sercret Data map into a struct.
    54  func DecodeVaultSecretData(s *vapi.Secret, out interface{}) error {
    55  	if s == nil {
    56  		return fmt.Errorf("cannot decode nil Vault secret")
    57  	}
    58  
    59  	if err := mapstructure.WeakDecode(s.Data, &out); err != nil {
    60  		return err
    61  	}
    62  
    63  	return nil
    64  }