github.com/hairyhenderson/templater@v3.5.0+incompatible/vault/vault.go

github.com/hairyhenderson/templater@v3.5.0+incompatible/vault/vault.go (about)

     1  package vault
     2  
     3  import (
     4  	"bytes"
     5  	"encoding/json"
     6  	"net/url"
     7  
     8  	"github.com/pkg/errors"
     9  
    10  	vaultapi "github.com/hashicorp/vault/api"
    11  )
    12  
    13  // Vault -
    14  type Vault struct {
    15  	client *vaultapi.Client
    16  }
    17  
    18  // New -
    19  func New(u *url.URL) (*Vault, error) {
    20  	vaultConfig := vaultapi.DefaultConfig()
    21  
    22  	err := vaultConfig.ReadEnvironment()
    23  	if err != nil {
    24  		return nil, errors.Wrapf(err, "Vault setup failed")
    25  	}
    26  
    27  	setVaultURL(vaultConfig, u)
    28  
    29  	client, err := vaultapi.NewClient(vaultConfig)
    30  	if err != nil {
    31  		return nil, errors.Wrapf(err, "Vault setup failed")
    32  	}
    33  
    34  	return &Vault{client}, nil
    35  }
    36  
    37  func setVaultURL(c *vaultapi.Config, u *url.URL) {
    38  	if u != nil && u.Host != "" {
    39  		scheme := "https"
    40  		if u.Scheme == "vault+http" {
    41  			scheme = "http"
    42  		}
    43  		c.Address = scheme + "://" + u.Host
    44  	}
    45  }
    46  
    47  // Login -
    48  func (v *Vault) Login() error {
    49  	token, err := v.GetToken()
    50  	if err != nil {
    51  		return err
    52  	}
    53  	v.client.SetToken(token)
    54  	return nil
    55  }
    56  
    57  // Logout -
    58  func (v *Vault) Logout() {
    59  	v.client.ClearToken()
    60  }
    61  
    62  // Read - returns the value of a given path. If no value is found at the given
    63  // path, returns empty slice.
    64  func (v *Vault) Read(path string) ([]byte, error) {
    65  	secret, err := v.client.Logical().Read(path)
    66  	if err != nil {
    67  		return nil, err
    68  	}
    69  	if secret == nil {
    70  		return []byte{}, nil
    71  	}
    72  
    73  	var buf bytes.Buffer
    74  	enc := json.NewEncoder(&buf)
    75  	if err := enc.Encode(secret.Data); err != nil {
    76  		return nil, err
    77  	}
    78  	return buf.Bytes(), nil
    79  }
    80  
    81  func (v *Vault) Write(path string, data map[string]interface{}) ([]byte, error) {
    82  	secret, err := v.client.Logical().Write(path, data)
    83  	if secret == nil {
    84  		return []byte{}, err
    85  	}
    86  	if err != nil {
    87  		return nil, err
    88  	}
    89  
    90  	var buf bytes.Buffer
    91  	enc := json.NewEncoder(&buf)
    92  	if err := enc.Encode(secret.Data); err != nil {
    93  		return nil, err
    94  	}
    95  	return buf.Bytes(), nil
    96  }
    97  
    98  // List -
    99  func (v *Vault) List(path string) ([]byte, error) {
   100  	secret, err := v.client.Logical().List(path)
   101  	if err != nil {
   102  		return nil, err
   103  	}
   104  	if secret == nil {
   105  		return nil, nil
   106  	}
   107  
   108  	keys, ok := secret.Data["keys"]
   109  	if !ok {
   110  		return nil, errors.Errorf("keys param missing from vault list")
   111  	}
   112  
   113  	var buf bytes.Buffer
   114  	enc := json.NewEncoder(&buf)
   115  	if err := enc.Encode(keys); err != nil {
   116  		return nil, err
   117  	}
   118  	return buf.Bytes(), nil
   119  }