github.com/hashicorp/vault/sdk@v0.13.0/framework/secret.go

github.com/hashicorp/vault/sdk@v0.13.0/framework/secret.go (about)

     1  // Copyright (c) HashiCorp, Inc.
     2  // SPDX-License-Identifier: MPL-2.0
     3  
     4  package framework
     5  
     6  import (
     7  	"context"
     8  	"time"
     9  
    10  	"github.com/hashicorp/vault/sdk/logical"
    11  )
    12  
    13  // Secret is a type of secret that can be returned from a backend.
    14  type Secret struct {
    15  	// Type is the name of this secret type. This is used to setup the
    16  	// vault ID and to look up the proper secret structure when revocation/
    17  	// renewal happens. Once this is set this should not be changed.
    18  	//
    19  	// The format of this must match (case insensitive): ^a-Z0-9_$
    20  	Type string
    21  
    22  	// Fields is the mapping of data fields and schema that comprise
    23  	// the structure of this secret.
    24  	Fields map[string]*FieldSchema
    25  
    26  	// DefaultDuration is the default value for the duration of the lease for
    27  	// this secret. This can be manually overwritten with the result of
    28  	// Response().
    29  	//
    30  	// If these aren't set, Vault core will set a default lease period which
    31  	// may come from a mount tuning.
    32  	DefaultDuration time.Duration
    33  
    34  	// Renew is the callback called to renew this secret. If Renew is
    35  	// not specified then renewable is set to false in the secret.
    36  	// See lease.go for helpers for this value.
    37  	Renew OperationFunc
    38  
    39  	// Revoke is the callback called to revoke this secret. This is required.
    40  	Revoke OperationFunc
    41  }
    42  
    43  func (s *Secret) Renewable() bool {
    44  	return s.Renew != nil
    45  }
    46  
    47  func (s *Secret) Response(
    48  	data, internal map[string]interface{},
    49  ) *logical.Response {
    50  	internalData := make(map[string]interface{})
    51  	for k, v := range internal {
    52  		internalData[k] = v
    53  	}
    54  	internalData["secret_type"] = s.Type
    55  
    56  	return &logical.Response{
    57  		Secret: &logical.Secret{
    58  			LeaseOptions: logical.LeaseOptions{
    59  				TTL:       s.DefaultDuration,
    60  				Renewable: s.Renewable(),
    61  			},
    62  			InternalData: internalData,
    63  		},
    64  
    65  		Data: data,
    66  	}
    67  }
    68  
    69  // HandleRenew is the request handler for renewing this secret.
    70  func (s *Secret) HandleRenew(ctx context.Context, req *logical.Request) (*logical.Response, error) {
    71  	if !s.Renewable() {
    72  		return nil, logical.ErrUnsupportedOperation
    73  	}
    74  
    75  	data := &FieldData{
    76  		Raw:    req.Data,
    77  		Schema: s.Fields,
    78  	}
    79  
    80  	return s.Renew(ctx, req, data)
    81  }
    82  
    83  // HandleRevoke is the request handler for revoking this secret.
    84  func (s *Secret) HandleRevoke(ctx context.Context, req *logical.Request) (*logical.Response, error) {
    85  	data := &FieldData{
    86  		Raw:    req.Data,
    87  		Schema: s.Fields,
    88  	}
    89  
    90  	if s.Revoke != nil {
    91  		return s.Revoke(ctx, req, data)
    92  	}
    93  
    94  	return nil, logical.ErrUnsupportedOperation
    95  }