github.com/hernad/nomad@v1.6.112/nomad/structs/vault.go

github.com/hernad/nomad@v1.6.112/nomad/structs/vault.go (about)

     1  // Copyright (c) HashiCorp, Inc.
     2  // SPDX-License-Identifier: MPL-2.0
     3  
     4  package structs
     5  
     6  import (
     7  	"fmt"
     8  
     9  	"github.com/hashicorp/go-secure-stdlib/strutil"
    10  	vapi "github.com/hashicorp/vault/api"
    11  	"github.com/mitchellh/mapstructure"
    12  )
    13  
    14  // VaultTokenData represents some of the fields returned in the Data map of the
    15  // sercret returned by the Vault API when doing a token lookup request.
    16  type VaultTokenData struct {
    17  	CreationTTL   int      `mapstructure:"creation_ttl"`
    18  	TTL           int      `mapstructure:"ttl"`
    19  	Renewable     bool     `mapstructure:"renewable"`
    20  	Policies      []string `mapstructure:"policies"`
    21  	Role          string   `mapstructure:"role"`
    22  	NamespacePath string   `mapstructure:"namespace_path"`
    23  
    24  	// root caches if the token has the "root" policy to avoid travesring the
    25  	// policies list every time.
    26  	root *bool
    27  }
    28  
    29  // Root returns true if the token has the `root` policy.
    30  func (d VaultTokenData) Root() bool {
    31  	if d.root != nil {
    32  		return *d.root
    33  	}
    34  
    35  	root := strutil.StrListContains(d.Policies, "root")
    36  	d.root = &root
    37  
    38  	return root
    39  }
    40  
    41  // VaultTokenRoleData represents some of the fields returned in the Data map of
    42  // the sercret returned by the Vault API when reading a token role.
    43  type VaultTokenRoleData struct {
    44  	Name                 string `mapstructure:"name"`
    45  	ExplicitMaxTtl       int    `mapstructure:"explicit_max_ttl"`
    46  	TokenExplicitMaxTtl  int    `mapstructure:"token_explicit_max_ttl"`
    47  	Orphan               bool
    48  	Period               int
    49  	TokenPeriod          int `mapstructure:"token_period"`
    50  	Renewable            bool
    51  	DisallowedPolicies   []string `mapstructure:"disallowed_policies"`
    52  	AllowedEntityAliases []string `mapstructure:"allowed_entity_aliases"`
    53  	AllowedPolicies      []string `mapstructure:"allowed_policies"`
    54  }
    55  
    56  // DecodeVaultSecretData decodes a Vault sercret Data map into a struct.
    57  func DecodeVaultSecretData(s *vapi.Secret, out interface{}) error {
    58  	if s == nil {
    59  		return fmt.Errorf("cannot decode nil Vault secret")
    60  	}
    61  
    62  	if err := mapstructure.WeakDecode(s.Data, &out); err != nil {
    63  		return err
    64  	}
    65  
    66  	return nil
    67  }