diff --git a/logical/framework/backend.go b/logical/framework/backend.go index 17134681eb..030eb2a717 100644 --- a/logical/framework/backend.go +++ b/logical/framework/backend.go @@ -27,17 +27,17 @@ type Backend struct { Paths []*Path PathsRoot []string + // Secrets is the list of secret types that this backend can + // return. It is used to automatically generate proper responses, + // and ease specifying callbacks for revocation, renewal, etc. + Secrets []*Secret + // Rollback is called when a WAL entry (see wal.go) has to be rolled // back. It is called with the data from the entry. Boolean true should // be returned on success. Errors should just be logged. Rollback func(kind string, data interface{}) bool RollbackMinAge time.Duration - // Secrets is the list of secret types that this backend can - // return. It is used to automatically generate proper responses, - // and ease specifying callbacks for revocation, renewal, etc. - Secrets []*Secret - once sync.Once pathsRe []*regexp.Regexp } diff --git a/logical/framework/secret.go b/logical/framework/secret.go index c0158d9ffe..a101ae29df 100644 --- a/logical/framework/secret.go +++ b/logical/framework/secret.go @@ -21,14 +21,19 @@ type Secret struct { // the structure of this secret. Fields map[string]*FieldSchema - // Renewable is whether or not this secret type can be renewed. - Renewable bool - // DefaultDuration and DefaultGracePeriod are the default values for // the duration of the lease for this secret and its grace period. These // can be manually overwritten with the result of Response(). DefaultDuration time.Duration DefaultGracePeriod time.Duration + + // Below are the operations that can be called on the secret. + // + // Renew, if not set, will mark the secret as not renewable. + // + // Revoke is required. + Renew OperationFunc + Revoke OperationFunc } // SecretType is the type of the secret with the given ID. @@ -53,7 +58,7 @@ func (s *Secret) Response( IsSecret: true, Lease: &logical.Lease{ VaultID: id, - Renewable: s.Renewable, + Renewable: s.Renew != nil, Duration: s.DefaultDuration, GracePeriod: s.DefaultGracePeriod, },