From 6c1ecc8a155d3a12b1f9e24b83b155ec1f66639f Mon Sep 17 00:00:00 2001 From: Mitchell Hashimoto Date: Thu, 19 Mar 2015 15:07:45 +0100 Subject: [PATCH] logical/framework: can specify renew/revoke functins for secret --- logical/framework/backend.go | 10 +++++----- logical/framework/secret.go | 13 +++++++++---- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/logical/framework/backend.go b/logical/framework/backend.go index 17134681eb..030eb2a717 100644 --- a/logical/framework/backend.go +++ b/logical/framework/backend.go @@ -27,17 +27,17 @@ type Backend struct { Paths []*Path PathsRoot []string + // Secrets is the list of secret types that this backend can + // return. It is used to automatically generate proper responses, + // and ease specifying callbacks for revocation, renewal, etc. + Secrets []*Secret + // Rollback is called when a WAL entry (see wal.go) has to be rolled // back. It is called with the data from the entry. Boolean true should // be returned on success. Errors should just be logged. Rollback func(kind string, data interface{}) bool RollbackMinAge time.Duration - // Secrets is the list of secret types that this backend can - // return. It is used to automatically generate proper responses, - // and ease specifying callbacks for revocation, renewal, etc. - Secrets []*Secret - once sync.Once pathsRe []*regexp.Regexp } diff --git a/logical/framework/secret.go b/logical/framework/secret.go index c0158d9ffe..a101ae29df 100644 --- a/logical/framework/secret.go +++ b/logical/framework/secret.go @@ -21,14 +21,19 @@ type Secret struct { // the structure of this secret. Fields map[string]*FieldSchema - // Renewable is whether or not this secret type can be renewed. - Renewable bool - // DefaultDuration and DefaultGracePeriod are the default values for // the duration of the lease for this secret and its grace period. These // can be manually overwritten with the result of Response(). DefaultDuration time.Duration DefaultGracePeriod time.Duration + + // Below are the operations that can be called on the secret. + // + // Renew, if not set, will mark the secret as not renewable. + // + // Revoke is required. + Renew OperationFunc + Revoke OperationFunc } // SecretType is the type of the secret with the given ID. @@ -53,7 +58,7 @@ func (s *Secret) Response( IsSecret: true, Lease: &logical.Lease{ VaultID: id, - Renewable: s.Renewable, + Renewable: s.Renew != nil, Duration: s.DefaultDuration, GracePeriod: s.DefaultGracePeriod, },