mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-11-29 06:31:10 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #1470 from hashicorp/unwrap-in-api

Browse Source 
Make Unwrap a first-party API command and refactor UnwrapCommand to u…
This commit is contained in:
Jeff Mitchell 2016-06-03 13:25:10 -04:00
commit 6f5fa23386
2 changed files with 42 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
api/logical.go
View File

@ -1,5 +1,15 @@
package api package api
import (
"bytes"
"encoding/json"
"fmt"
)
const (
wrappedResponseLocation = "cubbyhole/response"
)
// Logical is used to perform logical backend operations on Vault. // Logical is used to perform logical backend operations on Vault.
type Logical struct { type Logical struct {
c *Client c *Client
@ -80,3 +90,34 @@ func (c *Logical) Delete(path string) (*Secret, error) {
return nil, nil return nil, nil
} }
func (c *Logical) Unwrap(wrappingToken string) (*Secret, error) {
origToken := c.c.Token()
defer c.c.SetToken(origToken)
c.c.SetToken(wrappingToken)
secret, err := c.Read(wrappedResponseLocation)
if err != nil {
return nil, fmt.Errorf("error reading %s: %s", wrappedResponseLocation, err)
}
if secret == nil {
return nil, fmt.Errorf("no value found at %s", wrappedResponseLocation)
}
if secret.Data == nil {
return nil, fmt.Errorf("\"data\" not found in wrapping response")
}
if _, ok := secret.Data["response"]; !ok {
return nil, fmt.Errorf("\"response\" not found in wrapping response \"data\" map")
}
wrappedSecret := new(Secret)
buf := bytes.NewBufferString(secret.Data["response"].(string))
dec := json.NewDecoder(buf)
dec.UseNumber()
if err := dec.Decode(wrappedSecret); err != nil {
return nil, fmt.Errorf("error unmarshaling wrapped secret: %s", err)
}
return wrappedSecret, nil
}

37
command/unwrap.go
View File

@ -1,8 +1,6 @@
package command package command
import ( import (
"bytes"
"encoding/json"
"flag" "flag"
"fmt" "fmt"
"strings" "strings"
@ -12,10 +10,6 @@ import (
"github.com/hashicorp/vault/meta" "github.com/hashicorp/vault/meta"
) )
const (
wrappedResponseLocation = "cubbyhole/response"
)
// UnwrapCommand is a Command that behaves like ReadCommand but specifically // UnwrapCommand is a Command that behaves like ReadCommand but specifically
// for unwrapping cubbyhole-wrapped secrets // for unwrapping cubbyhole-wrapped secrets
type UnwrapCommand struct { type UnwrapCommand struct {
@ -58,9 +52,7 @@ func (c *UnwrapCommand) Run(args []string) int {
return 2 return 2
} }
client.SetToken(tokenID) secret, err = client.Logical().Unwrap(tokenID)
secret, err = c.getUnwrappedResponse(client)
if err != nil { if err != nil {
c.Ui.Error(err.Error()) c.Ui.Error(err.Error())
return 1 return 1
@ -78,33 +70,6 @@ func (c *UnwrapCommand) Run(args []string) int {
return OutputSecret(c.Ui, format, secret) return OutputSecret(c.Ui, format, secret)
} }
// getUnwrappedResponse is a helper to do the actual reading and unwrapping
func (c *UnwrapCommand) getUnwrappedResponse(client *api.Client) (*api.Secret, error) {
secret, err := client.Logical().Read(wrappedResponseLocation)
if err != nil {
return nil, fmt.Errorf("Error reading %s: %s", wrappedResponseLocation, err)
}
if secret == nil {
return nil, fmt.Errorf("No value found at %s", wrappedResponseLocation)
}
if secret.Data == nil {
return nil, fmt.Errorf("\"data\" not found in wrapping response")
}
if _, ok := secret.Data["response"]; !ok {
return nil, fmt.Errorf("\"response\" not found in wrapping response \"data\" map")
}
wrappedSecret := new(api.Secret)
buf := bytes.NewBufferString(secret.Data["response"].(string))
dec := json.NewDecoder(buf)
dec.UseNumber()
if err := dec.Decode(wrappedSecret); err != nil {
return nil, fmt.Errorf("Error unmarshaling wrapped secret: %s", err)
}
return wrappedSecret, nil
}
func (c *UnwrapCommand) Synopsis() string { func (c *UnwrapCommand) Synopsis() string {
return "Unwrap a wrapped secret" return "Unwrap a wrapped secret"
} }