Vault SSH: Regex supports hypen in key name and role names

builtin/logical/ssh/path_config_lease.go

@@ -57,10 +57,10 @@ func (b *backend) pathConfigLeaseWrite(req *logical.Request, d *framework.FieldD
 		LeaseMax: leaseMax,
 	})
 	if err != nil {
-		return nil, fmt.Errorf("Could not create storage entry JSON: %s", err)
+		return nil, fmt.Errorf("could not create storage entry JSON: %s", err)
 	}
 	if err := req.Storage.Put(entry); err != nil {
-		return nil, fmt.Errorf("Could not store JSON: %s", err)
+		return nil, fmt.Errorf("could not store JSON: %s", err)
 	}
 
 	return nil, nil

builtin/logical/ssh/path_keys.go

@@ -2,7 +2,6 @@ package ssh
 
 import (
 	"fmt"
-	"log"
 
 	"github.com/hashicorp/vault/logical"
 	"github.com/hashicorp/vault/logical/framework"
@@ -10,7 +9,7 @@ import (
 
 func pathKeys(b *backend) *framework.Path {
 	return &framework.Path{
-		Pattern: "keys/(?P<name>\\w+)",
+		Pattern: "keys/(?P<name>[-\\w]+)",
 		Fields: map[string]*framework.FieldSchema{
 			"name": &framework.FieldSchema{
 				Type:        framework.TypeString,
@@ -60,13 +59,11 @@ func (b *backend) pathKeysDelete(req *logical.Request, d *framework.FieldData) (
 }
 
 func (b *backend) pathKeysWrite(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
-	log.SetFlags(log.LstdFlags | log.Lshortfile)
-
 	keyName := d.Get("name").(string)
 	keyString := d.Get("key").(string)
 
 	if keyString == "" {
-		return nil, fmt.Errorf("Invalid 'key'")
+		return nil, fmt.Errorf("invalid 'key'")
 	}
 
 	keyPath := fmt.Sprintf("keys/%s", keyName)

builtin/logical/ssh/path_lookup.go

@@ -29,7 +29,7 @@ func pathLookup(b *backend) *framework.Path {
 func (b *backend) pathLookupWrite(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
 	ipAddr := d.Get("ip").(string)
 	if ipAddr == "" {
-		return logical.ErrorResponse("Missing 'ip'"), nil
+		return logical.ErrorResponse("Invalid 'ip'"), nil
 	}
 	ip := net.ParseIP(ipAddr)
 	if ip == nil {
@@ -80,7 +80,7 @@ func containsIP(s logical.Storage, roleName string, ip string) (bool, error) {
 	for _, item := range strings.Split(role.CIDR, ",") {
 		_, cidrIPNet, err := net.ParseCIDR(item)
 		if err != nil {
-			return false, fmt.Errorf("Invalid cidr entry '%s'", item)
+			return false, fmt.Errorf("invalid cidr entry '%s'", item)
 		}
 		ipMatched = cidrIPNet.Contains(net.ParseIP(ip))
 		if ipMatched {

builtin/logical/ssh/path_role_create.go

@@ -12,7 +12,7 @@ import (
 
 func pathRoleCreate(b *backend) *framework.Path {
 	return &framework.Path{
-		Pattern: "creds/(?P<name>\\w+)",
+		Pattern: "creds/(?P<name>[-\\w]+)",
 		Fields: map[string]*framework.FieldSchema{
 			"name": &framework.FieldSchema{
 				Type:        framework.TypeString,
@@ -89,11 +89,11 @@ func (b *backend) pathRoleCreateWrite(
 	//fetch the host key to be used for installation
 	keyEntry, err := req.Storage.Get(fmt.Sprintf("keys/%s", role.KeyName))
 	if err != nil {
-		return nil, fmt.Errorf("Key '%s' not found error:%s", role.KeyName, err)
+		return nil, fmt.Errorf("key '%s' not found error:%s", role.KeyName, err)
 	}
 	var hostKey sshHostKey
 	if err := keyEntry.DecodeJSON(&hostKey); err != nil {
-		return nil, fmt.Errorf("Error reading the host key: %s", err)
+		return nil, fmt.Errorf("error reading the host key: %s", err)
 	}
 
 	//store the host key to file. Use it as parameter for scp command
@@ -106,11 +106,11 @@ func (b *backend) pathRoleCreateWrite(
 	//delete the temporary files if they are already present
 	err = removeFile(dynamicPrivateKeyFileName)
 	if err != nil {
-		return nil, fmt.Errorf("Error removing dynamic private key file: '%s'", err)
+		return nil, fmt.Errorf("error removing dynamic private key file: '%s'", err)
 	}
 	err = removeFile(dynamicPublicKeyFileName)
 	if err != nil {
-		return nil, fmt.Errorf("Error removing dynamic private key file: '%s'", err)
+		return nil, fmt.Errorf("error removing dynamic private key file: '%s'", err)
 	}
 
 	//generate RSA key pair
@@ -128,10 +128,10 @@ func (b *backend) pathRoleCreateWrite(
 	//connect to target machine
 	session, err := createSSHPublicKeysSession(username, ip, hostKey.Key)
 	if err != nil {
-		return nil, fmt.Errorf("Unable to create SSH Session using public keys: %s", err)
+		return nil, fmt.Errorf("unable to create SSH Session using public keys: %s", err)
 	}
 	if session == nil {
-		return nil, fmt.Errorf("Invalid session object")
+		return nil, fmt.Errorf("invalid session object")
 	}
 
 	authKeysFileName := fmt.Sprintf("/home/%s/.ssh/authorized_keys", username)

builtin/logical/ssh/path_roles.go

@@ -11,7 +11,7 @@ import (
 
 func pathRoles(b *backend) *framework.Path {
 	return &framework.Path{
-		Pattern: "roles/(?P<name>\\w+)",
+		Pattern: "roles/(?P<name>[-\\w]+)",
 		Fields: map[string]*framework.FieldSchema{
 			"name": &framework.FieldSchema{
 				Type:        framework.TypeString,

builtin/logical/ssh/secret_ssh_key.go

@@ -80,11 +80,11 @@ func (b *backend) secretSSHKeyRevoke(req *logical.Request, d *framework.FieldDat
 	//fetch the host key using the key name
 	hostKeyEntry, err := req.Storage.Get(fmt.Sprintf("keys/%s", hostKeyName))
 	if err != nil {
-		return nil, fmt.Errorf("Key '%s' not found error:%s", hostKeyName, err)
+		return nil, fmt.Errorf("key '%s' not found error:%s", hostKeyName, err)
 	}
 	var hostKey sshHostKey
 	if err := hostKeyEntry.DecodeJSON(&hostKey); err != nil {
-		return nil, fmt.Errorf("Error reading the host key: %s", err)
+		return nil, fmt.Errorf("error reading the host key: %s", err)
 	}
 
 	//write host key to file and use it as argument to scp command
@@ -98,16 +98,16 @@ func (b *backend) secretSSHKeyRevoke(req *logical.Request, d *framework.FieldDat
 	//transfer the dynamic public key to target machine and use it to remove the entry from authorized_keys file
 	err = uploadFileScp(dynamicPublicKeyFileName, username, ip, hostKey.Key)
 	if err != nil {
-		return nil, fmt.Errorf("Public key transfer failed: %s", err)
+		return nil, fmt.Errorf("public key transfer failed: %s", err)
 	}
 
 	//connect to target machine
 	session, err := createSSHPublicKeysSession(username, ip, hostKey.Key)
 	if err != nil {
-		return nil, fmt.Errorf("Unable to create SSH Session using public keys: %s", err)
+		return nil, fmt.Errorf("unable to create SSH Session using public keys: %s", err)
 	}
 	if session == nil {
-		return nil, fmt.Errorf("Invalid session object")
+		return nil, fmt.Errorf("invalid session object")
 	}
 
 	authKeysFileName := "/home/" + username + "/.ssh/authorized_keys"

builtin/logical/ssh/util.go

@@ -41,14 +41,14 @@ func uploadFileScp(fileName, username, ip, key string) error {
 	}
 	stat, err := file.Stat()
 	if os.IsNotExist(err) {
-		return fmt.Errorf("File does not exist")
+		return fmt.Errorf("file does not exist")
 	}
 	session, err := createSSHPublicKeysSession(username, ip, key)
 	if err != nil {
 		return err
 	}
 	if session == nil {
-		return fmt.Errorf("Invalid session object")
+		return fmt.Errorf("invalid session object")
 	}
 	defer session.Close()
 	go func() {
@@ -70,11 +70,11 @@ The session will use public key authentication method with port 22.
 */
 func createSSHPublicKeysSession(username, ipAddr, hostKey string) (*ssh.Session, error) {
 	if username == "" || ipAddr == "" || hostKey == "" {
-		return nil, fmt.Errorf("Invalid parameters")
+		return nil, fmt.Errorf("invalid parameters")
 	}
 	signer, err := ssh.ParsePrivateKey([]byte(hostKey))
 	if err != nil {
-		return nil, fmt.Errorf("Parsing Private Key failed: %s", err)
+		return nil, fmt.Errorf("parsing Private Key failed: %s", err)
 	}
 
 	config := &ssh.ClientConfig{
@@ -89,7 +89,7 @@ func createSSHPublicKeysSession(username, ipAddr, hostKey string) (*ssh.Session,
 		return nil, err
 	}
 	if client == nil {
-		return nil, fmt.Errorf("Invalid client object: %s", err)
+		return nil, fmt.Errorf("invalid client object: %s", err)
 	}
 
 	session, err := client.NewSession()
@@ -105,7 +105,7 @@ The parameter is just the name of the file and not a path.
 */
 func removeFile(fileName string) error {
 	if fileName == "" {
-		return fmt.Errorf("Invalid file name")
+		return fmt.Errorf("invalid file name")
 	}
 	wd, err := os.Getwd()
 	if err != nil {