mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-08 07:37:01 +02:00
0b12cdcfd1
* Adding explicit MPL license for sub-package. This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package. This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License. Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at https://hashi.co/bsl-blog, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * add missing license headers * Update copyright file headers to BUS-1.1 * Fix test that expected exact offset on hcl file --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com> Co-authored-by: Sarah Thompson <sthompson@hashicorp.com> Co-authored-by: Brian Kassouf <bkassouf@hashicorp.com>
105 lines
2.6 KiB
Go
105 lines
2.6 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: BUSL-1.1
|
|
|
|
package token
|
|
|
|
import (
|
|
"bytes"
|
|
"fmt"
|
|
"io"
|
|
"os"
|
|
"path/filepath"
|
|
"strings"
|
|
|
|
homedir "github.com/mitchellh/go-homedir"
|
|
"github.com/natefinch/atomic"
|
|
)
|
|
|
|
var _ TokenHelper = (*InternalTokenHelper)(nil)
|
|
|
|
// InternalTokenHelper fulfills the TokenHelper interface when no external
|
|
// token-helper is configured, and avoids shelling out
|
|
type InternalTokenHelper struct {
|
|
tokenPath string
|
|
homeDir string
|
|
}
|
|
|
|
func NewInternalTokenHelper() (*InternalTokenHelper, error) {
|
|
homeDir, err := homedir.Dir()
|
|
if err != nil {
|
|
panic(fmt.Sprintf("error getting user's home directory: %v", err))
|
|
}
|
|
return &InternalTokenHelper{homeDir: homeDir}, err
|
|
}
|
|
|
|
// populateTokenPath figures out the token path using homedir to get the user's
|
|
// home directory
|
|
func (i *InternalTokenHelper) populateTokenPath() {
|
|
i.tokenPath = filepath.Join(i.homeDir, ".vault-token")
|
|
}
|
|
|
|
func (i *InternalTokenHelper) Path() string {
|
|
return i.tokenPath
|
|
}
|
|
|
|
// Get gets the value of the stored token, if any
|
|
func (i *InternalTokenHelper) Get() (string, error) {
|
|
i.populateTokenPath()
|
|
f, err := os.Open(i.tokenPath)
|
|
if os.IsNotExist(err) {
|
|
return "", nil
|
|
}
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
defer f.Close()
|
|
|
|
buf := bytes.NewBuffer(nil)
|
|
if _, err := io.Copy(buf, f); err != nil {
|
|
return "", err
|
|
}
|
|
|
|
return strings.TrimSpace(buf.String()), nil
|
|
}
|
|
|
|
// Store stores the value of the token to the file. We always overwrite any
|
|
// existing file atomically to ensure that ownership and permissions are set
|
|
// appropriately.
|
|
func (i *InternalTokenHelper) Store(input string) error {
|
|
i.populateTokenPath()
|
|
tmpFile := i.tokenPath + ".tmp"
|
|
f, err := os.OpenFile(tmpFile, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0o600)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer f.Close()
|
|
defer os.Remove(tmpFile)
|
|
|
|
_, err = io.WriteString(f, input)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
err = f.Close()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// We don't care so much about atomic writes here. We're using this package
|
|
// because we don't have a portable way of verifying that the target file
|
|
// is owned by the correct user. The simplest way of ensuring that is
|
|
// to simply re-write it, and the simplest way to ensure that we don't
|
|
// damage an existing working file due to error is the write-rename pattern.
|
|
// os.Rename on Windows will return an error if the target already exists.
|
|
return atomic.ReplaceFile(tmpFile, i.tokenPath)
|
|
}
|
|
|
|
// Erase erases the value of the token
|
|
func (i *InternalTokenHelper) Erase() error {
|
|
i.populateTokenPath()
|
|
if err := os.Remove(i.tokenPath); err != nil && !os.IsNotExist(err) {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|