mirror of
https://github.com/hashicorp/vault.git
synced 2025-11-22 19:21:09 +01:00
0c6c13dd38
* license: update headers to IBM Corp. * `make proto` * update offset because source file changed Signed-off-by: Ryan Cragun <me@ryan.ec> Co-authored-by: Ryan Cragun <me@ryan.ec>
51 lines
1.4 KiB
Go
51 lines
1.4 KiB
Go
// Copyright IBM Corp. 2016, 2025
|
|
// SPDX-License-Identifier: BUSL-1.1
|
|
|
|
package ssh
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/hashicorp/vault/sdk/framework"
|
|
"github.com/hashicorp/vault/sdk/logical"
|
|
)
|
|
|
|
func pathFetchPublicKey(b *backend) *framework.Path {
|
|
return &framework.Path{
|
|
Pattern: `public_key`,
|
|
|
|
DisplayAttrs: &framework.DisplayAttributes{
|
|
OperationPrefix: operationPrefixSSH,
|
|
OperationSuffix: "public-key",
|
|
},
|
|
|
|
Callbacks: map[logical.Operation]framework.OperationFunc{
|
|
logical.ReadOperation: b.pathFetchPublicKey,
|
|
},
|
|
|
|
HelpSynopsis: `Retrieve the public key.`,
|
|
HelpDescription: `This allows the public key of the SSH CA certificate that this backend has been configured with to be fetched. This is a raw response endpoint without JSON encoding; use -format=raw or an external tool (e.g., curl) to fetch this value.`,
|
|
}
|
|
}
|
|
|
|
func (b *backend) pathFetchPublicKey(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
|
|
const allowMigration = true // only paths that support snapshot reads are
|
|
publicKey, err := getCAPublicKey(ctx, req.Storage, allowMigration)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if publicKey == "" {
|
|
return nil, nil
|
|
}
|
|
|
|
response := &logical.Response{
|
|
Data: map[string]interface{}{
|
|
logical.HTTPContentType: "text/plain",
|
|
logical.HTTPRawBody: []byte(publicKey),
|
|
logical.HTTPStatusCode: 200,
|
|
},
|
|
}
|
|
|
|
return response, nil
|
|
}
|