mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-23 23:51:08 +02:00
94 lines
2.3 KiB
Go
94 lines
2.3 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
package rotation
|
|
|
|
import (
|
|
"fmt"
|
|
"time"
|
|
|
|
"github.com/robfig/cron/v3"
|
|
)
|
|
|
|
// RotationOptions is an embeddable struct to capture common rotation
|
|
// settings between a Secret and Auth
|
|
type RotationOptions struct {
|
|
// Schedule holds the info for the framework.Schedule
|
|
Schedule *RotationSchedule
|
|
}
|
|
|
|
// RotationJob represents the secret part of a response.
|
|
type RotationJob struct {
|
|
RotationOptions
|
|
|
|
// RotationID is the ID returned to the user to manage this secret.
|
|
// This is generated by Vault core. Any set value will be ignored.
|
|
// For requests, this will always be blank.
|
|
RotationID string `sentinel:""`
|
|
Path string
|
|
MountType string
|
|
Name string
|
|
}
|
|
|
|
type RotationJobConfigureRequest struct {
|
|
Name string
|
|
MountType string
|
|
ReqPath string
|
|
RotationSchedule string
|
|
RotationWindow int
|
|
RotationPeriod int
|
|
}
|
|
|
|
type RotationJobDeregisterRequest struct {
|
|
MountType string
|
|
ReqPath string
|
|
}
|
|
|
|
func (s *RotationJob) Validate() error {
|
|
// TODO: validation?
|
|
return nil
|
|
}
|
|
|
|
func newRotationJob(configRequest *RotationJobConfigureRequest) (*RotationJob, error) {
|
|
var cronSc *cron.SpecSchedule
|
|
if configRequest.RotationSchedule != "" {
|
|
var err error
|
|
cronSc, err = DefaultScheduler.Parse(configRequest.RotationSchedule)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
|
|
rs := &RotationSchedule{
|
|
Schedule: cronSc,
|
|
RotationSchedule: configRequest.RotationSchedule,
|
|
RotationWindow: time.Duration(configRequest.RotationWindow) * time.Second,
|
|
RotationPeriod: time.Duration(configRequest.RotationPeriod) * time.Second,
|
|
NextVaultRotation: time.Time{},
|
|
LastVaultRotation: time.Time{},
|
|
}
|
|
|
|
return &RotationJob{
|
|
RotationOptions: RotationOptions{
|
|
Schedule: rs,
|
|
},
|
|
MountType: configRequest.MountType,
|
|
Path: configRequest.ReqPath,
|
|
Name: configRequest.Name,
|
|
}, nil
|
|
}
|
|
|
|
// ConfigureRotationJob builds and returns a configured RotationJob for the mount and request with the given schedule.
|
|
func ConfigureRotationJob(configRequest *RotationJobConfigureRequest) (*RotationJob, error) {
|
|
rotationJob, err := newRotationJob(configRequest)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
// Expect rotation job to exist here
|
|
if rotationJob == nil {
|
|
return nil, fmt.Errorf("rotation credential was nil; expected non-nil value")
|
|
}
|
|
|
|
return rotationJob, nil
|
|
}
|