vaultClient *vaultapi.Client
vaultMountPrefix string
internalDomain string
- internalDomainUUID string
- internalDomainCache map[string]string
internalDomainMounted bool
vaultTempTokenTTL time.Time
vaultToken string
v.vaultClient = client
v.vaultMountPrefix = "sms"
v.internalDomain = "smsinternaldomain"
- v.internalDomainUUID, _ = uuid.GenerateUUID()
- v.internalDomainCache = make(map[string]string)
v.internalDomainMounted = false
v.prkey = ""
return nil
// GetSecret returns a secret mounted on a particular domain name
// The secret itself is referenced via its name which translates to
// a mount path in vault
-func (v *Vault) GetSecret(uuid string, name string) (Secret, error) {
+func (v *Vault) GetSecret(dom string, name string) (Secret, error) {
err := v.checkToken()
if smslogger.CheckError(err, "Tocken Check") != nil {
return Secret{}, errors.New("Token check failed")
}
- uuid = strings.TrimSpace(uuid)
- dom, err := v.getDomainNameFromUUID(uuid)
- if smslogger.CheckError(err, "Lookup Domain Name from UUID") != nil {
- return Secret{}, errors.New("Unable to Get secret")
- }
-
+ dom = strings.TrimSpace(dom)
dom = v.vaultMountPrefix + "/" + dom
sec, err := v.vaultClient.Logical().Read(dom + "/" + name)
// ListSecret returns a list of secret names on a particular domain
// The values of the secret are not returned
-func (v *Vault) ListSecret(uuid string) ([]string, error) {
+func (v *Vault) ListSecret(dom string) ([]string, error) {
err := v.checkToken()
if smslogger.CheckError(err, "Token Check") != nil {
return nil, errors.New("Token check failed")
}
- uuid = strings.TrimSpace(uuid)
- dom, err := v.getDomainNameFromUUID(uuid)
- if smslogger.CheckError(err, "Lookup Domain Name from UUID") != nil {
- return nil, errors.New("Unable to list secrets in domain")
- }
-
+ dom = strings.TrimSpace(dom)
dom = v.vaultMountPrefix + "/" + dom
sec, err := v.vaultClient.Logical().List(dom)
if strings.Contains(err.Error(), "existing mount") {
// It is already mounted
v.internalDomainMounted = true
- v.internalDomainCache[v.internalDomainUUID] = v.internalDomain
return nil
}
// Ran into some other error mounting it.
}
v.internalDomainMounted = true
- v.internalDomainCache[v.internalDomainUUID] = v.internalDomain
return nil
}
},
}
- err = v.CreateSecret(v.internalDomainUUID, secret)
+ err = v.CreateSecret(v.internalDomain, secret)
if smslogger.CheckError(err, "Write UUID to domain") != nil {
return err
}
- // Cache the value for reverse lookups
- // Note: Cache is lost when service restarts
- v.internalDomainCache[uuid] = name
-
return nil
}
-// Retrieves UUID for domain name stored in smsinternal domain
-// under v.vaultMountPrefix / smsinternal domain
-func (v *Vault) getDomainNameFromUUID(uuid string) (string, error) {
-
- // Check Cache
- if val, ok := v.internalDomainCache[uuid]; ok {
- return val, nil
- }
-
- // If not found in Cache, check in vault
- // Check if token is still valid
- err := v.checkToken()
- if smslogger.CheckError(err, "Token Check") != nil {
- return "", errors.New("Token Check failed")
- }
-
- // Should already be mounted by the initial store command
- err = v.mountInternalDomain(v.internalDomain)
- if smslogger.CheckError(err, "Mount Internal Domain") != nil {
- return "", err
- }
-
- secList, err := v.ListSecret(v.internalDomainUUID)
- if smslogger.CheckError(err, "List Domain Names") != nil {
- return "", err
- }
-
- // Search for domain name in internal domain
- // Also, refresh the cache with latest content
- for _, secName := range secList {
- sec, err := v.GetSecret(v.internalDomainUUID, secName)
- if smslogger.CheckError(err, "Read Secret Internal Domain") != nil {
- return "", err
- }
- if sec.Values["uuid"] == uuid {
- v.internalDomainCache[uuid] = sec.Name
- return sec.Name, nil
- }
- }
-
- return "", errors.New("Unable to find entry in InternalDomain")
-}
-
// CreateSecretDomain mounts the kv backend on a path with the given name
func (v *Vault) CreateSecretDomain(name string) (SecretDomain, error) {
// CreateSecret creates a secret mounted on a particular domain name
// The secret itself is mounted on a path specified by name
-func (v *Vault) CreateSecret(uuid string, sec Secret) error {
+func (v *Vault) CreateSecret(dom string, sec Secret) error {
err := v.checkToken()
if smslogger.CheckError(err, "Token Check") != nil {
return errors.New("Token check failed")
}
- uuid = strings.TrimSpace(uuid)
- dom, err := v.getDomainNameFromUUID(uuid)
- if smslogger.CheckError(err, "Lookup Domain Name from UUID") != nil {
- return errors.New("Unable to create secret")
- }
-
+ dom = strings.TrimSpace(dom)
dom = v.vaultMountPrefix + "/" + dom
// Vault return is empty on successful write
// DeleteSecretDomain deletes a secret domain which translates to
// an unmount operation on the given path in Vault
-func (v *Vault) DeleteSecretDomain(uuid string) error {
+func (v *Vault) DeleteSecretDomain(dom string) error {
err := v.checkToken()
if smslogger.CheckError(err, "Token Check") != nil {
return errors.New("Token Check Failed")
}
- uuid = strings.TrimSpace(uuid)
- name, err := v.getDomainNameFromUUID(uuid)
- if smslogger.CheckError(err, "Lookup Domain Name from UUID") != nil {
- return errors.New("Unable to delete secret domain")
- }
-
- mountPath := v.vaultMountPrefix + "/" + name
+ dom = strings.TrimSpace(dom)
+ mountPath := v.vaultMountPrefix + "/" + dom
err = v.vaultClient.Sys().Unmount(mountPath)
if smslogger.CheckError(err, "Delete Domain") != nil {
}
// DeleteSecret deletes a secret mounted on the path provided
-func (v *Vault) DeleteSecret(uuid string, name string) error {
+func (v *Vault) DeleteSecret(dom string, name string) error {
err := v.checkToken()
if smslogger.CheckError(err, "Token Check") != nil {
return errors.New("Token check failed")
}
- uuid = strings.TrimSpace(uuid)
- dom, err := v.getDomainNameFromUUID(uuid)
- if smslogger.CheckError(err, "Lookup Domain Name from UUID") != nil {
- return errors.New("Unable to delete secret")
- }
-
+ dom = strings.TrimSpace(dom)
dom = v.vaultMountPrefix + "/" + dom
// Vault return is empty on successful delete
tc, v := createLocalVaultServer(t)
defer tc.Cleanup()
- sd, err := v.CreateSecretDomain("testdomain")
+ _, err := v.CreateSecretDomain("testdomain")
if err != nil {
t.Fatal(err)
}
- err = v.DeleteSecretDomain(sd.UUID)
+ err = v.DeleteSecretDomain("testdomain")
if err != nil {
t.Fatal("DeleteSecretDomain: Unable to delete domain")
}
tc, v := createLocalVaultServer(t)
defer tc.Cleanup()
- sd, err := v.CreateSecretDomain("testdomain")
+ _, err := v.CreateSecretDomain("testdomain")
if err != nil {
t.Fatal(err)
}
- err = v.CreateSecret(sd.UUID, secret)
+ err = v.CreateSecret("testdomain", secret)
if err != nil {
t.Fatal("CreateSecret: Error Creating secret")
tc, v := createLocalVaultServer(t)
defer tc.Cleanup()
- sd, err := v.CreateSecretDomain("testdomain")
+ _, err := v.CreateSecretDomain("testdomain")
if err != nil {
t.Fatal(err)
}
- err = v.CreateSecret(sd.UUID, secret)
+ err = v.CreateSecret("testdomain", secret)
if err != nil {
t.Fatal(err)
}
- sec, err := v.GetSecret(sd.UUID, secret.Name)
+ sec, err := v.GetSecret("testdomain", secret.Name)
if err != nil {
- t.Fatal("GetSecret: Error Creating secret")
+ t.Fatal("GetSecret: Error Getting secret")
}
if sec.Name != secret.Name {
tc, v := createLocalVaultServer(t)
defer tc.Cleanup()
- sd, err := v.CreateSecretDomain("testdomain")
+ _, err := v.CreateSecretDomain("testdomain")
if err != nil {
t.Fatal(err)
}
- err = v.CreateSecret(sd.UUID, secret)
+ err = v.CreateSecret("testdomain", secret)
if err != nil {
t.Fatal(err)
}
- _, err = v.ListSecret(sd.UUID)
+ _, err = v.ListSecret("testdomain")
if err != nil {
t.Fatal("ListSecret: Returned error")
}
tc, v := createLocalVaultServer(t)
defer tc.Cleanup()
- sd, err := v.CreateSecretDomain("testdomain")
+ _, err := v.CreateSecretDomain("testdomain")
if err != nil {
t.Fatal(err)
}
- err = v.CreateSecret(sd.UUID, secret)
+ err = v.CreateSecret("testdomain", secret)
if err != nil {
t.Fatal(err)
}
- err = v.DeleteSecret(sd.UUID, secret.Name)
+ err = v.DeleteSecret("testdomain", secret.Name)
if err != nil {
t.Fatal("DeleteSecret: Error Creating secret")
}
// deleteSecretDomainHandler deletes a secret domain with the name provided
func (h handler) deleteSecretDomainHandler(w http.ResponseWriter, r *http.Request) {
vars := mux.Vars(r)
- domUUID := vars["domUUID"]
+ domName := vars["domName"]
- err := h.secretBackend.DeleteSecretDomain(domUUID)
+ err := h.secretBackend.DeleteSecretDomain(domName)
if smslogger.CheckError(err, "DeleteSecretDomainHandler") != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
func (h handler) createSecretHandler(w http.ResponseWriter, r *http.Request) {
// Get domain name from URL
vars := mux.Vars(r)
- domUUID := vars["domUUID"]
+ domName := vars["domName"]
// Get secrets to be stored from body
var b smsbackend.Secret
return
}
- err = h.secretBackend.CreateSecret(domUUID, b)
+ err = h.secretBackend.CreateSecret(domName, b)
if smslogger.CheckError(err, "CreateSecretHandler") != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
// getSecretHandler handles reading a secret by given domain name and secret name
func (h handler) getSecretHandler(w http.ResponseWriter, r *http.Request) {
vars := mux.Vars(r)
- domUUID := vars["domUUID"]
+ domName := vars["domName"]
secName := vars["secretName"]
- sec, err := h.secretBackend.GetSecret(domUUID, secName)
+ sec, err := h.secretBackend.GetSecret(domName, secName)
if smslogger.CheckError(err, "GetSecretHandler") != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
// listSecretHandler handles listing all secrets under a particular domain name
func (h handler) listSecretHandler(w http.ResponseWriter, r *http.Request) {
vars := mux.Vars(r)
- domUUID := vars["domUUID"]
+ domName := vars["domName"]
- secList, err := h.secretBackend.ListSecret(domUUID)
+ secList, err := h.secretBackend.ListSecret(domName)
if smslogger.CheckError(err, "ListSecretHandler") != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
// deleteSecretHandler handles deleting a secret by given domain name and secret name
func (h handler) deleteSecretHandler(w http.ResponseWriter, r *http.Request) {
vars := mux.Vars(r)
- domUUID := vars["domUUID"]
+ domName := vars["domName"]
secName := vars["secretName"]
- err := h.secretBackend.DeleteSecret(domUUID, secName)
+ err := h.secretBackend.DeleteSecret(domName, secName)
if smslogger.CheckError(err, "DeleteSecretHandler") != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
router.HandleFunc("/v1/sms/healthcheck", h.healthCheckHandler).Methods("GET")
router.HandleFunc("/v1/sms/domain", h.createSecretDomainHandler).Methods("POST")
- router.HandleFunc("/v1/sms/domain/{domUUID}", h.deleteSecretDomainHandler).Methods("DELETE")
+ router.HandleFunc("/v1/sms/domain/{domName}", h.deleteSecretDomainHandler).Methods("DELETE")
- router.HandleFunc("/v1/sms/domain/{domUUID}/secret", h.createSecretHandler).Methods("POST")
- router.HandleFunc("/v1/sms/domain/{domUUID}/secret", h.listSecretHandler).Methods("GET")
- router.HandleFunc("/v1/sms/domain/{domUUID}/secret/{secretName}", h.getSecretHandler).Methods("GET")
- router.HandleFunc("/v1/sms/domain/{domUUID}/secret/{secretName}", h.deleteSecretHandler).Methods("DELETE")
+ router.HandleFunc("/v1/sms/domain/{domName}/secret", h.createSecretHandler).Methods("POST")
+ router.HandleFunc("/v1/sms/domain/{domName}/secret", h.listSecretHandler).Methods("GET")
+ router.HandleFunc("/v1/sms/domain/{domName}/secret/{secretName}", h.getSecretHandler).Methods("GET")
+ router.HandleFunc("/v1/sms/domain/{domName}/secret/{secretName}", h.deleteSecretHandler).Methods("DELETE")
return router
}