1 files changed, 61 insertions, 0 deletions

diff --git a/path_static_creds.go b/path_static_creds.go
new file mode 100644
index 0000000..bdbe54b
--- /dev/null
+++ b/path_static_creds.go
@@ -0,0 +1,61 @@
+package secretsengine
+
+import (
+	"context"
+
+	"github.com/hashicorp/vault/sdk/framework"
+	"github.com/hashicorp/vault/sdk/logical"
+)
+
+const staticCredPath = "static-cred/"
+
+func pathStaticCreds(b *krbBackend) []*framework.Path {
+	return []*framework.Path{
+		{
+			Pattern: staticCredPath + framework.GenericNameRegex("name"),
+			Fields: map[string]*framework.FieldSchema{
+				"name": {
+					Type:        framework.TypeLowerCaseString,
+					Description: "Name of the static role.",
+				},
+			},
+			Operations: map[logical.Operation]framework.OperationHandler{
+				logical.ReadOperation: &framework.PathOperation{
+					Callback: b.pathStaticCredsRead,
+				},
+			},
+			HelpSynopsis:    pathStaticCredsReadHelpSyn,
+			HelpDescription: pathStaticCredsReadHelpDesc,
+		},
+	}
+}
+
+func (b *krbBackend) pathStaticCredsRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
+	name := data.Get("name").(string)
+
+	role, err := b.getRole(ctx, req.Storage, name)
+	if err != nil {
+		return nil, err
+	}
+	if role == nil {
+		return logical.ErrorResponse("unknown role: %s", name), nil
+	}
+
+	return &logical.Response{
+		Data: map[string]interface{}{
+			"principal":           role.Principal,
+			"password":            role.Password,
+			"last_vault_rotation": role.LastVaultRotation,
+		},
+	}, nil
+}
+
+const pathStaticCredsReadHelpSyn = `
+Request credentials for a certain static role. These credentials are
+rotated periodically.`
+
+const pathStaticCredsReadHelpDesc = `
+This path reads credentials for a certain static role.
+The credentials are rotated periodically according to their configuration, and will
+return the same password until they are rotated.
+`