From 0bd62b1d8b13ad1d38f61a6388c1f2e292b191a5 Mon Sep 17 00:00:00 2001 From: Aria Date: Mon, 25 Sep 2023 00:12:03 +0100 Subject: fockin BOOOILLEEERPLAAATEEE --- path_static_creds.go | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 path_static_creds.go (limited to 'path_static_creds.go') diff --git a/path_static_creds.go b/path_static_creds.go new file mode 100644 index 0000000..bdbe54b --- /dev/null +++ b/path_static_creds.go @@ -0,0 +1,61 @@ +package secretsengine + +import ( + "context" + + "github.com/hashicorp/vault/sdk/framework" + "github.com/hashicorp/vault/sdk/logical" +) + +const staticCredPath = "static-cred/" + +func pathStaticCreds(b *krbBackend) []*framework.Path { + return []*framework.Path{ + { + Pattern: staticCredPath + framework.GenericNameRegex("name"), + Fields: map[string]*framework.FieldSchema{ + "name": { + Type: framework.TypeLowerCaseString, + Description: "Name of the static role.", + }, + }, + Operations: map[logical.Operation]framework.OperationHandler{ + logical.ReadOperation: &framework.PathOperation{ + Callback: b.pathStaticCredsRead, + }, + }, + HelpSynopsis: pathStaticCredsReadHelpSyn, + HelpDescription: pathStaticCredsReadHelpDesc, + }, + } +} + +func (b *krbBackend) pathStaticCredsRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) { + name := data.Get("name").(string) + + role, err := b.getRole(ctx, req.Storage, name) + if err != nil { + return nil, err + } + if role == nil { + return logical.ErrorResponse("unknown role: %s", name), nil + } + + return &logical.Response{ + Data: map[string]interface{}{ + "principal": role.Principal, + "password": role.Password, + "last_vault_rotation": role.LastVaultRotation, + }, + }, nil +} + +const pathStaticCredsReadHelpSyn = ` +Request credentials for a certain static role. These credentials are +rotated periodically.` + +const pathStaticCredsReadHelpDesc = ` +This path reads credentials for a certain static role. +The credentials are rotated periodically according to their configuration, and will +return the same password until they are rotated. +` -- cgit v1.2.3