1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
package secretsengine
import (
"context"
"fmt"
"strings"
"sync"
"git.tardisproject.uk/tcmal/vault-plugin-kerberos-secrets/client"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/logical"
)
// krbBackend wraps the krbBackend framework and adds a map for storing key value pairs
type krbBackend struct {
*framework.Backend
client KerberosClient
rotationListLock *sync.Mutex
rotationList map[string]bool
}
type KerberosClient interface {
SetPassword(ctx context.Context, username string, password string) error
}
var _ logical.Factory = Factory
// Factory configures and returns Mock backends
func Factory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error) {
b := newBackend()
if conf == nil {
return nil, fmt.Errorf("configuration passed into backend is nil")
}
if err := b.Setup(ctx, conf); err != nil {
return nil, err
}
return b, nil
}
func newBackend() *krbBackend {
b := &krbBackend{
rotationListLock: &sync.Mutex{},
rotationList: map[string]bool{},
}
b.Backend = &framework.Backend{
Help: strings.TrimSpace(mockHelp),
BackendType: logical.TypeLogical,
Paths: framework.PathAppend(
pathConfig(b),
pathStaticRole(b),
pathStaticCreds(b),
pathRotateCredentials(b),
),
}
return b
}
// reset clears any client configuration for a new
// backend to be configured
func (b *krbBackend) reset() {
b.client = nil
}
// invalidate clears an existing client configuration in
// the backend
func (b *krbBackend) invalidate(ctx context.Context, key string) {
if key == "config" {
b.reset()
}
}
func (b *krbBackend) getClient(ctx context.Context, s logical.Storage) (*KerberosClient, error) {
if b.client == nil {
c, err := getConfig(ctx, s)
if err != nil {
return nil, err
}
client, err := client.ClientFromConfig(c)
if err != nil {
return nil, err
}
b.client = client
}
return &b.client, nil
}
const mockHelp = `
The Kerberos backend is a backend that sets credentials in kerberos.
`
|