summaryrefslogtreecommitdiff
path: root/backend.go
blob: 99ba8869d72ef3d1e9869c66489c65be38efb77c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
package secretsengine

import (
	"context"
	"fmt"
	"strings"
	"sync"

	"git.tardisproject.uk/tcmal/vault-plugin-kerberos-secrets/client"
	"github.com/hashicorp/vault/sdk/framework"
	"github.com/hashicorp/vault/sdk/logical"
)

// krbBackend wraps the krbBackend framework and adds a map for storing key value pairs
type krbBackend struct {
	*framework.Backend
	client KerberosClient

	rotationListLock *sync.Mutex
	rotationList     map[string]bool
}

type KerberosClient interface {
	SetPassword(ctx context.Context, username string, password string) error
}

var _ logical.Factory = Factory

// Factory configures and returns Mock backends
func Factory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error) {
	b := newBackend()

	if conf == nil {
		return nil, fmt.Errorf("configuration passed into backend is nil")
	}

	if err := b.Setup(ctx, conf); err != nil {
		return nil, err
	}

	return b, nil
}

func newBackend() *krbBackend {
	b := &krbBackend{
		rotationListLock: &sync.Mutex{},
		rotationList:     map[string]bool{},
	}
	b.Backend = &framework.Backend{
		Help:        strings.TrimSpace(mockHelp),
		BackendType: logical.TypeLogical,
		Paths: framework.PathAppend(
			pathConfig(b),
			pathStaticRole(b),
			pathStaticCreds(b),
			pathRotateCredentials(b),
		),
	}

	return b
}

// reset clears any client configuration for a new
// backend to be configured
func (b *krbBackend) reset() {
	b.client = nil
}

// invalidate clears an existing client configuration in
// the backend
func (b *krbBackend) invalidate(ctx context.Context, key string) {
	if key == "config" {
		b.reset()
	}
}

func (b *krbBackend) getClient(ctx context.Context, s logical.Storage) (*KerberosClient, error) {
	if b.client == nil {
		c, err := getConfig(ctx, s)
		if err != nil {
			return nil, err
		}

		client, err := client.ClientFromConfig(c)
		if err != nil {
			return nil, err
		}

		b.client = client
	}

	return &b.client, nil
}

const mockHelp = `
The Kerberos backend is a backend that sets credentials in kerberos.
`