forked from hashicorp/vault
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Make transit import command work for the transform backend (hashicorp…
…#20668) * Add import and import-version commands for the transform backend
- Loading branch information
Showing
7 changed files
with
221 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
```release-note:bug | ||
secrets/transform: Added importing of keys and key versions into the Transform secrets engine using the command 'vault transform import' and 'vault transform import-version'. | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
package command | ||
|
||
import ( | ||
"strings" | ||
|
||
"github.com/mitchellh/cli" | ||
) | ||
|
||
var _ cli.Command = (*TransformCommand)(nil) | ||
|
||
type TransformCommand struct { | ||
*BaseCommand | ||
} | ||
|
||
func (c *TransformCommand) Synopsis() string { | ||
return "Interact with Vault's Transform Secrets Engine" | ||
} | ||
|
||
func (c *TransformCommand) Help() string { | ||
helpText := ` | ||
Usage: vault transform <subcommand> [options] [args] | ||
This command has subcommands for interacting with Vault's Transform Secrets | ||
Engine. Here are some simple examples, and more detailed examples are | ||
available in the subcommands or the documentation. | ||
To import a key into a new FPE transformation: | ||
$ vault transform import transform/transformations/fpe/new-transformation @path/to/key \ | ||
template=identifier \ | ||
allowed_roles=physical-access | ||
Please see the individual subcommand help for detailed usage information. | ||
` | ||
|
||
return strings.TrimSpace(helpText) | ||
} | ||
|
||
func (c *TransformCommand) Run(args []string) int { | ||
return cli.RunResultHelp | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
package command | ||
|
||
import ( | ||
"errors" | ||
"regexp" | ||
"strings" | ||
|
||
"github.com/mitchellh/cli" | ||
"github.com/posener/complete" | ||
) | ||
|
||
var ( | ||
_ cli.Command = (*TransformImportCommand)(nil) | ||
_ cli.CommandAutocomplete = (*TransformImportCommand)(nil) | ||
transformKeyPath = regexp.MustCompile("^(.*)/transformations/(fpe|tokenization)/([^/]*)$") | ||
) | ||
|
||
type TransformImportCommand struct { | ||
*BaseCommand | ||
} | ||
|
||
func (c *TransformImportCommand) Synopsis() string { | ||
return "Import a key into the Transform secrets engines." | ||
} | ||
|
||
func (c *TransformImportCommand) Help() string { | ||
helpText := ` | ||
Usage: vault transform import PATH KEY [options...] | ||
Using the Transform key wrapping system, imports key material from | ||
the base64 encoded KEY (either directly on the CLI or via @path notation), | ||
into a new FPE or tokenization transformation whose API path is PATH. | ||
To import a new key version into an existing tokenization transformation, | ||
use import_version. | ||
The remaining options after KEY (key=value style) are passed on to | ||
Create/Update FPE Transformation or Create/Update Tokenization Transformation | ||
API endpoints. | ||
For example: | ||
$ vault transform import transform/transformations/tokenization/application-form @path/to/key \ | ||
allowed_roles=legacy-system | ||
` + c.Flags().Help() | ||
|
||
return strings.TrimSpace(helpText) | ||
} | ||
|
||
func (c *TransformImportCommand) Flags() *FlagSets { | ||
return c.flagSet(FlagSetHTTP) | ||
} | ||
|
||
func (c *TransformImportCommand) AutocompleteArgs() complete.Predictor { | ||
return nil | ||
} | ||
|
||
func (c *TransformImportCommand) AutocompleteFlags() complete.Flags { | ||
return c.Flags().Completions() | ||
} | ||
|
||
func (c *TransformImportCommand) Run(args []string) int { | ||
return ImportKey(c.BaseCommand, "import", transformImportKeyPath, c.Flags(), args) | ||
} | ||
|
||
func transformImportKeyPath(s string, operation string) (path string, apiPath string, err error) { | ||
parts := transformKeyPath.FindStringSubmatch(s) | ||
if len(parts) != 4 { | ||
return "", "", errors.New("expected transform path and key name in the form :path:/transformations/fpe|tokenization/:name:") | ||
} | ||
path = parts[1] | ||
transformation := parts[2] | ||
keyName := parts[3] | ||
apiPath = path + "/transformations/" + transformation + "/" + keyName + "/" + operation | ||
|
||
return path, apiPath, nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
// Copyright (c) HashiCorp, Inc. | ||
// SPDX-License-Identifier: MPL-2.0 | ||
|
||
package command | ||
|
||
import ( | ||
"strings" | ||
|
||
"github.com/mitchellh/cli" | ||
"github.com/posener/complete" | ||
) | ||
|
||
var ( | ||
_ cli.Command = (*TransformImportVersionCommand)(nil) | ||
_ cli.CommandAutocomplete = (*TransformImportVersionCommand)(nil) | ||
) | ||
|
||
type TransformImportVersionCommand struct { | ||
*BaseCommand | ||
} | ||
|
||
func (c *TransformImportVersionCommand) Synopsis() string { | ||
return "Import key material into a new key version in the Transform secrets engines." | ||
} | ||
|
||
func (c *TransformImportVersionCommand) Help() string { | ||
helpText := ` | ||
Usage: vault transform import-version PATH KEY [...] | ||
Using the Transform key wrapping system, imports new key material from | ||
the base64 encoded KEY (either directly on the CLI or via @path notation), | ||
into an existing tokenization transformation whose API path is PATH. | ||
The remaining options after KEY (key=value style) are passed on to | ||
Create/Update Tokenization Transformation API endpoint. | ||
For example: | ||
$ vault transform import-version transform/transformations/tokenization/application-form @path/to/new_version \ | ||
allowed_roles=legacy-system | ||
` + c.Flags().Help() | ||
|
||
return strings.TrimSpace(helpText) | ||
} | ||
|
||
func (c *TransformImportVersionCommand) Flags() *FlagSets { | ||
return c.flagSet(FlagSetHTTP) | ||
} | ||
|
||
func (c *TransformImportVersionCommand) AutocompleteArgs() complete.Predictor { | ||
return nil | ||
} | ||
|
||
func (c *TransformImportVersionCommand) AutocompleteFlags() complete.Flags { | ||
return c.Flags().Completions() | ||
} | ||
|
||
func (c *TransformImportVersionCommand) Run(args []string) int { | ||
return ImportKey(c.BaseCommand, "import_version", transformImportKeyPath, c.Flags(), args) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters