-
Notifications
You must be signed in to change notification settings - Fork 2
/
sys.go
120 lines (100 loc) · 4.71 KB
/
sys.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
// Copyright 2021 Outreach Corporation. All Rights Reserved.
//
// Description: Stores functions to interact with basic /sys endpoints
package vault_client //nolint:revive // Why: We're using - in the name
import (
"context"
"net/http"
"path"
)
// InitializeResponse is the response from Initialize()
type InitializeResponse struct {
// Keys are the keys returned by the initialization call
Keys []string `json:"keys"`
// RecoveryKeys are the recovery keys returned by initialization.
// These are only present when the underlying Vault configuration is
// setup to be auto-unsealed.
RecoveryKeys []string `json:"recovery_keys"`
// RootToken is the Vault root token returned by the initialization call
RootToken string `json:"root_token"`
}
// InitializeOptions are the options to be provided to Initialize()
type InitializeOptions struct {
// SecretShares are how many secret shares to break the unseal key into
SecretShares int `json:"secret_shares"`
// SecretThreshold is how many of the secret shares should be provided
// to be able to unseal the Vault. This must not be more than SecretShares.
SecretThreshold int `json:"secret_threshold"`
// RecoveryShares are how many recovery shares to split the recovery key into
// This is only required when Vault is in autounseal mode.
RecoveryShares int `json:"recovery_shares,omitempty"`
// RecoveryThreshold is how many of the recovery shares should be provided for
// an operation that requires the recovery key.
RecoveryThreshold int `json:"recovery_threshold,omitempty"`
}
// Initialize initializes a Vault cluster
func (c *Client) Initialize(ctx context.Context, opts *InitializeOptions) (*InitializeResponse, error) {
var resp InitializeResponse
if err := c.doRequest(ctx, http.MethodPut, "sys/init", opts, &resp); err != nil {
return nil, err
}
return &resp, nil
}
// HealthResponse is a response returned by Health.
// Docs: https://www.vaultproject.io/api/system/health#sample-response
type HealthResponse struct {
Initialized bool `json:"initialized"`
Sealed bool `json:"sealed"`
Standby bool `json:"standby"`
PerformanceStandby bool `json:"performance_standby"`
ReplicationPerfMode string `json:"replication_perf_mode"`
ReplicationDrMode string `json:"replication_dr_mode"`
ServerTimeUtc int `json:"server_time_utc"`
Version string `json:"version"`
ClusterName string `json:"cluster_name"`
ClusterID string `json:"cluster_id"`
}
// Health returns the current health, or "status", of a Vault cluster
func (c *Client) Health(ctx context.Context) (*HealthResponse, error) {
var resp HealthResponse
if err := c.doRequest(ctx, http.MethodGet, "sys/health", nil, &resp); err != nil {
return nil, err
}
return &resp, nil
}
// CreateAuthMethodOptions are options for creating an auth method with CreateAuthMethod
type CreateAuthMethodOptions struct {
// Path is the path that this auth method should be mounted on.
// If not set, type is used.
Path string `json:"-"`
// Description is an optional description of this auth method, for humans
Description string `json:"description,omitempty"`
// Type is the type of auth method to create. Required.
// Options: https://www.vaultproject.io/api-docs/system/auth#type
Type string `json:"type,omitempty"`
// Config is auth method specific options, see: https://www.vaultproject.io/api-docs/system/auth#config
Config map[string]interface{} `json:"config,omitempty"`
}
// CreateAuthMethod creates a new auth method on the given path
func (c *Client) CreateAuthMethod(ctx context.Context, opts *CreateAuthMethodOptions) error {
if opts.Path == "" {
opts.Path = opts.Type
}
return c.doRequest(ctx, http.MethodPost, path.Join("sys/auth", opts.Path), opts, nil)
}
// CreateEngineOptions are options to use when creating a new engine (sometimes called a mount)
type CreateEngineOptions struct {
// Description is an optional description of this auth method, for humans
Description string `json:"description,omitempty"`
// Type is the type of engine to create. Required.
// Options: https://www.vaultproject.io/api-docs/system/mounts#type
Type string `json:"type,omitempty"`
// Config is auth method specific options, see: https://www.vaultproject.io/api-docs/system/mounts#config
Config map[string]interface{} `json:"config,omitempty"`
// Options are options specific to the given engine, see: https://www.vaultproject.io/api-docs/system/mounts#options
Options map[string]interface{} `json:"options,omitempty"`
}
// CreatEngine creates a new engine (mount) in Vault
func (c *Client) CreateEngine(ctx context.Context, mountPath string, opts *CreateEngineOptions) error {
return c.doRequest(ctx, http.MethodPost, path.Join("sys/mounts", mountPath), opts, nil)
}