-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathpath_creds.go
85 lines (73 loc) · 2.49 KB
/
path_creds.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
// Licensed to zntrio under one or more contributor
// license agreements. See the NOTICE file distributed with
// this work for additional information regarding copyright
// ownership. zntrio licenses this file to you under
// the Apache License, Version 2.0 (the "License"); you may
// not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package dockerregistry
import (
"context"
"strings"
"github.com/hashicorp/errwrap"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/logical"
)
const (
credsPath = "creds"
)
func (b *backend) pathCreds() []*framework.Path {
return []*framework.Path{
{
Pattern: credsPath + "/" + framework.GenericNameRegex("name"),
HelpSynopsis: `Retrieve a role's creds by role name.`,
HelpDescription: `Read creds using a role's name to view the login, current password, and last password.`,
Fields: map[string]*framework.FieldSchema{
"name": {
Type: framework.TypeString,
Description: "Name of the role",
},
},
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.ReadOperation: withFieldValidator(b.credReadOperation),
},
},
}
}
// -----------------------------------------------------------------------------
func (b *backend) credReadOperation(ctx context.Context, req *logical.Request, fieldData *framework.FieldData) (*logical.Response, error) {
// Engine configuration
engine, err := b.Config(ctx, req.Storage)
if err != nil {
return nil, err
}
// Current role name
roleName := fieldData.Get("name").(string)
role, err := b.Role(ctx, req.Storage, roleName)
if err != nil {
return nil, err
}
// Get token (and retry)
var t *RegistryToken
if retryFib(func() error {
var err error
// Use client to retrieve an access token
t, err = b.client.Token(ctx, engine.EndpointURL, engine.ClientID, engine.Username, engine.Password, role.Service, strings.Join(role.Scopes, " "))
return err
}); err != nil {
return nil, errwrap.Wrapf("unable to retrieve token: {{err}}", err)
}
// No error
return &logical.Response{
Data: t.AsMap(),
}, nil
}