From 2272f46277dfaebe05a9781ae2e629a1c0c49194 Mon Sep 17 00:00:00 2001 From: Kiran Date: Fri, 23 Feb 2018 12:23:03 -0800 Subject: Adding Listsecret capability A GET HTTP request on domainname/secret will now list all the secret names stored in that domain The content of the secrets are not returned here. Issue-ID: AAF-140 Change-Id: I0e0491f642e1ff82f11cb90a93df4a71393bc5ac Signed-off-by: Kiran --- sms-service/src/sms/backend/backend.go | 2 ++ sms-service/src/sms/backend/vault.go | 35 ++++++++++++++++++++++++++++- sms-service/src/sms/handler/handler.go | 19 ++++++++++++++++ sms-service/src/sms/handler/handler_test.go | 4 ++++ 4 files changed, 59 insertions(+), 1 deletion(-) diff --git a/sms-service/src/sms/backend/backend.go b/sms-service/src/sms/backend/backend.go index 3ea651a..2cc3798 100644 --- a/sms-service/src/sms/backend/backend.go +++ b/sms-service/src/sms/backend/backend.go @@ -48,6 +48,8 @@ type SecretBackend interface { GetSecretDomain(name string) (SecretDomain, error) GetSecret(dom string, sec string) (Secret, error) + ListSecret(dom string) ([]string, error) + CreateSecretDomain(name string) (SecretDomain, error) CreateSecret(dom string, sec Secret) error diff --git a/sms-service/src/sms/backend/vault.go b/sms-service/src/sms/backend/vault.go index 7fc1747..bfc3367 100644 --- a/sms-service/src/sms/backend/vault.go +++ b/sms-service/src/sms/backend/vault.go @@ -105,7 +105,7 @@ func (v *Vault) GetSecret(dom string, name string) (Secret, error) { sec, err := v.vaultClient.Logical().Read(dom + "/" + name) if err != nil { - return Secret{}, errors.New("unable to read Secret at provided path") + return Secret{}, errors.New("Unable to read Secret at provided path") } // sec and err are nil in the case where a path does not exist @@ -116,6 +116,39 @@ func (v *Vault) GetSecret(dom string, name string) (Secret, error) { return Secret{Name: name, Values: sec.Data}, nil } +// ListSecret returns a list of secret names on a particular domain +// The values of the secret are not returned +func (v *Vault) ListSecret(dom string) ([]string, error) { + err := v.checkToken() + if err != nil { + return nil, errors.New("Token check returned error: " + err.Error()) + } + + dom = v.vaultMount + "/" + dom + + sec, err := v.vaultClient.Logical().List(dom) + if err != nil { + return nil, errors.New("Unable to read Secret at provided path") + } + + // sec and err are nil in the case where a path does not exist + if sec == nil { + return nil, errors.New("Secret not found at the provided path") + } + + val, ok := sec.Data["keys"].([]interface{}) + if !ok { + return nil, errors.New("Secret not found at the provided path") + } + + retval := make([]string, len(val)) + for i, v := range val { + retval[i] = fmt.Sprint(v) + } + + return retval, nil +} + // CreateSecretDomain mounts the kv backend on a path with the given name func (v *Vault) CreateSecretDomain(name string) (SecretDomain, error) { // Check if token is still valid diff --git a/sms-service/src/sms/handler/handler.go b/sms-service/src/sms/handler/handler.go index 3798023..5fdbf3b 100644 --- a/sms-service/src/sms/handler/handler.go +++ b/sms-service/src/sms/handler/handler.go @@ -115,6 +115,24 @@ func (h handler) getSecretHandler(w http.ResponseWriter, r *http.Request) { } } +// listSecretHandler handles listing all secrets under a particular domain name +func (h handler) listSecretHandler(w http.ResponseWriter, r *http.Request) { + vars := mux.Vars(r) + domName := vars["domName"] + + sec, err := h.secretBackend.ListSecret(domName) + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + + err = json.NewEncoder(w).Encode(sec) + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } +} + // deleteSecretHandler handles deleting a secret by given domain name and secret name func (h handler) deleteSecretHandler(w http.ResponseWriter, r *http.Request) { vars := mux.Vars(r) @@ -181,6 +199,7 @@ func CreateRouter(b smsbackend.SecretBackend) http.Handler { router.HandleFunc("/v1/sms/domain/{domName}", h.deleteSecretDomainHandler).Methods("DELETE") router.HandleFunc("/v1/sms/domain/{domName}/secret", h.createSecretHandler).Methods("POST") + router.HandleFunc("/v1/sms/domain/{domName}/secret", h.listSecretHandler).Methods("GET") router.HandleFunc("/v1/sms/domain/{domName}/secret/{secretName}", h.getSecretHandler).Methods("GET") router.HandleFunc("/v1/sms/domain/{domName}/secret/{secretName}", h.deleteSecretHandler).Methods("DELETE") diff --git a/sms-service/src/sms/handler/handler_test.go b/sms-service/src/sms/handler/handler_test.go index affa6f7..d8f9f9f 100644 --- a/sms-service/src/sms/handler/handler_test.go +++ b/sms-service/src/sms/handler/handler_test.go @@ -50,6 +50,10 @@ func (b *TestBackend) GetSecret(dom string, sec string) (smsbackend.Secret, erro return smsbackend.Secret{}, nil } +func (b *TestBackend) ListSecret(dom string) ([]string, error) { + return nil, nil +} + func (b *TestBackend) CreateSecretDomain(name string) (smsbackend.SecretDomain, error) { return smsbackend.SecretDomain{}, nil } -- cgit 1.2.3-korg