vault-redux/api/sys_policy.go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0

package api

import (
	"context"
	"errors"
	"fmt"
	"net/http"

	"github.com/mitchellh/mapstructure"
)

func (c *Sys) ListPolicies() ([]string, error) {
	return c.ListPoliciesWithContext(context.Background())
}

func (c *Sys) ListPoliciesWithContext(ctx context.Context) ([]string, error) {
	ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
	defer cancelFunc()

	r := c.c.NewRequest("LIST", "/v1/sys/policies/acl")
	// Set this for broader compatibility, but we use LIST above to be able to
	// handle the wrapping lookup function
	r.Method = http.MethodGet
	r.Params.Set("list", "true")

	resp, err := c.c.rawRequestWithContext(ctx, r)
	if err != nil {
		return nil, err
	}
	defer resp.Body.Close()

	secret, err := ParseSecret(resp.Body)
	if err != nil {
		return nil, err
	}
	if secret == nil || secret.Data == nil {
		return nil, errors.New("data from server response is empty")
	}

	var result []string
	err = mapstructure.Decode(secret.Data["keys"], &result)
	if err != nil {
		return nil, err
	}

	return result, err
}

func (c *Sys) GetPolicy(name string) (string, error) {
	return c.GetPolicyWithContext(context.Background(), name)
}

func (c *Sys) GetPolicyWithContext(ctx context.Context, name string) (string, error) {
	ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
	defer cancelFunc()

	r := c.c.NewRequest(http.MethodGet, fmt.Sprintf("/v1/sys/policies/acl/%s", name))

	resp, err := c.c.rawRequestWithContext(ctx, r)
	if resp != nil {
		defer resp.Body.Close()
		if resp.StatusCode == 404 {
			return "", nil
		}
	}
	if err != nil {
		return "", err
	}

	secret, err := ParseSecret(resp.Body)
	if err != nil {
		return "", err
	}
	if secret == nil || secret.Data == nil {
		return "", errors.New("data from server response is empty")
	}

	if policyRaw, ok := secret.Data["policy"]; ok {
		return policyRaw.(string), nil
	}

	return "", fmt.Errorf("no policy found in response")
}

func (c *Sys) PutPolicy(name, rules string) error {
	return c.PutPolicyWithContext(context.Background(), name, rules)
}

func (c *Sys) PutPolicyWithContext(ctx context.Context, name, rules string) error {
	ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
	defer cancelFunc()

	body := map[string]string{
		"policy": rules,
	}

	r := c.c.NewRequest(http.MethodPut, fmt.Sprintf("/v1/sys/policies/acl/%s", name))
	if err := r.SetJSONBody(body); err != nil {
		return err
	}

	resp, err := c.c.rawRequestWithContext(ctx, r)
	if err != nil {
		return err
	}
	defer resp.Body.Close()

	return nil
}

func (c *Sys) DeletePolicy(name string) error {
	return c.DeletePolicyWithContext(context.Background(), name)
}

func (c *Sys) DeletePolicyWithContext(ctx context.Context, name string) error {
	ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
	defer cancelFunc()

	r := c.c.NewRequest(http.MethodDelete, fmt.Sprintf("/v1/sys/policies/acl/%s", name))

	resp, err := c.c.rawRequestWithContext(ctx, r)
	if err == nil {
		defer resp.Body.Close()
	}
	return err
}

type getPoliciesResp struct {
	Rules string `json:"rules"`
}

type listPoliciesResp struct {
	Policies []string `json:"policies"`
}
adding copyright header (#19555) * adding copyright header * fix fmt and a test 2023-03-15 19:00:52 +03:00			`// Copyright (c) HashiCorp, Inc.`
			`// SPDX-License-Identifier: MPL-2.0`

api: policy methods 2015-04-02 03:59:41 +03:00			`package api`

API: Add context to each raw request call (#4987) 2018-07-25 01:49:55 +03:00			`import (`
			`"context"`
Remove injection into top routes (#5101) 2018-08-14 22:29:22 +03:00			`"errors"`
API: Add context to each raw request call (#4987) 2018-07-25 01:49:55 +03:00			`"fmt"`
Replace http method strings with net/http constants (#14677) 2022-03-24 20:58:03 +03:00			`"net/http"`
Remove injection into top routes (#5101) 2018-08-14 22:29:22 +03:00
			`"github.com/mitchellh/mapstructure"`
API: Add context to each raw request call (#4987) 2018-07-25 01:49:55 +03:00			`)`
api: policy methods 2015-04-02 03:59:41 +03:00
			`func (c *Sys) ListPolicies() ([]string, error) {`
Add context-aware functions to vault/api (#14388) 2022-03-24 00:47:43 +03:00			`return c.ListPoliciesWithContext(context.Background())`
			`}`

			`func (c *Sys) ListPoliciesWithContext(ctx context.Context) ([]string, error) {`
			`ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)`
			`defer cancelFunc()`

Use sys/policies/acl instead of sys/policy/ (#5583) 2018-10-29 20:11:19 +03:00			`r := c.c.NewRequest("LIST", "/v1/sys/policies/acl")`
Fix a couple of instances where we are using LIST verb (#6026) * Fix a couple of instances where we are using LIST verb We specify it for the wrapping lookup function but for broader compatibility with proxies and such we want to filter it to a GET. In a couple of places we weren't doing that, so this updates those locations. 2019-01-11 03:57:00 +03:00			`// Set this for broader compatibility, but we use LIST above to be able to`
			`// handle the wrapping lookup function`
Replace http method strings with net/http constants (#14677) 2022-03-24 20:58:03 +03:00			`r.Method = http.MethodGet`
Fix a couple of instances where we are using LIST verb (#6026) * Fix a couple of instances where we are using LIST verb We specify it for the wrapping lookup function but for broader compatibility with proxies and such we want to filter it to a GET. In a couple of places we weren't doing that, so this updates those locations. 2019-01-11 03:57:00 +03:00			`r.Params.Set("list", "true")`
API: Add context to each raw request call (#4987) 2018-07-25 01:49:55 +03:00
Add context-aware functions to vault/api (#14388) 2022-03-24 00:47:43 +03:00			`resp, err := c.c.rawRequestWithContext(ctx, r)`
api: policy methods 2015-04-02 03:59:41 +03:00			`if err != nil {`
			`return nil, err`
			`}`
			`defer resp.Body.Close()`

Remove injection into top routes (#5101) 2018-08-14 22:29:22 +03:00			`secret, err := ParseSecret(resp.Body)`
Fix tests and update mapstructure 2016-08-08 23:00:31 +03:00			`if err != nil {`
			`return nil, err`
			`}`
Remove injection into top routes (#5101) 2018-08-14 22:29:22 +03:00			`if secret == nil \|\| secret.Data == nil {`
			`return nil, errors.New("data from server response is empty")`
Fix tests and update mapstructure 2016-08-08 23:00:31 +03:00			`}`

Remove injection into top routes (#5101) 2018-08-14 22:29:22 +03:00			`var result []string`
Use sys/policies/acl instead of sys/policy/ (#5583) 2018-10-29 20:11:19 +03:00			`err = mapstructure.Decode(secret.Data["keys"], &result)`
Remove injection into top routes (#5101) 2018-08-14 22:29:22 +03:00			`if err != nil {`
			`return nil, err`
Fix tests and update mapstructure 2016-08-08 23:00:31 +03:00			`}`

Remove injection into top routes (#5101) 2018-08-14 22:29:22 +03:00			`return result, err`
api: policy methods 2015-04-02 03:59:41 +03:00			`}`

			`func (c *Sys) GetPolicy(name string) (string, error) {`
Add context-aware functions to vault/api (#14388) 2022-03-24 00:47:43 +03:00			`return c.GetPolicyWithContext(context.Background(), name)`
			`}`
API: Add context to each raw request call (#4987) 2018-07-25 01:49:55 +03:00
Add context-aware functions to vault/api (#14388) 2022-03-24 00:47:43 +03:00			`func (c *Sys) GetPolicyWithContext(ctx context.Context, name string) (string, error) {`
			`ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)`
API: Add context to each raw request call (#4987) 2018-07-25 01:49:55 +03:00			`defer cancelFunc()`
Add context-aware functions to vault/api (#14388) 2022-03-24 00:47:43 +03:00
Replace http method strings with net/http constants (#14677) 2022-03-24 20:58:03 +03:00			`r := c.c.NewRequest(http.MethodGet, fmt.Sprintf("/v1/sys/policies/acl/%s", name))`
Add context-aware functions to vault/api (#14388) 2022-03-24 00:47:43 +03:00
			`resp, err := c.c.rawRequestWithContext(ctx, r)`
api: fixing 404 handling of GetPolicy 2015-07-13 12:20:00 +03:00			`if resp != nil {`
			`defer resp.Body.Close()`
			`if resp.StatusCode == 404 {`
			`return "", nil`
			`}`
			`}`
api: policy methods 2015-04-02 03:59:41 +03:00			`if err != nil {`
			`return "", err`
			`}`

Remove injection into top routes (#5101) 2018-08-14 22:29:22 +03:00			`secret, err := ParseSecret(resp.Body)`
Fix tests and update mapstructure 2016-08-08 23:00:31 +03:00			`if err != nil {`
			`return "", err`
			`}`
Remove injection into top routes (#5101) 2018-08-14 22:29:22 +03:00			`if secret == nil \|\| secret.Data == nil {`
			`return "", errors.New("data from server response is empty")`
More syncing 2017-10-23 23:52:56 +03:00			`}`
Remove injection into top routes (#5101) 2018-08-14 22:29:22 +03:00
			`if policyRaw, ok := secret.Data["policy"]; ok {`
More syncing 2017-10-23 23:52:56 +03:00			`return policyRaw.(string), nil`
Fix tests and update mapstructure 2016-08-08 23:00:31 +03:00			`}`

More syncing 2017-10-23 23:52:56 +03:00			`return "", fmt.Errorf("no policy found in response")`
api: policy methods 2015-04-02 03:59:41 +03:00			`}`

			`func (c *Sys) PutPolicy(name, rules string) error {`
Add context-aware functions to vault/api (#14388) 2022-03-24 00:47:43 +03:00			`return c.PutPolicyWithContext(context.Background(), name, rules)`
			`}`

			`func (c *Sys) PutPolicyWithContext(ctx context.Context, name, rules string) error {`
			`ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)`
			`defer cancelFunc()`

api: policy methods 2015-04-02 03:59:41 +03:00			`body := map[string]string{`
Use sys/policies/acl instead of sys/policy/ (#5583) 2018-10-29 20:11:19 +03:00			`"policy": rules,`
api: policy methods 2015-04-02 03:59:41 +03:00			`}`

Replace http method strings with net/http constants (#14677) 2022-03-24 20:58:03 +03:00			`r := c.c.NewRequest(http.MethodPut, fmt.Sprintf("/v1/sys/policies/acl/%s", name))`
api: policy methods 2015-04-02 03:59:41 +03:00			`if err := r.SetJSONBody(body); err != nil {`
			`return err`
			`}`

Add context-aware functions to vault/api (#14388) 2022-03-24 00:47:43 +03:00			`resp, err := c.c.rawRequestWithContext(ctx, r)`
api: policy methods 2015-04-02 03:59:41 +03:00			`if err != nil {`
			`return err`
			`}`
			`defer resp.Body.Close()`

			`return nil`
			`}`

			`func (c *Sys) DeletePolicy(name string) error {`
Add context-aware functions to vault/api (#14388) 2022-03-24 00:47:43 +03:00			`return c.DeletePolicyWithContext(context.Background(), name)`
			`}`
API: Add context to each raw request call (#4987) 2018-07-25 01:49:55 +03:00
Add context-aware functions to vault/api (#14388) 2022-03-24 00:47:43 +03:00			`func (c *Sys) DeletePolicyWithContext(ctx context.Context, name string) error {`
			`ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)`
API: Add context to each raw request call (#4987) 2018-07-25 01:49:55 +03:00			`defer cancelFunc()`
Add context-aware functions to vault/api (#14388) 2022-03-24 00:47:43 +03:00
Replace http method strings with net/http constants (#14677) 2022-03-24 20:58:03 +03:00			`r := c.c.NewRequest(http.MethodDelete, fmt.Sprintf("/v1/sys/policies/acl/%s", name))`
Add context-aware functions to vault/api (#14388) 2022-03-24 00:47:43 +03:00
			`resp, err := c.c.rawRequestWithContext(ctx, r)`
api: policy methods 2015-04-02 03:59:41 +03:00			`if err == nil {`
			`defer resp.Body.Close()`
			`}`
			`return err`
			`}`

			`type getPoliciesResp struct {`
			Rules string `json:"rules"`
			`}`

			`type listPoliciesResp struct {`
			Policies []string `json:"policies"`
			`}`