// Copyright (c) HashiCorp, Inc. // SPDX-License-Identifier: MPL-2.0 package api import ( "context" "errors" "net/http" "github.com/mitchellh/mapstructure" ) func (c *Sys) RekeyStatus() (*RekeyStatusResponse, error) { return c.RekeyStatusWithContext(context.Background()) } func (c *Sys) RekeyStatusWithContext(ctx context.Context) (*RekeyStatusResponse, error) { ctx, cancelFunc := c.c.withConfiguredTimeout(ctx) defer cancelFunc() r := c.c.NewRequest(http.MethodGet, "/v1/sys/rekey/init") resp, err := c.c.rawRequestWithContext(ctx, r) if err != nil { return nil, err } defer resp.Body.Close() var result RekeyStatusResponse err = resp.DecodeJSON(&result) return &result, err } func (c *Sys) RekeyRecoveryKeyStatus() (*RekeyStatusResponse, error) { return c.RekeyRecoveryKeyStatusWithContext(context.Background()) } func (c *Sys) RekeyRecoveryKeyStatusWithContext(ctx context.Context) (*RekeyStatusResponse, error) { ctx, cancelFunc := c.c.withConfiguredTimeout(ctx) defer cancelFunc() r := c.c.NewRequest(http.MethodGet, "/v1/sys/rekey-recovery-key/init") resp, err := c.c.rawRequestWithContext(ctx, r) if err != nil { return nil, err } defer resp.Body.Close() var result RekeyStatusResponse err = resp.DecodeJSON(&result) return &result, err } func (c *Sys) RekeyVerificationStatus() (*RekeyVerificationStatusResponse, error) { return c.RekeyVerificationStatusWithContext(context.Background()) } func (c *Sys) RekeyVerificationStatusWithContext(ctx context.Context) (*RekeyVerificationStatusResponse, error) { ctx, cancelFunc := c.c.withConfiguredTimeout(ctx) defer cancelFunc() r := c.c.NewRequest(http.MethodGet, "/v1/sys/rekey/verify") resp, err := c.c.rawRequestWithContext(ctx, r) if err != nil { return nil, err } defer resp.Body.Close() var result RekeyVerificationStatusResponse err = resp.DecodeJSON(&result) return &result, err } func (c *Sys) RekeyRecoveryKeyVerificationStatus() (*RekeyVerificationStatusResponse, error) { return c.RekeyRecoveryKeyVerificationStatusWithContext(context.Background()) } func (c *Sys) RekeyRecoveryKeyVerificationStatusWithContext(ctx context.Context) (*RekeyVerificationStatusResponse, error) { ctx, cancelFunc := c.c.withConfiguredTimeout(ctx) defer cancelFunc() r := c.c.NewRequest(http.MethodGet, "/v1/sys/rekey-recovery-key/verify") resp, err := c.c.rawRequestWithContext(ctx, r) if err != nil { return nil, err } defer resp.Body.Close() var result RekeyVerificationStatusResponse err = resp.DecodeJSON(&result) return &result, err } func (c *Sys) RekeyInit(config *RekeyInitRequest) (*RekeyStatusResponse, error) { return c.RekeyInitWithContext(context.Background(), config) } func (c *Sys) RekeyInitWithContext(ctx context.Context, config *RekeyInitRequest) (*RekeyStatusResponse, error) { ctx, cancelFunc := c.c.withConfiguredTimeout(ctx) defer cancelFunc() r := c.c.NewRequest(http.MethodPut, "/v1/sys/rekey/init") if err := r.SetJSONBody(config); err != nil { return nil, err } resp, err := c.c.rawRequestWithContext(ctx, r) if err != nil { return nil, err } defer resp.Body.Close() var result RekeyStatusResponse err = resp.DecodeJSON(&result) return &result, err } func (c *Sys) RekeyRecoveryKeyInit(config *RekeyInitRequest) (*RekeyStatusResponse, error) { return c.RekeyRecoveryKeyInitWithContext(context.Background(), config) } func (c *Sys) RekeyRecoveryKeyInitWithContext(ctx context.Context, config *RekeyInitRequest) (*RekeyStatusResponse, error) { ctx, cancelFunc := c.c.withConfiguredTimeout(ctx) defer cancelFunc() r := c.c.NewRequest(http.MethodPut, "/v1/sys/rekey-recovery-key/init") if err := r.SetJSONBody(config); err != nil { return nil, err } resp, err := c.c.rawRequestWithContext(ctx, r) if err != nil { return nil, err } defer resp.Body.Close() var result RekeyStatusResponse err = resp.DecodeJSON(&result) return &result, err } func (c *Sys) RekeyCancel() error { return c.RekeyCancelWithContext(context.Background()) } func (c *Sys) RekeyCancelWithContext(ctx context.Context) error { ctx, cancelFunc := c.c.withConfiguredTimeout(ctx) defer cancelFunc() r := c.c.NewRequest(http.MethodDelete, "/v1/sys/rekey/init") resp, err := c.c.rawRequestWithContext(ctx, r) if err == nil { defer resp.Body.Close() } return err } func (c *Sys) RekeyRecoveryKeyCancel() error { return c.RekeyRecoveryKeyCancelWithContext(context.Background()) } func (c *Sys) RekeyRecoveryKeyCancelWithContext(ctx context.Context) error { ctx, cancelFunc := c.c.withConfiguredTimeout(ctx) defer cancelFunc() r := c.c.NewRequest(http.MethodDelete, "/v1/sys/rekey-recovery-key/init") resp, err := c.c.rawRequestWithContext(ctx, r) if err == nil { defer resp.Body.Close() } return err } func (c *Sys) RekeyVerificationCancel() error { return c.RekeyVerificationCancelWithContext(context.Background()) } func (c *Sys) RekeyVerificationCancelWithContext(ctx context.Context) error { ctx, cancelFunc := c.c.withConfiguredTimeout(ctx) defer cancelFunc() r := c.c.NewRequest(http.MethodDelete, "/v1/sys/rekey/verify") resp, err := c.c.rawRequestWithContext(ctx, r) if err == nil { defer resp.Body.Close() } return err } func (c *Sys) RekeyRecoveryKeyVerificationCancel() error { return c.RekeyRecoveryKeyVerificationCancelWithContext(context.Background()) } func (c *Sys) RekeyRecoveryKeyVerificationCancelWithContext(ctx context.Context) error { ctx, cancelFunc := c.c.withConfiguredTimeout(ctx) defer cancelFunc() r := c.c.NewRequest(http.MethodDelete, "/v1/sys/rekey-recovery-key/verify") resp, err := c.c.rawRequestWithContext(ctx, r) if err == nil { defer resp.Body.Close() } return err } func (c *Sys) RekeyUpdate(shard, nonce string) (*RekeyUpdateResponse, error) { return c.RekeyUpdateWithContext(context.Background(), shard, nonce) } func (c *Sys) RekeyUpdateWithContext(ctx context.Context, shard, nonce string) (*RekeyUpdateResponse, error) { ctx, cancelFunc := c.c.withConfiguredTimeout(ctx) defer cancelFunc() body := map[string]interface{}{ "key": shard, "nonce": nonce, } r := c.c.NewRequest(http.MethodPut, "/v1/sys/rekey/update") if err := r.SetJSONBody(body); err != nil { return nil, err } resp, err := c.c.rawRequestWithContext(ctx, r) if err != nil { return nil, err } defer resp.Body.Close() var result RekeyUpdateResponse err = resp.DecodeJSON(&result) return &result, err } func (c *Sys) RekeyRecoveryKeyUpdate(shard, nonce string) (*RekeyUpdateResponse, error) { return c.RekeyRecoveryKeyUpdateWithContext(context.Background(), shard, nonce) } func (c *Sys) RekeyRecoveryKeyUpdateWithContext(ctx context.Context, shard, nonce string) (*RekeyUpdateResponse, error) { ctx, cancelFunc := c.c.withConfiguredTimeout(ctx) defer cancelFunc() body := map[string]interface{}{ "key": shard, "nonce": nonce, } r := c.c.NewRequest(http.MethodPut, "/v1/sys/rekey-recovery-key/update") if err := r.SetJSONBody(body); err != nil { return nil, err } resp, err := c.c.rawRequestWithContext(ctx, r) if err != nil { return nil, err } defer resp.Body.Close() var result RekeyUpdateResponse err = resp.DecodeJSON(&result) return &result, err } func (c *Sys) RekeyRetrieveBackup() (*RekeyRetrieveResponse, error) { return c.RekeyRetrieveBackupWithContext(context.Background()) } func (c *Sys) RekeyRetrieveBackupWithContext(ctx context.Context) (*RekeyRetrieveResponse, error) { ctx, cancelFunc := c.c.withConfiguredTimeout(ctx) defer cancelFunc() r := c.c.NewRequest(http.MethodGet, "/v1/sys/rekey/backup") resp, err := c.c.rawRequestWithContext(ctx, r) if err != nil { return nil, err } defer resp.Body.Close() secret, err := ParseSecret(resp.Body) if err != nil { return nil, err } if secret == nil || secret.Data == nil { return nil, errors.New("data from server response is empty") } var result RekeyRetrieveResponse err = mapstructure.Decode(secret.Data, &result) if err != nil { return nil, err } return &result, err } func (c *Sys) RekeyRetrieveRecoveryBackup() (*RekeyRetrieveResponse, error) { return c.RekeyRetrieveRecoveryBackupWithContext(context.Background()) } func (c *Sys) RekeyRetrieveRecoveryBackupWithContext(ctx context.Context) (*RekeyRetrieveResponse, error) { ctx, cancelFunc := c.c.withConfiguredTimeout(ctx) defer cancelFunc() r := c.c.NewRequest(http.MethodGet, "/v1/sys/rekey/recovery-key-backup") resp, err := c.c.rawRequestWithContext(ctx, r) if err != nil { return nil, err } defer resp.Body.Close() secret, err := ParseSecret(resp.Body) if err != nil { return nil, err } if secret == nil || secret.Data == nil { return nil, errors.New("data from server response is empty") } var result RekeyRetrieveResponse err = mapstructure.Decode(secret.Data, &result) if err != nil { return nil, err } return &result, err } func (c *Sys) RekeyDeleteBackup() error { return c.RekeyDeleteBackupWithContext(context.Background()) } func (c *Sys) RekeyDeleteBackupWithContext(ctx context.Context) error { ctx, cancelFunc := c.c.withConfiguredTimeout(ctx) defer cancelFunc() r := c.c.NewRequest(http.MethodDelete, "/v1/sys/rekey/backup") resp, err := c.c.rawRequestWithContext(ctx, r) if err == nil { defer resp.Body.Close() } return err } func (c *Sys) RekeyDeleteRecoveryBackup() error { return c.RekeyDeleteRecoveryBackupWithContext(context.Background()) } func (c *Sys) RekeyDeleteRecoveryBackupWithContext(ctx context.Context) error { ctx, cancelFunc := c.c.withConfiguredTimeout(ctx) defer cancelFunc() r := c.c.NewRequest(http.MethodDelete, "/v1/sys/rekey/recovery-key-backup") resp, err := c.c.rawRequestWithContext(ctx, r) if err == nil { defer resp.Body.Close() } return err } func (c *Sys) RekeyVerificationUpdate(shard, nonce string) (*RekeyVerificationUpdateResponse, error) { return c.RekeyVerificationUpdateWithContext(context.Background(), shard, nonce) } func (c *Sys) RekeyVerificationUpdateWithContext(ctx context.Context, shard, nonce string) (*RekeyVerificationUpdateResponse, error) { ctx, cancelFunc := c.c.withConfiguredTimeout(ctx) defer cancelFunc() body := map[string]interface{}{ "key": shard, "nonce": nonce, } r := c.c.NewRequest(http.MethodPut, "/v1/sys/rekey/verify") if err := r.SetJSONBody(body); err != nil { return nil, err } resp, err := c.c.rawRequestWithContext(ctx, r) if err != nil { return nil, err } defer resp.Body.Close() var result RekeyVerificationUpdateResponse err = resp.DecodeJSON(&result) return &result, err } func (c *Sys) RekeyRecoveryKeyVerificationUpdate(shard, nonce string) (*RekeyVerificationUpdateResponse, error) { return c.RekeyRecoveryKeyVerificationUpdateWithContext(context.Background(), shard, nonce) } func (c *Sys) RekeyRecoveryKeyVerificationUpdateWithContext(ctx context.Context, shard, nonce string) (*RekeyVerificationUpdateResponse, error) { ctx, cancelFunc := c.c.withConfiguredTimeout(ctx) defer cancelFunc() body := map[string]interface{}{ "key": shard, "nonce": nonce, } r := c.c.NewRequest(http.MethodPut, "/v1/sys/rekey-recovery-key/verify") if err := r.SetJSONBody(body); err != nil { return nil, err } resp, err := c.c.rawRequestWithContext(ctx, r) if err != nil { return nil, err } defer resp.Body.Close() var result RekeyVerificationUpdateResponse err = resp.DecodeJSON(&result) return &result, err } type RekeyInitRequest struct { SecretShares int `json:"secret_shares"` SecretThreshold int `json:"secret_threshold"` StoredShares int `json:"stored_shares"` PGPKeys []string `json:"pgp_keys"` Backup bool RequireVerification bool `json:"require_verification"` } type RekeyStatusResponse struct { Nonce string `json:"nonce"` Started bool `json:"started"` T int `json:"t"` N int `json:"n"` Progress int `json:"progress"` Required int `json:"required"` PGPFingerprints []string `json:"pgp_fingerprints"` Backup bool `json:"backup"` VerificationRequired bool `json:"verification_required"` VerificationNonce string `json:"verification_nonce"` } type RekeyUpdateResponse struct { Nonce string `json:"nonce"` Complete bool `json:"complete"` Keys []string `json:"keys"` KeysB64 []string `json:"keys_base64"` PGPFingerprints []string `json:"pgp_fingerprints"` Backup bool `json:"backup"` VerificationRequired bool `json:"verification_required"` VerificationNonce string `json:"verification_nonce,omitempty"` } type RekeyRetrieveResponse struct { Nonce string `json:"nonce" mapstructure:"nonce"` Keys map[string][]string `json:"keys" mapstructure:"keys"` KeysB64 map[string][]string `json:"keys_base64" mapstructure:"keys_base64"` } type RekeyVerificationStatusResponse struct { Nonce string `json:"nonce"` Started bool `json:"started"` T int `json:"t"` N int `json:"n"` Progress int `json:"progress"` } type RekeyVerificationUpdateResponse struct { Nonce string `json:"nonce"` Complete bool `json:"complete"` }