From 3d37b8638a32ca119b6822b4a5ad36afe871eae6 Mon Sep 17 00:00:00 2001 From: Konstantin Demin Date: Tue, 11 Jun 2024 11:38:30 +0300 Subject: [PATCH] describe example api handler --- vault-api.go | 112 ++++++++++++++++++++++++++++++++++----------------- 1 file changed, 75 insertions(+), 37 deletions(-) diff --git a/vault-api.go b/vault-api.go index 363dbcd..ec5b287 100644 --- a/vault-api.go +++ b/vault-api.go @@ -1,6 +1,9 @@ package main import ( + "log" + "strconv" + "github.com/gofiber/fiber/v2" ) @@ -9,60 +12,95 @@ const ( uriSecretMetadata = "/:secret/metadata/:path" ) +func vaultApiSimpleKv2(c *fiber.Ctx, action string) error { + secret := c.Params("secret") + path := c.Params("path") + if (secret == "") || (path == "") { + return fiberNone(c) + } + + log.Printf("%v %v %v", action, secret, path) + + return fiberOk(c) +} + func setupVaultApi(router fiber.Router) { // https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2 /* read secret */ - router.Get(uriSecretData, fiberOk, func(c *fiber.Ctx) error { - /* - ver_s := c.Query("version") - if ver_s != "" { - ver, err := strconv.ParseInt(ver_s, 10, 0) - if err != nil { - c.Status(fiber.StatusBadRequest) - return nil - } - // do job with ver + router.Get(uriSecretData, func(c *fiber.Ctx) error { + // return vaultApiSimpleKv2(c, "GET") + + secret := c.Params("secret") + path := c.Params("path") + if (secret == "") || (path == "") { + return fiberNone(c) + } + + var version int64 = -1 + if ver_s := c.Query("version"); ver_s != "" { + var err error + version, err = strconv.ParseInt(ver_s, 10, 0) + if err != nil { + return fiberNone(c) } - */ - return nil + } + + if version >= 0 { + // version is sane + log.Printf("GET %v %v v=%v", secret, path, version) + } else { + log.Printf("GET %v %v", secret, path) + } + + return fiberOk(c) }) /* create/update/patch secret */ - router.Post(uriSecretData, fiberOk) - router.Patch(uriSecretData, fiberOk) + router.Post(uriSecretData, func(c *fiber.Ctx) error { + return vaultApiSimpleKv2(c, "SET") + }) + router.Patch(uriSecretData, func(c *fiber.Ctx) error { + return vaultApiSimpleKv2(c, "SET") + }) /* delete secret */ - router.Delete(uriSecretData, fiberOk) - + router.Delete(uriSecretData, func(c *fiber.Ctx) error { + return vaultApiSimpleKv2(c, "DELETE") + }) /* delete/undelete secret */ - router.Post("/:secret/delete/:path", fiberOk) - router.Post("/:secret/undelete/:path", fiberOk) + router.Post("/:secret/delete/:path", func(c *fiber.Ctx) error { + return vaultApiSimpleKv2(c, "DELETE") + }) + router.Post("/:secret/undelete/:path", func(c *fiber.Ctx) error { + return vaultApiSimpleKv2(c, "UNDELETE") + }) /* destroy secret */ - router.Post("/:secret/destroy/:path", fiberOk) + router.Post("/:secret/destroy/:path", func(c *fiber.Ctx) error { + return vaultApiSimpleKv2(c, "DESTROY") + }) /* read subkeys */ // router.Get("/:secret/subkeys/:path?version=:version&depth=:depth", fiberOk) - router.Get("/:secret/subkeys/:path", fiberOk, func(c *fiber.Ctx) error { - /* - ver_s := c.Query("version") - if ver_s != "" { - ver, err := strconv.ParseInt(ver_s, 10, 0) - if err != nil { - c.Status(fiber.StatusBadRequest) - return nil - } - // do job with ver - } - */ - return nil + router.Get("/:secret/subkeys/:path", func(c *fiber.Ctx) error { + return vaultApiSimpleKv2(c, "SUBKEYS") }) /* read metadata */ - router.Get(uriSecretMetadata, fiberOk) + router.Get(uriSecretMetadata, func(c *fiber.Ctx) error { + return vaultApiSimpleKv2(c, "META-GET") + }) /* create/update metadata */ - router.Post(uriSecretMetadata, fiberOk) - router.Patch(uriSecretMetadata, fiberOk) + router.Post(uriSecretMetadata, func(c *fiber.Ctx) error { + return vaultApiSimpleKv2(c, "META-SET") + }) + router.Patch(uriSecretMetadata, func(c *fiber.Ctx) error { + return vaultApiSimpleKv2(c, "META-SET") + }) /* delete metadata */ - router.Delete(uriSecretMetadata, fiberOk) + router.Delete(uriSecretMetadata, func(c *fiber.Ctx) error { + return vaultApiSimpleKv2(c, "META-DELETE") + }) /* list secrets */ - router.Add(MethodList, uriSecretMetadata, fiberOk) + router.Add(MethodList, uriSecretMetadata, func(c *fiber.Ctx) error { + return vaultApiSimpleKv2(c, "LIST") + }) }