package main import ( "log" "strconv" "github.com/gofiber/fiber/v2" ) const ( uriSecretData = "/:secret/data/:path" uriSecretMetadata = "/:secret/metadata/:path" ) func vaultApiSimpleKv2(c *fiber.Ctx, action string) error { secret := c.Params("secret") path := c.Params("path") if (secret == "") || (path == "") { return fiberNone(c) } log.Printf("%v %v %v", action, secret, path) return fiberOk(c) } func setupVaultApi(router fiber.Router) { // https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2 /* read secret */ router.Get(uriSecretData, func(c *fiber.Ctx) error { // return vaultApiSimpleKv2(c, "GET") secret := c.Params("secret") path := c.Params("path") if (secret == "") || (path == "") { return fiberNone(c) } var version int64 = -1 if ver_s := c.Query("version"); ver_s != "" { var err error version, err = strconv.ParseInt(ver_s, 10, 0) if err != nil { return fiberNone(c) } } if version >= 0 { // version is sane log.Printf("GET %v %v v=%v", secret, path, version) } else { log.Printf("GET %v %v", secret, path) } return fiberOk(c) }) /* create/update/patch secret */ router.Post(uriSecretData, func(c *fiber.Ctx) error { return vaultApiSimpleKv2(c, "SET") }) router.Patch(uriSecretData, func(c *fiber.Ctx) error { return vaultApiSimpleKv2(c, "SET") }) /* delete secret */ router.Delete(uriSecretData, func(c *fiber.Ctx) error { return vaultApiSimpleKv2(c, "DELETE") }) /* delete/undelete secret */ router.Post("/:secret/delete/:path", func(c *fiber.Ctx) error { return vaultApiSimpleKv2(c, "DELETE") }) router.Post("/:secret/undelete/:path", func(c *fiber.Ctx) error { return vaultApiSimpleKv2(c, "UNDELETE") }) /* destroy secret */ router.Post("/:secret/destroy/:path", func(c *fiber.Ctx) error { return vaultApiSimpleKv2(c, "DESTROY") }) /* read subkeys */ // router.Get("/:secret/subkeys/:path?version=:version&depth=:depth", fiberOk) router.Get("/:secret/subkeys/:path", func(c *fiber.Ctx) error { return vaultApiSimpleKv2(c, "SUBKEYS") }) /* read metadata */ router.Get(uriSecretMetadata, func(c *fiber.Ctx) error { return vaultApiSimpleKv2(c, "META-GET") }) /* create/update metadata */ router.Post(uriSecretMetadata, func(c *fiber.Ctx) error { return vaultApiSimpleKv2(c, "META-SET") }) router.Patch(uriSecretMetadata, func(c *fiber.Ctx) error { return vaultApiSimpleKv2(c, "META-SET") }) /* delete metadata */ router.Delete(uriSecretMetadata, func(c *fiber.Ctx) error { return vaultApiSimpleKv2(c, "META-DELETE") }) /* list secrets */ router.Add(MethodList, uriSecretMetadata, func(c *fiber.Ctx) error { return vaultApiSimpleKv2(c, "LIST") }) }