2016-04-21 19:50:03 -04:00
|
|
|
// NOTE: vault APIs do not yet exist in the SDK, but once they do this code
|
|
|
|
// should be removed.
|
|
|
|
|
|
|
|
package common
|
|
|
|
|
|
|
|
import (
|
2016-06-28 20:20:15 -04:00
|
|
|
"fmt"
|
2016-04-21 19:50:03 -04:00
|
|
|
"net/http"
|
2016-07-07 20:28:47 -04:00
|
|
|
"net/url"
|
2016-04-21 19:50:03 -04:00
|
|
|
|
|
|
|
"github.com/Azure/go-autorest/autorest"
|
2017-11-30 03:11:17 -05:00
|
|
|
"github.com/Azure/go-autorest/autorest/azure"
|
2016-04-21 19:50:03 -04:00
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
2017-11-30 03:11:17 -05:00
|
|
|
AzureVaultApiVersion = "2016-10-01"
|
2016-04-21 19:50:03 -04:00
|
|
|
)
|
|
|
|
|
2020-02-06 19:35:39 -05:00
|
|
|
// Enables us to test steps that access this cli
|
|
|
|
type AZVaultClientIface interface {
|
|
|
|
GetSecret(string, string) (*Secret, error)
|
|
|
|
SetSecret(string, string, string) error
|
|
|
|
DeletePreparer(string, string) (*http.Request, error)
|
|
|
|
DeleteResponder(*http.Response) (autorest.Response, error)
|
|
|
|
DeleteSender(*http.Request) (*http.Response, error)
|
|
|
|
}
|
|
|
|
|
2016-04-21 19:50:03 -04:00
|
|
|
type VaultClient struct {
|
|
|
|
autorest.Client
|
2016-07-07 20:28:47 -04:00
|
|
|
keyVaultEndpoint url.URL
|
2017-11-30 03:11:17 -05:00
|
|
|
SubscriptionID string
|
|
|
|
baseURI string
|
2016-07-07 20:28:47 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
func NewVaultClient(keyVaultEndpoint url.URL) VaultClient {
|
|
|
|
return VaultClient{
|
|
|
|
keyVaultEndpoint: keyVaultEndpoint,
|
|
|
|
}
|
2016-04-21 19:50:03 -04:00
|
|
|
}
|
|
|
|
|
2017-11-30 03:11:17 -05:00
|
|
|
func NewVaultClientWithBaseURI(baseURI, subscriptionID string) VaultClient {
|
|
|
|
return VaultClient{
|
|
|
|
baseURI: baseURI,
|
|
|
|
SubscriptionID: subscriptionID,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-04-21 19:50:03 -04:00
|
|
|
type Secret struct {
|
2016-07-16 01:23:53 -04:00
|
|
|
ID *string `json:"id,omitempty"`
|
|
|
|
Value string `json:"value"`
|
2016-04-21 19:50:03 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
func (client *VaultClient) GetSecret(vaultName, secretName string) (*Secret, error) {
|
|
|
|
p := map[string]interface{}{
|
2016-07-07 20:28:47 -04:00
|
|
|
"secret-name": autorest.Encode("path", secretName),
|
2016-04-21 19:50:03 -04:00
|
|
|
}
|
|
|
|
q := map[string]interface{}{
|
|
|
|
"api-version": AzureVaultApiVersion,
|
|
|
|
}
|
|
|
|
|
2016-07-07 20:28:47 -04:00
|
|
|
req, err := autorest.Prepare(
|
|
|
|
&http.Request{},
|
2016-04-21 19:50:03 -04:00
|
|
|
autorest.AsGet(),
|
2016-07-07 20:28:47 -04:00
|
|
|
autorest.WithBaseURL(client.getVaultUrl(vaultName)),
|
|
|
|
autorest.WithPathParameters("/secrets/{secret-name}", p),
|
2020-01-23 17:28:54 -05:00
|
|
|
autorest.WithQueryParameters(q),
|
|
|
|
)
|
2016-04-21 19:50:03 -04:00
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
resp, err := autorest.SendWithSender(client, req)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2016-06-28 20:20:15 -04:00
|
|
|
if resp.StatusCode != 200 {
|
|
|
|
return nil, fmt.Errorf(
|
|
|
|
"Failed to fetch secret from %s/%s, HTTP status code=%d (%s)",
|
|
|
|
vaultName,
|
|
|
|
secretName,
|
|
|
|
resp.StatusCode,
|
|
|
|
http.StatusText(resp.StatusCode))
|
|
|
|
}
|
|
|
|
|
2016-04-21 19:50:03 -04:00
|
|
|
var secret Secret
|
|
|
|
|
|
|
|
err = autorest.Respond(
|
|
|
|
resp,
|
|
|
|
autorest.ByUnmarshallingJSON(&secret))
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return &secret, nil
|
|
|
|
}
|
2016-07-07 20:28:47 -04:00
|
|
|
|
2020-01-23 17:28:54 -05:00
|
|
|
func (client *VaultClient) SetSecret(vaultName, secretName string, secretValue string) error {
|
|
|
|
p := map[string]interface{}{
|
|
|
|
"secret-name": autorest.Encode("path", secretName),
|
|
|
|
}
|
|
|
|
q := map[string]interface{}{
|
|
|
|
"api-version": AzureVaultApiVersion,
|
|
|
|
}
|
|
|
|
|
|
|
|
jsonBody := fmt.Sprintf(`{"value": "%s"}`, secretValue)
|
|
|
|
|
|
|
|
req, err := autorest.Prepare(
|
|
|
|
&http.Request{},
|
|
|
|
autorest.AsPut(),
|
|
|
|
autorest.AsContentType("application/json; charset=utf-8"),
|
|
|
|
autorest.WithBaseURL(client.getVaultUrl(vaultName)),
|
|
|
|
autorest.WithPathParameters("/secrets/{secret-name}", p),
|
|
|
|
autorest.WithQueryParameters(q),
|
|
|
|
autorest.WithString(jsonBody),
|
|
|
|
)
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
resp, err := autorest.SendWithSender(client, req)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
if resp.StatusCode != 200 {
|
|
|
|
return fmt.Errorf(
|
|
|
|
"Failed to set secret to %s/%s, HTTP status code=%d (%s)",
|
|
|
|
vaultName,
|
|
|
|
secretName,
|
|
|
|
resp.StatusCode,
|
|
|
|
http.StatusText(resp.StatusCode))
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2017-11-30 03:11:17 -05:00
|
|
|
// Delete deletes the specified Azure key vault.
|
|
|
|
//
|
|
|
|
// resourceGroupName is the name of the Resource Group to which the vault belongs. vaultName is the name of the vault
|
|
|
|
// to delete
|
|
|
|
func (client *VaultClient) Delete(resourceGroupName string, vaultName string) (result autorest.Response, err error) {
|
|
|
|
req, err := client.DeletePreparer(resourceGroupName, vaultName)
|
|
|
|
if err != nil {
|
|
|
|
err = autorest.NewErrorWithError(err, "keyvault.VaultsClient", "Delete", nil, "Failure preparing request")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
resp, err := client.DeleteSender(req)
|
|
|
|
if err != nil {
|
|
|
|
result.Response = resp
|
|
|
|
err = autorest.NewErrorWithError(err, "keyvault.VaultsClient", "Delete", resp, "Failure sending request")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
result, err = client.DeleteResponder(resp)
|
|
|
|
if err != nil {
|
|
|
|
err = autorest.NewErrorWithError(err, "keyvault.VaultsClient", "Delete", resp, "Failure responding to request")
|
|
|
|
}
|
|
|
|
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// DeletePreparer prepares the Delete request.
|
|
|
|
func (client *VaultClient) DeletePreparer(resourceGroupName string, vaultName string) (*http.Request, error) {
|
|
|
|
pathParameters := map[string]interface{}{
|
|
|
|
"resourceGroupName": autorest.Encode("path", resourceGroupName),
|
|
|
|
"SubscriptionID": autorest.Encode("path", client.SubscriptionID),
|
|
|
|
"vaultName": autorest.Encode("path", vaultName),
|
|
|
|
}
|
|
|
|
|
|
|
|
queryParameters := map[string]interface{}{
|
|
|
|
"api-version": AzureVaultApiVersion,
|
|
|
|
}
|
|
|
|
|
|
|
|
preparer := autorest.CreatePreparer(
|
|
|
|
autorest.AsDelete(),
|
|
|
|
autorest.WithBaseURL(client.baseURI),
|
|
|
|
autorest.WithPathParameters("/subscriptions/{SubscriptionID}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{vaultName}", pathParameters),
|
|
|
|
autorest.WithQueryParameters(queryParameters))
|
|
|
|
return preparer.Prepare(&http.Request{})
|
|
|
|
}
|
|
|
|
|
|
|
|
// DeleteSender sends the Delete request. The method will close the
|
|
|
|
// http.Response Body if it receives an error.
|
|
|
|
func (client *VaultClient) DeleteSender(req *http.Request) (*http.Response, error) {
|
|
|
|
return autorest.SendWithSender(client,
|
|
|
|
req,
|
2019-05-30 17:25:43 -04:00
|
|
|
azure.DoRetryWithRegistration(client.Client))
|
2017-11-30 03:11:17 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
// DeleteResponder handles the response to the Delete request. The method always
|
|
|
|
// closes the http.Response Body.
|
|
|
|
func (client *VaultClient) DeleteResponder(resp *http.Response) (result autorest.Response, err error) {
|
|
|
|
err = autorest.Respond(
|
|
|
|
resp,
|
|
|
|
client.ByInspecting(),
|
|
|
|
azure.WithErrorUnlessStatusCode(http.StatusOK),
|
|
|
|
autorest.ByClosing())
|
|
|
|
result.Response = resp
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2016-07-07 20:28:47 -04:00
|
|
|
func (client *VaultClient) getVaultUrl(vaultName string) string {
|
|
|
|
return fmt.Sprintf("%s://%s.%s/", client.keyVaultEndpoint.Scheme, vaultName, client.keyVaultEndpoint.Host)
|
|
|
|
}
|