2016-04-21 19:50:03 -04:00
|
|
|
// Copyright (c) Microsoft Corporation. All rights reserved.
|
2016-05-06 23:32:18 -04:00
|
|
|
// Licensed under the MIT License. See the LICENSE file in builder/azure for license information.
|
2016-04-21 19:50:03 -04:00
|
|
|
|
|
|
|
// NOTE: vault APIs do not yet exist in the SDK, but once they do this code
|
|
|
|
// should be removed.
|
|
|
|
|
|
|
|
package common
|
|
|
|
|
|
|
|
import (
|
2016-06-28 20:20:15 -04:00
|
|
|
"fmt"
|
2016-04-21 19:50:03 -04:00
|
|
|
"net/http"
|
2016-07-07 20:28:47 -04:00
|
|
|
"net/url"
|
2016-04-21 19:50:03 -04:00
|
|
|
|
|
|
|
"github.com/Azure/go-autorest/autorest"
|
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
2016-07-07 20:28:47 -04:00
|
|
|
AzureVaultApiVersion = "2015-06-01"
|
2016-04-21 19:50:03 -04:00
|
|
|
)
|
|
|
|
|
|
|
|
type VaultClient struct {
|
|
|
|
autorest.Client
|
2016-07-07 20:28:47 -04:00
|
|
|
keyVaultEndpoint url.URL
|
|
|
|
}
|
|
|
|
|
|
|
|
func NewVaultClient(keyVaultEndpoint url.URL) VaultClient {
|
|
|
|
return VaultClient{
|
|
|
|
keyVaultEndpoint: keyVaultEndpoint,
|
|
|
|
}
|
2016-04-21 19:50:03 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
type Secret struct {
|
2016-07-16 01:23:53 -04:00
|
|
|
ID *string `json:"id,omitempty"`
|
|
|
|
Value string `json:"value"`
|
2016-04-21 19:50:03 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
func (client *VaultClient) GetSecret(vaultName, secretName string) (*Secret, error) {
|
|
|
|
p := map[string]interface{}{
|
2016-07-07 20:28:47 -04:00
|
|
|
"secret-name": autorest.Encode("path", secretName),
|
2016-04-21 19:50:03 -04:00
|
|
|
}
|
|
|
|
q := map[string]interface{}{
|
|
|
|
"api-version": AzureVaultApiVersion,
|
|
|
|
}
|
|
|
|
|
2016-07-07 20:28:47 -04:00
|
|
|
req, err := autorest.Prepare(
|
|
|
|
&http.Request{},
|
2016-04-21 19:50:03 -04:00
|
|
|
autorest.AsGet(),
|
2016-07-07 20:28:47 -04:00
|
|
|
autorest.WithBaseURL(client.getVaultUrl(vaultName)),
|
|
|
|
autorest.WithPathParameters("/secrets/{secret-name}", p),
|
2016-04-21 19:50:03 -04:00
|
|
|
autorest.WithQueryParameters(q))
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
resp, err := autorest.SendWithSender(client, req)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2016-06-28 20:20:15 -04:00
|
|
|
if resp.StatusCode != 200 {
|
|
|
|
return nil, fmt.Errorf(
|
|
|
|
"Failed to fetch secret from %s/%s, HTTP status code=%d (%s)",
|
|
|
|
vaultName,
|
|
|
|
secretName,
|
|
|
|
resp.StatusCode,
|
|
|
|
http.StatusText(resp.StatusCode))
|
|
|
|
}
|
|
|
|
|
2016-04-21 19:50:03 -04:00
|
|
|
var secret Secret
|
|
|
|
|
|
|
|
err = autorest.Respond(
|
|
|
|
resp,
|
|
|
|
autorest.ByUnmarshallingJSON(&secret))
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return &secret, nil
|
|
|
|
}
|
2016-07-07 20:28:47 -04:00
|
|
|
|
|
|
|
func (client *VaultClient) getVaultUrl(vaultName string) string {
|
|
|
|
return fmt.Sprintf("%s://%s.%s/", client.keyVaultEndpoint.Scheme, vaultName, client.keyVaultEndpoint.Host)
|
|
|
|
}
|