v1.14.6/builtin/logical/aws/path_static_creds.go - hashicorp/vault - Git at Google

 package aws

 import (
 	"context"
 	"fmt"
 	"net/http"

 	"github.com/fatih/structs"
 	"github.com/hashicorp/vault/sdk/framework"
 	"github.com/hashicorp/vault/sdk/logical"
 )

 const (
 	pathStaticCreds = "static-creds"

 	paramAccessKeyID      = "access_key"
 	paramSecretsAccessKey = "secret_key"
 )

 type awsCredentials struct {
 	AccessKeyID     string `json:"access_key" structs:"access_key" mapstructure:"access_key"`
 	SecretAccessKey string `json:"secret_key" structs:"secret_key" mapstructure:"secret_key"`
 }

 func pathStaticCredentials(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: fmt.Sprintf("%s/%s", pathStaticCreds, framework.GenericNameWithAtRegex(paramRoleName)),
 		Fields: map[string]*framework.FieldSchema{
 			paramRoleName: {
 				Type:        framework.TypeString,
 				Description: descRoleName,
 			},
 		},

 		Operations: map[logical.Operation]framework.OperationHandler{
 			logical.ReadOperation: &framework.PathOperation{
 				Callback: b.pathStaticCredsRead,
 				Responses: map[int][]framework.Response{
 					http.StatusOK: {{
 						Description: http.StatusText(http.StatusOK),
 						Fields: map[string]*framework.FieldSchema{
 							paramAccessKeyID: {
 								Type:        framework.TypeString,
 								Description: descAccessKeyID,
 							},
 							paramSecretsAccessKey: {
 								Type:        framework.TypeString,
 								Description: descSecretAccessKey,
 							},
 						},
 					}},
 				},
 			},
 		},

 		HelpSynopsis:    pathStaticCredsHelpSyn,
 		HelpDescription: pathStaticCredsHelpDesc,
 	}
 }

 func (b *backend) pathStaticCredsRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
 	roleName, ok := data.GetOk(paramRoleName)
 	if !ok {
 		return nil, fmt.Errorf("missing %q parameter", paramRoleName)
 	}

 	entry, err := req.Storage.Get(ctx, formatCredsStoragePath(roleName.(string)))
 	if err != nil {
 		return nil, fmt.Errorf("failed to read credentials for role %q: %w", roleName, err)
 	}
 	if entry == nil {
 		return nil, nil
 	}

 	var credentials awsCredentials
 	if err := entry.DecodeJSON(&credentials); err != nil {
 		return nil, fmt.Errorf("failed to decode credentials: %w", err)
 	}

 	return &logical.Response{
 		Data: structs.New(credentials).Map(),
 	}, nil
 }

 func formatCredsStoragePath(roleName string) string {
 	return fmt.Sprintf("%s/%s", pathStaticCreds, roleName)
 }

 const pathStaticCredsHelpSyn = `Retrieve static credentials from the named role.`

 const pathStaticCredsHelpDesc = `
 This path reads AWS credentials for a certain static role. The keys are rotated
 periodically according to their configuration, and will return the same password
 until they are rotated.`

 const (
 	descAccessKeyID     = "The access key of the AWS Credential"
 	descSecretAccessKey = "The secret key of the AWS Credential"
 )
	package aws

	import (
	"context"
	"fmt"
	"net/http"

	"github.com/fatih/structs"
	"github.com/hashicorp/vault/sdk/framework"
	"github.com/hashicorp/vault/sdk/logical"
	)

	const (
	pathStaticCreds = "static-creds"

	paramAccessKeyID = "access_key"
	paramSecretsAccessKey = "secret_key"
	)

	type awsCredentials struct {
	AccessKeyID string `json:"access_key" structs:"access_key" mapstructure:"access_key"`
	SecretAccessKey string `json:"secret_key" structs:"secret_key" mapstructure:"secret_key"`
	}

	func pathStaticCredentials(b backend) framework.Path {
	return &framework.Path{
	Pattern: fmt.Sprintf("%s/%s", pathStaticCreds, framework.GenericNameWithAtRegex(paramRoleName)),
	Fields: map[string]*framework.FieldSchema{
	paramRoleName: {
	Type: framework.TypeString,
	Description: descRoleName,
	},
	},

	Operations: map[logical.Operation]framework.OperationHandler{
	logical.ReadOperation: &framework.PathOperation{
	Callback: b.pathStaticCredsRead,
	Responses: map[int][]framework.Response{
	http.StatusOK: {{
	Description: http.StatusText(http.StatusOK),
	Fields: map[string]*framework.FieldSchema{
	paramAccessKeyID: {
	Type: framework.TypeString,
	Description: descAccessKeyID,
	},
	paramSecretsAccessKey: {
	Type: framework.TypeString,
	Description: descSecretAccessKey,
	},
	},
	}},
	},
	},
	},

	HelpSynopsis: pathStaticCredsHelpSyn,
	HelpDescription: pathStaticCredsHelpDesc,
	}
	}

	func (b backend) pathStaticCredsRead(ctx context.Context, req logical.Request, data framework.FieldData) (logical.Response, error) {
	roleName, ok := data.GetOk(paramRoleName)
	if !ok {
	return nil, fmt.Errorf("missing %q parameter", paramRoleName)
	}

	entry, err := req.Storage.Get(ctx, formatCredsStoragePath(roleName.(string)))
	if err != nil {
	return nil, fmt.Errorf("failed to read credentials for role %q: %w", roleName, err)
	}
	if entry == nil {
	return nil, nil
	}

	var credentials awsCredentials
	if err := entry.DecodeJSON(&credentials); err != nil {
	return nil, fmt.Errorf("failed to decode credentials: %w", err)
	}

	return &logical.Response{
	Data: structs.New(credentials).Map(),
	}, nil
	}

	func formatCredsStoragePath(roleName string) string {
	return fmt.Sprintf("%s/%s", pathStaticCreds, roleName)
	}

	const pathStaticCredsHelpSyn = `Retrieve static credentials from the named role.`

	const pathStaticCredsHelpDesc = `
	This path reads AWS credentials for a certain static role. The keys are rotated
	periodically according to their configuration, and will return the same password
	until they are rotated.`

	const (
	descAccessKeyID = "The access key of the AWS Credential"
	descSecretAccessKey = "The secret key of the AWS Credential"
	)