-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathbackend.go
More file actions
75 lines (60 loc) · 1.63 KB
/
backend.go
File metadata and controls
75 lines (60 loc) · 1.63 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
package vault_plugin_secrets_tencentcloud
import (
"context"
"net/http"
"os"
"strings"
"github.com/hashicorp/vault-plugin-secrets-tencentcloud/sdk"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/logical"
)
type backend struct {
*framework.Backend
transport http.RoundTripper
}
func Factory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error) {
debug := conf.Logger.IsDebug()
if !debug {
env := strings.ToLower(os.Getenv("VAULT_LOG_LEVEL"))
debug = env == "trace" || env == "debug"
}
b := newBackend(&sdk.LogRoundTripper{
Debug: debug,
})
if err := b.Setup(ctx, conf); err != nil {
return nil, err
}
return b, nil
}
// newBackend allows us to pass in the sdkConfig for testing purposes.
func newBackend(transport http.RoundTripper) logical.Backend {
var b backend
b.transport = transport
b.Backend = &framework.Backend{
Help: strings.TrimSpace(backendHelp),
PathsSpecial: &logical.Paths{
SealWrapStorage: []string{
"config",
},
},
Paths: []*framework.Path{
b.pathConfig(),
b.pathRole(),
b.pathListRoles(),
b.pathCreds(),
},
Secrets: []*framework.Secret{
b.pathSecrets(),
},
BackendType: logical.TypeLogical,
}
return b
}
const backendHelp = `
The TencentCloud backend dynamically generates TencentCloud access keys for a set of
CAM policies. The TencentCloud access keys have a configurable ttl set and are automatically
revoked at the end of the ttl.
After mounting this backend, credentials to generate CAM keys must
be configured and roles must be written using
the "roles/" endpoints before any access keys can be generated.
`