-
Notifications
You must be signed in to change notification settings - Fork 4
/
backend.go
58 lines (51 loc) · 1.35 KB
/
backend.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
package tencentcloud
import (
"context"
"strings"
"github.com/hashicorp/vault-plugin-secrets-tencentcloud/clients"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/logical"
)
// Factory
func Factory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error) {
b := newBackend(clients.NewClientProfile())
if err := b.Setup(ctx, conf); err != nil {
return nil, err
}
return b, nil
}
func newBackend(profile *clients.ClientProfile) *backend {
b := new(backend)
b.Backend = &framework.Backend{
Help: strings.TrimSpace(backendHelp),
PathsSpecial: &logical.Paths{
SealWrapStorage: []string{
"config",
},
},
Paths: []*framework.Path{
pathConfig(b),
pathRole(b),
pathListRoles(b),
pathCreds(b),
},
Secrets: []*framework.Secret{
pathSecrets(b),
},
BackendType: logical.TypeLogical,
}
b.profile = profile
return b
}
type backend struct {
*framework.Backend
profile *clients.ClientProfile
}
const backendHelp = `
The TencentCloud backend dynamically generates TencentCloud secret for a set of
CAM policies. The TencentCloud secret have a configurable ttl set and
are automatically revoked at the end of the ttl.
After mounting this backend, credentials to generate CAM keys must
be configured and roles must be written using
the "role/" endpoints before any secret id can be generated.
`