func (b *CubbyholeBackend) handleList(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
if req.ClientToken == "" {
return nil, fmt.Errorf("[ERR] cubbyhole list: Client token empty")
}
// Right now we only handle directories, so ensure it ends with /; however,
// some physical backends may not handle the "/" case properly, so only add
// it if we're not listing the root
path := req.Path
if path != "" && !strings.HasSuffix(path, "/") {
path = path + "/"
}
// List the keys at the prefix given by the request
keys, err := req.Storage.List(req.ClientToken + "/" + path)
if err != nil {
return nil, err
}
// Strip the token
strippedKeys := make([]string, len(keys))
for i, key := range keys {
strippedKeys[i] = strings.TrimPrefix(key, req.ClientToken+"/")
}
// Generate the response
return logical.ListResponse(strippedKeys), nil
}
func (b *CubbyholeBackend) handleList(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
if req.ClientToken == "" {
return nil, fmt.Errorf("[ERR] cubbyhole list: Client token empty")
}
// Right now we only handle directories, so ensure it ends with / We also
// check if it's empty so we don't end up doing a listing on '<client
// token>//'
path := req.Path
if path != "" && !strings.HasSuffix(path, "/") {
path = path + "/"
}
// List the keys at the prefix given by the request
keys, err := req.Storage.List(req.ClientToken + "/" + path)
if err != nil {
return nil, err
}
// Strip the token
strippedKeys := make([]string, len(keys))
for i, key := range keys {
strippedKeys[i] = strings.TrimPrefix(key, req.ClientToken+"/")
}
// Generate the response
return logical.ListResponse(strippedKeys), nil
}
func (p *PathMap) pathList(req *logical.Request, d *FieldData) (*logical.Response, error) {
rootPath := fmt.Sprintf("struct/%s/", req.Path)
keys, err := req.Storage.List(rootPath)
if err != nil {
return nil, err
}
var out []string
for _, key := range keys {
val, err := p.pathStruct(key, false).Get(req.Storage)
if err != nil {
return nil, err
}
app, ok := val["key"].(string)
if !ok {
return nil, fmt.Errorf("Could not decode app")
}
out = append(out, app)
}
return logical.ListResponse(out), nil
}
func (b *backend) pathRoleList(req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
entries, err := req.Storage.List("roles/")
if err != nil {
return nil, err
}
return logical.ListResponse(entries), nil
}
func (b *backend) pathGroupList(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
groups, err := req.Storage.List("group/")
if err != nil {
return nil, err
}
return logical.ListResponse(groups), nil
}
func (b *backend) pathFetchCertList(req *logical.Request, data *framework.FieldData) (response *logical.Response, retErr error) {
entries, err := req.Storage.List("certs/")
if err != nil {
return nil, err
}
return logical.ListResponse(entries), nil
}
func (b *backend) pathUserList(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
users, err := req.Storage.List("user/")
if err != nil {
return nil, err
}
return logical.ListResponse(users), nil
}
func (b *backend) pathCertList(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
certs, err := req.Storage.List("cert/")
if err != nil {
return nil, err
}
return logical.ListResponse(certs), nil
}
// pathWhitelistIdentitiesList is used to list all the instance IDs that are present
// in the identity whitelist. This will list both valid and expired entries.
func (b *backend) pathWhitelistIdentitiesList(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
identities, err := req.Storage.List("whitelist/identity/")
if err != nil {
return nil, err
}
return logical.ListResponse(identities), nil
}
func (p *PathMap) pathList(
req *logical.Request, d *FieldData) (*logical.Response, error) {
keys, err := req.Storage.List(req.Path)
if err != nil {
return nil, err
}
return logical.ListResponse(keys), nil
}
// handlePolicyList handles the "policy" endpoint to provide the enabled policies
func (b *SystemBackend) handlePolicyList(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
// Get all the configured policies
policies, err := b.Core.policy.ListPolicies()
// Add the special "root" policy
policies = append(policies, "root")
return logical.ListResponse(policies), err
}
// pathRoleList is used to list all the AMI IDs registered with Vault.
func (b *backend) pathRoleList(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
b.roleMutex.RLock()
defer b.roleMutex.RUnlock()
roles, err := req.Storage.List("role/")
if err != nil {
return nil, err
}
return logical.ListResponse(roles), nil
}
// pathCertificatesList is used to list all the AWS public certificates registered with Vault.
func (b *backend) pathCertificatesList(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
b.configMutex.RLock()
defer b.configMutex.RUnlock()
certs, err := req.Storage.List("config/certificate/")
if err != nil {
return nil, err
}
return logical.ListResponse(certs), nil
}
func (b *PassthroughBackend) handleList(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
// List the keys at the prefix given by the request
keys, err := req.Storage.List(req.Path)
if err != nil {
return nil, err
}
// Generate the response
return logical.ListResponse(keys), nil
}
func (ts *TokenStore) tokenStoreRoleList(
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
entries, err := ts.view.List(rolesPrefix)
if err != nil {
return nil, err
}
ret := make([]string, len(entries))
for i, entry := range entries {
ret[i] = strings.TrimPrefix(entry, rolesPrefix)
}
return logical.ListResponse(ret), nil
}
// handlePolicyList handles the "policy" endpoint to provide the enabled policies
func (b *SystemBackend) handlePolicyList(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
// Get all the configured policies
policies, err := b.Core.policyStore.ListPolicies()
// Add the special "root" policy
policies = append(policies, "root")
resp := logical.ListResponse(policies)
// Backwords compatibility
resp.Data["policies"] = resp.Data["keys"]
return resp, err
}
func (b *PassthroughBackend) handleList(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
// Right now we only handle directories, so ensure it ends with /; however,
// some physical backends may not handle the "/" case properly, so only add
// it if we're not listing the root
path := req.Path
if path != "" && !strings.HasSuffix(path, "/") {
path = path + "/"
}
// List the keys at the prefix given by the request
keys, err := req.Storage.List(path)
if err != nil {
return nil, err
}
// Generate the response
return logical.ListResponse(keys), nil
}
func (b *CubbyholeBackend) handleList(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
if req.ClientToken == "" {
return nil, fmt.Errorf("[ERR] cubbyhole list: Client token empty")
}
// List the keys at the prefix given by the request
keys, err := req.Storage.List(req.ClientToken + "/" + req.Path)
if err != nil {
return nil, err
}
strippedKeys := []string{}
for _, key := range keys {
strippedKeys = append(strippedKeys, strings.TrimPrefix(key, req.ClientToken+"/"))
}
// Generate the response
return logical.ListResponse(strippedKeys), nil
}
// Lists all the blacklisted role tags.
func (b *backend) pathRoletagBlacklistsList(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
b.blacklistMutex.RLock()
defer b.blacklistMutex.RUnlock()
tags, err := req.Storage.List("blacklist/roletag/")
if err != nil {
return nil, err
}
// Tags are base64 encoded before indexing to avoid problems
// with the path separators being present in the tag.
// Reverse it before returning the list response.
for i, keyB64 := range tags {
if key, err := base64.StdEncoding.DecodeString(keyB64); err != nil {
return nil, err
} else {
// Overwrite the result with the decoded string.
tags[i] = string(key)
}
}
return logical.ListResponse(tags), nil
}