func (b *backend) pathRoleCreate(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
name := data.Get("name").(string)
creationCQL := data.Get("creation_cql").(string)
rollbackCQL := data.Get("rollback_cql").(string)
leaseRaw := data.Get("lease").(string)
lease, err := time.ParseDuration(leaseRaw)
if err != nil {
return logical.ErrorResponse(fmt.Sprintf(
"Error parsing lease value of %s: %s", leaseRaw, err)), nil
}
consistencyStr := data.Get("consistency").(string)
_, err = gocql.ParseConsistencyWrapper(consistencyStr)
if err != nil {
return logical.ErrorResponse(fmt.Sprintf(
"Error parsing consistency value of %q: %v", consistencyStr, err)), nil
}
entry := &roleEntry{
Lease: lease,
CreationCQL: creationCQL,
RollbackCQL: rollbackCQL,
Consistency: consistencyStr,
}
// Store it
entryJSON, err := logical.StorageEntryJSON("role/"+name, entry)
if err != nil {
return nil, err
}
if err := req.Storage.Put(entryJSON); err != nil {
return nil, err
}
return nil, nil
}
func (b *backend) pathCredsCreateRead(
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
name := data.Get("name").(string)
// Get the role
role, err := getRole(req.Storage, name)
if err != nil {
return nil, err
}
if role == nil {
return logical.ErrorResponse(fmt.Sprintf("Unknown role: %s", name)), nil
}
displayName := req.DisplayName
userUUID, err := uuid.GenerateUUID()
if err != nil {
return nil, err
}
username := fmt.Sprintf("vault_%s_%s_%s_%d", name, displayName, userUUID, time.Now().Unix())
username = strings.Replace(username, "-", "_", -1)
password, err := uuid.GenerateUUID()
if err != nil {
return nil, err
}
// Get our connection
session, err := b.DB(req.Storage)
if err != nil {
return nil, err
}
// Set consistency
if role.Consistency != "" {
consistencyValue, err := gocql.ParseConsistencyWrapper(role.Consistency)
if err != nil {
return nil, err
}
session.SetConsistency(consistencyValue)
}
// Execute each query
for _, query := range strutil.ParseArbitraryStringSlice(role.CreationCQL, ";") {
query = strings.TrimSpace(query)
if len(query) == 0 {
continue
}
err = session.Query(substQuery(query, map[string]string{
"username": username,
"password": password,
})).Exec()
if err != nil {
for _, query := range strutil.ParseArbitraryStringSlice(role.RollbackCQL, ";") {
query = strings.TrimSpace(query)
if len(query) == 0 {
continue
}
session.Query(substQuery(query, map[string]string{
"username": username,
"password": password,
})).Exec()
}
return nil, err
}
}
// Return the secret
resp := b.Secret(SecretCredsType).Response(map[string]interface{}{
"username": username,
"password": password,
}, map[string]interface{}{
"username": username,
"role": name,
})
resp.Secret.TTL = role.Lease
return resp, nil
}