C0ffeeCode/rvault
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity

Feat (kv2): kv2 data access (no metadata)

Browse source
This commit is contained in:
Laurenz 2025-03-24 19:45:44 +01:00
parent 491ca2fd54
commit 1fe5d73483
Signed by: C0ffeeCode
SSH key fingerprint: SHA256:prvFOyBjButRypyXm7X8lbbCkly2Dq1PF7e/mrsPVjw
21 changed files with 11943 additions and 466 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.sqlx/query-0b6d152060335c7c8cc6e781eac810a3fc1c2ad752e3f856a66e75b73b2ab3c6.json → .sqlx/query-844de8351a0ed204e2080857373507389c90453b5d3ad92344272838958ab28e.json
View file

@ -40,5 +40,5 @@
false
]
},
"hash": "0b6d152060335c7c8cc6e781eac810a3fc1c2ad752e3f856a66e75b73b2ab3c6"
"hash": "844de8351a0ed204e2080857373507389c90453b5d3ad92344272838958ab28e"
}

44
.sqlx/query-919758dd0aee1053065d62d528bca5bbd5220b909b6c1b5eb5c77ce0dd2259e4.json Normal file
View file

@ -0,0 +1,44 @@
{
"db_name": "SQLite",
"query": "SELECT secret_data, created_time, deletion_time, version_number, secret_path\n FROM kv2_secret_version WHERE engine_path = $1 AND secret_path = $2 AND deletion_time IS NULL\n AND version_number = $3",
"describe": {
"columns": [
{
"name": "secret_data",
"ordinal": 0,
"type_info": "Text"
},
{
"name": "created_time",
"ordinal": 1,
"type_info": "Datetime"
},
{
"name": "deletion_time",
"ordinal": 2,
"type_info": "Datetime"
},
{
"name": "version_number",
"ordinal": 3,
"type_info": "Integer"
},
{
"name": "secret_path",
"ordinal": 4,
"type_info": "Text"
}
],
"parameters": {
"Right": 3
},
"nullable": [
false,
false,
true,
false,
false
]
},
"hash": "919758dd0aee1053065d62d528bca5bbd5220b909b6c1b5eb5c77ce0dd2259e4"
}

195
Cargo.lock generated
View file

@ -174,9 +174,9 @@ checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6"
[[package]]
name = "base64ct"
version = "1.6.0"
version = "1.7.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b"
checksum = "89e25b6adfb930f02d1981565a6e5d9c547ac15a96606256d3b59040e5cd4ca3"
[[package]]
name = "bitflags"
@ -210,9 +210,9 @@ checksum = "d71b6127be86fdcfddb610f7182ac57211d4b18a3e9c82eb2d17662f2227ad6a"
[[package]]
name = "cc"
version = "1.2.16"
version = "1.2.17"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "be714c154be609ec7f5dad223a33bf1482fff90472de28f7362806e6d4832b8c"
checksum = "1fcb57c740ae1daf453ae85f16e37396f672b039e00d9d866e07ddb24e328e3a"
dependencies = [
"shlex",
]
@ -306,9 +306,9 @@ dependencies = [
[[package]]
name = "deranged"
version = "0.3.11"
version = "0.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b42b6fa04a440b495c8b04d0e71b707c585f83cb9cb28cf8cd0d976c315e31b4"
checksum = "28cfac68e08048ae1883171632c2aef3ebc555621ae56fbccce1cbf22dd7f058"
dependencies = [
"powerfmt",
"serde",
@ -364,14 +364,14 @@ dependencies = [
[[package]]
name = "env_logger"
version = "0.11.6"
version = "0.11.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dcaee3d8e3cfc3fd92428d477bc97fc29ec8716d180c0d74c643bb26166660e0"
checksum = "c3716d7a920fb4fac5d84e9d4bce8ceb321e9414b4409da61b07b75c1e3d0697"
dependencies = [
"anstream",
"anstyle",
"env_filter",
"humantime",
"jiff",
"log",
]
@ -438,9 +438,9 @@ checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"
[[package]]
name = "foldhash"
version = "0.1.4"
version = "0.1.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a0d2fde1f7b3d48b8395d5f2de76c18a528bd6a9cdde438df747bfcba3e05d6f"
checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2"
[[package]]
name = "form_urlencoded"
@ -546,14 +546,14 @@ dependencies = [
[[package]]
name = "getrandom"
version = "0.3.1"
version = "0.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "43a49c392881ce6d5c3b8cb70f98717b7c07aabbdff06687b9030dbfbe2725f8"
checksum = "73fea8450eea4bac3940448fb7ae50d91f034f941199fcd9d909a5a07aa455f0"
dependencies = [
"cfg-if",
"libc",
"wasi 0.13.3+wasi-0.2.2",
"windows-targets 0.52.6",
"r-efi",
"wasi 0.14.2+wasi-0.2.4",
]
[[package]]
@ -623,9 +623,9 @@ dependencies = [
[[package]]
name = "http"
version = "1.2.0"
version = "1.3.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f16ca2af56261c99fba8bac40a10251ce8188205a4c448fbb745a2e4daa76fea"
checksum = "f4a85d31aea989eead29a3aaf9e1115a180df8282431156e533de47660892565"
dependencies = [
"bytes",
"fnv",
@ -644,12 +644,12 @@ dependencies = [
[[package]]
name = "http-body-util"
version = "0.1.2"
version = "0.1.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "793429d76616a256bcb62c2a2ec2bed781c8307e797e2598c50010f2bee2544f"
checksum = "b021d93e26becf5dc7e1b75b1bed1fd93124b374ceb73f43d4d4eafec896a64a"
dependencies = [
"bytes",
"futures-util",
"futures-core",
"http",
"http-body",
"pin-project-lite",
@ -667,12 +667,6 @@ version = "1.0.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9"
[[package]]
name = "humantime"
version = "2.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4"
[[package]]
name = "hyper"
version = "1.6.0"
@ -849,9 +843,9 @@ dependencies = [
[[package]]
name = "indexmap"
version = "2.7.1"
version = "2.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8c9c992b02b5b4c94ea26e32fe5bccb7aa7d9f390ab5c1221ff895bc7ea8b652"
checksum = "3954d50fe15b02142bf25d3b8bdadb634ec3948f103d04ffe3031bc8fe9d7058"
dependencies = [
"equivalent",
"hashbrown",
@ -869,6 +863,30 @@ version = "1.0.15"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4a5f13b858c8d314ee3e8f639011f7ccefe71f97f96e50151fb991f267928e2c"
[[package]]
name = "jiff"
version = "0.2.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c102670231191d07d37a35af3eb77f1f0dbf7a71be51a962dcd57ea607be7260"
dependencies = [
"jiff-static",
"log",
"portable-atomic",
"portable-atomic-util",
"serde",
]
[[package]]
name = "jiff-static"
version = "0.2.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4cdde31a9d349f1b1f51a0b3714a5940ac022976f4b49485fc04be052b183b4c"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "json-patch"
version = "4.0.0"
@ -902,9 +920,9 @@ dependencies = [
[[package]]
name = "libc"
version = "0.2.170"
version = "0.2.171"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "875b3680cb2f8f71bdcf9a30f38d48282f5d3c95cbf9b3fa57269bb5d5c06828"
checksum = "c19937216e9d3aa9956d9bb8dfc0b0c8beb6058fc4f7a4dc4d850edf86a237d6"
[[package]]
name = "libm"
@ -925,9 +943,9 @@ dependencies = [
[[package]]
name = "linux-raw-sys"
version = "0.4.15"
version = "0.9.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d26c52dbd32dccf2d10cac7725f8eae5296885fb5703b261f7d0a0739ec807ab"
checksum = "fe7db12097d22ec582439daf8618b8fdd1a7bef6270e9af3b1ebcd30893cf413"
[[package]]
name = "litemap"
@ -947,9 +965,9 @@ dependencies = [
[[package]]
name = "log"
version = "0.4.26"
version = "0.4.27"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "30bde2b3dc3671ae49d8e2e9f044c7c005836e7a023ee57cffa25ab82764bb9e"
checksum = "13dc2df351e3202783a1fe0d44375f7295ffb4049267b0f3018346dc122a1d94"
[[package]]
name = "matchit"
@ -1063,9 +1081,9 @@ dependencies = [
[[package]]
name = "once_cell"
version = "1.20.3"
version = "1.21.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "945462a4b81e43c4e3ba96bd7b49d834c6f61198356aa858733bc4acf3cbe62e"
checksum = "d75b0bedcc4fe52caa0e03d9f1151a323e4aa5e2d78ba3580400cd3c9e2bc4bc"
[[package]]
name = "parking"
@ -1150,6 +1168,21 @@ version = "0.3.32"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7edddbd0b52d732b21ad9a5fab5c704c14cd949e5e9a1ec5929a24fded1b904c"
[[package]]
name = "portable-atomic"
version = "1.11.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "350e9b48cbc6b0e028b0473b114454c6316e57336ee184ceab6e53f72c178b3e"
[[package]]
name = "portable-atomic-util"
version = "0.2.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d8a2f0d8d040d7848a709caf78912debcc3f33ee4b3cac47d73d1e1069e83507"
dependencies = [
"portable-atomic",
]
[[package]]
name = "powerfmt"
version = "0.2.0"
@ -1158,9 +1191,9 @@ checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391"
[[package]]
name = "ppv-lite86"
version = "0.2.20"
version = "0.2.21"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "77957b295656769bb8ad2b6a6b09d897d94f05c41b069aede1fcdaa675eaea04"
checksum = "85eae3c4ed2f50dcfe72643da4befc30deadb458a9b590d720cde2f2b1e97da9"
dependencies = [
"zerocopy",
]
@ -1176,13 +1209,19 @@ dependencies = [
[[package]]
name = "quote"
version = "1.0.39"
version = "1.0.40"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c1f1914ce909e1658d9907913b4b91947430c7d9be598b15a1912935b8c04801"
checksum = "1885c039570dc00dcb4ff087a89e185fd56bae234ddc7f056a945bf36467248d"
dependencies = [
"proc-macro2",
]
[[package]]
name = "r-efi"
version = "5.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "74765f6d916ee2faa39bc8e68e4f3ed8949b48cccdac59983d287a7cb71ce9c5"
[[package]]
name = "rand"
version = "0.8.5"
@ -1253,9 +1292,9 @@ checksum = "2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c"
[[package]]
name = "ring"
version = "0.17.12"
version = "0.17.14"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ed9b823fa29b721a59671b41d6b06e66b29e0628e207e8b1c3ceeda701ec928d"
checksum = "a4689e6c2294d81e88dc6261c768b63bc4fcdb852be6d1352498b114f61383b7"
dependencies = [
"cc",
"cfg-if",
@ -1267,9 +1306,9 @@ dependencies = [
[[package]]
name = "rsa"
version = "0.9.7"
version = "0.9.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "47c75d7c5c6b673e58bf54d8544a9f432e3a925b0e80f7cd3602ab5c50c55519"
checksum = "78928ac1ed176a5ca1d17e578a1825f3d81ca54cf41053a592584b020cfd691b"
dependencies = [
"const-oid",
"digest",
@ -1293,9 +1332,9 @@ checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f"
[[package]]
name = "rustix"
version = "0.38.44"
version = "1.0.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fdb5bc1ae2baa591800df16c9ca78619bf65c0488b41b96ccec5d11220d8c154"
checksum = "e56a18552996ac8d29ecc3b190b4fdbb2d91ca4ec396de7bbffaf43f3d637e96"
dependencies = [
"bitflags",
"errno",
@ -1306,9 +1345,9 @@ dependencies = [
[[package]]
name = "rustls"
version = "0.23.23"
version = "0.23.25"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "47796c98c480fce5406ef69d1c76378375492c3b0a0de587be0c1d9feb12f395"
checksum = "822ee9188ac4ec04a2f0531e55d035fb2de73f18b41a63c70c2712503b6fb13c"
dependencies = [
"once_cell",
"ring",
@ -1335,9 +1374,9 @@ checksum = "917ce264624a4b4db1c364dcc35bfca9ded014d0a958cd47ad3e960e988ea51c"
[[package]]
name = "rustls-webpki"
version = "0.102.8"
version = "0.103.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "64ca1bc8749bd4cf37b5ce386cc146580777b4e8572c7b97baf22c83f444bee9"
checksum = "0aa4eeac2588ffff23e9d7a7e9b3f971c5fb5b7ebc9452745e0c232c64f83b2f"
dependencies = [
"ring",
"rustls-pki-types",
@ -1382,18 +1421,18 @@ checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"
[[package]]
name = "serde"
version = "1.0.218"
version = "1.0.219"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e8dfc9d19bdbf6d17e22319da49161d5d0108e4188e8b680aef6299eed22df60"
checksum = "5f0e2c6ed6606019b4e29e69dbaba95b11854410e5347d525002456dbbb786b6"
dependencies = [
"serde_derive",
]
[[package]]
name = "serde_derive"
version = "1.0.218"
version = "1.0.219"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f09503e191f4e797cb8aac08e9a4a4695c5edf6a2e70e376d961ddd5c969f82b"
checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00"
dependencies = [
"proc-macro2",
"quote",
@ -1747,9 +1786,9 @@ checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292"
[[package]]
name = "syn"
version = "2.0.99"
version = "2.0.100"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e02e925281e18ffd9d640e234264753c43edc62d64b2d4cf898f1bc5e75f3fc2"
checksum = "b09a44accad81e1ba1cd74a32461ba89dee89095ba17b32f5d03683b1b1fc2a0"
dependencies = [
"proc-macro2",
"quote",
@ -1775,13 +1814,12 @@ dependencies = [
[[package]]
name = "tempfile"
version = "3.17.1"
version = "3.19.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "22e5a0acb1f3f55f65cc4a866c361b2fb2a0ff6366785ae6fbb5f85df07ba230"
checksum = "7437ac7763b9b123ccf33c338a5cc1bac6f69b45a136c19bdd8a65e3916435bf"
dependencies = [
"cfg-if",
"fastrand",
"getrandom 0.3.1",
"getrandom 0.3.2",
"once_cell",
"rustix",
"windows-sys 0.59.0",
@ -1829,9 +1867,9 @@ dependencies = [
[[package]]
name = "time"
version = "0.3.39"
version = "0.3.41"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dad298b01a40a23aac4580b67e3dbedb7cc8402f3592d7f49469de2ea4aecdd8"
checksum = "8a7619e19bc266e0f9c5e6686659d394bc57973859340060a69221e57dbc0c40"
dependencies = [
"deranged",
"itoa",
@ -1844,15 +1882,15 @@ dependencies = [
[[package]]
name = "time-core"
version = "0.1.3"
version = "0.1.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "765c97a5b985b7c11d7bc27fa927dc4fe6af3a6dfb021d28deb60d3bf51e76ef"
checksum = "c9e9a38711f559d9e3ce1cdb06dd7c5b8ea546bc90052da6d06bb76da74bb07c"
[[package]]
name = "time-macros"
version = "0.2.20"
version = "0.2.22"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e8093bc3e81c3bc5f7879de09619d06c9a5a5e45ca44dfeeb7225bae38005c5c"
checksum = "3526739392ec93fd8b359c8e98514cb3e8e021beb4e5f597b00a0221f8ed8a49"
dependencies = [
"num-conv",
"time-core",
@ -1885,9 +1923,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
[[package]]
name = "tokio"
version = "1.43.0"
version = "1.44.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3d61fa4ffa3de412bfea335c6ecff681de2b609ba3c77ef3e00e521813a9ed9e"
checksum = "f382da615b842244d4b8738c82ed1275e6c5dd90c459a30941cd07080b06c91a"
dependencies = [
"backtrace",
"bytes",
@ -2071,9 +2109,9 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
[[package]]
name = "wasi"
version = "0.13.3+wasi-0.2.2"
version = "0.14.2+wasi-0.2.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "26816d2e1a4a36a2940b96c5296ce403917633dff8f3440e9b236ed6f6bacad2"
checksum = "9683f9a5a998d873c0d21fcbe3c083009670149a8fab228644b8bd36b2c48cb3"
dependencies = [
"wit-bindgen-rt",
]
@ -2095,9 +2133,9 @@ dependencies = [
[[package]]
name = "whoami"
version = "1.5.2"
version = "1.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "372d5b87f58ec45c384ba03563b03544dc5fadc3983e434b286913f5b4a9bb6d"
checksum = "6994d13118ab492c3c80c1f81928718159254c53c472bf9ce36f8dae4add02a7"
dependencies = [
"redox_syscall",
"wasite",
@ -2253,9 +2291,9 @@ checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec"
[[package]]
name = "wit-bindgen-rt"
version = "0.33.0"
version = "0.39.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3268f3d866458b787f390cf61f4bbb563b922d091359f9608842999eaee3943c"
checksum = "6f42320e61fe2cfd34354ecb597f86f413484a798ba44a8ca1165c58d42da6c1"
dependencies = [
"bitflags",
]
@ -2298,19 +2336,18 @@ dependencies = [
[[package]]
name = "zerocopy"
version = "0.7.35"
version = "0.8.24"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0"
checksum = "2586fea28e186957ef732a5f8b3be2da217d65c5969d4b1e17f973ebbe876879"
dependencies = [
"byteorder",
"zerocopy-derive",
]
[[package]]
name = "zerocopy-derive"
version = "0.7.35"
version = "0.8.24"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e"
checksum = "a996a8f63c5c4448cd959ac1bab0aaa3306ccfd060472f85943ee0750f0169be"
dependencies = [
"proc-macro2",
"quote",

2
Cargo.toml
View file

@ -1,7 +1,7 @@
[package]
name = "rvault-server"
version = "0.1.0"
edition = "2021"
edition = "2024"
[dependencies]
log = "0.4.21"

12
Containerfile
View file

@ -1,9 +1,12 @@
FROM docker.io/library/rust:1-alpine3.19 AS builder
ARG alpine_version=3.21
FROM docker.io/library/rust:1-alpine${alpine_version} AS builder
WORKDIR /src
RUN apk add --no-cache musl-dev
RUN cargo install sqlx-cli --no-default-features --features sqlite
# Required for compile-time schemata checks of migrations
ENV DATABASE_URL=sqlite:/tmp/rvault.db
RUN touch /tmp/rvault.db
@ -13,6 +16,7 @@ RUN --mount=type=cache,target=/usr/local/cargo/registry \
cargo fetch --locked --target $(rustc -vV | sed -n 's|host: ||p') && \
rm src/main.rs
# Required for compile-time checks of query - database-schema compatibility
COPY migrations migrations
RUN cargo sqlx migrate run
@ -20,9 +24,9 @@ COPY src src
RUN --mount=type=cache,target=/usr/local/cargo/registry \
cargo build --release --locked
FROM docker.io/library/alpine:3.19 AS runner
FROM docker.io/library/alpine:${alpine_version} AS runner
# FROM scratch AS runner
COPY --from=builder /src/target/release/rvault-server /usr/local/bin/rvault-server
COPY --from=builder /src/target/release/rvault-server /usr/bin/rvault-server
CMD ["/usr/local/bin/rvault-server"]
CMD ["/usr/bin/rvault-server"]

2
Justfile
View file

@ -1,6 +1,6 @@
build_tests:
podman build -t rvault-go-tests -f ./go_client/Containerfile ./go_client
podman build -t rvault-go-tests -f ./go_tests/Containerfile ./go_tests
run_tests: build_tests
podman run --rm -it --net=host rvault-go-tests

14
go_client/TODO.md
View file

@ -1,14 +0,0 @@
# Testing module proposals
- Basic API calls
- Login/logout
- kv IO test module
- Token
- Lookup
- Generation
(- TLS module)
(- Auth module)
==> Nur KvV2 testen

29
go_client/main.go
View file

@ -1,29 +0,0 @@
package main
import (
"log"
"log/slog"
"time"
"github.com/hashicorp/vault-client-go"
)
// vault cmd args: >vault server -dev -dev-root-token-id="my-token"
func main() {
slog.Info("run tests in tests/ with >go test")
// prepare a client with the given base address
client, err := vault.New(
vault.WithAddress("http://localhost:8200"),
vault.WithRequestTimeout(30*time.Second),
)
if err != nil {
log.Fatal(err)
}
log.Println("client prepared")
// authenticate with a root token (insecure)
if err := client.SetToken("my-token"); err != nil {
log.Fatal(err)
}
}

0
go_client/Containerfile → go_tests/Containerfile
View file

7
go_client/go.mod → go_tests/go.mod
View file

@ -2,9 +2,12 @@ module github.com/C0ffeeCode/rvault/go_client
go 1.21.9
require github.com/hashicorp/vault-client-go v0.4.3
// require github.com/hashicorp/vault-client-go v0.4.3
require github.com/hashicorp/vault/api v1.16.0
require (
github.com/hashicorp/vault-client-go v0.4.3
github.com/hashicorp/vault/api v1.16.0
)
require (
github.com/cenkalti/backoff/v4 v4.3.0 // indirect

22
go_client/go.sum → go_tests/go.sum
View file

@ -6,20 +6,24 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
github.com/go-jose/go-jose/v4 v4.0.1 h1:QVEPDE3OluqXBQZDcnNvQrInro2h0e4eqNbnZSWqS6U=
github.com/go-jose/go-jose/v4 v4.0.1/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY=
github.com/go-test/deep v1.0.2 h1:onZX1rnHT3Wv6cqNgYyFOOlgVKJrksuCMCRvJStbMYw=
github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
github.com/hashicorp/go-hclog v0.9.2 h1:CG6TE5H9/JXsFWJCfoIVpKFIkFe6ysEuHirp4DxCsHI=
github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=
github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
github.com/hashicorp/go-retryablehttp v0.7.5 h1:bJj+Pj19UZMIweq/iie+1u5YCdGrnxCT9yvm0e+Nd5M=
github.com/hashicorp/go-retryablehttp v0.7.5/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU=
github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk=
github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc=
@ -38,7 +42,11 @@ github.com/hashicorp/vault-client-go v0.4.3/go.mod h1:4tDw7Uhq5XOxS1fO+oMtotHL7j
github.com/hashicorp/vault/api v1.16.0 h1:nbEYGJiAPGzT9U4oWgaaB0g+Rj8E59QuHKyA5LhwQN4=
github.com/hashicorp/vault/api v1.16.0/go.mod h1:KhuUhzOD8lDSk29AtzNjgAu2kxRA9jL9NAbkFlqvkBA=
github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
@ -53,18 +61,14 @@ github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFo
github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk=
github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=

26
go_tests/main.go Normal file
View file

@ -0,0 +1,26 @@
package main
import (
"log/slog"
// "github.com/openbao/openbao"
)
// vault cmd args: >vault server -dev -dev-root-token-id="my-token"
func main() {
slog.Info("run tests in tests/ with >go test")
// // prepare a client with the given base address
// client, err := vault.New(
// vault.WithAddress("http://localhost:8200"),
// vault.WithRequestTimeout(30*time.Second),
// )
// if err != nil {
// log.Fatal(err)
// }
// log.Println("client prepared")
// // authenticate with a root token (insecure)
// if err := client.SetToken("my-token"); err != nil {
// log.Fatal(err)
// }
}

9
go_client/tests/secret_test.go → go_tests/tests/secret_test.go
View file

@ -11,15 +11,12 @@ import (
// "github.com/hashicorp/vault-client-go"
// "github.com/hashicorp/vault-client-go/schema"
vault "github.com/hashicorp/vault/api"
// vault "github.com/openbao/openbao/api/v2"
)
var client *vault.Client
var ctx context.Context
// Apparently used as a default if mountpath is an empty string (client library)
var mountpath = "/kv-v2"
var mountpath2 = "/some"
func TestMain(m *testing.M) {
ctx = context.Background()
var err error
@ -82,6 +79,10 @@ func kv2Delete(t *testing.T, mount string, path string) {
// https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2#create-update-secret
// @Philip der Path steht in der KvV2Write Methode
func TestWriteSecret(t *testing.T) {
// Apparently used as a default if mountpath is an empty string (client library)
var mountpath = "/kv-v2"
var mountpath2 = "/some"
// Path foo
t.Logf("Writing to first KV2 engine at %s...", mountpath)
kv2Write(t, mountpath, "foo")

2
migrations/20240501152243_KvSecret.sql
View file

@ -20,7 +20,7 @@ CREATE TABLE kv2_secret_version (
engine_path TEXT NOT NULL,
secret_path TEXT NOT NULL,
version_number INTEGER NOT NULL,
version_number INTEGER NOT NULL CHECK ( version_number > 0 ),
secret_data TEXT NOT NULL,
created_time DATETIME NOT NULL,
deletion_time DATETIME,

11464
openapi-bao.json Normal file
View file

File diff suppressed because it is too large Load diff

277
src/engines/kv.rs
View file

@ -1,45 +1,33 @@
// TODO: Remove
#![allow(dead_code)]
pub mod logic;
pub mod structs;
mod structs;
mod data;
mod meta;
// #[cfg(test)]
// mod tests;
use crate::{
common::HttpError,
engines::kv::{logic::body_to_json, structs::*},
storage::DatabaseDriver,
};
use crate::storage::DatabaseDriver;
use axum::{
Router,
extract::{Path, State},
http::StatusCode,
response::{IntoResponse, NoContent, Response},
routing::*,
Extension, Json, Router,
};
use log::{error, info, warn};
use time::UtcDateTime;
use super::EnginePath;
pub fn kv_router(pool: DatabaseDriver) -> Router {
Router::new()
.route("/config", get(get_config))
.route("/config", post(post_config))
.route("/data/{*path}", get(get_data))
.route("/data/{*path}", get(data::get_data))
// .route("/:mount_path/data/*path/", get(get_data))
.route("/data/{*path}", post(post_data))
.route("/data/{*path}", put(post_data))
.route("/data/{*path}", delete(delete_data))
.route("/delete/{*path}", post(delete_path))
.route("/destroy/{*path}", post(destroy_path))
.route("/metadata/{*path}", get(get_meta))
.route("/data/{*path}", post(data::post_data))
// Why does HC V SDK expect PUT instead of POST - neither in the docs nor spec
.route("/data/{*path}", put(data::post_data))
.route("/data/{*path}", delete(data::delete_data))
.route("/delete/{*path}", post(meta::delete_path))
.route("/destroy/{*path}", post(meta::destroy_path))
.route("/metadata/{*path}", get(meta::get_meta))
// .route("/:mount_path/metadata/*path/", get(get_meta))
.route("/metadata/{*path}", post(post_meta))
.route("/metadata/{*path}", delete(delete_meta))
.route("/metadata/{*path}", post(meta::post_meta))
.route("/metadata/{*path}", delete(meta::delete_meta))
.route("/subkeys/{*path}", get(get_subkeys))
.route("/undelete/{*path}", post(post_undelete))
.with_state(pool)
@ -53,241 +41,6 @@ async fn post_config() -> &'static str {
todo!("not implemented")
}
async fn get_data(
State(pool): State<DatabaseDriver>,
Path(path): Path<String>,
Extension(EnginePath(engine_path)): Extension<EnginePath>,
) -> Result<Response, ()> {
log::trace!("AAAAAAAAAAAAAAAAAAAA! {path} of engine {engine_path}");
match sqlx::query_as!(
KvSecretData,
r#"SELECT secret_data, created_time, deletion_time, version_number, secret_path
FROM kv2_secret_version WHERE engine_path = $1 AND secret_path = $2 AND deletion_time IS NULL
ORDER BY version_number DESC LIMIT 1"#,
engine_path, path
)
.fetch_one(&pool)
.await
{
Ok(secret_content) => {
// let version: i64 = v.get("version_number");
// let secret_content: HashMap<String, String> = HashMap::from([
// // TODO: use sqlx to parse the row to a struct, do not do it manually
// ("secret_data".to_string(), v.get("secret_data")),
// ("created_time".to_string(), v.get("created_time")),
// ("deletion_time".to_string(), v.get("deletion_time")),
// ("version_number".to_string(), version.to_string()),
// ("secret_path".to_string(), v.get("secret_path")),
// ]);
let data = Wrapper {
data: serde_json::from_str(&secret_content.secret_data).unwrap(),
};
let return_secret = KvSecretRes {
data,
options: None,
version: Some(secret_content.version_number)
};
let return_secret = Json(return_secret);
info!("{:?}", return_secret);
Ok(return_secret.into_response())
}
Err(e) => match e {
sqlx::Error::RowNotFound => {
error!("Row not found {:?}", e);
// let error_data: HashMap<String, String> =
// HashMap::from([("error".to_string(), "Secret not found".to_string())]);
// let error_secret = KvSecretRes {
// data: error_data,
// options: None,
// };
Ok(HttpError::simple(
StatusCode::NOT_FOUND,
"Secret not found within kv2 engine",
))
}
_ => panic!("{e:?}"),
},
}
}
async fn post_data(
State(pool): State<DatabaseDriver>,
Path(kv_path): Path<String>,
Extension(EnginePath(engine_path)): Extension<EnginePath>,
Json(secret): Json<KvV2WriteRequest>,
) -> Result<Response, ()> {
log::debug!(
"Engine: {}, Secret: {}, Content: {}, Version: {:?}, path: {}",
engine_path,
kv_path,
secret.data,
secret.version, //.unwrap_or(0),
kv_path
);
let created_time = time::UtcDateTime::now();
let ts = created_time.unix_timestamp();
let mut tx = pool.begin().await.unwrap();
let res_m = sqlx::query!("
INSERT INTO kv2_metadata (engine_path, secret_path, cas_required, created_time, max_versions, updated_time)
VALUES ($1, $2, 0, $3, 100, $3)
ON CONFLICT(engine_path, secret_path) DO NOTHING;
", engine_path, kv_path, ts).execute(&mut *tx).await.unwrap();
let res_r = sqlx::query_file!(
"src/engines/kv/post_secret.sql",
engine_path,
kv_path,
secret.data,
ts,
secret.version,
)
.fetch_one(&mut *tx)
.await
.unwrap();
tx.commit().await.expect("FAILED TO WRITE TX!");
warn!("test: {res_m:?} {res_r:?} {}", res_r.version_number);
let res = KvV2WriteResponse {
created_time: created_time.into(),
custom_metadata: None,
deletion_time: None,
destroyed: false,
version: res_r.version_number,
};
Ok(Json(res).into_response())
}
/* mock for return
async fn post_data(
Path(kv_path): Path<String>,
Extension(mount_path): Extension<String>,
Json(body): Json<KvSecretReq>,
) -> Json<KvSecretRes> {
trace!(
"Secret: {}, Content: {:#?}, path: {}",
kv_path,
body.data,
// body.version.unwrap_or(0),
mount_path,
);
let res = KvSecretRes {
data: KvSecretResData {
created_time: chrono::Utc::now(),
custom_metadata: None,
deletion_time: None,
destroyed: false,
version: 1,
},
};
Json(res)
} */
/// TODO: soft delete the secret version at path. can be undone with undelete_secret
// https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2#delete-latest-version-of-secret
// https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2#delete-secret-versions
async fn delete_data(
State(pool): State<DatabaseDriver>,
Path(path): Path<String>,
Extension(EnginePath(engine_path)): Extension<EnginePath>,
) -> Result<Response, Response> {
log::debug!("Secret: {}, path: {}", path, path);
let del_time = UtcDateTime::now().unix_timestamp();
let mut tx = pool.begin().await.unwrap();
// TODO: Find a better way
let latest_version = sqlx::query!(
r#"
SELECT version_number AS latest_version FROM kv2_secret_version
WHERE engine_path = $1 AND secret_path = $2 AND deletion_time IS NULL
ORDER BY version_number DESC LIMIT 1"#,
engine_path,
path,
)
.fetch_optional(&mut *tx)
.await
.unwrap();
let latest_version = match latest_version {
Some(v) => v.latest_version,
None => {
return Err(HttpError::simple(
StatusCode::NOT_FOUND,
"No secret version found which could be deleted",
));
}
};
let u = sqlx::query!(
r#"
UPDATE kv2_secret_version
SET deletion_time = $4
WHERE engine_path = $1 AND secret_path = $2
AND version_number = $3
"#,
engine_path,
path,
latest_version,
del_time
)
.execute(&mut *tx)
.await;
if let Err(e) = u {
error!("Strange - a version to be deleted has been found but could not be found to set deletion.\n\t{e:?}");
// Not commited transactions will be aborted upon drop
// tx.rollback().await.unwrap();
return Err(HttpError::simple(
StatusCode::INTERNAL_SERVER_ERROR,
"A version to be deleted was found but could not be deleted",
));
}
tx.commit().await.unwrap();
info!("Secret {path} version {latest_version} of {engine_path} engine deleted! {u:?}");
Ok(NoContent.into_response())
}
async fn delete_path() -> &'static str {
todo!("not implemented")
}
async fn destroy_path() -> &'static str {
todo!("not implemented")
}
async fn get_meta() -> &'static str {
todo!("not implemented")
}
async fn post_meta(
State(pool): State<DatabaseDriver>,
Path((mount_path, kv_path)): Path<(String, String)>,
body: String,
) -> &'static str {
let body_json = body_to_json(body);
let meta_data: SecretMeta = Default::default();
todo!("not implemented")
}
async fn delete_meta() -> &'static str {
todo!("not implemented")
}
async fn get_subkeys() -> &'static str {
todo!("not implemented")
}

215
src/engines/kv/data.rs Normal file
View file

@ -0,0 +1,215 @@
use super::structs::KvV2WriteRequest;
use crate::{
DatabaseDriver,
common::HttpError,
engines::{
EnginePath,
kv::structs::{KvSecretData, KvSecretRes, KvV2WriteResponse, Wrapper},
},
};
use axum::{
Extension, Json,
extract::{Path, Query, State},
http::StatusCode,
response::{IntoResponse, NoContent, Response},
};
use log::{error, info, warn};
use serde::Deserialize;
use time::UtcDateTime;
#[derive(Deserialize)]
pub struct GetDataQuery {
#[serde(default)]
/// Version of secret requested to be read.
/// Default `0`, to get the most recent version.
pub version: u32,
}
pub async fn get_data(
State(pool): State<DatabaseDriver>,
Query(params): Query<GetDataQuery>,
Path(path): Path<String>,
Extension(EnginePath(engine_path)): Extension<EnginePath>,
) -> Result<Response, ()> {
let res = if params.version == 0 {
// With specific version
sqlx::query_as!(
KvSecretData,
r#"SELECT secret_data, created_time, deletion_time, version_number, secret_path
FROM kv2_secret_version WHERE engine_path = $1 AND secret_path = $2 AND deletion_time IS NULL
AND version_number = $3"#,
engine_path, path, params.version).fetch_one(&pool).await
} else {
// Without specific version
sqlx::query_as!(
KvSecretData,
r#"SELECT secret_data, created_time, deletion_time, version_number, secret_path
FROM kv2_secret_version WHERE engine_path = $1 AND secret_path = $2 AND deletion_time IS NULL
ORDER BY version_number DESC LIMIT 1"#,
engine_path, path).fetch_one(&pool).await
};
match res {
Ok(secret_content) => {
let data = Wrapper {
data: serde_json::from_str(&secret_content.secret_data).unwrap(),
};
let return_secret = KvSecretRes {
data,
options: None,
version: Some(secret_content.version_number),
};
let return_secret = Json(return_secret);
info!("{:?}", return_secret);
Ok(return_secret.into_response())
}
Err(e) => match e {
sqlx::Error::RowNotFound => {
error!("Row not found {:?}", e);
Ok(HttpError::simple(
StatusCode::NOT_FOUND,
"Secret not found within kv2 engine",
))
}
_ => panic!("{e:?}"),
},
}
}
pub async fn post_data(
State(pool): State<DatabaseDriver>,
Path(kv_path): Path<String>,
Extension(EnginePath(engine_path)): Extension<EnginePath>,
Json(secret): Json<KvV2WriteRequest>,
) -> Result<Response, ()> {
log::debug!(
"Engine: {}, Secret: {}, Content: {}, Version: {:?}, path: {}",
engine_path,
kv_path,
secret.data,
secret.version, //.unwrap_or(0),
kv_path
);
let created_time = time::UtcDateTime::now();
let ts = created_time.unix_timestamp();
let mut tx = pool.begin().await.unwrap();
let res_m = sqlx::query!("
INSERT INTO kv2_metadata (engine_path, secret_path, cas_required, created_time, max_versions, updated_time)
VALUES ($1, $2, 0, $3, 100, $3)
ON CONFLICT(engine_path, secret_path) DO NOTHING;
", engine_path, kv_path, ts).execute(&mut *tx).await.unwrap();
let res_r = sqlx::query_file!(
"src/engines/kv/post_secret.sql",
engine_path,
kv_path,
secret.data,
ts,
secret.version,
)
.fetch_one(&mut *tx)
.await
.unwrap();
tx.commit().await.expect("FAILED TO WRITE TX!");
warn!("test: {res_m:?} {res_r:?} {}", res_r.version_number);
let res = KvV2WriteResponse {
created_time: created_time.into(),
custom_metadata: None,
deletion_time: None,
destroyed: false,
version: res_r.version_number,
};
Ok(Json(res).into_response())
}
/// TODO: soft delete the secret version at path. can be undone with undelete_secret
// https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2#delete-latest-version-of-secret
// https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2#delete-secret-versions
pub async fn delete_data(
State(pool): State<DatabaseDriver>,
Path(path): Path<String>,
Extension(EnginePath(engine_path)): Extension<EnginePath>,
) -> Result<Response, Response> {
log::debug!("Secret: {}, path: {}", path, path);
let del_time = UtcDateTime::now().unix_timestamp();
let mut tx = pool.begin().await.unwrap();
// TODO: Find a better way
let latest_version = sqlx::query!(
r#"
SELECT version_number AS latest_version FROM kv2_secret_version
WHERE engine_path = $1 AND secret_path = $2 AND deletion_time IS NULL
ORDER BY version_number DESC LIMIT 1"#,
engine_path,
path,
)
.fetch_optional(&mut *tx)
.await
.unwrap();
let latest_version = match latest_version {
Some(v) => v.latest_version,
None => {
return Err(HttpError::simple(
StatusCode::NOT_FOUND,
"No secret version found which could be deleted",
));
}
};
let u = sqlx::query!(
r#"
UPDATE kv2_secret_version
SET deletion_time = $4
WHERE engine_path = $1 AND secret_path = $2
AND version_number = $3
"#,
engine_path,
path,
latest_version,
del_time
)
.execute(&mut *tx)
.await;
if let Err(e) = u {
error!(
"Strange - a version to be deleted has been found but could not be found to set deletion.\n\t{e:?}"
);
// Not commited transactions will be aborted upon drop
// tx.rollback().await.unwrap();
return Err(HttpError::simple(
StatusCode::INTERNAL_SERVER_ERROR,
"A version to be deleted was found but could not be deleted",
));
}
tx.commit().await.unwrap();
info!("Secret {path} version {latest_version} of {engine_path} engine deleted! {u:?}");
Ok(NoContent.into_response())
}
// Not
pub async fn patch_data(
State(pool): State<DatabaseDriver>,
Path(kv_path): Path<String>,
Extension(EnginePath(engine_path)): Extension<EnginePath>,
Json(secret): Json<KvV2WriteRequest>,
) -> Result<Response, ()> {
// TODO: implement only application/merge-patch+json
todo!("Not implemented")
}

56
src/engines/kv/logic.rs
View file

@ -1,56 +0,0 @@
use serde_json::Value;
use super::structs::*;
// TODO create default function
#[deprecated(note = "Use Axum functionality with structs instead, also, this should be inlined if it is actually needed")]
/// serialize secret to JSON String
pub fn serialize_secret_json(secret: &KvSecretRes) -> Result<String, serde_json::Error> {
serde_json::to_string(&secret)
}
#[deprecated(note = "Use Axum functionality with structs instead, also, this should be inlined if it is actually needed")]
/// deserialize JSON String to secret
pub fn deserialize_secret_struct(raw: &str) -> Result<KvSecretRes, serde_json::Error> {
serde_json::from_str(raw)
}
#[deprecated(note = "Use Axum functionality with structs instead, also, this should be inlined if it is actually needed")]
/// serialize metadata to JSON String
pub fn serialize_metadata_json(secret: &SecretMeta) -> Result<String, serde_json::Error> {
serde_json::to_string(&secret)
}
#[deprecated(note = "Use Axum functionality with structs instead, also, this should be inlined if it is actually needed")]
/// deserialize JSON String to metadata
pub fn deserialize_metadata_struct(raw: &str) -> Result<SecretMeta, serde_json::Error> {
serde_json::from_str(raw)
}
#[deprecated(note = "Propably not needed (remove deprecation if actually needed)")]
/// Consider:
/// Instead of patching JSON, we should apply the modified fields directly to the database
pub fn patch_metadata(
old: &mut SecretMeta,
new: &SecretMeta,
) -> Result<SecretMeta, serde_json::Error> {
let mut patch = serde_json::to_value(old)?; // ? operator is cool: returns early if error was detected
let new_json = serde_json::to_value(new)?;
json_patch::merge(&mut patch, &new_json);
serde_json::from_value(patch)
}
#[deprecated(note = "DO NOT USE: Use Axum extractors to structs instead")]
#[allow(unreachable_code, unused_variables)]
/// See [JSON extractor documentation](https://docs.rs/axum/latest/axum/struct.Json.html#extractor-example)
pub fn body_to_json(body: String) -> Value {
todo!("REMOVE: Use Axum extractors to structs instead");
match serde_json::from_str::<serde_json::Value>(body.as_str()) {
Ok(val) => val,
Err(e) => {
log::debug!("Faulty result from conversion: {:?}", e);
"Error converting body".into()
}
}
}

26
src/engines/kv/meta.rs Normal file
View file

@ -0,0 +1,26 @@
use crate::storage::DatabaseDriver;
use axum::extract::{Path, State};
pub async fn delete_path() -> &'static str {
todo!("not implemented")
}
pub async fn destroy_path() -> &'static str {
todo!("not implemented")
}
pub async fn get_meta() -> &'static str {
todo!("not implemented")
}
pub async fn post_meta(
State(pool): State<DatabaseDriver>,
Path((mount_path, kv_path)): Path<(String, String)>,
body: String,
) -> &'static str {
todo!("not implemented")
}
pub async fn delete_meta() -> &'static str {
todo!("not implemented")
}

2
src/engines/kv/post_secret.sql
View file

@ -12,7 +12,7 @@ VALUES (
$4, -- created_time
CASE -- Use provided version if given
WHEN $5 IS NOT NULL THEN $5 -- version_number (optional)
ELSE COALESCE((SELECT max_version FROM latest_version) + 1, 0)
ELSE COALESCE((SELECT max_version FROM latest_version) + 1, 1) -- otherwise 1
END -- version_number logic
)
RETURNING version_number;

1
src/engines/kv/structs.rs
View file

@ -1,5 +1,4 @@
use serde::{Deserialize, Serialize};
use sqlx::FromRow;
use std::{collections::HashMap, vec};
use time::{OffsetDateTime, UtcDateTime, serde::rfc3339};