-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathvault-kv-mv.go
119 lines (104 loc) · 3.53 KB
/
vault-kv-mv.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
package main
import (
"log"
"path"
"time"
"flag"
"fmt"
vault "github.com/hashicorp/vault/api"
"strings"
)
type vaultClient struct {
logical *vault.Logical
}
// OldNewPaths : Returns a map that has the old path as the key with a value of the new path
func OldNewPaths(leafs []string, source string, destination string) (paths map[string]string) {
paths = map[string]string{}
for _, v := range leafs {
if strings.HasSuffix(source, "/") && !strings.HasSuffix(destination, "/") {
// Move all secrets under dir secret/old/ under dir secret/new
d := fmt.Sprintf("%s/", destination)
paths[v] = strings.Replace(v, source, d, 1)
} else if strings.HasSuffix(source, "/") && strings.HasSuffix(destination, "/") {
// Move all secrets under dir secret/old/ to dir secret/new/
paths[v] = strings.Replace(v, source, destination, 1)
} else if !strings.HasSuffix(source, "/") && !strings.HasSuffix(destination, "/") {
// Rename secret secret/old to secret/new
paths[v] = destination
} else if !strings.HasSuffix(source, "/") && strings.HasSuffix(destination, "/") {
// Move secret secret/old under to secret/new/old
paths[v] = fmt.Sprintf("%s%s", destination, path.Base(source))
} else {
// Should never get here
log.Fatalf("Not sure what to do")
}
}
return paths
}
// AppendDirLeafs : Recursively find leafs if the source is a dir
func (vc *vaultClient) AppendDirLeafs(secrets vault.Secret, source string) (leafs []string) {
keys := secrets.Data["keys"].([]interface{})
for _, v := range keys {
if strings.HasSuffix(v.(string), "/") {
leafs = append(leafs, vc.FindLeafs(fmt.Sprintf("%v%v", source, v))...)
} else {
leafs = append(leafs, fmt.Sprintf("%v%v", source, v))
}
}
return leafs
}
// FindLeafs : Find all keys using the source path supplied by the operator as the starting point
func (vc *vaultClient) FindLeafs(source string) (leafs []string) {
if strings.HasSuffix(source, "/") {
listSecret, err := vc.logical.List(source)
if err != nil || listSecret == nil {
log.Fatalf("Failed to list %v. Does it exist?", source)
}
leafs = vc.AppendDirLeafs(*listSecret, source)
} else {
leafs = append(leafs, source)
}
return leafs
}
// Move : Creates new entries and then deletes the older ones
func (vc *vaultClient) Move(keys map[string]string) {
for oldPath, newPath := range keys {
secret, err := vc.logical.Read(oldPath)
if err != nil || secret == nil {
log.Fatalf("Could not read secret %v. Does it exist?", oldPath)
}
log.Printf("Writing to new path %v\n", newPath)
_, err = vc.logical.Write(newPath, secret.Data)
if err != nil {
log.Fatalf("Failed to write %v. Try again after fixing the problem.", newPath)
}
log.Printf("Deleting old path %v\n", oldPath)
_, err = vc.logical.Delete(oldPath)
if err != nil {
log.Fatalf("Failed to delete old key%v. You will need to manually delete this key after fixing the problem.", oldPath)
}
}
}
func main() {
flag.Parse()
args := flag.Args()
if len(args) != 2 {
log.Fatal("Invalid number of arugments. Need to specify source and destination paths.")
}
source := args[0]
destination := args[1]
if source == destination {
log.Fatalf("source (%s) and destination (%s) are identical. Nothing to do", source, destination)
}
config := vault.DefaultConfig()
config.Timeout = time.Second * 5
client, err := vault.NewClient(config)
if err != nil {
fmt.Printf("Failed to create vault client: %s\n", err)
}
vc := vaultClient{
logical: client.Logical(),
}
leafs := vc.FindLeafs(source)
vc.Move(OldNewPaths(leafs, source, destination))
}