initial commit

2022-11-16 17:50:30 -06:00
commit d345202174
12 changed files with 1102 additions and 0 deletions
--- a/internal/vault/vault.go
+++ b/internal/vault/vault.go
@@ -0,0 +1,116 @@
+package vault
+
+import (
+	"fmt"
+	"log"
+	"regexp"
+	"time"
+
+	"encoding/json"
+
+	"getvaultpw/internal/httpclient"
+)
+
+type authRespStruct struct {
+	Auth struct {
+		Accessor      string `json:"accessor"`
+		ClientToken   string `json:"client_token"`
+		EntityID      string `json:"entity_id"`
+		LeaseDuration int64  `json:"lease_duration"`
+		Metadata      struct {
+			Username string `json:"username"`
+		} `json:"metadata"`
+		MfaRequirement interface{} `json:"mfa_requirement"`
+		NumUses        int64       `json:"num_uses"`
+		Orphan         bool        `json:"orphan"`
+		Policies       []string    `json:"policies"`
+		Renewable      bool        `json:"renewable"`
+		TokenPolicies  []string    `json:"token_policies"`
+		TokenType      string      `json:"token_type"`
+	} `json:"auth"`
+	Data          struct{}    `json:"data"`
+	LeaseDuration int64       `json:"lease_duration"`
+	LeaseID       string      `json:"lease_id"`
+	Renewable     bool        `json:"renewable"`
+	RequestID     string      `json:"request_id"`
+	Warnings      interface{} `json:"warnings"`
+	WrapInfo      interface{} `json:"wrap_info"`
+}
+
+type secretV2Struct struct {
+	RequestID     string `json:"request_id"`
+	LeaseID       string `json:"lease_id"`
+	Renewable     bool   `json:"renewable"`
+	LeaseDuration int    `json:"lease_duration"`
+	Data          struct {
+		Data     map[string]string `json:"data"`
+		Metadata struct {
+			CreatedTime    time.Time   `json:"created_time"`
+			CustomMetadata interface{} `json:"custom_metadata"`
+			DeletionTime   string      `json:"deletion_time"`
+			Destroyed      bool        `json:"destroyed"`
+			Version        int         `json:"version"`
+		} `json:"metadata"`
+	} `json:"data"`
+	WrapInfo interface{} `json:"wrap_info"`
+	Warnings interface{} `json:"warnings"`
+	Auth     interface{} `json:"auth"`
+}
+
+func login(host, user, pass string) (string, error) {
+	c := httpclient.DefaultClient()
+	c.SetHeader("Accept", "application/json")
+	c.SetHeader("Content-Type", "application/json")
+	c.SetPostData(fmt.Sprintf("{ \"password\":\"%s\"}", pass))
+
+	log.Printf("[TRACE] LOGIN URL   : %s", fmt.Sprintf("%s/v1/auth/ldap/login/%s", host, user))
+	log.Printf("[TRACE] LOGIN USER  : %s", user)
+	log.Printf("[TRACE] LOGIN PASS  : %s", pass)
+	o, err := c.Post(fmt.Sprintf("%s/v1/auth/ldap/login/%s", host, user))
+	if err != nil {
+		return "", err
+	}
+
+	var output authRespStruct
+	if err := json.Unmarshal(o, &output); err != nil {
+		return "", err
+	}
+	return output.Auth.ClientToken, nil
+}
+
+func GetCredential(host, user, pass, store, path string) (string, error) {
+	token, err := login(host, user, pass)
+	if err != nil {
+		return "", err
+	}
+
+	c := httpclient.DefaultClient()
+	c.SetHeader("Accept", "application/json")
+	c.SetHeader("Content-Type", "application/json")
+	c.SetHeader("X-Vault-Token", token)
+
+	log.Printf("[TRACE] SECRET URL  : %s", fmt.Sprintf("%s/v1/%s/data/%s", host, store, path))
+	log.Printf("[TRACE] SECRET TOKEN: %s", token)
+	o, err := c.Get(fmt.Sprintf("%s/v1/%s/data/%s", host, store, path))
+	if err != nil {
+		return "", err
+	}
+
+	var output secretV2Struct
+	if err := json.Unmarshal(o, &output); err != nil {
+		return "", err
+	}
+
+	for k, v := range output.Data.Data {
+		r, err := regexp.Compile(`(p|P)(a|A)(s|S)(s|S)((w|W)(o|O)(r|R)(d|D))?`)
+		if err != nil {
+			return "", err
+		}
+
+		if r.Match([]byte(k)) {
+			return v, nil
+		}
+	}
+
+	return "", fmt.Errorf("no password credential located in secret store")
+}