getvaultpw/internal/vault/vault.go

package vault

import (
	"fmt"
	"log"
	"regexp"
	"time"

	"encoding/json"

	"getvaultpw/internal/httpclient"
)

type authRespStruct struct {
	Auth struct {
		Accessor      string `json:"accessor"`
		ClientToken   string `json:"client_token"`
		EntityID      string `json:"entity_id"`
		LeaseDuration int64  `json:"lease_duration"`
		Metadata      struct {
			Username string `json:"username"`
		} `json:"metadata"`
		MfaRequirement interface{} `json:"mfa_requirement"`
		NumUses        int64       `json:"num_uses"`
		Orphan         bool        `json:"orphan"`
		Policies       []string    `json:"policies"`
		Renewable      bool        `json:"renewable"`
		TokenPolicies  []string    `json:"token_policies"`
		TokenType      string      `json:"token_type"`
	} `json:"auth"`
	Data          struct{}    `json:"data"`
	LeaseDuration int64       `json:"lease_duration"`
	LeaseID       string      `json:"lease_id"`
	Renewable     bool        `json:"renewable"`
	RequestID     string      `json:"request_id"`
	Warnings      interface{} `json:"warnings"`
	WrapInfo      interface{} `json:"wrap_info"`
}

type secretV2Struct struct {
	RequestID     string `json:"request_id"`
	LeaseID       string `json:"lease_id"`
	Renewable     bool   `json:"renewable"`
	LeaseDuration int    `json:"lease_duration"`
	Data          struct {
		Data     map[string]string `json:"data"`
		Metadata struct {
			CreatedTime    time.Time   `json:"created_time"`
			CustomMetadata interface{} `json:"custom_metadata"`
			DeletionTime   string      `json:"deletion_time"`
			Destroyed      bool        `json:"destroyed"`
			Version        int         `json:"version"`
		} `json:"metadata"`
	} `json:"data"`
	WrapInfo interface{} `json:"wrap_info"`
	Warnings interface{} `json:"warnings"`
	Auth     interface{} `json:"auth"`
}

func login(host, user, pass string) (string, error) {
	c := httpclient.DefaultClient()
	c.SetHeader("Accept", "application/json")
	c.SetHeader("Content-Type", "application/json")
	c.SetPostData(fmt.Sprintf("{ \"password\":\"%s\"}", pass))

	log.Printf("[TRACE] LOGIN URL   : %s", fmt.Sprintf("%s/v1/auth/ldap/login/%s", host, user))
	log.Printf("[TRACE] LOGIN USER  : %s", user)
	log.Printf("[TRACE] LOGIN PASS  : %s", pass)
	o, err := c.Post(fmt.Sprintf("%s/v1/auth/ldap/login/%s", host, user))
	if err != nil {
		return "", err
	}

	var output authRespStruct
	if err := json.Unmarshal(o, &output); err != nil {
		return "", err
	}
	return output.Auth.ClientToken, nil
}

func GetCredential(host, user, pass, store, path string) (string, error) {
	token, err := login(host, user, pass)
	if err != nil {
		return "", err
	}

	c := httpclient.DefaultClient()
	c.SetHeader("Accept", "application/json")
	c.SetHeader("Content-Type", "application/json")
	c.SetHeader("X-Vault-Token", token)

	log.Printf("[TRACE] SECRET URL  : %s", fmt.Sprintf("%s/v1/%s/data/%s", host, store, path))
	log.Printf("[TRACE] SECRET TOKEN: %s", token)
	o, err := c.Get(fmt.Sprintf("%s/v1/%s/data/%s", host, store, path))
	if err != nil {
		return "", err
	}

	var output secretV2Struct
	if err := json.Unmarshal(o, &output); err != nil {
		return "", err
	}

	for k, v := range output.Data.Data {
		r, err := regexp.Compile(`(p|P)(a|A)(s|S)(s|S)((w|W)(o|O)(r|R)(d|D))?`)
		if err != nil {
			return "", err
		}

		if r.Match([]byte(k)) {
			return v, nil
		}
	}

	return "", fmt.Errorf("no password credential located in secret store")
}