1.新增vault
新增vault时需要先读取已存在的vault进行mapping ,得到最终的vault data,下述代码中existsecret为已存在的vault,requestBody为新传入的vault。代码同样包含了update逻辑,即当新传入的key与已有的key相等时,则将value更新为新传入的value。
m := make(map[string]interface{})
datas := make(map[string]interface{})
//first verify if existsecret exist
if len(existsecret.Data["data"].(map[string]interface{})) != 0 {
for _, value1 := range requestBody.Data {
for index, value2 := range existsecret.Data["data"].(map[string]interface{}) {
if value1.Key == index {
//if key1==key2 update vaule
datas[value1.Key] = value1.Value
} else {
if _, ok := datas[value1.Key]; !ok {
datas[value1.Key] = value1.Value
}
if _, ok := datas[index]; !ok {
datas[index] = value2.(string)
}
}
}
}
} else {
for _, value := range requestBody.Data {
datas[value.Key] = value.Value
}
}
m["data"] = datas
2.删除vault
删除vault时,虽然github.com\hashicorp\vault\api@v1.0.4\logical.go有delete方法,但调用该方法一直没有成功,所以采用替代方案,同样的先读取已存在的vault数据,跟新传入的删除数据做mapping,删除掉需要删除的数据,剩下的调用write方法创建,如果传入的数据跟已有的数据刚好全部match,即删除所有已有数据,则直接调用DELETE方法(参照https://www.vaultproject.io/api-docs/secret/kv/kv-v2 Delete Latest Version of Secret)
m := make(map[string]interface{})
datas := make(map[string]interface{})
for index, value2 := range existsecret.Data["data"].(map[string]interface{}) {
datas[index] = value2
}
for _, value1 := range requestBody.Data {
if _, ok := datas[value1.Key]; ok {
delete(datas, value1.Key)
}
}
result := make(map[string]interface{})
if len(datas) == 0 {
url := VaultUrl + "v1/secret/data/my-secret"
req, err := http.NewRequest("DELETE", url, nil)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("X-Auth-Token", token)
client := &http.Client{}
resp, err := client.Do(req)
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
if err != nil {
fmt.Println("failed to delete vault, the response code is %d, the resp is: \n%s", resp.StatusCode, string(body))
return
}
result["created_time"] = ""
result["deletion_time"] = time.Now().Format("2006-01-02 15:04:05")
result["destroyed"] = "true"
result["version"] = ""
} else {
m["data"] = datas
//call github.com\hashicorp\vault\api@v1.0.4\logical.go Write()
}
上述参考文章中,还有传递version进行vault删除,但实际执行时遇到一些问题,目前还在研究中。