Added listing of app and group secrets

hashicorp · Jun 3, 2016 · b401096 · b401096
1 parent 38d1764
commit b401096
Show file tree

Hide file tree

Showing 2 changed files with 58 additions and 0 deletions.
diff --git a/builtin/credential/appgroup/path_app.go b/builtin/credential/appgroup/path_app.go
@@ -251,6 +251,7 @@ func appPaths(b *backend) []*framework.Path {
 			},
 			Callbacks: map[logical.Operation]framework.OperationFunc{
 				logical.ReadOperation: b.pathAppSecretIDRead,
+				logical.ListOperation: b.pathAppSecretIDList,
 			},
 			HelpSynopsis:    strings.TrimSpace(appHelp["app-secret-id"][0]),
 			HelpDescription: strings.TrimSpace(appHelp["app-secret-id"][1]),
@@ -299,6 +300,34 @@ func (b *backend) pathAppList(
 	return logical.ListResponse(apps), nil
 }
 
+// pathAppSecretIDList is used to list all the Apps registered with the backend.
+func (b *backend) pathAppSecretIDList(
+	req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
+	// Get the "custom" lock
+	lock := b.getSecretIDLock("")
+	lock.RLock()
+	defer lock.RUnlock()
+
+	appName := data.Get("app_name").(string)
+	if appName == "" {
+		return logical.ErrorResponse("missing app_name"), nil
+	}
+
+	app, err := b.appEntry(req.Storage, strings.ToLower(appName))
+	if err != nil {
+		return nil, err
+	}
+	if app == nil {
+		return logical.ErrorResponse(fmt.Sprintf("app %s does not exist", appName)), nil
+	}
+
+	secrets, err := req.Storage.List(fmt.Sprintf("secret_id/%s", b.salt.SaltID(app.SelectorID)))
+	if err != nil {
+		return nil, err
+	}
+	return logical.ListResponse(secrets), nil
+}
+
 // setAppEntry grabs a write lock and stores the options on an App into the storage
 func (b *backend) setAppEntry(s logical.Storage, appName string, app *appStorageEntry) error {
 	b.appLock.Lock()

diff --git a/builtin/credential/appgroup/path_group.go b/builtin/credential/appgroup/path_group.go
@@ -290,6 +290,7 @@ addition to those, a set of policies can be assigned using this.
 			},
 			Callbacks: map[logical.Operation]framework.OperationFunc{
 				logical.ReadOperation: b.pathGroupSecretIDRead,
+				logical.ListOperation: b.pathGroupSecretIDList,
 			},
 			HelpSynopsis:    strings.TrimSpace(groupHelp["group-secret-id"][0]),
 			HelpDescription: strings.TrimSpace(groupHelp["group-secret-id"][1]),
@@ -338,6 +339,34 @@ func (b *backend) pathGroupList(
 	return logical.ListResponse(groups), nil
 }
 
+// pathGroupSecretIDList is used to list all the Apps registered with the backend.
+func (b *backend) pathGroupSecretIDList(
+	req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
+	// Get the "custom" lock
+	lock := b.getSecretIDLock("")
+	lock.RLock()
+	defer lock.RUnlock()
+
+	groupName := data.Get("group_name").(string)
+	if groupName == "" {
+		return logical.ErrorResponse("missing group_name"), nil
+	}
+
+	group, err := b.appEntry(req.Storage, strings.ToLower(groupName))
+	if err != nil {
+		return nil, err
+	}
+	if group == nil {
+		return logical.ErrorResponse(fmt.Sprintf("group %s does not exist", groupName)), nil
+	}
+
+	secrets, err := req.Storage.List(fmt.Sprintf("secret_id/%s", b.salt.SaltID(group.SelectorID)))
+	if err != nil {
+		return nil, err
+	}
+	return logical.ListResponse(secrets), nil
+}
+
 // setAppEntry grabs a write lock and stores the options on a Group into the storage
 func (b *backend) setGroupEntry(s logical.Storage, groupName string, group *groupStorageEntry) error {
 	b.groupLock.Lock()