Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion vault/api/account.go
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,7 @@ func DeleteAccount(c *gin.Context) {
return
}
Require(c, RequestTokenCanAccessAccount(c, account))
if err := service.DeleteAccountWithAudit(account, GetRequestEntityID(c), newAccountAuditLog(c, service.AuditActionAccountDeleted, account)); err != nil {
if err := service.DeleteAccountWithAudit(account, newAccountAuditLog(c, service.AuditActionAccountDeleted, account)); err != nil {
if err == gorm.ErrRecordNotFound {
c.JSON(http.StatusNotFound, gin.H{"error": "account not found"})
return
Expand Down
4 changes: 2 additions & 2 deletions vault/api/app_secret.go
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ func DeleteApplication(c *gin.Context) {
return
}
Require(c, RequestTokenCanAccessApplication(c, application))
if err := service.DeleteApplication(application, GetRequestEntityID(c)); err != nil {
if err := service.DeleteApplication(application); err != nil {
if err == gorm.ErrRecordNotFound {
c.JSON(http.StatusNotFound, gin.H{"error": "application not found"})
return
Expand Down Expand Up @@ -208,7 +208,7 @@ func DeleteApplicationSecret(c *gin.Context) {
return
}
Require(c, RequestTokenCanAccessApplication(c, application))
if err := service.DeleteAppSecret(application.ID, c.Param("secretID"), GetRequestEntityID(c)); err != nil {
if err := service.DeleteAppSecret(application.ID, c.Param("secretID")); err != nil {
if err == gorm.ErrRecordNotFound {
c.JSON(http.StatusNotFound, gin.H{"error": "app secret not found"})
return
Expand Down
2 changes: 1 addition & 1 deletion vault/api/secret.go
Original file line number Diff line number Diff line change
Expand Up @@ -181,7 +181,7 @@ func DeleteSecret(c *gin.Context) {
}
Require(c, RequestTokenCanAccessAccount(c, account))

if err := service.DeleteSecret(c.Param("id"), c.Param("secretID"), GetRequestEntityID(c)); err != nil {
if err := service.DeleteSecret(c.Param("id"), c.Param("secretID")); err != nil {
if err == gorm.ErrRecordNotFound {
c.JSON(http.StatusNotFound, gin.H{"error": "secret not found"})
return
Expand Down
19 changes: 9 additions & 10 deletions vault/model/account.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,16 +3,15 @@ package model
import "time"

type Account struct {
ID string `json:"id" gorm:"primaryKey"`
Name string `json:"name" gorm:"index"`
Description string `json:"description"`
URL string `json:"url"`
AccessGroupNames []string `json:"access_group_names" gorm:"type:jsonb;serializer:json"`
CreatedByEntityID string `json:"created_by_entity_id" gorm:"index"`
UpdatedByEntityID string `json:"updated_by_entity_id" gorm:"index"`
DeletedAt *time.Time `json:"deleted_at" gorm:"index"`
CreatedAt time.Time `json:"created_at" gorm:"autoCreateTime"`
UpdatedAt time.Time `json:"updated_at" gorm:"autoUpdateTime"`
ID string `json:"id" gorm:"primaryKey"`
Name string `json:"name" gorm:"index"`
Description string `json:"description"`
URL string `json:"url"`
AccessGroupNames []string `json:"access_group_names" gorm:"type:jsonb;serializer:json"`
CreatedByEntityID string `json:"created_by_entity_id" gorm:"index"`
UpdatedByEntityID string `json:"updated_by_entity_id" gorm:"index"`
CreatedAt time.Time `json:"created_at" gorm:"autoCreateTime"`
UpdatedAt time.Time `json:"updated_at" gorm:"autoUpdateTime"`
}

func (Account) TableName() string {
Expand Down
29 changes: 14 additions & 15 deletions vault/model/app_secret.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,22 +3,21 @@ package model
import "time"

type AppSecret struct {
ID string `json:"id" gorm:"primaryKey"`
ApplicationID string `json:"application_id" gorm:"index;index:idx_app_secret_application_key_live,unique,where:deleted_at IS NULL"`
Key string `json:"key" gorm:"index:idx_app_secret_application_key_live,unique,where:deleted_at IS NULL"`
Ciphertext []byte `json:"-" gorm:"type:bytea"`
Nonce []byte `json:"-" gorm:"type:bytea"`
EncryptedDataKey []byte `json:"-" gorm:"type:bytea"`
KeyID string `json:"key_id" gorm:"index"`
Algorithm string `json:"algorithm"`
CreatedByEntityID string `json:"created_by_entity_id" gorm:"index"`
UpdatedByEntityID string `json:"updated_by_entity_id" gorm:"index"`
DeletedAt *time.Time `json:"deleted_at" gorm:"index"`
CreatedAt time.Time `json:"created_at" gorm:"autoCreateTime"`
UpdatedAt time.Time `json:"updated_at" gorm:"autoUpdateTime"`
PlainValue string `json:"-" gorm:"-"`
ID string `json:"id" gorm:"primaryKey"`
ApplicationID string `json:"application_id" gorm:"index;uniqueIndex:idx_app_secret_application_key"`
Key string `json:"key" gorm:"uniqueIndex:idx_app_secret_application_key"`
Ciphertext []byte `json:"-" gorm:"type:bytea"`
Nonce []byte `json:"-" gorm:"type:bytea"`
EncryptedDataKey []byte `json:"-" gorm:"type:bytea"`
KeyID string `json:"key_id" gorm:"index"`
Algorithm string `json:"algorithm"`
CreatedByEntityID string `json:"created_by_entity_id" gorm:"index"`
UpdatedByEntityID string `json:"updated_by_entity_id" gorm:"index"`
CreatedAt time.Time `json:"created_at" gorm:"autoCreateTime"`
UpdatedAt time.Time `json:"updated_at" gorm:"autoUpdateTime"`
PlainValue string `json:"-" gorm:"-"`
}

func (AppSecret) TableName() string {
return "vault_app_secret"
return "vault_application_secret"
}
3 changes: 1 addition & 2 deletions vault/model/application.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,10 @@ import "time"

type Application struct {
ID string `json:"id" gorm:"primaryKey"`
Name string `json:"name" gorm:"index:idx_application_name_live,unique,where:deleted_at IS NULL"`
Name string `json:"name" gorm:"uniqueIndex"`
AccessGroupNames []string `json:"access_group_names" gorm:"type:jsonb;serializer:json"`
CreatedByEntityID string `json:"created_by_entity_id" gorm:"index"`
UpdatedByEntityID string `json:"updated_by_entity_id" gorm:"index"`
DeletedAt *time.Time `json:"deleted_at" gorm:"index"`
CreatedAt time.Time `json:"created_at" gorm:"autoCreateTime"`
UpdatedAt time.Time `json:"updated_at" gorm:"autoUpdateTime"`
Secrets []AppSecret `json:"secrets,omitempty" gorm:"foreignKey:ApplicationID"`
Expand Down
35 changes: 17 additions & 18 deletions vault/model/secret.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,25 +3,24 @@ package model
import "time"

type Secret struct {
ID string `json:"id" gorm:"primaryKey"`
AccountID string `json:"account_id" gorm:"index;uniqueIndex:idx_secret_account_key"`
Key string `json:"key" gorm:"uniqueIndex:idx_secret_account_key"`
Label string `json:"label"`
Type string `json:"type" gorm:"index"`
Sensitive bool `json:"sensitive" gorm:"index"`
PlainValue string `json:"plain_value"`
Ciphertext []byte `json:"-" gorm:"type:bytea"`
Nonce []byte `json:"-" gorm:"type:bytea"`
EncryptedDataKey []byte `json:"-" gorm:"type:bytea"`
KeyID string `json:"key_id" gorm:"index"`
Algorithm string `json:"algorithm"`
CreatedByEntityID string `json:"created_by_entity_id" gorm:"index"`
UpdatedByEntityID string `json:"updated_by_entity_id" gorm:"index"`
DeletedAt *time.Time `json:"deleted_at" gorm:"index"`
CreatedAt time.Time `json:"created_at" gorm:"autoCreateTime"`
UpdatedAt time.Time `json:"updated_at" gorm:"autoUpdateTime"`
ID string `json:"id" gorm:"primaryKey"`
AccountID string `json:"account_id" gorm:"index;uniqueIndex:idx_secret_account_key"`
Key string `json:"key" gorm:"uniqueIndex:idx_secret_account_key"`
Label string `json:"label"`
Type string `json:"type" gorm:"index"`
Sensitive bool `json:"sensitive" gorm:"index"`
PlainValue string `json:"plain_value"`
Ciphertext []byte `json:"-" gorm:"type:bytea"`
Nonce []byte `json:"-" gorm:"type:bytea"`
EncryptedDataKey []byte `json:"-" gorm:"type:bytea"`
KeyID string `json:"key_id" gorm:"index"`
Algorithm string `json:"algorithm"`
CreatedByEntityID string `json:"created_by_entity_id" gorm:"index"`
UpdatedByEntityID string `json:"updated_by_entity_id" gorm:"index"`
CreatedAt time.Time `json:"created_at" gorm:"autoCreateTime"`
UpdatedAt time.Time `json:"updated_at" gorm:"autoUpdateTime"`
}

func (Secret) TableName() string {
return "vault_secret"
return "vault_account_secret"
}
28 changes: 11 additions & 17 deletions vault/service/account.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ package service
import (
"errors"
"strings"
"time"

"github.com/gaucho-racing/ulid-go"
"github.com/gaucho-racing/vault/vault/database"
Expand Down Expand Up @@ -31,7 +30,6 @@ type accountSecretCount struct {
func GetAllAccounts() ([]AccountWithSecretCount, error) {
accounts := []model.Account{}
if err := database.DB.
Where("deleted_at IS NULL").
Order("name ASC").
Find(&accounts).Error; err != nil {
return []AccountWithSecretCount{}, err
Expand Down Expand Up @@ -59,7 +57,7 @@ func GetAllAccounts() ([]AccountWithSecretCount, error) {

func GetAccountByID(id string) (model.Account, error) {
var account model.Account
if err := database.DB.Where("id = ? AND deleted_at IS NULL", id).First(&account).Error; err != nil {
if err := database.DB.Where("id = ?", id).First(&account).Error; err != nil {
return model.Account{}, err
}
return account, nil
Expand Down Expand Up @@ -87,7 +85,7 @@ func getSecretCountsByAccountID(accountIDs []string) (map[string]int64, error) {
if err := database.DB.
Model(&model.Secret{}).
Select("account_id, count(*) as secret_count").
Where("account_id IN ? AND deleted_at IS NULL", accountIDs).
Where("account_id IN ?", accountIDs).
Group("account_id").
Scan(&counts).Error; err != nil {
return map[string]int64{}, err
Expand Down Expand Up @@ -162,13 +160,13 @@ func updateAccount(db *gorm.DB, account model.Account) (model.Account, error) {
return account, nil
}

func DeleteAccount(id string, entityID string) error {
return deleteAccount(database.DB, id, entityID)
func DeleteAccount(id string) error {
return deleteAccount(database.DB, id)
}

func DeleteAccountWithAudit(account model.Account, entityID string, auditLog model.AuditLog) error {
func DeleteAccountWithAudit(account model.Account, auditLog model.AuditLog) error {
return database.DB.Transaction(func(tx *gorm.DB) error {
if err := deleteAccount(tx, account.ID, entityID); err != nil {
if err := deleteAccount(tx, account.ID); err != nil {
return err
}
auditLog.AccountID = account.ID
Expand All @@ -177,15 +175,11 @@ func DeleteAccountWithAudit(account model.Account, entityID string, auditLog mod
})
}

func deleteAccount(db *gorm.DB, id string, entityID string) error {
now := time.Now()
result := db.
Model(&model.Account{}).
Where("id = ? AND deleted_at IS NULL", id).
Updates(map[string]interface{}{
"deleted_at": &now,
"updated_by_entity_id": entityID,
})
func deleteAccount(db *gorm.DB, id string) error {
if err := db.Where("account_id = ?", id).Delete(&model.Secret{}).Error; err != nil {
return err
}
result := db.Where("id = ?", id).Delete(&model.Account{})
if result.Error != nil {
return result.Error
}
Expand Down
41 changes: 10 additions & 31 deletions vault/service/app_secret.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ import (
"fmt"
"regexp"
"strings"
"time"

"github.com/gaucho-racing/ulid-go"
"github.com/gaucho-racing/vault/vault/database"
Expand Down Expand Up @@ -39,7 +38,6 @@ var appSecretIdentifierPattern = regexp.MustCompile(`^[a-z0-9][a-z0-9_-]*$`)
func GetAllApplications() ([]ApplicationWithSecretCount, error) {
applications := []model.Application{}
if err := database.DB.
Where("deleted_at IS NULL").
Order("name ASC").
Find(&applications).Error; err != nil {
return []ApplicationWithSecretCount{}, err
Expand Down Expand Up @@ -67,7 +65,7 @@ func GetAllApplications() ([]ApplicationWithSecretCount, error) {

func GetApplicationByID(id string) (model.Application, error) {
var application model.Application
if err := database.DB.Where("id = ? AND deleted_at IS NULL", id).First(&application).Error; err != nil {
if err := database.DB.Where("id = ?", id).First(&application).Error; err != nil {
return model.Application{}, err
}
return application, nil
Expand Down Expand Up @@ -108,26 +106,12 @@ func UpdateApplication(application model.Application) (model.Application, error)
return application, nil
}

func DeleteApplication(application model.Application, entityID string) error {
now := time.Now()
func DeleteApplication(application model.Application) error {
return database.DB.Transaction(func(tx *gorm.DB) error {
if err := tx.
Model(&model.AppSecret{}).
Where("application_id = ? AND deleted_at IS NULL", application.ID).
Updates(map[string]interface{}{
"deleted_at": &now,
"updated_by_entity_id": entityID,
}).Error; err != nil {
if err := tx.Where("application_id = ?", application.ID).Delete(&model.AppSecret{}).Error; err != nil {
return err
}

result := tx.
Model(&model.Application{}).
Where("id = ? AND deleted_at IS NULL", application.ID).
Updates(map[string]interface{}{
"deleted_at": &now,
"updated_by_entity_id": entityID,
})
result := tx.Where("id = ?", application.ID).Delete(&model.Application{})
if result.Error != nil {
return result.Error
}
Expand All @@ -141,7 +125,7 @@ func DeleteApplication(application model.Application, entityID string) error {
func GetAppSecretsForApplication(applicationID string) ([]model.AppSecret, error) {
secrets := []model.AppSecret{}
if err := database.DB.
Where("application_id = ? AND deleted_at IS NULL", applicationID).
Where("application_id = ?", applicationID).
Order("key ASC").
Find(&secrets).Error; err != nil {
return []model.AppSecret{}, err
Expand All @@ -152,7 +136,7 @@ func GetAppSecretsForApplication(applicationID string) ([]model.AppSecret, error
func GetAppSecretForApplication(applicationID string, secretID string) (model.AppSecret, error) {
var secret model.AppSecret
if err := database.DB.
Where("id = ? AND application_id = ? AND deleted_at IS NULL", secretID, applicationID).
Where("id = ? AND application_id = ?", secretID, applicationID).
First(&secret).Error; err != nil {
return model.AppSecret{}, err
}
Expand Down Expand Up @@ -188,15 +172,10 @@ func UpdateAppSecret(secret model.AppSecret) (model.AppSecret, error) {
return secret, nil
}

func DeleteAppSecret(applicationID string, secretID string, entityID string) error {
now := time.Now()
func DeleteAppSecret(applicationID string, secretID string) error {
result := database.DB.
Model(&model.AppSecret{}).
Where("id = ? AND application_id = ? AND deleted_at IS NULL", secretID, applicationID).
Updates(map[string]interface{}{
"deleted_at": &now,
"updated_by_entity_id": entityID,
})
Where("id = ? AND application_id = ?", secretID, applicationID).
Delete(&model.AppSecret{})
if result.Error != nil {
return result.Error
}
Expand Down Expand Up @@ -240,7 +219,7 @@ func getAppSecretCountsByApplicationID(applicationIDs []string) (map[string]int6
if err := database.DB.
Model(&model.AppSecret{}).
Select("application_id, count(*) as secret_count").
Where("application_id IN ? AND deleted_at IS NULL", applicationIDs).
Where("application_id IN ?", applicationIDs).
Group("application_id").
Scan(&counts).Error; err != nil {
return map[string]int64{}, err
Expand Down
16 changes: 5 additions & 11 deletions vault/service/secret.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ package service
import (
"errors"
"strings"
"time"

"github.com/gaucho-racing/ulid-go"
"github.com/gaucho-racing/vault/vault/database"
Expand All @@ -16,7 +15,7 @@ var ErrSecretKeyRequired = errors.New("secret key is required")
func GetSecretsForAccount(accountID string) ([]model.Secret, error) {
secrets := []model.Secret{}
if err := database.DB.
Where("account_id = ? AND deleted_at IS NULL", accountID).
Where("account_id = ?", accountID).
Order("key ASC").
Find(&secrets).Error; err != nil {
return []model.Secret{}, err
Expand All @@ -26,15 +25,15 @@ func GetSecretsForAccount(accountID string) ([]model.Secret, error) {

func GetSecretByID(id string) (model.Secret, error) {
var secret model.Secret
if err := database.DB.Where("id = ? AND deleted_at IS NULL", id).First(&secret).Error; err != nil {
if err := database.DB.Where("id = ?", id).First(&secret).Error; err != nil {
return model.Secret{}, err
}
return secret, nil
}

func GetSecretForAccount(accountID string, secretID string) (model.Secret, error) {
var secret model.Secret
if err := database.DB.Where("id = ? AND account_id = ? AND deleted_at IS NULL", secretID, accountID).First(&secret).Error; err != nil {
if err := database.DB.Where("id = ? AND account_id = ?", secretID, accountID).First(&secret).Error; err != nil {
return model.Secret{}, err
}
return secret, nil
Expand Down Expand Up @@ -69,15 +68,10 @@ func UpdateSecret(secret model.Secret) (model.Secret, error) {
return secret, nil
}

func DeleteSecret(accountID string, secretID string, entityID string) error {
now := time.Now()
func DeleteSecret(accountID string, secretID string) error {
result := database.DB.
Model(&model.Secret{}).
Where("id = ? AND account_id = ?", secretID, accountID).
Updates(map[string]interface{}{
"deleted_at": &now,
"updated_by_entity_id": entityID,
})
Delete(&model.Secret{})
if result.Error != nil {
return result.Error
}
Expand Down
Loading