engineAndKeyFromPath returns the engine path and key name from the full path, or an error.
(fullPath string)
| 460 | // engineAndKeyFromPath returns the engine path and key name from the full |
| 461 | // path, or an error. |
| 462 | func engineAndKeyFromPath(fullPath string) (enginePath, keyName string, err error) { |
| 463 | // Running vault behind a reverse proxy with longer URLs seems not to be |
| 464 | // supported by the Vault client API. Check for this here. |
| 465 | // TODO(hidde): this may no longer be necessary with newer Vault versions, |
| 466 | // but needs to be confirmed. |
| 467 | if re := regexp.MustCompile(`/[^/]+/v[\d]+/[^/]+/[^/]+/[^/]+`); re.Match([]byte(fullPath)) { |
| 468 | err = fmt.Errorf("running Vault with a prefixed URL is not supported! (Format has to be like " + |
| 469 | "https://vault.example.com:8200/v1/transit/keys/keyName)") |
| 470 | return |
| 471 | } else if re := regexp.MustCompile(`/v[\d]+/[^/]+/[^/]+/[^/]+`); !re.Match([]byte(fullPath)) { |
| 472 | err = fmt.Errorf("vault path does not seem to be formatted correctly: (eg. " + |
| 473 | "https://vault.example.com:8200/v1/transit/keys/keyName)") |
| 474 | return |
| 475 | } |
| 476 | |
| 477 | fullPath = strings.Trim(fullPath, "/") |
| 478 | dirs := strings.Split(fullPath, "/") |
| 479 | |
| 480 | keyName = dirs[len(dirs)-1] |
| 481 | enginePath = path.Join(dirs[1 : len(dirs)-2]...) |
| 482 | return |
| 483 | } |
no outgoing calls