1package alicloud 2 3import ( 4 "context" 5 "net/http" 6 7 "github.com/hashicorp/go-cleanhttp" 8 "github.com/hashicorp/vault/sdk/framework" 9 "github.com/hashicorp/vault/sdk/logical" 10) 11 12func Factory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error) { 13 client := cleanhttp.DefaultClient() 14 client.CheckRedirect = func(req *http.Request, via []*http.Request) error { 15 return http.ErrUseLastResponse 16 } 17 b := newBackend(client) 18 if err := b.Setup(ctx, conf); err != nil { 19 return nil, err 20 } 21 return b, nil 22} 23 24// newBackend exists for testability. It allows us to inject a fake client. 25func newBackend(client *http.Client) *backend { 26 b := &backend{ 27 identityClient: client, 28 } 29 b.Backend = &framework.Backend{ 30 AuthRenew: b.pathLoginRenew, 31 Help: backendHelp, 32 PathsSpecial: &logical.Paths{ 33 Unauthenticated: []string{ 34 "login", 35 }, 36 }, 37 Paths: []*framework.Path{ 38 pathLogin(b), 39 pathListRole(b), 40 pathListRoles(b), 41 pathRole(b), 42 }, 43 BackendType: logical.TypeCredential, 44 } 45 return b 46} 47 48type backend struct { 49 *framework.Backend 50 51 identityClient *http.Client 52} 53 54const backendHelp = ` 55That AliCloud RAM auth method allows entities to authenticate based on their 56identity and pre-configured roles. 57` 58