feat: restructure project and fix vault/sdk version

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
2025-07-21 07:43:57 +02:00 · 2023-12-14 13:21:44 +00:00 · 2023-12-14 13:21:44 +00:00 · d55f035d34
commit d55f035d34
parent 518b1bc8d4
17 changed files with 848 additions and 579 deletions
--- a/backend.go
+++ b/backend.go
@ -0,0 +1,59 @@
+// SPDX-License-Identifier: MPL-2.0
+// Copyright (c) HashiCorp, Inc.
+// Copyright (c) Matter Labs
+
+package vault_auth_tee
+
+import (
+	"context"
+	"github.com/hashicorp/vault/sdk/framework"
+	"github.com/hashicorp/vault/sdk/logical"
+)
+
+const operationPrefixTee = "tee"
+
+func Factory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error) {
+	b := Backend()
+	if err := b.Setup(ctx, conf); err != nil {
+		return nil, err
+	}
+	return b, nil
+}
+
+func Backend() *backend {
+	var b backend
+	b.Backend = &framework.Backend{
+		Help: backendHelp,
+		PathsSpecial: &logical.Paths{
+			Unauthenticated: []string{
+				"login",
+			},
+		},
+		Paths: []*framework.Path{
+			pathInfo(&b),
+			pathLogin(&b),
+			pathListTees(&b),
+			pathTees(&b),
+		},
+		AuthRenew:      b.loginPathWrapper(b.pathLoginRenew),
+		BackendType:    logical.TypeCredential,
+		RunningVersion: "v" + Version,
+	}
+
+	return &b
+}
+
+type backend struct {
+	*framework.Backend
+}
+
+const backendHelp = `
+The "tee" credential provider allows authentication using
+remote attestation verification together with TLS client certificates.
+A client connects to Vault and uses the "login" endpoint to generate a client token.
+
+Trusted execution environments are configured using the "tees/" endpoint
+by a user with root access. Authentication is then done
+by supplying the attestation report, the attestation collateral
+and the client certificate for "login".
+`