func()

in pkg/vault/kv/v2_service.go [172:224]

• 40 lines of code
• 13 McCabe index (conditional complexity)

func (s *kvv2Backend) WriteWithMeta(ctx context.Context, path string, data SecretData, meta SecretMetadata) error {
	// Clean path first
	secretPath := vpath.SanitizePath(path)
	if secretPath == "" {
		return fmt.Errorf("unable to query with empty path")
	}

	// Custom metadata not enabled => store metadata as secret data.
	if s.customMetadataEnabled {
		// Validate metadata
		if len(meta) > CustomMetadataKeyLimit {
			return errors.New("unable to store more than 64 custom metadata keys")
		}

		// Check key and value constraints
		for k, v := range meta {
			if len(k) > CustomMetadataKeySizeLimit {
				return fmt.Errorf("custom meta '%s' could not be stored, it must be less than 128 bytes", k)
			}
			raw, ok := v.(string)
			if !ok {
				return fmt.Errorf("custom meta '%s' must be a string", k)
			}
			if len(raw) > CustomMetadataValueSizeLimit {
				return fmt.Errorf("custom meta '%s' value is too large (%d), it must be less than 512 bytes", k, len(raw))
			}
		}
	} else if len(meta) > 0 {
		// Add metadata to data
		data[VaultMetadataDataKey] = meta
	}

	// Write data
	_, err := s.logical.Write(vpath.AddPrefixToVKVPath(secretPath, s.mountPath, "data"), map[string]interface{}{
		"data": data,
	})
	if err != nil {
		return fmt.Errorf("unable to write secret data for path '%s': %w", path, err)
	}

	// Write metadata
	if s.customMetadataEnabled && len(meta) > 0 {
		_, err := s.logical.Write(vpath.AddPrefixToVKVPath(secretPath, s.mountPath, "metadata"), map[string]interface{}{
			"custom_metadata": meta,
		})
		if err != nil {
			return fmt.Errorf("unable to write secret metadata for path '%s': %w", path, err)
		}
	}

	// No error
	return nil
}