vault

package
v0.1.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 31, 2019 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	AuthTokenRenewSelfLocation  = "/auth/token/renew-self"
	AuthTokenRevokeSelfLocation = "/auth/token/revoke-self"
)
View Source 
var (
	TLSHandshakeTimeout   = 10
	ResponseHeaderTimeout = 20
	ExpectContinueTimeout = 10
	KeepAlive             = 3
	LeftTemplateDelim     = `((`
	RightTemplateDelim    = `))`
)
View Source 
var (
	AuthApproleLoginLocation = "/auth/approle/login"
)
View Source 
var (
	SysHealthLocation = "/sys/health"
)

Functions

This section is empty.

Types

type Approle 

type Approle struct {
	*Response
}

func (*Approle) Login 

func (i *Approle) Login(v *Client) *Approle

type ApproleLoginInput 

type ApproleLoginInput struct {
	RoleId   string `json:"role_id"`
	SecretId string `json:"secret_id"`
}

type Auth 

type Auth struct {
	ClientToken      string            `json:"client_token"`
	Accessor         string            `json:"accessor"`
	Policies         []string          `json:"policies"`
	TokenPolicies    []string          `json:"token_policies,omitempty"`
	IdentityPolicies []string          `json:"identity_policies,omitempty"`
	Metadata         map[string]string `json:"metadata"`
	LeaseDuration    int               `json:"lease_duration"`
	Renewable        bool              `json:"renewable"`
	EntityID         string            `json:"entity_id"`
	Approle          Approle
	Token            Token
}

type Client 

type Client struct {
	Address  string
	RoleId   string
	SecretId string
	Token    string
	Path     string
	File     string
	Selector string
	Insecure bool

	SystemHealth SystemHealth
	Auth         Auth
	Secret       Secret
	// contains filtered or unexported fields
}

A client represents a go-resty based HTTP client that interacts with the vault API

func NewVaultClient 

func NewVaultClient(ctx context.Context, addr string, insecure bool) *Client

Creates, validates, and initializes a new Client with specified params

func (*Client) CreateToken 

func (v *Client) CreateToken(roleId, secretId string) string

Given the role id and secret id,

func (*Client) ExtendedValidate 

func (v *Client) ExtendedValidate() error

Extended validate is broken out separately here since it makes HTTP calls to vault Note that we expect vault to be initialized, unsealed, and the active node to continue.

func (*Client) FetchSecret 

func (v *Client) FetchSecret(token, path, selector string) string

func (*Client) ParseFile 

func (v *Client) ParseFile(roleId, secretId, vaultPath, file string)

func (*Client) RenewToken 

func (v *Client) RenewToken(token string) string

func (*Client) RevokeToken 

func (v *Client) RevokeToken(token string)

func (*Client) Setup 

func (v *Client) Setup()

Sets up the go-resty client to interact with the vault API service. We do set some defaults for retry count/wait/max, and our own custom HTTP.Transport so we can ignore self-signed SSL certs if required. We also add a few retry conditions if vault is having issues or over-loaded.

func (*Client) Validate 

func (v *Client) Validate() error

Basic validation of the vault inputs for the URL

func (*Client) ValidateCreateToken 

func (v *Client) ValidateCreateToken() error

func (*Client) ValidateFetchSecret 

func (v *Client) ValidateFetchSecret() error

func (*Client) ValidateParseFile 

func (v *Client) ValidateParseFile() error

func (*Client) ValidateRenewToken 

func (v *Client) ValidateRenewToken() error

func (*Client) ValidateRevokeToken 

func (v *Client) ValidateRevokeToken() error

type Response 

type Response struct {
	RequestID     string                 `json:"request_id"`
	LeaseID       string                 `json:"lease_id"`
	Renewable     bool                   `json:"renewable"`
	LeaseDuration int                    `json:"lease_duration"`
	Data          map[string]interface{} `json:"data"`
	Warnings      []string               `json:"warnings"`
	Auth          *Auth                  `json:"auth"`
}

type Secret 

type Secret struct {
	Data          map[string]interface{} `json:"data"`
	LeaseDuration int                    `json:"lease_duration"`
	LeaseId       string                 `json:"lease_id"`
	Renewable     bool                   `json:"renewable"`
}

func (*Secret) Get 

func (i *Secret) Get(v *Client) *Secret

type SystemHealth 

type SystemHealth struct {
	Initialized bool `json:"initialized"`
	Sealed      bool `json:"sealed"`
	Standby     bool `json:"standby"`
}

func (*SystemHealth) GetInitialized 

func (i *SystemHealth) GetInitialized() bool

func (*SystemHealth) GetSealed 

func (i *SystemHealth) GetSealed() bool

func (*SystemHealth) GetStandby 

func (i *SystemHealth) GetStandby() bool

func (*SystemHealth) Ready 

func (i *SystemHealth) Ready() bool

func (*SystemHealth) Reload 

func (i *SystemHealth) Reload(v *Client) *SystemHealth

type Token 

type Token struct {
	*Response
}

func (*Token) RenewSelf 

func (i *Token) RenewSelf(v *Client) *Token

func (*Token) RevokeSelf 

func (i *Token) RevokeSelf(v *Client)

type VaultClientErrors 

type VaultClientErrors struct {
	Errors []string `json:"errors"`
}

When vault emits errors, we marshal them to this struct so it's easier to print out

func (*VaultClientErrors) Error 

func (i *VaultClientErrors) Error() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.