credhub

package module
v0.9.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 22, 2019 License: Apache-2.0 Imports: 13 Imported by: 1

README

go-credhub Build Status GoDoc Report card Coverage Status

Overview

go-credhub is a client library for the Credhub API.

Usage
go get -u github.com/cloudfoundry-community/go-credhub
Experimental
  • For the foreseeable future, releases will be in the v0.x.y range
  • You should expect breaking changes until v1.x.y releases occur
  • Notifications of breaking changes will be made via release notes associated with each tag
  • This library is compatible both with dep and go 1.11 modules
Contributing

Pull requests welcome.

Documentation

Overview

Package credhub provides an API client for https://github.com/cloudfoundry-incubator/credhub

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func UAAEndpoint 

func UAAEndpoint(credhubURL string, skipTLSVerify bool) (oauth2.Endpoint, error)

UAAEndpoint will get the info about the UAA server associated with the specified Credhub

Types

type CFAppAuthClient added in v0.9.1 

type CFAppAuthClient struct {
	// contains filtered or unexported fields
}

CFAppAuthClient wraps an HTTPClient and handles mTLS authentication

func (*CFAppAuthClient) Do added in v0.9.1 

func (c *CFAppAuthClient) Do(req *http.Request) (*http.Response, error)

Do will perform the HTTP Request specified with the underlying HTTPClient

func (*CFAppAuthClient) Get added in v0.9.1 

func (c *CFAppAuthClient) Get(url string) (resp *http.Response, err error)

Get will do an HTTP Request to the specified URL using the HTTP GET method

type CertificateValueType 

type CertificateValueType struct {
	CA          string `json:"ca"`
	PrivateKey  string `json:"private_key"`
	Certificate string `json:"certificate"`
}

CertificateValueType is what a certificate type credential will have. Use CertificateValue() to get this from a certificate type credential.

func CertificateValue 

func CertificateValue(cred Credential) (CertificateValueType, error)

CertificateValue will remarshal a credential so that its Value is a CertificateValueType. Use this method to get the CertificateValueType from the credential. Subsequent calls to this return the remarshalled struct.

func (*CertificateValueType) UnmarshalJSON added in v0.9.1 

func (c *CertificateValueType) UnmarshalJSON(b []byte) error

UnmarshalJSON will unmarshal the JSON and strictly conform to the struct

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client interacts with the Credhub API. It provides methods for all available endpoints

func New 

func New(credhubURL string, hc HTTPClient) *Client

New creates a new Credhub client. You must bring an *http.Client that will negotiate authentication and authorization for you. See the examples for more information.

func (*Client) AddPermissions 

func (c *Client) AddPermissions(credentialName string, newPerms []Permission) ([]Permission, error)

AddPermissions adds permissions to a credential. Note that this method is *not* idempotent.

func (*Client) Delete 

func (c *Client) Delete(name string) error

Delete deletes a credential by name

func (*Client) DeletePermissions 

func (c *Client) DeletePermissions(credentialName, actorID string) error

DeletePermissions deletes permissions from a credential. Note that this method is *not* idempotent

func (*Client) FindByPartialName 

func (c *Client) FindByPartialName(partialName string) ([]Credential, error)

FindByPartialName retrieves a list of stored credential names which contain the search.

func (*Client) FindByPath 

func (c *Client) FindByPath(path string) ([]Credential, error)

FindByPath retrieves a list of stored credential names which are within the specified path. This method does not traverse sub-paths.

func (*Client) Generate 

func (c *Client) Generate(name string, credentialType CredentialType, parameters map[string]interface{}) (*Credential, error)

Generate will create a credential in Credhub. Currently does not work for the Value or JSON credential types. See https://credhub-api.cfapps.io/#generate-credentials for more information about available parameters.

func (*Client) GetAllByName 

func (c *Client) GetAllByName(name string) ([]Credential, error)

GetAllByName will return all versions of a credential, sorted in descending order by their created date.

func (*Client) GetByID 

func (c *Client) GetByID(id string) (*Credential, error)

GetByID will look up a credental by its ID. Since each version of a named credential has a different ID, this will always return at most one value.

func (*Client) GetLatestByName 

func (c *Client) GetLatestByName(name string) (*Credential, error)

GetLatestByName will return the current version of a credential. It will return at most one item.

func (*Client) GetPermissions 

func (c *Client) GetPermissions(credentialName string) ([]Permission, error)

GetPermissions returns the permissions of a credential. Permissions consist of an actor (See https://github.com/cloudfoundry-incubator/credhub/blob/master/docs/authentication-identities.md for more information on actor identities) and Operations

func (*Client) GetVersionsByName 

func (c *Client) GetVersionsByName(name string, numVersions int) ([]Credential, error)

GetVersionsByName will return the latest numVersions versions of a given credential, still sorted in descending order by their created date.

func (*Client) InterpolateCredentials 

func (c *Client) InterpolateCredentials(vcapServices string) (string, error)

InterpolateCredentials will take a string representation of a VCAP_SERVICES json variable, and interpolate any services whose credentials block consists only of credhub-ref. It will return the interpolated JSON as a string

func (*Client) ListAllPaths 

func (c *Client) ListAllPaths() ([]string, error)

ListAllPaths lists all paths that have credentials that have that prefix. Use in conjunction with FindByPath() to list all credentials

func (*Client) Regenerate 

func (c *Client) Regenerate(name string) (*Credential, error)

Regenerate will generate new values for credentials using the same parameters as the stored value. All RSA and SSH credentials may be regenerated. Password and user credentials must have been generated to enable regeneration. Statically set certificates may be regenerated if they are self-signed or if the CA name has been set to a stored CA certificate.

func (*Client) Set 

func (c *Client) Set(credential Credential, mode OverwriteMode, additionalPermissions []Permission) (*Credential, error)

Set adds a credential in Credhub.

type Credential 

type Credential struct {
	ID      string         `json:"id"`
	Name    string         `json:"name"`
	Created string         `json:"version_created_at"`
	Type    CredentialType `json:"type,omitempty"`
	Value   interface{}    `json:"value,omitempty"`
	// contains filtered or unexported fields
}

Credential is the base type that the credential-based methods of Client will return.

type CredentialType 

type CredentialType string

CredentialType is the list of valid types of credentials Credhub supports 

const (
	// Value - A generic value
	Value CredentialType = "value"
	// Password - A password that can be (re-)generated
	Password CredentialType = "password"
	// User - A username, password, and password hash
	User CredentialType = "user"
	// JSON - An arbitrary block of JSON
	JSON CredentialType = "json"
	// RSA - A public/private key pair
	RSA CredentialType = "rsa"
	// SSH - An SSH private key, public key (in OpenSSH format), and public key fingerprint
	SSH CredentialType = "ssh"
	// Certificate - A private key, associated certificate, and CA
	Certificate CredentialType = "certificate"
)

type HTTPClient added in v0.9.1 

type HTTPClient interface {
	Get(url string) (resp *http.Response, err error)
	Do(req *http.Request) (*http.Response, error)
}

func NewCFAppAuthClient added in v0.9.1 

func NewCFAppAuthClient(tr *http.Transport) (HTTPClient, error)

NewCFAppAuthClient creates a CFAppAuthClient

Example Usage: 

client := NewCFAppAuthClient(http.DefaultClient())

func NewUAAAuthClient added in v0.9.1 

func NewUAAAuthClient(hc HTTPClient, ua uaa.Client) HTTPClient

NewUAAAuthClient creates a UAAAuthClient.

Example usage: 

cfg := &config.Config{
	ClientName:       "client-name",
	ClientSecret:     "client-secret",
	UaaEndpoint:      "https://uaa.service.cf.internal:8443",
	SkipVerification: true,
}

uaaClient, err = client.NewClient(logger, cfg, clock)
if err != nil {
	...
}

client := NewUAAAuthClient(http.DefaultClient(), uaaClient)

See github.com/cloudfoundry-community/uaa-go-client for more examples of instantiating the UAA client.

type Operation 

type Operation string

Operation is the list of valid operations 

const (
	// Read operation allows the actor to fetch and view credentials
	Read Operation = "read"

	// Write operation allows the actor to create, update, and generate credentials
	Write Operation = "write"

	// Delete operation allows the actor to delete credentials
	Delete Operation = "delete"

	// ReadACL operation allows the actor to view all permissions on a given credential
	ReadACL Operation = "read_acl"

	// WriteACL operation allows the actor to create and delete permissions on a given credential
	WriteACL Operation = "write_acl"
)

type OverwriteMode 

type OverwriteMode string

OverwriteMode is the list of valid "mode" arguments 

const (
	// Overwrite will overwrite an existing credential on Set or Generate
	Overwrite OverwriteMode = "overwrite"
	// NoOverwrite will not overwrite an existing credential on Set or Generate
	NoOverwrite OverwriteMode = "no-overwrite"
	// Converge will only overwrite an existing credential if the parameters have changed
	Converge OverwriteMode = "converge"
)

type Permission 

type Permission struct {
	Actor      string      `json:"actor"`
	Operations []Operation `json:"operations"`
}

Permission represents the operations an actor is allowed to perform on a credential. See https://github.com/cloudfoundry-incubator/credhub/blob/master/docs/authentication-identities.md for more information on actor identities

type RSAValueType 

type RSAValueType struct {
	PublicKey  string `json:"public_key"`
	PrivateKey string `json:"private_key"`
}

RSAValueType is what a rsa type credential will have. Use RSAValue() to get this from a rsa type Credential

func RSAValue 

func RSAValue(cred Credential) (RSAValueType, error)

RSAValue will remarshal a credential so that its Value is a RSAValueType. Use this method to get the RSAValueType from the credential. Subsequent calls to this return the remarshalled struct.

func (*RSAValueType) UnmarshalJSON added in v0.9.1 

func (r *RSAValueType) UnmarshalJSON(b []byte) error

UnmarshalJSON will unmarshal the JSON and strictly conform to the struct

type SSHValueType 

type SSHValueType struct {
	PublicKey            string `json:"public_key"`
	PrivateKey           string `json:"private_key"`
	PublicKeyFingerprint string `json:"public_key_fingerprint"`
}

SSHValueType is what a ssh type credential will have. Use SSHValue() to get this from a ssh type Credential

func SSHValue 

func SSHValue(cred Credential) (SSHValueType, error)

SSHValue will remarshal a credential so that its Value is a SSHValueType. Use this method to get the SSHValueType from the credential. Subsequent calls to this return the remarshalled struct.

func (*SSHValueType) UnmarshalJSON added in v0.9.1 

func (s *SSHValueType) UnmarshalJSON(b []byte) error

UnmarshalJSON will unmarshal the JSON and strictly conform to the struct

type UAAAuthClient added in v0.9.1 

type UAAAuthClient struct {
	// contains filtered or unexported fields
}

UAAAuthClient is a thin wrapper around an http.Client that handles authenticating and renewing tokens provided via UAA.

func (*UAAAuthClient) Do added in v0.9.1 

func (c *UAAAuthClient) Do(req *http.Request) (*http.Response, error)

func (*UAAAuthClient) Get added in v0.9.1 

func (c *UAAAuthClient) Get(url string) (resp *http.Response, err error)

type UserValueType 

type UserValueType struct {
	Username     string `json:"username"`
	Password     string `json:"password"`
	PasswordHash string `json:"password_hash"`
}

UserValueType is what a user type credential will have. Use UserValue() to get this from a user type Credential

func UserValue 

func UserValue(cred Credential) (UserValueType, error)

UserValue will remarshal a credential so that its Value is a UserValueType. Use this method to get the UserValueType from the credential. Subsequent calls to this return the remarshalled struct.

func (*UserValueType) UnmarshalJSON added in v0.9.1 

func (u *UserValueType) UnmarshalJSON(b []byte) error

UnmarshalJSON will unmarshal the JSON and strictly conform to the struct

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.