vaultToken

package

v0.14.1 Latest Latest Go to latest Published: May 10, 2024 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/fermitools/managed-tokens

Links

Open Source Insights

Documentation ¶

Overview ¶

Package vaultToken provides functions for obtaining and validating Hashicorp vault tokens using the configured HTCondor installation

Index ¶

Constants
func GetAllVaultTokenLocations(serviceName string) ([]string, error)
func GetToken(ctx context.Context, userPrincipal, serviceName, vaultServer string, ...) error
func IsServiceToken(token string) bool
func RemoveServiceVaultTokens(serviceName string) error
func StoreAndValidateToken(ctx context.Context, t TokenStorer, environ *environment.CommandEnvironment) error
type ErrAuthNeeded
- func (e *ErrAuthNeeded) Error() string
- func (e *ErrAuthNeeded) Unwrap() error
type InteractiveTokenStorer
- func NewInteractiveTokenStorer(serviceName, credd, vaultServer string) *InteractiveTokenStorer
type InvalidVaultTokenError
- func (i *InvalidVaultTokenError) Error() string
type NonInteractiveTokenStorer
- func NewNonInteractiveTokenStorer(serviceName, credd, vaultServer string) *NonInteractiveTokenStorer
type TokenStorer

Constants ¶

View Source

const (
	ServiceTokenPrefix       = "hvs."
	LegacyServiceTokenPrefix = "s."
)

Variables ¶

This section is empty.

Functions ¶

func GetAllVaultTokenLocations ¶

func GetAllVaultTokenLocations(serviceName string) ([]string, error)

GetAllVaultTokenLocations returns the locations of the vault tokens that both HTCondor and other OSG grid tools will use. The first element of the returned slice is the standard location for most grid tools, and the second is the standard for HTCondor

func GetToken ¶

func GetToken(ctx context.Context, userPrincipal, serviceName, vaultServer string, environ environment.CommandEnvironment) error

TODO STILL UNDER DEVELOPMENT. Export when ready, and add tracing

func IsServiceToken ¶

func IsServiceToken(token string) bool

IsServiceToken validates that a token string follows the Hashicorp service token convention

func RemoveServiceVaultTokens ¶

func RemoveServiceVaultTokens(serviceName string) error

RemoveServiceVaultTokens removes the vault token files at the standard OSG Grid Tools and HTCondor locations

func StoreAndValidateToken ¶

func StoreAndValidateToken(ctx context.Context, t TokenStorer, environ *environment.CommandEnvironment) error

StoreAndValidateToken stores a vault token in the passed in Hashicorp vault server and the passed in credd.

Types ¶

type ErrAuthNeeded ¶

type ErrAuthNeeded struct {
	// contains filtered or unexported fields
}

func (*ErrAuthNeeded) Error ¶

func (e *ErrAuthNeeded) Error() string

func (*ErrAuthNeeded) Unwrap ¶

func (e *ErrAuthNeeded) Unwrap() error

type InteractiveTokenStorer ¶

type InteractiveTokenStorer struct {
	// contains filtered or unexported fields
}

InteractiveTokenStorer is a type to use when it is anticipated that the token storing action will require user interaction

func NewInteractiveTokenStorer ¶

func NewInteractiveTokenStorer(serviceName, credd, vaultServer string) *InteractiveTokenStorer

func (*InteractiveTokenStorer) GetCredd ¶

func (t *InteractiveTokenStorer) GetCredd() string

func (*InteractiveTokenStorer) GetServiceName ¶

func (t *InteractiveTokenStorer) GetServiceName() string

func (*InteractiveTokenStorer) GetVaultServer ¶

func (t *InteractiveTokenStorer) GetVaultServer() string

type InvalidVaultTokenError ¶

type InvalidVaultTokenError struct {
	// contains filtered or unexported fields
}

InvalidVaultTokenError is an error that indicates that the token contained in filename is not a valid Hashicorp Service Token (what is called a vault token in the managed-tokens/OSG/WLCG world)

func (*InvalidVaultTokenError) Error ¶

func (i *InvalidVaultTokenError) Error() string

type NonInteractiveTokenStorer ¶

type NonInteractiveTokenStorer struct {
	// contains filtered or unexported fields
}

NonInteractiveTokenStorer is a type to use when it is anticipated that the token storing action will not require user interaction

func NewNonInteractiveTokenStorer ¶

func NewNonInteractiveTokenStorer(serviceName, credd, vaultServer string) *NonInteractiveTokenStorer

func (*NonInteractiveTokenStorer) GetCredd ¶

func (t *NonInteractiveTokenStorer) GetCredd() string

func (*NonInteractiveTokenStorer) GetServiceName ¶

func (t *NonInteractiveTokenStorer) GetServiceName() string

func (*NonInteractiveTokenStorer) GetVaultServer ¶

func (t *NonInteractiveTokenStorer) GetVaultServer() string

type TokenStorer ¶

type TokenStorer interface {
	GetServiceName() string
	GetCredd() string
	GetVaultServer() string
	// contains filtered or unexported methods
}

TokenStorer contains the methods needed to store a vault token in the condor credd and a hashicorp vault. It should be passed into StoreAndValidateTokens so that any token that is stored is also validated

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL