Documentation
¶
Index ¶
- func NewVaultClient(config *config.VaultConfig, logger hclog.Logger, tokenDeriver TokenDeriverFunc) (*vaultClient, error)
- type MockVaultClient
- func (vc *MockVaultClient) DeriveToken(a *structs.Allocation, tasks []string) (map[string]string, error)
- func (vc *MockVaultClient) DeriveTokenErrors() map[string]map[string]error
- func (vc *MockVaultClient) GetConsulACL(string, string) (*vaultapi.Secret, error)
- func (vc *MockVaultClient) RenewToken(token string, interval int) (<-chan error, error)
- func (vc *MockVaultClient) RenewTokenErrors() map[string]error
- func (vc *MockVaultClient) RenewTokens() map[string]chan error
- func (vc *MockVaultClient) SetDeriveTokenError(allocID string, tasks []string, err error)
- func (vc *MockVaultClient) SetRenewTokenError(token string, err error)
- func (vc *MockVaultClient) Start()
- func (vc *MockVaultClient) Stop()
- func (vc *MockVaultClient) StopRenewToken(token string) error
- func (vc *MockVaultClient) StoppedTokens() []string
- type TokenDeriverFunc
- type VaultClient
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewVaultClient ¶
func NewVaultClient(config *config.VaultConfig, logger hclog.Logger, tokenDeriver TokenDeriverFunc) (*vaultClient, error)
NewVaultClient returns a new vault client from the given config.
Types ¶
type MockVaultClient ¶
type MockVaultClient struct {
// DeriveTokenFn allows the caller to control the DeriveToken function. If
// not set an error is returned if found in DeriveTokenErrors and otherwise
// a token is generated and returned
DeriveTokenFn func(a *structs.Allocation, tasks []string) (map[string]string, error)
// contains filtered or unexported fields
}
MockVaultClient is used for testing the vaultclient integration and is safe for concurrent access.
func NewMockVaultClient ¶
func NewMockVaultClient() *MockVaultClient
NewMockVaultClient returns a MockVaultClient for testing
func (*MockVaultClient) DeriveToken ¶
func (vc *MockVaultClient) DeriveToken(a *structs.Allocation, tasks []string) (map[string]string, error)
func (*MockVaultClient) DeriveTokenErrors ¶
func (vc *MockVaultClient) DeriveTokenErrors() map[string]map[string]error
DeriveTokenErrors maps an allocation ID and tasks to an error when the token is derived
func (*MockVaultClient) GetConsulACL ¶
func (*MockVaultClient) RenewToken ¶
func (vc *MockVaultClient) RenewToken(token string, interval int) (<-chan error, error)
func (*MockVaultClient) RenewTokenErrors ¶
func (vc *MockVaultClient) RenewTokenErrors() map[string]error
RenewTokenErrors is used to return an error when the RenewToken is called with the given token
func (*MockVaultClient) RenewTokens ¶
func (vc *MockVaultClient) RenewTokens() map[string]chan error
RenewTokens are the tokens that have been renewed and their error channels
func (*MockVaultClient) SetDeriveTokenError ¶
func (vc *MockVaultClient) SetDeriveTokenError(allocID string, tasks []string, err error)
func (*MockVaultClient) SetRenewTokenError ¶
func (vc *MockVaultClient) SetRenewTokenError(token string, err error)
func (*MockVaultClient) Start ¶
func (vc *MockVaultClient) Start()
func (*MockVaultClient) Stop ¶
func (vc *MockVaultClient) Stop()
func (*MockVaultClient) StopRenewToken ¶
func (vc *MockVaultClient) StopRenewToken(token string) error
func (*MockVaultClient) StoppedTokens ¶
func (vc *MockVaultClient) StoppedTokens() []string
StoppedTokens tracks the tokens that have stopped renewing
type TokenDeriverFunc ¶
type TokenDeriverFunc func(*structs.Allocation, []string, *vaultapi.Client) (map[string]string, error)
TokenDeriverFunc takes in an allocation and a set of tasks and derives a wrapped token for all the tasks, from the nomad server. All the derived wrapped tokens will be unwrapped using the vault API client.
type VaultClient ¶
type VaultClient interface {
// Start initiates the renewal loop of tokens and secrets
Start()
// Stop terminates the renewal loop for tokens and secrets
Stop()
// DeriveToken contacts the nomad server and fetches wrapped tokens for
// a set of tasks. The wrapped tokens will be unwrapped using vault and
// returned.
DeriveToken(*structs.Allocation, []string) (map[string]string, error)
// GetConsulACL fetches the Consul ACL token required for the task
GetConsulACL(string, string) (*vaultapi.Secret, error)
// RenewToken renews a token with the given increment and adds it to
// the min-heap for periodic renewal.
RenewToken(string, int) (<-chan error, error)
// StopRenewToken removes the token from the min-heap, stopping its
// renewal.
StopRenewToken(string) error
}
The interface which nomad client uses to interact with vault and periodically renews the tokens and secrets.
Source Files
Click to show internal directories.
Click to hide internal directories.