vault

package module
v0.4.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 19, 2023 License: MPL-2.0 Imports: 31 Imported by: 93

README

vault-client-go

Go Reference Build

A simple HashiCorp Vault Go client library.

Note: This library is now available in BETA. Please try it out and give us feedback! Please do not use it in production.

Note: We take Vault's security and our users' trust very seriously. If you believe you have found a security issue in Vault, please responsibly disclose by contacting us at security@hashicorp.com.

Contents

  1. Installation
  2. Examples
  3. Building the Library
  4. Under Development
  5. Documentation for API Endpoints

Installation

go get -u github.com/hashicorp/vault-client-go

Examples

Getting Started

Here is a simple example of using the library to read and write your first secret. For the sake of simplicity, we are authenticating with a root token. This example works with a Vault server running in -dev mode:

vault server -dev -dev-root-token-id="my-token"
package main

import (
	"context"
	"log"
	"time"

	"github.com/hashicorp/vault-client-go"
	"github.com/hashicorp/vault-client-go/schema"
)

func main() {
	ctx := context.Background()

	// prepare a client with the given base address
	client, err := vault.New(
		vault.WithAddress("http://127.0.0.1:8200"),
		vault.WithRequestTimeout(30*time.Second),
	)
	if err != nil {
		log.Fatal(err)
	}

	// authenticate with a root token (insecure)
	if err := client.SetToken("my-token"); err != nil {
		log.Fatal(err)
	}

	// write a secret
	_, err = client.Secrets.KvV2Write(ctx, "foo", schema.KvV2WriteRequest{
		Data: map[string]any{
			"password1": "abc123",
			"password2": "correct horse battery staple",
		}},
		vault.WithMountPath("secret"),
	)
	if err != nil {
		log.Fatal(err)
	}
	log.Println("secret written successfully")

	// read the secret
	s, err := client.Secrets.KvV2Read(ctx, "foo", vault.WithMountPath("secret"))
	if err != nil {
		log.Fatal(err)
	}
	log.Println("secret retrieved:", s.Data.Data)
}
Authentication

In the previous example we used an insecure (root token) authentication method. For production applications, it is recommended to use approle or one of the platform-specific authentication methods instead (e.g. Kubernetes, AWS, Azure, etc.). The functions to access these authentication methods are automatically generated under client.Auth. Below is an example of how to authenticate using approle authentication method. Please refer to the approle documentation for more details.

resp, err := client.Auth.AppRoleLogin(
	ctx,
	schema.AppRoleLoginRequest{
		RoleId:   os.Getenv("MY_APPROLE_ROLE_ID"),
		SecretId: os.Getenv("MY_APPROLE_SECRET_ID"),
	},
	vault.WithMountPath("my/approle/path"), // optional, defaults to "approle"
)
if err != nil {
	log.Fatal(err)
}

if err := client.SetToken(resp.Auth.ClientToken); err != nil {
	log.Fatal(err)
}

The secret identifier is often delivered as a wrapped token. In this case, you should unwrap it first as demonstrated here.

Using Generic Methods

The library provides the following generic methods which let you read, modify, list, and delete an arbitrary path within Vault:

client.Read(...)
client.ReadRaw(...)

client.Write(...)
client.WriteFromBytes(...)
client.WriteFromReader(...)

client.List(...)

client.Delete(...)

For example, client.Secrets.KvV2Write(...) from the Getting Started section could be rewritten using a generic client.Write(...) like so:

_, err = client.Write(ctx, "/secret/data/foo", map[string]any{
	"data": map[string]any{
		"password1": "abc123",
		"password2": "correct horse battery staple",
	},
})
Using Generated Methods

The library has a number of generated methods corresponding to the known Vault API endpoints. They are organized in four categories:

client.Auth     // methods related to authentication
client.Secrets  // methods related to various secrets engines
client.Identity // methods related to identities, entities, and aliases
client.System   // various system-wide methods

Below is an example of accessing the generated MountsListSecretsEngines method (equivalent to vault secrets list or GET /v1/sys/mounts):

resp, err := client.System.MountsListSecretsEngines(ctx)
if err != nil {
	log.Fatal(err)
}

for engine := range resp.Data {
	log.Println(engine)
}
Modifying Requests

You can modify the requests in one of two ways, either at the client level or by decorating individual requests. In case both client-level and request-specific modifiers are present, the following rules will apply:

  • For scalar values (such as vault.WithToken example below), the request-specific decorators will take precedence over the client-level settings.
  • For slices (e.g. vault.WithResponseCallbacks), the request-specific decorators will be appended to the client-level settings for the given request.
  • For maps (e.g. vault.WithCustomHeaders), the request-specific decorators will be merged into the client-level settings using maps.Copy semantics (appended, overwriting the existing keys) for the given request.
// all subsequent requests will use the given token & namespace
_ = client.SetToken("my-token")
_ = client.SetNamespace("my-namespace")

// for scalar settings, request-specific decorators take precedence
resp, err := client.Secrets.KvV2Read(
	ctx,
	"my-secret",
	vault.WithToken("request-specific-token"),
	vault.WithNamespace("request-specific-namespace"),
)
Overriding Default Mount Path

Vault plugins can be mounted at arbitrary mount paths using -path command-line argument:

vault secrets enable -path=my/mount/path kv-v2

To accommodate this behavior, the requests defined under client.Auth and client.Secrets can be offset with mount path overrides using the following syntax:

// Equivalent to client.Read(ctx, "my/mount/path/data/my-secret")
secret, err := client.Secrets.KvV2Read(
	ctx,
	"my-secret",
	vault.WithMountPath("my/mount/path"),
)
Adding Custom Headers and Appending Query Parameters

The library allows adding custom headers and appending query parameters to all requests. vault.WithQueryParameters is primarily intended for the generic client.Read, client.ReadRaw, client.List, and client.Delete:

resp, err := client.Read(
    ctx,
    "/path/to/my/secret",
    vault.WithCustomHeaders(http.Header{
        "x-test-header1": {"a", "b"},
        "x-test-header2": {"c", "d"},
    }),
    vault.WithQueryParameters(url.Values{
        "param1": {"a"},
        "param2": {"b"},
    }),
)
Response Wrapping & Unwrapping

Please refer to the response-wrapping documentation for more background information.

// wrap the response with a 5 minute TTL
resp, err := client.Secrets.KvV2Read(
	ctx,
	"my-secret",
	vault.WithResponseWrapping(5*time.Minute),
)
wrapped := resp.WrapInfo.Token

// unwrap the response (usually done elsewhere)
unwrapped, err := vault.Unwrap[schema.KvV2ReadResponse](ctx, client, wrapped)
Error Handling

There are a couple specialized error types that the client can return:

  • ResponseError is the error returned when Vault responds with a status code outside of the 200 - 399 range.
  • RedirectError is the error returned when the client fails to process a redirect response.

The client also provides a convenience function vault.IsErrorStatus(...) to simplify error handling:

s, err := client.Secrets.KvV2Read(ctx, "my-secret")
if err != nil {
	if vault.IsErrorStatus(err, http.StatusForbidden) {
		// special handling for 403 errors
	}
	if vault.IsErrorStatus(err, http.StatusNotFound) {
		// special handling for 404 errors
	}
	return err
}
Using TLS

To enable TLS, simply specify the location of the Vault server's CA certificate file in the configuration:

tls := vault.TLSConfiguration{}
tls.ServerCertificate.FromFile = "/tmp/vault-ca.pem"

client, err := vault.New(
	vault.WithAddress("https://localhost:8200"),
	vault.WithTLS(tls),
)
if err != nil {
	log.Fatal(err)
}
...

You can test this with a -dev-tls Vault server:

vault server -dev-tls -dev-root-token-id="my-token"
Using TLS with Client-side Certificate Authentication
tls := vault.TLSConfiguration{}
tls.ServerCertificate.FromFile = "/tmp/vault-ca.pem"
tls.ClientCertificate.FromFile = "/tmp/client-cert.pem"
tls.ClientCertificateKey.FromFile = "/tmp/client-cert-key.pem"

client, err := vault.New(
	vault.WithAddress("https://localhost:8200"),
	vault.WithTLS(tls),
)
if err != nil {
	log.Fatal(err)
}

resp, err := client.Auth.CertLogin(ctx, schema.CertLoginRequest{
	Name: "my-cert",
})
if err != nil {
	log.Fatal(err)
}

if err := client.SetToken(resp.Auth.ClientToken); err != nil {
	log.Fatal(err)
}

Note: this is a temporary solution using a generated method. The user experience will be improved with the introduction of auth wrappers.

Loading Configuration from Environment Variables
client, err := vault.New(
	vault.WithEnvironment(),
)
if err != nil {
	log.Fatal(err)
}
export VAULT_ADDR=http://localhost:8200
export VAULT_TOKEN=my-token
go run main.go
Logging Requests & Responses with Request/Response Callbacks
client.SetRequestCallbacks(func(req *http.Request) {
	log.Println("request:", *req)
})
client.SetResponseCallbacks(func(req *http.Request, resp *http.Response) {
	log.Println("response:", *resp)
})

Additionally, vault.WithRequestCallbacks(..) / vault.WithResponseCallbacks(..) can be used to inject callbacks for individual requests. These request-level callbacks will be appended to the list of the respective client-level callbacks for the given request.

resp, err := client.Secrets.KvV2Read(
	ctx,
	"my-secret",
	vault.WithRequestCallbacks(func(req *http.Request) {
		log.Println("request:", *req)
	}),
	vault.WithResponseCallbacks(func(req *http.Request, resp *http.Response) {
		log.Println("response:", *resp)
	}),
)
Enforcing Read-your-writes Replication Semantics

Detailed background information of the read-after-write consistency problem can be found in the consistency and replication documentation pages.

You can enforce read-your-writes semantics for individual requests through callbacks:

var state string

// write
_, err := client.Secrets.KvV2Write(
	ctx,
	"my-secret",
	schema.KvV2WriteRequest{
		Data: map[string]any{
			"password1": "abc123",
			"password2": "correct horse battery staple",
		},
	}
	vault.WithResponseCallbacks(
		vault.RecordReplicationState(
			&state,
		),
	),
)

// read
secret, err := client.Secrets.KvV2Read(
	ctx,
	"my-secret",
	vault.WithRequestCallbacks(
		vault.RequireReplicationStates(
			&state,
		),
	),
)

Alternatively, enforce read-your-writes semantics for all requests using the following setting:

client, err := vault.New(
	vault.WithAddress("https://localhost:8200"),
	vault.WithEnforceReadYourWritesConsistency(),
)

Note: careful consideration should be made prior to enabling this setting since there will be a performance penalty paid upon each request.

Building the Library

The vast majority of the code (including the client's endpoint-related methods, request structures, and response structures) is generated from the openapi.json using openapi-generator. If you make any changes to the underlying templates (generate/templates/*), please make sure to regenerate the files by running the following:

make regen && go build ./... && go test ./...

Warning: Vault does not yet provide an official OpenAPI specification. The openapi.json file included in this repository may change in non-backwards compatible ways.

Under Development

This library is currently under active development. Below is a list of high-level features that have been implemented:

  • TLS
  • Read/Write/Delete/List base accessors
  • Automatic retries on errors (using go-retryablehttp)
  • Custom redirect logic
  • Client-side rate limiting
  • Vault-specific headers (X-Vault-Token, X-Vault-Namespace, etc.) and custom headers
  • Request/Response callbacks
  • Environment variables for configuration
  • Read-your-writes semantics
  • Thread-safe cloning and client modifications
  • Response wrapping & unwrapping
  • CI/CD pipelines
  • Structured responses for core requests

The following features are coming soon:

  • Testing framework
  • Authentication wrappers
  • Automatic renewal of tokens and leases
  • More structured responses

Documentation for API Endpoints

Documentation

Index

Constants

View Source
const ClientVersion = "0.4.2"

Variables

This section is empty.

Functions

func DefaultRetryPolicy

func DefaultRetryPolicy(ctx context.Context, resp *http.Response, err error) (bool, error)

DefaultRetryPolicy provides a default callback for RetryConfiguration.CheckRetry. In addition to retryablehttp.DefaultRetryPolicy, it retries on 412 responses, which are returned by Vault when a X-Vault-Index header isn't satisfied.

func IsErrorStatus

func IsErrorStatus(err error, status int) bool

IsErrorStatus returns true if the given error is either a ResponseError or a RedirectError with the given status code.

func MergeReplicationStates

func MergeReplicationStates(old []string, new string) []string

MergeReplicationStates returns a merged array of replication states by iterating through all states in the `old` slice. An iterated state is merged into the result before the `new` based on the result of compareReplicationStates

Types

type Auth

type Auth struct {
	// contains filtered or unexported fields
}

Auth is a simple wrapper around the client for Auth requests

func (*Auth) AliCloudDeleteAuthRole

func (a *Auth) AliCloudDeleteAuthRole(ctx context.Context, role string, options ...RequestOption) (*Response[map[string]interface{}], error)

AliCloudDeleteAuthRole Create a role and associate policies to it. role: The name of the role as it should appear in Vault.

func (*Auth) AliCloudListAuthRoles

func (a *Auth) AliCloudListAuthRoles(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

AliCloudListAuthRoles Lists all the roles that are registered with Vault.

func (*Auth) AliCloudLogin

func (a *Auth) AliCloudLogin(ctx context.Context, request schema.AliCloudLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AliCloudLogin Authenticates an RAM entity with Vault.

func (*Auth) AliCloudReadAuthRole

func (a *Auth) AliCloudReadAuthRole(ctx context.Context, role string, options ...RequestOption) (*Response[map[string]interface{}], error)

AliCloudReadAuthRole Create a role and associate policies to it. role: The name of the role as it should appear in Vault.

func (*Auth) AliCloudWriteAuthRole

func (a *Auth) AliCloudWriteAuthRole(ctx context.Context, role string, request schema.AliCloudWriteAuthRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AliCloudWriteAuthRole Create a role and associate policies to it. role: The name of the role as it should appear in Vault.

func (*Auth) AppRoleDeleteBindSecretId added in v0.3.0

func (a *Auth) AppRoleDeleteBindSecretId(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeleteBindSecretId roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeleteBoundCidrList added in v0.3.0

func (a *Auth) AppRoleDeleteBoundCidrList(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeleteBoundCidrList roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeletePeriod

func (a *Auth) AppRoleDeletePeriod(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeletePeriod roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeletePolicies

func (a *Auth) AppRoleDeletePolicies(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeletePolicies roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeleteRole

func (a *Auth) AppRoleDeleteRole(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeleteRole roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeleteSecretIdBoundCidrs added in v0.3.0

func (a *Auth) AppRoleDeleteSecretIdBoundCidrs(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeleteSecretIdBoundCidrs roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeleteSecretIdNumUses added in v0.3.0

func (a *Auth) AppRoleDeleteSecretIdNumUses(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeleteSecretIdNumUses roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeleteSecretIdTtl added in v0.3.0

func (a *Auth) AppRoleDeleteSecretIdTtl(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeleteSecretIdTtl roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeleteTokenBoundCidrs added in v0.3.0

func (a *Auth) AppRoleDeleteTokenBoundCidrs(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeleteTokenBoundCidrs roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeleteTokenMaxTtl added in v0.3.0

func (a *Auth) AppRoleDeleteTokenMaxTtl(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeleteTokenMaxTtl roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeleteTokenNumUses

func (a *Auth) AppRoleDeleteTokenNumUses(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeleteTokenNumUses roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDeleteTokenTtl added in v0.3.0

func (a *Auth) AppRoleDeleteTokenTtl(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDeleteTokenTtl roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDestroySecretId added in v0.3.0

func (a *Auth) AppRoleDestroySecretId(ctx context.Context, roleName string, request schema.AppRoleDestroySecretIdRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDestroySecretId roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleDestroySecretIdByAccessor added in v0.3.0

func (a *Auth) AppRoleDestroySecretIdByAccessor(ctx context.Context, roleName string, request schema.AppRoleDestroySecretIdByAccessorRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleDestroySecretIdByAccessor roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleListRoles

func (a *Auth) AppRoleListRoles(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

AppRoleListRoles

func (*Auth) AppRoleListSecretIds added in v0.3.0

func (a *Auth) AppRoleListSecretIds(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.StandardListResponse], error)

AppRoleListSecretIds roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleLogin

func (a *Auth) AppRoleLogin(ctx context.Context, request schema.AppRoleLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleLogin

func (*Auth) AppRoleLookUpSecretId added in v0.3.0

func (a *Auth) AppRoleLookUpSecretId(ctx context.Context, roleName string, request schema.AppRoleLookUpSecretIdRequest, options ...RequestOption) (*Response[schema.AppRoleLookUpSecretIdResponse], error)

AppRoleLookUpSecretId roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleLookUpSecretIdByAccessor added in v0.3.0

func (a *Auth) AppRoleLookUpSecretIdByAccessor(ctx context.Context, roleName string, request schema.AppRoleLookUpSecretIdByAccessorRequest, options ...RequestOption) (*Response[schema.AppRoleLookUpSecretIdByAccessorResponse], error)

AppRoleLookUpSecretIdByAccessor roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadBindSecretId added in v0.3.0

func (a *Auth) AppRoleReadBindSecretId(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadBindSecretIdResponse], error)

AppRoleReadBindSecretId roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadBoundCidrList added in v0.3.0

func (a *Auth) AppRoleReadBoundCidrList(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadBoundCidrListResponse], error)

AppRoleReadBoundCidrList roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadLocalSecretIds added in v0.3.0

func (a *Auth) AppRoleReadLocalSecretIds(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadLocalSecretIdsResponse], error)

AppRoleReadLocalSecretIds roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadPeriod

func (a *Auth) AppRoleReadPeriod(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadPeriodResponse], error)

AppRoleReadPeriod roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadPolicies

func (a *Auth) AppRoleReadPolicies(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadPoliciesResponse], error)

AppRoleReadPolicies roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadRole

func (a *Auth) AppRoleReadRole(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadRoleResponse], error)

AppRoleReadRole roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadRoleId added in v0.3.0

func (a *Auth) AppRoleReadRoleId(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadRoleIdResponse], error)

AppRoleReadRoleId roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadSecretIdBoundCidrs added in v0.3.0

func (a *Auth) AppRoleReadSecretIdBoundCidrs(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadSecretIdBoundCidrsResponse], error)

AppRoleReadSecretIdBoundCidrs roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadSecretIdNumUses added in v0.3.0

func (a *Auth) AppRoleReadSecretIdNumUses(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadSecretIdNumUsesResponse], error)

AppRoleReadSecretIdNumUses roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadSecretIdTtl added in v0.3.0

func (a *Auth) AppRoleReadSecretIdTtl(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadSecretIdTtlResponse], error)

AppRoleReadSecretIdTtl roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadTokenBoundCidrs added in v0.3.0

func (a *Auth) AppRoleReadTokenBoundCidrs(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadTokenBoundCidrsResponse], error)

AppRoleReadTokenBoundCidrs roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadTokenMaxTtl added in v0.3.0

func (a *Auth) AppRoleReadTokenMaxTtl(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadTokenMaxTtlResponse], error)

AppRoleReadTokenMaxTtl roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadTokenNumUses

func (a *Auth) AppRoleReadTokenNumUses(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadTokenNumUsesResponse], error)

AppRoleReadTokenNumUses roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleReadTokenTtl added in v0.3.0

func (a *Auth) AppRoleReadTokenTtl(ctx context.Context, roleName string, options ...RequestOption) (*Response[schema.AppRoleReadTokenTtlResponse], error)

AppRoleReadTokenTtl roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleTidySecretId added in v0.3.0

func (a *Auth) AppRoleTidySecretId(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleTidySecretId

func (*Auth) AppRoleWriteBindSecretId added in v0.3.0

func (a *Auth) AppRoleWriteBindSecretId(ctx context.Context, roleName string, request schema.AppRoleWriteBindSecretIdRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteBindSecretId roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteBoundCidrList added in v0.3.0

func (a *Auth) AppRoleWriteBoundCidrList(ctx context.Context, roleName string, request schema.AppRoleWriteBoundCidrListRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteBoundCidrList roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteCustomSecretId added in v0.3.0

func (a *Auth) AppRoleWriteCustomSecretId(ctx context.Context, roleName string, request schema.AppRoleWriteCustomSecretIdRequest, options ...RequestOption) (*Response[schema.AppRoleWriteCustomSecretIdResponse], error)

AppRoleWriteCustomSecretId roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWritePeriod

func (a *Auth) AppRoleWritePeriod(ctx context.Context, roleName string, request schema.AppRoleWritePeriodRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWritePeriod roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWritePolicies

func (a *Auth) AppRoleWritePolicies(ctx context.Context, roleName string, request schema.AppRoleWritePoliciesRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWritePolicies roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteRole

func (a *Auth) AppRoleWriteRole(ctx context.Context, roleName string, request schema.AppRoleWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteRole roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteRoleId added in v0.3.0

func (a *Auth) AppRoleWriteRoleId(ctx context.Context, roleName string, request schema.AppRoleWriteRoleIdRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteRoleId roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteSecretId added in v0.3.0

func (a *Auth) AppRoleWriteSecretId(ctx context.Context, roleName string, request schema.AppRoleWriteSecretIdRequest, options ...RequestOption) (*Response[schema.AppRoleWriteSecretIdResponse], error)

AppRoleWriteSecretId roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteSecretIdBoundCidrs added in v0.3.0

func (a *Auth) AppRoleWriteSecretIdBoundCidrs(ctx context.Context, roleName string, request schema.AppRoleWriteSecretIdBoundCidrsRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteSecretIdBoundCidrs roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteSecretIdNumUses added in v0.3.0

func (a *Auth) AppRoleWriteSecretIdNumUses(ctx context.Context, roleName string, request schema.AppRoleWriteSecretIdNumUsesRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteSecretIdNumUses roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteSecretIdTtl added in v0.3.0

func (a *Auth) AppRoleWriteSecretIdTtl(ctx context.Context, roleName string, request schema.AppRoleWriteSecretIdTtlRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteSecretIdTtl roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteTokenBoundCidrs added in v0.3.0

func (a *Auth) AppRoleWriteTokenBoundCidrs(ctx context.Context, roleName string, request schema.AppRoleWriteTokenBoundCidrsRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteTokenBoundCidrs roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteTokenMaxTtl added in v0.3.0

func (a *Auth) AppRoleWriteTokenMaxTtl(ctx context.Context, roleName string, request schema.AppRoleWriteTokenMaxTtlRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteTokenMaxTtl roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteTokenNumUses

func (a *Auth) AppRoleWriteTokenNumUses(ctx context.Context, roleName string, request schema.AppRoleWriteTokenNumUsesRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteTokenNumUses roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AppRoleWriteTokenTtl added in v0.3.0

func (a *Auth) AppRoleWriteTokenTtl(ctx context.Context, roleName string, request schema.AppRoleWriteTokenTtlRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AppRoleWriteTokenTtl roleName: Name of the role. Must be less than 4096 bytes.

func (*Auth) AwsConfigureCertificate added in v0.3.0

func (a *Auth) AwsConfigureCertificate(ctx context.Context, certName string, request schema.AwsConfigureCertificateRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsConfigureCertificate certName: Name of the certificate.

func (*Auth) AwsConfigureClient added in v0.3.0

func (a *Auth) AwsConfigureClient(ctx context.Context, request schema.AwsConfigureClientRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsConfigureClient

func (*Auth) AwsConfigureIdentityAccessListTidyOperation added in v0.3.0

func (a *Auth) AwsConfigureIdentityAccessListTidyOperation(ctx context.Context, request schema.AwsConfigureIdentityAccessListTidyOperationRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsConfigureIdentityAccessListTidyOperation

func (*Auth) AwsConfigureIdentityIntegration added in v0.3.0

func (a *Auth) AwsConfigureIdentityIntegration(ctx context.Context, request schema.AwsConfigureIdentityIntegrationRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsConfigureIdentityIntegration

func (*Auth) AwsConfigureIdentityWhitelistTidyOperation added in v0.3.0

func (a *Auth) AwsConfigureIdentityWhitelistTidyOperation(ctx context.Context, request schema.AwsConfigureIdentityWhitelistTidyOperationRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsConfigureIdentityWhitelistTidyOperation

func (*Auth) AwsConfigureRoleTagBlacklistTidyOperation added in v0.3.0

func (a *Auth) AwsConfigureRoleTagBlacklistTidyOperation(ctx context.Context, request schema.AwsConfigureRoleTagBlacklistTidyOperationRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsConfigureRoleTagBlacklistTidyOperation

func (*Auth) AwsConfigureRoleTagDenyListTidyOperation added in v0.3.0

func (a *Auth) AwsConfigureRoleTagDenyListTidyOperation(ctx context.Context, request schema.AwsConfigureRoleTagDenyListTidyOperationRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsConfigureRoleTagDenyListTidyOperation

func (*Auth) AwsDeleteAuthRole added in v0.3.0

func (a *Auth) AwsDeleteAuthRole(ctx context.Context, role string, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsDeleteAuthRole role: Name of the role.

func (*Auth) AwsDeleteCertificateConfiguration added in v0.3.0

func (a *Auth) AwsDeleteCertificateConfiguration(ctx context.Context, certName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsDeleteCertificateConfiguration certName: Name of the certificate.

func (*Auth) AwsDeleteClientConfiguration added in v0.3.0

func (a *Auth) AwsDeleteClientConfiguration(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsDeleteClientConfiguration

func (*Auth) AwsDeleteIdentityAccessList added in v0.3.0

func (a *Auth) AwsDeleteIdentityAccessList(ctx context.Context, instanceId string, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsDeleteIdentityAccessList instanceId: EC2 instance ID. A successful login operation from an EC2 instance gets cached in this accesslist, keyed off of instance ID.

func (*Auth) AwsDeleteIdentityAccessListTidySettings added in v0.3.0

func (a *Auth) AwsDeleteIdentityAccessListTidySettings(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsDeleteIdentityAccessListTidySettings

func (*Auth) AwsDeleteIdentityWhitelist added in v0.3.0

func (a *Auth) AwsDeleteIdentityWhitelist(ctx context.Context, instanceId string, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsDeleteIdentityWhitelist instanceId: EC2 instance ID. A successful login operation from an EC2 instance gets cached in this accesslist, keyed off of instance ID.

func (*Auth) AwsDeleteIdentityWhitelistTidySettings added in v0.3.0

func (a *Auth) AwsDeleteIdentityWhitelistTidySettings(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsDeleteIdentityWhitelistTidySettings

func (*Auth) AwsDeleteRoleTagBlacklist added in v0.3.0

func (a *Auth) AwsDeleteRoleTagBlacklist(ctx context.Context, roleTag string, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsDeleteRoleTagBlacklist roleTag: Role tag to be deny listed. The tag can be supplied as-is. In order to avoid any encoding problems, it can be base64 encoded.

func (*Auth) AwsDeleteRoleTagBlacklistTidySettings added in v0.3.0

func (a *Auth) AwsDeleteRoleTagBlacklistTidySettings(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsDeleteRoleTagBlacklistTidySettings

func (*Auth) AwsDeleteRoleTagDenyList added in v0.3.0

func (a *Auth) AwsDeleteRoleTagDenyList(ctx context.Context, roleTag string, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsDeleteRoleTagDenyList roleTag: Role tag to be deny listed. The tag can be supplied as-is. In order to avoid any encoding problems, it can be base64 encoded.

func (*Auth) AwsDeleteRoleTagDenyListTidySettings added in v0.3.0

func (a *Auth) AwsDeleteRoleTagDenyListTidySettings(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsDeleteRoleTagDenyListTidySettings

func (*Auth) AwsDeleteStsRole added in v0.3.0

func (a *Auth) AwsDeleteStsRole(ctx context.Context, accountId string, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsDeleteStsRole accountId: AWS account ID to be associated with STS role. If set, Vault will use assumed credentials to verify any login attempts from EC2 instances in this account.

func (*Auth) AwsListAuthRoles added in v0.3.0

func (a *Auth) AwsListAuthRoles(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

AwsListAuthRoles

func (*Auth) AwsListCertificateConfigurations added in v0.3.0

func (a *Auth) AwsListCertificateConfigurations(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

AwsListCertificateConfigurations

func (*Auth) AwsListIdentityAccessList added in v0.3.0

func (a *Auth) AwsListIdentityAccessList(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

AwsListIdentityAccessList

func (*Auth) AwsListIdentityWhitelist added in v0.3.0

func (a *Auth) AwsListIdentityWhitelist(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

AwsListIdentityWhitelist

func (*Auth) AwsListRoleTagBlacklists added in v0.3.0

func (a *Auth) AwsListRoleTagBlacklists(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

AwsListRoleTagBlacklists

func (*Auth) AwsListRoleTagDenyLists added in v0.3.0

func (a *Auth) AwsListRoleTagDenyLists(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

AwsListRoleTagDenyLists

func (*Auth) AwsListStsRoleRelationships added in v0.3.0

func (a *Auth) AwsListStsRoleRelationships(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

AwsListStsRoleRelationships

func (*Auth) AwsLogin added in v0.3.0

func (a *Auth) AwsLogin(ctx context.Context, request schema.AwsLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsLogin

func (*Auth) AwsReadAuthRole added in v0.3.0

func (a *Auth) AwsReadAuthRole(ctx context.Context, role string, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsReadAuthRole role: Name of the role.

func (*Auth) AwsReadCertificateConfiguration added in v0.3.0

func (a *Auth) AwsReadCertificateConfiguration(ctx context.Context, certName string, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsReadCertificateConfiguration certName: Name of the certificate.

func (*Auth) AwsReadClientConfiguration added in v0.3.0

func (a *Auth) AwsReadClientConfiguration(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsReadClientConfiguration

func (*Auth) AwsReadIdentityAccessList added in v0.3.0

func (a *Auth) AwsReadIdentityAccessList(ctx context.Context, instanceId string, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsReadIdentityAccessList instanceId: EC2 instance ID. A successful login operation from an EC2 instance gets cached in this accesslist, keyed off of instance ID.

func (*Auth) AwsReadIdentityAccessListTidySettings added in v0.3.0

func (a *Auth) AwsReadIdentityAccessListTidySettings(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsReadIdentityAccessListTidySettings

func (*Auth) AwsReadIdentityIntegrationConfiguration added in v0.3.0

func (a *Auth) AwsReadIdentityIntegrationConfiguration(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsReadIdentityIntegrationConfiguration

func (*Auth) AwsReadIdentityWhitelist added in v0.3.0

func (a *Auth) AwsReadIdentityWhitelist(ctx context.Context, instanceId string, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsReadIdentityWhitelist instanceId: EC2 instance ID. A successful login operation from an EC2 instance gets cached in this accesslist, keyed off of instance ID.

func (*Auth) AwsReadIdentityWhitelistTidySettings added in v0.3.0

func (a *Auth) AwsReadIdentityWhitelistTidySettings(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsReadIdentityWhitelistTidySettings

func (*Auth) AwsReadRoleTagBlacklist added in v0.3.0

func (a *Auth) AwsReadRoleTagBlacklist(ctx context.Context, roleTag string, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsReadRoleTagBlacklist roleTag: Role tag to be deny listed. The tag can be supplied as-is. In order to avoid any encoding problems, it can be base64 encoded.

func (*Auth) AwsReadRoleTagBlacklistTidySettings added in v0.3.0

func (a *Auth) AwsReadRoleTagBlacklistTidySettings(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsReadRoleTagBlacklistTidySettings

func (*Auth) AwsReadRoleTagDenyList added in v0.3.0

func (a *Auth) AwsReadRoleTagDenyList(ctx context.Context, roleTag string, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsReadRoleTagDenyList roleTag: Role tag to be deny listed. The tag can be supplied as-is. In order to avoid any encoding problems, it can be base64 encoded.

func (*Auth) AwsReadRoleTagDenyListTidySettings added in v0.3.0

func (a *Auth) AwsReadRoleTagDenyListTidySettings(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsReadRoleTagDenyListTidySettings

func (*Auth) AwsReadStsRole added in v0.3.0

func (a *Auth) AwsReadStsRole(ctx context.Context, accountId string, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsReadStsRole accountId: AWS account ID to be associated with STS role. If set, Vault will use assumed credentials to verify any login attempts from EC2 instances in this account.

func (*Auth) AwsRotateRootCredentials added in v0.3.0

func (a *Auth) AwsRotateRootCredentials(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsRotateRootCredentials

func (*Auth) AwsTidyIdentityAccessList added in v0.3.0

func (a *Auth) AwsTidyIdentityAccessList(ctx context.Context, request schema.AwsTidyIdentityAccessListRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsTidyIdentityAccessList

func (*Auth) AwsTidyIdentityWhitelist added in v0.3.0

func (a *Auth) AwsTidyIdentityWhitelist(ctx context.Context, request schema.AwsTidyIdentityWhitelistRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsTidyIdentityWhitelist

func (*Auth) AwsTidyRoleTagBlacklist added in v0.3.0

func (a *Auth) AwsTidyRoleTagBlacklist(ctx context.Context, request schema.AwsTidyRoleTagBlacklistRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsTidyRoleTagBlacklist

func (*Auth) AwsTidyRoleTagDenyList added in v0.3.0

func (a *Auth) AwsTidyRoleTagDenyList(ctx context.Context, request schema.AwsTidyRoleTagDenyListRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsTidyRoleTagDenyList

func (*Auth) AwsWriteAuthRole added in v0.3.0

func (a *Auth) AwsWriteAuthRole(ctx context.Context, role string, request schema.AwsWriteAuthRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsWriteAuthRole role: Name of the role.

func (*Auth) AwsWriteRoleTag added in v0.3.0

func (a *Auth) AwsWriteRoleTag(ctx context.Context, role string, request schema.AwsWriteRoleTagRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsWriteRoleTag role: Name of the role.

func (*Auth) AwsWriteRoleTagBlacklist added in v0.3.0

func (a *Auth) AwsWriteRoleTagBlacklist(ctx context.Context, roleTag string, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsWriteRoleTagBlacklist roleTag: Role tag to be deny listed. The tag can be supplied as-is. In order to avoid any encoding problems, it can be base64 encoded.

func (*Auth) AwsWriteRoleTagDenyList added in v0.3.0

func (a *Auth) AwsWriteRoleTagDenyList(ctx context.Context, roleTag string, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsWriteRoleTagDenyList roleTag: Role tag to be deny listed. The tag can be supplied as-is. In order to avoid any encoding problems, it can be base64 encoded.

func (*Auth) AwsWriteStsRole added in v0.3.0

func (a *Auth) AwsWriteStsRole(ctx context.Context, accountId string, request schema.AwsWriteStsRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AwsWriteStsRole accountId: AWS account ID to be associated with STS role. If set, Vault will use assumed credentials to verify any login attempts from EC2 instances in this account.

func (*Auth) AzureConfigureAuth added in v0.3.0

func (a *Auth) AzureConfigureAuth(ctx context.Context, request schema.AzureConfigureAuthRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureConfigureAuth

func (*Auth) AzureDeleteAuthConfiguration added in v0.3.0

func (a *Auth) AzureDeleteAuthConfiguration(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureDeleteAuthConfiguration

func (*Auth) AzureDeleteAuthRole

func (a *Auth) AzureDeleteAuthRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureDeleteAuthRole name: Name of the role.

func (*Auth) AzureListAuthRoles

func (a *Auth) AzureListAuthRoles(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

AzureListAuthRoles

func (*Auth) AzureLogin

func (a *Auth) AzureLogin(ctx context.Context, request schema.AzureLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureLogin

func (*Auth) AzureReadAuthConfiguration added in v0.3.0

func (a *Auth) AzureReadAuthConfiguration(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureReadAuthConfiguration

func (*Auth) AzureReadAuthRole

func (a *Auth) AzureReadAuthRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureReadAuthRole name: Name of the role.

func (*Auth) AzureRotateRootCredentials added in v0.3.0

func (a *Auth) AzureRotateRootCredentials(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureRotateRootCredentials

func (*Auth) AzureWriteAuthRole

func (a *Auth) AzureWriteAuthRole(ctx context.Context, name string, request schema.AzureWriteAuthRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AzureWriteAuthRole name: Name of the role.

func (*Auth) CentrifyConfigure added in v0.3.0

func (a *Auth) CentrifyConfigure(ctx context.Context, request schema.CentrifyConfigureRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

CentrifyConfigure

func (*Auth) CentrifyLogin

func (a *Auth) CentrifyLogin(ctx context.Context, request schema.CentrifyLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

CentrifyLogin Log in with a username and password.

func (*Auth) CentrifyReadConfiguration added in v0.3.0

func (a *Auth) CentrifyReadConfiguration(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

CentrifyReadConfiguration

func (*Auth) CertConfigure added in v0.3.0

func (a *Auth) CertConfigure(ctx context.Context, request schema.CertConfigureRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

CertConfigure

func (*Auth) CertDeleteCertificate added in v0.3.0

func (a *Auth) CertDeleteCertificate(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

CertDeleteCertificate Manage trusted certificates used for authentication. name: The name of the certificate

func (*Auth) CertDeleteCrl added in v0.3.0

func (a *Auth) CertDeleteCrl(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

CertDeleteCrl Manage Certificate Revocation Lists checked during authentication. name: The name of the certificate

func (*Auth) CertListCertificates added in v0.3.0

func (a *Auth) CertListCertificates(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

CertListCertificates Manage trusted certificates used for authentication.

func (*Auth) CertListCrls added in v0.3.0

func (a *Auth) CertListCrls(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

CertListCrls

func (*Auth) CertLogin added in v0.3.0

func (a *Auth) CertLogin(ctx context.Context, request schema.CertLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

CertLogin

func (*Auth) CertReadCertificate added in v0.3.0

func (a *Auth) CertReadCertificate(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

CertReadCertificate Manage trusted certificates used for authentication. name: The name of the certificate

func (*Auth) CertReadConfiguration added in v0.3.0

func (a *Auth) CertReadConfiguration(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

CertReadConfiguration

func (*Auth) CertReadCrl added in v0.3.0

func (a *Auth) CertReadCrl(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

CertReadCrl Manage Certificate Revocation Lists checked during authentication. name: The name of the certificate

func (*Auth) CertWriteCertificate added in v0.3.0

func (a *Auth) CertWriteCertificate(ctx context.Context, name string, request schema.CertWriteCertificateRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

CertWriteCertificate Manage trusted certificates used for authentication. name: The name of the certificate

func (*Auth) CertWriteCrl added in v0.3.0

func (a *Auth) CertWriteCrl(ctx context.Context, name string, request schema.CertWriteCrlRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

CertWriteCrl Manage Certificate Revocation Lists checked during authentication. name: The name of the certificate

func (*Auth) CloudFoundryConfigure added in v0.3.0

func (a *Auth) CloudFoundryConfigure(ctx context.Context, request schema.CloudFoundryConfigureRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

CloudFoundryConfigure

func (*Auth) CloudFoundryDeleteConfiguration added in v0.3.0

func (a *Auth) CloudFoundryDeleteConfiguration(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

CloudFoundryDeleteConfiguration

func (*Auth) CloudFoundryDeleteRole

func (a *Auth) CloudFoundryDeleteRole(ctx context.Context, role string, options ...RequestOption) (*Response[map[string]interface{}], error)

CloudFoundryDeleteRole role: The name of the role.

func (*Auth) CloudFoundryListRoles

func (a *Auth) CloudFoundryListRoles(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

CloudFoundryListRoles

func (*Auth) CloudFoundryLogin

func (a *Auth) CloudFoundryLogin(ctx context.Context, request schema.CloudFoundryLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

CloudFoundryLogin

func (*Auth) CloudFoundryReadConfiguration added in v0.3.0

func (a *Auth) CloudFoundryReadConfiguration(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

CloudFoundryReadConfiguration

func (*Auth) CloudFoundryReadRole

func (a *Auth) CloudFoundryReadRole(ctx context.Context, role string, options ...RequestOption) (*Response[map[string]interface{}], error)

CloudFoundryReadRole role: The name of the role.

func (*Auth) CloudFoundryWriteRole

func (a *Auth) CloudFoundryWriteRole(ctx context.Context, role string, request schema.CloudFoundryWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

CloudFoundryWriteRole role: The name of the role.

func (*Auth) GithubConfigure added in v0.3.0

func (a *Auth) GithubConfigure(ctx context.Context, request schema.GithubConfigureRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GithubConfigure

func (*Auth) GithubDeleteTeamMapping added in v0.3.0

func (a *Auth) GithubDeleteTeamMapping(ctx context.Context, key string, options ...RequestOption) (*Response[map[string]interface{}], error)

GithubDeleteTeamMapping Read/write/delete a single teams mapping key: Key for the teams mapping

func (*Auth) GithubDeleteUserMapping added in v0.3.0

func (a *Auth) GithubDeleteUserMapping(ctx context.Context, key string, options ...RequestOption) (*Response[map[string]interface{}], error)

GithubDeleteUserMapping Read/write/delete a single users mapping key: Key for the users mapping

func (*Auth) GithubListTeams added in v0.4.0

func (a *Auth) GithubListTeams(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

GithubListTeams Read mappings for teams

func (*Auth) GithubListUsers added in v0.4.0

func (a *Auth) GithubListUsers(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

GithubListUsers Read mappings for users

func (*Auth) GithubLogin added in v0.3.0

func (a *Auth) GithubLogin(ctx context.Context, request schema.GithubLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GithubLogin

func (*Auth) GithubReadConfiguration added in v0.3.0

func (a *Auth) GithubReadConfiguration(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

GithubReadConfiguration

func (*Auth) GithubReadTeamMapping added in v0.3.0

func (a *Auth) GithubReadTeamMapping(ctx context.Context, key string, options ...RequestOption) (*Response[map[string]interface{}], error)

GithubReadTeamMapping Read/write/delete a single teams mapping key: Key for the teams mapping

func (*Auth) GithubReadUserMapping added in v0.3.0

func (a *Auth) GithubReadUserMapping(ctx context.Context, key string, options ...RequestOption) (*Response[map[string]interface{}], error)

GithubReadUserMapping Read/write/delete a single users mapping key: Key for the users mapping

func (*Auth) GithubWriteTeamMapping added in v0.3.0

func (a *Auth) GithubWriteTeamMapping(ctx context.Context, key string, request schema.GithubWriteTeamMappingRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GithubWriteTeamMapping Read/write/delete a single teams mapping key: Key for the teams mapping

func (*Auth) GithubWriteUserMapping added in v0.3.0

func (a *Auth) GithubWriteUserMapping(ctx context.Context, key string, request schema.GithubWriteUserMappingRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GithubWriteUserMapping Read/write/delete a single users mapping key: Key for the users mapping

func (*Auth) GoogleCloudConfigureAuth added in v0.3.0

func (a *Auth) GoogleCloudConfigureAuth(ctx context.Context, request schema.GoogleCloudConfigureAuthRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudConfigureAuth

func (*Auth) GoogleCloudDeleteRole

func (a *Auth) GoogleCloudDeleteRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudDeleteRole Create a GCP role with associated policies and required attributes. name: Name of the role.

func (*Auth) GoogleCloudEditLabelsForRole added in v0.3.0

func (a *Auth) GoogleCloudEditLabelsForRole(ctx context.Context, name string, request schema.GoogleCloudEditLabelsForRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudEditLabelsForRole Add or remove labels for an existing 'gce' role name: Name of the role.

func (*Auth) GoogleCloudEditServiceAccountsForRole added in v0.3.0

func (a *Auth) GoogleCloudEditServiceAccountsForRole(ctx context.Context, name string, request schema.GoogleCloudEditServiceAccountsForRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudEditServiceAccountsForRole Add or remove service accounts for an existing `iam` role name: Name of the role.

func (*Auth) GoogleCloudListRoles

func (a *Auth) GoogleCloudListRoles(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

GoogleCloudListRoles Lists all the roles that are registered with Vault.

func (*Auth) GoogleCloudLogin

func (a *Auth) GoogleCloudLogin(ctx context.Context, request schema.GoogleCloudLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudLogin

func (*Auth) GoogleCloudReadAuthConfiguration added in v0.3.0

func (a *Auth) GoogleCloudReadAuthConfiguration(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudReadAuthConfiguration

func (*Auth) GoogleCloudReadRole

func (a *Auth) GoogleCloudReadRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudReadRole Create a GCP role with associated policies and required attributes. name: Name of the role.

func (*Auth) GoogleCloudWriteRole

func (a *Auth) GoogleCloudWriteRole(ctx context.Context, name string, request schema.GoogleCloudWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GoogleCloudWriteRole Create a GCP role with associated policies and required attributes. name: Name of the role.

func (*Auth) JwtConfigure added in v0.3.0

func (a *Auth) JwtConfigure(ctx context.Context, request schema.JwtConfigureRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

JwtConfigure Configure the JWT authentication backend. The JWT authentication backend validates JWTs (or OIDC) using the configured credentials. If using OIDC Discovery, the URL must be provided, along with (optionally) the CA cert to use for the connection. If performing JWT validation locally, a set of public keys must be provided.

func (*Auth) JwtDeleteRole added in v0.3.0

func (a *Auth) JwtDeleteRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

JwtDeleteRole Delete an existing role. name: Name of the role.

func (*Auth) JwtListRoles added in v0.3.0

func (a *Auth) JwtListRoles(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

JwtListRoles Lists all the roles registered with the backend. The list will contain the names of the roles.

func (*Auth) JwtLogin added in v0.3.0

func (a *Auth) JwtLogin(ctx context.Context, request schema.JwtLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

JwtLogin Authenticates to Vault using a JWT (or OIDC) token.

func (*Auth) JwtOidcCallback added in v0.3.0

func (a *Auth) JwtOidcCallback(ctx context.Context, clientNonce string, code string, state string, options ...RequestOption) (*Response[map[string]interface{}], error)

JwtOidcCallback Callback endpoint to complete an OIDC login.

func (*Auth) JwtOidcCallbackFormPost added in v0.4.0

func (a *Auth) JwtOidcCallbackFormPost(ctx context.Context, request schema.JwtOidcCallbackFormPostRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

JwtOidcCallbackFormPost Callback endpoint to handle form_posts.

func (*Auth) JwtOidcRequestAuthorizationUrl added in v0.3.0

func (a *Auth) JwtOidcRequestAuthorizationUrl(ctx context.Context, request schema.JwtOidcRequestAuthorizationUrlRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

JwtOidcRequestAuthorizationUrl Request an authorization URL to start an OIDC login flow.

func (*Auth) JwtReadConfiguration added in v0.3.0

func (a *Auth) JwtReadConfiguration(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

JwtReadConfiguration Read the current JWT authentication backend configuration.

func (*Auth) JwtReadRole added in v0.3.0

func (a *Auth) JwtReadRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

JwtReadRole Read an existing role. name: Name of the role.

func (*Auth) JwtWriteRole added in v0.3.0

func (a *Auth) JwtWriteRole(ctx context.Context, name string, request schema.JwtWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

JwtWriteRole Register an role with the backend. A role is required to authenticate with this backend. The role binds JWT token information with token policies and settings. The bindings, token polices and token settings can all be configured using this endpoint name: Name of the role.

func (*Auth) KerberosConfigure added in v0.3.0

func (a *Auth) KerberosConfigure(ctx context.Context, request schema.KerberosConfigureRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KerberosConfigure

func (*Auth) KerberosConfigureLdap added in v0.3.0

func (a *Auth) KerberosConfigureLdap(ctx context.Context, request schema.KerberosConfigureLdapRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KerberosConfigureLdap

func (*Auth) KerberosDeleteGroup

func (a *Auth) KerberosDeleteGroup(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

KerberosDeleteGroup name: Name of the LDAP group.

func (*Auth) KerberosListGroups

func (a *Auth) KerberosListGroups(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

KerberosListGroups

func (*Auth) KerberosLogin

func (a *Auth) KerberosLogin(ctx context.Context, request schema.KerberosLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KerberosLogin

func (*Auth) KerberosReadConfiguration added in v0.3.0

func (a *Auth) KerberosReadConfiguration(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

KerberosReadConfiguration

func (*Auth) KerberosReadGroup

func (a *Auth) KerberosReadGroup(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

KerberosReadGroup name: Name of the LDAP group.

func (*Auth) KerberosReadLdapConfiguration added in v0.3.0

func (a *Auth) KerberosReadLdapConfiguration(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

KerberosReadLdapConfiguration

func (*Auth) KerberosWriteGroup

func (a *Auth) KerberosWriteGroup(ctx context.Context, name string, request schema.KerberosWriteGroupRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KerberosWriteGroup name: Name of the LDAP group.

func (*Auth) KubernetesConfigureAuth added in v0.3.0

func (a *Auth) KubernetesConfigureAuth(ctx context.Context, request schema.KubernetesConfigureAuthRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KubernetesConfigureAuth

func (*Auth) KubernetesDeleteAuthRole

func (a *Auth) KubernetesDeleteAuthRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

KubernetesDeleteAuthRole Register an role with the backend. name: Name of the role.

func (*Auth) KubernetesListAuthRoles

func (a *Auth) KubernetesListAuthRoles(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

KubernetesListAuthRoles Lists all the roles registered with the backend.

func (*Auth) KubernetesLogin

func (a *Auth) KubernetesLogin(ctx context.Context, request schema.KubernetesLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KubernetesLogin Authenticates Kubernetes service accounts with Vault.

func (*Auth) KubernetesReadAuthConfiguration added in v0.3.0

func (a *Auth) KubernetesReadAuthConfiguration(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

KubernetesReadAuthConfiguration

func (*Auth) KubernetesReadAuthRole

func (a *Auth) KubernetesReadAuthRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

KubernetesReadAuthRole Register an role with the backend. name: Name of the role.

func (*Auth) KubernetesWriteAuthRole

func (a *Auth) KubernetesWriteAuthRole(ctx context.Context, name string, request schema.KubernetesWriteAuthRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

KubernetesWriteAuthRole Register an role with the backend. name: Name of the role.

func (*Auth) LdapConfigureAuth added in v0.3.0

func (a *Auth) LdapConfigureAuth(ctx context.Context, request schema.LdapConfigureAuthRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

LdapConfigureAuth

func (*Auth) LdapDeleteGroup added in v0.3.0

func (a *Auth) LdapDeleteGroup(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

LdapDeleteGroup Manage additional groups for users allowed to authenticate. name: Name of the LDAP group.

func (*Auth) LdapDeleteUser added in v0.3.0

func (a *Auth) LdapDeleteUser(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

LdapDeleteUser Manage users allowed to authenticate. name: Name of the LDAP user.

func (*Auth) LdapListGroups added in v0.3.0

func (a *Auth) LdapListGroups(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

LdapListGroups Manage additional groups for users allowed to authenticate.

func (*Auth) LdapListUsers added in v0.3.0

func (a *Auth) LdapListUsers(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

LdapListUsers Manage users allowed to authenticate.

func (*Auth) LdapLogin added in v0.3.0

func (a *Auth) LdapLogin(ctx context.Context, username string, request schema.LdapLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

LdapLogin Log in with a username and password. username: DN (distinguished name) to be used for login.

func (*Auth) LdapReadAuthConfiguration added in v0.3.0

func (a *Auth) LdapReadAuthConfiguration(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

LdapReadAuthConfiguration

func (*Auth) LdapReadGroup added in v0.3.0

func (a *Auth) LdapReadGroup(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

LdapReadGroup Manage additional groups for users allowed to authenticate. name: Name of the LDAP group.

func (*Auth) LdapReadUser added in v0.3.0

func (a *Auth) LdapReadUser(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

LdapReadUser Manage users allowed to authenticate. name: Name of the LDAP user.

func (*Auth) LdapWriteGroup added in v0.3.0

func (a *Auth) LdapWriteGroup(ctx context.Context, name string, request schema.LdapWriteGroupRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

LdapWriteGroup Manage additional groups for users allowed to authenticate. name: Name of the LDAP group.

func (*Auth) LdapWriteUser added in v0.3.0

func (a *Auth) LdapWriteUser(ctx context.Context, name string, request schema.LdapWriteUserRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

LdapWriteUser Manage users allowed to authenticate. name: Name of the LDAP user.

func (*Auth) OciConfigure added in v0.3.0

func (a *Auth) OciConfigure(ctx context.Context, request schema.OciConfigureRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OciConfigure

func (*Auth) OciDeleteConfiguration added in v0.3.0

func (a *Auth) OciDeleteConfiguration(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OciDeleteConfiguration

func (*Auth) OciDeleteRole added in v0.3.0

func (a *Auth) OciDeleteRole(ctx context.Context, role string, options ...RequestOption) (*Response[map[string]interface{}], error)

OciDeleteRole Create a role and associate policies to it. role: Name of the role.

func (*Auth) OciListRoles added in v0.3.0

func (a *Auth) OciListRoles(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

OciListRoles Lists all the roles that are registered with Vault.

func (*Auth) OciLogin added in v0.3.0

func (a *Auth) OciLogin(ctx context.Context, role string, request schema.OciLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OciLogin Authenticates to Vault using OCI credentials role: Name of the role.

func (*Auth) OciReadConfiguration added in v0.3.0

func (a *Auth) OciReadConfiguration(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OciReadConfiguration

func (*Auth) OciReadRole added in v0.3.0

func (a *Auth) OciReadRole(ctx context.Context, role string, options ...RequestOption) (*Response[map[string]interface{}], error)

OciReadRole Create a role and associate policies to it. role: Name of the role.

func (*Auth) OciWriteRole added in v0.3.0

func (a *Auth) OciWriteRole(ctx context.Context, role string, request schema.OciWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OciWriteRole Create a role and associate policies to it. role: Name of the role.

func (*Auth) OktaConfigure added in v0.3.0

func (a *Auth) OktaConfigure(ctx context.Context, request schema.OktaConfigureRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OktaConfigure

func (*Auth) OktaDeleteGroup

func (a *Auth) OktaDeleteGroup(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OktaDeleteGroup Manage users allowed to authenticate. name: Name of the Okta group.

func (*Auth) OktaDeleteUser

func (a *Auth) OktaDeleteUser(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OktaDeleteUser Manage additional groups for users allowed to authenticate. name: Name of the user.

func (*Auth) OktaListGroups

func (a *Auth) OktaListGroups(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

OktaListGroups Manage users allowed to authenticate.

func (*Auth) OktaListUsers

func (a *Auth) OktaListUsers(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

OktaListUsers Manage additional groups for users allowed to authenticate.

func (*Auth) OktaLogin

func (a *Auth) OktaLogin(ctx context.Context, username string, request schema.OktaLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OktaLogin Log in with a username and password. username: Username to be used for login.

func (*Auth) OktaReadConfiguration added in v0.3.0

func (a *Auth) OktaReadConfiguration(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

OktaReadConfiguration

func (*Auth) OktaReadGroup

func (a *Auth) OktaReadGroup(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OktaReadGroup Manage users allowed to authenticate. name: Name of the Okta group.

func (*Auth) OktaReadUser

func (a *Auth) OktaReadUser(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OktaReadUser Manage additional groups for users allowed to authenticate. name: Name of the user.

func (*Auth) OktaVerify

func (a *Auth) OktaVerify(ctx context.Context, nonce string, options ...RequestOption) (*Response[map[string]interface{}], error)

OktaVerify nonce: Nonce provided during a login request to retrieve the number verification challenge for the matching request.

func (*Auth) OktaWriteGroup

func (a *Auth) OktaWriteGroup(ctx context.Context, name string, request schema.OktaWriteGroupRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OktaWriteGroup Manage users allowed to authenticate. name: Name of the Okta group.

func (*Auth) OktaWriteUser

func (a *Auth) OktaWriteUser(ctx context.Context, name string, request schema.OktaWriteUserRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OktaWriteUser Manage additional groups for users allowed to authenticate. name: Name of the user.

func (*Auth) RadiusConfigure added in v0.3.0

func (a *Auth) RadiusConfigure(ctx context.Context, request schema.RadiusConfigureRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

RadiusConfigure

func (*Auth) RadiusDeleteUser

func (a *Auth) RadiusDeleteUser(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

RadiusDeleteUser Manage users allowed to authenticate. name: Name of the RADIUS user.

func (*Auth) RadiusListUsers

func (a *Auth) RadiusListUsers(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

RadiusListUsers Manage users allowed to authenticate.

func (*Auth) RadiusLogin

func (a *Auth) RadiusLogin(ctx context.Context, request schema.RadiusLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

RadiusLogin Log in with a username and password.

func (*Auth) RadiusLoginWithUsername

func (a *Auth) RadiusLoginWithUsername(ctx context.Context, urlusername string, request schema.RadiusLoginWithUsernameRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

RadiusLoginWithUsername Log in with a username and password. urlusername: Username to be used for login. (URL parameter)

func (*Auth) RadiusReadConfiguration added in v0.3.0

func (a *Auth) RadiusReadConfiguration(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

RadiusReadConfiguration

func (*Auth) RadiusReadUser

func (a *Auth) RadiusReadUser(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

RadiusReadUser Manage users allowed to authenticate. name: Name of the RADIUS user.

func (*Auth) RadiusWriteUser

func (a *Auth) RadiusWriteUser(ctx context.Context, name string, request schema.RadiusWriteUserRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

RadiusWriteUser Manage users allowed to authenticate. name: Name of the RADIUS user.

func (*Auth) TokenCreate added in v0.3.0

func (a *Auth) TokenCreate(ctx context.Context, request schema.TokenCreateRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenCreate The token create path is used to create new tokens.

func (*Auth) TokenCreateAgainstRole added in v0.3.0

func (a *Auth) TokenCreateAgainstRole(ctx context.Context, roleName string, request schema.TokenCreateAgainstRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenCreateAgainstRole This token create path is used to create new tokens adhering to the given role. roleName: Name of the role

func (*Auth) TokenCreateOrphan added in v0.3.0

func (a *Auth) TokenCreateOrphan(ctx context.Context, request schema.TokenCreateOrphanRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenCreateOrphan The token create path is used to create new orphan tokens.

func (*Auth) TokenDeleteRole

func (a *Auth) TokenDeleteRole(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenDeleteRole roleName: Name of the role

func (*Auth) TokenListAccessors

func (a *Auth) TokenListAccessors(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

TokenListAccessors List token accessors, which can then be be used to iterate and discover their properties or revoke them. Because this can be used to cause a denial of service, this endpoint requires 'sudo' capability in addition to 'list'.

func (*Auth) TokenListRoles

func (a *Auth) TokenListRoles(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

TokenListRoles This endpoint lists configured roles.

func (*Auth) TokenLookUp added in v0.3.0

func (a *Auth) TokenLookUp(ctx context.Context, request schema.TokenLookUpRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenLookUp

func (*Auth) TokenLookUpAccessor added in v0.3.0

func (a *Auth) TokenLookUpAccessor(ctx context.Context, request schema.TokenLookUpAccessorRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenLookUpAccessor This endpoint will lookup a token associated with the given accessor and its properties. Response will not contain the token ID.

func (*Auth) TokenLookUpSelf added in v0.3.0

func (a *Auth) TokenLookUpSelf(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenLookUpSelf

func (*Auth) TokenReadRole

func (a *Auth) TokenReadRole(ctx context.Context, roleName string, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenReadRole roleName: Name of the role

func (*Auth) TokenRenew

func (a *Auth) TokenRenew(ctx context.Context, request schema.TokenRenewRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenRenew This endpoint will renew the given token and prevent expiration.

func (*Auth) TokenRenewAccessor

func (a *Auth) TokenRenewAccessor(ctx context.Context, request schema.TokenRenewAccessorRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenRenewAccessor This endpoint will renew a token associated with the given accessor and its properties. Response will not contain the token ID.

func (*Auth) TokenRenewSelf

func (a *Auth) TokenRenewSelf(ctx context.Context, request schema.TokenRenewSelfRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenRenewSelf This endpoint will renew the token used to call it and prevent expiration.

func (*Auth) TokenRevoke

func (a *Auth) TokenRevoke(ctx context.Context, request schema.TokenRevokeRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenRevoke This endpoint will delete the given token and all of its child tokens.

func (*Auth) TokenRevokeAccessor

func (a *Auth) TokenRevokeAccessor(ctx context.Context, request schema.TokenRevokeAccessorRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenRevokeAccessor This endpoint will delete the token associated with the accessor and all of its child tokens.

func (*Auth) TokenRevokeOrphan

func (a *Auth) TokenRevokeOrphan(ctx context.Context, request schema.TokenRevokeOrphanRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenRevokeOrphan This endpoint will delete the token and orphan its child tokens.

func (*Auth) TokenRevokeSelf

func (a *Auth) TokenRevokeSelf(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenRevokeSelf This endpoint will delete the token used to call it and all of its child tokens.

func (*Auth) TokenTidy

func (a *Auth) TokenTidy(ctx context.Context, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenTidy This endpoint performs cleanup tasks that can be run if certain error conditions have occurred.

func (*Auth) TokenWriteRole

func (a *Auth) TokenWriteRole(ctx context.Context, roleName string, request schema.TokenWriteRoleRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

TokenWriteRole roleName: Name of the role

func (*Auth) UserpassDeleteUser

func (a *Auth) UserpassDeleteUser(ctx context.Context, username string, options ...RequestOption) (*Response[map[string]interface{}], error)

UserpassDeleteUser Manage users allowed to authenticate. username: Username for this user.

func (*Auth) UserpassListUsers

func (a *Auth) UserpassListUsers(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

UserpassListUsers Manage users allowed to authenticate.

func (*Auth) UserpassLogin

func (a *Auth) UserpassLogin(ctx context.Context, username string, request schema.UserpassLoginRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

UserpassLogin Log in with a username and password. username: Username of the user.

func (*Auth) UserpassReadUser

func (a *Auth) UserpassReadUser(ctx context.Context, username string, options ...RequestOption) (*Response[map[string]interface{}], error)

UserpassReadUser Manage users allowed to authenticate. username: Username for this user.

func (*Auth) UserpassResetPassword added in v0.3.0

func (a *Auth) UserpassResetPassword(ctx context.Context, username string, request schema.UserpassResetPasswordRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

UserpassResetPassword Reset user's password. username: Username for this user.

func (*Auth) UserpassUpdatePolicies added in v0.3.0

func (a *Auth) UserpassUpdatePolicies(ctx context.Context, username string, request schema.UserpassUpdatePoliciesRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

UserpassUpdatePolicies Update the policies associated with the username. username: Username for this user.

func (*Auth) UserpassWriteUser

func (a *Auth) UserpassWriteUser(ctx context.Context, username string, request schema.UserpassWriteUserRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

UserpassWriteUser Manage users allowed to authenticate. username: Username for this user.

type Client

type Client struct {

	// generated request methods
	Auth     Auth
	Identity Identity
	Secrets  Secrets
	System   System
	// contains filtered or unexported fields
}

Client manages communication with Vault, initialize it with vault.New(...)

func New

func New(options ...ClientOption) (*Client, error)

New returns a new client decorated with the given configuration options

func (*Client) ClearCustomHeaders

func (c *Client) ClearCustomHeaders()

ClearsCustomHeaders clears all custom headers from the subsequent requests.

func (*Client) ClearMFACredentials

func (c *Client) ClearMFACredentials()

ClearMFACredentials clears multi-factor authentication credentials from all subsequent requests.

See https://learn.hashicorp.com/tutorials/vault/multi-factor-authentication for more information on multi-factor authentication.

func (*Client) ClearNamespace

func (c *Client) ClearNamespace()

ClearNamespace clears the namespace from all subsequent requests.

See https://developer.hashicorp.com/vault/docs/enterprise/namespaces for more info on namespaces.

func (*Client) ClearReplicationForwardingMode

func (c *Client) ClearReplicationForwardingMode()

ReplicationForwardingMode clears the X-Vault-Forward / X-Vault-Inconsistent headers from all subsequent requests.

See https://developer.hashicorp.com/vault/docs/enterprise/consistency#vault-1-7-mitigations

func (*Client) ClearRequestCallbacks

func (c *Client) ClearRequestCallbacks()

ClearRequestCallbacks clears all request callbacks.

func (*Client) ClearResponseCallbacks

func (c *Client) ClearResponseCallbacks()

ClearResponseCallbacks clears all response callbacks.

func (*Client) ClearResponseWrapping

func (c *Client) ClearResponseWrapping()

ClearResponseWrapping clears the response-wrapping header from all subsequent requests.

See https://developer.hashicorp.com/vault/docs/concepts/response-wrapping for more information on response wrapping.

func (*Client) ClearToken

func (c *Client) ClearToken()

ClearToken clears the token for all subsequent requests.

See https://developer.hashicorp.com/vault/docs/concepts/tokens for more info on tokens.

func (*Client) Clone

func (c *Client) Clone() *Client

Clone creates a new client with the same configuration, request modifiers, and replication states as the original client. Note that the cloned client will point to the same base http.Client and retryablehttp.Client objects.

func (*Client) Configuration

func (c *Client) Configuration() ClientConfiguration

Configuration returns a copy of the configuration object used to initialize this client

func (*Client) Delete

func (c *Client) Delete(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

Delete attempts to delete the value stored at the given Vault path.

func (*Client) List

func (c *Client) List(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

List attempts to list the keys stored at the given Vault path.

func (*Client) Read

func (c *Client) Read(ctx context.Context, path string, options ...RequestOption) (*Response[map[string]interface{}], error)

Read attempts to read the value stored at the given Vault path.

func (*Client) ReadRaw

func (c *Client) ReadRaw(ctx context.Context, path string, options ...RequestOption) (*http.Response, error)

ReadRaw attempts to read the value stored at the given Vault path and returns a raw *http.Response. Compared with `Read`, this function:

  • does not parse the response
  • does not check the response for errors
  • does not apply the client-level request timeout

func (*Client) SetCustomHeaders

func (c *Client) SetCustomHeaders(headers http.Header) error

SetCustomHeaders sets custom headers to be used in all subsequent requests. The internal prefix 'X-Vault-' is not permitted for the header keys.

func (*Client) SetMFACredentials

func (c *Client) SetMFACredentials(credentials ...string) error

SetMFACredentials sets multi-factor authentication credentials to be used with all subsequent requests.

See https://learn.hashicorp.com/tutorials/vault/multi-factor-authentication for more information on multi-factor authentication.

func (*Client) SetNamespace

func (c *Client) SetNamespace(namespace string) error

SetNamespace sets the namespace to be used with all subsequent requests. Use an empty string to clear the namespace.

See https://developer.hashicorp.com/vault/docs/enterprise/namespaces for more info on namespaces.

func (*Client) SetReplicationForwardingMode

func (c *Client) SetReplicationForwardingMode(mode ReplicationForwardingMode)

SetReplicationForwardingMode sets a replication forwarding header for all subsequent requests:

ReplicationForwardNone         - no forwarding header
ReplicationForwardAlways       - 'X-Vault-Forward'
ReplicationForwardInconsistent - 'X-Vault-Inconsistent'

Note: this feature must be enabled in Vault's configuration.

See https://developer.hashicorp.com/vault/docs/enterprise/consistency#vault-1-7-mitigations

func (*Client) SetRequestCallbacks

func (c *Client) SetRequestCallbacks(callbacks ...RequestCallback) error

SetRequestCallbacks sets callbacks which will be invoked before each request.

func (*Client) SetResponseCallbacks

func (c *Client) SetResponseCallbacks(callbacks ...ResponseCallback) error

SetResponseCallbacks sets callbacks which will be invoked after each successful response.

func (*Client) SetResponseWrapping

func (c *Client) SetResponseWrapping(ttl time.Duration) error

SetResponseWrapping sets the response-wrapping TTL to the given duration for all subsequent requests, telling Vault to wrap responses and return response-wrapping tokens instead.

See https://developer.hashicorp.com/vault/docs/concepts/response-wrapping for more information on response wrapping.

func (*Client) SetToken

func (c *Client) SetToken(token string) error

SetToken sets the token to be used with all subsequent requests.

See https://developer.hashicorp.com/vault/docs/concepts/tokens for more info on tokens.

func (*Client) Write

func (c *Client) Write(ctx context.Context, path string, body map[string]interface{}, options ...RequestOption) (*Response[map[string]interface{}], error)

Write attempts to write the given map to the given Vault path.

func (*Client) WriteFromBytes

func (c *Client) WriteFromBytes(ctx context.Context, path string, body []byte, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteFromBytes attempts to write the given byte slice to the given Vault path.

func (*Client) WriteFromReader

func (c *Client) WriteFromReader(ctx context.Context, path string, body io.Reader, options ...RequestOption) (*Response[map[string]interface{}], error)

WriteFromReader attempts to write the given io.Reader data to the given Vault path.

type ClientCertificateEntry

type ClientCertificateEntry struct {
	// FromFile is the path to a PEM-encoded client certificate file.
	// Default: "", takes precedence over 'FromBytes'
	FromFile string `env:"VAULT_CLIENT_CERT"`

	// FromBytes is PEM-encoded certificate data.
	// Default: nil
	FromBytes []byte
}

type ClientCertificateKeyEntry

type ClientCertificateKeyEntry struct {
	// FromFile is the path to a PEM-encoded private key file.
	// Default: "", takes precedence over 'FromBytes'
	FromFile string `env:"VAULT_CLIENT_KEY"`

	// FromBytes is PEM-encoded private key data.
	// Default: nil
	FromBytes []byte
}

type ClientConfiguration

type ClientConfiguration struct {
	// Address specifies the Vault server's base address in the form of
	// scheme://host:port
	// Default: https://127.0.0.1:8200
	Address string `env:"VAULT_ADDR,VAULT_AGENT_ADDR"`

	// HTTPClient is the HTTP client to use for all API requests.
	// DefaultConfiguration() sets reasonable defaults for the HTTPClient and
	// its associated http.Transport. If you must modify Vault's defaults, it
	// is suggested that you start with that client and modify it as needed
	// rather than starting with an empty client or http.DefaultClient.
	HTTPClient *http.Client

	// RequestTimeout, given a non-negative value, will apply the timeout to
	// each request function unless an earlier deadline is passed to the
	// request function through context.Context. Note that this timeout is
	// not applicable to client.ReadRaw or client.ReadRawWithParameters.
	// Default: 60s
	RequestTimeout time.Duration `env:"VAULT_CLIENT_TIMEOUT"`

	// TLS is a collection of TLS settings used to configure the internal
	// http.Client.
	TLS TLSConfiguration

	// RetryConfiguration is a collection of settings used to configure the
	// internal go-retryablehttp client.
	RetryConfiguration RetryConfiguration

	// RateLimiter controls how frequently requests are allowed to happen.
	// If this pointer is nil, then there will be no limit set. Note that an
	// empty struct rate.Limiter is equivalent to blocking all requests.
	// Default: nil
	RateLimiter *rate.Limiter `env:"VAULT_RATE_LIMIT"`

	// EnforceReadYourWritesConsistency ensures isolated read-after-write
	// semantics by providing discovered cluster replication states in each
	// request.
	//
	// Background: when running in a cluster, Vault has an eventual consistency
	// model. Only one node (the leader) can write to Vault's storage. Users
	// generally expect read-after-write consistency: in other words, after
	// writing foo=1, a subsequent read of foo should return 1.
	//
	// Setting this to true will enable "Conditional Forwarding" as described in
	// https://developer.hashicorp.com/vault/docs/enterprise/consistency#vault-1-7-mitigations
	//
	// Note: careful consideration should be made prior to enabling this setting
	// since there will be a performance penalty paid upon each request.
	// This feature requires enterprise server-side.
	EnforceReadYourWritesConsistency bool

	// DisableRedirects prevents the client from automatically following
	// redirects. Any redirect responses will result in `RedirectError` instead.
	//
	// Background: by default, the client follows a single redirect; disabling
	// redirects could cause issues with certain requests, e.g. raft-related
	// calls will fail to redirect to the primary node.
	DisableRedirects bool `env:"VAULT_DISABLE_REDIRECTS"`
	// contains filtered or unexported fields
}

ClientConfiguration is used to configure the creation of the client

func DefaultConfiguration

func DefaultConfiguration() ClientConfiguration

DefaultConfiguration returns the default configuration for the client. It is recommended to start with this configuration and modify it as needed.

type ClientOption

type ClientOption func(*ClientConfiguration) error

ClientOption is a configuration option to initialize a client.

func WithAddress added in v0.2.0

func WithAddress(address string) ClientOption

WithAddress specifies the Vault server base address in the form of scheme://host:port

Default: https://127.0.0.1:8200

func WithConfiguration

func WithConfiguration(configuration ClientConfiguration) ClientOption

WithConfiguration overwrites the default configuration object with the given one. It is recommended to start with DefaultConfiguration() and modify it as necessary. If only an individual configuration field needs to be modified, consider using other ClientOption functions.

func WithDisableRedirects

func WithDisableRedirects() ClientOption

WithDisableRedirects prevents the client from automatically following redirects. Any redirect responses will result in `RedirectError` instead.

Background: by default, the client follows a single redirect; disabling redirects could cause issues with certain requests, e.g. raft-related calls will fail to redirect to the primary node.

func WithEnforceReadYourWritesConsistency

func WithEnforceReadYourWritesConsistency() ClientOption

WithEnforceReadYourWritesConsistency ensures isolated read-after-write semantics by providing discovered cluster replication states in each request.

Background: when running in a cluster, Vault has an eventual consistency model. Only one node (the leader) can write to Vault's storage. Users generally expect read-after-write consistency: in other words, after writing foo=1, a subsequent read of foo should return 1.

Setting this to true will enable "Conditional Forwarding" as described in https://developer.hashicorp.com/vault/docs/enterprise/consistency#vault-1-7-mitigations

Note: careful consideration should be made prior to enabling this setting since there will be a performance penalty paid upon each request. This feature requires enterprise server-side.

func WithEnvironment

func WithEnvironment() ClientOption

WithEnvironment populates the client's configuration object with values from environment values. The following environment variables are currently supported:

VAULT_ADDR, VAULT_AGENT_ADDR (vault's address, e.g. https://127.0.0.1:8200/)
VAULT_CLIENT_TIMEOUT         (request timeout)
VAULT_RATE_LIMIT             (rate[:burst] in operations per second)
VAULT_DISABLE_REDIRECTS      (prevents vault client from following redirects)
VAULT_TOKEN                  (the initial authentication token)
VAULT_NAMESPACE              (the initial namespace to use)
VAULT_SKIP_VERIFY            (do not veirfy vault's presented certificate)
VAULT_CACERT                 (PEM-encoded CA certificate file path)
VAULT_CACERT_BYTES           (PEM-encoded CA certificate bytes)
VAULT_CAPATH                 (PEM-encoded CA certificate directory path)
VAULT_CLIENT_CERT            (PEM-encoded client certificate file path)
VAULT_CLIENT_KEY             (PEM-encoded client certificate key file path)
VAULT_TLS_SERVER_NAME        (used to verify the hostname on returned certificates)
VAULT_RETRY_WAIT_MIN         (minimum time to wait before retrying)
VAULT_RETRY_WAIT_MAX         (maximum time to wait before retrying)
VAULT_MAX_RETRIES            (maximum number of retries for certain error codes)

func WithHTTPClient added in v0.2.0

func WithHTTPClient(client *http.Client) ClientOption

WithHTTPClient sets the HTTP client to use for all API requests. The library sets reasonable defaults for the HTTPClient and its associated http.Transport. If you must modify Vault's defaults, it is suggested that you start with DefaultConfiguration().HTTPClient and modify it as needed rather than starting with an empty client or http.DefaultClient.

func WithRateLimiter

func WithRateLimiter(limiter *rate.Limiter) ClientOption

WithRateLimiter configures how frequently requests are allowed to happen. If this pointer is nil, then there will be no limit set. Note that an empty struct rate.Limiter is equivalent to blocking all requests.

Default: nil

func WithRequestTimeout

func WithRequestTimeout(timeout time.Duration) ClientOption

WithRequestTimeout, given a non-negative value, will apply the timeout to each request function unless an earlier deadline is passed to the request function through context.Context. Note that this timeout is not applicable to client.ReadRaw(...) or client.ReadRawWithParameters(...).

Default: 60s

func WithRetryConfiguration

func WithRetryConfiguration(retry RetryConfiguration) ClientOption

WithRetryConfiguration configures the internal go-retryablehttp client. The library sets reasonable defaults for this setting.

func WithTLS

func WithTLS(tls TLSConfiguration) ClientOption

WithTLS configures the TLS settings in the base http.Client.

type Identity

type Identity struct {
	// contains filtered or unexported fields
}

Identity is a simple wrapper around the client for Identity requests

func (*Identity) AliasCreate added in v0.3.0

func (i *Identity) AliasCreate(ctx context.Context, request schema.AliasCreateRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AliasCreate Create a new alias.

func (*Identity) AliasDeleteById added in v0.3.0

func (i *Identity) AliasDeleteById(ctx context.Context, id string, options ...RequestOption) (*Response[map[string]interface{}], error)

AliasDeleteById id: ID of the alias

func (*Identity) AliasListById added in v0.3.0

func (i *Identity) AliasListById(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

AliasListById List all the alias IDs.

func (*Identity) AliasReadById added in v0.3.0

func (i *Identity) AliasReadById(ctx context.Context, id string, options ...RequestOption) (*Response[map[string]interface{}], error)

AliasReadById id: ID of the alias

func (*Identity) AliasUpdateById added in v0.3.0

func (i *Identity) AliasUpdateById(ctx context.Context, id string, request schema.AliasUpdateByIdRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

AliasUpdateById id: ID of the alias

func (*Identity) EntityBatchDelete

func (i *Identity) EntityBatchDelete(ctx context.Context, request schema.EntityBatchDeleteRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityBatchDelete Delete all of the entities provided

func (*Identity) EntityCreate added in v0.3.0

func (i *Identity) EntityCreate(ctx context.Context, request schema.EntityCreateRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityCreate Create a new entity

func (*Identity) EntityCreateAlias added in v0.3.0

func (i *Identity) EntityCreateAlias(ctx context.Context, request schema.EntityCreateAliasRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityCreateAlias Create a new alias.

func (*Identity) EntityDeleteAliasById added in v0.3.0

func (i *Identity) EntityDeleteAliasById(ctx context.Context, id string, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityDeleteAliasById id: ID of the alias

func (*Identity) EntityDeleteById added in v0.3.0

func (i *Identity) EntityDeleteById(ctx context.Context, id string, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityDeleteById id: ID of the entity. If set, updates the corresponding existing entity.

func (*Identity) EntityDeleteByName

func (i *Identity) EntityDeleteByName(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityDeleteByName name: Name of the entity

func (*Identity) EntityListAliasesById added in v0.3.0

func (i *Identity) EntityListAliasesById(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

EntityListAliasesById List all the alias IDs.

func (*Identity) EntityListById added in v0.3.0

func (i *Identity) EntityListById(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

EntityListById List all the entity IDs

func (*Identity) EntityListByName

func (i *Identity) EntityListByName(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

EntityListByName List all the entity names

func (*Identity) EntityLookUp added in v0.3.0

func (i *Identity) EntityLookUp(ctx context.Context, request schema.EntityLookUpRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityLookUp Query entities based on various properties.

func (*Identity) EntityMerge

func (i *Identity) EntityMerge(ctx context.Context, request schema.EntityMergeRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityMerge Merge two or more entities together

func (*Identity) EntityReadAliasById added in v0.3.0

func (i *Identity) EntityReadAliasById(ctx context.Context, id string, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityReadAliasById id: ID of the alias

func (*Identity) EntityReadById added in v0.3.0

func (i *Identity) EntityReadById(ctx context.Context, id string, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityReadById id: ID of the entity. If set, updates the corresponding existing entity.

func (*Identity) EntityReadByName

func (i *Identity) EntityReadByName(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityReadByName name: Name of the entity

func (*Identity) EntityUpdateAliasById added in v0.3.0

func (i *Identity) EntityUpdateAliasById(ctx context.Context, id string, request schema.EntityUpdateAliasByIdRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityUpdateAliasById id: ID of the alias

func (*Identity) EntityUpdateById added in v0.3.0

func (i *Identity) EntityUpdateById(ctx context.Context, id string, request schema.EntityUpdateByIdRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityUpdateById id: ID of the entity. If set, updates the corresponding existing entity.

func (*Identity) EntityUpdateByName added in v0.3.0

func (i *Identity) EntityUpdateByName(ctx context.Context, name string, request schema.EntityUpdateByNameRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

EntityUpdateByName name: Name of the entity

func (*Identity) GroupCreate added in v0.3.0

func (i *Identity) GroupCreate(ctx context.Context, request schema.GroupCreateRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupCreate

func (*Identity) GroupCreateAlias added in v0.3.0

func (i *Identity) GroupCreateAlias(ctx context.Context, request schema.GroupCreateAliasRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupCreateAlias Creates a new group alias, or updates an existing one.

func (*Identity) GroupDeleteAliasById added in v0.3.0

func (i *Identity) GroupDeleteAliasById(ctx context.Context, id string, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupDeleteAliasById id: ID of the group alias.

func (*Identity) GroupDeleteById added in v0.3.0

func (i *Identity) GroupDeleteById(ctx context.Context, id string, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupDeleteById id: ID of the group. If set, updates the corresponding existing group.

func (*Identity) GroupDeleteByName

func (i *Identity) GroupDeleteByName(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupDeleteByName name: Name of the group.

func (*Identity) GroupListAliasesById added in v0.3.0

func (i *Identity) GroupListAliasesById(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

GroupListAliasesById List all the group alias IDs.

func (*Identity) GroupListById added in v0.3.0

func (i *Identity) GroupListById(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

GroupListById List all the group IDs.

func (*Identity) GroupListByName

func (i *Identity) GroupListByName(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

GroupListByName

func (*Identity) GroupLookUp added in v0.3.0

func (i *Identity) GroupLookUp(ctx context.Context, request schema.GroupLookUpRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupLookUp Query groups based on various properties.

func (*Identity) GroupReadAliasById added in v0.3.0

func (i *Identity) GroupReadAliasById(ctx context.Context, id string, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupReadAliasById id: ID of the group alias.

func (*Identity) GroupReadById added in v0.3.0

func (i *Identity) GroupReadById(ctx context.Context, id string, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupReadById id: ID of the group. If set, updates the corresponding existing group.

func (*Identity) GroupReadByName

func (i *Identity) GroupReadByName(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupReadByName name: Name of the group.

func (*Identity) GroupUpdateAliasById added in v0.3.0

func (i *Identity) GroupUpdateAliasById(ctx context.Context, id string, request schema.GroupUpdateAliasByIdRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupUpdateAliasById id: ID of the group alias.

func (*Identity) GroupUpdateById added in v0.3.0

func (i *Identity) GroupUpdateById(ctx context.Context, id string, request schema.GroupUpdateByIdRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupUpdateById id: ID of the group. If set, updates the corresponding existing group.

func (*Identity) GroupUpdateByName added in v0.3.0

func (i *Identity) GroupUpdateByName(ctx context.Context, name string, request schema.GroupUpdateByNameRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

GroupUpdateByName name: Name of the group.

func (*Identity) MfaAdminDestroyTotpSecret added in v0.3.0

func (i *Identity) MfaAdminDestroyTotpSecret(ctx context.Context, request schema.MfaAdminDestroyTotpSecretRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

MfaAdminDestroyTotpSecret Destroys a TOTP secret for the given MFA method ID on the given entity

func (*Identity) MfaAdminGenerateTotpSecret added in v0.3.0

func (i *Identity) MfaAdminGenerateTotpSecret(ctx context.Context, request schema.MfaAdminGenerateTotpSecretRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

MfaAdminGenerateTotpSecret Update or create TOTP secret for the given method ID on the given entity.

func (*Identity) MfaCreateDuoMethod added in v0.4.0

func (i *Identity) MfaCreateDuoMethod(ctx context.Context, request schema.MfaCreateDuoMethodRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

MfaCreateDuoMethod Create the given MFA method

func (*Identity) MfaCreateOktaMethod added in v0.4.0

func (i *Identity) MfaCreateOktaMethod(ctx context.Context, request schema.MfaCreateOktaMethodRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

MfaCreateOktaMethod Create the given MFA method

func (*Identity) MfaCreatePingIdMethod added in v0.4.0

func (i *Identity) MfaCreatePingIdMethod(ctx context.Context, request schema.MfaCreatePingIdMethodRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

MfaCreatePingIdMethod Create the given MFA method

func (*Identity) MfaCreateTotpMethod added in v0.4.0

func (i *Identity) MfaCreateTotpMethod(ctx context.Context, request schema.MfaCreateTotpMethodRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

MfaCreateTotpMethod Create the given MFA method

func (*Identity) MfaDeleteDuoMethod added in v0.3.0

func (i *Identity) MfaDeleteDuoMethod(ctx context.Context, methodId string, options ...RequestOption) (*Response[map[string]interface{}], error)

MfaDeleteDuoMethod Delete the given MFA method methodId: The unique identifier for this MFA method.

func (*Identity) MfaDeleteLoginEnforcement added in v0.3.0

func (i *Identity) MfaDeleteLoginEnforcement(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

MfaDeleteLoginEnforcement Delete a login enforcement name: Name for this login enforcement configuration

func (*Identity) MfaDeleteOktaMethod added in v0.3.0

func (i *Identity) MfaDeleteOktaMethod(ctx context.Context, methodId string, options ...RequestOption) (*Response[map[string]interface{}], error)

MfaDeleteOktaMethod Delete the given MFA method methodId: The unique identifier for this MFA method.

func (*Identity) MfaDeletePingIdMethod added in v0.3.0

func (i *Identity) MfaDeletePingIdMethod(ctx context.Context, methodId string, options ...RequestOption) (*Response[map[string]interface{}], error)

MfaDeletePingIdMethod Delete the given MFA method methodId: The unique identifier for this MFA method.

func (*Identity) MfaDeleteTotpMethod added in v0.3.0

func (i *Identity) MfaDeleteTotpMethod(ctx context.Context, methodId string, options ...RequestOption) (*Response[map[string]interface{}], error)

MfaDeleteTotpMethod Delete the given MFA method methodId: The unique identifier for this MFA method.

func (*Identity) MfaGenerateTotpSecret added in v0.3.0

func (i *Identity) MfaGenerateTotpSecret(ctx context.Context, request schema.MfaGenerateTotpSecretRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

MfaGenerateTotpSecret Update or create TOTP secret for the given method ID on the given entity.

func (*Identity) MfaListDuoMethods added in v0.3.0

func (i *Identity) MfaListDuoMethods(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

MfaListDuoMethods List MFA method configurations for the given MFA method

func (*Identity) MfaListLoginEnforcements added in v0.3.0

func (i *Identity) MfaListLoginEnforcements(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

MfaListLoginEnforcements List login enforcements

func (*Identity) MfaListMethods added in v0.3.0

func (i *Identity) MfaListMethods(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

MfaListMethods List MFA method configurations for all MFA methods

func (*Identity) MfaListOktaMethods added in v0.3.0

func (i *Identity) MfaListOktaMethods(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

MfaListOktaMethods List MFA method configurations for the given MFA method

func (*Identity) MfaListPingIdMethods added in v0.3.0

func (i *Identity) MfaListPingIdMethods(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

MfaListPingIdMethods List MFA method configurations for the given MFA method

func (*Identity) MfaListTotpMethods added in v0.3.0

func (i *Identity) MfaListTotpMethods(ctx context.Context, options ...RequestOption) (*Response[schema.StandardListResponse], error)

MfaListTotpMethods List MFA method configurations for the given MFA method

func (*Identity) MfaReadDuoMethod added in v0.4.0

func (i *Identity) MfaReadDuoMethod(ctx context.Context, methodId string, options ...RequestOption) (*Response[map[string]interface{}], error)

MfaReadDuoMethod Read the current configuration for the given MFA method methodId: The unique identifier for this MFA method.

func (*Identity) MfaReadLoginEnforcement added in v0.3.0

func (i *Identity) MfaReadLoginEnforcement(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

MfaReadLoginEnforcement Read the current login enforcement name: Name for this login enforcement configuration

func (*Identity) MfaReadMethod added in v0.4.0

func (i *Identity) MfaReadMethod(ctx context.Context, methodId string, options ...RequestOption) (*Response[map[string]interface{}], error)

MfaReadMethod Read the current configuration for the given ID regardless of the MFA method type methodId: The unique identifier for this MFA method.

func (*Identity) MfaReadOktaMethod added in v0.4.0

func (i *Identity) MfaReadOktaMethod(ctx context.Context, methodId string, options ...RequestOption) (*Response[map[string]interface{}], error)

MfaReadOktaMethod Read the current configuration for the given MFA method methodId: The unique identifier for this MFA method.

func (*Identity) MfaReadPingIdMethod added in v0.4.0

func (i *Identity) MfaReadPingIdMethod(ctx context.Context, methodId string, options ...RequestOption) (*Response[map[string]interface{}], error)

MfaReadPingIdMethod Read the current configuration for the given MFA method methodId: The unique identifier for this MFA method.

func (*Identity) MfaReadTotpMethod added in v0.4.0

func (i *Identity) MfaReadTotpMethod(ctx context.Context, methodId string, options ...RequestOption) (*Response[map[string]interface{}], error)

MfaReadTotpMethod Read the current configuration for the given MFA method methodId: The unique identifier for this MFA method.

func (*Identity) MfaUpdateDuoMethod added in v0.4.0

func (i *Identity) MfaUpdateDuoMethod(ctx context.Context, methodId string, request schema.MfaUpdateDuoMethodRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

MfaUpdateDuoMethod Update the configuration for the given MFA method methodId: The unique identifier for this MFA method.

func (*Identity) MfaUpdateOktaMethod added in v0.4.0

func (i *Identity) MfaUpdateOktaMethod(ctx context.Context, methodId string, request schema.MfaUpdateOktaMethodRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

MfaUpdateOktaMethod Update the configuration for the given MFA method methodId: The unique identifier for this MFA method.

func (*Identity) MfaUpdatePingIdMethod added in v0.4.0

func (i *Identity) MfaUpdatePingIdMethod(ctx context.Context, methodId string, request schema.MfaUpdatePingIdMethodRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

MfaUpdatePingIdMethod Update the configuration for the given MFA method methodId: The unique identifier for this MFA method.

func (*Identity) MfaUpdateTotpMethod added in v0.4.0

func (i *Identity) MfaUpdateTotpMethod(ctx context.Context, methodId string, request schema.MfaUpdateTotpMethodRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

MfaUpdateTotpMethod Update the configuration for the given MFA method methodId: The unique identifier for this MFA method.

func (*Identity) MfaWriteLoginEnforcement added in v0.3.0

func (i *Identity) MfaWriteLoginEnforcement(ctx context.Context, name string, request schema.MfaWriteLoginEnforcementRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

MfaWriteLoginEnforcement Create or update a login enforcement name: Name for this login enforcement configuration

func (*Identity) OidcConfigure added in v0.3.0

func (i *Identity) OidcConfigure(ctx context.Context, request schema.OidcConfigureRequest, options ...RequestOption) (*Response[map[string]interface{}], error)

OidcConfigure

func (*Identity) OidcDeleteAssignment added in v0.3.0

func (i *Identity) OidcDeleteAssignment(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OidcDeleteAssignment name: Name of the assignment

func (*Identity) OidcDeleteClient added in v0.3.0

func (i *Identity) OidcDeleteClient(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OidcDeleteClient name: Name of the client.

func (*Identity) OidcDeleteKey added in v0.3.0

func (i *Identity) OidcDeleteKey(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OidcDeleteKey CRUD operations for OIDC keys. name: Name of the key

func (*Identity) OidcDeleteProvider added in v0.3.0

func (i *Identity) OidcDeleteProvider(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OidcDeleteProvider name: Name of the provider

func (*Identity) OidcDeleteRole added in v0.3.0

func (i *Identity) OidcDeleteRole(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OidcDeleteRole CRUD operations on OIDC Roles name: Name of the role

func (*Identity) OidcDeleteScope added in v0.3.0

func (i *Identity) OidcDeleteScope(ctx context.Context, name string, options ...RequestOption) (*Response[map[string]interface{}], error)

OidcDeleteScope name: Name of the scope

func (*Identity) OidcGenerateToken added in v0.3.0

func (i *Identity) OidcGenerateToken(ctx context.Context, name string, options ...RequestOption) (*