Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func HashAuth

func HashAuth(salter *salt.Salt, in *logical.Auth, HMACAccessor bool) (*logical.Auth, error)

    HashAuth returns a hashed copy of the logical.Auth input.

    func HashRequest

    func HashRequest(salter *salt.Salt, in *logical.Request, HMACAccessor bool, nonHMACDataKeys []string) (*logical.Request, error)

      HashRequest returns a hashed copy of the logical.Request input.

      func HashResponse

      func HashResponse(salter *salt.Salt, in *logical.Response, HMACAccessor bool, nonHMACDataKeys []string) (*logical.Response, error)

        HashResponse returns a hashed copy of the logical.Request input.

        func HashString

        func HashString(salter *salt.Salt, data string) string

          HashString hashes the given opaque string and returns it

          func HashStructure

          func HashStructure(s interface{}, cb HashCallback, ignoredKeys []string) error

            HashStructure takes an interface and hashes all the values within the structure. Only _values_ are hashed: keys of objects are not.

            For the HashCallback, see the built-in HashCallbacks below.

            func HashWrapInfo

            func HashWrapInfo(salter *salt.Salt, in *wrapping.ResponseWrapInfo, HMACAccessor bool) (*wrapping.ResponseWrapInfo, error)

              HashWrapInfo returns a hashed copy of the wrapping.ResponseWrapInfo input.

              Types

              type AuditAuth

              type AuditAuth struct {
              	ClientToken               string              `json:"client_token,omitempty"`
              	Accessor                  string              `json:"accessor,omitempty"`
              	DisplayName               string              `json:"display_name,omitempty"`
              	Policies                  []string            `json:"policies,omitempty"`
              	TokenPolicies             []string            `json:"token_policies,omitempty"`
              	IdentityPolicies          []string            `json:"identity_policies,omitempty"`
              	ExternalNamespacePolicies map[string][]string `json:"external_namespace_policies,omitempty"`
              	NoDefaultPolicy           bool                `json:"no_default_policy,omitempty"`
              	Metadata                  map[string]string   `json:"metadata,omitempty"`
              	NumUses                   int                 `json:"num_uses,omitempty"`
              	RemainingUses             int                 `json:"remaining_uses,omitempty"`
              	EntityID                  string              `json:"entity_id,omitempty"`
              	TokenType                 string              `json:"token_type,omitempty"`
              	TokenTTL                  int64               `json:"token_ttl,omitempty"`
              	TokenIssueTime            string              `json:"token_issue_time,omitempty"`
              }

              type AuditFormatWriter

              type AuditFormatWriter interface {
              	// WriteRequest writes the request entry to the writer or returns an error.
              	WriteRequest(io.Writer, *AuditRequestEntry) error
              	// WriteResponse writes the response entry to the writer or returns an error.
              	WriteResponse(io.Writer, *AuditResponseEntry) error
              	// Salt returns a non-nil salt or an error.
              	Salt(context.Context) (*salt.Salt, error)
              }

              type AuditFormatter

              type AuditFormatter struct {
              	AuditFormatWriter
              }

                AuditFormatter implements the Formatter interface, and allows the underlying marshaller to be swapped out

                func (*AuditFormatter) FormatRequest

                func (f *AuditFormatter) FormatRequest(ctx context.Context, w io.Writer, config FormatterConfig, in *logical.LogInput) error

                func (*AuditFormatter) FormatResponse

                func (f *AuditFormatter) FormatResponse(ctx context.Context, w io.Writer, config FormatterConfig, in *logical.LogInput) error

                type AuditNamespace

                type AuditNamespace struct {
                	ID   string `json:"id,omitempty"`
                	Path string `json:"path,omitempty"`
                }

                type AuditRequest

                type AuditRequest struct {
                	ID                            string                 `json:"id,omitempty"`
                	ReplicationCluster            string                 `json:"replication_cluster,omitempty"`
                	Operation                     logical.Operation      `json:"operation,omitempty"`
                	MountType                     string                 `json:"mount_type,omitempty"`
                	ClientToken                   string                 `json:"client_token,omitempty"`
                	ClientTokenAccessor           string                 `json:"client_token_accessor,omitempty"`
                	Namespace                     *AuditNamespace        `json:"namespace,omitempty"`
                	Path                          string                 `json:"path,omitempty"`
                	Data                          map[string]interface{} `json:"data,omitempty"`
                	PolicyOverride                bool                   `json:"policy_override,omitempty"`
                	RemoteAddr                    string                 `json:"remote_address,omitempty"`
                	WrapTTL                       int                    `json:"wrap_ttl,omitempty"`
                	Headers                       map[string][]string    `json:"headers,omitempty"`
                	ClientCertificateSerialNumber string                 `json:"client_certificate_serial_number,omitempty"`
                }

                type AuditRequestEntry

                type AuditRequestEntry struct {
                	Time    string        `json:"time,omitempty"`
                	Type    string        `json:"type,omitempty"`
                	Auth    *AuditAuth    `json:"auth,omitempty"`
                	Request *AuditRequest `json:"request,omitempty"`
                	Error   string        `json:"error,omitempty"`
                }

                  AuditRequestEntry is the structure of a request audit log entry in Audit.

                  type AuditResponse

                  type AuditResponse struct {
                  	Auth      *AuditAuth             `json:"auth,omitempty"`
                  	MountType string                 `json:"mount_type,omitempty"`
                  	Secret    *AuditSecret           `json:"secret,omitempty"`
                  	Data      map[string]interface{} `json:"data,omitempty"`
                  	Warnings  []string               `json:"warnings,omitempty"`
                  	Redirect  string                 `json:"redirect,omitempty"`
                  	WrapInfo  *AuditResponseWrapInfo `json:"wrap_info,omitempty"`
                  	Headers   map[string][]string    `json:"headers,omitempty"`
                  }

                  type AuditResponseEntry

                  type AuditResponseEntry struct {
                  	Time     string         `json:"time,omitempty"`
                  	Type     string         `json:"type,omitempty"`
                  	Auth     *AuditAuth     `json:"auth,omitempty"`
                  	Request  *AuditRequest  `json:"request,omitempty"`
                  	Response *AuditResponse `json:"response,omitempty"`
                  	Error    string         `json:"error,omitempty"`
                  }

                    AuditResponseEntry is the structure of a response audit log entry in Audit.

                    type AuditResponseWrapInfo

                    type AuditResponseWrapInfo struct {
                    	TTL             int    `json:"ttl,omitempty"`
                    	Token           string `json:"token,omitempty"`
                    	Accessor        string `json:"accessor,omitempty"`
                    	CreationTime    string `json:"creation_time,omitempty"`
                    	CreationPath    string `json:"creation_path,omitempty"`
                    	WrappedAccessor string `json:"wrapped_accessor,omitempty"`
                    }

                    type AuditSecret

                    type AuditSecret struct {
                    	LeaseID string `json:"lease_id,omitempty"`
                    }

                    type Backend

                    type Backend interface {
                    	// LogRequest is used to synchronously log a request. This is done after the
                    	// request is authorized but before the request is executed. The arguments
                    	// MUST not be modified in anyway. They should be deep copied if this is
                    	// a possibility.
                    	LogRequest(context.Context, *logical.LogInput) error
                    
                    	// LogResponse is used to synchronously log a response. This is done after
                    	// the request is processed but before the response is sent. The arguments
                    	// MUST not be modified in anyway. They should be deep copied if this is
                    	// a possibility.
                    	LogResponse(context.Context, *logical.LogInput) error
                    
                    	// GetHash is used to return the given data with the backend's hash,
                    	// so that a caller can determine if a value in the audit log matches
                    	// an expected plaintext value
                    	GetHash(context.Context, string) (string, error)
                    
                    	// Reload is called on SIGHUP for supporting backends.
                    	Reload(context.Context) error
                    
                    	// Invalidate is called for path invalidation
                    	Invalidate(context.Context)
                    }

                      Backend interface must be implemented for an audit mechanism to be made available. Audit backends can be enabled to sink information to different backends such as logs, file, databases, or other external services.

                      type BackendConfig

                      type BackendConfig struct {
                      	// The view to store the salt
                      	SaltView logical.Storage
                      
                      	// The salt config that should be used for any secret obfuscation
                      	SaltConfig *salt.Config
                      
                      	// Config is the opaque user configuration provided when mounting
                      	Config map[string]string
                      }

                        BackendConfig contains configuration parameters used in the factory func to instantiate audit backends

                        type Factory

                        type Factory func(context.Context, *BackendConfig) (Backend, error)

                          Factory is the factory function to create an audit backend.

                          type Formatter

                          type Formatter interface {
                          	FormatRequest(context.Context, io.Writer, FormatterConfig, *logical.LogInput) error
                          	FormatResponse(context.Context, io.Writer, FormatterConfig, *logical.LogInput) error
                          }

                            Formatter is an interface that is responsible for formating a request/response into some format. Formatters write their output to an io.Writer.

                            It is recommended that you pass data through Hash prior to formatting it.

                            type FormatterConfig

                            type FormatterConfig struct {
                            	Raw          bool
                            	HMACAccessor bool
                            
                            	// This should only ever be used in a testing context
                            	OmitTime bool
                            }

                            type HashCallback

                            type HashCallback func(string) string

                              HashCallback is the callback called for HashStructure to hash a value.

                              type JSONFormatWriter

                              type JSONFormatWriter struct {
                              	Prefix   string
                              	SaltFunc func(context.Context) (*salt.Salt, error)
                              }

                                JSONFormatWriter is an AuditFormatWriter implementation that structures data into a JSON format.

                                func (*JSONFormatWriter) Salt

                                func (f *JSONFormatWriter) Salt(ctx context.Context) (*salt.Salt, error)

                                func (*JSONFormatWriter) WriteRequest

                                func (f *JSONFormatWriter) WriteRequest(w io.Writer, req *AuditRequestEntry) error

                                func (*JSONFormatWriter) WriteResponse

                                func (f *JSONFormatWriter) WriteResponse(w io.Writer, resp *AuditResponseEntry) error

                                type JSONxFormatWriter

                                type JSONxFormatWriter struct {
                                	Prefix   string
                                	SaltFunc func(context.Context) (*salt.Salt, error)
                                }

                                  JSONxFormatWriter is an AuditFormatWriter implementation that structures data into a XML format.

                                  func (*JSONxFormatWriter) Salt

                                  func (f *JSONxFormatWriter) Salt(ctx context.Context) (*salt.Salt, error)

                                  func (*JSONxFormatWriter) WriteRequest

                                  func (f *JSONxFormatWriter) WriteRequest(w io.Writer, req *AuditRequestEntry) error

                                  func (*JSONxFormatWriter) WriteResponse

                                  func (f *JSONxFormatWriter) WriteResponse(w io.Writer, resp *AuditResponseEntry) error