v0.13.0 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: May 23, 2024 License: MPL-2.0 Imports: 4 Imported by: 120




View Source
const (
	// ExpirationRestoreWorkerCount specifies the number of workers to use while
	// restoring leases into the expiration manager
	ExpirationRestoreWorkerCount = 64

	// NamespaceHeaderName is the header set to specify which namespace the
	// request is indented for.
	NamespaceHeaderName = "X-Vault-Namespace"

	// AuthHeaderName is the name of the header containing the token.
	AuthHeaderName = "X-Vault-Token"

	// RequestHeaderName is the name of the header used by the Agent for
	// SSRF protection.
	RequestHeaderName = "X-Vault-Request"

	// WrapTTLHeaderName is the name of the header containing a directive to
	// wrap the response
	WrapTTLHeaderName = "X-Vault-Wrap-TTL"

	// PerformanceReplicationALPN is the negotiated protocol used for
	// performance replication.
	PerformanceReplicationALPN = "replication_v1"

	// DRReplicationALPN is the negotiated protocol used for dr replication.
	DRReplicationALPN = "replication_dr_v1"

	PerfStandbyALPN = "perf_standby_v1"

	RequestForwardingALPN = "req_fw_sb-act_v1"

	RaftStorageALPN = "raft_storage_v1"

	// ReplicationResolverALPN is the negotiated protocol used for
	// resolving replicaiton addresses
	ReplicationResolverALPN = "replication_resolver_v1"

	VaultEnableFilePermissionsCheckEnv = "VAULT_ENABLE_FILE_PERMISSIONS_CHECK"

	VaultDisableUserLockout = "VAULT_DISABLE_USER_LOCKOUT"

	PerformanceReplicationPathTarget = "performance"

	DRReplicationPathTarget = "dr"
View Source
const (
	Supported = iota

These are the states of deprecation for builtin plugins

View Source
const (
	// N.B. This needs to be excluded from replication despite the name; it's
	// merely saying that this is cluster information for the replicated
	// cluster.
	CoreReplicatedClusterPrefix   = "core/cluster/replicated/"
	CoreReplicatedClusterPrefixDR = "core/cluster/replicated-dr/"

	CoreReplicatedClusterInfoPath            = CoreReplicatedClusterPrefix + "info"
	CoreReplicatedClusterSecondariesPrefix   = CoreReplicatedClusterPrefix + "secondaries/"
	CoreReplicatedClusterInfoPathDR          = CoreReplicatedClusterPrefixDR + "info"
	CoreReplicatedClusterSecondariesPrefixDR = CoreReplicatedClusterPrefixDR + "secondaries/"

	// This is an identifier for the current secondary in the replicated paths
	// manager.  It should contain a character that is not allowed in secondary
	// ids to ensure it doesn't collide.
	CurrentReplicatedSecondaryIdentifier = ".current"
	CoreFeatureFlagPath                  = "core/cluster/feature-flags"
View Source
const (
	ServiceTokenPrefix        = "hvs."
	BatchTokenPrefix          = "hvb."
	RecoveryTokenPrefix       = "hvr."
	LegacyServiceTokenPrefix  = "s."
	LegacyBatchTokenPrefix    = "b."
	LegacyRecoveryTokenPrefix = "r."
View Source
const AgentPathCacheClear = "/agent/v1/cache-clear"

AgentPathCacheClear is the path that the agent will use as its cache-clear endpoint.

View Source
const AgentPathMetrics = "/agent/v1/metrics"

AgentPathMetrics is the path the agent will use to expose its internal metrics.

View Source
const AgentPathQuit = "/agent/v1/quit"

AgentPathQuit is the path that the agent will use to trigger stopping it.

View Source
const DefaultMaxBackoff = 5 * time.Minute

DefaultMaxBackoff is the default max backoff time for agent and proxy

View Source
const DefaultMinBackoff = 1 * time.Second

DefaultMinBackoff is the default minimum backoff time for agent and proxy

View Source
const EnvVaultAllowPendingRemovalMounts = "VAULT_ALLOW_PENDING_REMOVAL_MOUNTS"

EnvVaultAllowPendingRemovalMounts allows Pending Removal builtins to be mounted as if they are Deprecated to facilitate migration to supported builtin plugins.

View Source
const ProxyPathCacheClear = "/proxy/v1/cache-clear"

ProxyPathCacheClear is the path that the proxy will use as its cache-clear endpoint.

View Source
const ProxyPathMetrics = "/proxy/v1/metrics"

ProxyPathMetrics is the path the proxy will use to expose its internal metrics.

View Source
const ProxyPathQuit = "/proxy/v1/quit"

ProxyPathQuit is the path that the proxy will use to trigger stopping it.


View Source
var (
	// ErrSealed is returned if an operation is performed on a sealed barrier.
	// No operation is expected to succeed before unsealing
	ErrSealed = errors.New("Vault is sealed")

	// ErrAPILocked is returned if an operation is performed when the API is
	// locked for the request namespace.
	ErrAPILocked = errors.New("API access to this namespace has been locked by an administrator")

	// ErrStandby is returned if an operation is performed on a standby Vault.
	// No operation is expected to succeed until active.
	ErrStandby = errors.New("Vault is in standby mode")

	// ErrPathContainsParentReferences is returned when a path contains parent
	// references.
	ErrPathContainsParentReferences = errors.New("path cannot contain parent references")

	// ErrInvalidWrappingToken is returned when checking for the validity of
	// a wrapping token that turns out to be invalid.
	ErrInvalidWrappingToken = errors.New("wrapping token is not valid or does not exist")

	// ErrOverloaded indicates the Vault server is at capacity.
	ErrOverloaded = errors.New("overloaded, try again later")
View Source
var PluginRuntimeTypes = _PluginRuntimeTypeValues


This section is empty.


type DeprecationStatus added in v0.6.0

type DeprecationStatus uint32

DeprecationStatus represents the current deprecation state for builtins

func (DeprecationStatus) String added in v0.6.0

func (s DeprecationStatus) String() string

String returns the string representation of a builtin deprecation status

type HAState added in v0.3.0

type HAState uint32
const (
	Standby HAState

type PluginRuntimeType added in v0.10.0

type PluginRuntimeType uint32
const (
	DefaultContainerPluginOCIRuntime = "runsc"

	PluginRuntimeTypeUnsupported PluginRuntimeType = iota

This is a list of PluginRuntimeTypes used by Vault.

func ParsePluginRuntimeType added in v0.10.0

func ParsePluginRuntimeType(PluginRuntimeType string) (PluginRuntimeType, error)

ParsePluginRuntimeType is a wrapper around PluginRuntimeTypeString kept for backwards compatibility.

func PluginRuntimeTypeString added in v0.13.0

func PluginRuntimeTypeString(s string) (PluginRuntimeType, error)

PluginRuntimeTypeString retrieves an enum value from the enum constants string name. Throws an error if the param is not part of the enum.

func PluginRuntimeTypeValues added in v0.13.0

func PluginRuntimeTypeValues() []PluginRuntimeType

PluginRuntimeTypeValues returns all values of the enum

func (PluginRuntimeType) IsAPluginRuntimeType added in v0.13.0

func (i PluginRuntimeType) IsAPluginRuntimeType() bool

IsAPluginRuntimeType returns "true" if the value is listed in the enum definition. "false" otherwise

func (PluginRuntimeType) String added in v0.10.0

func (i PluginRuntimeType) String() string

type PluginType

type PluginType uint32
const (
	PluginTypeUnknown PluginType = iota

This is a list of PluginTypes used by Vault. If we need to add any in the future, it would be best to add them to the _end_ of the list below because they resolve to incrementing numbers, which may be saved in state somewhere. Thus if the name for one of those numbers changed because a value were added to the middle, that could cause the wrong plugin types to be read from storage for a given underlying number. Example of the problem here:

func ParsePluginType

func ParsePluginType(pluginType string) (PluginType, error)

func (PluginType) MarshalJSON added in v0.11.0

func (p PluginType) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler.

func (PluginType) String

func (p PluginType) String() string

func (*PluginType) UnmarshalJSON added in v0.11.0

func (p *PluginType) UnmarshalJSON(data []byte) error

UnmarshalJSON implements json.Unmarshaler. It supports unmarshaling either a string or a uint32. All new serialization will be as a string, but we previously serialized as a uint32 so we need to support that for backwards compatibility.

type ReplicationState

type ReplicationState uint32
const (
	OldReplicationPrimary ReplicationState

	ReplicationUnknown            ReplicationState = 0
	ReplicationPerformancePrimary ReplicationState = 1 << iota // Note -- iota is 5 here!

func (*ReplicationState) AddState

func (r *ReplicationState) AddState(flag ReplicationState)

func (*ReplicationState) ClearState

func (r *ReplicationState) ClearState(flag ReplicationState)

func (ReplicationState) GetDRString

func (r ReplicationState) GetDRString() string

func (ReplicationState) GetPerformanceString

func (r ReplicationState) GetPerformanceString() string

func (ReplicationState) HasState

func (r ReplicationState) HasState(flag ReplicationState) bool

func (ReplicationState) IsPrimaryState added in v0.2.0

func (r ReplicationState) IsPrimaryState() bool

func (ReplicationState) StateStrings

func (r ReplicationState) StateStrings() []string

func (*ReplicationState) ToggleState

func (r *ReplicationState) ToggleState(flag ReplicationState)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL