Documentation

Index

Constants

View Source
const (

	// for testing purposes (public as needed)
	ActivityLogPrefix = "sys/counters/activity/log/"
	ActivityPrefix    = "sys/counters/activity/"
)
View Source
const (
	AESGCMVersion1 = 0x1
	AESGCMVersion2 = 0x2
)

    Versions of the AESGCM storage methodology

    View Source
    const (
    	CORSDisabled uint32 = iota
    	CORSEnabled
    )
    View Source
    const (
    	DenyCapability   = "deny"
    	CreateCapability = "create"
    	ReadCapability   = "read"
    	UpdateCapability = "update"
    	DeleteCapability = "delete"
    	ListCapability   = "list"
    	SudoCapability   = "sudo"
    	RootCapability   = "root"
    
    	// Backwards compatibility
    	OldDenyPathPolicy  = "deny"
    	OldReadPathPolicy  = "read"
    	OldWritePathPolicy = "write"
    	OldSudoPathPolicy  = "sudo"
    )
    View Source
    const (
    	DenyCapabilityInt uint32 = 1 << iota
    	CreateCapabilityInt
    	ReadCapabilityInt
    	UpdateCapabilityInt
    	DeleteCapabilityInt
    	ListCapabilityInt
    	SudoCapabilityInt
    )
    View Source
    const (
    	RecoveryTypeUnsupported = "unsupported"
    	RecoveryTypeShamir      = "shamir"
    )
    View Source
    const (
    	// CoreLockPath is the path used to acquire a coordinating lock
    	// for a highly-available deploy.
    	CoreLockPath = "core/lock"
    )
    View Source
    const (
    
    	// Internal so as not to log a trace message
    	IntNoForwardingHeaderName = "X-Vault-Internal-No-Request-Forwarding"
    )
    View Source
    const (
    
    	// StoredBarrierKeysPath is the path used for storing HSM-encrypted unseal keys
    	StoredBarrierKeysPath = "core/hsm/barrier-unseal-keys"
    )

    Variables

    View Source
    var (
    	// ErrBarrierSealed is returned if an operation is performed on
    	// a sealed barrier. No operation is expected to succeed before unsealing
    	ErrBarrierSealed = errors.New("Vault is sealed")
    
    	// ErrBarrierAlreadyInit is returned if the barrier is already
    	// initialized. This prevents a re-initialization.
    	ErrBarrierAlreadyInit = errors.New("Vault is already initialized")
    
    	// ErrBarrierNotInit is returned if a non-initialized barrier
    	// is attempted to be unsealed.
    	ErrBarrierNotInit = errors.New("Vault is not initialized")
    
    	// ErrBarrierInvalidKey is returned if the Unseal key is invalid
    	ErrBarrierInvalidKey = errors.New("Unseal failed, invalid key")
    
    	// ErrPlaintextTooLarge is returned if a plaintext is offered for encryption
    	// that is too large to encrypt in memory
    	ErrPlaintextTooLarge = errors.New("plaintext value too large")
    )
    View Source
    var (
    	ErrCannotForward          = errors.New("cannot forward request; no connection or address not known")
    	ErrCannotForwardLocalOnly = errors.New("cannot forward local-only request")
    )
    View Source
    var (
    	// ErrAlreadyInit is returned if the core is already
    	// initialized. This prevents a re-initialization.
    	ErrAlreadyInit = errors.New("Vault is already initialized")
    
    	// ErrNotInit is returned if a non-initialized barrier
    	// is attempted to be unsealed.
    	ErrNotInit = errors.New("Vault is not initialized")
    
    	// ErrInternalError is returned when we don't want to leak
    	// any information about an internal error
    	ErrInternalError = errors.New("internal error")
    
    	// ErrHANotEnabled is returned if the operation only makes sense
    	// in an HA setting
    	ErrHANotEnabled = errors.New("Vault is not configured for highly-available mode")
    
    	LastWAL               = lastWALImpl
    	LastPerformanceWAL    = lastPerformanceWALImpl
    	PerformanceMerkleRoot = merkleRootImpl
    	DRMerkleRoot          = merkleRootImpl
    	LastRemoteWAL         = lastRemoteWALImpl
    	LastRemoteUpstreamWAL = lastRemoteUpstreamWALImpl
    	WaitUntilWALShipped   = waitUntilWALShippedImpl
    )
    View Source
    var (
    	ErrDirectoryNotConfigured = errors.New("could not set plugin, plugin directory is not configured")
    	ErrPluginNotFound         = errors.New("plugin not found in the catalog")
    	ErrPluginBadType          = errors.New("unable to determine plugin type")
    )
    View Source
    var (
    	// DefaultMaxRequestDuration is the amount of time we'll wait for a request
    	// to complete, unless overridden on a per-handler basis
    	DefaultMaxRequestDuration = 90 * time.Second
    )
    View Source
    var DefaultNumCores = 3
    View Source
    var (
    	ErrInRestoreMode = errors.New("expiration manager in restore mode")
    )
    View Source
    var File_vault_request_forwarding_service_proto protoreflect.FileDescriptor
    View Source
    var (
    	NamespaceByID func(context.Context, string, *Core) (*namespace.Namespace, error) = namespaceByID
    )
    View Source
    var StdAllowedHeaders = []string{
    	"Content-Type",
    	"X-Requested-With",
    	"X-Vault-AWS-IAM-Server-ID",
    	"X-Vault-MFA",
    	"X-Vault-No-Request-Forwarding",
    	"X-Vault-Wrap-Format",
    	"X-Vault-Wrap-TTL",
    	"X-Vault-Policy-Override",
    	"Authorization",
    	consts.AuthHeaderName,
    }
    View Source
    var (
    
    	// TestingUpdateClusterAddr is used in tests to override the cluster address
    	TestingUpdateClusterAddr uint32
    )
    View Source
    var (
    	// TokenLength is the size of tokens we are currently generating, without
    	// any namespace information
    	TokenLength = 24
    )

    Functions

    func ActiveEntitiesEqual

    func ActiveEntitiesEqual(active map[string]struct{}, test []*activity.EntityRecord) bool

      ActiveEntitiesEqual checks that only the set of `test` exists in `active`

      func AddNoopAudit

      func AddNoopAudit(conf *CoreConfig, records **[][]byte)

      func AddTestCredentialBackend

      func AddTestCredentialBackend(name string, factory logical.Factory) error

        This adds a credential backend for the test core. This needs to be invoked before the test core is created.

        func AddTestLogicalBackend

        func AddTestLogicalBackend(name string, factory logical.Factory) error

          This adds a logical backend for the test core. This needs to be invoked before the test core is created.

          func CubbyholeBackendFactory

          func CubbyholeBackendFactory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error)

            CubbyholeBackendFactory constructs a new cubbyhole backend

            func GenerateRandBytes

            func GenerateRandBytes(length int) ([]byte, error)

            func IsFatalError

            func IsFatalError(err error) bool

              IsFatalError returns true if the given error is a fatal error.

              func LeaseSwitchedPassthroughBackend

              func LeaseSwitchedPassthroughBackend(ctx context.Context, conf *logical.BackendConfig, leases bool) (logical.Backend, error)

                LeaseSwitchedPassthroughBackend returns a PassthroughBackend with leases switched on or off

                func LeasedPassthroughBackendFactory

                func LeasedPassthroughBackendFactory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error)

                  LeasedPassthroughBackendFactory returns a PassthroughBackend with leases switched on

                  func NewAutoSeal

                  func NewAutoSeal(lowLevel *seal.Access) *autoSeal

                  func NewMockBuiltinRegistry

                  func NewMockBuiltinRegistry() *mockBuiltinRegistry

                  func NewRequestForwardingHandler

                  func NewRequestForwardingHandler(c *Core, fws *http2.Server, perfStandbySlots chan struct{}, perfStandbyRepCluster *replication.Cluster) (*requestForwardingHandler, error)

                    NewRequestForwardingHandler creates a cluster handler for use with request forwarding.

                    func NewSealUnwrapper

                    func NewSealUnwrapper(underlying physical.Backend, logger log.Logger) physical.Backend

                      NewSealUnwrapper creates a new seal unwrapper

                      func NoopBackendFactory

                      func NoopBackendFactory(_ context.Context, _ *logical.BackendConfig) (logical.Backend, error)

                      func ParseRequiredState

                      func ParseRequiredState(raw string, hmacKey []byte) (*logical.WALState, error)

                      func PassthroughBackendFactory

                      func PassthroughBackendFactory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error)

                        PassthroughBackendFactory returns a PassthroughBackend with leases switched off

                        func RegisterRequestForwardingServer

                        func RegisterRequestForwardingServer(s *grpc.Server, srv RequestForwardingServer)

                        func SetReplicationFailureMode

                        func SetReplicationFailureMode(core *TestClusterCore, mode uint32)

                        func TestAddTestPlugin

                        func TestAddTestPlugin(t testing.T, c *Core, name string, pluginType consts.PluginType, testFunc string, env []string, tempDir string)

                          TestAddTestPlugin registers the testFunc as part of the plugin command to the plugin catalog. If provided, uses tmpDir as the plugin directory.

                          func TestCoreInit

                          func TestCoreInit(t testing.T, core *Core) ([][]byte, string)

                            TestCoreInit initializes the core with a single key, and returns the key that must be used to unseal the core and a root token.

                            func TestCoreInitClusterWrapperSetup

                            func TestCoreInitClusterWrapperSetup(t testing.T, core *Core, handler http.Handler) ([][]byte, [][]byte, string)

                            func TestCoreUnseal

                            func TestCoreUnseal(core *Core, key []byte) (bool, error)

                            func TestDynamicSystemView

                            func TestDynamicSystemView(c *Core) *dynamicSystemView

                            func TestKeyCopy

                            func TestKeyCopy(key []byte) []byte

                              TestKeyCopy is a silly little function to just copy the key so that it can be used with Unseal easily.

                              func TestWaitActive

                              func TestWaitActive(t testing.T, core *Core)

                              func TestWaitActiveForwardingReady

                              func TestWaitActiveForwardingReady(t testing.T, core *Core)

                              func TestWaitActiveWithError

                              func TestWaitActiveWithError(core *Core) error

                              func WriteToStorage

                              func WriteToStorage(t *testing.T, c *Core, path string, data []byte)

                                WriteToStorage is used to put entity data in storage `path` should be the complete path (not relative to the view)

                                Types

                                type ACL

                                type ACL struct {
                                	// contains filtered or unexported fields
                                }

                                  ACL is used to wrap a set of policies to provide an efficient interface for access control.

                                  func NewACL

                                  func NewACL(ctx context.Context, policies []*Policy) (*ACL, error)

                                    NewACL is used to construct a policy based ACL from a set of policies.

                                    func (*ACL) AllowOperation

                                    func (a *ACL) AllowOperation(ctx context.Context, req *logical.Request, capCheckOnly bool) (ret *ACLResults)

                                      AllowOperation is used to check if the given operation is permitted.

                                      func (*ACL) Capabilities

                                      func (a *ACL) Capabilities(ctx context.Context, path string) (pathCapabilities []string)

                                      func (*ACL) CheckAllowedFromNonExactPaths

                                      func (a *ACL) CheckAllowedFromNonExactPaths(path string, bareMount bool) *ACLPermissions

                                        CheckAllowedFromNonExactPaths returns permissions corresponding to a matching path with wildcards/globs. If bareMount is true, the path should correspond to a mount prefix, and what is returned is either a non-nil set of permissions from some allowed path underneath the mount (for use in mount access checks), or nil indicating no non-deny permissions were found.

                                        type ACLPermissions

                                        type ACLPermissions struct {
                                        	CapabilitiesBitmap uint32
                                        	MinWrappingTTL     time.Duration
                                        	MaxWrappingTTL     time.Duration
                                        	AllowedParameters  map[string][]interface{}
                                        	DeniedParameters   map[string][]interface{}
                                        	RequiredParameters []string
                                        	MFAMethods         []string
                                        	ControlGroup       *ControlGroup
                                        }

                                        func (*ACLPermissions) Clone

                                        func (p *ACLPermissions) Clone() (*ACLPermissions, error)

                                        type ACLResults

                                        type ACLResults struct {
                                        	Allowed            bool
                                        	RootPrivs          bool
                                        	IsRoot             bool
                                        	MFAMethods         []string
                                        	ControlGroup       *ControlGroup
                                        	CapabilitiesBitmap uint32
                                        }

                                        type AESGCMBarrier

                                        type AESGCMBarrier struct {
                                        	UnaccountedEncryptions atomic.Int64
                                        	// Used only for testing
                                        	RemoteEncryptions atomic.Int64
                                        	// contains filtered or unexported fields
                                        }

                                          AESGCMBarrier is a SecurityBarrier implementation that uses the AES cipher core and the Galois Counter Mode block mode. It defaults to the golang NONCE default value of 12 and a key size of 256 bit. AES-GCM is high performance, and provides both confidentiality and integrity.

                                          func NewAESGCMBarrier

                                          func NewAESGCMBarrier(physical physical.Backend) (*AESGCMBarrier, error)

                                            NewAESGCMBarrier is used to construct a new barrier that uses the provided physical backend for storage.

                                            func (*AESGCMBarrier) ActiveKeyInfo

                                            func (b *AESGCMBarrier) ActiveKeyInfo() (*KeyInfo, error)

                                              ActiveKeyInfo is used to inform details about the active key

                                              func (*AESGCMBarrier) AddRemoteEncryptions

                                              func (b *AESGCMBarrier) AddRemoteEncryptions(encryptions int64)

                                              func (*AESGCMBarrier) CheckBarrierAutoRotate

                                              func (b *AESGCMBarrier) CheckBarrierAutoRotate(ctx context.Context) (string, error)

                                              func (*AESGCMBarrier) CheckUpgrade

                                              func (b *AESGCMBarrier) CheckUpgrade(ctx context.Context) (bool, uint32, error)

                                                CheckUpgrade looks for an upgrade to the current term and installs it

                                                func (*AESGCMBarrier) ConsumeEncryptionCount

                                                func (b *AESGCMBarrier) ConsumeEncryptionCount(consumer func(int64) error) error

                                                func (*AESGCMBarrier) CreateUpgrade

                                                func (b *AESGCMBarrier) CreateUpgrade(ctx context.Context, term uint32) error

                                                  CreateUpgrade creates an upgrade path key to the given term from the previous term

                                                  func (*AESGCMBarrier) Decrypt

                                                  func (b *AESGCMBarrier) Decrypt(_ context.Context, key string, ciphertext []byte) ([]byte, error)

                                                    Decrypt is used to decrypt in-memory for the BarrierEncryptor interface

                                                    func (*AESGCMBarrier) Delete

                                                    func (b *AESGCMBarrier) Delete(ctx context.Context, key string) error

                                                      Delete is used to permanently delete an entry

                                                      func (*AESGCMBarrier) DestroyUpgrade

                                                      func (b *AESGCMBarrier) DestroyUpgrade(ctx context.Context, term uint32) error

                                                        DestroyUpgrade destroys the upgrade path key to the given term

                                                        func (*AESGCMBarrier) Encrypt

                                                        func (b *AESGCMBarrier) Encrypt(ctx context.Context, key string, plaintext []byte) ([]byte, error)

                                                          Encrypt is used to encrypt in-memory for the BarrierEncryptor interface

                                                          func (*AESGCMBarrier) GenerateKey

                                                          func (b *AESGCMBarrier) GenerateKey(reader io.Reader) ([]byte, error)

                                                            GenerateKey is used to generate a new key

                                                            func (*AESGCMBarrier) Get

                                                              Get is used to fetch an entry

                                                              func (*AESGCMBarrier) Initialize

                                                              func (b *AESGCMBarrier) Initialize(ctx context.Context, key, sealKey []byte, reader io.Reader) error

                                                                Initialize works only if the barrier has not been initialized and makes use of the given master key.

                                                                func (*AESGCMBarrier) Initialized

                                                                func (b *AESGCMBarrier) Initialized(ctx context.Context) (bool, error)

                                                                  Initialized checks if the barrier has been initialized and has a master key set.

                                                                  func (*AESGCMBarrier) KeyLength

                                                                  func (b *AESGCMBarrier) KeyLength() (int, int)

                                                                    KeyLength is used to sanity check a key

                                                                    func (*AESGCMBarrier) Keyring

                                                                    func (b *AESGCMBarrier) Keyring() (*Keyring, error)

                                                                    func (*AESGCMBarrier) List

                                                                    func (b *AESGCMBarrier) List(ctx context.Context, prefix string) ([]string, error)

                                                                      List is used ot list all the keys under a given prefix, up to the next prefix.

                                                                      func (*AESGCMBarrier) Put

                                                                      func (b *AESGCMBarrier) Put(ctx context.Context, entry *logical.StorageEntry) error

                                                                        Put is used to insert or update an entry

                                                                        func (*AESGCMBarrier) Rekey

                                                                        func (b *AESGCMBarrier) Rekey(ctx context.Context, key []byte) error

                                                                          Rekey is used to change the master key used to protect the keyring

                                                                          func (*AESGCMBarrier) ReloadKeyring

                                                                          func (b *AESGCMBarrier) ReloadKeyring(ctx context.Context) error

                                                                            ReloadKeyring is used to re-read the underlying keyring. This is used for HA deployments to ensure the latest keyring is present in the leader.

                                                                            func (*AESGCMBarrier) ReloadMasterKey

                                                                            func (b *AESGCMBarrier) ReloadMasterKey(ctx context.Context) error

                                                                              ReloadMasterKey is used to re-read the underlying masterkey. This is used for HA deployments to ensure the latest master key is available for keyring reloading.

                                                                              func (*AESGCMBarrier) Rotate

                                                                              func (b *AESGCMBarrier) Rotate(ctx context.Context, randomSource io.Reader) (uint32, error)

                                                                                Rotate is used to create a new encryption key. All future writes should use the new key, while old values should still be decryptable.

                                                                                func (*AESGCMBarrier) RotationConfig

                                                                                func (b *AESGCMBarrier) RotationConfig() (kc KeyRotationConfig, err error)

                                                                                func (*AESGCMBarrier) Seal

                                                                                func (b *AESGCMBarrier) Seal() error

                                                                                  Seal is used to re-seal the barrier. This requires the barrier to be unsealed again to perform any further operations.

                                                                                  func (*AESGCMBarrier) Sealed

                                                                                  func (b *AESGCMBarrier) Sealed() (bool, error)

                                                                                    Sealed checks if the barrier has been unlocked yet. The Barrier is not expected to be able to perform any CRUD until it is unsealed.

                                                                                    func (*AESGCMBarrier) SetMasterKey

                                                                                    func (b *AESGCMBarrier) SetMasterKey(key []byte) error

                                                                                      SetMasterKey updates the keyring's in-memory master key but does not persist anything to storage

                                                                                      func (*AESGCMBarrier) SetRotationConfig

                                                                                      func (b *AESGCMBarrier) SetRotationConfig(ctx context.Context, rotConfig KeyRotationConfig) error

                                                                                      func (*AESGCMBarrier) TotalLocalEncryptions

                                                                                      func (b *AESGCMBarrier) TotalLocalEncryptions() int64

                                                                                        UnaccountedEncryptions returns the number of encryptions made on the local instance only for the current key term

                                                                                        func (*AESGCMBarrier) Unseal

                                                                                        func (b *AESGCMBarrier) Unseal(ctx context.Context, key []byte) error

                                                                                          Unseal is used to provide the master key which permits the barrier to be unsealed. If the key is not correct, the barrier remains sealed.

                                                                                          func (*AESGCMBarrier) VerifyMaster

                                                                                          func (b *AESGCMBarrier) VerifyMaster(key []byte) error

                                                                                            VerifyMaster is used to check if the given key matches the master key

                                                                                            type APIMountConfig

                                                                                            type APIMountConfig struct {
                                                                                            	DefaultLeaseTTL           string                `json:"default_lease_ttl" structs:"default_lease_ttl" mapstructure:"default_lease_ttl"`
                                                                                            	MaxLeaseTTL               string                `json:"max_lease_ttl" structs:"max_lease_ttl" mapstructure:"max_lease_ttl"`
                                                                                            	ForceNoCache              bool                  `json:"force_no_cache" structs:"force_no_cache" mapstructure:"force_no_cache"`
                                                                                            	AuditNonHMACRequestKeys   []string              `json:"audit_non_hmac_request_keys,omitempty" structs:"audit_non_hmac_request_keys" mapstructure:"audit_non_hmac_request_keys"`
                                                                                            	AuditNonHMACResponseKeys  []string              `` /* 128-byte string literal not displayed */
                                                                                            	ListingVisibility         ListingVisibilityType `json:"listing_visibility,omitempty" structs:"listing_visibility" mapstructure:"listing_visibility"`
                                                                                            	PassthroughRequestHeaders []string              `json:"passthrough_request_headers,omitempty" structs:"passthrough_request_headers" mapstructure:"passthrough_request_headers"`
                                                                                            	AllowedResponseHeaders    []string              `json:"allowed_response_headers,omitempty" structs:"allowed_response_headers" mapstructure:"allowed_response_headers"`
                                                                                            	TokenType                 string                `json:"token_type" structs:"token_type" mapstructure:"token_type"`
                                                                                            
                                                                                            	// PluginName is the name of the plugin registered in the catalog.
                                                                                            	//
                                                                                            	// Deprecated: MountEntry.Type should be used instead for Vault 1.0.0 and beyond.
                                                                                            	PluginName string `json:"plugin_name,omitempty" structs:"plugin_name,omitempty" mapstructure:"plugin_name"`
                                                                                            }

                                                                                              APIMountConfig is an embedded struct of api.MountConfigInput

                                                                                              type ActiveEntities

                                                                                              type ActiveEntities struct {
                                                                                              	// Entities contains information about the number of active entities.
                                                                                              	Entities EntityCounter `json:"entities"`
                                                                                              }

                                                                                                ActiveEntities contains the number of active entities.

                                                                                                type ActiveTokens

                                                                                                type ActiveTokens struct {
                                                                                                	// ServiceTokens contains information about the number of active service
                                                                                                	// tokens.
                                                                                                	ServiceTokens TokenCounter `json:"service_tokens"`
                                                                                                }

                                                                                                  ActiveTokens contains the number of active tokens.

                                                                                                  type ActivityIntentLog

                                                                                                  type ActivityIntentLog struct {
                                                                                                  	PreviousMonth int64 `json:"previous_month"`
                                                                                                  	NextMonth     int64 `json:"next_month"`
                                                                                                  }

                                                                                                  type ActivityLog

                                                                                                  type ActivityLog struct {
                                                                                                  	// contains filtered or unexported fields
                                                                                                  }

                                                                                                    ActivityLog tracks unique entity counts and non-entity token counts. It handles assembling log fragments (and sending them to the active node), writing log segments, and precomputing queries.

                                                                                                    func NewActivityLog

                                                                                                    func NewActivityLog(core *Core, logger log.Logger, view *BarrierView, metrics metricsutil.Metrics) (*ActivityLog, error)

                                                                                                      NewActivityLog creates an activity log.

                                                                                                      func (*ActivityLog) AddEntityToFragment

                                                                                                      func (a *ActivityLog) AddEntityToFragment(entityID string, namespaceID string, timestamp int64)

                                                                                                        AddEntityToFragment checks an entity ID for uniqueness and if not already present, adds it to the current fragment. The timestamp is a Unix timestamp *without* nanoseconds, as that is what token.CreationTime uses.

                                                                                                        func (*ActivityLog) AddTokenToFragment

                                                                                                        func (a *ActivityLog) AddTokenToFragment(namespaceID string)

                                                                                                        func (*ActivityLog) DefaultStartTime

                                                                                                        func (a *ActivityLog) DefaultStartTime(endTime time.Time) time.Time

                                                                                                        func (*ActivityLog) ExpectCurrentSegmentRefreshed

                                                                                                        func (a *ActivityLog) ExpectCurrentSegmentRefreshed(t *testing.T, expectedStart int64, verifyTimeNotZero bool)

                                                                                                          ExpectCurrentSegmentRefreshed verifies that the current segment has been refreshed non-nil empty components and updated with the `expectedStart` timestamp Note: if `verifyTimeNotZero` is true, ignore `expectedStart` and just make sure the timestamp isn't 0

                                                                                                          func (*ActivityLog) GetCountByNamespaceID

                                                                                                          func (a *ActivityLog) GetCountByNamespaceID() map[string]uint64

                                                                                                            GetCountByNamespaceID returns the count of tokens by namespace ID

                                                                                                            func (*ActivityLog) GetCurrentEntities

                                                                                                            func (a *ActivityLog) GetCurrentEntities() *activity.EntityActivityLog

                                                                                                              GetCurrentEntities returns the current entity activity log

                                                                                                              func (*ActivityLog) GetEnabled

                                                                                                              func (a *ActivityLog) GetEnabled() bool

                                                                                                                GetEnabled returns the enabled flag on an activity log

                                                                                                                func (*ActivityLog) GetEntitySequenceNumber

                                                                                                                func (a *ActivityLog) GetEntitySequenceNumber() uint64

                                                                                                                  GetEntitySequenceNumber returns the current entity sequence number

                                                                                                                  func (*ActivityLog) GetStartTimestamp

                                                                                                                  func (a *ActivityLog) GetStartTimestamp() int64

                                                                                                                    GetStartTimestamp returns the start timestamp on an activity log

                                                                                                                    func (*ActivityLog) HandleEndOfMonth

                                                                                                                    func (a *ActivityLog) HandleEndOfMonth(currentTime time.Time) error

                                                                                                                      Handle rotation to end-of-month currentTime is an argument for unit-testing purposes

                                                                                                                      func (*ActivityLog) HandleTokenCreation

                                                                                                                      func (a *ActivityLog) HandleTokenCreation(entry *logical.TokenEntry)

                                                                                                                      func (*ActivityLog) PartialMonthMetrics

                                                                                                                      func (a *ActivityLog) PartialMonthMetrics(ctx context.Context) ([]metricsutil.GaugeLabelValues, error)

                                                                                                                        Periodic report of number of active entities, with the current month. We don't break this down by namespace because that would require going to storage (that information is not currently stored in memory.)

                                                                                                                        func (*ActivityLog) SetConfig

                                                                                                                        func (a *ActivityLog) SetConfig(ctx context.Context, config activityConfig)

                                                                                                                          This version reacts to user changes

                                                                                                                          func (*ActivityLog) SetConfigInit

                                                                                                                          func (a *ActivityLog) SetConfigInit(config activityConfig)

                                                                                                                            This version is used during construction

                                                                                                                            func (*ActivityLog) SetConfigStandby

                                                                                                                            func (a *ActivityLog) SetConfigStandby(ctx context.Context, config activityConfig)

                                                                                                                              update the enable flag and reset the current log

                                                                                                                              func (*ActivityLog) SetEnable

                                                                                                                              func (a *ActivityLog) SetEnable(enabled bool)

                                                                                                                                SetEnable sets the enabled flag on the activity log

                                                                                                                                func (*ActivityLog) SetStandbyEnable

                                                                                                                                func (a *ActivityLog) SetStandbyEnable(ctx context.Context, enabled bool)

                                                                                                                                  SetStandbyEnable sets enabled on a performance standby (using config)

                                                                                                                                  func (*ActivityLog) SetStartTimestamp

                                                                                                                                  func (a *ActivityLog) SetStartTimestamp(timestamp int64)

                                                                                                                                    SetStartTimestamp sets the start timestamp on an activity log

                                                                                                                                    func (*ActivityLog) SetTokenCount

                                                                                                                                    func (a *ActivityLog) SetTokenCount(tokenCount *activity.TokenCount)

                                                                                                                                      SetTokenCount sets the tokenCount on an activity log

                                                                                                                                      func (*ActivityLog) StartOfNextMonth

                                                                                                                                      func (a *ActivityLog) StartOfNextMonth() time.Time

                                                                                                                                      func (*ActivityLog) WaitForDeletion

                                                                                                                                      func (a *ActivityLog) WaitForDeletion()

                                                                                                                                      func (*ActivityLog) WalkEntitySegments

                                                                                                                                      func (a *ActivityLog) WalkEntitySegments(ctx context.Context,
                                                                                                                                      	startTime time.Time,
                                                                                                                                      	walkFn func(*activity.EntityActivityLog)) error

                                                                                                                                        WalkEntitySegments loads each of the entity segments for a particular start time

                                                                                                                                        func (*ActivityLog) WalkTokenSegments

                                                                                                                                        func (a *ActivityLog) WalkTokenSegments(ctx context.Context,
                                                                                                                                        	startTime time.Time,
                                                                                                                                        	walkFn func(*activity.TokenCount)) error

                                                                                                                                          WalkTokenSegments loads each of the token segments (expected 1) for a particular start time

                                                                                                                                          type ActivityLogCoreConfig

                                                                                                                                          type ActivityLogCoreConfig struct {
                                                                                                                                          	// Enable activity log even if the feature flag not set
                                                                                                                                          	ForceEnable bool
                                                                                                                                          
                                                                                                                                          	// Do not start timers to send or persist fragments.
                                                                                                                                          	DisableTimers bool
                                                                                                                                          }

                                                                                                                                            These non-persistent configuration options allow us to disable parts of the implementation for integration testing. The default values should turn everything on.

                                                                                                                                            type AuditBroker

                                                                                                                                            type AuditBroker struct {
                                                                                                                                            	sync.RWMutex
                                                                                                                                            	// contains filtered or unexported fields
                                                                                                                                            }

                                                                                                                                              AuditBroker is used to provide a single ingest interface to auditable events given that multiple backends may be configured.

                                                                                                                                              func NewAuditBroker

                                                                                                                                              func NewAuditBroker(log log.Logger) *AuditBroker

                                                                                                                                                NewAuditBroker creates a new audit broker

                                                                                                                                                func (*AuditBroker) Deregister

                                                                                                                                                func (a *AuditBroker) Deregister(name string)

                                                                                                                                                  Deregister is used to remove an audit backend from the broker

                                                                                                                                                  func (*AuditBroker) GetHash

                                                                                                                                                  func (a *AuditBroker) GetHash(ctx context.Context, name string, input string) (string, error)

                                                                                                                                                    GetHash returns a hash using the salt of the given backend

                                                                                                                                                    func (*AuditBroker) Invalidate

                                                                                                                                                    func (a *AuditBroker) Invalidate(ctx context.Context, key string)

                                                                                                                                                    func (*AuditBroker) IsLocal

                                                                                                                                                    func (a *AuditBroker) IsLocal(name string) (bool, error)

                                                                                                                                                      IsLocal is used to check if a given audit backend is registered

                                                                                                                                                      func (*AuditBroker) IsRegistered

                                                                                                                                                      func (a *AuditBroker) IsRegistered(name string) bool

                                                                                                                                                        IsRegistered is used to check if a given audit backend is registered

                                                                                                                                                        func (*AuditBroker) LogRequest

                                                                                                                                                        func (a *AuditBroker) LogRequest(ctx context.Context, in *logical.LogInput, headersConfig *AuditedHeadersConfig) (ret error)

                                                                                                                                                          LogRequest is used to ensure all the audit backends have an opportunity to log the given request and that *at least one* succeeds.

                                                                                                                                                          func (*AuditBroker) LogResponse

                                                                                                                                                          func (a *AuditBroker) LogResponse(ctx context.Context, in *logical.LogInput, headersConfig *AuditedHeadersConfig) (ret error)

                                                                                                                                                            LogResponse is used to ensure all the audit backends have an opportunity to log the given response and that *at least one* succeeds.

                                                                                                                                                            func (*AuditBroker) Register

                                                                                                                                                            func (a *AuditBroker) Register(name string, b audit.Backend, v *BarrierView, local bool)

                                                                                                                                                              Register is used to add new audit backend to the broker

                                                                                                                                                              type AuditLogger

                                                                                                                                                              type AuditLogger interface {
                                                                                                                                                              	AuditRequest(ctx context.Context, input *logical.LogInput) error
                                                                                                                                                              	AuditResponse(ctx context.Context, input *logical.LogInput) error
                                                                                                                                                              }

                                                                                                                                                              type AuditedHeadersConfig

                                                                                                                                                              type AuditedHeadersConfig struct {
                                                                                                                                                              	Headers map[string]*auditedHeaderSettings
                                                                                                                                                              
                                                                                                                                                              	sync.RWMutex
                                                                                                                                                              	// contains filtered or unexported fields
                                                                                                                                                              }

                                                                                                                                                                AuditedHeadersConfig is used by the Audit Broker to write only approved headers to the audit logs. It uses a BarrierView to persist the settings.

                                                                                                                                                                func (*AuditedHeadersConfig) ApplyConfig

                                                                                                                                                                func (a *AuditedHeadersConfig) ApplyConfig(ctx context.Context, headers map[string][]string, hashFunc func(context.Context, string) (string, error)) (result map[string][]string, retErr error)

                                                                                                                                                                  ApplyConfig returns a map of approved headers and their values, either hmac'ed or plaintext

                                                                                                                                                                  type AuthResults

                                                                                                                                                                  type AuthResults struct {
                                                                                                                                                                  	ACLResults  *ACLResults
                                                                                                                                                                  	Allowed     bool
                                                                                                                                                                  	RootPrivs   bool
                                                                                                                                                                  	DeniedError bool
                                                                                                                                                                  	Error       *multierror.Error
                                                                                                                                                                  }

                                                                                                                                                                  type BarrierEncryptor

                                                                                                                                                                  type BarrierEncryptor interface {
                                                                                                                                                                  	Encrypt(ctx context.Context, key string, plaintext []byte) ([]byte, error)
                                                                                                                                                                  	Decrypt(ctx context.Context, key string, ciphertext []byte) ([]byte, error)
                                                                                                                                                                  }

                                                                                                                                                                    BarrierEncryptor is the in memory only interface that does not actually use the underlying barrier. It is used for lower level modules like the Write-Ahead-Log and Merkle index to allow them to use the barrier.

                                                                                                                                                                    type BarrierEncryptorAccess

                                                                                                                                                                    type BarrierEncryptorAccess struct {
                                                                                                                                                                    	// contains filtered or unexported fields
                                                                                                                                                                    }

                                                                                                                                                                      BarrierEncryptorAccess is a wrapper around BarrierEncryptor that allows Core to expose its barrier encrypt/decrypt operations through BarrierEncryptorAccess() while restricting the ability to modify Core.barrier itself.

                                                                                                                                                                      func NewBarrierEncryptorAccess

                                                                                                                                                                      func NewBarrierEncryptorAccess(barrierEncryptor BarrierEncryptor) *BarrierEncryptorAccess

                                                                                                                                                                      func (*BarrierEncryptorAccess) Decrypt

                                                                                                                                                                      func (b *BarrierEncryptorAccess) Decrypt(ctx context.Context, key string, ciphertext []byte) ([]byte, error)

                                                                                                                                                                      func (*BarrierEncryptorAccess) Encrypt

                                                                                                                                                                      func (b *BarrierEncryptorAccess) Encrypt(ctx context.Context, key string, plaintext []byte) ([]byte, error)

                                                                                                                                                                      type BarrierStorage

                                                                                                                                                                      type BarrierStorage interface {
                                                                                                                                                                      	// Put is used to insert or update an entry
                                                                                                                                                                      	Put(ctx context.Context, entry *logical.StorageEntry) error
                                                                                                                                                                      
                                                                                                                                                                      	// Get is used to fetch an entry
                                                                                                                                                                      	Get(ctx context.Context, key string) (*logical.StorageEntry, error)
                                                                                                                                                                      
                                                                                                                                                                      	// Delete is used to permanently delete an entry
                                                                                                                                                                      	Delete(ctx context.Context, key string) error
                                                                                                                                                                      
                                                                                                                                                                      	// List is used ot list all the keys under a given
                                                                                                                                                                      	// prefix, up to the next prefix.
                                                                                                                                                                      	List(ctx context.Context, prefix string) ([]string, error)
                                                                                                                                                                      }

                                                                                                                                                                        BarrierStorage is the storage only interface required for a Barrier.

                                                                                                                                                                        type BarrierView

                                                                                                                                                                        type BarrierView struct {
                                                                                                                                                                        	// contains filtered or unexported fields
                                                                                                                                                                        }

                                                                                                                                                                          BarrierView wraps a SecurityBarrier and ensures all access is automatically prefixed. This is used to prevent anyone with access to the view to access any data in the durable storage outside of their prefix. Conceptually this is like a "chroot" into the barrier.

                                                                                                                                                                          BarrierView implements logical.Storage so it can be passed in as the durable storage mechanism for logical views.

                                                                                                                                                                          func NewBarrierView

                                                                                                                                                                          func NewBarrierView(barrier logical.Storage, prefix string) *BarrierView

                                                                                                                                                                            NewBarrierView takes an underlying security barrier and returns a view of it that can only operate with the given prefix.

                                                                                                                                                                            func (*BarrierView) Delete

                                                                                                                                                                            func (v *BarrierView) Delete(ctx context.Context, key string) error

                                                                                                                                                                              logical.Storage impl.

                                                                                                                                                                              func (*BarrierView) Get

                                                                                                                                                                              func (*BarrierView) List

                                                                                                                                                                              func (v *BarrierView) List(ctx context.Context, prefix string) ([]string, error)

                                                                                                                                                                              func (*BarrierView) Prefix

                                                                                                                                                                              func (v *BarrierView) Prefix() string

                                                                                                                                                                              func (*BarrierView) Put

                                                                                                                                                                              func (v *BarrierView) Put(ctx context.Context, entry *logical.StorageEntry) error

                                                                                                                                                                                Put differs from List/Get because it checks read-only errors

                                                                                                                                                                                func (*BarrierView) SubView

                                                                                                                                                                                func (v *BarrierView) SubView(prefix string) *BarrierView

                                                                                                                                                                                  SubView constructs a nested sub-view using the given prefix

                                                                                                                                                                                  type BuiltinRegistry

                                                                                                                                                                                  type BuiltinRegistry interface {
                                                                                                                                                                                  	Contains(name string, pluginType consts.PluginType) bool
                                                                                                                                                                                  	Get(name string, pluginType consts.PluginType) (func() (interface{}, error), bool)
                                                                                                                                                                                  	Keys(pluginType consts.PluginType) []string
                                                                                                                                                                                  }

                                                                                                                                                                                    BuiltinRegistry is an interface that allows the "vault" package to use the registry of builtin plugins without getting an import cycle. It also allows for mocking the registry easily.

                                                                                                                                                                                    type CORSConfig

                                                                                                                                                                                    type CORSConfig struct {
                                                                                                                                                                                    	sync.RWMutex `json:"-"`
                                                                                                                                                                                    
                                                                                                                                                                                    	Enabled        *uint32  `json:"enabled"`
                                                                                                                                                                                    	AllowedOrigins []string `json:"allowed_origins,omitempty"`
                                                                                                                                                                                    	AllowedHeaders []string `json:"allowed_headers,omitempty"`
                                                                                                                                                                                    	// contains filtered or unexported fields
                                                                                                                                                                                    }

                                                                                                                                                                                      CORSConfig stores the state of the CORS configuration.

                                                                                                                                                                                      func (*CORSConfig) Disable

                                                                                                                                                                                      func (c *CORSConfig) Disable(ctx context.Context) error

                                                                                                                                                                                        Disable sets CORS to disabled and clears the allowed origins & headers.

                                                                                                                                                                                        func (*CORSConfig) Enable

                                                                                                                                                                                        func (c *CORSConfig) Enable(ctx context.Context, urls []string, headers []string) error

                                                                                                                                                                                          Enable takes either a '*' or a comma-separated list of URLs that can make cross-origin requests to Vault.

                                                                                                                                                                                          func (*CORSConfig) IsEnabled

                                                                                                                                                                                          func (c *CORSConfig) IsEnabled() bool

                                                                                                                                                                                            IsEnabled returns the value of CORSConfig.isEnabled

                                                                                                                                                                                            func (*CORSConfig) IsValidOrigin

                                                                                                                                                                                            func (c *CORSConfig) IsValidOrigin(origin string) bool

                                                                                                                                                                                              IsValidOrigin determines if the origin of the request is allowed to make cross-origin requests based on the CORSConfig.

                                                                                                                                                                                              type ClientCountInNamespace

                                                                                                                                                                                              type ClientCountInNamespace struct {
                                                                                                                                                                                              	NamespaceID   string              `json:"namespace_id"`
                                                                                                                                                                                              	NamespacePath string              `json:"namespace_path"`
                                                                                                                                                                                              	Counts        ClientCountResponse `json:"counts"`
                                                                                                                                                                                              }

                                                                                                                                                                                              type ClientCountResponse

                                                                                                                                                                                              type ClientCountResponse struct {
                                                                                                                                                                                              	DistinctEntities int `json:"distinct_entities"`
                                                                                                                                                                                              	NonEntityTokens  int `json:"non_entity_tokens"`
                                                                                                                                                                                              	Clients          int `json:"clients"`
                                                                                                                                                                                              }

                                                                                                                                                                                              type ClientKey

                                                                                                                                                                                              type ClientKey struct {
                                                                                                                                                                                              	Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"`
                                                                                                                                                                                              	X    []byte `protobuf:"bytes,2,opt,name=x,proto3" json:"x,omitempty"`
                                                                                                                                                                                              	Y    []byte `protobuf:"bytes,3,opt,name=y,proto3" json:"y,omitempty"`
                                                                                                                                                                                              	D    []byte `protobuf:"bytes,4,opt,name=d,proto3" json:"d,omitempty"`
                                                                                                                                                                                              	// contains filtered or unexported fields
                                                                                                                                                                                              }

                                                                                                                                                                                              func (*ClientKey) Descriptor

                                                                                                                                                                                              func (*ClientKey) Descriptor() ([]byte, []int)

                                                                                                                                                                                                Deprecated: Use ClientKey.ProtoReflect.Descriptor instead.

                                                                                                                                                                                                func (*ClientKey) GetD

                                                                                                                                                                                                func (x *ClientKey) GetD() []byte

                                                                                                                                                                                                func (*ClientKey) GetType

                                                                                                                                                                                                func (x *ClientKey) GetType() string

                                                                                                                                                                                                func (*ClientKey) GetX

                                                                                                                                                                                                func (x *ClientKey) GetX() []byte

                                                                                                                                                                                                func (*ClientKey) GetY

                                                                                                                                                                                                func (x *ClientKey) GetY() []byte

                                                                                                                                                                                                func (*ClientKey) ProtoMessage

                                                                                                                                                                                                func (*ClientKey) ProtoMessage()

                                                                                                                                                                                                func (*ClientKey) ProtoReflect

                                                                                                                                                                                                func (x *ClientKey) ProtoReflect() protoreflect.Message

                                                                                                                                                                                                func (*ClientKey) Reset

                                                                                                                                                                                                func (x *ClientKey) Reset()

                                                                                                                                                                                                func (*ClientKey) String

                                                                                                                                                                                                func (x *ClientKey) String() string

                                                                                                                                                                                                type Cluster

                                                                                                                                                                                                type Cluster struct {
                                                                                                                                                                                                	// Name of the cluster
                                                                                                                                                                                                	Name string `json:"name" structs:"name" mapstructure:"name"`
                                                                                                                                                                                                
                                                                                                                                                                                                	// Identifier of the cluster
                                                                                                                                                                                                	ID string `json:"id" structs:"id" mapstructure:"id"`
                                                                                                                                                                                                }

                                                                                                                                                                                                  Structure representing the storage entry that holds cluster information

                                                                                                                                                                                                  type ClusterLeaderParams

                                                                                                                                                                                                  type ClusterLeaderParams struct {
                                                                                                                                                                                                  	LeaderUUID         string
                                                                                                                                                                                                  	LeaderRedirectAddr string
                                                                                                                                                                                                  	LeaderClusterAddr  string
                                                                                                                                                                                                  }

                                                                                                                                                                                                  type ControlGroup

                                                                                                                                                                                                  type ControlGroup struct {
                                                                                                                                                                                                  	TTL     time.Duration
                                                                                                                                                                                                  	Factors []*ControlGroupFactor
                                                                                                                                                                                                  }

                                                                                                                                                                                                  type ControlGroupFactor

                                                                                                                                                                                                  type ControlGroupFactor struct {
                                                                                                                                                                                                  	Name     string
                                                                                                                                                                                                  	Identity *IdentityFactor `hcl:"identity"`
                                                                                                                                                                                                  }

                                                                                                                                                                                                  type ControlGroupHCL

                                                                                                                                                                                                  type ControlGroupHCL struct {
                                                                                                                                                                                                  	TTL     interface{}                    `hcl:"ttl"`
                                                                                                                                                                                                  	Factors map[string]*ControlGroupFactor `hcl:"factor"`
                                                                                                                                                                                                  }

                                                                                                                                                                                                  type Core

                                                                                                                                                                                                  type Core struct {
                                                                                                                                                                                                  
                                                                                                                                                                                                  	// PR1103disabled is used to test upgrade workflows: when set to true,
                                                                                                                                                                                                  	// the correct behaviour for namespaced cubbyholes is disabled, so we
                                                                                                                                                                                                  	// can test an upgrade to a version that includes the fixes from
                                                                                                                                                                                                  	// https://github.com/hashicorp/vault-enterprise/pull/1103
                                                                                                                                                                                                  	PR1103disabled bool
                                                                                                                                                                                                  
                                                                                                                                                                                                  	IndexHeaderHMACKey uberAtomic.Value
                                                                                                                                                                                                  	// contains filtered or unexported fields
                                                                                                                                                                                                  }

                                                                                                                                                                                                    Core is used as the central manager of Vault activity. It is the primary point of interface for API handlers and is responsible for managing the logical and physical backends, router, security barrier, and audit trails.

                                                                                                                                                                                                    func NewCore

                                                                                                                                                                                                    func NewCore(conf *CoreConfig) (*Core, error)

                                                                                                                                                                                                      NewCore is used to construct a new core

                                                                                                                                                                                                      func TestCore

                                                                                                                                                                                                      func TestCore(t testing.T) *Core

                                                                                                                                                                                                        TestCore returns a pure in-memory, uninitialized core for testing.

                                                                                                                                                                                                        func TestCoreNewSeal

                                                                                                                                                                                                        func TestCoreNewSeal(t testing.T) *Core

                                                                                                                                                                                                          TestCoreNewSeal returns a pure in-memory, uninitialized core with the new seal configuration.

                                                                                                                                                                                                          func TestCoreRaw

                                                                                                                                                                                                          func TestCoreRaw(t testing.T) *Core

                                                                                                                                                                                                            TestCoreRaw returns a pure in-memory, uninitialized core for testing. The raw storage endpoints are enabled with this core.

                                                                                                                                                                                                            func TestCoreUI

                                                                                                                                                                                                            func TestCoreUI(t testing.T, enableUI bool) *Core

                                                                                                                                                                                                            func TestCoreUnsealed

                                                                                                                                                                                                            func TestCoreUnsealed(t testing.T) (*Core, [][]byte, string)

                                                                                                                                                                                                              TestCoreUnsealed returns a pure in-memory core that is already initialized and unsealed.

                                                                                                                                                                                                              func TestCoreUnsealedBackend

                                                                                                                                                                                                              func TestCoreUnsealedBackend(t testing.T, backend physical.Backend) (*Core, [][]byte, string)

                                                                                                                                                                                                              func TestCoreUnsealedRaw

                                                                                                                                                                                                              func TestCoreUnsealedRaw(t testing.T) (*Core, [][]byte, string)

                                                                                                                                                                                                                TestCoreUnsealedRaw returns a pure in-memory core that is already initialized, unsealed, and with raw endpoints enabled.

                                                                                                                                                                                                                func TestCoreUnsealedWithConfig

                                                                                                                                                                                                                func TestCoreUnsealedWithConfig(t testing.T, conf *CoreConfig) (*Core, [][]byte, string)

                                                                                                                                                                                                                  TestCoreUnsealedWithConfig returns a pure in-memory core that is already initialized, unsealed, with the any provided core config values overridden.

                                                                                                                                                                                                                  func TestCoreUnsealedWithConfigSealOpts

                                                                                                                                                                                                                  func TestCoreUnsealedWithConfigSealOpts(t testing.T, barrierConf, recoveryConf *SealConfig, sealOpts *seal.TestSealOpts) (*Core, [][]byte, [][]byte, string)

                                                                                                                                                                                                                  func TestCoreUnsealedWithConfigs

                                                                                                                                                                                                                  func TestCoreUnsealedWithConfigs(t testing.T, barrierConf, recoveryConf *SealConfig) (*Core, [][]byte, [][]byte, string)

                                                                                                                                                                                                                  func TestCoreUnsealedWithMetrics

                                                                                                                                                                                                                  func TestCoreUnsealedWithMetrics(t testing.T) (*Core, [][]byte, string, *metrics.InmemSink)

                                                                                                                                                                                                                  func TestCoreWithConfig

                                                                                                                                                                                                                  func TestCoreWithConfig(t testing.T, conf *CoreConfig) *Core

                                                                                                                                                                                                                    TestCoreWithConfig returns a pure in-memory, uninitialized core with the specified core configurations overridden for testing.

                                                                                                                                                                                                                    func TestCoreWithSeal

                                                                                                                                                                                                                    func TestCoreWithSeal(t testing.T, testSeal Seal, enableRaw bool) *Core

                                                                                                                                                                                                                      TestCoreWithSeal returns a pure in-memory, uninitialized core with the specified seal for testing.

                                                                                                                                                                                                                      func TestCoreWithSealAndUI

                                                                                                                                                                                                                      func TestCoreWithSealAndUI(t testing.T, opts *CoreConfig) *Core

                                                                                                                                                                                                                      func (*Core) ActiveNodeReplicationState

                                                                                                                                                                                                                      func (c *Core) ActiveNodeReplicationState() consts.ReplicationState

                                                                                                                                                                                                                      func (*Core) ActiveTime

                                                                                                                                                                                                                      func (c *Core) ActiveTime() time.Time

                                                                                                                                                                                                                      func (*Core) ActivityLogInjectResponse

                                                                                                                                                                                                                      func (c *Core) ActivityLogInjectResponse(ctx context.Context, pq *activity.PrecomputedQuery) error

                                                                                                                                                                                                                        ActivityLogInjectResponse injects a precomputed query into storage for testing.

                                                                                                                                                                                                                        func (*Core) AddLogger

                                                                                                                                                                                                                        func (c *Core) AddLogger(logger log.Logger)

                                                                                                                                                                                                                        func (*Core) AllowForwardingViaHeader

                                                                                                                                                                                                                        func (c *Core) AllowForwardingViaHeader() bool

                                                                                                                                                                                                                        func (*Core) ApplyRateLimitQuota

                                                                                                                                                                                                                        func (c *Core) ApplyRateLimitQuota(req *quotas.Request) (quotas.Response, error)

                                                                                                                                                                                                                          ApplyRateLimitQuota checks the request against all the applicable quota rules. If the given request's path is exempt, no rate limiting will be applied.

                                                                                                                                                                                                                          func (*Core) AuditLogger

                                                                                                                                                                                                                          func (c *Core) AuditLogger() AuditLogger

                                                                                                                                                                                                                          func (*Core) AuditedHeadersConfig

                                                                                                                                                                                                                          func (c *Core) AuditedHeadersConfig() *AuditedHeadersConfig

                                                                                                                                                                                                                          func (*Core) BarrierEncryptorAccess

                                                                                                                                                                                                                          func (c *Core) BarrierEncryptorAccess() *BarrierEncryptorAccess

                                                                                                                                                                                                                          func (*Core) BarrierKeyLength

                                                                                                                                                                                                                          func (c *Core) BarrierKeyLength() (min, max int)

                                                                                                                                                                                                                          func (*Core) BarrierRekeyInit

                                                                                                                                                                                                                          func (c *Core) BarrierRekeyInit(config *SealConfig) logical.HTTPCodedError

                                                                                                                                                                                                                            BarrierRekeyInit is used to initialize the rekey settings for the barrier key

                                                                                                                                                                                                                            func (*Core) BarrierRekeyUpdate

                                                                                                                                                                                                                            func (c *Core) BarrierRekeyUpdate(ctx context.Context, key []byte, nonce string) (*RekeyResult, logical.HTTPCodedError)

                                                                                                                                                                                                                              BarrierRekeyUpdate is used to provide a new key part. Barrier rekey can be done with unseal keys, or recovery keys if that's supported and we are storing the barrier key.

                                                                                                                                                                                                                              N.B.: If recovery keys are used to rekey, the new barrier key shares are not returned.

                                                                                                                                                                                                                              func (*Core) CORSConfig

                                                                                                                                                                                                                              func (c *Core) CORSConfig() *CORSConfig

                                                                                                                                                                                                                                CORSConfig returns the current CORS configuration

                                                                                                                                                                                                                                func (*Core) Capabilities

                                                                                                                                                                                                                                func (c *Core) Capabilities(ctx context.Context, token, path string) ([]string, error)

                                                                                                                                                                                                                                  Capabilities is used to fetch the capabilities of the given token on the given path

                                                                                                                                                                                                                                  func (*Core) Cluster

                                                                                                                                                                                                                                  func (c *Core) Cluster(ctx context.Context) (*Cluster, error)

                                                                                                                                                                                                                                    Cluster fetches the details of the local cluster. This method errors out when Vault is sealed.

                                                                                                                                                                                                                                    func (*Core) ClusterAddr

                                                                                                                                                                                                                                    func (c *Core) ClusterAddr() string

                                                                                                                                                                                                                                    func (*Core) Features

                                                                                                                                                                                                                                    func (c *Core) Features() license.Features

                                                                                                                                                                                                                                    func (*Core) ForwardRequest

                                                                                                                                                                                                                                    func (c *Core) ForwardRequest(req *http.Request) (int, http.Header, []byte, error)

                                                                                                                                                                                                                                      ForwardRequest forwards a given request to the active node and returns the response.

                                                                                                                                                                                                                                      func (*Core) GenerateRootCancel

                                                                                                                                                                                                                                      func (c *Core) GenerateRootCancel() error

                                                                                                                                                                                                                                        GenerateRootCancel is used to cancel an in-progress root generation

                                                                                                                                                                                                                                        func (*Core) GenerateRootConfiguration

                                                                                                                                                                                                                                        func (c *Core) GenerateRootConfiguration() (*GenerateRootConfig, error)

                                                                                                                                                                                                                                          GenerateRootConfiguration is used to read the root generation configuration It stubbornly refuses to return the OTP if one is there.

                                                                                                                                                                                                                                          func (*Core) GenerateRootInit

                                                                                                                                                                                                                                          func (c *Core) GenerateRootInit(otp, pgpKey string, strategy GenerateRootStrategy) error

                                                                                                                                                                                                                                            GenerateRootInit is used to initialize the root generation settings

                                                                                                                                                                                                                                            func (*Core) GenerateRootProgress

                                                                                                                                                                                                                                            func (c *Core) GenerateRootProgress() (int, error)

                                                                                                                                                                                                                                              GenerateRootProgress is used to return the root generation progress (num shares)

                                                                                                                                                                                                                                              func (*Core) GenerateRootUpdate

                                                                                                                                                                                                                                              func (c *Core) GenerateRootUpdate(ctx context.Context, key []byte, nonce string, strategy GenerateRootStrategy) (*GenerateRootResult, error)

                                                                                                                                                                                                                                                GenerateRootUpdate is used to provide a new key part

                                                                                                                                                                                                                                                func (*Core) GetActiveEntities

                                                                                                                                                                                                                                                func (c *Core) GetActiveEntities() map[string]struct{}

                                                                                                                                                                                                                                                  Return the in-memory activeEntities from an activity log

                                                                                                                                                                                                                                                  func (*Core) GetActivityLog

                                                                                                                                                                                                                                                  func (c *Core) GetActivityLog() *ActivityLog

                                                                                                                                                                                                                                                    GetActivityLog returns a pointer to the (private) activity log on a core Note: you must do the usual locking scheme when modifying the ActivityLog

                                                                                                                                                                                                                                                    func (*Core) GetContext

                                                                                                                                                                                                                                                    func (c *Core) GetContext() (context.Context, context.CancelFunc)

                                                                                                                                                                                                                                                    func (*Core) GetLeaderStatus

                                                                                                                                                                                                                                                    func (core *Core) GetLeaderStatus() (*LeaderResponse, error)

                                                                                                                                                                                                                                                    func (*Core) GetRaftIndexes

                                                                                                                                                                                                                                                    func (c *Core) GetRaftIndexes() (committed uint64, applied uint64)

                                                                                                                                                                                                                                                    func (*Core) GetSealStatus

                                                                                                                                                                                                                                                    func (core *Core) GetSealStatus(ctx context.Context) (*SealStatusResponse, error)

                                                                                                                                                                                                                                                    func (*Core) HandleRequest

                                                                                                                                                                                                                                                    func (c *Core) HandleRequest(httpCtx context.Context, req *logical.Request) (resp *logical.Response, err error)

                                                                                                                                                                                                                                                      HandleRequest is used to handle a new incoming request

                                                                                                                                                                                                                                                      func (*Core) HasFeature

                                                                                                                                                                                                                                                      func (c *Core) HasFeature(license.Features) bool

                                                                                                                                                                                                                                                      func (*Core) IdentityStore

                                                                                                                                                                                                                                                      func (c *Core) IdentityStore() *IdentityStore

                                                                                                                                                                                                                                                      func (*Core) Initialize

                                                                                                                                                                                                                                                      func (c *Core) Initialize(ctx context.Context, initParams *InitParams) (*InitResult, error)

                                                                                                                                                                                                                                                        Initialize is used to initialize the Vault with the given configurations.

                                                                                                                                                                                                                                                        func (*Core) InitializeRecovery

                                                                                                                                                                                                                                                        func (c *Core) InitializeRecovery(ctx context.Context) error

                                                                                                                                                                                                                                                        func (*Core) Initialized

                                                                                                                                                                                                                                                        func (c *Core) Initialized(ctx context.Context) (bool, error)

                                                                                                                                                                                                                                                          Initialized checks if the Vault is already initialized. This means one of two things: either the barrier has been created (with keyring and master key) and the seal config written to storage, or Raft is forming a cluster and a join/bootstrap is in progress.

                                                                                                                                                                                                                                                          func (*Core) InitializedLocally

                                                                                                                                                                                                                                                          func (c *Core) InitializedLocally(ctx context.Context) (bool, error)

                                                                                                                                                                                                                                                            InitializedLocally checks if the Vault is already initialized from the local node's perspective. This is the same thing as Initialized, unless using Raft, in which case Initialized may return true (because a peer we're joining to has been initialized) while InitializedLocally returns false (because we're not done bootstrapping raft on the local node).

                                                                                                                                                                                                                                                            func (*Core) InitiateRetryJoin

                                                                                                                                                                                                                                                            func (c *Core) InitiateRetryJoin(ctx context.Context) error

                                                                                                                                                                                                                                                            func (*Core) InjectActivityLogDataThisMonth

                                                                                                                                                                                                                                                            func (c *Core) InjectActivityLogDataThisMonth(t *testing.T) (map[string]struct{}, map[string]uint64)

                                                                                                                                                                                                                                                              InjectActivityLogDataThisMonth populates the in-memory client store with some entities and tokens, overriding what was already there It is currently used for API integration tests

                                                                                                                                                                                                                                                              func (*Core) IsBatchTokenCreationRequest

                                                                                                                                                                                                                                                              func (c *Core) IsBatchTokenCreationRequest(ctx context.Context, path string) (bool, error)

                                                                                                                                                                                                                                                              func (*Core) IsDRSecondary

                                                                                                                                                                                                                                                              func (c *Core) IsDRSecondary() bool

                                                                                                                                                                                                                                                                IsDRSecondary returns if the current cluster state is a DR secondary.

                                                                                                                                                                                                                                                                func (*Core) IsInSealMigrationMode

                                                                                                                                                                                                                                                                func (c *Core) IsInSealMigrationMode() bool

                                                                                                                                                                                                                                                                  IsInSealMigrationMode returns true if we're configured to perform a seal migration, meaning either that we have a disabled seal in HCL configuration or the seal configuration in storage is Shamir but the seal in HCL is not. In this mode we should not auto-unseal (even if the migration is done) and we will accept unseal requests with and without the `migrate` option, though the migrate option is required if we haven't yet performed the seal migration.

                                                                                                                                                                                                                                                                  func (*Core) IsPerfSecondary

                                                                                                                                                                                                                                                                  func (c *Core) IsPerfSecondary() bool

                                                                                                                                                                                                                                                                  func (*Core) IsSealMigrated

                                                                                                                                                                                                                                                                  func (c *Core) IsSealMigrated() bool

                                                                                                                                                                                                                                                                    IsSealMigrated returns true if we're in seal migration mode but migration has already been performed (possibly by another node, or prior to this node's current invocation.)

                                                                                                                                                                                                                                                                    func (*Core) JoinRaftCluster

                                                                                                                                                                                                                                                                    func (c *Core) JoinRaftCluster(ctx context.Context, leaderInfos []*raft.LeaderJoinInfo, nonVoter bool) (bool, error)

                                                                                                                                                                                                                                                                    func (*Core) KeyRotateGracePeriod

                                                                                                                                                                                                                                                                    func (c *Core) KeyRotateGracePeriod() time.Duration

                                                                                                                                                                                                                                                                    func (*Core) Leader

                                                                                                                                                                                                                                                                    func (c *Core) Leader() (isLeader bool, leaderAddr, clusterAddr string, err error)

                                                                                                                                                                                                                                                                      Leader is used to get the current active leader

                                                                                                                                                                                                                                                                      func (*Core) LogFormat

                                                                                                                                                                                                                                                                      func (c *Core) LogFormat() string

                                                                                                                                                                                                                                                                        LogFormat returns the log format current in use.

                                                                                                                                                                                                                                                                        func (*Core) Logger

                                                                                                                                                                                                                                                                        func (c *Core) Logger() log.Logger

                                                                                                                                                                                                                                                                        func (*Core) LookupToken

                                                                                                                                                                                                                                                                        func (c *Core) LookupToken(ctx context.Context, token string) (*logical.TokenEntry, error)

                                                                                                                                                                                                                                                                          LookupToken returns the properties of the token from the token store. This is particularly useful to fetch the accessor of the client token and get it populated in the logical request along with the client token. The accessor of the client token can get audit logged.

                                                                                                                                                                                                                                                                          func (*Core) MatchingMount

                                                                                                                                                                                                                                                                          func (c *Core) MatchingMount(ctx context.Context, reqPath string) string

                                                                                                                                                                                                                                                                            MatchingMount returns the path of the mount that will be responsible for handling the given request path.

                                                                                                                                                                                                                                                                            func (*Core) MetricSink

                                                                                                                                                                                                                                                                            func (c *Core) MetricSink() *metricsutil.ClusterMetricSink

                                                                                                                                                                                                                                                                              MetricSink returns the metrics wrapper with which Core has been configured.

                                                                                                                                                                                                                                                                              func (*Core) MetricsHelper

                                                                                                                                                                                                                                                                              func (c *Core) MetricsHelper() *metricsutil.MetricsHelper

                                                                                                                                                                                                                                                                                MetricsHelper returns the global metrics helper which allows external packages to access Vault's internal metrics.

                                                                                                                                                                                                                                                                                func (*Core) MissingRequiredState

                                                                                                                                                                                                                                                                                func (c *Core) MissingRequiredState(raw []string) bool

                                                                                                                                                                                                                                                                                func (*Core) PerfStandby

                                                                                                                                                                                                                                                                                func (c *Core) PerfStandby() bool

                                                                                                                                                                                                                                                                                  PerfStandby checks if the vault is a performance standby

                                                                                                                                                                                                                                                                                  func (*Core) PhysicalAccess

                                                                                                                                                                                                                                                                                  func (c *Core) PhysicalAccess() *physical.PhysicalAccess

                                                                                                                                                                                                                                                                                  func (*Core) PhysicalSealConfigs

                                                                                                                                                                                                                                                                                  func (c *Core) PhysicalSealConfigs(ctx context.Context) (*SealConfig, *SealConfig, error)

                                                                                                                                                                                                                                                                                  func (*Core) RaftBootstrap

                                                                                                                                                                                                                                                                                  func (c *Core) RaftBootstrap(ctx context.Context, onInit bool) error

                                                                                                                                                                                                                                                                                    RaftBootstrap performs bootstrapping of a raft cluster if core contains a raft backend. If raft is not part for the storage or HA storage backend, this call results in an error.

                                                                                                                                                                                                                                                                                    func (*Core) RateLimitAuditLoggingEnabled

                                                                                                                                                                                                                                                                                    func (c *Core) RateLimitAuditLoggingEnabled() bool

                                                                                                                                                                                                                                                                                      RateLimitAuditLoggingEnabled returns if the quota configuration allows audit logging of request rejections due to rate limiting quota rule violations.

                                                                                                                                                                                                                                                                                      func (*Core) RateLimitResponseHeadersEnabled

                                                                                                                                                                                                                                                                                      func (c *Core) RateLimitResponseHeadersEnabled() bool

                                                                                                                                                                                                                                                                                        RateLimitResponseHeadersEnabled returns if the quota configuration allows for rate limit quota HTTP headers to be added to responses.

                                                                                                                                                                                                                                                                                        func (*Core) RecoveryRekeyInit

                                                                                                                                                                                                                                                                                        func (c *Core) RecoveryRekeyInit(config *SealConfig) logical.HTTPCodedError

                                                                                                                                                                                                                                                                                          RecoveryRekeyInit is used to initialize the rekey settings for the recovery key

                                                                                                                                                                                                                                                                                          func (*Core) RecoveryRekeyUpdate

                                                                                                                                                                                                                                                                                          func (c *Core) RecoveryRekeyUpdate(ctx context.Context, key []byte, nonce string) (*RekeyResult, logical.HTTPCodedError)

                                                                                                                                                                                                                                                                                            RecoveryRekeyUpdate is used to provide a new key part

                                                                                                                                                                                                                                                                                            func (*Core) RegisterAuth

                                                                                                                                                                                                                                                                                            func (c *Core) RegisterAuth(ctx context.Context, tokenTTL time.Duration, path string, auth *logical.Auth) error

                                                                                                                                                                                                                                                                                              RegisterAuth uses a logical.Auth object to create a token entry in the token store, and registers a corresponding token lease to the expiration manager.

                                                                                                                                                                                                                                                                                              func (*Core) RekeyCancel

                                                                                                                                                                                                                                                                                              func (c *Core) RekeyCancel(recovery bool) logical.HTTPCodedError

                                                                                                                                                                                                                                                                                                RekeyCancel is used to cancel an in-progress rekey

                                                                                                                                                                                                                                                                                                func (*Core) RekeyConfig

                                                                                                                                                                                                                                                                                                func (c *Core) RekeyConfig(recovery bool) (*SealConfig, logical.HTTPCodedError)

                                                                                                                                                                                                                                                                                                  RekeyConfig is used to read the rekey configuration

                                                                                                                                                                                                                                                                                                  func (*Core) RekeyDeleteBackup

                                                                                                                                                                                                                                                                                                  func (c *Core) RekeyDeleteBackup(ctx context.Context, recovery bool) logical.HTTPCodedError

                                                                                                                                                                                                                                                                                                    RekeyDeleteBackup is used to delete any backed-up PGP-encrypted unseal keys

                                                                                                                                                                                                                                                                                                    func (*Core) RekeyInit

                                                                                                                                                                                                                                                                                                    func (c *Core) RekeyInit(config *SealConfig, recovery bool) logical.HTTPCodedError

                                                                                                                                                                                                                                                                                                      RekeyInit will either initialize the rekey of barrier or recovery key. recovery determines whether this is a rekey on the barrier or recovery key.

                                                                                                                                                                                                                                                                                                      func (*Core) RekeyProgress

                                                                                                                                                                                                                                                                                                      func (c *Core) RekeyProgress(recovery, verification bool) (bool, int, logical.HTTPCodedError)

                                                                                                                                                                                                                                                                                                        RekeyProgress is used to return the rekey progress (num shares).

                                                                                                                                                                                                                                                                                                        func (*Core) RekeyRetrieveBackup

                                                                                                                                                                                                                                                                                                        func (c *Core) RekeyRetrieveBackup(ctx context.Context, recovery bool) (*RekeyBackup, logical.HTTPCodedError)

                                                                                                                                                                                                                                                                                                          RekeyRetrieveBackup is used to retrieve any backed-up PGP-encrypted unseal keys

                                                                                                                                                                                                                                                                                                          func (*Core) RekeyThreshold

                                                                                                                                                                                                                                                                                                          func (c *Core) RekeyThreshold(ctx context.Context, recovery bool) (int, logical.HTTPCodedError)

                                                                                                                                                                                                                                                                                                            RekeyThreshold returns the secret threshold for the current seal config. This threshold can either be the barrier key threshold or the recovery key threshold, depending on whether rekey is being performed on the recovery key, or whether the seal supports recovery keys.

                                                                                                                                                                                                                                                                                                            func (*Core) RekeyUpdate

                                                                                                                                                                                                                                                                                                            func (c *Core) RekeyUpdate(ctx context.Context, key []byte, nonce string, recovery bool) (*RekeyResult, logical.HTTPCodedError)

                                                                                                                                                                                                                                                                                                              RekeyUpdate is used to provide a new key part for the barrier or recovery key.

                                                                                                                                                                                                                                                                                                              func (*Core) RekeyVerify

                                                                                                                                                                                                                                                                                                              func (c *Core) RekeyVerify(ctx context.Context, key []byte, nonce string, recovery bool) (ret *RekeyVerifyResult, retErr logical.HTTPCodedError)

                                                                                                                                                                                                                                                                                                              func (*Core) RekeyVerifyRestart

                                                                                                                                                                                                                                                                                                              func (c *Core) RekeyVerifyRestart(recovery bool) logical.HTTPCodedError

                                                                                                                                                                                                                                                                                                                RekeyVerifyRestart is used to start the verification process over

                                                                                                                                                                                                                                                                                                                func (*Core) ReplicationState

                                                                                                                                                                                                                                                                                                                func (c *Core) ReplicationState() consts.ReplicationState

                                                                                                                                                                                                                                                                                                                func (*Core) ResetActivityLog

                                                                                                                                                                                                                                                                                                                func (c *Core) ResetActivityLog() []*activity.LogFragment

                                                                                                                                                                                                                                                                                                                  ResetActivityLog is used to extract the current fragment(s) during integration testing, so that it can be checked in a race-free way.

                                                                                                                                                                                                                                                                                                                  func (*Core) ResetUnsealProcess

                                                                                                                                                                                                                                                                                                                  func (c *Core) ResetUnsealProcess()

                                                                                                                                                                                                                                                                                                                    ResetUnsealProcess removes the current unlock parts from memory, to reset the unsealing process

                                                                                                                                                                                                                                                                                                                    func (*Core) RouterAccess

                                                                                                                                                                                                                                                                                                                    func (c *Core) RouterAccess() *RouterAccess

                                                                                                                                                                                                                                                                                                                    func (*Core) SanitizedConfig

                                                                                                                                                                                                                                                                                                                    func (c *Core) SanitizedConfig() map[string]interface{}

                                                                                                                                                                                                                                                                                                                      SanitizedConfig returns a sanitized version of the current config. See server.Config.Sanitized for specific values omitted.

                                                                                                                                                                                                                                                                                                                      func (*Core) Seal

                                                                                                                                                                                                                                                                                                                      func (c *Core) Seal(token string) error

                                                                                                                                                                                                                                                                                                                        Seal takes in a token and creates a logical.Request, acquires the lock, and passes through to sealInternal

                                                                                                                                                                                                                                                                                                                        func (*Core) SealAccess

                                                                                                                                                                                                                                                                                                                        func (c *Core) SealAccess() *SealAccess

                                                                                                                                                                                                                                                                                                                        func (*Core) SealWithRequest

                                                                                                                                                                                                                                                                                                                        func (c *Core) SealWithRequest(httpCtx context.Context, req *logical.Request) error

                                                                                                                                                                                                                                                                                                                          SealWithRequest takes in a logical.Request, acquires the lock, and passes through to sealInternal

                                                                                                                                                                                                                                                                                                                          func (*Core) Sealed

                                                                                                                                                                                                                                                                                                                          func (c *Core) Sealed() bool

                                                                                                                                                                                                                                                                                                                            Sealed checks if the Vault is current sealed

                                                                                                                                                                                                                                                                                                                            func (*Core) SecretProgress

                                                                                                                                                                                                                                                                                                                            func (c *Core) SecretProgress() (int, string)

                                                                                                                                                                                                                                                                                                                              SecretProgress returns the number of keys provided so far

                                                                                                                                                                                                                                                                                                                              func (*Core) SetClusterHandler

                                                                                                                                                                                                                                                                                                                              func (c *Core) SetClusterHandler(handler http.Handler)

                                                                                                                                                                                                                                                                                                                              func (*Core) SetClusterListenerAddrs

                                                                                                                                                                                                                                                                                                                              func (c *Core) SetClusterListenerAddrs(addrs []*net.TCPAddr)

                                                                                                                                                                                                                                                                                                                              func (*Core) SetConfig

                                                                                                                                                                                                                                                                                                                              func (c *Core) SetConfig(conf *server.Config)

                                                                                                                                                                                                                                                                                                                                SetConfig sets core's config object to the newly provided config.

                                                                                                                                                                                                                                                                                                                                func (*Core) SetKeyRotateGracePeriod

                                                                                                                                                                                                                                                                                                                                func (c *Core) SetKeyRotateGracePeriod(t time.Duration)

                                                                                                                                                                                                                                                                                                                                func (*Core) SetLoadCaseSensitiveIdentityStore

                                                                                                                                                                                                                                                                                                                                func (c *Core) SetLoadCaseSensitiveIdentityStore(caseSensitive bool)

                                                                                                                                                                                                                                                                                                                                func (*Core) SetLogLevel

                                                                                                                                                                                                                                                                                                                                func (c *Core) SetLogLevel(level log.Level)

                                                                                                                                                                                                                                                                                                                                func (*Core) SetNeverBecomeActive

                                                                                                                                                                                                                                                                                                                                func (c *Core) SetNeverBecomeActive(on bool)

                                                                                                                                                                                                                                                                                                                                func (*Core) Shutdown

                                                                                                                                                                                                                                                                                                                                func (c *Core) Shutdown() error

                                                                                                                                                                                                                                                                                                                                  Shutdown is invoked when the Vault instance is about to be terminated. It should not be accessible as part of an API call as it will cause an availability problem. It is only used to gracefully quit in the case of HA so that failover happens as quickly as possible.

                                                                                                                                                                                                                                                                                                                                  func (*Core) ShutdownDone

                                                                                                                                                                                                                                                                                                                                  func (c *Core) ShutdownDone() <-chan struct{}

                                                                                                                                                                                                                                                                                                                                    ShutdownDone returns a channel that will be closed after Shutdown completes

                                                                                                                                                                                                                                                                                                                                    func (*Core) Standby

                                                                                                                                                                                                                                                                                                                                    func (c *Core) Standby() (bool, error)

                                                                                                                                                                                                                                                                                                                                      Standby checks if the Vault is in standby mode

                                                                                                                                                                                                                                                                                                                                      func (*Core) StandbyStates

                                                                                                                                                                                                                                                                                                                                      func (c *Core) StandbyStates() (standby, perfStandby bool)

                                                                                                                                                                                                                                                                                                                                        StandbyStates is meant as a way to avoid some extra locking on the very common sys/health check.

                                                                                                                                                                                                                                                                                                                                        func (*Core) StepDown

                                                                                                                                                                                                                                                                                                                                        func (c *Core) StepDown(httpCtx context.Context, req *logical.Request) (retErr error)

                                                                                                                                                                                                                                                                                                                                          StepDown is used to step down from leadership

                                                                                                                                                                                                                                                                                                                                          func (*Core) StorageType

                                                                                                                                                                                                                                                                                                                                          func (c *Core) StorageType() string

                                                                                                                                                                                                                                                                                                                                            StorageType returns a string equal to the storage configuration's type.

                                                                                                                                                                                                                                                                                                                                            func (*Core) UIEnabled

                                                                                                                                                                                                                                                                                                                                            func (c *Core) UIEnabled() bool

                                                                                                                                                                                                                                                                                                                                              UIEnabled returns if the UI is enabled

                                                                                                                                                                                                                                                                                                                                              func (*Core) UIHeaders

                                                                                                                                                                                                                                                                                                                                              func (c *Core) UIHeaders() (http.Header, error)

                                                                                                                                                                                                                                                                                                                                                UIHeaders returns configured UI headers

                                                                                                                                                                                                                                                                                                                                                func (*Core) Unseal

                                                                                                                                                                                                                                                                                                                                                func (c *Core) Unseal(key []byte) (bool, error)

                                                                                                                                                                                                                                                                                                                                                  Unseal is used to provide one of the key parts to unseal the Vault.

                                                                                                                                                                                                                                                                                                                                                  func (*Core) UnsealMigrate

                                                                                                                                                                                                                                                                                                                                                  func (c *Core) UnsealMigrate(key []byte) (bool, error)

                                                                                                                                                                                                                                                                                                                                                  func (*Core) UnsealWithStoredKeys

                                                                                                                                                                                                                                                                                                                                                  func (c *Core) UnsealWithStoredKeys(ctx context.Context) error

                                                                                                                                                                                                                                                                                                                                                    UnsealWithStoredKeys performs auto-unseal using stored keys. An error return value of "nil" implies the Vault instance is unsealed.

                                                                                                                                                                                                                                                                                                                                                    Callers should attempt to retry any NonFatalErrors. Callers should not re-attempt fatal errors.

                                                                                                                                                                                                                                                                                                                                                    func (*Core) ValidateWrappingToken

                                                                                                                                                                                                                                                                                                                                                    func (c *Core) ValidateWrappingToken(ctx context.Context, req *logical.Request) (valid bool, err error)

                                                                                                                                                                                                                                                                                                                                                      validateWrappingToken checks whether a token is a wrapping token. The passed in logical request will be updated if the wrapping token was provided within a JWT token.

                                                                                                                                                                                                                                                                                                                                                      type CoreConfig

                                                                                                                                                                                                                                                                                                                                                      type CoreConfig struct {
                                                                                                                                                                                                                                                                                                                                                      	DevToken string
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	BuiltinRegistry BuiltinRegistry
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	LogicalBackends map[string]logical.Factory
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	CredentialBackends map[string]logical.Factory
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	AuditBackends map[string]audit.Factory
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	Physical physical.Backend
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	StorageType string
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	// May be nil, which disables HA operations
                                                                                                                                                                                                                                                                                                                                                      	HAPhysical physical.HABackend
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	ServiceRegistration sr.ServiceRegistration
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	// Seal is the configured seal, or if none is configured explicitly, a
                                                                                                                                                                                                                                                                                                                                                      	// shamir seal.  In migration scenarios this is the new seal.
                                                                                                                                                                                                                                                                                                                                                      	Seal Seal
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	// Unwrap seal is the optional seal marked "disabled"; this is the old
                                                                                                                                                                                                                                                                                                                                                      	// seal in migration scenarios.
                                                                                                                                                                                                                                                                                                                                                      	UnwrapSeal Seal
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	SecureRandomReader io.Reader
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	Logger log.Logger
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	// Disables the trace display for Sentinel checks
                                                                                                                                                                                                                                                                                                                                                      	DisableSentinelTrace bool
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	// Disables the LRU cache on the physical backend
                                                                                                                                                                                                                                                                                                                                                      	DisableCache bool
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	// Disables mlock syscall
                                                                                                                                                                                                                                                                                                                                                      	DisableMlock bool
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	// Custom cache size for the LRU cache on the physical backend, or zero for default
                                                                                                                                                                                                                                                                                                                                                      	CacheSize int
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	// Set as the leader address for HA
                                                                                                                                                                                                                                                                                                                                                      	RedirectAddr string
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	// Set as the cluster address for HA
                                                                                                                                                                                                                                                                                                                                                      	ClusterAddr string
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	DefaultLeaseTTL time.Duration
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	MaxLeaseTTL time.Duration
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	ClusterName string
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	ClusterCipherSuites string
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	EnableUI bool
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	// Enable the raw endpoint
                                                                                                                                                                                                                                                                                                                                                      	EnableRaw bool
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	PluginDirectory string
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	DisableSealWrap bool
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	RawConfig *server.Config
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	ReloadFuncs     *map[string][]reloadutil.ReloadFunc
                                                                                                                                                                                                                                                                                                                                                      	ReloadFuncsLock *sync.RWMutex
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	// Licensing
                                                                                                                                                                                                                                                                                                                                                      	LicensingConfig *LicensingConfig
                                                                                                                                                                                                                                                                                                                                                      	// Don't set this unless in dev mode, ideally only when using inmem
                                                                                                                                                                                                                                                                                                                                                      	DevLicenseDuration time.Duration
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	DisablePerformanceStandby bool
                                                                                                                                                                                                                                                                                                                                                      	DisableIndexing           bool
                                                                                                                                                                                                                                                                                                                                                      	DisableKeyEncodingChecks  bool
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	AllLoggers []log.Logger
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	// Telemetry objects
                                                                                                                                                                                                                                                                                                                                                      	MetricsHelper *metricsutil.MetricsHelper
                                                                                                                                                                                                                                                                                                                                                      	MetricSink    *metricsutil.ClusterMetricSink
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	CounterSyncInterval time.Duration
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	RecoveryMode bool
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	ClusterNetworkLayer cluster.NetworkLayer
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	ClusterHeartbeatInterval time.Duration
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	// Activity log controls
                                                                                                                                                                                                                                                                                                                                                      	ActivityLogConfig ActivityLogCoreConfig
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	// number of workers to use for lease revocation in the expiration manager
                                                                                                                                                                                                                                                                                                                                                      	NumExpirationWorkers int
                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                                                                                                                      	// DisableAutopilot is used to disable autopilot subsystem in raft storage
                                                                                                                                                                                                                                                                                                                                                      	DisableAutopilot bool
                                                                                                                                                                                                                                                                                                                                                      	// contains filtered or unexported fields
                                                                                                                                                                                                                                                                                                                                                      }

                                                                                                                                                                                                                                                                                                                                                        CoreConfig is used to parameterize a core

                                                                                                                                                                                                                                                                                                                                                        func (CoreConfig) Clone

                                                                                                                                                                                                                                                                                                                                                        func (e CoreConfig) Clone() entCoreConfig

                                                                                                                                                                                                                                                                                                                                                        func (*CoreConfig) GetServiceRegistration

                                                                                                                                                                                                                                                                                                                                                        func (c *CoreConfig) GetServiceRegistration() sr.ServiceRegistration

                                                                                                                                                                                                                                                                                                                                                          GetServiceRegistration returns the config's ServiceRegistration, or nil if it does not exist.

                                                                                                                                                                                                                                                                                                                                                          type CubbyholeBackend

                                                                                                                                                                                                                                                                                                                                                          type CubbyholeBackend struct {
                                                                                                                                                                                                                                                                                                                                                          	*framework.Backend
                                                                                                                                                                                                                                                                                                                                                          	// contains filtered or unexported fields
                                                                                                                                                                                                                                                                                                                                                          }

                                                                                                                                                                                                                                                                                                                                                            CubbyholeBackend is used for storing secrets directly into the physical backend. The secrets are encrypted in the durable storage. This differs from kv in that every token has its own private storage view. The view is removed when the token expires.

                                                                                                                                                                                                                                                                                                                                                            type DatedRequestCounter

                                                                                                                                                                                                                                                                                                                                                            type DatedRequestCounter struct {
                                                                                                                                                                                                                                                                                                                                                            	// StartTime is when the period starts.
                                                                                                                                                                                                                                                                                                                                                            	StartTime time.Time `json:"start_time"`
                                                                                                                                                                                                                                                                                                                                                            	// RequestCounter counts requests.
                                                                                                                                                                                                                                                                                                                                                            	RequestCounter
                                                                                                                                                                                                                                                                                                                                                            }

                                                                                                                                                                                                                                                                                                                                                              DatedRequestCounter holds request counters from a single period of time.

                                                                                                                                                                                                                                                                                                                                                              type DeadlockMutex

                                                                                                                                                                                                                                                                                                                                                              type DeadlockMutex struct {
                                                                                                                                                                                                                                                                                                                                                              	sync.Mutex
                                                                                                                                                                                                                                                                                                                                                              }

                                                                                                                                                                                                                                                                                                                                                                DeadlockMutex is just a sync.Mutex when the build tag `deadlock` is absent. See its other definition in the corresponding deadlock-build-tag-constrained file for more details.

                                                                                                                                                                                                                                                                                                                                                                type DeadlockRWMutex

                                                                                                                                                                                                                                                                                                                                                                type DeadlockRWMutex struct {
                                                                                                                                                                                                                                                                                                                                                                	sync.RWMutex
                                                                                                                                                                                                                                                                                                                                                                }

                                                                                                                                                                                                                                                                                                                                                                  DeadlockRWMutex is the RW version of DeadlockMutex.

                                                                                                                                                                                                                                                                                                                                                                  type EchoReply

                                                                                                                                                                                                                                                                                                                                                                  type EchoReply struct {
                                                                                                                                                                                                                                                                                                                                                                  	Message          string           `protobuf:"bytes,1,opt,name=message,proto3" json:"message,omitempty"`
                                                                                                                                                                                                                                                                                                                                                                  	ClusterAddrs     []string         `protobuf:"bytes,2,rep,name=cluster_addrs,json=clusterAddrs,proto3" json:"cluster_addrs,omitempty"`
                                                                                                                                                                                                                                                                                                                                                                  	ReplicationState uint32           `protobuf:"varint,3,opt,name=replication_state,json=replicationState,proto3" json:"replication_state,omitempty"`
                                                                                                                                                                                                                                                                                                                                                                  	RaftAppliedIndex uint64           `protobuf:"varint,4,opt,name=raft_applied_index,json=raftAppliedIndex,proto3" json:"raft_applied_index,omitempty"`
                                                                                                                                                                                                                                                                                                                                                                  	RaftNodeID       string           `protobuf:"bytes,5,opt,name=raft_node_id,json=raftNodeId,proto3" json:"raft_node_id,omitempty"`
                                                                                                                                                                                                                                                                                                                                                                  	NodeInfo         *NodeInformation `protobuf:"bytes,6,opt,name=node_info,json=nodeInfo,proto3" json:"node_info,omitempty"`
                                                                                                                                                                                                                                                                                                                                                                  	// contains filtered or unexported fields
                                                                                                                                                                                                                                                                                                                                                                  }

                                                                                                                                                                                                                                                                                                                                                                  func (*EchoReply) Descriptor

                                                                                                                                                                                                                                                                                                                                                                  func (*EchoReply) Descriptor() ([]byte, []int)

                                                                                                                                                                                                                                                                                                                                                                    Deprecated: Use EchoReply.ProtoReflect.Descriptor instead.

                                                                                                                                                                                                                                                                                                                                                                    func (*EchoReply) GetClusterAddrs

                                                                                                                                                                                                                                                                                                                                                                    func (x *EchoReply) GetClusterAddrs() []string

                                                                                                                                                                                                                                                                                                                                                                    func (*EchoReply) GetMessage

                                                                                                                                                                                                                                                                                                                                                                    func (x *EchoReply) GetMessage() string

                                                                                                                                                                                                                                                                                                                                                                    func (*EchoReply) GetNodeInfo

                                                                                                                                                                                                                                                                                                                                                                    func (x *EchoReply) GetNodeInfo() *NodeInformation

                                                                                                                                                                                                                                                                                                                                                                    func (*EchoReply) GetRaftAppliedIndex

                                                                                                                                                                                                                                                                                                                                                                    func (x *EchoReply) GetRaftAppliedIndex() uint64

                                                                                                                                                                                                                                                                                                                                                                    func (*EchoReply) GetRaftNodeID

                                                                                                                                                                                                                                                                                                                                                                    func (x *EchoReply) GetRaftNodeID() string

                                                                                                                                                                                                                                                                                                                                                                    func (*EchoReply) GetReplicationState

                                                                                                                                                                                                                                                                                                                                                                    func (x *EchoReply) GetReplicationState() uint32

                                                                                                                                                                                                                                                                                                                                                                    func (*EchoReply) ProtoMessage

                                                                                                                                                                                                                                                                                                                                                                    func (*EchoReply) ProtoMessage()

                                                                                                                                                                                                                                                                                                                                                                    func (*EchoReply) ProtoReflect

                                                                                                                                                                                                                                                                                                                                                                    func (x *EchoReply) ProtoReflect() protoreflect.Message

                                                                                                                                                                                                                                                                                                                                                                    func (*EchoReply) Reset

                                                                                                                                                                                                                                                                                                                                                                    func (x *EchoReply) Reset()

                                                                                                                                                                                                                                                                                                                                                                    func (*EchoReply) String

                                                                                                                                                                                                                                                                                                                                                                    func (x *EchoReply) String() string

                                                                                                                                                                                                                                                                                                                                                                    type EchoRequest

                                                                                                                                                                                                                                                                                                                                                                    type EchoRequest struct {
                                                                                                                                                                                                                                                                                                                                                                    	Message string `protobuf:"bytes,1,opt,name=message,proto3" json:"message,omitempty"`
                                                                                                                                                                                                                                                                                                                                                                    	// ClusterAddr is used to send up a standby node's address to the active
                                                                                                                                                                                                                                                                                                                                                                    	// node upon heartbeat
                                                                                                                                                                                                                                                                                                                                                                    	ClusterAddr string `protobuf:"bytes,2,opt,name=cluster_addr,json=clusterAddr,proto3" json:"cluster_addr,omitempty"`
                                                                                                                                                                                                                                                                                                                                                                    	// ClusterAddrs is used to send up a list of cluster addresses to a dr
                                                                                                                                                                                                                                                                                                                                                                    	// primary from a dr secondary
                                                                                                                                                                                                                                                                                                                                                                    	ClusterAddrs        []string         `protobuf:"bytes,3,rep,name=cluster_addrs,json=clusterAddrs,proto3" json:"cluster_addrs,omitempty"`
                                                                                                                                                                                                                                                                                                                                                                    	RaftAppliedIndex    uint64           `protobuf:"varint,4,opt,name=raft_applied_index,json=raftAppliedIndex,proto3" json:"raft_applied_index,omitempty"`
                                                                                                                                                                                                                                                                                                                                                                    	RaftNodeID          string           `protobuf:"bytes,5,opt,name=raft_node_id,json=raftNodeId,proto3" json:"raft_node_id,omitempty"`
                                                                                                                                                                                                                                                                                                                                                                    	NodeInfo            *NodeInformation `protobuf:"bytes,6,opt,name=node_info,json=nodeInfo,proto3" json:"node_info,omitempty"`
                                                                                                                                                                                                                                                                                                                                                                    	RaftTerm            uint64           `protobuf:"varint,7,opt,name=raft_term,json=raftTerm,proto3" json:"raft_term,omitempty"`
                                                                                                                                                                                                                                                                                                                                                                    	RaftDesiredSuffrage string           `protobuf:"bytes,8,opt,name=raft_desired_suffrage,json=raftDesiredSuffrage,proto3" json:"raft_desired_suffrage,omitempty"`
                                                                                                                                                                                                                                                                                                                                                                    	// contains filtered or unexported fields
                                                                                                                                                                                                                                                                                                                                                                    }

                                                                                                                                                                                                                                                                                                                                                                    func (*EchoRequest) Descriptor

                                                                                                                                                                                                                                                                                                                                                                    func (*EchoRequest) Descriptor() ([]byte, []int)

                                                                                                                                                                                                                                                                                                                                                                      Deprecated: Use EchoRequest.ProtoReflect.Descriptor instead.

                                                                                                                                                                                                                                                                                                                                                                      func (*EchoRequest) GetClusterAddr

                                                                                                                                                                                                                                                                                                                                                                      func (x *EchoRequest) GetClusterAddr() string

                                                                                                                                                                                                                                                                                                                                                                      func (*EchoRequest) GetClusterAddrs

                                                                                                                                                                                                                                                                                                                                                                      func (x *EchoRequest) GetClusterAddrs() []string

                                                                                                                                                                                                                                                                                                                                                                      func (*EchoRequest) GetMessage

                                                                                                                                                                                                                                                                                                                                                                      func (x *EchoRequest) GetMessage() string

                                                                                                                                                                                                                                                                                                                                                                      func (*EchoRequest) GetNodeInfo

                                                                                                                                                                                                                                                                                                                                                                      func (x *EchoRequest) GetNodeInfo() *NodeInformation

                                                                                                                                                                                                                                                                                                                                                                      func (*EchoRequest) GetRaftAppliedIndex

                                                                                                                                                                                                                                                                                                                                                                      func (x *EchoRequest) GetRaftAppliedIndex() uint64

                                                                                                                                                                                                                                                                                                                                                                      func (*EchoRequest) GetRaftDesiredSuffrage

                                                                                                                                                                                                                                                                                                                                                                      func (x *EchoRequest) GetRaftDesiredSuffrage() string

                                                                                                                                                                                                                                                                                                                                                                      func (*EchoRequest) GetRaftNodeID

                                                                                                                                                                                                                                                                                                                                                                      func (x *EchoRequest) GetRaftNodeID() string

                                                                                                                                                                                                                                                                                                                                                                      func (*EchoRequest) GetRaftTerm

                                                                                                                                                                                                                                                                                                                                                                      func (x *EchoRequest) GetRaftTerm() uint64

                                                                                                                                                                                                                                                                                                                                                                      func (*EchoRequest) ProtoMessage

                                                                                                                                                                                                                                                                                                                                                                      func (*EchoRequest) ProtoMessage()

                                                                                                                                                                                                                                                                                                                                                                      func (*EchoRequest) ProtoReflect

                                                                                                                                                                                                                                                                                                                                                                      func (x *EchoRequest) ProtoReflect() protoreflect.Message

                                                                                                                                                                                                                                                                                                                                                                      func (*EchoRequest) Reset

                                                                                                                                                                                                                                                                                                                                                                      func (x *EchoRequest) Reset()

                                                                                                                                                                                                                                                                                                                                                                      func (*EchoRequest) String

                                                                                                                                                                                                                                                                                                                                                                      func (x *EchoRequest) String() string

                                                                                                                                                                                                                                                                                                                                                                      type EncodedKeyring

                                                                                                                                                                                                                                                                                                                                                                      type EncodedKeyring struct {
                                                                                                                                                                                                                                                                                                                                                                      	MasterKey      []byte
                                                                                                                                                                                                                                                                                                                                                                      	Keys           []*Key
                                                                                                                                                                                                                                                                                                                                                                      	RotationConfig KeyRotationConfig
                                                                                                                                                                                                                                                                                                                                                                      }

                                                                                                                                                                                                                                                                                                                                                                        EncodedKeyring is used for serialization of the keyring

                                                                                                                                                                                                                                                                                                                                                                        type EntityCounter

                                                                                                                                                                                                                                                                                                                                                                        type EntityCounter struct {
                                                                                                                                                                                                                                                                                                                                                                        	// Total is the total number of entities
                                                                                                                                                                                                                                                                                                                                                                        	Total int `json:"total"`
                                                                                                                                                                                                                                                                                                                                                                        }

                                                                                                                                                                                                                                                                                                                                                                          EntityCounter counts the number of entities

                                                                                                                                                                                                                                                                                                                                                                          type ErrDecrypt

                                                                                                                                                                                                                                                                                                                                                                          type ErrDecrypt struct {
                                                                                                                                                                                                                                                                                                                                                                          	Err error
                                                                                                                                                                                                                                                                                                                                                                          }

                                                                                                                                                                                                                                                                                                                                                                          func (*ErrDecrypt) Error

                                                                                                                                                                                                                                                                                                                                                                          func (e *ErrDecrypt) Error() string

                                                                                                                                                                                                                                                                                                                                                                          func (*ErrDecrypt) Is

                                                                                                                                                                                                                                                                                                                                                                          func (e *ErrDecrypt) Is(target error) bool

                                                                                                                                                                                                                                                                                                                                                                          type ErrEncrypt

                                                                                                                                                                                                                                                                                                                                                                          type ErrEncrypt struct {
                                                                                                                                                                                                                                                                                                                                                                          	Err error
                                                                                                                                                                                                                                                                                                                                                                          }

                                                                                                                                                                                                                                                                                                                                                                          func (*ErrEncrypt) Error

                                                                                                                                                                                                                                                                                                                                                                          func (e *ErrEncrypt) Error() string

                                                                                                                                                                                                                                                                                                                                                                          func (*ErrEncrypt) Is

                                                                                                                                                                                                                                                                                                                                                                          func (e *ErrEncrypt) Is(target error) bool

                                                                                                                                                                                                                                                                                                                                                                          type ErrInvalidKey

                                                                                                                                                                                                                                                                                                                                                                          type ErrInvalidKey struct {
                                                                                                                                                                                                                                                                                                                                                                          	Reason string
                                                                                                                                                                                                                                                                                                                                                                          }

                                                                                                                                                                                                                                                                                                                                                                            ErrInvalidKey is returned if there is a user-based error with a provided unseal key. This will be shown to the user, so should not contain information that is sensitive.

                                                                                                                                                                                                                                                                                                                                                                            func (*ErrInvalidKey) Error

                                                                                                                                                                                                                                                                                                                                                                            func (e *ErrInvalidKey) Error() string

                                                                                                                                                                                                                                                                                                                                                                            type ExpirationManager

                                                                                                                                                                                                                                                                                                                                                                            type ExpirationManager struct {
                                                                                                                                                                                                                                                                                                                                                                            	// contains filtered or unexported fields
                                                                                                                                                                                                                                                                                                                                                                            }

                                                                                                                                                                                                                                                                                                                                                                              ExpirationManager is used by the Core to manage leases. Secrets can provide a lease, meaning that they can be renewed or revoked. If a secret is not renewed in timely manner, it may be expired, and the ExpirationManager will handle doing automatic revocation.

                                                                                                                                                                                                                                                                                                                                                                              func NewExpirationManager

                                                                                                                                                                                                                                                                                                                                                                              func NewExpirationManager(c *Core, view *BarrierView, e ExpireLeaseStrategy, logger log.Logger) *ExpirationManager

                                                                                                                                                                                                                                                                                                                                                                                NewExpirationManager creates a new ExpirationManager that is backed using a given view, and uses the provided router for revocation.

                                                                                                                                                                                                                                                                                                                                                                                func (*ExpirationManager) CreateOrFetchRevocationLeaseByToken

                                                                                                                                                                                                                                                                                                                                                                                func (m *ExpirationManager) CreateOrFetchRevocationLeaseByToken(ctx context.Context, te *logical.TokenEntry) (string, error)

                                                                                                                                                                                                                                                                                                                                                                                  CreateOrFetchRevocationLeaseByToken is used to create or fetch the matching leaseID for a particular token. The lease is set to expire immediately after it's created.

                                                                                                                                                                                                                                                                                                                                                                                  func (*ExpirationManager) FetchLeaseTimes

                                                                                                                                                                                                                                                                                                                                                                                  func (m *ExpirationManager) FetchLeaseTimes(ctx context.Context, leaseID string) (*leaseEntry, error)

                                                                                                                                                                                                                                                                                                                                                                                    FetchLeaseTimes is used to fetch the issue time, expiration time, and last renewed time of a lease entry. It returns a leaseEntry itself, but with only those values copied over.

                                                                                                                                                                                                                                                                                                                                                                                    func (*ExpirationManager) FetchLeaseTimesByToken

                                                                                                                                                                                                                                                                                                                                                                                    func (m *ExpirationManager) FetchLeaseTimesByToken(ctx context.Context, te *logical.TokenEntry) (*leaseEntry, error)

                                                                                                                                                                                                                                                                                                                                                                                      FetchLeaseTimesByToken is a helper function to use token values to compute the leaseID, rather than pushing that logic back into the token store. As a special case, for a batch token it simply returns the information encoded on it.

                                                                                                                                                                                                                                                                                                                                                                                      func (*ExpirationManager) LazyRevoke

                                                                                                                                                                                                                                                                                                                                                                                      func (m *ExpirationManager) LazyRevoke(ctx context.Context, leaseID string) error

                                                                                                                                                                                                                                                                                                                                                                                        LazyRevoke is used to queue revocation for a secret named by the given LeaseID. If the lease was not found it returns nil; if the lease was found it triggers a return of a 202.

                                                                                                                                                                                                                                                                                                                                                                                        func (*ExpirationManager) Register

                                                                                                                                                                                                                                                                                                                                                                                        func (m *ExpirationManager) Register(ctx context.Context, req *logical.Request, resp *logical.Response) (id string, retErr error)

                                                                                                                                                                                                                                                                                                                                                                                          Register is used to take a request and response with an associated lease. The secret gets assigned a LeaseID and the management of of lease is assumed by the expiration manager.

                                                                                                                                                                                                                                                                                                                                                                                          func (*ExpirationManager) RegisterAuth

                                                                                                                                                                                                                                                                                                                                                                                          func (m *ExpirationManager) RegisterAuth(ctx context.Context, te *logical.TokenEntry, auth *logical.Auth) error

                                                                                                                                                                                                                                                                                                                                                                                            RegisterAuth is used to take an Auth response with an associated lease. The token does not get a LeaseID, but the lease management is handled by the expiration manager.

                                                                                                                                                                                                                                                                                                                                                                                            func (*ExpirationManager) Renew

                                                                                                                                                                                                                                                                                                                                                                                            func (m *ExpirationManager) Renew(ctx context.Context, leaseID string, increment time.Duration) (*logical.Response, error)

                                                                                                                                                                                                                                                                                                                                                                                              Renew is used to renew a secret using the given leaseID and a renew interval. The increment may be ignored.

                                                                                                                                                                                                                                                                                                                                                                                              func (*ExpirationManager) RenewToken

                                                                                                                                                                                                                                                                                                                                                                                              func (m *ExpirationManager) RenewToken(ctx context.Context, req *logical.Request, te *logical.TokenEntry,
                                                                                                                                                                                                                                                                                                                                                                                              	increment time.Duration) (*logical.Response, error)

                                                                                                                                                                                                                                                                                                                                                                                                RenewToken is used to renew a token which does not need to invoke a logical backend.

                                                                                                                                                                                                                                                                                                                                                                                                func (*ExpirationManager) Restore

                                                                                                                                                                                                                                                                                                                                                                                                func (m *ExpirationManager) Restore(errorFunc func()) (retErr error)

                                                                                                                                                                                                                                                                                                                                                                                                  Restore is used to recover the lease states when starting. This is used after starting the vault.

                                                                                                                                                                                                                                                                                                                                                                                                  func (*ExpirationManager) Revoke

                                                                                                                                                                                                                                                                                                                                                                                                  func (m *ExpirationManager) Revoke(ctx context.Context, leaseID string) error

                                                                                                                                                                                                                                                                                                                                                                                                    Revoke is used to revoke a secret named by the given LeaseID

                                                                                                                                                                                                                                                                                                                                                                                                    func (*ExpirationManager) RevokeByToken

                                                                                                                                                                                                                                                                                                                                                                                                    func (m *ExpirationManager) RevokeByToken(ctx context.Context, te *logical.TokenEntry) error

                                                                                                                                                                                                                                                                                                                                                                                                      RevokeByToken is used to revoke all the secrets issued with a given token. This is done by using the secondary index. It also removes the lease entry for the token itself. As a result it should *ONLY* ever be called from the token store's revokeSalted function.

                                                                                                                                                                                                                                                                                                                                                                                                      func (*ExpirationManager) RevokeForce

                                                                                                                                                                                                                                                                                                                                                                                                      func (m *ExpirationManager) RevokeForce(ctx context.Context, prefix string) error

                                                                                                                                                                                                                                                                                                                                                                                                        RevokeForce works similarly to RevokePrefix but continues in the case of a revocation error; this is mostly meant for recovery operations

                                                                                                                                                                                                                                                                                                                                                                                                        func (*ExpirationManager) RevokePrefix

                                                                                                                                                                                                                                                                                                                                                                                                        func (m *ExpirationManager) RevokePrefix(ctx context.Context, prefix string, sync bool) error

                                                                                                                                                                                                                                                                                                                                                                                                          RevokePrefix is used to revoke all secrets with a given prefix. The prefix maps to that of the mount table to make this simpler to reason about.

                                                                                                                                                                                                                                                                                                                                                                                                          func (*ExpirationManager) Stop

                                                                                                                                                                                                                                                                                                                                                                                                          func (m *ExpirationManager) Stop() error

                                                                                                                                                                                                                                                                                                                                                                                                            Stop is used to prevent further automatic revocations. This must be called before sealing the view.

                                                                                                                                                                                                                                                                                                                                                                                                            func (*ExpirationManager) Tidy

                                                                                                                                                                                                                                                                                                                                                                                                            func (m *ExpirationManager) Tidy(ctx context.Context) error

                                                                                                                                                                                                                                                                                                                                                                                                              Tidy cleans up the dangling storage entries for leases. It scans the storage view to find all the available leases, checks if the token embedded in it is either empty or invalid and in both the cases, it revokes them. It also uses a token cache to avoid multiple lookups of the same token ID. It is normally not required to use the API that invokes this. This is only intended to clean up the corrupt storage due to bugs.

                                                                                                                                                                                                                                                                                                                                                                                                              func (*ExpirationManager) WalkTokens

                                                                                                                                                                                                                                                                                                                                                                                                              func (m *ExpirationManager) WalkTokens(walkFn ExpirationWalkFunction) error

                                                                                                                                                                                                                                                                                                                                                                                                                WalkTokens extracts the Auth structure from leases corresponding to tokens. Returning false from the walk function terminates the iteration.

                                                                                                                                                                                                                                                                                                                                                                                                                type ExpirationWalkFunction

                                                                                                                                                                                                                                                                                                                                                                                                                type ExpirationWalkFunction = func(leaseID string, auth *logical.Auth, path string) bool

                                                                                                                                                                                                                                                                                                                                                                                                                  Callback function type to walk tokens referenced in the expiration manager. Don't want to use leaseEntry here because it's an unexported type (though most likely we would only call this from within the "vault" core package.)

                                                                                                                                                                                                                                                                                                                                                                                                                  type FeatureFlags

                                                                                                                                                                                                                                                                                                                                                                                                                  type FeatureFlags struct {
                                                                                                                                                                                                                                                                                                                                                                                                                  	NamespacesCubbyholesLocal bool `json:"namespace_cubbyholes_local"`
                                                                                                                                                                                                                                                                                                                                                                                                                  }

                                                                                                                                                                                                                                                                                                                                                                                                                  type GenerateRootConfig

                                                                                                                                                                                                                                                                                                                                                                                                                  type GenerateRootConfig struct {
                                                                                                                                                                                                                                                                                                                                                                                                                  	Nonce          string
                                                                                                                                                                                                                                                                                                                                                                                                                  	PGPKey         string
                                                                                                                                                                                                                                                                                                                                                                                                                  	PGPFingerprint string
                                                                                                                                                                                                                                                                                                                                                                                                                  	OTP            string
                                                                                                                                                                                                                                                                                                                                                                                                                  	Strategy       GenerateRootStrategy
                                                                                                                                                                                                                                                                                                                                                                                                                  }

                                                                                                                                                                                                                                                                                                                                                                                                                    GenerateRootConfig holds the configuration for a root generation command.

                                                                                                                                                                                                                                                                                                                                                                                                                    type GenerateRootResult

                                                                                                                                                                                                                                                                                                                                                                                                                    type GenerateRootResult struct {
                                                                                                                                                                                                                                                                                                                                                                                                                    	Progress       int
                                                                                                                                                                                                                                                                                                                                                                                                                    	Required       int
                                                                                                                                                                                                                                                                                                                                                                                                                    	EncodedToken   string
                                                                                                                                                                                                                                                                                                                                                                                                                    	PGPFingerprint string
                                                                                                                                                                                                                                                                                                                                                                                                                    }

                                                                                                                                                                                                                                                                                                                                                                                                                      GenerateRootResult holds the result of a root generation update command

                                                                                                                                                                                                                                                                                                                                                                                                                      type GenerateRootStrategy

                                                                                                                                                                                                                                                                                                                                                                                                                      type GenerateRootStrategy interface {
                                                                                                                                                                                                                                                                                                                                                                                                                      	// contains filtered or unexported methods
                                                                                                                                                                                                                                                                                                                                                                                                                      }

                                                                                                                                                                                                                                                                                                                                                                                                                        GenerateRootStrategy allows us to swap out the strategy we want to use to create a token upon completion of the generate root process.

                                                                                                                                                                                                                                                                                                                                                                                                                        var (
                                                                                                                                                                                                                                                                                                                                                                                                                        	// GenerateStandardRootTokenStrategy is the strategy used to generate a
                                                                                                                                                                                                                                                                                                                                                                                                                        	// typical root token
                                                                                                                                                                                                                                                                                                                                                                                                                        	GenerateStandardRootTokenStrategy GenerateRootStrategy = generateStandardRootToken{}
                                                                                                                                                                                                                                                                                                                                                                                                                        
                                                                                                                                                                                                                                                                                                                                                                                                                        	// GenerateDROperationTokenStrategy is the strategy used to generate a
                                                                                                                                                                                                                                                                                                                                                                                                                        	// DR operational token
                                                                                                                                                                                                                                                                                                                                                                                                                        	GenerateDROperationTokenStrategy GenerateRootStrategy = generateStandardRootToken{}
                                                                                                                                                                                                                                                                                                                                                                                                                        )

                                                                                                                                                                                                                                                                                                                                                                                                                        func GenerateRecoveryTokenStrategy

                                                                                                                                                                                                                                                                                                                                                                                                                        func GenerateRecoveryTokenStrategy(token *atomic.String) GenerateRootStrategy

                                                                                                                                                                                                                                                                                                                                                                                                                          GenerateRecoveryTokenStrategy is the strategy used to generate a recovery token

                                                                                                                                                                                                                                                                                                                                                                                                                          type HandlerProperties

                                                                                                                                                                                                                                                                                                                                                                                                                          type HandlerProperties struct {
                                                                                                                                                                                                                                                                                                                                                                                                                          	Core                  *Core
                                                                                                                                                                                                                                                                                                                                                                                                                          	ListenerConfig        *configutil.Listener
                                                                                                                                                                                                                                                                                                                                                                                                                          	DisablePrintableCheck bool
                                                                                                                                                                                                                                                                                                                                                                                                                          	RecoveryMode          bool
                                                                                                                                                                                                                                                                                                                                                                                                                          	RecoveryToken         *uberAtomic.String
                                                                                                                                                                                                                                                                                                                                                                                                                          }

                                                                                                                                                                                                                                                                                                                                                                                                                            HandlerProperties is used to seed configuration into a vaulthttp.Handler. It's in this package to avoid a circular dependency

                                                                                                                                                                                                                                                                                                                                                                                                                            type IdentityFactor

                                                                                                                                                                                                                                                                                                                                                                                                                            type IdentityFactor struct {
                                                                                                                                                                                                                                                                                                                                                                                                                            	GroupIDs          []string `hcl:"group_ids"`
                                                                                                                                                                                                                                                                                                                                                                                                                            	GroupNames        []string `hcl:"group_names"`
                                                                                                                                                                                                                                                                                                                                                                                                                            	ApprovalsRequired int      `hcl:"approvals"`
                                                                                                                                                                                                                                                                                                                                                                                                                            }

                                                                                                                                                                                                                                                                                                                                                                                                                            type IdentityStore

                                                                                                                                                                                                                                                                                                                                                                                                                            type IdentityStore struct {
                                                                                                                                                                                                                                                                                                                                                                                                                            	// IdentityStore is a secret backend in Vault
                                                                                                                                                                                                                                                                                                                                                                                                                            	*framework.Backend
                                                                                                                                                                                                                                                                                                                                                                                                                            	// contains filtered or unexported fields
                                                                                                                                                                                                                                                                                                                                                                                                                            }

                                                                                                                                                                                                                                                                                                                                                                                                                              IdentityStore is composed of its own storage view and a MemDB which maintains active in-memory replicas of the storage contents indexed by multiple fields.

                                                                                                                                                                                                                                                                                                                                                                                                                              func NewIdentityStore

                                                                                                                                                                                                                                                                                                                                                                                                                              func NewIdentityStore(ctx context.Context, core *Core, config *logical.BackendConfig, logger log.Logger) (*IdentityStore, error)

                                                                                                                                                                                                                                                                                                                                                                                                                              func (*IdentityStore) CreateOrFetchEntity

                                                                                                                                                                                                                                                                                                                                                                                                                              func (i *IdentityStore) CreateOrFetchEntity(ctx context.Context, alias *logical.Alias) (*identity.Entity, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                CreateOrFetchEntity creates a new entity. This is used by core to associate each login attempt by an alias to a unified entity in Vault.

                                                                                                                                                                                                                                                                                                                                                                                                                                func (*IdentityStore) Invalidate

                                                                                                                                                                                                                                                                                                                                                                                                                                func (i *IdentityStore) Invalidate(ctx context.Context, key string)

                                                                                                                                                                                                                                                                                                                                                                                                                                  Invalidate is a callback wherein the backend is informed that the value at the given key is updated. In identity store's case, it would be the entity storage entries that get updated. The value needs to be read and MemDB needs to be updated accordingly.

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*IdentityStore) MemDBAliasByFactors

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (i *IdentityStore) MemDBAliasByFactors(mountAccessor, aliasName string, clone bool, groupAlias bool) (*identity.Alias, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*IdentityStore) MemDBAliasByFactorsInTxn

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (i *IdentityStore) MemDBAliasByFactorsInTxn(txn *memdb.Txn, mountAccessor, aliasName string, clone bool, groupAlias bool) (*identity.Alias, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*IdentityStore) MemDBAliasByID

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (i *IdentityStore) MemDBAliasByID(aliasID string, clone bool, groupAlias bool) (*identity.Alias, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*IdentityStore) MemDBAliasByIDInTxn

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (i *IdentityStore) MemDBAliasByIDInTxn(txn *memdb.Txn, aliasID string, clone bool, groupAlias bool) (*identity.Alias, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*IdentityStore) MemDBAliases

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (i *IdentityStore) MemDBAliases(ws memdb.WatchSet, groupAlias bool) (memdb.ResultIterator, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*IdentityStore) MemDBDeleteAliasByIDInTxn

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (i *IdentityStore) MemDBDeleteAliasByIDInTxn(txn *memdb.Txn, aliasID string, groupAlias bool) error

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*IdentityStore) MemDBDeleteEntityByID

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (i *IdentityStore) MemDBDeleteEntityByID(entityID string) error

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*IdentityStore) MemDBDeleteEntityByIDInTxn

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (i *IdentityStore) MemDBDeleteEntityByIDInTxn(txn *memdb.Txn, entityID string) error

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*IdentityStore) MemDBDeleteGroupByIDInTxn

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (i *IdentityStore) MemDBDeleteGroupByIDInTxn(txn *memdb.Txn, groupID string) error

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*IdentityStore) MemDBEntitiesByBucketKeyInTxn

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (i *IdentityStore) MemDBEntitiesByBucketKeyInTxn(txn *memdb.Txn, bucketKey string) ([]*identity.Entity, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*IdentityStore) MemDBEntityByAliasID

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (i *IdentityStore) MemDBEntityByAliasID(aliasID string, clone bool) (*identity.Entity, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*IdentityStore) MemDBEntityByAliasIDInTxn

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (i *IdentityStore) MemDBEntityByAliasIDInTxn(txn *memdb.Txn, aliasID string, clone bool) (*identity.Entity, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*IdentityStore) MemDBEntityByID

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (i *IdentityStore) MemDBEntityByID(entityID string, clone bool) (*identity.Entity, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*IdentityStore) MemDBEntityByIDInTxn

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (i *IdentityStore) MemDBEntityByIDInTxn(txn *memdb.Txn, entityID string, clone bool) (*identity.Entity, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*IdentityStore) MemDBEntityByMergedEntityID

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (i *IdentityStore) MemDBEntityByMergedEntityID(mergedEntityID string, clone bool) (*identity.Entity, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*IdentityStore) MemDBEntityByName

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (i *IdentityStore) MemDBEntityByName(ctx context.Context, entityName string, clone bool) (*identity.Entity, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*IdentityStore) MemDBEntityByNameInTxn

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (i *IdentityStore) MemDBEntityByNameInTxn(ctx context.Context, txn *memdb.Txn, entityName string, clone bool) (*identity.Entity, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*IdentityStore) MemDBGroupByAliasID

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (i *IdentityStore) MemDBGroupByAliasID(aliasID string, clone bool) (*identity.Group, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*IdentityStore) MemDBGroupByAliasIDInTxn

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (i *IdentityStore) MemDBGroupByAliasIDInTxn(txn *memdb.Txn, aliasID string, clone bool) (*identity.Group, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*IdentityStore) MemDBGroupByID

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (i *IdentityStore) MemDBGroupByID(groupID string, clone bool) (*identity.Group, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*IdentityStore) MemDBGroupByIDInTxn

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (i *IdentityStore) MemDBGroupByIDInTxn(txn *memdb.Txn, groupID string, clone bool) (*identity.Group, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*IdentityStore) MemDBGroupByName

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (i *IdentityStore) MemDBGroupByName(ctx context.Context, groupName string, clone bool) (*identity.Group, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*IdentityStore) MemDBGroupByNameInTxn

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (i *IdentityStore) MemDBGroupByNameInTxn(ctx context.Context, txn *memdb.Txn, groupName string, clone bool) (*identity.Group, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*IdentityStore) MemDBGroupsByBucketKeyInTxn

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (i *IdentityStore) MemDBGroupsByBucketKeyInTxn(txn *memdb.Txn, bucketKey string) ([]*identity.Group, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*IdentityStore) MemDBGroupsByMemberEntityID

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (i *IdentityStore) MemDBGroupsByMemberEntityID(entityID string, clone bool, externalOnly bool) ([]*identity.Group, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*IdentityStore) MemDBGroupsByMemberEntityIDInTxn

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (i *IdentityStore) MemDBGroupsByMemberEntityIDInTxn(txn *memdb.Txn, entityID string, clone bool, externalOnly bool) ([]*identity.Group, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*IdentityStore) MemDBGroupsByParentGroupID

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (i *IdentityStore) MemDBGroupsByParentGroupID(memberGroupID string, clone bool) ([]*identity.Group, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*IdentityStore) MemDBGroupsByParentGroupIDInTxn

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (i *IdentityStore) MemDBGroupsByParentGroupIDInTxn(txn *memdb.Txn, memberGroupID string, clone bool) ([]*identity.Group, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*IdentityStore) MemDBUpsertAliasInTxn

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (i *IdentityStore) MemDBUpsertAliasInTxn(txn *memdb.Txn, alias *identity.Alias, groupAlias bool) error

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*IdentityStore) MemDBUpsertEntityInTxn

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (i *IdentityStore) MemDBUpsertEntityInTxn(txn *memdb.Txn, entity *identity.Entity) error

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*IdentityStore) MemDBUpsertGroupInTxn

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (i *IdentityStore) MemDBUpsertGroupInTxn(txn *memdb.Txn, group *identity.Group) error

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*IdentityStore) UpsertGroup

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (i *IdentityStore) UpsertGroup(ctx context.Context, group *identity.Group, persist bool) error

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*IdentityStore) UpsertGroupInTxn

                                                                                                                                                                                                                                                                                                                                                                                                                                  func (i *IdentityStore) UpsertGroupInTxn(ctx context.Context, txn *memdb.Txn, group *identity.Group, persist bool) error

                                                                                                                                                                                                                                                                                                                                                                                                                                  type InitParams

                                                                                                                                                                                                                                                                                                                                                                                                                                  type InitParams struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                  	BarrierConfig   *SealConfig
                                                                                                                                                                                                                                                                                                                                                                                                                                  	RecoveryConfig  *SealConfig
                                                                                                                                                                                                                                                                                                                                                                                                                                  	RootTokenPGPKey string
                                                                                                                                                                                                                                                                                                                                                                                                                                  	// LegacyShamirSeal should only be used in test code, we don't want to
                                                                                                                                                                                                                                                                                                                                                                                                                                  	// give the user a way to create legacy shamir seals.
                                                                                                                                                                                                                                                                                                                                                                                                                                  	LegacyShamirSeal bool
                                                                                                                                                                                                                                                                                                                                                                                                                                  }

                                                                                                                                                                                                                                                                                                                                                                                                                                    InitParams keeps the init function from being littered with too many params, that's it!

                                                                                                                                                                                                                                                                                                                                                                                                                                    type InitResult

                                                                                                                                                                                                                                                                                                                                                                                                                                    type InitResult struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                    	SecretShares   [][]byte
                                                                                                                                                                                                                                                                                                                                                                                                                                    	RecoveryShares [][]byte
                                                                                                                                                                                                                                                                                                                                                                                                                                    	RootToken      string
                                                                                                                                                                                                                                                                                                                                                                                                                                    }

                                                                                                                                                                                                                                                                                                                                                                                                                                      InitResult is used to provide the key parts back after they are generated as part of the initialization.

                                                                                                                                                                                                                                                                                                                                                                                                                                      type InitializableBackend

                                                                                                                                                                                                                                                                                                                                                                                                                                      type InitializableBackend struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                      	*NoopBackend
                                                                                                                                                                                                                                                                                                                                                                                                                                      	// contains filtered or unexported fields
                                                                                                                                                                                                                                                                                                                                                                                                                                      }

                                                                                                                                                                                                                                                                                                                                                                                                                                        InitializableBackend is a backend that knows whether it has been initialized properly.

                                                                                                                                                                                                                                                                                                                                                                                                                                        func (*InitializableBackend) Initialize

                                                                                                                                                                                                                                                                                                                                                                                                                                        type Key

                                                                                                                                                                                                                                                                                                                                                                                                                                        type Key struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                        	Term        uint32
                                                                                                                                                                                                                                                                                                                                                                                                                                        	Version     int
                                                                                                                                                                                                                                                                                                                                                                                                                                        	Value       []byte
                                                                                                                                                                                                                                                                                                                                                                                                                                        	InstallTime time.Time
                                                                                                                                                                                                                                                                                                                                                                                                                                        	Encryptions uint64 `json:"encryptions,omitempty"`
                                                                                                                                                                                                                                                                                                                                                                                                                                        }

                                                                                                                                                                                                                                                                                                                                                                                                                                          Key represents a single term, along with the key used.

                                                                                                                                                                                                                                                                                                                                                                                                                                          func DeserializeKey

                                                                                                                                                                                                                                                                                                                                                                                                                                          func DeserializeKey(buf []byte) (*Key, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                            DeserializeKey is used to deserialize and return a new key

                                                                                                                                                                                                                                                                                                                                                                                                                                            func (*Key) Serialize

                                                                                                                                                                                                                                                                                                                                                                                                                                            func (k *Key) Serialize() ([]byte, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                              Serialize is used to create a byte encoded key

                                                                                                                                                                                                                                                                                                                                                                                                                                              type KeyInfo

                                                                                                                                                                                                                                                                                                                                                                                                                                              type KeyInfo struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                              	Term        int
                                                                                                                                                                                                                                                                                                                                                                                                                                              	InstallTime time.Time
                                                                                                                                                                                                                                                                                                                                                                                                                                              	Encryptions int64
                                                                                                                                                                                                                                                                                                                                                                                                                                              }

                                                                                                                                                                                                                                                                                                                                                                                                                                                KeyInfo is used to convey information about the encryption key

                                                                                                                                                                                                                                                                                                                                                                                                                                                type KeyRotationConfig

                                                                                                                                                                                                                                                                                                                                                                                                                                                type KeyRotationConfig struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                	Disabled      bool
                                                                                                                                                                                                                                                                                                                                                                                                                                                	MaxOperations int64
                                                                                                                                                                                                                                                                                                                                                                                                                                                	Interval      time.Duration
                                                                                                                                                                                                                                                                                                                                                                                                                                                }

                                                                                                                                                                                                                                                                                                                                                                                                                                                func (KeyRotationConfig) Clone

                                                                                                                                                                                                                                                                                                                                                                                                                                                func (*KeyRotationConfig) Equals

                                                                                                                                                                                                                                                                                                                                                                                                                                                func (c *KeyRotationConfig) Equals(config KeyRotationConfig) bool

                                                                                                                                                                                                                                                                                                                                                                                                                                                func (*KeyRotationConfig) Sanitize

                                                                                                                                                                                                                                                                                                                                                                                                                                                func (c *KeyRotationConfig) Sanitize()

                                                                                                                                                                                                                                                                                                                                                                                                                                                type Keyring

                                                                                                                                                                                                                                                                                                                                                                                                                                                type Keyring struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                	// contains filtered or unexported fields
                                                                                                                                                                                                                                                                                                                                                                                                                                                }

                                                                                                                                                                                                                                                                                                                                                                                                                                                  Keyring is used to manage multiple encryption keys used by the barrier. New keys can be installed and each has a sequential term. The term used to encrypt a key is prefixed to the key written out. All data is encrypted with the latest key, but storing the old keys allows for decryption of keys written previously. Along with the encryption keys, the keyring also tracks the master key. This is necessary so that when a new key is added to the keyring, we can encrypt with the master key and write out the new keyring.

                                                                                                                                                                                                                                                                                                                                                                                                                                                  func DeserializeKeyring

                                                                                                                                                                                                                                                                                                                                                                                                                                                  func DeserializeKeyring(buf []byte) (*Keyring, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                                    DeserializeKeyring is used to deserialize and return a new keyring

                                                                                                                                                                                                                                                                                                                                                                                                                                                    func NewKeyring

                                                                                                                                                                                                                                                                                                                                                                                                                                                    func NewKeyring() *Keyring

                                                                                                                                                                                                                                                                                                                                                                                                                                                      NewKeyring creates a new keyring

                                                                                                                                                                                                                                                                                                                                                                                                                                                      func (*Keyring) ActiveKey

                                                                                                                                                                                                                                                                                                                                                                                                                                                      func (k *Keyring) ActiveKey() *Key

                                                                                                                                                                                                                                                                                                                                                                                                                                                        ActiveKey returns the active encryption key, or nil

                                                                                                                                                                                                                                                                                                                                                                                                                                                        func (*Keyring) ActiveTerm

                                                                                                                                                                                                                                                                                                                                                                                                                                                        func (k *Keyring) ActiveTerm() uint32

                                                                                                                                                                                                                                                                                                                                                                                                                                                          ActiveTerm returns the currently active term

                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (*Keyring) AddKey

                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (k *Keyring) AddKey(key *Key) (*Keyring, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                                            AddKey adds a new key to the keyring

                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (*Keyring) Clone

                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (k *Keyring) Clone() *Keyring

                                                                                                                                                                                                                                                                                                                                                                                                                                                              Clone returns a new copy of the keyring

                                                                                                                                                                                                                                                                                                                                                                                                                                                              func (*Keyring) MasterKey

                                                                                                                                                                                                                                                                                                                                                                                                                                                              func (k *Keyring) MasterKey() []byte

                                                                                                                                                                                                                                                                                                                                                                                                                                                                MasterKey returns the master key

                                                                                                                                                                                                                                                                                                                                                                                                                                                                func (*Keyring) RemoveKey

                                                                                                                                                                                                                                                                                                                                                                                                                                                                func (k *Keyring) RemoveKey(term uint32) (*Keyring, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                  RemoveKey removes a key from the keyring

                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*Keyring) Serialize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (k *Keyring) Serialize() ([]byte, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Serialize is used to create a byte encoded keyring

                                                                                                                                                                                                                                                                                                                                                                                                                                                                    func (*Keyring) SetMasterKey

                                                                                                                                                                                                                                                                                                                                                                                                                                                                    func (k *Keyring) SetMasterKey(val []byte) *Keyring

                                                                                                                                                                                                                                                                                                                                                                                                                                                                      SetMasterKey is used to update the master key

                                                                                                                                                                                                                                                                                                                                                                                                                                                                      func (*Keyring) TermKey

                                                                                                                                                                                                                                                                                                                                                                                                                                                                      func (k *Keyring) TermKey(term uint32) *Key

                                                                                                                                                                                                                                                                                                                                                                                                                                                                        TermKey returns the key for the given term, or nil

                                                                                                                                                                                                                                                                                                                                                                                                                                                                        func (*Keyring) Zeroize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                        func (k *Keyring) Zeroize(keysToo bool)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                          N.B.: Since Go 1.5 these are not reliable; see the documentation around the memzero function. These are best-effort.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                          type LeaderResponse

                                                                                                                                                                                                                                                                                                                                                                                                                                                                          type LeaderResponse struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	HAEnabled                bool      `json:"ha_enabled"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	IsSelf                   bool      `json:"is_self"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	ActiveTime               time.Time `json:"active_time,omitempty"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	LeaderAddress            string    `json:"leader_address"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	LeaderClusterAddress     string    `json:"leader_cluster_address"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	PerfStandby              bool      `json:"performance_standby"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	PerfStandbyLastRemoteWAL uint64    `json:"performance_standby_last_remote_wal"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	LastWAL                  uint64    `json:"last_wal,omitempty"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	// Raft Indexes for this node
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	RaftCommittedIndex uint64 `json:"raft_committed_index,omitempty"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	RaftAppliedIndex   uint64 `json:"raft_applied_index,omitempty"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                          type LicensingConfig

                                                                                                                                                                                                                                                                                                                                                                                                                                                                          type LicensingConfig struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	AdditionalPublicKeys []interface{}
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                          type ListingVisibilityType

                                                                                                                                                                                                                                                                                                                                                                                                                                                                          type ListingVisibilityType string

                                                                                                                                                                                                                                                                                                                                                                                                                                                                            ListingVisibilityType represents the types for listing visibility

                                                                                                                                                                                                                                                                                                                                                                                                                                                                            const (
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// ListingVisibilityDefault is the default value for listing visibility
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	ListingVisibilityDefault ListingVisibilityType = ""
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// ListingVisibilityHidden is the hidden type for listing visibility
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	ListingVisibilityHidden ListingVisibilityType = "hidden"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// ListingVisibilityUnauth is the unauth type for listing visibility
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	ListingVisibilityUnauth ListingVisibilityType = "unauth"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	MountTableUpdateStorage   = true
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	MountTableNoUpdateStorage = false
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            )

                                                                                                                                                                                                                                                                                                                                                                                                                                                                            type MountConfig

                                                                                                                                                                                                                                                                                                                                                                                                                                                                            type MountConfig struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	DefaultLeaseTTL           time.Duration         `json:"default_lease_ttl,omitempty" structs:"default_lease_ttl" mapstructure:"default_lease_ttl"` // Override for global default
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	MaxLeaseTTL               time.Duration         `json:"max_lease_ttl,omitempty" structs:"max_lease_ttl" mapstructure:"max_lease_ttl"`             // Override for global default
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	ForceNoCache              bool                  `json:"force_no_cache,omitempty" structs:"force_no_cache" mapstructure:"force_no_cache"`          // Override for global default
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	AuditNonHMACRequestKeys   []string              `json:"audit_non_hmac_request_keys,omitempty" structs:"audit_non_hmac_request_keys" mapstructure:"audit_non_hmac_request_keys"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	AuditNonHMACResponseKeys  []string              `` /* 128-byte string literal not displayed */
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	ListingVisibility         ListingVisibilityType `json:"listing_visibility,omitempty" structs:"listing_visibility" mapstructure:"listing_visibility"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	PassthroughRequestHeaders []string              `json:"passthrough_request_headers,omitempty" structs:"passthrough_request_headers" mapstructure:"passthrough_request_headers"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	AllowedResponseHeaders    []string              `json:"allowed_response_headers,omitempty" structs:"allowed_response_headers" mapstructure:"allowed_response_headers"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	TokenType                 logical.TokenType     `json:"token_type,omitempty" structs:"token_type" mapstructure:"token_type"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// PluginName is the name of the plugin registered in the catalog.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	//
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// Deprecated: MountEntry.Type should be used instead for Vault 1.0.0 and beyond.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	PluginName string `json:"plugin_name,omitempty" structs:"plugin_name,omitempty" mapstructure:"plugin_name"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                              MountConfig is used to hold settable options

                                                                                                                                                                                                                                                                                                                                                                                                                                                                              type MountEntry

                                                                                                                                                                                                                                                                                                                                                                                                                                                                              type MountEntry struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              	Table                 string            `json:"table"`                             // The table it belongs to
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              	Path                  string            `json:"path"`                              // Mount Path
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              	Type                  string            `json:"type"`                              // Logical backend Type
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              	Description           string            `json:"description"`                       // User-provided description
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              	UUID                  string            `json:"uuid"`                              // Barrier view UUID
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              	BackendAwareUUID      string            `json:"backend_aware_uuid"`                // UUID that can be used by the backend as a helper when a consistent value is needed outside of storage.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              	Accessor              string            `json:"accessor"`                          // Unique but more human-friendly ID. Does not change, not used for any sensitive things (like as a salt, which the UUID sometimes is).
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              	Config                MountConfig       `json:"config"`                            // Configuration related to this mount (but not backend-derived)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              	Options               map[string]string `json:"options"`                           // Backend options
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              	Local                 bool              `json:"local"`                             // Local mounts are not replicated or affected by replication
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              	SealWrap              bool              `json:"seal_wrap"`                         // Whether to wrap CSPs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              	ExternalEntropyAccess bool              `json:"external_entropy_access,omitempty"` // Whether to allow external entropy source access
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              	Tainted               bool              `json:"tainted,omitempty"`                 // Set as a Write-Ahead flag for unmount/remount
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              	MountState            string            `json:"mount_state,omitempty"`             // The current mount state.  The only non-empty mount state right now is "unmounting"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              	NamespaceID           string            `json:"namespace_id"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              	// contains filtered or unexported fields
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MountEntry is used to represent a mount table entry

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                func (*MountEntry) APIPath

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                func (e *MountEntry) APIPath() string

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  APIPath returns the full API Path for the given mount entry

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*MountEntry) Clone

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (e *MountEntry) Clone() (*MountEntry, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Clone returns a deep copy of the mount entry

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    func (*MountEntry) Namespace

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    func (e *MountEntry) Namespace() *namespace.Namespace

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Namespace returns the namespace for the mount entry

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      func (*MountEntry) SyncCache

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      func (e *MountEntry) SyncCache()

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        SyncCache syncs tunable configuration values to the cache. In the case of cached values, they should be retrieved via synthesizedConfigCache.Load() instead of accessing them directly through MountConfig.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        func (*MountEntry) ViewPath

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        func (e *MountEntry) ViewPath() string

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          ViewPath returns storage prefix for the view

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          type MountTable

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          type MountTable struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	Type    string        `json:"type"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	Entries []*MountEntry `json:"entries"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            MountTable is used to represent the internal mount table

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            type NodeInformation

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            type NodeInformation struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	ClusterAddr      string `protobuf:"bytes,1,opt,name=cluster_addr,json=clusterAddr,proto3" json:"cluster_addr,omitempty"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	ApiAddr          string `protobuf:"bytes,2,opt,name=api_addr,json=apiAddr,proto3" json:"api_addr,omitempty"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	Mode             string `protobuf:"bytes,3,opt,name=mode,proto3" json:"mode,omitempty"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	NodeID           string `protobuf:"bytes,4,opt,name=node_id,json=nodeId,proto3" json:"node_id,omitempty"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	ReplicationState uint32 `protobuf:"varint,5,opt,name=replication_state,json=replicationState,proto3" json:"replication_state,omitempty"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// contains filtered or unexported fields
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (*NodeInformation) Descriptor

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (*NodeInformation) Descriptor() ([]byte, []int)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Deprecated: Use NodeInformation.ProtoReflect.Descriptor instead.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              func (*NodeInformation) GetApiAddr

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              func (x *NodeInformation) GetApiAddr() string

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              func (*NodeInformation) GetClusterAddr

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              func (x *NodeInformation) GetClusterAddr() string

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              func (*NodeInformation) GetMode

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              func (x *NodeInformation) GetMode() string

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              func (*NodeInformation) GetNodeID

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              func (x *NodeInformation) GetNodeID() string

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              func (*NodeInformation) GetReplicationState

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              func (x *NodeInformation) GetReplicationState() uint32

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              func (*NodeInformation) ProtoMessage

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              func (*NodeInformation) ProtoMessage()

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              func (*NodeInformation) ProtoReflect

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              func (x *NodeInformation) ProtoReflect() protoreflect.Message

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              func (*NodeInformation) Reset

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              func (x *NodeInformation) Reset()

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              func (*NodeInformation) String

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              func (x *NodeInformation) String() string

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              type NonFatalError

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              type NonFatalError struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              	Err error
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NonFatalError is an error that can be returned during NewCore that should be displayed but not cause a program exit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                func NewNonFatalError

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                func NewNonFatalError(err error) *NonFatalError

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NewNonFatalError returns a new non-fatal error.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*NonFatalError) Error

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (e *NonFatalError) Error() string

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*NonFatalError) WrappedErrors

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (e *NonFatalError) WrappedErrors() []error

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  type NoopAudit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  type NoopAudit struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  	Config         *audit.BackendConfig
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  	ReqErr         error
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  	ReqAuth        []*logical.Auth
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  	Req            []*logical.Request
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  	ReqHeaders     []map[string][]string
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  	ReqNonHMACKeys []string
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  	ReqErrs        []error
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  	RespErr            error
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  	RespAuth           []*logical.Auth
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  	RespReq            []*logical.Request
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  	Resp               []*logical.Response
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  	RespNonHMACKeys    []string
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  	RespReqNonHMACKeys []string
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  	RespErrs           []error
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  	// contains filtered or unexported fields
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*NoopAudit) GetHash

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (n *NoopAudit) GetHash(ctx context.Context, data string) (string, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*NoopAudit) Invalidate

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (n *NoopAudit) Invalidate(ctx context.Context)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*NoopAudit) LogRequest

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (n *NoopAudit) LogRequest(ctx context.Context, in *logical.LogInput) error

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*NoopAudit) LogResponse

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (n *NoopAudit) LogResponse(ctx context.Context, in *logical.LogInput) error

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*NoopAudit) LogTestMessage

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (n *NoopAudit) LogTestMessage(ctx context.Context, in *logical.LogInput, options map[string]string) error

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*NoopAudit) Reload

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (n *NoopAudit) Reload(ctx context.Context) error

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*NoopAudit) Salt

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (n *NoopAudit) Salt(ctx context.Context) (*salt.Salt, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  type NoopBackend

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  type NoopBackend struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  	sync.Mutex
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  	Root            []string
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  	Login           []string
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  	Paths           []string
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  	Requests        []*logical.Request
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  	Response        *logical.Response
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  	RequestHandler  RouterTestHandlerFunc
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  	Invalidations   []string
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  	DefaultLeaseTTL time.Duration
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  	MaxLeaseTTL     time.Duration
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  	BackendType     logical.BackendType
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*NoopBackend) Cleanup

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (n *NoopBackend) Cleanup(ctx context.Context)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*NoopBackend) HandleExistenceCheck

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (n *NoopBackend) HandleExistenceCheck(ctx context.Context, req *logical.Request) (bool, bool, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*NoopBackend) HandleRequest

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (n *NoopBackend) HandleRequest(ctx context.Context, req *logical.Request) (*logical.Response, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*NoopBackend) Initialize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (n *NoopBackend) Initialize(ctx context.Context, req *logical.InitializationRequest) error

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*NoopBackend) InvalidateKey

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (n *NoopBackend) InvalidateKey(ctx context.Context, k string)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*NoopBackend) Logger

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (n *NoopBackend) Logger() log.Logger

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*NoopBackend) Setup

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (n *NoopBackend) Setup(ctx context.Context, config *logical.BackendConfig) error

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*NoopBackend) SpecialPaths

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (n *NoopBackend) SpecialPaths() *logical.Paths

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*NoopBackend) System

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (n *NoopBackend) System() logical.SystemView

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*NoopBackend) Type

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (n *NoopBackend) Type() logical.BackendType

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  type PassthroughBackend

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  type PassthroughBackend struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  	*framework.Backend
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  	// contains filtered or unexported fields
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PassthroughBackend is used storing secrets directly into the physical backend. The secrets are encrypted in the durable storage and custom TTL information can be specified, but otherwise this backend doesn't do anything fancy.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    func (*PassthroughBackend) GeneratesLeases

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    func (b *PassthroughBackend) GeneratesLeases() bool

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    type PathRules

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    type PathRules struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	Path                string
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	Policy              string
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	Permissions         *ACLPermissions
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	IsPrefix            bool
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	HasSegmentWildcards bool
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	Capabilities        []string
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	// These keys are used at the top level to make the HCL nicer; we store in
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	// the ACLPermissions object though
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	MinWrappingTTLHCL     interface{}              `hcl:"min_wrapping_ttl"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	MaxWrappingTTLHCL     interface{}              `hcl:"max_wrapping_ttl"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	AllowedParametersHCL  map[string][]interface{} `hcl:"allowed_parameters"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	DeniedParametersHCL   map[string][]interface{} `hcl:"denied_parameters"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	RequiredParametersHCL []string                 `hcl:"required_parameters"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	MFAMethodsHCL         []string                 `hcl:"mfa_methods"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	ControlGroupHCL       *ControlGroupHCL         `hcl:"control_group"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PathRules represents a policy for a path in the namespace.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      type PerfStandbyElectionInput

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      type PerfStandbyElectionInput struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      	// contains filtered or unexported fields
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      func (*PerfStandbyElectionInput) Descriptor

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      func (*PerfStandbyElectionInput) Descriptor() ([]byte, []int)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Deprecated: Use PerfStandbyElectionInput.ProtoReflect.Descriptor instead.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        func (*PerfStandbyElectionInput) ProtoMessage

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        func (*PerfStandbyElectionInput) ProtoMessage()

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        func (*PerfStandbyElectionInput) ProtoReflect

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        func (x *PerfStandbyElectionInput) ProtoReflect() protoreflect.Message

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        func (*PerfStandbyElectionInput) Reset

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        func (x *PerfStandbyElectionInput) Reset()

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        func (*PerfStandbyElectionInput) String

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        func (x *PerfStandbyElectionInput) String() string

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        type PerfStandbyElectionResponse

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        type PerfStandbyElectionResponse struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        	ID                 string     `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        	ClusterID          string     `protobuf:"bytes,2,opt,name=cluster_id,json=clusterId,proto3" json:"cluster_id,omitempty"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        	PrimaryClusterAddr string     `protobuf:"bytes,3,opt,name=primary_cluster_addr,json=primaryClusterAddr,proto3" json:"primary_cluster_addr,omitempty"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        	CaCert             []byte     `protobuf:"bytes,4,opt,name=ca_cert,json=caCert,proto3" json:"ca_cert,omitempty"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        	ClientCert         []byte     `protobuf:"bytes,5,opt,name=client_cert,json=clientCert,proto3" json:"client_cert,omitempty"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        	ClientKey          *ClientKey `protobuf:"bytes,6,opt,name=client_key,json=clientKey,proto3" json:"client_key,omitempty"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        	// contains filtered or unexported fields
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        func (*PerfStandbyElectionResponse) Descriptor

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        func (*PerfStandbyElectionResponse) Descriptor() ([]byte, []int)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Deprecated: Use PerfStandbyElectionResponse.ProtoReflect.Descriptor instead.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (*PerfStandbyElectionResponse) GetCaCert

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (x *PerfStandbyElectionResponse) GetCaCert() []byte

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (*PerfStandbyElectionResponse) GetClientCert

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (x *PerfStandbyElectionResponse) GetClientCert() []byte

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (*PerfStandbyElectionResponse) GetClientKey

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (x *PerfStandbyElectionResponse) GetClientKey() *ClientKey

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (*PerfStandbyElectionResponse) GetClusterID

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (x *PerfStandbyElectionResponse) GetClusterID() string

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (*PerfStandbyElectionResponse) GetID

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (*PerfStandbyElectionResponse) GetPrimaryClusterAddr

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (x *PerfStandbyElectionResponse) GetPrimaryClusterAddr() string

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (*PerfStandbyElectionResponse) ProtoMessage

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (*PerfStandbyElectionResponse) ProtoMessage()

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (*PerfStandbyElectionResponse) ProtoReflect

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (*PerfStandbyElectionResponse) Reset

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (x *PerfStandbyElectionResponse) Reset()

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (*PerfStandbyElectionResponse) String

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (x *PerfStandbyElectionResponse) String() string

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          type PhysicalBackendBundle

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          type PhysicalBackendBundle struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	Backend   physical.Backend
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	HABackend physical.HABackend
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	Cleanup   func()
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          type PluginCatalog

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          type PluginCatalog struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	// contains filtered or unexported fields
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PluginCatalog keeps a record of plugins known to vault. External plugins need to be registered to the catalog before they can be used in backends. Builtin plugins are automatically detected and included in the catalog.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (*PluginCatalog) Delete

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (c *PluginCatalog) Delete(ctx context.Context, name string, pluginType consts.PluginType) error

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Delete is used to remove an external plugin from the catalog. Builtin plugins can not be deleted.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              func (*PluginCatalog) Get

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              func (c *PluginCatalog) Get(ctx context.Context, name string, pluginType consts.PluginType) (*pluginutil.PluginRunner, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Get retrieves a plugin with the specified name from the catalog. It first looks for external plugins with this name and then looks for builtin plugins. It returns a PluginRunner or an error if no plugin was found.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                func (*PluginCatalog) List

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                func (c *PluginCatalog) List(ctx context.Context, pluginType consts.PluginType) ([]string, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  List returns a list of all the known plugin names. If an external and builtin plugin share the same name, only one instance of the name will be returned.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*PluginCatalog) Set

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (c *PluginCatalog) Set(ctx context.Context, name string, pluginType consts.PluginType, command string, args []string, env []string, sha256 []byte) error

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Set registers a new external plugin with the catalog, or updates an existing external plugin. It takes the name, command and SHA256 of the plugin.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    func (*PluginCatalog) UpgradePlugins

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    func (c *PluginCatalog) UpgradePlugins(ctx context.Context, logger log.Logger) error

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      UpdatePlugins will loop over all the plugins of unknown type and attempt to upgrade them to typed plugins

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      type Policy

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      type Policy struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      	Name      string       `hcl:"name"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      	Paths     []*PathRules `hcl:"-"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      	Raw       string
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      	Type      PolicyType
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      	Templated bool
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      	// contains filtered or unexported fields
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Policy is used to represent the policy specified by an ACL configuration.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        func ParseACLPolicy

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        func ParseACLPolicy(ns *namespace.Namespace, rules string) (*Policy, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          ParseACLPolicy is used to parse the specified ACL rules into an intermediary set of policies, before being compiled into the ACL

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (*Policy) ShallowClone

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (p *Policy) ShallowClone() *Policy

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            ShallowClone returns a shallow clone of the policy. This should not be used if any of the reference-typed fields are going to be modified

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            type PolicyCheckOpts

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            type PolicyCheckOpts struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	RootPrivsRequired bool
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	Unauth            bool
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            type PolicyEntry

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            type PolicyEntry struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	Version   int
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	Raw       string
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	Templated bool
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	Type      PolicyType
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// contains filtered or unexported fields
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PolicyEntry is used to store a policy by name

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              type PolicyStore

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              type PolicyStore struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              	// contains filtered or unexported fields
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PolicyStore is used to provide durable storage of policy, and to manage ACLs associated with them.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                func NewPolicyStore

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                func NewPolicyStore(ctx context.Context, core *Core, baseView *BarrierView, system logical.SystemView, logger log.Logger) (*PolicyStore, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NewPolicyStore creates a new PolicyStore that is backed using a given view. It used used to durable store and manage named policy.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*PolicyStore) ACL

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (ps *PolicyStore) ACL(ctx context.Context, entity *identity.Entity, policyNames map[string][]string) (*ACL, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    ACL is used to return an ACL which is built using the named policies.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    func (*PolicyStore) DeletePolicy

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    func (ps *PolicyStore) DeletePolicy(ctx context.Context, name string, policyType PolicyType) error

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      DeletePolicy is used to delete the named policy

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      func (*PolicyStore) GetPolicy

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      func (ps *PolicyStore) GetPolicy(ctx context.Context, name string, policyType PolicyType) (*Policy, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        GetPolicy is used to fetch the named policy

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        func (*PolicyStore) ListPolicies

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        func (ps *PolicyStore) ListPolicies(ctx context.Context, policyType PolicyType) ([]string, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          ListPolicies is used to list the available policies

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (*PolicyStore) SetPolicy

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (ps *PolicyStore) SetPolicy(ctx context.Context, p *Policy) error

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SetPolicy is used to create or update the given policy

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            type PolicyType

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            type PolicyType uint32
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            const (
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	PolicyTypeACL PolicyType = iota
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	PolicyTypeRGP
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	PolicyTypeEGP
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// Triggers a lookup in the map to figure out if ACL or RGP
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	PolicyTypeToken
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            )

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (PolicyType) String

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (p PolicyType) String() string

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            type RawBackend

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            type RawBackend struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	*framework.Backend
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// contains filtered or unexported fields
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func NewRawBackend

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func NewRawBackend(core *Core) *RawBackend

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            type RegisterAuthFunc

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            type RegisterAuthFunc func(context.Context, time.Duration, string, *logical.Auth) error

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            type RekeyBackup

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            type RekeyBackup struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	Nonce string
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	Keys  map[string][]string
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              RekeyBackup stores the backup copy of PGP-encrypted keys

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              type RekeyResult

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              type RekeyResult struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              	SecretShares         [][]byte
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              	PGPFingerprints      []string
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              	Backup               bool
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              	RecoveryKey          bool
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              	VerificationRequired bool
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              	VerificationNonce    string
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                RekeyResult is used to provide the key parts back after they are generated as part of the rekey.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                type RekeyVerifyResult

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                type RekeyVerifyResult struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	Complete bool
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	Nonce    string
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                type ReplicationTokenInfo

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                type ReplicationTokenInfo struct{}

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                type RequestCounter

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                type RequestCounter struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// Total is the number of requests seen during a given period.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	Total *uint64 `json:"total"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  RequestCounter stores the state of request counters for a single unspecified period.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  type RequestForwardingClient

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  type RequestForwardingClient interface {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  	ForwardRequest(ctx context.Context, in *forwarding.Request, opts ...grpc.CallOption) (*forwarding.Response, error)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  	Echo(ctx context.Context, in *EchoRequest, opts ...grpc.CallOption) (*EchoReply, error)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  	PerformanceStandbyElectionRequest(ctx context.Context, in *PerfStandbyElectionInput, opts ...grpc.CallOption) (RequestForwarding_PerformanceStandbyElectionRequestClient, error)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    RequestForwardingClient is the client API for RequestForwarding service.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    type RequestForwardingServer

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    type RequestForwardingServer interface {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	ForwardRequest(context.Context, *forwarding.Request) (*forwarding.Response, error)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	Echo(context.Context, *EchoRequest) (*EchoReply, error)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	PerformanceStandbyElectionRequest(*PerfStandbyElectionInput, RequestForwarding_PerformanceStandbyElectionRequestServer) error
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      RequestForwardingServer is the server API for RequestForwarding service.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      type RequestForwarding_PerformanceStandbyElectionRequestClient

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      type RequestForwarding_PerformanceStandbyElectionRequestClient interface {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      	Recv() (*PerfStandbyElectionResponse, error)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      	grpc.ClientStream
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      type RequestForwarding_PerformanceStandbyElectionRequestServer

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      type RequestForwarding_PerformanceStandbyElectionRequestServer interface {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      	Send(*PerfStandbyElectionResponse) error
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      	grpc.ServerStream
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      type RollbackManager

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      type RollbackManager struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      	// contains filtered or unexported fields
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        RollbackManager is responsible for performing rollbacks of partial secrets within logical backends.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        During normal operations, it is possible for logical backends to error partially through an operation. These are called "partial secrets": they are never sent back to a user, but they do need to be cleaned up. This manager handles that by periodically (on a timer) requesting that the backends clean up.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        The RollbackManager periodically initiates a logical.RollbackOperation on every mounted logical backend. It ensures that only one rollback operation is in-flight at any given time within a single seal/unseal phase.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        func NewRollbackManager

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        func NewRollbackManager(ctx context.Context, logger log.Logger, backendsFunc func() []*MountEntry, router *Router, core *Core) *RollbackManager

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          NewRollbackManager is used to create a new rollback manager

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (*RollbackManager) Rollback

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (m *RollbackManager) Rollback(ctx context.Context, path string) error

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Rollback is used to trigger an immediate rollback of the path, or to join an existing rollback operation if in flight. Caller should have core's statelock held (write OR read). If an already inflight rollback is happening this function will simply wait for it to complete

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (*RollbackManager) Start

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (m *RollbackManager) Start()

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Start starts the rollback manager

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              func (*RollbackManager) Stop

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              func (m *RollbackManager) Stop()

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Stop stops the running manager. This will wait for any in-flight rollbacks to complete.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                type Router

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                type Router struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// contains filtered or unexported fields
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Router is used to do prefix based routing of a request to a logical backend

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func NewRouter

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func NewRouter() *Router

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    NewRouter returns a new router

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    func (*Router) LoginPath

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    func (r *Router) LoginPath(ctx context.Context, path string) bool

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      LoginPath checks if the given path is used for logins

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      func (*Router) MatchingAPIPrefixByStoragePath

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      func (r *Router) MatchingAPIPrefixByStoragePath(ctx context.Context, path string) (*namespace.Namespace, string, string, bool)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        MatchingAPIPrefixByStoragePath the api path information for the given storage path

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        func (*Router) MatchingBackend

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        func (r *Router) MatchingBackend(ctx context.Context, path string) logical.Backend

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          MatchingBackend returns the backend used for a path

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (*Router) MatchingMount

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (r *Router) MatchingMount(ctx context.Context, path string) string

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            MatchingMount returns the mount prefix that would be used for a path

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (*Router) MatchingMountByAPIPath

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (r *Router) MatchingMountByAPIPath(ctx context.Context, path string) string

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (*Router) MatchingMountByAccessor

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (r *Router) MatchingMountByAccessor(mountAccessor string) *MountEntry

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              MatchingMountByAccessor returns the MountEntry by accessor lookup

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              func (*Router) MatchingMountByUUID

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              func (r *Router) MatchingMountByUUID(mountID string) *MountEntry

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              func (*Router) MatchingMountEntry

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              func (r *Router) MatchingMountEntry(ctx context.Context, path string) *MountEntry

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                MatchingMountEntry returns the MountEntry used for a path

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                func (*Router) MatchingStorageByAPIPath

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                func (r *Router) MatchingStorageByAPIPath(ctx context.Context, path string) logical.Storage

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  MatchingStorageByAPIPath/StoragePath returns the storage used for API/Storage paths respectively

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*Router) MatchingStorageByStoragePath

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (r *Router) MatchingStorageByStoragePath(ctx context.Context, path string) logical.Storage

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*Router) MatchingStoragePrefixByAPIPath

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (r *Router) MatchingStoragePrefixByAPIPath(ctx context.Context, path string) (string, bool)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    MatchingStoragePrefixByAPIPath the storage prefix for the given api path

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    func (*Router) MatchingSystemView

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    func (r *Router) MatchingSystemView(ctx context.Context, path string) logical.SystemView

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      MatchingSystemView returns the SystemView used for a path

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      func (*Router) Mount

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      func (r *Router) Mount(backend logical.Backend, prefix string, mountEntry *MountEntry, storageView *BarrierView) error

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Mount is used to expose a logical backend at a given prefix, using a unique salt, and the barrier view for that path.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        func (*Router) MountConflict

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        func (r *Router) MountConflict(ctx context.Context, path string) string

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          MountConflict determines if there are potential path conflicts

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (*Router) Remount

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (r *Router) Remount(ctx context.Context, src, dst string) error

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Remount is used to change the mount location of a logical backend

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (*Router) RootPath

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (r *Router) RootPath(ctx context.Context, path string) bool

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              RootPath checks if the given path requires root privileges

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              func (*Router) Route

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              func (r *Router) Route(ctx context.Context, req *logical.Request) (*logical.Response, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Route is used to route a given request

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                func (*Router) RouteExistenceCheck

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                func (r *Router) RouteExistenceCheck(ctx context.Context, req *logical.Request) (*logical.Response, bool, bool, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  RouteExistenceCheck is used to route a given existence check request

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*Router) Taint

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (r *Router) Taint(ctx context.Context, path string) error

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Taint is used to mark a path as tainted. This means only RollbackOperation RevokeOperation requests are allowed to proceed

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    func (*Router) Unmount

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    func (r *Router) Unmount(ctx context.Context, prefix string) error

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      Unmount is used to remove a logical backend from a given prefix

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      func (*Router) Untaint

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      func (r *Router) Untaint(ctx context.Context, path string) error

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Untaint is used to unmark a path as tainted.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        type RouterAccess

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        type RouterAccess struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        	// contains filtered or unexported fields
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          RouterAccess provides access into some things necessary for testing

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func NewRouterAccess

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func NewRouterAccess(c *Core) *RouterAccess

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (*RouterAccess) StoragePrefixByAPIPath

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (r *RouterAccess) StoragePrefixByAPIPath(ctx context.Context, path string) (string, bool)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          type RouterTestHandlerFunc

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          type RouterTestHandlerFunc func(context.Context, *logical.Request) (*logical.Response, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          type Seal

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          type Seal interface {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	SetCore(*Core)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	Init(context.Context) error
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	Finalize(context.Context) error
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	StoredKeysSupported() seal.StoredKeysSupport
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	SealWrapable() bool
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	SetStoredKeys(context.Context, [][]byte) error
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	GetStoredKeys(context.Context) ([][]byte, error)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	BarrierType() string
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	BarrierConfig(context.Context) (*SealConfig, error)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	SetBarrierConfig(context.Context, *SealConfig) error
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	SetCachedBarrierConfig(*SealConfig)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	RecoveryKeySupported() bool
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	RecoveryType() string
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	RecoveryConfig(context.Context) (*SealConfig, error)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	RecoveryKey(context.Context) ([]byte, error)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	SetRecoveryConfig(context.Context, *SealConfig) error
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	SetCachedRecoveryConfig(*SealConfig)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	SetRecoveryKey(context.Context, []byte) error
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	VerifyRecoveryKey(context.Context, []byte) error
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	GetAccess() *seal.Access
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func NewDefaultSeal

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func NewDefaultSeal(lowLevel *seal.Access) Seal

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func NewTestSeal

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func NewTestSeal(t testing.T, opts *seal.TestSealOpts) Seal

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          type SealAccess

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          type SealAccess struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          	// contains filtered or unexported fields
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SealAccess is a wrapper around Seal that exposes accessor methods through Core.SealAccess() while restricting the ability to modify Core.seal itself.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func NewSealAccess

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func NewSealAccess(seal Seal) *SealAccess

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (*SealAccess) BarrierConfig

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (s *SealAccess) BarrierConfig(ctx context.Context) (*SealConfig, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (*SealAccess) BarrierType

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (s *SealAccess) BarrierType() string

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (*SealAccess) ClearCaches

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (s *SealAccess) ClearCaches(ctx context.Context)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (*SealAccess) GetAccess

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (s *SealAccess) GetAccess() *seal.Access

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (*SealAccess) RecoveryConfig

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (s *SealAccess) RecoveryConfig(ctx context.Context) (*SealConfig, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (*SealAccess) RecoveryKeySupported

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (s *SealAccess) RecoveryKeySupported() bool

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (*SealAccess) StoredKeysSupported

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (s *SealAccess) StoredKeysSupported() seal.StoredKeysSupport

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (*SealAccess) VerifyRecoveryKey

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (s *SealAccess) VerifyRecoveryKey(ctx context.Context, key []byte) error

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            type SealConfig

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            type SealConfig struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// The type, for sanity checking
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	Type string `json:"type" mapstructure:"type"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// SecretShares is the number of shares the secret is split into. This is
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// the N value of Shamir.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	SecretShares int `json:"secret_shares" mapstructure:"secret_shares"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// SecretThreshold is the number of parts required to open the vault. This
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// is the T value of Shamir.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	SecretThreshold int `json:"secret_threshold" mapstructure:"secret_threshold"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// PGPKeys is the array of public PGP keys used, if requested, to encrypt
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// the output unseal tokens. If provided, it sets the value of
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// SecretShares. Ordering is important.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	PGPKeys []string `json:"pgp_keys" mapstructure:"pgp_keys"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// Nonce is a nonce generated by Vault used to ensure that when unseal keys
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// are submitted for a rekey operation, the rekey operation itself is the
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// one intended. This prevents hijacking of the rekey operation, since it
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// is unauthenticated.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	Nonce string `json:"nonce" mapstructure:"nonce"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// Backup indicates whether or not a backup of PGP-encrypted unseal keys
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// should be stored at coreUnsealKeysBackupPath after successful rekeying.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	Backup bool `json:"backup" mapstructure:"backup"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// How many keys to store, for seals that support storage.  Always 0 or 1.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	StoredShares int `json:"stored_shares" mapstructure:"stored_shares"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// Stores the progress of the rekey operation (key shares)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	RekeyProgress [][]byte `json:"-"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// VerificationRequired indicates that after a rekey validation must be
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// performed (via providing shares from the new key) before the new key is
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// actually installed. This is omitted from JSON as we don't persist the
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// new key, it lives only in memory.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	VerificationRequired bool `json:"-"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// VerificationKey is the new key that we will roll to after successful
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// validation
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	VerificationKey []byte `json:"-"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// VerificationNonce stores the current operation nonce for verification
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	VerificationNonce string `json:"-"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// Stores the progress of the verification operation (key shares)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	VerificationProgress [][]byte `json:"-"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              SealConfig is used to describe the seal configuration

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              func (*SealConfig) Clone

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              func (s *SealConfig) Clone() *SealConfig

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              func (*SealConfig) Validate

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              func (s *SealConfig) Validate() error

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Validate is used to sanity check the seal configuration

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                type SealStatusResponse

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                type SealStatusResponse struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	Type         string `json:"type"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	Initialized  bool   `json:"initialized"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	Sealed       bool   `json:"sealed"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	T            int    `json:"t"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	N            int    `json:"n"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	Progress     int    `json:"progress"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	Nonce        string `json:"nonce"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	Version      string `json:"version"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	Migration    bool   `json:"migration"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	ClusterName  string `json:"cluster_name,omitempty"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	ClusterID    string `json:"cluster_id,omitempty"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	RecoverySeal bool   `json:"recovery_seal"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	StorageType  string `json:"storage_type,omitempty"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                type SecurityBarrier

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                type SecurityBarrier interface {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// Initialized checks if the barrier has been initialized
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// and has a master key set.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	Initialized(ctx context.Context) (bool, error)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// Initialize works only if the barrier has not been initialized
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// and makes use of the given master key.  When sealKey is provided
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// it's because we're using a new-style Shamir seal, and masterKey
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// is to be stored using sealKey to encrypt it.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	Initialize(ctx context.Context, masterKey []byte, sealKey []byte, random io.Reader) error
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// GenerateKey is used to generate a new key
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	GenerateKey(io.Reader) ([]byte, error)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// KeyLength is used to sanity check a key
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	KeyLength() (int, int)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// Sealed checks if the barrier has been unlocked yet. The Barrier
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// is not expected to be able to perform any CRUD until it is unsealed.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	Sealed() (bool, error)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// Unseal is used to provide the master key which permits the barrier
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// to be unsealed. If the key is not correct, the barrier remains sealed.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	Unseal(ctx context.Context, key []byte) error
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// VerifyMaster is used to check if the given key matches the master key
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	VerifyMaster(key []byte) error
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// SetMasterKey is used to directly set a new master key. This is used in
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// replicated scenarios due to the chicken and egg problem of reloading the
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// keyring from disk before we have the master key to decrypt it.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	SetMasterKey(key []byte) error
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// ReloadKeyring is used to re-read the underlying keyring.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// This is used for HA deployments to ensure the latest keyring
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// is present in the leader.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	ReloadKeyring(ctx context.Context) error
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// ReloadMasterKey is used to re-read the underlying masterkey.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// This is used for HA deployments to ensure the latest master key
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// is available for keyring reloading.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	ReloadMasterKey(ctx context.Context) error
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// Seal is used to re-seal the barrier. This requires the barrier to
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// be unsealed again to perform any further operations.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	Seal() error
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// Rotate is used to create a new encryption key. All future writes
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// should use the new key, while old values should still be decryptable.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	Rotate(ctx context.Context, reader io.Reader) (uint32, error)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// CreateUpgrade creates an upgrade path key to the given term from the previous term
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	CreateUpgrade(ctx context.Context, term uint32) error
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// DestroyUpgrade destroys the upgrade path key to the given term
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	DestroyUpgrade(ctx context.Context, term uint32) error
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// CheckUpgrade looks for an upgrade to the current term and installs it
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	CheckUpgrade(ctx context.Context) (bool, uint32, error)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// ActiveKeyInfo is used to inform details about the active key
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	ActiveKeyInfo() (*KeyInfo, error)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// RotationConfig returns the auto-rotation config for the barrier key
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	RotationConfig() (KeyRotationConfig, error)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// SetRotationConfig updates the auto-rotation config for the barrier key
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	SetRotationConfig(ctx context.Context, config KeyRotationConfig) error
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// Rekey is used to change the master key used to protect the keyring
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	Rekey(context.Context, []byte) error
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// For replication we must send over the keyring, so this must be available
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	Keyring() (*Keyring, error)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// For encryption count shipping, a function which handles updating local encryption counts if the consumer succeeds.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// This isolates the barrier code from the replication system
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	ConsumeEncryptionCount(consumer func(int64) error) error
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// Add encryption counts from a remote source (downstream cluster node)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	AddRemoteEncryptions(encryptions int64)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// Check whether an automatic rotation is due
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	CheckBarrierAutoRotate(ctx context.Context) (string, error)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// SecurityBarrier must provide the storage APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	logical.Storage
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	// SecurityBarrier must provide the encryption APIs
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                	BarrierEncryptor
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  SecurityBarrier is a critical component of Vault. It is used to wrap an untrusted physical backend and provide a single point of encryption, decryption and checksum verification. The goal is to ensure that any data written to the barrier is confidential and that integrity is preserved. As a real-world analogy, this is the steel and concrete wrapper around a Vault. The barrier should only be Unlockable given its key.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  type SystemBackend

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  type SystemBackend struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  	*framework.Backend
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  	Core *Core
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  	// contains filtered or unexported fields
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    SystemBackend implements logical.Backend and is used to interact with the core of the system. This backend is hardcoded to exist at the "sys" prefix. Conceptually it is similar to procfs on Linux.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    func NewSystemBackend

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    func NewSystemBackend(core *Core, logger log.Logger) *SystemBackend

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    type TemplateError

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    type TemplateError struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	Err error
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    func (*TemplateError) Error

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    func (t *TemplateError) Error() string

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    func (*TemplateError) WrappedErrors

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    func (t *TemplateError) WrappedErrors() []error

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    type TestCluster

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    type TestCluster struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	BarrierKeys        [][]byte
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	RecoveryKeys       [][]byte
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	CACert             *x509.Certificate
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	CACertBytes        []byte
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	CACertPEM          []byte
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	CACertPEMFile      string
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	CAKey              *ecdsa.PrivateKey
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	CAKeyPEM           []byte
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	Cores              []*TestClusterCore
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	ID                 string
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	RootToken          string
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	RootCAs            *x509.CertPool
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	TempDir            string
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	ClientAuthRequired bool
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	Logger             log.Logger
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	CleanupFunc        func()
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	SetupFunc          func()
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    	// contains filtered or unexported fields
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    func NewTestCluster

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    func NewTestCluster(t testing.T, base *CoreConfig, opts *TestClusterOptions) *TestCluster

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      NewTestCluster creates a new test cluster based on the provided core config and test cluster options.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      N.B. Even though a single base CoreConfig is provided, NewTestCluster will instantiate a core config for each core it creates. If separate seal per core is desired, opts.SealFunc can be provided to generate a seal for each one. Otherwise, the provided base.Seal will be shared among cores. NewCore's default behavior is to generate a new DefaultSeal if the provided Seal in coreConfig (i.e. base.Seal) is nil.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      If opts.Logger is provided, it takes precedence and will be used as the cluster logger and will be the basis for each core's logger. If no opts.Logger is given, one will be generated based on t.Name() for the cluster logger, and if no base.Logger is given will also be used as the basis for each core's logger.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      func (*TestCluster) Cleanup

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      func (c *TestCluster) Cleanup()

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      func (*TestCluster) EnsureCoresSealed

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      func (c *TestCluster) EnsureCoresSealed(t testing.T)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      func (*TestCluster) Start

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      func (c *TestCluster) Start()

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      func (*TestCluster) StartCore

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      func (cluster *TestCluster) StartCore(t testing.T, idx int, opts *TestClusterOptions)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        Restart a TestClusterCore that was stopped, by replacing the underlying Core.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        func (*TestCluster) StopCore

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        func (cluster *TestCluster) StopCore(t testing.T, idx int)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          StopCore performs an orderly shutdown of a core.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (*TestCluster) UnsealCore

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (c *TestCluster) UnsealCore(t testing.T, core *TestClusterCore)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (*TestCluster) UnsealCoreWithStoredKeys

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (c *TestCluster) UnsealCoreWithStoredKeys(t testing.T, core *TestClusterCore)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (*TestCluster) UnsealCores

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (c *TestCluster) UnsealCores(t testing.T)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            UnsealCores uses the cluster barrier keys to unseal the test cluster cores

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (*TestCluster) UnsealCoresWithError

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (c *TestCluster) UnsealCoresWithError(useStoredKeys bool) error

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            type TestClusterCore

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            type TestClusterCore struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	*Core
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	CoreConfig           *CoreConfig
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	Client               *api.Client
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	Handler              http.Handler
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	Address              *net.TCPAddr
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	Listeners            []*TestListener
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	ReloadFuncs          *map[string][]reloadutil.ReloadFunc
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	ReloadFuncsLock      *sync.RWMutex
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	Server               *http.Server
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	ServerCert           *x509.Certificate
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	ServerCertBytes      []byte
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	ServerCertPEM        []byte
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	ServerKey            *ecdsa.PrivateKey
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	ServerKeyPEM         []byte
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	TLSConfig            *tls.Config
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	UnderlyingStorage    physical.Backend
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	UnderlyingRawStorage physical.Backend
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	UnderlyingHAStorage  physical.HABackend
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	Barrier              SecurityBarrier
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	NodeID               string
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (*TestClusterCore) Seal

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (c *TestClusterCore) Seal(t testing.T)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            type TestClusterOptions

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            type TestClusterOptions struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	KeepStandbysSealed       bool
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	SkipInit                 bool
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	HandlerFunc              func(*HandlerProperties) http.Handler
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	DefaultHandlerProperties HandlerProperties
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// BaseListenAddress is used to explicitly assign ports in sequence to the
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// listener of each core.  It should be a string of the form
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// "127.0.0.1:20000"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	//
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// WARNING: Using an explicitly assigned port above 30000 may clash with
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// ephemeral ports that have been assigned by the OS in other tests.  The
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// use of explicitly assigned ports below 30000 is strongly recommended.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// In addition, you should be careful to use explicitly assigned ports that
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// do not clash with any other explicitly assigned ports in other tests.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	BaseListenAddress string
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// BaseClusterListenPort is used to explicitly assign ports in sequence to
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// the cluster listener of each core.  If BaseClusterListenPort is
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// specified, then BaseListenAddress must also be specified.  Each cluster
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// listener will use the same host as the one specified in
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// BaseListenAddress.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	//
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// WARNING: Using an explicitly assigned port above 30000 may clash with
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// ephemeral ports that have been assigned by the OS in other tests.  The
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// use of explicitly assigned ports below 30000 is strongly recommended.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// In addition, you should be careful to use explicitly assigned ports that
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// do not clash with any other explicitly assigned ports in other tests.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	BaseClusterListenPort int
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	NumCores       int
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	SealFunc       func() Seal
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	UnwrapSealFunc func() Seal
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	Logger         log.Logger
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	TempDir        string
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	CACert         []byte
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	CAKey          *ecdsa.PrivateKey
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// PhysicalFactory is used to create backends.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// The int argument is the index of the core within the cluster, i.e. first
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// core in cluster will have 0, second 1, etc.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// If the backend is shared across the cluster (i.e. is not Raft) then it
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// should return nil when coreIdx != 0.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	PhysicalFactory func(t testing.T, coreIdx int, logger log.Logger, conf map[string]interface{}) *PhysicalBackendBundle
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// FirstCoreNumber is used to assign a unique number to each core within
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// a multi-cluster setup.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	FirstCoreNumber   int
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	RequireClientAuth bool
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// SetupFunc is called after the cluster is started.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	SetupFunc      func(t testing.T, c *TestCluster)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	PR1103Disabled bool
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// ClusterLayers are used to override the default cluster connection layer
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	ClusterLayers cluster.NetworkLayerSet
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// InmemClusterLayers is a shorthand way of asking for ClusterLayers to be
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// built using the inmem implementation.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	InmemClusterLayers bool
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// RaftAddressProvider is used to set the raft ServerAddressProvider on
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// each core.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	//
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// If SkipInit is true, then RaftAddressProvider has no effect.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// RaftAddressProvider should only be specified if the underlying physical
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// storage is Raft.
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	RaftAddressProvider raftlib.ServerAddressProvider
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	CoreMetricSinkProvider func(clusterName string) (*metricsutil.ClusterMetricSink, *metricsutil.MetricsHelper)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	PhysicalFactoryConfig map[string]interface{}
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            type TestListener

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            type TestListener struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	net.Listener
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	Address *net.TCPAddr
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            type TestLogger

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            type TestLogger struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	log.Logger
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	Path string
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	File *os.File
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// contains filtered or unexported fields
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func NewTestLogger

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func NewTestLogger(t testing.T) *TestLogger

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (*TestLogger) StopLogging

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (tl *TestLogger) StopLogging()

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            type TokenCounter

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            type TokenCounter struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// Total is the total number of tokens
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	Total int `json:"total"`
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              TokenCounter counts the number of tokens

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              type TokenStore

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              type TokenStore struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              	*framework.Backend
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              	// contains filtered or unexported fields
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                TokenStore is used to manage client tokens. Tokens are used for clients to authenticate, and each token is mapped to an applicable set of policy which is used for authorization.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                func NewTokenStore

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                func NewTokenStore(ctx context.Context, logger log.Logger, core *Core, config *logical.BackendConfig) (*TokenStore, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  NewTokenStore is used to construct a token store that is backed by the given barrier view.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*TokenStore) Invalidate

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (ts *TokenStore) Invalidate(ctx context.Context, key string)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*TokenStore) Lookup

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (ts *TokenStore) Lookup(ctx context.Context, id string) (*logical.TokenEntry, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Lookup is used to find a token given its ID. It acquires a read lock, then calls lookupInternal.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    func (*TokenStore) Salt

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    func (ts *TokenStore) Salt(ctx context.Context) (*salt.Salt, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    func (*TokenStore) SaltID

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    func (ts *TokenStore) SaltID(ctx context.Context, id string) (string, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      SaltID is used to apply a salt and hash to an ID to make sure its not reversible

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      func (*TokenStore) SetActivityLog

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      func (ts *TokenStore) SetActivityLog(a *ActivityLog)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        SetActivityLog injects the activity log to which all new token creation events are reported.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        func (*TokenStore) SetExpirationManager

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        func (ts *TokenStore) SetExpirationManager(exp *ExpirationManager)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          SetExpirationManager is used to provide the token store with an expiration manager. This is used to manage prefix based revocation of tokens and to tidy entries when removed from the token store.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (*TokenStore) UseToken

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (ts *TokenStore) UseToken(ctx context.Context, te *logical.TokenEntry) (*logical.TokenEntry, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            UseToken is used to manage restricted use tokens and decrement their available uses. Returns two values: a potentially updated entry or, if the token has been revoked, nil; and whether an error was encountered. The locking here isn't perfect, as other parts of the code may update an entry, but usually none after the entry is already created...so this is pretty good.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (*TokenStore) UseTokenByID

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            func (ts *TokenStore) UseTokenByID(ctx context.Context, id string) (*logical.TokenEntry, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            type UIConfig

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            type UIConfig struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            	// contains filtered or unexported fields
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              UIConfig contains UI configuration. This takes both a physical view and a barrier view because it is stored in both plaintext and encrypted to allow for getting the header values before the barrier is unsealed

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              func NewUIConfig

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              func NewUIConfig(enabled bool, physicalStorage physical.Backend, barrierStorage logical.Storage) *UIConfig

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                NewUIConfig creates a new UI config

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                func (*UIConfig) DeleteHeader

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                func (c *UIConfig) DeleteHeader(ctx context.Context, header string) error

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  DeleteHeader deletes the header configuration for the given header

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (*UIConfig) Enabled

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  func (c *UIConfig) Enabled() bool

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Enabled returns if the UI is enabled

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    func (*UIConfig) GetHeader

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    func (c *UIConfig) GetHeader(ctx context.Context, header string) ([]string, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      GetHeader retrieves the configured values for the given header

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      func (*UIConfig) HeaderKeys

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      func (c *UIConfig) HeaderKeys(ctx context.Context) ([]string, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        HeaderKeys returns the list of the configured headers

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        func (*UIConfig) Headers

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        func (c *UIConfig) Headers(ctx context.Context) (http.Header, error)

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Headers returns the response headers that should be returned in the UI

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (*UIConfig) SetHeader

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          func (c *UIConfig) SetHeader(ctx context.Context, header string, values []string) error

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            SetHeader sets the values for the given header

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            type UnimplementedRequestForwardingServer

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            type UnimplementedRequestForwardingServer struct {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              UnimplementedRequestForwardingServer can be embedded to have forward compatible implementations.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              func (*UnimplementedRequestForwardingServer) Echo

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              func (*UnimplementedRequestForwardingServer) ForwardRequest

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              type UnsealStrategy

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              type UnsealStrategy interface {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              	// contains filtered or unexported methods
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              }

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Source Files

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Directories

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Path Synopsis
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              external_tests