Back to godoc.org
github.com/jenkins-x/jx/pkg/vault

package vault

v1.3.1119
Latest Go to latest
Published: Apr 15, 2019 | License: Apache-2.0 | Module: github.com/jenkins-x/jx

Index

Constants

const (
	// SystemVaultNamePrefix name prefix of the system vault used by the jenkins-x platform
	SystemVaultNamePrefix = "jx-vault"
	// GitOpsSecretsPath the path of secrets generated for GitOps
	GitOpsSecretsPath = "gitops/"
	// GitOpsTemplatesPath the path of gitops templates secrets
	GitOpsTemplatesPath = "templates/"
	// AdminSecretsPath the path of admin secrets
	AdminSecretsPath = "admin/"
	// AuthSecretsPath the path of auth secrets
	AuthSecretsPath = "auth/"
)
const (
	// JenkinsAdminSecret the secret name for Jenkins admin password
	JenkinsAdminSecret = "jenkins"
	// NexusAdminSecret the secret name for Nexus credentials
	NexusAdminSecret = "nexus"
	// ChartmuseumAdminSecret the secret name for ChartMuseum credentials
	ChartmuseumAdminSecret = "chartmuseum"
	// GrafanaAdminSecret the secret name for Grafana credentials
	GrafanaAdminSecret = "grafana"
	// IngressAdminSecret the secret name for Ingress basic authentication
	IngressAdminSecret = "ingress"
)
const (
	DenyCapability   = "deny"
	CreateCapability = "create"
	ReadCapability   = "read"
	UpdateCapability = "update"
	DeleteCapability = "delete"
	ListCapability   = "list"
	SudoCapability   = "sudo"
	RootCapability   = "root"

	PathRulesName            = "allow_secrets"
	DefaultSecretsPathPrefix = "secret/*"
	PoliciesName             = "policies"
)

Variables

var (
	DefaultSecretsCapabiltities = []string{CreateCapability, ReadCapability, UpdateCapability, DeleteCapability, ListCapability}
)

func AdminSecretPath

func AdminSecretPath(secret AdminSecret) string

AdminSecretPath returns the admin secret path for a given admin secret

func AuthSecretPath

func AuthSecretPath(secret string) string

AuthSecretPath returns the path of an auth secret

func GitOpsSecretPath

func GitOpsSecretPath(secret string) string

GitOpsSecretsPath returns the path of an install secret

func ReplaceURIs

func ReplaceURIs(s string, client Client) (string, error)

ReplaceURIs will replace any vault: URIs in a string, using the vault client

func ToURI

func ToURI(path string, key string) string

ToURI constructs a vault: URI for the given path and key

func WriteBasicAuth

func WriteBasicAuth(client Client, path string, auth config.BasicAuth) error

WriteBasicAuth stores the basic authentication credentials in vault at the given path.

func WriteMap

func WriteMap(client Client, path string, secret map[string]interface{}) error

WriteMap stores the map in vault at the given path.

func WriteYamlFiles

func WriteYamlFiles(client Client, path string, files ...string) error

WriteYAMLFiles stores the given YAML files in vault. The final secret path is a concatenation of the 'path' with the file name.

type AdminSecret

type AdminSecret string

AdminSecret type for a vault admin secret

type Client

type Client interface {
	// Write writes a named secret to the vault
	Write(secretName string, data map[string]interface{}) (map[string]interface{}, error)

	// WriteObject writes a generic named object to the vault.
	// The secret _must_ be serializable to JSON.
	WriteObject(secretName string, secret interface{}) (map[string]interface{}, error)

	// WriteYaml writes a yaml object to a named secret
	WriteYaml(secretName string, yamlstring string) (map[string]interface{}, error)

	// List lists the secrets under the specified path
	List(path string) ([]string, error)

	// Read reads a named secret from the vault
	Read(secretName string) (map[string]interface{}, error)

	// ReadObject reads a generic named objec from vault.
	// The secret _must_ be serializable to JSON.
	ReadObject(secretName string, secret interface{}) error

	// ReadYaml reads a yaml object from a named secret
	ReadYaml(secretName string) (string, error)

	// Config gets the config required for configuring the official Vault CLI
	Config() (vaultURL url.URL, vaultToken string, err error)
}

Client is an interface for interacting with Vault go:generate pegomock generate github.com/jenkins-x/jx/pkg/vault Client -o mocks/vault_client.go

func NewVaultClient

func NewVaultClient(apiclient *api.Client) Client

NewVaultClient creates a new Vault Client wrapping the api.client

type PathPolicy

type PathPolicy struct {
	Prefix       string   `hcl:",key"`
	Capabilities []string `hcl:"capabilities" hcle:"omitempty"`
}

PathPolicy defiens a vault path policy

type PathRule

type PathRule struct {
	Path []PathPolicy `hcl:"path" hcle:"omitempty"`
}

PathRule defines a path rule

func (*PathRule) String

func (r *PathRule) String() (string, error)

String encodes a Vault path rule to a string

Documentation was rendered with GOOS=linux and GOARCH=amd64.

Jump to identifier

Keyboard shortcuts

? : This menu
f or F : Jump to identifier