vault

package
v1.3.1119 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 15, 2019 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	BankVaultsOperatorImage = "banzaicloud/vault-operator"
	BankVaultsImage         = "banzaicloud/bank-vaults"
	BankVaultsImageTag      = "0.4.7"
)

Variables

This section is empty.

Functions

func CreateAWSVault added in v1.3.1015 

func CreateAWSVault(kubeClient kubernetes.Interface, vaultOperatorClient versioned.Interface, name string, ns string,
	awsServiceAccountSecretName string, awsConfig *AWSConfig, authServiceAccount string,
	authServiceAccountNamespace string, secretsPathPrefix string) error

CreateAWSVault creates a new vault backed by AWS KMS and DynamoDB storage

func CreateGKEVault added in v1.3.1015 

func CreateGKEVault(kubeClient kubernetes.Interface, vaultOperatorClient versioned.Interface, name string, ns string,
	gcpServiceAccountSecretName string, gcpConfig *GCPConfig, authServiceAccount string,
	authServiceAccountNamespace string, secretsPathPrefix string) error

CreateGKEVault creates a new vault backed by GCP KMS and storage

func DeleteVault 

func DeleteVault(vaultOperatorClient versioned.Interface, name string, ns string) error

DeleteVault delete a Vault resource

func FindVault 

func FindVault(vaultOperatorClient versioned.Interface, name string, ns string) bool

FindVault checks if a vault is available

func GetAuthSaName 

func GetAuthSaName(vault v1alpha1.Vault) string

GetAuthSaName gets the Auth Service Account name for the vault

func GetVault 

func GetVault(vaultOperatorClient versioned.Interface, name string, ns string) (*v1alpha1.Vault, error)

GetVault gets a specific vault

func InitializeVault added in v1.3.1015 

func InitializeVault(kubeClient kubernetes.Interface, name string, ns string, authServiceAccount string,
	authServiceAccountNamespace string, secretsPathPrefix string) (*v1alpha1.Vault, error)

InitializeVault intializes and returns vault struct

func SystemVaultName added in v1.3.856 

func SystemVaultName(kuber kube.Kuber) (string, error)

SystemVaultName returns the name of the system vault based on the cluster name

func SystemVaultNameForCluster added in v1.3.937 

func SystemVaultNameForCluster(clusterName string) string

SystemVaultNameForCluster returns the system vault name from a given cluster name

Types

type AWSConfig added in v1.3.1015 

type AWSConfig struct {
	v1alpha1.AWSUnsealConfig
	DynamoDBTable   string
	DynamoDBRegion  string
	AccessKeyID     string
	SecretAccessKey string
}

AWSConfig keeps the vault configuration for AWS

type DynamoDBConfig added in v1.3.1015 

type DynamoDBConfig struct {
	HaEnabled       string `json:"ha_enabled"`
	Region          string `json:"region"`
	Table           string `json:"table"`
	AccessKeyID     string `json:"access_key"`
	SecretAccessKey string `json:"secret_key"`
}

DynamoDBConfig AWS DynamoDB config for Vault backend

type GCPConfig 

type GCPConfig struct {
	ProjectId   string
	KmsKeyring  string
	KmsKey      string
	KmsLocation string
	GcsBucket   string
}

GCPConfig keeps the configuration for Google Cloud

type GCSConfig 

type GCSConfig struct {
	Bucket    string `json:"bucket"`
	HaEnabled string `json:"ha_enabled"`
}

GCSConfig Google Cloud Storage config for Vault backend

type Listener 

type Listener struct {
	Tcp Tcp `json:"tcp"`
}

Listener vault server listener

type OptionsInterface added in v1.3.882 

type OptionsInterface interface {
	KubeClientAndNamespace() (kubernetes.Interface, string, error)
	VaultOperatorClient() (versioned.Interface, error)
	GetIn() terminal.FileReader
	GetOut() terminal.FileWriter
	GetErr() io.Writer
}

OptionsInterface is an interface to allow passing around of a CommonOptions object without dependencies on the whole of the cmd package

type Selector 

type Selector interface {
	GetVault(name string, namespace string) (*Vault, error)
}

Selector is an interface for selecting a vault from the installed ones on the platform It should pick the most logical one, or give the user a way of picking a vault if there are multiple installed

func NewVaultSelector 

func NewVaultSelector(o OptionsInterface) (Selector, error)

NewVaultSelector creates a new vault selector

type Storage 

type Storage struct {
	GCS      *GCSConfig      `json:"gcs,omitempty"`
	DynamoDB *DynamoDBConfig `json:"dynamodb,omitempty"`
}

Storage configuration for Vault storage

type Tcp 

type Tcp struct {
	Address    string `json:"address"`
	TlsDisable bool   `json:"tls_disable"`
}

Tcp address for vault server

type Telemetry 

type Telemetry struct {
	StatsdAddress string `json:"statsd_address"`
}

Telemetry address for telemetry server

type Vault 

type Vault struct {
	Name                   string
	Namespace              string
	URL                    string
	AuthServiceAccountName string
}

Vault stores some details of a Vault resource

func GetVaults 

func GetVaults(client kubernetes.Interface, vaultOperatorClient versioned.Interface, ns string) ([]*Vault, error)

GetVaults returns all vaults available in a given namespaces

type VaultAuth 

type VaultAuth struct {
	Roles []VaultRole `json:"roles"`
	Type  string      `json:"type"`
}

VaultAuth vault auth configuration

type VaultAuths 

type VaultAuths []VaultAuth

VaultAuths list of vault authentications

type VaultClientFactory 

type VaultClientFactory struct {
	Options  OptionsInterface
	Selector Selector
	// contains filtered or unexported fields
}

VaultClientFactory keeps the configuration required to build a new vault client factory

func NewInteractiveVaultClientFactory 

func NewInteractiveVaultClientFactory(options OptionsInterface) (*VaultClientFactory, error)

NewInteractiveVaultClientFactory creates a VaultClientFactory that allows the user to pick vaults if necessary

func NewVaultClientFactory 

func NewVaultClientFactory(kubeClient kubernetes.Interface, vaultOperatorClient versioned.Interface, defaultNamespace string) (*VaultClientFactory, error)

NewVaultClientFactory Creates a new VaultClientFactory with different options to the above. It doesnt' have CLI support so will fail if it needs interactive input (unlikely)

func (*VaultClientFactory) GetConfigData 

func (v *VaultClientFactory) GetConfigData(name string, namespace string) (config *api.Config, jwt string, saName string, err error)

GetConfigData generates the information necessary to configure an api.Client object Returns the api.Config object, the JWT needed to create the auth user in vault, and an error if present

func (*VaultClientFactory) NewVaultClient 

func (v *VaultClientFactory) NewVaultClient(name string, namespace string) (*api.Client, error)

NewVaultClient creates a new api.Client if namespace is nil, then the default namespace of the factory will be used if the name is nil, and only one vault is found, then that vault will be used. Otherwise the user will be prompted to select a vault for the client.

type VaultPolicies 

type VaultPolicies []VaultPolicy

VaultPolicies list of vault policies

type VaultPolicy 

type VaultPolicy struct {
	Name  string `json:"name"`
	Rules string `json:"rules"`
}

VaultPolicy vault policy

type VaultRole 

type VaultRole struct {
	BoundServiceAccountNames      string `json:"bound_service_account_names"`
	BoundServiceAccountNamespaces string `json:"bound_service_account_namespaces"`
	Name                          string `json:"name"`
	Policies                      string `json:"policies"`
	TTL                           string `json:"ttl"`
}

VaultRole role configuration for VaultAuth

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.