Back to

Package vaku

Latest Go to latest

The latest major version is v2.

Published: 5 days ago | License: MIT | Module:



var (
	// ErrDecodeSecret when secret data cannot be extracted from a vault secret.
	ErrDecodeSecret = errors.New("decode secret")
	// ErrJSONMarshal when secret data cannot be marshaled into json.
	ErrJSONMarshal = errors.New("json marshal")
	// ErrNilData when passed data is nil.
	ErrNilData = errors.New("nil data")
	// ErrUnknownError when returning an error with no data.
	ErrUnknownError = errors.New("unknown error")

Errors that are not specific to one file/function.

var (
	// ErrFolderList when FolderList fails.
	ErrFolderList = errors.New("folder list")
	// ErrFolderListChan when FolderListChan fails.
	ErrFolderListChan = errors.New("folder list chan")
var (
	// ErrFolderRead when FolderRead fails.
	ErrFolderRead = errors.New("folder read")
	// ErrFolderReadChan when FolderReadChan fails.
	ErrFolderReadChan = errors.New("folder read chan")
var (
	// ErrMountInfo when failing to get mount information about a path.
	ErrMountInfo = errors.New("mount info")
	// ErrListMounts when failing to list vault mounts.
	ErrListMounts = errors.New("list mounts")
	// ErrNoMount when path cannot be matched to a mount.
	ErrNoMount = errors.New("no matching mount")
	// ErrRewritePath when failing to rewrite the path with mount data.
	ErrRewritePath = errors.New("rewriting path")
	// ErrMountVersion when an operation is not supported on the mount version.
	ErrMountVersion = errors.New("mount version does not support operation")
var (
	// ErrPathDelete when PathDelete fails.
	ErrPathDelete = errors.New("path delete")
	// ErrVaultDelete when the underlying Vault API delete fails.
	ErrVaultDelete = errors.New("vault delete")
var (
	// ErrPathList when PathList fails.
	ErrPathList = errors.New("path list")
	// ErrVaultList when the underlying Vault API list fails.
	ErrVaultList = errors.New("vault list")
var (
	// ErrPathRead when PathRead fails.
	ErrPathRead = errors.New("path read")
	// ErrVaultRead when the underlying Vault API read fails.
	ErrVaultRead = errors.New("vault read")
var (
	// ErrPathWrite when PathWrite errors.
	ErrPathWrite = errors.New("path write")
	// ErrVaultWrite when the underlying Vault API write fails.
	ErrVaultWrite = errors.New("vault write")
var (
	// ErrFolderCopy when FolderCopy fails.
	ErrFolderCopy = errors.New("folder copy")
var (
	// ErrFolderDelete when FolderDelete fails.
	ErrFolderDelete = errors.New("folder delete")
var (
	// ErrFolderDeleteMeta when FolderDeleteMeta fails.
	ErrFolderDeleteMeta = errors.New("folder delete meta")
var (
	// ErrFolderDestroy when FolderDestroy fails.
	ErrFolderDestroy = errors.New("folder destroy")
var (
	// ErrFolderMove when FolderMove fails.
	ErrFolderMove = errors.New("folder move")
var (
	// ErrFolderSearch when FolderSearch fails.
	ErrFolderSearch = errors.New("folder search")
var (
	// ErrFolderWrite when FolderWrite fails.
	ErrFolderWrite = errors.New("folder write")
var (
	// ErrNumWorkers when workers is not a supported number.
	ErrNumWorkers = errors.New("invalid workers")
var (
	// ErrPathCopy when PathCopy fails.
	ErrPathCopy = errors.New("path copy")
var (
	// ErrPathDeleteMeta when PathDeleteMeta fails.
	ErrPathDeleteMeta = errors.New("path delete meta")
var (
	// ErrPathDestroy when PathDestroy fails.
	ErrPathDestroy = errors.New("path destroy")
var (
	// ErrPathMove when PathMove fails.
	ErrPathMove = errors.New("path move")
var (
	// ErrPathSearch when PathSearch fails.
	ErrPathSearch = errors.New("path search")
var (
	// ErrPathUpdate when PathUpdate fails.
	ErrPathUpdate = errors.New("path update")

func EnsureFolder

func EnsureFolder(p string) string

EnsureFolder ensures a path is a folder (adds a trailing "/").

func EnsurePrefix

func EnsurePrefix(p, pfx string) string

EnsurePrefix adds a prefix to a path if it doesn't already have it.

func EnsurePrefixList

func EnsurePrefixList(l []string, pfx string)

EnsurePrefixList adds a prefix to every item in a list.

func EnsurePrefixMap

func EnsurePrefixMap(m map[string]map[string]interface{}, pfx string)

EnsurePrefixMap ensures a prefix for every key in a map.

func InsertIntoPath

func InsertIntoPath(path, after, insert string) string

InsertIntoPath adds 'insert' into 'path' after 'after' and returns the new path.

func IsFolder

func IsFolder(p string) bool

IsFolder if path is a folder (ends in "/").

func PathJoin

func PathJoin(p ...string) string

PathJoin combines multiple paths into one.

func TrimPrefixList

func TrimPrefixList(l []string, pfx string)

TrimPrefixList removes a prefix from every item in a list.

func TrimPrefixMap

func TrimPrefixMap(m map[string]map[string]interface{}, pfx string)

TrimPrefixMap removes a prefix from every key in a map.

func Version

func Version() string

Version gives the current Vaku API version.

type Client

type Client struct {
	// contains filtered or unexported fields

Client has all Vaku functions and wraps Vault API clients.

func NewClient

func NewClient(opts ...Option) (*Client, error)

NewClient returns a new Vaku Client based on the Vault API config.

func (*Client) FolderCopy

func (c *Client) FolderCopy(ctx context.Context, src, dst string) error

FolderCopy copies data at a source folder to a destination folder..

func (*Client) FolderDelete

func (c *Client) FolderDelete(ctx context.Context, p string) error

FolderDelete recursively deletes the provided path and all subpaths.

func (*Client) FolderDeleteMeta

func (c *Client) FolderDeleteMeta(ctx context.Context, p string) error

FolderDeleteMeta deletes all secret metadata and versions for all secrets in a folder. Only works on v2 kv engines.

func (*Client) FolderDestroy

func (c *Client) FolderDestroy(ctx context.Context, p string, versions []int) error

FolderDestroy destroys versions of all secrets in a folder. Only works on v2 kv engines.

func (*Client) FolderList

func (c *Client) FolderList(ctx context.Context, p string) ([]string, error)

FolderList recursively lists the provided path and all subpaths.

func (*Client) FolderListChan

func (c *Client) FolderListChan(ctx context.Context, p string) (<-chan string, <-chan error)

FolderListChan recursively lists the provided path and all subpaths. Returns an unbuffered channel that can be read until close and an error channel that sends either the first error or nil when the work is done.

func (*Client) FolderMove

func (c *Client) FolderMove(ctx context.Context, src, dst string) error

FolderMove moves data at a source folder to a destination folder. Source is deleted after copy.

func (*Client) FolderRead

func (c *Client) FolderRead(ctx context.Context, p string) (map[string]map[string]interface{}, error)

FolderRead recursively reads the provided path and all subpaths.

func (*Client) FolderReadChan

func (c *Client) FolderReadChan(ctx context.Context, p string) (<-chan map[string]map[string]interface{}, <-chan error)

FolderReadChan recursively reads the provided path and all subpaths. Returns an unbuffered channel that can be read until close and an error channel that sends either the first error or nil when the work is done.

func (*Client) FolderSearch

func (c *Client) FolderSearch(ctx context.Context, path, search string) ([]string, error)

FolderSearch searches the provided path and all subpaths. Returns a list of paths in which the string was found.

func (*Client) FolderWrite

func (c *Client) FolderWrite(ctx context.Context, d map[string]map[string]interface{}) error

FolderWrite writes data to a path. Multiple paths can be written to at once.

func (*Client) PathCopy

func (c *Client) PathCopy(src, dst string) error

PathCopy copies data at a source path to a destination path.

func (*Client) PathDelete

func (c *Client) PathDelete(p string) error

PathDelete deletes data at a path.

func (*Client) PathDeleteMeta

func (c *Client) PathDeleteMeta(p string) error

PathDeleteMeta deletes all secret metadata and versions. Only works on v2 kv engines.

func (*Client) PathDestroy

func (c *Client) PathDestroy(p string, versions []int) error

PathDestroy destroys versions of a secret at a path. Only works on v2 kv engines.

func (*Client) PathList

func (c *Client) PathList(p string) ([]string, error)

PathList lists paths at a path.

func (*Client) PathMove

func (c *Client) PathMove(src, dst string) error

PathMove moves data at a source path to a destination path (copy + delete).

func (*Client) PathRead

func (c *Client) PathRead(p string) (map[string]interface{}, error)

PathRead reads data at a path.

func (*Client) PathSearch

func (c *Client) PathSearch(p, s string) (bool, error)

PathSearch searches for a string at a path.

func (*Client) PathUpdate

func (c *Client) PathUpdate(p string, d map[string]interface{}) error

PathUpdate updates a path with data. New data (precedence) is merged with existing data.

func (*Client) PathWrite

func (c *Client) PathWrite(p string, d map[string]interface{}) error

PathWrite writes data to a path.

type ClientInterface

type ClientInterface interface {
	PathList(string) ([]string, error)
	PathRead(string) (map[string]interface{}, error)
	PathWrite(string, map[string]interface{}) error
	PathDelete(string) error
	PathDeleteMeta(string) error
	PathDestroy(string, []int) error
	PathUpdate(string, map[string]interface{}) error
	PathSearch(string, string) (bool, error)
	PathCopy(string, string) error
	PathMove(string, string) error

	FolderList(context.Context, string) ([]string, error)
	FolderListChan(context.Context, string) (<-chan string, <-chan error)
	FolderRead(context.Context, string) (map[string]map[string]interface{}, error)
	FolderReadChan(context.Context, string) (<-chan map[string]map[string]interface{}, <-chan error)
	FolderWrite(context.Context, map[string]map[string]interface{}) error
	FolderDelete(context.Context, string) error
	FolderDeleteMeta(context.Context, string) error
	FolderDestroy(context.Context, string, []int) error
	FolderSearch(context.Context, string, string) ([]string, error)
	FolderCopy(context.Context, string, string) error
	FolderMove(context.Context, string, string) error

ClientInterface exports the interface for the full Vaku client.

type Option

type Option interface {
	// contains filtered or unexported methods

Option configures a Client.

func WithAbsolutePath

func WithAbsolutePath(b bool) Option

WithAbsolutePath sets the output format for all returned paths. Default path output is a relative path, trimmed up to the path input. Pass WithAbsolutePath(true) to set path output to the entire path. Example: List(secret/foo) -> "bar" OR "secret/foo/bar".

func WithVaultClient

func WithVaultClient(c *vault.Client) Option

WithVaultClient sets the Vault client to be used.

func WithVaultDstClient

func WithVaultDstClient(c *vault.Client) Option

WithVaultDstClient sets a separate Vault client to be used only on operations that have a source and destination (copy, move, etc...). If unset the source client will be used.

func WithVaultSrcClient

func WithVaultSrcClient(c *vault.Client) Option

WithVaultSrcClient is an alias for WithVaultClient.

func WithWorkers

func WithWorkers(n int) Option

WithWorkers sets the maximum number of goroutines that access Vault at any given time. Does not cap the number of goroutines overall. Default value is 10. A stable and well-operated Vault server should be able to handle 100 or more without issue. Use with caution and tune specifically to your environment and storage backend.

Package Files

Documentation was rendered with GOOS=linux and GOARCH=amd64.

Jump to identifier

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to identifier