Documentation
¶
Index ¶
- Constants
- type Audit
- type Auth
- type AuthMount
- type Client
- func (c *Client) Auth() *Auth
- func (c *Client) ClearToken()
- func (c *Client) Help(path string) (*Help, error)
- func (c *Client) Logical() *Logical
- func (c *Client) NewRequest(method, path string) *Request
- func (c *Client) RawRequest(r *Request) (*Response, error)
- func (c *Client) SetToken(v string)
- func (c *Client) Sys() *Sys
- func (c *Client) Token() string
- type Config
- type ErrorResponse
- type Help
- type InitRequest
- type InitResponse
- type InitStatusResponse
- type LeaderResponse
- type Logical
- type Mount
- type Request
- type Response
- type SealStatusResponse
- type Secret
- type SecretAuth
- type Sys
- func (c *Sys) DeletePolicy(name string) error
- func (c *Sys) DisableAudit(path string) error
- func (c *Sys) DisableAuth(path string) error
- func (c *Sys) EnableAudit(path string, auditType string, desc string, opts map[string]string) error
- func (c *Sys) EnableAuth(path, authType, desc string) error
- func (c *Sys) GetPolicy(name string) (string, error)
- func (c *Sys) Init(opts *InitRequest) (*InitResponse, error)
- func (c *Sys) InitStatus() (bool, error)
- func (c *Sys) Leader() (*LeaderResponse, error)
- func (c *Sys) ListAudit() (map[string]*Audit, error)
- func (c *Sys) ListAuth() (map[string]*AuthMount, error)
- func (c *Sys) ListMounts() (map[string]*Mount, error)
- func (c *Sys) ListPolicies() ([]string, error)
- func (c *Sys) Login(vars map[string]string) error
- func (c *Sys) Mount(path, mountType, description string) error
- func (c *Sys) PutPolicy(name, rules string) error
- func (c *Sys) Remount(from, to string) error
- func (c *Sys) Renew(id string, increment int) (*Secret, error)
- func (c *Sys) Revoke(id string) error
- func (c *Sys) RevokePrefix(id string) error
- func (c *Sys) Seal() error
- func (c *Sys) SealStatus() (*SealStatusResponse, error)
- func (c *Sys) Unmount(path string) error
- func (c *Sys) Unseal(shard string) (*SealStatusResponse, error)
- type TokenAuth
- type TokenCreateRequest
Constants ¶
const AuthCookieName = "token"
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Auth ¶
type Auth struct {
// contains filtered or unexported fields
}
Auth is used to perform credential backend related operations.
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client is the client to the Vault API. Create a client with NewClient.
func NewClient ¶
NewClient returns a new client for the given configuration.
If the environment variable `VAULT_TOKEN` is present, the token will be automatically added to the client. Otherwise, you must manually call `SetToken()`.
func (*Client) ClearToken ¶
func (c *Client) ClearToken()
ClearToken deletes the token cookie if it is set or does nothing otherwise.
func (*Client) NewRequest ¶
NewRequest creates a new raw request object to query the Vault server configured for this client. This is an advanced method and generally doesn't need to be called externally.
func (*Client) RawRequest ¶
RawRequest performs the raw request given. This request may be against a Vault server not configured with this client. This is an advanced operation that generally won't need to be called externally.
func (*Client) SetToken ¶
SetToken sets the token directly. This won't perform any auth verification, it simply sets the cookie properly for future requests.
type Config ¶
type Config struct {
// Address is the address of the Vault server. This should be a complete
// URL such as "http://vault.example.com". If you need a custom SSL
// cert or want to enable insecure mode, you need to specify a custom
// HttpClient.
Address string
// HttpClient is the HTTP client to use. http.DefaultClient will be
// used if not specified. The HTTP client must have the cookie jar set
// to be able to store cookies, otherwise authentication (login) will
// not work properly. If the jar is nil, a default empty cookie jar
// will be set.
HttpClient *http.Client
}
Config is used to configure the creation of the client.
func DefaultConfig ¶
func DefaultConfig() *Config
DefaultConfig returns a default configuration for the client. It is safe to modify the return value of this function.
The default Address is https://127.0.0.1:8200, but this can be overridden by setting the `VAULT_ADDR` environment variable.
type ErrorResponse ¶
type ErrorResponse struct {
Errors []string
}
ErrorResponse is the raw structure of errors when they're returned by the HTTP API.
type InitRequest ¶
type InitRequest struct {
SecretThreshold int
}
type InitResponse ¶
type InitStatusResponse ¶
type InitStatusResponse struct {
Initialized bool
}
type LeaderResponse ¶
type Logical ¶
type Logical struct {
// contains filtered or unexported fields
}
Logical is used to perform logical backend operations on Vault.
type Request ¶
type Request struct {
Method string
URL *url.URL
Params url.Values
Obj interface{}
Body io.Reader
BodySize int64
}
Request is a raw request configuration structure used to initiate API requests to the Vault server.
func (*Request) ResetJSONBody ¶
ResetJSONBody is used to reset the body for a redirect
func (*Request) SetJSONBody ¶
SetJSONBody is used to set a request body that is a JSON-encoded value.
type Response ¶
Response is a raw response that wraps an HTTP response.
func (*Response) DecodeJSON ¶
DecodeJSON will decode the response body to a JSON structure. This will consume the response body, but will not close it. Close must still be called.
type Secret ¶
type Secret struct {
LeaseID string `json:"lease_id"`
LeaseDuration int `json:"lease_duration"`
Renewable bool `json:"renewable"`
// Data is the actual contents of the secret. The format of the data
// is arbitrary and up to the secret backend.
Data map[string]interface{} `json:"data"`
// Auth, if non-nil, means that there was authentication information
// attached to this response.
Auth *SecretAuth `json:"auth,omitempty"`
}
Secret is the structure returned for every secret within Vault.
type SecretAuth ¶
type SecretAuth struct {
ClientToken string `json:"client_token"`
Policies []string `json:"policies"`
Metadata map[string]string `json:"metadata"`
LeaseDuration int `json:"lease_duration"`
Renewable bool `json:"renewable"`
}
Auth is the structure containing auth information if we have it.
type Sys ¶
type Sys struct {
// contains filtered or unexported fields
}
Sys is used to perform system-related operations on Vault.
func (*Sys) DeletePolicy ¶
func (*Sys) DisableAudit ¶
func (*Sys) DisableAuth ¶
func (*Sys) EnableAudit ¶
func (*Sys) EnableAuth ¶
func (*Sys) Init ¶
func (c *Sys) Init(opts *InitRequest) (*InitResponse, error)
func (*Sys) InitStatus ¶
func (*Sys) Leader ¶
func (c *Sys) Leader() (*LeaderResponse, error)
func (*Sys) ListPolicies ¶
func (*Sys) Login ¶
Login performs the /sys/login API call.
This API call is stateful: it will set the access token on the client for future API calls to be authenticated. The access token can be retrieved at any time from the client using `client.Token()` and it can be cleared with `sys.Logout()`.
func (*Sys) RevokePrefix ¶
func (*Sys) SealStatus ¶
func (c *Sys) SealStatus() (*SealStatusResponse, error)
type TokenAuth ¶
type TokenAuth struct {
// contains filtered or unexported fields
}
TokenAuth is used to perform token backend operations on Vault.
func (*TokenAuth) RevokeOrphan ¶
func (*TokenAuth) RevokePrefix ¶
func (*TokenAuth) RevokeTree ¶
type TokenCreateRequest ¶
type TokenCreateRequest struct {
ID string `json:"id,omitempty"`
Policies []string `json:"policies,omitempty"`
Metadata map[string]string `json:"meta,omitempty"`
Lease string `json:"lease,omitempty"`
NoParent bool `json:"no_parent,omitempty"`
DisplayName string `json:"display_name"`
NumUses int `json:"num_uses"`
}
TokenCreateRequest is the options structure for creating a token.
Source Files