Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ErrNoAuthInfo = errors.New("no auth info returned")
ErrNoAuthInfo is returned when an auth provider returns no authentication info when requested from the vault server.
var ErrNoAuthProvider = errors.New("no vault authentication method provided")
ErrNoAuthProvider is the error returned when a Renewer is created without an auth method provided
Functions ¶
This section is empty.
Types ¶
type AuthProvider ¶
AuthMethod the method used to authenticate against vault and update the client token.
type AuthProviderAppRole ¶
func (AuthProviderAppRole) Auth ¶
func (p AuthProviderAppRole) Auth(client *api.Client) error
AppRoleAuth authenticates against Vault using an approle and secret.
func (AuthProviderAppRole) String ¶
func (p AuthProviderAppRole) String() string
type AuthProviderKubernetes ¶
func (AuthProviderKubernetes) Auth ¶
func (p AuthProviderKubernetes) Auth(client *api.Client) error
Auth implements AuthProvider
func (AuthProviderKubernetes) String ¶
func (p AuthProviderKubernetes) String() string
type Renewer ¶
type Renewer struct {
// contains filtered or unexported fields
}
Renewer manages vault token, it starts a control loop that checks the status of a token every second and performs the following actions:
- If no token exists then auth is attempted (requires auth method) - If the token is half way through its lifespan a token renew is attempted - If the token is expired auth is attempted (requires auth method)
If any of these actions fail the renewer exits with an error, allowing the application to handle to handle this failure. Its worth noting that the vault client has built in support for retrying failed requests, so a single failure should not cause an error.
func NewRenewer ¶
func NewRenewer(client *api.Client, authProvider AuthProvider) *Renewer
NewRenewer creates a Vault token renewer that will renew tokens halfway through their lifespan. If an auth method is provided then the controller can also authenticate against Vault if a authentication method is provided