vault

package
v0.14.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 24, 2024 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	Token      = AuthMethod("token")
	Kubernetes = AuthMethod("kubernetes")
)
View Source 
const (
	PropertyPrefix = "cloud.vault"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthMethod 

type AuthMethod string

func (*AuthMethod) UnmarshalText 

func (a *AuthMethod) UnmarshalText(data []byte) error

UnmarshalText encoding.TextUnmarshaler

type Client 

type Client struct {
	*api.Client
	// contains filtered or unexported fields
}

func New 

func New(opts ...Options) (*Client, error)

func (*Client) AddHooks 

func (c *Client) AddHooks(_ context.Context, hooks ...Hook)

func (*Client) Authenticate 

func (c *Client) Authenticate() error

func (*Client) AutoRenewToken 

func (c *Client) AutoRenewToken(ctx context.Context)

AutoRenewToken start a TokenRefresher to automatically manage and renew vault token

func (*Client) Clone 

func (c *Client) Clone(opts ...Options) (*Client, error)

Clone make a copy of current Client with given customizations

func (*Client) Close 

func (c *Client) Close() error

func (*Client) Logical 

func (c *Client) Logical(ctx context.Context) *Logical

func (*Client) Sys 

func (c *Client) Sys(ctx context.Context) *Sys

func (*Client) TokenRenewer 

func (c *Client) TokenRenewer() (*api.Renewer, error)

TokenRenewer returns api.Renewer for manual Token management. Use AutoRenewToken auto-renew

type ClientAuthentication 

type ClientAuthentication interface {
	Login(client *api.Client) (token string, err error)
}

ClientAuthentication interface represents a vault auth method https://www.vaultproject.io/docs/auth

type ClientConfig 

type ClientConfig struct {
	// Config raw config of vault driver
	*api.Config
	// Properties from bootstrap.BootstrapConfig. Typically set via WithProperties()
	Properties ConnectionProperties
	// ClientAuth used by the client and internal token refresher to authenticate with Vault server
	ClientAuth ClientAuthentication
	// Hooks instrumentation points
	Hooks []Hook
}

type ConnectionProperties 

type ConnectionProperties struct {
	Host           string           `json:"host"`
	Port           int              `json:"port"`
	Scheme         string           `json:"scheme"`
	Authentication AuthMethod       `json:"authentication"`
	SSL            SSLProperties    `json:"ssl"`
	Kubernetes     KubernetesConfig `json:"kubernetes"`
	Token          string           `json:"token"`
}

func (ConnectionProperties) Address 

func (p ConnectionProperties) Address() string

type Hook 

type Hook interface {
	BeforeOperation(ctx context.Context, cmd string) context.Context
	AfterOperation(ctx context.Context, err error)
}

type KeyOption 

type KeyOption struct {
	KeyType              string
	Exportable           bool
	AllowPlaintextBackup bool
}

type KeyOptions 

type KeyOptions func(opt *KeyOption)

type KubernetesClient 

type KubernetesClient struct {
	// contains filtered or unexported fields
}

func TokenKubernetesAuthentication 

func TokenKubernetesAuthentication(kubernetesConfig KubernetesConfig) *KubernetesClient

func (*KubernetesClient) Login 

func (c *KubernetesClient) Login(client *api.Client) (string, error)

type KubernetesConfig 

type KubernetesConfig struct {
	JWTPath string `json:"jwt-path"`
	Role    string `json:"role"`
}

type Logical 

type Logical struct {
	*api.Logical
	// contains filtered or unexported fields
}

func (*Logical) Post 

func (l *Logical) Post(path string, data interface{}) (ret *api.Secret, err error)

Post is extension of api.Logical. Similar to Write, but use POST request

func (*Logical) Read 

func (l *Logical) Read(path string) (ret *api.Secret, err error)

Read override api.Logical with proper hooks

func (*Logical) ReadWithData 

func (l *Logical) ReadWithData(path string, data map[string][]string) (ret *api.Secret, err error)

ReadWithData override api.Logical with proper hooks Note: data is sent as HTTP parameters

func (*Logical) WithContext 

func (l *Logical) WithContext(ctx context.Context) *Logical

WithContext make a copy of current Logical with a new context

func (*Logical) Write 

func (l *Logical) Write(path string, data interface{}) (ret *api.Secret, err error)

Write override api.Logical with proper hooks. This method accept data as an interface instead of map Note: Write sends PUT request

func (*Logical) WriteWithMethod 

func (l *Logical) WriteWithMethod(method, path string, data interface{}) (ret *api.Secret, err error)

WriteWithMethod is extension of api.Logical to send POST and PUT request

type Options 

type Options func(cfg *ClientConfig) error

func WithProperties 

func WithProperties(p ConnectionProperties) Options

type SSLProperties 

type SSLProperties struct {
	CaCert     string `json:"ca-cert"`
	ClientCert string `json:"client-cert"`
	ClientKey  string `json:"client-key"`
	Insecure   bool   `json:"insecure"`
}

type Sys 

type Sys struct {
	*api.Sys
	// contains filtered or unexported fields
}

type TokenClientAuthentication 

type TokenClientAuthentication string

func (TokenClientAuthentication) Login 

func (d TokenClientAuthentication) Login(client *api.Client) (token string, err error)

type TokenRefresher 

type TokenRefresher struct {
	// contains filtered or unexported fields
}

TokenRefresher performs renewal & refreshment of a client's token renewal can occur when a token's ttl is completed, refresh occurs when a token cannot be renewed (e.g max TTL is reached)

func NewTokenRefresher 

func NewTokenRefresher(client *Client) *TokenRefresher

func (*TokenRefresher) Start 

func (r *TokenRefresher) Start(ctx context.Context)

Start will begin the processes of token renewal & refreshing

func (*TokenRefresher) Stop 

func (r *TokenRefresher) Stop()

Stop will stop the token renewal/refreshing processes

type TransitEngine 

type TransitEngine interface {
	PrepareKey(ctx context.Context, kid string) error
	Encrypt(ctx context.Context, kid string, plaintext []byte) ([]byte, error)
	Decrypt(ctx context.Context, kid string, cipher []byte) ([]byte, error)
}

func NewTransitEngine 

func NewTransitEngine(client *Client, opts ...KeyOptions) TransitEngine

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.