Documentation
¶
Overview ¶
******************************************************************************
- Copyright 2018 Dell Inc. *
- Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- in compliance with the License. You may obtain a copy of the License at *
- http://www.apache.org/licenses/LICENSE-2.0 *
- Unless required by applicable law or agreed to in writing, software distributed under the License
- is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- or implied. See the License for the specific language governing permissions and limitations under
- the License. *
- @author: Tingyu Zeng, Dell
- @version: 1.0.0 ******************************************************************************
******************************************************************************
- Copyright 2018 Dell Inc. *
- Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- in compliance with the License. You may obtain a copy of the License at *
- http://www.apache.org/licenses/LICENSE-2.0 *
- Unless required by applicable law or agreed to in writing, software distributed under the License
- is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- or implied. See the License for the specific language governing permissions and limitations under
- the License. *
- @author: Tingyu Zeng, Dell
- @version: 1.0.0 ******************************************************************************
******************************************************************************
- Copyright 2018 Dell Inc. *
- Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- in compliance with the License. You may obtain a copy of the License at *
- http://www.apache.org/licenses/LICENSE-2.0 *
- Unless required by applicable law or agreed to in writing, software distributed under the License
- is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- or implied. See the License for the specific language governing permissions and limitations under
- the License. *
- @author: Tingyu Zeng, Dell
- @version: 1.0.0 ******************************************************************************
******************************************************************************
- Copyright 2018 Dell Inc. *
- Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- in compliance with the License. You may obtain a copy of the License at *
- http://www.apache.org/licenses/LICENSE-2.0 *
- Unless required by applicable law or agreed to in writing, software distributed under the License
- is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- or implied. See the License for the specific language governing permissions and limitations under
- the License. *
- @author: Tingyu Zeng, Dell
- @version: 1.0.0 ******************************************************************************
******************************************************************************
- Copyright 2018 Dell Inc. *
- Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
- in compliance with the License. You may obtain a copy of the License at *
- http://www.apache.org/licenses/LICENSE-2.0 *
- Unless required by applicable law or agreed to in writing, software distributed under the License
- is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- or implied. See the License for the specific language governing permissions and limitations under
- the License. *
- @author: Tingyu Zeng, Dell / Alain Pulluelo, ForgeRock AS
- @version: 1.0.0 ******************************************************************************
Index ¶
- Constants
- func CertKeyPairInStore(config *tomlConfig, secretBaseURL string, c *http.Client, debug bool) (bool, error)
- func CreateCredential() (string, error)
- func CreateLogging() logger.LoggingClient
- func CreateToken(tokenName string, policyName string, rootToken string, config *tomlConfig, ...) (err error)
- func CredentialInStore(config *tomlConfig, secretBaseURL string, credPath string, c *http.Client) (bool, error)
- func FatalIfErr(err error, msg string)
- func GetPolicyFromFile(policyFilePtr *string) ([]byte, error)
- func HashFile(policyFilePtr *string, debug bool) (hashSum []byte, err error)
- func HelpCallback()
- func ImportPolicy(policyName string, policyRequest *[]byte, rootToken string, config *tomlConfig, ...) (err error)
- func InitCredentials(config *tomlConfig, secretBaseURL string, secretPath string, cred *UserPasswd, ...) error
- func LoadCACert(caPath string) (string, error)
- func LoadCertKeyPair(certPath string, keyPath string) (string, string, error)
- func LoadKongCerts(config *tomlConfig, url string, secretBaseURL string, c *http.Client, ...) error
- func LoadTomlConfig(path string) (*tomlConfig, error)
- func UploadProxyCerts(config *tomlConfig, secretBaseURL string, cert string, sk string, ...) (bool, error)
- func VaultHealthCheck(config *tomlConfig, httpClient *http.Client) (sCode int, err error)
- func VaultInit(config *tomlConfig, httpClient *http.Client, debug bool) (sCode int, err error)
- func VaultPolicyCheck(policyName string, tokenID string, config *tomlConfig, httpClient *http.Client) (sCode int, err error)
- func VaultUnseal(config *tomlConfig, httpClient *http.Client, debug bool) (sCode int, err error)
- type CertInfo
- type CertKeyCollector
- type CertKeyPair
- type InitRequest
- type InitResponse
- type Metadata
- type Secret
- type TokenData
- type TokenID
- type UnsealRequest
- type UnsealResponse
- type UserPasswd
Constants ¶
View Source
const ( CertificatesPath = "certificates/" SecurityService = "securityservice" EdgeXService = "edgex" VaultToken = "X-Vault-Token" )
Global constants
Variables ¶
This section is empty.
Functions ¶
func CertKeyPairInStore ¶
func CreateCredential ¶
func CreateToken ¶
func CredentialInStore ¶
func FatalIfErr ¶
FatalIfErr = Prinf() followed by a call to os.Exit(1)
func GetPolicyFromFile ¶
func HelpCallback ¶
func HelpCallback()
func ImportPolicy ¶
func InitCredentials ¶
func LoadCACert ¶
func LoadCertKeyPair ¶
func LoadKongCerts ¶
func LoadTomlConfig ¶
LoadTomlConfig Loading the TOML configuration into structure
func UploadProxyCerts ¶
func UploadProxyCerts(config *tomlConfig, secretBaseURL string, cert string, sk string, c *http.Client) (bool, error)
----------------------------------------------------------
curl --header "X-Vault-Token: ${_ROOT_TOKEN}" \
--header "Content-Type: application/json" \
--request POST \
--data @${_PAYLOAD_KONG} \
http://localhost:8200/v1/secret/edgex/pki/tls/edgex-kong
func VaultHealthCheck ¶
func VaultPolicyCheck ¶
Types ¶
type CertInfo ¶
type CertInfo struct {
Cert string `json:"cert,omitempty"`
Key string `json:"key,omitempty"`
Snis []string `json:"snis,omitempty"`
}
CertInfo parm
type CertKeyCollector ¶
type CertKeyCollector struct {
Section CertKeyPair `json:"data"`
}
CertKeyCollector X.509 TLS certificate and associated private key from Secret Store get req
type CertKeyPair ¶
CertKeyPair X.509 TLS certioficate and associated private key
type InitRequest ¶
type InitRequest struct {
SecretThreshold int `json:"secret_threshold"`
}
InitRequest contains a Vault init request regarding the Shamir Secret Sharing (SSS) parameters
type InitResponse ¶
type InitResponse struct {
Keys []string `json:"keys"`
KeysBase64 []string `json:"keys_base64"`
RootToken string `json:"root_token"`
}
InitResponse contains a Vault init response
type Metadata ¶
type Metadata struct {
User string `json:"user"`
}
Metadata structure from token create data structure
type TokenData ¶
type TokenData struct {
Policies []string `json:"policies"`
Metadata Metadata `json:"metadata"`
DisplayName string `json:"display_name"`
TTL string `json:"ttl"`
Renewable string `json:"renewable"`
}
TokenData structure to serialize a token create data
{
"policies": [
"admin",
"default"
],
"metadata": {
"user": "admin user"
},
"display_name": "admin",
"ttl": "1h",
"renewable": true
}
type TokenID ¶
type TokenID struct {
RequestID string `json:"request_id"`
}
TokenID structure to serialize a token ID from its fs storage
{
"request_id": "ded4b254-de08-8c23-fb95-3d9352dbe002",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": null,
"wrap_info": null,
"warnings": null,
"auth": {
"client_token": "2f7b982d-dd49-41df-cca3-dbf23f166751",
"accessor": "bbba3c5d-454b-3940-b20b-72d5a3e3cf3d",
"policies": [
"admin",
"default"
],
"metadata": null,
"lease_duration": 3600,
"renewable": true,
"entity_id": ""
}
}
type AutoGenerated struct {
RequestID string `json:"request_id"`
LeaseID string `json:"lease_id"`
Renewable bool `json:"renewable"`
LeaseDuration int `json:"lease_duration"`
Data interface{} `json:"data"`
WrapInfo interface{} `json:"wrap_info"`
Warnings interface{} `json:"warnings"`
Auth struct {
ClientToken string `json:"client_token"`
Accessor string `json:"accessor"`
Policies []string `json:"policies"`
Metadata interface{} `json:"metadata"`
LeaseDuration int `json:"lease_duration"`
Renewable bool `json:"renewable"`
EntityID string `json:"entity_id"`
} `json:"auth"`
}
type UnsealRequest ¶
UnsealRequest contains a Vault unseal request
type UnsealResponse ¶
type UnsealResponse struct {
Sealed bool `json:"sealed"`
T int `json:"t"`
N int `json:"n"`
Progress int `json:"progress"`
}
UnsealResponse contains a Vault unseal response
type UserPasswd ¶
Source Files
Click to show internal directories.
Click to hide internal directories.