exoscale

package module
v0.4.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 30, 2024 License: ISC Imports: 13 Imported by: 0

README

Vault Plugin: Exoscale Secrets Backend

Actions Status

This is a HashiCorp Vault secrets engine that generates Exoscale IAM API keys with specific IAM Roles.

You can find the official documentation of this plugin on the wiki of this repo.

Please note: If you believe you have found a security issue in this plugin, please responsibly disclose by contacting us at security@exoscale.com instead of opening an issue at GitHub.

Documentation

Index

Constants

View Source 
const SecretTypeAPIKey = "apikey"

Variables

View Source 
var ErrorBackendNotConfigured = errors.New(`Exoscale secret engine not configured
hint: vault path-help exoscale/config/root # (replace "exoscale" by your mount point)`)

Functions

func Factory 

func Factory(ctx context.Context, config *logical.BackendConfig) (logical.Backend, error)

func V2ParseIAMResource added in v0.4.0 

func V2ParseIAMResource(v string) (*egoscale.IAMAccessKeyResource, error)

v2ParseIAMResource parses a string-encoded IAM access key resource formatted such as DOMAIN/TYPE:NAME and deserializes it into an egoscale.IAMAccessKeyResource struct.

Types

type Exoscale added in v0.4.0 

type Exoscale struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

Exoscale is an abstraction over the Exoscale API

func (*Exoscale) LoadConfig added in v0.4.0 

func (e *Exoscale) LoadConfig(cfg ExoscaleConfig) error

func (*Exoscale) LoadConfigFromStorage added in v0.4.0 

func (e *Exoscale) LoadConfigFromStorage(ctx context.Context, storage logical.Storage) error

func (*Exoscale) V2CreateAccessKey added in v0.4.0 

func (e *Exoscale) V2CreateAccessKey(ctx context.Context, roleName string, reqDisplayName string, role Role) (*egoscale.IAMAccessKey, error)

V2CreateAccessKey creates a IAMv2 Access Key

func (*Exoscale) V2RevokeAccessKey added in v0.4.0 

func (e *Exoscale) V2RevokeAccessKey(ctx context.Context, key string) error

V2RevokeAccessKey revokes a IAMv2 Access Key

func (*Exoscale) V3CreateAPIKey added in v0.4.0 

func (e *Exoscale) V3CreateAPIKey(ctx context.Context, roleName string, reqDisplayName string, role Role) (*oapi.IamApiKeyCreated, error)

V3CreateAPIKey creates a IAMv3 API Key

func (*Exoscale) V3DeleteAPIKey added in v0.4.0 

func (e *Exoscale) V3DeleteAPIKey(ctx context.Context, key string) error

V3DeleteAPIKey deletes a IAMv3 API Key

func (*Exoscale) V3GetRole added in v0.4.0 

func (e *Exoscale) V3GetRole(ctx context.Context, role string) (*oapi.IamRole, error)

V3GetRole takes a role ID or name and returns a role ID if that role exists

type ExoscaleConfig added in v0.4.0 

type ExoscaleConfig struct {
	APIEnvironment   string `json:"api_environment"`
	RootAPIKey       string `json:"root_api_key"`
	RootAPISecret    string `json:"root_api_secret"`
	Zone             string `json:"zone"`
	APIKeyNamePrefix string `json:"api_key_name_prefix"`
}

type Role added in v0.4.0 

type Role struct {
	// IAM V2
	Operations []string `json:"operations,omitempty"`
	Resources  []string `json:"resources,omitempty"`
	Tags       []string `json:"tags,omitempty"`

	// IAM V3
	IAMRoleID   string `json:"iam_role_id,omitempty"`
	IAMRoleName string `json:"iam_role_name,omitempty"`

	// Lease
	Renewable   bool          `json:"renewable,omitempty"`
	TTL         time.Duration `json:"ttl,omitempty"`
	MaxTTL      time.Duration `json:"max_ttl,omitempty"`
	LeaseConfig *leaseConfig  `json:"lease_config,omitempty"` // deprecated

	Version string `json:"version,omitempty"`
}

Source Files

View all Source files

Directories

Path Synopsis
cmd
vault-plugin-secrets-exoscale

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.