Documentation
¶
Index ¶
Constants ¶
View Source
const ( DenyCapability = "deny" CreateCapability = "create" ReadCapability = "read" UpdateCapability = "update" DeleteCapability = "delete" ListCapability = "list" SudoCapability = "sudo" RootCapability = "root" PatchCapability = "patch" // Backwards compatibility OldDenyPathPolicy = "deny" OldReadPathPolicy = "read" OldWritePathPolicy = "write" OldSudoPathPolicy = "sudo" )
View Source
const ( DenyCapabilityInt uint32 = 1 << iota CreateCapabilityInt ReadCapabilityInt UpdateCapabilityInt DeleteCapabilityInt ListCapabilityInt SudoCapabilityInt PatchCapabilityInt )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ACL ¶
type ACL struct {
// exactRules contains the path policies that are exact
//exactRules *radix.Tree
ExactRules []PathPermissions
// prefixRules contains the path policies that are a prefix
//prefixRules *radix.Tree
PrefixRules []PathPermissions
// root is enabled if the "root" named policy is present.
Root bool
}
type ACLPermissions ¶
type ACLPermissions struct {
CapabilitiesBitmap uint32
MinWrappingTTL time.Duration
MaxWrappingTTL time.Duration
AllowedParameters map[string][]interface{}
DeniedParameters map[string][]interface{}
RequiredParameters []string
MFAMethods []string
ControlGroup *ControlGroup
GrantingPoliciesMap map[uint32][]logical.PolicyInfo
Capabilities []string
}
type ControlGroup ¶
type ControlGroup struct {
TTL time.Duration
Factors []*ControlGroupFactor
}
type ControlGroupFactor ¶
type ControlGroupFactor struct {
Name string
Identity *IdentityFactor `hcl:"identity"`
ControlledCapabilities []string `hcl:"controlled_capabilities"`
}
type ControlGroupHCL ¶
type ControlGroupHCL struct {
TTL interface{} `hcl:"ttl"`
Factors map[string]*ControlGroupFactor `hcl:"factor"`
}
type IdentityFactor ¶
type PathPermissions ¶
type PathPermissions struct {
Path string
Permissions *ACLPermissions
}
type PathRules ¶
type PathRules struct {
Path string
Policy string
Permissions *ACLPermissions
IsPrefix bool
HasSegmentWildcards bool
Capabilities []string
// These keys are used at the top level to make the HCL nicer; we store in
// the ACLPermissions object though
MinWrappingTTLHCL interface{} `hcl:"min_wrapping_ttl"`
MaxWrappingTTLHCL interface{} `hcl:"max_wrapping_ttl"`
AllowedParametersHCL map[string][]interface{} `hcl:"allowed_parameters"`
DeniedParametersHCL map[string][]interface{} `hcl:"denied_parameters"`
RequiredParametersHCL []string `hcl:"required_parameters"`
MFAMethodsHCL []string `hcl:"mfa_methods"`
ControlGroupHCL *ControlGroupHCL `hcl:"control_group"`
}
PathRules represents a policy for a path in the namespace.
type Policy ¶
type Policy struct {
Name string `hcl:"name"`
Paths []*PathRules `hcl:"-"`
Raw string
Type PolicyType
Templated bool
}
type PolicyType ¶
type PolicyType uint32
const ( PolicyTypeACL PolicyType = iota PolicyTypeRGP PolicyTypeEGP // Triggers a lookup in the map to figure out if ACL or RGP PolicyTypeToken )
func (PolicyType) String ¶
func (p PolicyType) String() string
type VaultInstance ¶
type VaultInstance struct {
DisplayName string `yaml:"-"`
Client *vault.Client `yaml:"-"`
Acl ACL `yaml:"-"`
}
func BuildAndConnect ¶
func BuildAndConnect(vconfig *config.VaultConfig) (VaultInstance, error)
func ConnectVaultInstance ¶
func ConnectVaultInstance(vconfig *config.VaultConfig) (VaultInstance, error)
func (VaultInstance) GetACL ¶
func (vi VaultInstance) GetACL() (VaultInstance, error)
func (VaultInstance) Login ¶
func (vi VaultInstance) Login(vconfig *config.VaultConfig) (VaultInstance, error)
Source Files
Click to show internal directories.
Click to hide internal directories.