Documentation ¶
Index ¶
Constants ¶
View Source
const ( DenyCapability = "deny" CreateCapability = "create" ReadCapability = "read" UpdateCapability = "update" DeleteCapability = "delete" ListCapability = "list" SudoCapability = "sudo" RootCapability = "root" PatchCapability = "patch" // Backwards compatibility OldDenyPathPolicy = "deny" OldReadPathPolicy = "read" OldWritePathPolicy = "write" OldSudoPathPolicy = "sudo" )
View Source
const ( DenyCapabilityInt uint32 = 1 << iota CreateCapabilityInt ReadCapabilityInt UpdateCapabilityInt DeleteCapabilityInt ListCapabilityInt SudoCapabilityInt PatchCapabilityInt )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ACL ¶
type ACL struct { // exactRules contains the path policies that are exact //exactRules *radix.Tree ExactRules []PathPermissions // prefixRules contains the path policies that are a prefix //prefixRules *radix.Tree PrefixRules []PathPermissions // root is enabled if the "root" named policy is present. Root bool }
type ACLPermissions ¶
type ACLPermissions struct { CapabilitiesBitmap uint32 MinWrappingTTL time.Duration MaxWrappingTTL time.Duration AllowedParameters map[string][]interface{} DeniedParameters map[string][]interface{} RequiredParameters []string MFAMethods []string ControlGroup *ControlGroup GrantingPoliciesMap map[uint32][]logical.PolicyInfo Capabilities []string }
type ControlGroup ¶
type ControlGroup struct { TTL time.Duration Factors []*ControlGroupFactor }
type ControlGroupFactor ¶
type ControlGroupFactor struct { Name string Identity *IdentityFactor `hcl:"identity"` ControlledCapabilities []string `hcl:"controlled_capabilities"` }
type ControlGroupHCL ¶
type ControlGroupHCL struct { TTL interface{} `hcl:"ttl"` Factors map[string]*ControlGroupFactor `hcl:"factor"` }
type IdentityFactor ¶
type PathPermissions ¶
type PathPermissions struct { Path string Permissions *ACLPermissions }
type PathRules ¶
type PathRules struct { Path string Policy string Permissions *ACLPermissions IsPrefix bool HasSegmentWildcards bool Capabilities []string // These keys are used at the top level to make the HCL nicer; we store in // the ACLPermissions object though MinWrappingTTLHCL interface{} `hcl:"min_wrapping_ttl"` MaxWrappingTTLHCL interface{} `hcl:"max_wrapping_ttl"` AllowedParametersHCL map[string][]interface{} `hcl:"allowed_parameters"` DeniedParametersHCL map[string][]interface{} `hcl:"denied_parameters"` RequiredParametersHCL []string `hcl:"required_parameters"` MFAMethodsHCL []string `hcl:"mfa_methods"` ControlGroupHCL *ControlGroupHCL `hcl:"control_group"` }
PathRules represents a policy for a path in the namespace.
type Policy ¶
type Policy struct { Name string `hcl:"name"` Paths []*PathRules `hcl:"-"` Raw string Type PolicyType Templated bool }
type PolicyType ¶
type PolicyType uint32
const ( PolicyTypeACL PolicyType = iota PolicyTypeRGP PolicyTypeEGP // Triggers a lookup in the map to figure out if ACL or RGP PolicyTypeToken )
func (PolicyType) String ¶
func (p PolicyType) String() string
type VaultInstance ¶
type VaultInstance struct { DisplayName string `yaml:"-"` Client *vault.Client `yaml:"-"` Acl ACL `yaml:"-"` }
func BuildAndConnect ¶
func BuildAndConnect(vconfig *config.VaultConfig) (VaultInstance, error)
func ConnectVaultInstance ¶
func ConnectVaultInstance(vconfig *config.VaultConfig) (VaultInstance, error)
func (VaultInstance) GetACL ¶
func (vi VaultInstance) GetACL() (VaultInstance, error)
func (VaultInstance) Login ¶
func (vi VaultInstance) Login(vconfig *config.VaultConfig) (VaultInstance, error)
Click to show internal directories.
Click to hide internal directories.