Documentation ¶
Index ¶
- func CASecretName(releaseName string) string
- func ConfigurePKI(t *testing.T, vaultClient *vapi.Client, baseUrl, policyName, commonName string, ...)
- func ConfigurePKICerts(t *testing.T, vaultClient *vapi.Client, ...) string
- func CreateConnectCARootAndIntermediatePKIPolicy(t *testing.T, vaultClient *vapi.Client, ...)
- func GenerateGossipSecret() (string, error)
- type KV2Secret
- type KubernetesAuthRoleConfiguration
- type PKIAndAuthRoleConfiguration
- type VaultCluster
- func (v *VaultCluster) Address() string
- func (v *VaultCluster) ConfigureAuthMethod(t *testing.T, vaultClient *vapi.Client, authPath, k8sHost, saName, saNS string)
- func (v *VaultCluster) Create(t *testing.T, ctx environment.TestContext, vaultNamespace string)
- func (v *VaultCluster) Destroy(t *testing.T)
- func (v *VaultCluster) SetupVaultClient(t testutil.TestingTB) *vapi.Client
- func (v *VaultCluster) VaultClient(*testing.T) *vapi.Client
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CASecretName ¶
CASecretName returns the Kubernetes secret name of the CA for the Vault server.
func ConfigurePKI ¶
func ConfigurePKI(t *testing.T, vaultClient *vapi.Client, baseUrl, policyName, commonName string, skipPKIMount bool)
ConfigurePKI generates a CA in Vault at a given path with a given policyName.
func ConfigurePKICerts ¶
func ConfigurePKICerts(t *testing.T, vaultClient *vapi.Client, baseUrl, allowedSubdomain, roleName, ns, datacenter, maxTTL string) string
ConfigurePKICerts configures roles in Vault so that controller webhook TLS certificates can be issued by Vault.
func CreateConnectCARootAndIntermediatePKIPolicy ¶
func CreateConnectCARootAndIntermediatePKIPolicy(t *testing.T, vaultClient *vapi.Client, policyName, rootPath, intermediatePath string)
CreateConnectCARootAndIntermediatePKIPolicy creates the Vault Policy for the connect-ca in a given datacenter.
func GenerateGossipSecret ¶
GenerateGossipSecret generates a random 32 byte secret returned as a base64 encoded string.
Types ¶
type KV2Secret ¶
func (*KV2Secret) SaveSecretAndAddReadPolicy ¶
SaveSecretAndAddReadPolicy will create a read policy for the PolicyName on the KV2Secret and then will save the secret in the KV2 store.
type KubernetesAuthRoleConfiguration ¶
type KubernetesAuthRoleConfiguration struct { ServiceAccountName string KubernetesNamespace string PolicyNames string AuthMethodPath string RoleName string }
func (*KubernetesAuthRoleConfiguration) ConfigureK8SAuthRole ¶
func (config *KubernetesAuthRoleConfiguration) ConfigureK8SAuthRole(t *testing.T, vaultClient *vapi.Client)
ConfigureKubernetesAuthRole configures a role in Vault for the component for the Kubernetes auth method that will be used by the test Helm chart installation.
type PKIAndAuthRoleConfiguration ¶
type PKIAndAuthRoleConfiguration struct { ServiceAccountName string BaseURL string PolicyName string RoleName string CommonName string CAPath string CertPath string KubernetesNamespace string DataCenter string MaxTTL string AuthMethodPath string AllowedSubdomain string SkipPKIMount bool }
func (*PKIAndAuthRoleConfiguration) ConfigurePKIAndAuthRole ¶
func (config *PKIAndAuthRoleConfiguration) ConfigurePKIAndAuthRole(t *testing.T, vaultClient *vapi.Client)
type VaultCluster ¶
type VaultCluster struct {
// contains filtered or unexported fields
}
VaultCluster represents a vault installation.
func NewVaultCluster ¶
func NewVaultCluster(t *testing.T, ctx environment.TestContext, cfg *config.TestConfig, releaseName string, helmValues map[string]string) *VaultCluster
NewVaultCluster creates a VaultCluster which will be used to install Vault using Helm.
func (*VaultCluster) Address ¶
func (v *VaultCluster) Address() string
Address is the in-cluster API address of the Vault server.
func (*VaultCluster) ConfigureAuthMethod ¶
func (v *VaultCluster) ConfigureAuthMethod(t *testing.T, vaultClient *vapi.Client, authPath, k8sHost, saName, saNS string)
ConfigureAuthMethod configures the auth method in Vault from the provided service account name and namespace, kubernetes host and auth path. We need to take vaultClient here in case this Vault cluster does not have a server to run API commands against.
func (*VaultCluster) Create ¶
func (v *VaultCluster) Create(t *testing.T, ctx environment.TestContext, vaultNamespace string)
Create installs Vault via Helm and then calls bootstrap to initialize it.
func (*VaultCluster) Destroy ¶
func (v *VaultCluster) Destroy(t *testing.T)
Destroy issues a helm delete and deletes the PVC + any helm secrets related to the release that are leftover.
func (*VaultCluster) SetupVaultClient ¶
func (v *VaultCluster) SetupVaultClient(t testutil.TestingTB) *vapi.Client
SetupVaultClient sets up and returns a Vault Client.
func (*VaultCluster) VaultClient ¶
func (v *VaultCluster) VaultClient(*testing.T) *vapi.Client
VaultClient returns the vault client.