vault

package
v0.0.0-...-adfa13f Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 3, 2024 License: MPL-2.0 Imports: 25 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CASecretName 

func CASecretName(releaseName string) string

CASecretName returns the Kubernetes secret name of the CA for the Vault server.

func ConfigurePKI 

func ConfigurePKI(t *testing.T, vaultClient *vapi.Client, baseUrl, policyName, commonName string, skipPKIMount bool)

ConfigurePKI generates a CA in Vault at a given path with a given policyName.

func ConfigurePKICerts 

func ConfigurePKICerts(t *testing.T,
	vaultClient *vapi.Client, baseUrl, allowedSubdomain, roleName, ns, datacenter,
	maxTTL string) string

ConfigurePKICerts configures roles in Vault so that controller webhook TLS certificates can be issued by Vault.

func CreateConnectCARootAndIntermediatePKIPolicy 

func CreateConnectCARootAndIntermediatePKIPolicy(t *testing.T, vaultClient *vapi.Client, policyName, rootPath, intermediatePath string)

CreateConnectCARootAndIntermediatePKIPolicy creates the Vault Policy for the connect-ca in a given datacenter.

func GenerateGossipSecret 

func GenerateGossipSecret() (string, error)

GenerateGossipSecret generates a random 32 byte secret returned as a base64 encoded string.

Types

type KV2Secret 

type KV2Secret struct {
	Path       string
	Key        string
	PolicyName string
	Value      string
}

func (*KV2Secret) SaveSecretAndAddReadPolicy 

func (config *KV2Secret) SaveSecretAndAddReadPolicy(t *testing.T, vaultClient *vapi.Client)

SaveSecretAndAddReadPolicy will create a read policy for the PolicyName on the KV2Secret and then will save the secret in the KV2 store.

func (*KV2Secret) SaveSecretAndAddUpdatePolicy 

func (config *KV2Secret) SaveSecretAndAddUpdatePolicy(t *testing.T, vaultClient *vapi.Client)

SaveSecretAndAddUpdatePolicy will create an update policy for the PolicyName on the KV2Secret and then will save the secret in the KV2 store.

type KubernetesAuthRoleConfiguration 

type KubernetesAuthRoleConfiguration struct {
	ServiceAccountName  string
	KubernetesNamespace string
	PolicyNames         string
	AuthMethodPath      string
	RoleName            string
}

func (*KubernetesAuthRoleConfiguration) ConfigureK8SAuthRole 

func (config *KubernetesAuthRoleConfiguration) ConfigureK8SAuthRole(t *testing.T, vaultClient *vapi.Client)

ConfigureKubernetesAuthRole configures a role in Vault for the component for the Kubernetes auth method that will be used by the test Helm chart installation.

type PKIAndAuthRoleConfiguration 

type PKIAndAuthRoleConfiguration struct {
	ServiceAccountName  string
	BaseURL             string
	PolicyName          string
	RoleName            string
	CommonName          string
	CAPath              string
	CertPath            string
	KubernetesNamespace string
	DataCenter          string
	MaxTTL              string
	AuthMethodPath      string
	AllowedSubdomain    string
	SkipPKIMount        bool
}

func (*PKIAndAuthRoleConfiguration) ConfigurePKIAndAuthRole 

func (config *PKIAndAuthRoleConfiguration) ConfigurePKIAndAuthRole(t *testing.T, vaultClient *vapi.Client)

type VaultCluster 

type VaultCluster struct {
	// contains filtered or unexported fields
}

VaultCluster represents a vault installation.

func NewVaultCluster 

func NewVaultCluster(t *testing.T, ctx environment.TestContext, cfg *config.TestConfig, releaseName string, helmValues map[string]string) *VaultCluster

NewVaultCluster creates a VaultCluster which will be used to install Vault using Helm.

func (*VaultCluster) Address 

func (v *VaultCluster) Address() string

Address is the in-cluster API address of the Vault server.

func (*VaultCluster) ConfigureAuthMethod 

func (v *VaultCluster) ConfigureAuthMethod(t *testing.T, vaultClient *vapi.Client, authPath, k8sHost, saName, saNS string)

ConfigureAuthMethod configures the auth method in Vault from the provided service account name and namespace, kubernetes host and auth path. We need to take vaultClient here in case this Vault cluster does not have a server to run API commands against.

func (*VaultCluster) Create 

func (v *VaultCluster) Create(t *testing.T, ctx environment.TestContext, vaultNamespace string)

Create installs Vault via Helm and then calls bootstrap to initialize it.

func (*VaultCluster) Destroy 

func (v *VaultCluster) Destroy(t *testing.T)

Destroy issues a helm delete and deletes the PVC + any helm secrets related to the release that are leftover.

func (*VaultCluster) SetupVaultClient 

func (v *VaultCluster) SetupVaultClient(t testutil.TestingTB) *vapi.Client

SetupVaultClient sets up and returns a Vault Client.

func (*VaultCluster) VaultClient 

func (v *VaultCluster) VaultClient(*testing.T) *vapi.Client

VaultClient returns the vault client.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.