models

package

v0.16.0 Latest Latest Go to latest Published: Feb 2, 2024 License: MPL-2.0 Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hashicorp/vault-plugin-auth-cf

Links

Open Source Insights

Documentation ¶

Index ¶

type CFCertificate
- func NewCFCertificate(instanceID, orgID, spaceID, appID, ipAddress string) (*CFCertificate, error)
- func NewCFCertificateFromx509(certificate *x509.Certificate) (*CFCertificate, error)
type Configuration
type RoleEntry

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CFCertificate ¶

type CFCertificate struct {
	InstanceID, OrgID, SpaceID, AppID, IPAddress string
}

CFCertificate isn't intended to be instantiated directly; but rather through one of the New methods, which contain logic validating that the expected fields exist.

func NewCFCertificate ¶

func NewCFCertificate(instanceID, orgID, spaceID, appID, ipAddress string) (*CFCertificate, error)

NewCFCertificateFromx509 converts the given fields to a valid, well-formed CF certificate, erroring if this isn't possible.

func NewCFCertificateFromx509 ¶

func NewCFCertificateFromx509(certificate *x509.Certificate) (*CFCertificate, error)

NewCFCertificateFromx509 converts a x509 certificate to a valid, well-formed CF certificate, erroring if this isn't possible.

type Configuration ¶

type Configuration struct {
	// Version 0 had the following fields:
	//		PCFAPICertificates []string `json:"pcf_api_trusted_certificates"`
	//		PCFAPIAddr string `json:"pcf_api_addr"`
	//		PCFUsername string `json:"pcf_username"`
	//		PCFPassword string `json:"pcf_password"`
	// Version 1 is the present version and it adds support for the following fields:
	//		CFAPICertificates []string `json:"cf_api_trusted_certificates"`
	//		CFMutualTLSCertificate []string `json:"cf_api_mutual_tls_certificate"`
	//		CFMutualTLSKey *string `json:"cf_api_mutual_tls_key"`
	//		CFAPIAddr string `json:"cf_api_addr"`
	//		CFUsername string `json:"cf_username"`
	//		CFPassword string `json:"cf_password"`
	// Version 2 is in the future, and we intend to deprecate the fields noted in Version 0.
	Version int `json:"version"`

	// IdentityCACertificates are the CA certificates that should be used for verifying client certificates.
	IdentityCACertificates []string `json:"identity_ca_certificates"`

	// IdentityCACertificates that, if presented by the CF API, should be trusted.
	CFAPICertificates []string `json:"cf_api_trusted_certificates"`

	// CFMutualTLSCertificate is the certificate that is used to perform mTLS with the CF API.
	CFMutualTLSCertificate string `json:"cf_api_mutual_tls_certificate"`

	// CFMutualTLSKey is the key that is used to perform mTLS with the CF API.
	CFMutualTLSKey string `json:"cf_api_mutual_tls_key"`

	// CFAPIAddr is the address of CF's API, ex: "https://api.dev.cfdev.sh" or "http://127.0.0.1:33671"
	CFAPIAddr string `json:"cf_api_addr"`

	// The username for the CF API.
	CFUsername string `json:"cf_username"`

	// The password for the CF API.
	CFPassword string `json:"cf_password"`

	// The Client ID for the CF API auth.
	CFClientID string `json:"cf_client_id"`

	// The Client Secret for the CF API auth.
	CFClientSecret string `json:"cf_client_secret"`

	// The maximum seconds old a login request's signing time can be.
	// This is configurable because in some test environments we found as much as 2 hours of clock drift.
	LoginMaxSecNotBefore time.Duration `json:"login_max_seconds_not_before"`

	// The maximum seconds ahead a login request's signing time can be.
	// This is configurable because in some test environments we found as much as 2 hours of clock drift.
	LoginMaxSecNotAfter time.Duration `json:"login_max_seconds_not_after"`

	// Deprecated: use CFAPICertificates instead.
	PCFAPICertificates []string `json:"pcf_api_trusted_certificates"`

	// Deprecated: use CFAPIAddr instead.
	PCFAPIAddr string `json:"pcf_api_addr"`

	// Deprecated: use CFUsername instead.
	PCFUsername string `json:"pcf_username"`

	// Deprecated: use CFPassword instead.
	PCFPassword string `json:"pcf_password"`
}

Configuration is the config as it's reflected in Vault's storage system.

type RoleEntry ¶

type RoleEntry struct {
	tokenutil.TokenParams

	BoundAppIDs       []string `json:"bound_application_ids"`
	BoundSpaceIDs     []string `json:"bound_space_ids"`
	BoundOrgIDs       []string `json:"bound_organization_ids"`
	BoundInstanceIDs  []string `json:"bound_instance_ids"`
	DisableIPMatching bool     `json:"disable_ip_matching"`

	// Deprecated by TokenParams
	TTL        time.Duration                 `json:"ttl"`
	MaxTTL     time.Duration                 `json:"max_ttl"`
	Period     time.Duration                 `json:"period"`
	Policies   []string                      `json:"policies"`
	BoundCIDRs []*sockaddr.SockAddrMarshaler `json:"bound_cidrs"`
}

RoleEntry is a role as it's reflected in Vault's storage system.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL