Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CFCertificate ¶
type CFCertificate struct {
InstanceID, OrgID, SpaceID, AppID, IPAddress string
}
CFCertificate isn't intended to be instantiated directly; but rather through one of the New methods, which contain logic validating that the expected fields exist.
func NewCFCertificate ¶
func NewCFCertificate(instanceID, orgID, spaceID, appID, ipAddress string) (*CFCertificate, error)
NewCFCertificateFromx509 converts the given fields to a valid, well-formed CF certificate, erroring if this isn't possible.
func NewCFCertificateFromx509 ¶
func NewCFCertificateFromx509(certificate *x509.Certificate) (*CFCertificate, error)
NewCFCertificateFromx509 converts a x509 certificate to a valid, well-formed CF certificate, erroring if this isn't possible.
type Configuration ¶
type Configuration struct { // Version 0 had the following fields: // PCFAPICertificates []string `json:"pcf_api_trusted_certificates"` // PCFAPIAddr string `json:"pcf_api_addr"` // PCFUsername string `json:"pcf_username"` // PCFPassword string `json:"pcf_password"` // Version 1 is the present version and it adds support for the following fields: // CFAPICertificates []string `json:"cf_api_trusted_certificates"` // CFMutualTLSCertificate []string `json:"cf_api_mutual_tls_certificate"` // CFMutualTLSKey *string `json:"cf_api_mutual_tls_key"` // CFAPIAddr string `json:"cf_api_addr"` // CFUsername string `json:"cf_username"` // CFPassword string `json:"cf_password"` // Version 2 is in the future, and we intend to deprecate the fields noted in Version 0. Version int `json:"version"` // IdentityCACertificates are the CA certificates that should be used for verifying client certificates. IdentityCACertificates []string `json:"identity_ca_certificates"` // IdentityCACertificates that, if presented by the CF API, should be trusted. CFAPICertificates []string `json:"cf_api_trusted_certificates"` // CFMutualTLSCertificate is the certificate that is used to perform mTLS with the CF API. CFMutualTLSCertificate string `json:"cf_api_mutual_tls_certificate"` // CFMutualTLSKey is the key that is used to perform mTLS with the CF API. CFMutualTLSKey string `json:"cf_api_mutual_tls_key"` // CFAPIAddr is the address of CF's API, ex: "https://api.dev.cfdev.sh" or "http://127.0.0.1:33671" CFAPIAddr string `json:"cf_api_addr"` // The username for the CF API. CFUsername string `json:"cf_username"` // The password for the CF API. CFPassword string `json:"cf_password"` // The Client ID for the CF API auth. CFClientID string `json:"cf_client_id"` // The Client Secret for the CF API auth. CFClientSecret string `json:"cf_client_secret"` // The maximum seconds old a login request's signing time can be. // This is configurable because in some test environments we found as much as 2 hours of clock drift. LoginMaxSecNotBefore time.Duration `json:"login_max_seconds_not_before"` // The maximum seconds ahead a login request's signing time can be. // This is configurable because in some test environments we found as much as 2 hours of clock drift. LoginMaxSecNotAfter time.Duration `json:"login_max_seconds_not_after"` // Deprecated: use CFAPICertificates instead. PCFAPICertificates []string `json:"pcf_api_trusted_certificates"` // Deprecated: use CFAPIAddr instead. PCFAPIAddr string `json:"pcf_api_addr"` // Deprecated: use CFUsername instead. PCFUsername string `json:"pcf_username"` // Deprecated: use CFPassword instead. PCFPassword string `json:"pcf_password"` }
Configuration is the config as it's reflected in Vault's storage system.
type RoleEntry ¶
type RoleEntry struct { tokenutil.TokenParams BoundAppIDs []string `json:"bound_application_ids"` BoundSpaceIDs []string `json:"bound_space_ids"` BoundOrgIDs []string `json:"bound_organization_ids"` BoundInstanceIDs []string `json:"bound_instance_ids"` DisableIPMatching bool `json:"disable_ip_matching"` // Deprecated by TokenParams TTL time.Duration `json:"ttl"` MaxTTL time.Duration `json:"max_ttl"` Period time.Duration `json:"period"` Policies []string `json:"policies"` BoundCIDRs []*sockaddr.SockAddrMarshaler `json:"bound_cidrs"` }
RoleEntry is a role as it's reflected in Vault's storage system.
Click to show internal directories.
Click to hide internal directories.