Documentation ¶
Index ¶
- func New() (interface{}, error)
- type Client
- func (c *Client) ChangePassword(ctx context.Context, name, newPassword string) error
- func (c *Client) CreateRole(ctx context.Context, name string, role map[string]interface{}) error
- func (c *Client) CreateUser(ctx context.Context, name string, user *User) error
- func (c *Client) DeleteRole(ctx context.Context, name string) error
- func (c *Client) DeleteUser(ctx context.Context, name string) error
- func (c *Client) GetRole(ctx context.Context, name string) (map[string]interface{}, error)
- type ClientConfig
- type Elasticsearch
- func (es *Elasticsearch) Close() error
- func (es *Elasticsearch) DeleteUser(ctx context.Context, req dbplugin.DeleteUserRequest) (dbplugin.DeleteUserResponse, error)
- func (es *Elasticsearch) Initialize(ctx context.Context, req dbplugin.InitializeRequest) (dbplugin.InitializeResponse, error)
- func (es *Elasticsearch) NewUser(ctx context.Context, req dbplugin.NewUserRequest) (dbplugin.NewUserResponse, error)
- func (es *Elasticsearch) SecretValues() map[string]string
- func (es *Elasticsearch) Type() (string, error)
- func (es *Elasticsearch) UpdateUser(ctx context.Context, req dbplugin.UpdateUserRequest) (dbplugin.UpdateUserResponse, error)
- type TLSConfig
- type User
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
func NewClient ¶
func NewClient(config *ClientConfig) (*Client, error)
func (*Client) ChangePassword ¶
func (*Client) CreateRole ¶
func (*Client) CreateUser ¶
type ClientConfig ¶
type Elasticsearch ¶
type Elasticsearch struct {
// contains filtered or unexported fields
}
Elasticsearch implements dbplugin's Database interface.
func (*Elasticsearch) Close ¶
func (es *Elasticsearch) Close() error
Close for Elasticsearch is a NOOP, nothing to close
func (*Elasticsearch) DeleteUser ¶ added in v0.6.0
func (es *Elasticsearch) DeleteUser(ctx context.Context, req dbplugin.DeleteUserRequest) (dbplugin.DeleteUserResponse, error)
DeleteUser is used to delete users from elasticsearch
func (*Elasticsearch) Initialize ¶
func (es *Elasticsearch) Initialize(ctx context.Context, req dbplugin.InitializeRequest) (dbplugin.InitializeResponse, error)
Initialize is called on `$ vault write database/config/:db-name`, or when you do a creds call after Vault's been restarted.
func (*Elasticsearch) NewUser ¶ added in v0.6.0
func (es *Elasticsearch) NewUser(ctx context.Context, req dbplugin.NewUserRequest) (dbplugin.NewUserResponse, error)
NewUser is called on `$ vault read database/creds/:role-name` and it's the first time anything is touched from `$ vault write database/roles/:role-name`. This is likely to be the highest-throughput method for this plugin.
func (*Elasticsearch) SecretValues ¶
func (es *Elasticsearch) SecretValues() map[string]string
SecretValues is used by some error-sanitizing middleware in Vault that basically replaces the keys in the map with the values given so they're not leaked via error messages.
func (*Elasticsearch) Type ¶
func (es *Elasticsearch) Type() (string, error)
Type returns the TypeName for this backend
func (*Elasticsearch) UpdateUser ¶ added in v0.6.0
func (es *Elasticsearch) UpdateUser(ctx context.Context, req dbplugin.UpdateUserRequest) (dbplugin.UpdateUserResponse, error)
UpdateUser doesn't require any statements from the user because it's not configurable in any way. We simply generate a new password and hit a pre-defined Elasticsearch REST API to rotate them.
type TLSConfig ¶
type TLSConfig struct { // CACert is the path to a PEM-encoded CA cert file to use to verify theHTTPClient // Elasticsearch server SSL certificate. CACert string // CAPath is the path to a directory of PEM-encoded CA cert files to verify // the Elasticsearch server SSL certificate. CAPath string // ClientCert is the path to the certificate for Elasticsearch communication ClientCert string // ClientKey is the path to the private key for Elasticsearch communication ClientKey string // TLSServerName, if set, is used to set the SNI host when connecting via // TLS. TLSServerName string // Insecure enables or disables SSL verification Insecure bool }
TLSConfig contains the parameters needed to configure TLS on the HTTP client used to communicate with Elasticsearch.