vault: github.com/hashicorp/vault/command/agent/agentint Index | Files

package agentint

import "github.com/hashicorp/vault/command/agent/agentint"

Index

Package Files

renewer.go

Variables

var (
    ErrRenewerMissingInput  = errors.New("missing input to renewer")
    ErrRenewerMissingSecret = errors.New("missing secret to renew")
    ErrRenewerNotRenewable  = errors.New("secret is not renewable")
    ErrRenewerNoSecretData  = errors.New("returned empty secret data")

    // DefaultRenewerRenewBuffer is the default size of the buffer for renew
    // messages on the channel.
    DefaultRenewerRenewBuffer = 5
)

type Renewer Uses

type Renewer struct {
    // contains filtered or unexported fields
}

Renewer is a process for renewing a secret.

renewer, err := client.NewRenewer(&RenewerInput{
	Secret: mySecret,
})
go renewer.Renew()
defer renewer.Stop()

for {
	select {
	case err := <-renewer.DoneCh():
		if err != nil {
			log.Fatal(err)
		}

		// Renewal is now over
	case renewal := <-renewer.RenewCh():
		log.Printf("Successfully renewed: %#v", renewal)
	}
}

The `DoneCh` will return if renewal fails or if the remaining lease duration after a renewal is less than or equal to the grace (in number of seconds). In both cases, the caller should attempt a re-read of the secret or reauthenticate to get a new token. Clients should check the return value of the channel to see if renewal was successful.

func NewRenewer Uses

func NewRenewer(c *api.Client, i *RenewerInput) (*Renewer, error)

NewRenewer creates a new Renewer from the given input.

func (*Renewer) DoneCh Uses

func (r *Renewer) DoneCh() <-chan error

DoneCh returns the channel where the Renewer will publish when renewal stops. If there is an error, this will be an error.

func (*Renewer) Renew Uses

func (r *Renewer) Renew()

Renew starts a background process for renewing this secret. When the secret has auth data, this attempts to renew the auth (token). When the secret has a lease, this attempts to renew the lease.

func (*Renewer) RenewCh Uses

func (r *Renewer) RenewCh() <-chan *renewOutput

RenewCh is a channel that receives a message when a successful renewal takes place and includes metadata about the renewal.

func (*Renewer) Stop Uses

func (r *Renewer) Stop()

Stop stops the Renewer.

type RenewerInput Uses

type RenewerInput struct {
    // Secret is the secret to renew
    Secret *api.Secret

    // DEPRECATED: this does not do anything.
    Grace time.Duration

    // Rand is the randomizer to use for underlying randomization. If not
    // provided, one will be generated and seeded automatically. If provided, it
    // is assumed to have already been seeded.
    Rand *rand.Rand

    // RenewBuffer is the size of the buffered channel where renew messages are
    // dispatched.
    RenewBuffer int

    // The new TTL, in seconds, that should be set on the lease. The TTL set
    // here may or may not be honored by the vault server, based on Vault
    // configuration or any associated max TTL values.
    Increment int
}

RenewerInput is used as input to the renew function.

Package agentint imports 5 packages (graph) and is imported by 2 packages. Updated 2019-09-13. Refresh now. Tools for package owners.