vault: Index | Files | Directories

package server

import ""


Package Files

config.go config_test_helpers.go config_util.go listener.go listener_tcp.go


var BuiltinListeners = map[string]ListenerFactory{
    "tcp": tcpListenerFactory,

BuiltinListeners is the list of built-in listener types.

func NewListener Uses

func NewListener(t string, config map[string]interface{}, logger io.Writer, ui cli.Ui) (net.Listener, map[string]string, reload.ReloadFunc, error)

NewListener creates a new listener of the given type with the given configuration. The type is looked up in the BuiltinListeners map.

func ParseStorage Uses

func ParseStorage(result *Config, list *ast.ObjectList, name string) error

type Config Uses

type Config struct {
    Listeners []*Listener `hcl:"-"`
    Storage   *Storage    `hcl:"-"`
    HAStorage *Storage    `hcl:"-"`

    ServiceRegistration *ServiceRegistration `hcl:"-"`

    Seals   []*Seal  `hcl:"-"`
    Entropy *Entropy `hcl:"-"`

    CacheSize                int         `hcl:"cache_size"`
    DisableCache             bool        `hcl:"-"`
    DisableCacheRaw          interface{} `hcl:"disable_cache"`
    DisableMlock             bool        `hcl:"-"`
    DisableMlockRaw          interface{} `hcl:"disable_mlock"`
    DisablePrintableCheck    bool        `hcl:"-"`
    DisablePrintableCheckRaw interface{} `hcl:"disable_printable_check"`

    EnableUI    bool        `hcl:"-"`
    EnableUIRaw interface{} `hcl:"ui"`

    Telemetry *Telemetry `hcl:"telemetry"`

    MaxLeaseTTL        time.Duration `hcl:"-"`
    MaxLeaseTTLRaw     interface{}   `hcl:"max_lease_ttl"`
    DefaultLeaseTTL    time.Duration `hcl:"-"`
    DefaultLeaseTTLRaw interface{}   `hcl:"default_lease_ttl"`

    DefaultMaxRequestDuration    time.Duration `hcl:"-"`
    DefaultMaxRequestDurationRaw interface{}   `hcl:"default_max_request_duration"`

    ClusterName         string `hcl:"cluster_name"`
    ClusterCipherSuites string `hcl:"cluster_cipher_suites"`

    PluginDirectory string `hcl:"plugin_directory"`

    LogLevel string `hcl:"log_level"`

    // LogFormat specifies the log format.  Valid values are "standard" and "json".  The values are case-insenstive.
    // If no log format is specified, then standard format will be used.
    LogFormat string `hcl:"log_format"`

    PidFile              string      `hcl:"pid_file"`
    EnableRawEndpoint    bool        `hcl:"-"`
    EnableRawEndpointRaw interface{} `hcl:"raw_storage_endpoint"`

    APIAddr              string      `hcl:"api_addr"`
    ClusterAddr          string      `hcl:"cluster_addr"`
    DisableClustering    bool        `hcl:"-"`
    DisableClusteringRaw interface{} `hcl:"disable_clustering"`

    DisablePerformanceStandby    bool        `hcl:"-"`
    DisablePerformanceStandbyRaw interface{} `hcl:"disable_performance_standby"`

    DisableSealWrap    bool        `hcl:"-"`
    DisableSealWrapRaw interface{} `hcl:"disable_sealwrap"`

    DisableIndexing    bool        `hcl:"-"`
    DisableIndexingRaw interface{} `hcl:"disable_indexing"`

Config is the configuration for the vault server.

func DevConfig Uses

func DevConfig(storageType string) *Config

DevConfig is a Config that is used for dev mode of Vault.

func LoadConfig Uses

func LoadConfig(path string) (*Config, error)

LoadConfig loads the configuration at the given path, regardless if its a file or directory.

func LoadConfigDir Uses

func LoadConfigDir(dir string) (*Config, error)

LoadConfigDir loads all the configurations in the given directory in alphabetical order.

func LoadConfigFile Uses

func LoadConfigFile(path string) (*Config, error)

LoadConfigFile loads the configuration from the given file.

func ParseConfig Uses

func ParseConfig(d string) (*Config, error)

func (*Config) Merge Uses

func (c *Config) Merge(c2 *Config) *Config

Merge merges two configurations.

func (*Config) Sanitized Uses

func (c *Config) Sanitized() map[string]interface{}

Sanitized returns a copy of the config with all values that are considered sensitive stripped. It also strips all `*Raw` values that are mainly used for parsing.

Specifically, the fields that this method strips are: - Storage.Config - HAStorage.Config - Seals.Config - Telemetry.CirconusAPIToken

type Entropy Uses

type Entropy struct {
    Mode EntropyMode

type EntropyMode Uses

type EntropyMode int

Entropy contains Entropy configuration for the server

const (
    Unknown EntropyMode = iota

type Listener Uses

type Listener struct {
    Type   string
    Config map[string]interface{}

Listener is the listener configuration for the server.

func (*Listener) GoString Uses

func (l *Listener) GoString() string

type ListenerFactory Uses

type ListenerFactory func(map[string]interface{}, io.Writer, cli.Ui) (net.Listener, map[string]string, reload.ReloadFunc, error)

ListenerFactory is the factory function to create a listener.

type Seal Uses

type Seal struct {
    Type     string
    Disabled bool
    Config   map[string]string

Seal contains Seal configuration for the server

func (*Seal) GoString Uses

func (h *Seal) GoString() string

type ServiceRegistration Uses

type ServiceRegistration struct {
    Type   string
    Config map[string]string

ServiceRegistration is the optional service discovery for the server.

func (*ServiceRegistration) GoString Uses

func (b *ServiceRegistration) GoString() string

type Storage Uses

type Storage struct {
    Type              string
    RedirectAddr      string
    ClusterAddr       string
    DisableClustering bool
    Config            map[string]string

Storage is the underlying storage configuration for the server.

func (*Storage) GoString Uses

func (b *Storage) GoString() string

type TCPKeepAliveListener Uses

type TCPKeepAliveListener struct {

TCPKeepAliveListener sets TCP keep-alive timeouts on accepted connections. It's used by ListenAndServe and ListenAndServeTLS so dead TCP connections (e.g. closing laptop mid-download) eventually go away.

This is copied directly from the Go source code.

func (TCPKeepAliveListener) Accept Uses

func (ln TCPKeepAliveListener) Accept() (c net.Conn, err error)

type Telemetry Uses

type Telemetry struct {
    StatsiteAddr string `hcl:"statsite_address"`
    StatsdAddr   string `hcl:"statsd_address"`

    DisableHostname     bool `hcl:"disable_hostname"`
    EnableHostnameLabel bool `hcl:"enable_hostname_label"`

    // CirconusAPIToken is a valid API Token used to create/manage check. If provided,
    // metric management is enabled.
    // Default: none
    CirconusAPIToken string `hcl:"circonus_api_token"`
    // CirconusAPIApp is an app name associated with API token.
    // Default: "consul"
    CirconusAPIApp string `hcl:"circonus_api_app"`
    // CirconusAPIURL is the base URL to use for contacting the Circonus API.
    // Default: ""
    CirconusAPIURL string `hcl:"circonus_api_url"`
    // CirconusSubmissionInterval is the interval at which metrics are submitted to Circonus.
    // Default: 10s
    CirconusSubmissionInterval string `hcl:"circonus_submission_interval"`
    // CirconusCheckSubmissionURL is the check.config.submission_url field from a
    // previously created HTTPTRAP check.
    // Default: none
    CirconusCheckSubmissionURL string `hcl:"circonus_submission_url"`
    // CirconusCheckID is the check id (not check bundle id) from a previously created
    // HTTPTRAP check. The numeric portion of the check._cid field.
    // Default: none
    CirconusCheckID string `hcl:"circonus_check_id"`
    // CirconusCheckForceMetricActivation will force enabling metrics, as they are encountered,
    // if the metric already exists and is NOT active. If check management is enabled, the default
    // behavior is to add new metrics as they are encountered. If the metric already exists in the
    // check, it will *NOT* be activated. This setting overrides that behavior.
    // Default: "false"
    CirconusCheckForceMetricActivation string `hcl:"circonus_check_force_metric_activation"`
    // CirconusCheckInstanceID serves to uniquely identify the metrics coming from this "instance".
    // It can be used to maintain metric continuity with transient or ephemeral instances as
    // they move around within an infrastructure.
    // Default: hostname:app
    CirconusCheckInstanceID string `hcl:"circonus_check_instance_id"`
    // CirconusCheckSearchTag is a special tag which, when coupled with the instance id, helps to
    // narrow down the search results when neither a Submission URL or Check ID is provided.
    // Default: service:app (e.g. service:consul)
    CirconusCheckSearchTag string `hcl:"circonus_check_search_tag"`
    // CirconusCheckTags is a comma separated list of tags to apply to the check. Note that
    // the value of CirconusCheckSearchTag will always be added to the check.
    // Default: none
    CirconusCheckTags string `hcl:"circonus_check_tags"`
    // CirconusCheckDisplayName is the name for the check which will be displayed in the Circonus UI.
    // Default: value of CirconusCheckInstanceID
    CirconusCheckDisplayName string `hcl:"circonus_check_display_name"`
    // CirconusBrokerID is an explicit broker to use when creating a new check. The numeric portion
    // of broker._cid. If metric management is enabled and neither a Submission URL nor Check ID
    // is provided, an attempt will be made to search for an existing check using Instance ID and
    // Search Tag. If one is not found, a new HTTPTRAP check will be created.
    // Default: use Select Tag if provided, otherwise, a random Enterprise Broker associated
    // with the specified API token or the default Circonus Broker.
    // Default: none
    CirconusBrokerID string `hcl:"circonus_broker_id"`
    // CirconusBrokerSelectTag is a special tag which will be used to select a broker when
    // a Broker ID is not provided. The best use of this is to as a hint for which broker
    // should be used based on *where* this particular instance is running.
    // (e.g. a specific geo location or datacenter, dc:sfo)
    // Default: none
    CirconusBrokerSelectTag string `hcl:"circonus_broker_select_tag"`

    // Dogstats:
    // DogStatsdAddr is the address of a dogstatsd instance. If provided,
    // metrics will be sent to that instance
    DogStatsDAddr string `hcl:"dogstatsd_addr"`

    // DogStatsdTags are the global tags that should be sent with each packet to dogstatsd
    // It is a list of strings, where each string looks like "my_tag_name:my_tag_value"
    DogStatsDTags []string `hcl:"dogstatsd_tags"`

    // Prometheus:
    // PrometheusRetentionTime is the retention time for prometheus metrics if greater than 0.
    // Default: 24h
    PrometheusRetentionTime    time.Duration `hcl:"-"`
    PrometheusRetentionTimeRaw interface{}   `hcl:"prometheus_retention_time"`

    // Stackdriver:
    // StackdriverProjectID is the project to publish stackdriver metrics to.
    StackdriverProjectID string `hcl:"stackdriver_project_id"`
    // StackdriverLocation is the GCP or AWS region of the monitored resource.
    StackdriverLocation string `hcl:"stackdriver_location"`
    // StackdriverNamespace is the namespace identifier, such as a cluster name.
    StackdriverNamespace string `hcl:"stackdriver_namespace"`

Telemetry is the telemetry configuration for the server

func (*Telemetry) GoString Uses

func (s *Telemetry) GoString() string



Package server imports 24 packages (graph) and is imported by 47 packages. Updated 2020-01-16. Refresh now. Tools for package owners.