vault: github.com/hashicorp/vault/internalshared/configutil Index | Files

package configutil

import "github.com/hashicorp/vault/internalshared/configutil"

Index

Package Files

config.go config_util.go encrypt_decrypt.go kms.go listener.go merge.go telemetry.go

Constants

const (
    PrometheusDefaultRetentionTime = 24 * time.Hour
    UsageGaugeDefaultPeriod        = 10 * time.Minute
    MaximumGaugeCardinalityDefault = 500
)

Variables

var (
    ConfigureWrapper             = configureWrapper
    CreateSecureRandomReaderFunc = createSecureRandomReader
)
var GetAWSKMSFunc = func(opts *wrapping.WrapperOptions, kms *KMS) (wrapping.Wrapper, map[string]string, error) {
    wrapper := awskms.NewWrapper(opts)
    wrapperInfo, err := wrapper.SetConfig(kms.Config)
    if err != nil {

        if !errwrap.ContainsType(err, new(logical.KeyNotFoundError)) {
            return nil, nil, err
        }
    }
    info := make(map[string]string)
    if wrapperInfo != nil {
        info["AWS KMS Region"] = wrapperInfo["region"]
        info["AWS KMS KeyID"] = wrapperInfo["kms_key_id"]
        if endpoint, ok := wrapperInfo["endpoint"]; ok {
            info["AWS KMS Endpoint"] = endpoint
        }
    }
    return wrapper, info, nil
}
var GetTransitKMSFunc = func(opts *wrapping.WrapperOptions, kms *KMS) (wrapping.Wrapper, map[string]string, error) {
    wrapper := transit.NewWrapper(opts)
    wrapperInfo, err := wrapper.SetConfig(kms.Config)
    if err != nil {

        if !errwrap.ContainsType(err, new(logical.KeyNotFoundError)) {
            return nil, nil, err
        }
    }
    info := make(map[string]string)
    if wrapperInfo != nil {
        info["Transit Address"] = wrapperInfo["address"]
        info["Transit Mount Path"] = wrapperInfo["mount_path"]
        info["Transit Key Name"] = wrapperInfo["key_name"]
        if namespace, ok := wrapperInfo["namespace"]; ok {
            info["Transit Namespace"] = namespace
        }
    }
    return wrapper, info, nil
}

func EncryptDecrypt Uses

func EncryptDecrypt(rawStr string, decrypt, strip bool, wrapper wrapping.Wrapper) (string, error)

func GetAEADKMSFunc Uses

func GetAEADKMSFunc(opts *wrapping.WrapperOptions, kms *KMS) (wrapping.Wrapper, map[string]string, error)

func GetAliCloudKMSFunc Uses

func GetAliCloudKMSFunc(opts *wrapping.WrapperOptions, kms *KMS) (wrapping.Wrapper, map[string]string, error)

func GetAzureKeyVaultKMSFunc Uses

func GetAzureKeyVaultKMSFunc(opts *wrapping.WrapperOptions, kms *KMS) (wrapping.Wrapper, map[string]string, error)

func GetGCPCKMSKMSFunc Uses

func GetGCPCKMSKMSFunc(opts *wrapping.WrapperOptions, kms *KMS) (wrapping.Wrapper, map[string]string, error)

func GetOCIKMSKMSFunc Uses

func GetOCIKMSKMSFunc(opts *wrapping.WrapperOptions, kms *KMS) (wrapping.Wrapper, map[string]string, error)

func ParseEntropy Uses

func ParseEntropy(result *SharedConfig, list *ast.ObjectList, blockName string) error

func ParseListeners Uses

func ParseListeners(result *SharedConfig, list *ast.ObjectList) error

func SetupTelemetry Uses

func SetupTelemetry(opts *SetupTelemetryOpts) (*metrics.InmemSink, *metricsutil.ClusterMetricSink, bool, error)

SetupTelemetry is used to setup the telemetry sub-systems and returns the in-memory sink to be used in http configuration

type EntSharedConfig Uses

type EntSharedConfig struct {
}

func (*EntSharedConfig) ParseConfig Uses

func (ec *EntSharedConfig) ParseConfig(list *ast.ObjectList) error

type Entropy Uses

type Entropy struct {
    Mode EntropyMode
}

type EntropyMode Uses

type EntropyMode int

Entropy contains Entropy configuration for the server

const (
    EntropyUnknown EntropyMode = iota
    EntropyAugmentation
)

type KMS Uses

type KMS struct {
    Type string
    // Purpose can be used to allow a string-based specification of what this
    // KMS is designated for, in situations where we want to allow more than
    // one KMS to be specified
    Purpose []string `hcl:"-"`

    Disabled bool
    Config   map[string]string
}

KMS contains KMS configuration for the server

func LoadConfigKMSes Uses

func LoadConfigKMSes(path string) ([]*KMS, error)

func ParseKMSes Uses

func ParseKMSes(d string) ([]*KMS, error)

func (*KMS) GoString Uses

func (k *KMS) GoString() string

type Listener Uses

type Listener struct {
    RawConfig map[string]interface{}

    Type       string
    Purpose    []string    `hcl:"-"`
    PurposeRaw interface{} `hcl:"purpose"`

    Address                 string        `hcl:"address"`
    ClusterAddress          string        `hcl:"cluster_address"`
    MaxRequestSize          int64         `hcl:"-"`
    MaxRequestSizeRaw       interface{}   `hcl:"max_request_size"`
    MaxRequestDuration      time.Duration `hcl:"-"`
    MaxRequestDurationRaw   interface{}   `hcl:"max_request_duration"`
    RequireRequestHeader    bool          `hcl:"-"`
    RequireRequestHeaderRaw interface{}   `hcl:"require_request_header"`

    TLSDisable                       bool        `hcl:"-"`
    TLSDisableRaw                    interface{} `hcl:"tls_disable"`
    TLSCertFile                      string      `hcl:"tls_cert_file"`
    TLSKeyFile                       string      `hcl:"tls_key_file"`
    TLSMinVersion                    string      `hcl:"tls_min_version"`
    TLSCipherSuites                  []uint16    `hcl:"-"`
    TLSCipherSuitesRaw               string      `hcl:"tls_cipher_suites"`
    TLSPreferServerCipherSuites      bool        `hcl:"-"`
    TLSPreferServerCipherSuitesRaw   interface{} `hcl:"tls_prefer_server_cipher_suites"`
    TLSRequireAndVerifyClientCert    bool        `hcl:"-"`
    TLSRequireAndVerifyClientCertRaw interface{} `hcl:"tls_require_and_verify_client_cert"`
    TLSClientCAFile                  string      `hcl:"tls_client_ca_file"`
    TLSDisableClientCerts            bool        `hcl:"-"`
    TLSDisableClientCertsRaw         interface{} `hcl:"tls_disable_client_certs"`

    HTTPReadTimeout          time.Duration `hcl:"-"`
    HTTPReadTimeoutRaw       interface{}   `hcl:"http_read_timeout"`
    HTTPReadHeaderTimeout    time.Duration `hcl:"-"`
    HTTPReadHeaderTimeoutRaw interface{}   `hcl:"http_read_header_timeout"`
    HTTPWriteTimeout         time.Duration `hcl:"-"`
    HTTPWriteTimeoutRaw      interface{}   `hcl:"http_write_timeout"`
    HTTPIdleTimeout          time.Duration `hcl:"-"`
    HTTPIdleTimeoutRaw       interface{}   `hcl:"http_idle_timeout"`

    ProxyProtocolBehavior           string                        `hcl:"proxy_protocol_behavior"`
    ProxyProtocolAuthorizedAddrs    []*sockaddr.SockAddrMarshaler `hcl:"-"`
    ProxyProtocolAuthorizedAddrsRaw interface{}                   `hcl:"proxy_protocol_authorized_addrs"`

    XForwardedForAuthorizedAddrs        []*sockaddr.SockAddrMarshaler `hcl:"-"`
    XForwardedForAuthorizedAddrsRaw     interface{}                   `hcl:"x_forwarded_for_authorized_addrs"`
    XForwardedForHopSkips               int64                         `hcl:"-"`
    XForwardedForHopSkipsRaw            interface{}                   `hcl:"x_forwarded_for_hop_skips"`
    XForwardedForRejectNotPresent       bool                          `hcl:"-"`
    XForwardedForRejectNotPresentRaw    interface{}                   `hcl:"x_forwarded_for_reject_not_present"`
    XForwardedForRejectNotAuthorized    bool                          `hcl:"-"`
    XForwardedForRejectNotAuthorizedRaw interface{}                   `hcl:"x_forwarded_for_reject_not_authorized"`

    SocketMode  string `hcl:"socket_mode"`
    SocketUser  string `hcl:"socket_user"`
    SocketGroup string `hcl:"socket_group"`

    Telemetry ListenerTelemetry `hcl:"telemetry"`

    // RandomPort is used only for some testing purposes
    RandomPort bool `hcl:"-"`

    CorsEnabledRaw        interface{} `hcl:"cors_enabled"`
    CorsEnabled           bool        `hcl:"-"`
    CorsAllowedOrigins    []string    `hcl:"cors_allowed_origins"`
    CorsAllowedHeaders    []string    `hcl:"-"`
    CorsAllowedHeadersRaw []string    `hcl:"cors_allowed_headers"`
}

Listener is the listener configuration for the server.

func (*Listener) GoString Uses

func (l *Listener) GoString() string

type ListenerTelemetry Uses

type ListenerTelemetry struct {
    UnauthenticatedMetricsAccess    bool        `hcl:"-"`
    UnauthenticatedMetricsAccessRaw interface{} `hcl:"unauthenticated_metrics_access"`
}

type SetupTelemetryOpts Uses

type SetupTelemetryOpts struct {
    Config      *Telemetry
    Ui          cli.Ui
    ServiceName string
    DisplayName string
    UserAgent   string
    ClusterName string
}

type SharedConfig Uses

type SharedConfig struct {
    EntSharedConfig

    Listeners []*Listener `hcl:"-"`

    Seals   []*KMS   `hcl:"-"`
    Entropy *Entropy `hcl:"-"`

    DisableMlock    bool        `hcl:"-"`
    DisableMlockRaw interface{} `hcl:"disable_mlock"`

    Telemetry *Telemetry `hcl:"telemetry"`

    DefaultMaxRequestDuration    time.Duration `hcl:"-"`
    DefaultMaxRequestDurationRaw interface{}   `hcl:"default_max_request_duration"`

    // LogFormat specifies the log format. Valid values are "standard" and
    // "json". The values are case-insenstive. If no log format is specified,
    // then standard format will be used.
    LogFormat string `hcl:"log_format"`
    LogLevel  string `hcl:"log_level"`

    PidFile string `hcl:"pid_file"`

    ClusterName string `hcl:"cluster_name"`
}

SharedConfig contains some shared values

func LoadConfigFile Uses

func LoadConfigFile(path string) (*SharedConfig, error)

LoadConfigFile loads the configuration from the given file.

func ParseConfig Uses

func ParseConfig(d string) (*SharedConfig, error)

func (*SharedConfig) Merge Uses

func (c *SharedConfig) Merge(c2 *SharedConfig) *SharedConfig

func (*SharedConfig) Sanitized Uses

func (c *SharedConfig) Sanitized() map[string]interface{}

Sanitized returns a copy of the config with all values that are considered sensitive stripped. It also strips all `*Raw` values that are mainly used for parsing.

Specifically, the fields that this method strips are: - KMS.Config - Telemetry.CirconusAPIToken

type Telemetry Uses

type Telemetry struct {
    StatsiteAddr string `hcl:"statsite_address"`
    StatsdAddr   string `hcl:"statsd_address"`

    DisableHostname     bool   `hcl:"disable_hostname"`
    EnableHostnameLabel bool   `hcl:"enable_hostname_label"`
    MetricsPrefix       string `hcl:"metrics_prefix"`
    UsageGaugePeriod    time.Duration
    UsageGaugePeriodRaw interface{} `hcl:"usage_gauge_period"`

    MaximumGaugeCardinality int `hcl:"maximum_gauge_cardinality"`

    // CirconusAPIToken is a valid API Token used to create/manage check. If provided,
    // metric management is enabled.
    // Default: none
    CirconusAPIToken string `hcl:"circonus_api_token"`
    // CirconusAPIApp is an app name associated with API token.
    // Default: "consul"
    CirconusAPIApp string `hcl:"circonus_api_app"`
    // CirconusAPIURL is the base URL to use for contacting the Circonus API.
    // Default: "https://api.circonus.com/v2"
    CirconusAPIURL string `hcl:"circonus_api_url"`
    // CirconusSubmissionInterval is the interval at which metrics are submitted to Circonus.
    // Default: 10s
    CirconusSubmissionInterval string `hcl:"circonus_submission_interval"`
    // CirconusCheckSubmissionURL is the check.config.submission_url field from a
    // previously created HTTPTRAP check.
    // Default: none
    CirconusCheckSubmissionURL string `hcl:"circonus_submission_url"`
    // CirconusCheckID is the check id (not check bundle id) from a previously created
    // HTTPTRAP check. The numeric portion of the check._cid field.
    // Default: none
    CirconusCheckID string `hcl:"circonus_check_id"`
    // CirconusCheckForceMetricActivation will force enabling metrics, as they are encountered,
    // if the metric already exists and is NOT active. If check management is enabled, the default
    // behavior is to add new metrics as they are encountered. If the metric already exists in the
    // check, it will *NOT* be activated. This setting overrides that behavior.
    // Default: "false"
    CirconusCheckForceMetricActivation string `hcl:"circonus_check_force_metric_activation"`
    // CirconusCheckInstanceID serves to uniquely identify the metrics coming from this "instance".
    // It can be used to maintain metric continuity with transient or ephemeral instances as
    // they move around within an infrastructure.
    // Default: hostname:app
    CirconusCheckInstanceID string `hcl:"circonus_check_instance_id"`
    // CirconusCheckSearchTag is a special tag which, when coupled with the instance id, helps to
    // narrow down the search results when neither a Submission URL or Check ID is provided.
    // Default: service:app (e.g. service:consul)
    CirconusCheckSearchTag string `hcl:"circonus_check_search_tag"`
    // CirconusCheckTags is a comma separated list of tags to apply to the check. Note that
    // the value of CirconusCheckSearchTag will always be added to the check.
    // Default: none
    CirconusCheckTags string `hcl:"circonus_check_tags"`
    // CirconusCheckDisplayName is the name for the check which will be displayed in the Circonus UI.
    // Default: value of CirconusCheckInstanceID
    CirconusCheckDisplayName string `hcl:"circonus_check_display_name"`
    // CirconusBrokerID is an explicit broker to use when creating a new check. The numeric portion
    // of broker._cid. If metric management is enabled and neither a Submission URL nor Check ID
    // is provided, an attempt will be made to search for an existing check using Instance ID and
    // Search Tag. If one is not found, a new HTTPTRAP check will be created.
    // Default: use Select Tag if provided, otherwise, a random Enterprise Broker associated
    // with the specified API token or the default Circonus Broker.
    // Default: none
    CirconusBrokerID string `hcl:"circonus_broker_id"`
    // CirconusBrokerSelectTag is a special tag which will be used to select a broker when
    // a Broker ID is not provided. The best use of this is to as a hint for which broker
    // should be used based on *where* this particular instance is running.
    // (e.g. a specific geo location or datacenter, dc:sfo)
    // Default: none
    CirconusBrokerSelectTag string `hcl:"circonus_broker_select_tag"`

    // Dogstats:
    // DogStatsdAddr is the address of a dogstatsd instance. If provided,
    // metrics will be sent to that instance
    DogStatsDAddr string `hcl:"dogstatsd_addr"`

    // DogStatsdTags are the global tags that should be sent with each packet to dogstatsd
    // It is a list of strings, where each string looks like "my_tag_name:my_tag_value"
    DogStatsDTags []string `hcl:"dogstatsd_tags"`

    // Prometheus:
    // PrometheusRetentionTime is the retention time for prometheus metrics if greater than 0.
    // Default: 24h
    PrometheusRetentionTime    time.Duration `hcl:"-"`
    PrometheusRetentionTimeRaw interface{}   `hcl:"prometheus_retention_time"`

    // Stackdriver:
    // StackdriverProjectID is the project to publish stackdriver metrics to.
    StackdriverProjectID string `hcl:"stackdriver_project_id"`
    // StackdriverLocation is the GCP or AWS region of the monitored resource.
    StackdriverLocation string `hcl:"stackdriver_location"`
    // StackdriverNamespace is the namespace identifier, such as a cluster name.
    StackdriverNamespace string `hcl:"stackdriver_namespace"`
    // StackdriverDebugLogs will write additional stackdriver related debug logs to stderr.
    StackdriverDebugLogs bool `hcl:"stackdriver_debug_logs"`
}

Telemetry is the telemetry configuration for the server

func (*Telemetry) GoString Uses

func (t *Telemetry) GoString() string

Package configutil imports 41 packages (graph) and is imported by 7 packages. Updated 2020-07-09. Refresh now. Tools for package owners.