vault: Index | Files

package elasticsearch

import ""


Package Files

client.go elasticsearch.go

func New Uses

func New() (interface{}, error)

func Run Uses

func Run(apiTLSConfig *api.TLSConfig) error

type Client Uses

type Client struct {
    // contains filtered or unexported fields

func NewClient Uses

func NewClient(config *ClientConfig) (*Client, error)

func (*Client) ChangePassword Uses

func (c *Client) ChangePassword(ctx context.Context, name, newPassword string) error

func (*Client) CreateRole Uses

func (c *Client) CreateRole(ctx context.Context, name string, role map[string]interface{}) error

func (*Client) CreateUser Uses

func (c *Client) CreateUser(ctx context.Context, name string, user *User) error

func (*Client) DeleteRole Uses

func (c *Client) DeleteRole(ctx context.Context, name string) error

func (*Client) DeleteUser Uses

func (c *Client) DeleteUser(ctx context.Context, name string) error

func (*Client) GetRole Uses

func (c *Client) GetRole(ctx context.Context, name string) (map[string]interface{}, error)

GetRole returns nil, nil if role is unfound.

type ClientConfig Uses

type ClientConfig struct {
    Username, Password, BaseURL string

    // Leave this nil to flag that TLS is not desired
    TLSConfig *TLSConfig

type Elasticsearch Uses

type Elasticsearch struct {
    // contains filtered or unexported fields

Elasticsearch implements dbplugin's Database interface.

func NewElasticsearch Uses

func NewElasticsearch() *Elasticsearch

func (*Elasticsearch) Close Uses

func (es *Elasticsearch) Close() error

func (*Elasticsearch) CreateUser Uses

func (es *Elasticsearch) CreateUser(ctx context.Context, statements dbplugin.Statements, usernameConfig dbplugin.UsernameConfig, _ time.Time) (string, string, error)

CreateUser is called on `$ vault read database/creds/:role-name` and it's the first time anything is touched from `$ vault write database/roles/:role-name`. This is likely to be the highest-throughput method for this plugin.

func (*Elasticsearch) GenerateCredentials Uses

func (es *Elasticsearch) GenerateCredentials(ctx context.Context) (string, error)

GenerateCredentials returns a generated password

func (*Elasticsearch) Init Uses

func (es *Elasticsearch) Init(ctx context.Context, config map[string]interface{}, verifyConnection bool) (map[string]interface{}, error)

Init is called on `$ vault write database/config/:db-name`, or when you do a creds call after Vault's been restarted.

func (*Elasticsearch) Initialize Uses

func (es *Elasticsearch) Initialize(ctx context.Context, config map[string]interface{}, verifyConnection bool) error

DEPRECATED, included for backward-compatibility until removal

func (*Elasticsearch) RenewUser Uses

func (es *Elasticsearch) RenewUser(_ context.Context, _ dbplugin.Statements, _ string, _ time.Time) error

RenewUser gets called on `$ vault lease renew {{lease-id}}`. It automatically pushes out the amount of time until the database secrets engine calls RevokeUser, if appropriate.

func (*Elasticsearch) RevokeUser Uses

func (es *Elasticsearch) RevokeUser(ctx context.Context, statements dbplugin.Statements, username string) error

RevokeUser is called when a lease expires.

func (*Elasticsearch) RotateRootCredentials Uses

func (es *Elasticsearch) RotateRootCredentials(ctx context.Context, _ []string) (map[string]interface{}, error)

RotateRootCredentials doesn't require any statements from the user because it's not configurable in any way. We simply generate a new password and hit a pre-defined Elasticsearch REST API to rotate them.

func (*Elasticsearch) SecretValues Uses

func (es *Elasticsearch) SecretValues() map[string]interface{}

SecretValues is used by some error-sanitizing middleware in Vault that basically replaces the keys in the map with the values given so they're not leaked via error messages.

func (*Elasticsearch) SetCredentials Uses

func (es *Elasticsearch) SetCredentials(ctx context.Context, statements dbplugin.Statements, staticConfig dbplugin.StaticUserConfig) (username string, password string, err error)

SetCredentials is used to set the credentials for a database user to a specific username and password. This is not currently supported by the elastic search plugin, but is needed to conform to the dbplugin.Database interface

func (*Elasticsearch) Type Uses

func (es *Elasticsearch) Type() (string, error)

type TLSConfig Uses

type TLSConfig struct {
    // CACert is the path to a PEM-encoded CA cert file to use to verify theHTTPClient
    // Elasticsearch server SSL certificate.
    CACert string

    // CAPath is the path to a directory of PEM-encoded CA cert files to verify
    // the Elasticsearch server SSL certificate.
    CAPath string

    // ClientCert is the path to the certificate for Elasticsearch communication
    ClientCert string

    // ClientKey is the path to the private key for Elasticsearch communication
    ClientKey string

    // TLSServerName, if set, is used to set the SNI host when connecting via
    // TLS.
    TLSServerName string

    // Insecure enables or disables SSL verification
    Insecure bool

TLSConfig contains the parameters needed to configure TLS on the HTTP client used to communicate with Elasticsearch.

type User Uses

type User struct {
    Password string   `json:"password"` // Passwords must be at least 6 characters long.
    Roles    []string `json:"roles"`

Package elasticsearch imports 18 packages (graph). Updated 2020-05-06. Refresh now. Tools for package owners.