vault: github.com/hashicorp/vault/vendor/github.com/hashicorp/vault-plugin-database-elasticsearch Index | Files

package elasticsearch

import "github.com/hashicorp/vault/vendor/github.com/hashicorp/vault-plugin-database-elasticsearch"

Index

Package Files

client.go elasticsearch.go

func New Uses

func New() (interface{}, error)

func Run Uses

func Run(apiTLSConfig *api.TLSConfig) error

type Client Uses

type Client struct {
    // contains filtered or unexported fields
}

func NewClient Uses

func NewClient(config *ClientConfig) (*Client, error)

func (*Client) ChangePassword Uses

func (c *Client) ChangePassword(ctx context.Context, name, newPassword string) error

func (*Client) CreateRole Uses

func (c *Client) CreateRole(ctx context.Context, name string, role map[string]interface{}) error

func (*Client) CreateUser Uses

func (c *Client) CreateUser(ctx context.Context, name string, user *User) error

func (*Client) DeleteRole Uses

func (c *Client) DeleteRole(ctx context.Context, name string) error

func (*Client) DeleteUser Uses

func (c *Client) DeleteUser(ctx context.Context, name string) error

func (*Client) GetRole Uses

func (c *Client) GetRole(ctx context.Context, name string) (map[string]interface{}, error)

GetRole returns nil, nil if role is unfound.

type ClientConfig Uses

type ClientConfig struct {
    Username, Password, BaseURL string

    // Leave this nil to flag that TLS is not desired
    TLSConfig *TLSConfig
}

type Elasticsearch Uses

type Elasticsearch struct {
    // contains filtered or unexported fields
}

Elasticsearch implements dbplugin's Database interface.

func NewElasticsearch Uses

func NewElasticsearch() *Elasticsearch

func (*Elasticsearch) Close Uses

func (es *Elasticsearch) Close() error

func (*Elasticsearch) CreateUser Uses

func (es *Elasticsearch) CreateUser(ctx context.Context, statements dbplugin.Statements, usernameConfig dbplugin.UsernameConfig, _ time.Time) (string, string, error)

CreateUser is called on `$ vault read database/creds/:role-name` and it's the first time anything is touched from `$ vault write database/roles/:role-name`. This is likely to be the highest-throughput method for this plugin.

func (*Elasticsearch) GenerateCredentials Uses

func (es *Elasticsearch) GenerateCredentials(ctx context.Context) (string, error)

GenerateCredentials returns a generated password

func (*Elasticsearch) Init Uses

func (es *Elasticsearch) Init(ctx context.Context, config map[string]interface{}, verifyConnection bool) (map[string]interface{}, error)

Init is called on `$ vault write database/config/:db-name`, or when you do a creds call after Vault's been restarted.

func (*Elasticsearch) Initialize Uses

func (es *Elasticsearch) Initialize(ctx context.Context, config map[string]interface{}, verifyConnection bool) error

DEPRECATED, included for backward-compatibility until removal

func (*Elasticsearch) RenewUser Uses

func (es *Elasticsearch) RenewUser(_ context.Context, _ dbplugin.Statements, _ string, _ time.Time) error

RenewUser gets called on `$ vault lease renew {{lease-id}}`. It automatically pushes out the amount of time until the database secrets engine calls RevokeUser, if appropriate.

func (*Elasticsearch) RevokeUser Uses

func (es *Elasticsearch) RevokeUser(ctx context.Context, statements dbplugin.Statements, username string) error

RevokeUser is called when a lease expires.

func (*Elasticsearch) RotateRootCredentials Uses

func (es *Elasticsearch) RotateRootCredentials(ctx context.Context, _ []string) (map[string]interface{}, error)

RotateRootCredentials doesn't require any statements from the user because it's not configurable in any way. We simply generate a new password and hit a pre-defined Elasticsearch REST API to rotate them.

func (*Elasticsearch) SecretValues Uses

func (es *Elasticsearch) SecretValues() map[string]interface{}

SecretValues is used by some error-sanitizing middleware in Vault that basically replaces the keys in the map with the values given so they're not leaked via error messages.

func (*Elasticsearch) SetCredentials Uses

func (es *Elasticsearch) SetCredentials(ctx context.Context, statements dbplugin.Statements, staticConfig dbplugin.StaticUserConfig) (username string, password string, err error)

SetCredentials is used to set the credentials for a database user to a specific username and password. This is not currently supported by the elastic search plugin, but is needed to conform to the dbplugin.Database interface

func (*Elasticsearch) Type Uses

func (es *Elasticsearch) Type() (string, error)

type TLSConfig Uses

type TLSConfig struct {
    // CACert is the path to a PEM-encoded CA cert file to use to verify theHTTPClient
    // Elasticsearch server SSL certificate.
    CACert string

    // CAPath is the path to a directory of PEM-encoded CA cert files to verify
    // the Elasticsearch server SSL certificate.
    CAPath string

    // ClientCert is the path to the certificate for Elasticsearch communication
    ClientCert string

    // ClientKey is the path to the private key for Elasticsearch communication
    ClientKey string

    // TLSServerName, if set, is used to set the SNI host when connecting via
    // TLS.
    TLSServerName string

    // Insecure enables or disables SSL verification
    Insecure bool
}

TLSConfig contains the parameters needed to configure TLS on the HTTP client used to communicate with Elasticsearch.

type User Uses

type User struct {
    Password string   `json:"password"` // Passwords must be at least 6 characters long.
    Roles    []string `json:"roles"`
}

Package elasticsearch imports 18 packages (graph). Updated 2019-09-15. Refresh now. Tools for package owners.